download.lst | 4 ++--
external/nss/asan.patch.1 | 4 ++--
external/nss/nss-ios.patch | 8 ++++----
external/nss/nss.patch | 6 +++---
4 files changed, 11 insertions(+), 11 deletions(-)
New commits:
commit 9b453e699ff53253ddc2562435dc2b91d883b1df
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Jun 1 12:14:44 2022 +0200
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Jun 1 15:38:14 2022 +0200
nss: upgrade to release 3.79
Fixes CVE-2022-1097 and moz#1767590 "memory safety violations"
Change-Id: I6895f066ad943402231b616dae0d7ed6f5678b5e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135234
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/download.lst b/download.lst
index 360feea701b1..c1a76e0cb0ad 100644
--- a/download.lst
+++ b/download.lst
@@ -185,8 +185,8 @@ export MWAW_VERSION_MICRO := 21
export MWAW_TARBALL := libmwaw-0.3.$(MWAW_VERSION_MICRO).tar.xz
export MYTHES_SHA256SUM :=
1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b0e0790a305f
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
-export NSS_SHA256SUM :=
27be1720f93270c7869b0013ed7f60ff5abd74f2612be0ad935a340599a4ec3c
-export NSS_TARBALL := nss-3.74-with-nspr-4.32.tar.gz
+export NSS_SHA256SUM :=
5369ed274a19f480ec94e1faef04da63e3cbac1a82e15bb1751e58b2f274b835
+export NSS_TARBALL := nss-3.79-with-nspr-4.34.tar.gz
export ODFGEN_SHA256SUM :=
55200027fd46623b9bdddd38d275e7452d1b0ff8aeddcad6f9ae6dc25f610625
export ODFGEN_VERSION_MICRO := 8
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.xz
diff --git a/external/nss/asan.patch.1 b/external/nss/asan.patch.1
index 7dfd6ed4e782..ce584a34a3b5 100644
--- a/external/nss/asan.patch.1
+++ b/external/nss/asan.patch.1
@@ -7,6 +7,6 @@ diff -ur nss.org/nss/coreconf/Linux.mk nss/nss/coreconf/Linux.mk
# against the libsanitizer runtime built into the main executable.
-ZDEFS_FLAG = -Wl,-z,defs
+ZDEFS_FLAG =
- DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld
-v)),,$(ZDEFS_FLAG)) $(if $(filter-out
$(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN')
- LDFLAGS += $(ARCHFLAG) -z noexecstack
+ DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD)
-v)),,$(ZDEFS_FLAG)) $(if $(filter-out
$(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN')
+ LDFLAGS += $(ARCHFLAG) -z noexecstack
diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch
index 4263ecbe5f3d..86f85a873810 100644
--- a/external/nss/nss-ios.patch
+++ b/external/nss/nss-ios.patch
@@ -68,13 +68,13 @@
secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule)
{
@@ -465,6 +465,7 @@
- /* load the library. If this succeeds, then we have to remember to
+ /* load the library. If this succeeds, then we have to remember to
* unload the library if anything goes wrong from here on out...
*/
+#ifndef NSS_STATIC_PKCS11 // With NSS_STATIC_PKCS11, the only module wodule
we load here is nssckbi
- library = PR_LoadLibrary(mod->dllName);
- mod->library = (void *)library;
-
+ #if defined(_WIN32)
+ if (nssUTF8_Length(mod->dllName, NULL)) {
+ wchar_t *dllNameWide = _NSSUTIL_UTF8ToWide(mod->dllName);
@@ -487,6 +487,11 @@
mod->moduleDBFunc = (void *)
PR_FindSymbol(library, "NSS_ReturnModuleSpecData");
diff --git a/external/nss/nss.patch b/external/nss/nss.patch
index d9aaee5199bb..66fbe37dc5ed 100644
--- a/external/nss/nss.patch
+++ b/external/nss/nss.patch
@@ -87,9 +87,9 @@
# Also, -z defs conflicts with Address Sanitizer, which emits relocations
# against the libsanitizer runtime built into the main executable.
ZDEFS_FLAG = -Wl,-z,defs
--DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld
-v)),,$(ZDEFS_FLAG))
-+DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld
-v)),,$(ZDEFS_FLAG)) $(if $(filter-out
$(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN')
- LDFLAGS += $(ARCHFLAG) -z noexecstack
+-DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD)
-v)),,$(ZDEFS_FLAG))
++DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD)
-v)),,$(ZDEFS_FLAG)) $(if $(filter-out
$(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN')
+ LDFLAGS += $(ARCHFLAG) -z noexecstack
# On Maemo, we need to use the -rpath-link flag for even the standard system
@@ -177,8 +177,13 @@
