core.git: comphelper/source download.lst external/nss include/comphelper vcl/source

Tue, 18 Mar 2025 11:06:58 -0700 

 comphelper/source/misc/hash.cxx   |   16 +++++++++++++++-
 download.lst                      |    4 ++--
 external/nss/nss-android.patch.1  |   14 ++++++--------
 external/nss/nss-ios.patch        |   15 +++++++--------
 include/comphelper/hash.hxx       |    2 ++
 vcl/source/gdi/pdfwriter_impl.cxx |    5 +++++
 6 files changed, 37 insertions(+), 19 deletions(-)

New commits:
commit c8bfafbbf802a690d94807b6292852bb754818e0
Author:     Xisco Fauli <xiscofa...@libreoffice.org>
AuthorDate: Tue Mar 18 12:49:20 2025 +0100
Commit:     Xisco Fauli <xiscofa...@libreoffice.org>
CommitDate: Tue Mar 18 19:06:16 2025 +0100

    nss: upgrade to 3.103
    
    Add initialize() method to hash class: in PDFWriterImpl::emitTrailer
    we need to re-initialize the hash after calling finalize(),
    otherwise update() inside writeBuffer will fail with
    Assertion failure: rv == SECSuccess, at sechash.c:140
    See 
https://lists.freedesktop.org/archives/libreoffice/2025-March/093075.html
    
    Downloaded from 
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_103_RTM/src/nss-3.103-with-nspr-4.35.tar.gz
    
    Change-Id: Iebf144be7bce9f45900b427adedc7465e4b2e4e3
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/183075
    Tested-by: Jenkins
    Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>

diff --git a/comphelper/source/misc/hash.cxx b/comphelper/source/misc/hash.cxx
index 96e125cac23d..164a15b01cdf 100644
--- a/comphelper/source/misc/hash.cxx
+++ b/comphelper/source/misc/hash.cxx
@@ -105,9 +105,18 @@ struct HashImpl
             }
         }
         mpContext = HASH_Create(getNSSType());
-        HASH_Begin(mpContext);
 #elif USE_TLS_OPENSSL
         mpContext = EVP_MD_CTX_create();
+#endif
+
+        initialize();
+    }
+
+    void initialize()
+    {
+#if USE_TLS_NSS
+        HASH_Begin(mpContext);
+#elif USE_TLS_OPENSSL
         EVP_DigestInit_ex(mpContext, getOpenSSLType(), nullptr);
 #endif
     }
@@ -143,6 +152,11 @@ void Hash::update(const unsigned char* pInput, size_t 
length)
 #endif
 }
 
+void Hash::initialize()
+{
+    mpImpl->initialize();
+}
+
 std::vector<unsigned char> Hash::finalize()
 {
     std::vector<unsigned char> hash(getLength(), 0);
diff --git a/download.lst b/download.lst
index f995abf29260..a38b13b91201 100644
--- a/download.lst
+++ b/download.lst
@@ -512,8 +512,8 @@ MYTHES_TARBALL := mythes-1.2.5.tar.xz
 # three static lines
 # so that git cherry-pick
 # will not run into conflicts
-NSS_SHA256SUM := 
ddfdec73fb4b0eedce5fc4de09de9ba14d2ddbfbf67e42372903e1510f2d3d65
-NSS_TARBALL := nss-3.102.1-with-nspr-4.35.tar.gz
+NSS_SHA256SUM := 
1636c8c85794e779855183997805b6edfe2dfb43cdf5b6cf1934bf16b1b32520
+NSS_TARBALL := nss-3.103-with-nspr-4.35.tar.gz
 # three static lines
 # so that git cherry-pick
 # will not run into conflicts
diff --git a/external/nss/nss-android.patch.1 b/external/nss/nss-android.patch.1
index 707fcf99afe0..aeb690666450 100644
--- a/external/nss/nss-android.patch.1
+++ b/external/nss/nss-android.patch.1
@@ -41,7 +41,7 @@ diff -ur nss.org/nspr/configure nss/nspr/configure
 diff -ur nss.org/nss/Makefile nss/nss/Makefile
 --- nss.org/nss/Makefile       2017-09-07 15:29:44.933245745 +0200
 +++ nss/nss/Makefile   2017-09-07 15:32:04.347181076 +0200
-@@ -65,7 +65,7 @@
+@@ -67,7 +67,7 @@
  
  ifeq ($(OS_TARGET),Android)
  NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) \
@@ -50,16 +50,14 @@ diff -ur nss.org/nss/Makefile nss/nss/Makefile
                         --with-android-version=$(OS_TARGET_RELEASE) \
                         --with-android-toolchain=$(ANDROID_TOOLCHAIN) \
                         --with-android-platform=$(ANDROID_SYSROOT)
---- nss/nss/Makefile.orig      2019-11-26 14:52:15.934561202 +0100
-+++ nss/nss/Makefile   2019-11-26 14:52:20.538559612 +0100
-@@ -140,7 +140,6 @@
- 
+@@ -143,7 +143,6 @@
+ ifndef NSS_DISABLE_NSPR_TESTS
  build_nspr: $(NSPR_CONFIG_STATUS)
        $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
 -      $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests
- 
- install_nspr: build_nspr
-       $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install
+ else
+ build_nspr: $(NSPR_CONFIG_STATUS)
+       $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
 --- nss/nss/lib/ckfw/builtins/manifest.mn.orig 2019-11-26 15:18:22.185985193 
+0100
 +++ nss/nss/lib/ckfw/builtins/manifest.mn      2019-11-26 15:18:29.281982387 
+0100
 @@ -5,7 +5,7 @@
diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch
index 58239f718978..6f6b149cead5 100644
--- a/external/nss/nss-ios.patch
+++ b/external/nss/nss-ios.patch
@@ -16,14 +16,14 @@
  endif
  
  #
-@@ -140,7 +138,6 @@
- 
+@@ -141,7 +143,6 @@
+ ifndef NSS_DISABLE_NSPR_TESTS
  build_nspr: $(NSPR_CONFIG_STATUS)
        $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
 -      $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests
- 
- install_nspr: build_nspr
-       $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install
+ else
+ build_nspr: $(NSPR_CONFIG_STATUS)
+       $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
 --- a/a/nss/lib/ckfw/builtins/manifest.mn
 +++ a/a/nss/lib/ckfw/builtins/manifest.mn
 @@ -5,7 +5,7 @@
@@ -75,7 +75,7 @@
  #if defined(_WIN32)
          if (nssUTF8_Length(mod->dllName, NULL)) {
              wchar_t *dllNameWide = _NSSUTIL_UTF8ToWide(mod->dllName);
-@@ -507,6 +510,11 @@
+@@ -507,6 +510,10 @@
              mod->moduleDBFunc = (void *)
                  PR_FindSymbol(library, "NSS_ReturnModuleSpecData");
          }
@@ -83,11 +83,10 @@
 +        if (strcmp(mod->dllName, "NSSCKBI") == 0)
 +            fentry = NSSCKBI_C_GetFunctionList;
 +#endif
-+
          if (mod->moduleDBFunc == NULL)
              mod->isModuleDB = PR_FALSE;
          if ((ientry == NULL) && (fentry == NULL)) {
-@@ -643,10 +651,12 @@
+@@ -643,10 +650,12 @@
      }
  fail:
      mod->functionList = NULL;
diff --git a/include/comphelper/hash.hxx b/include/comphelper/hash.hxx
index 9567904e6080..30bcb289ec97 100644
--- a/include/comphelper/hash.hxx
+++ b/include/comphelper/hash.hxx
@@ -66,6 +66,8 @@ public:
         update(rInput.data(), rInput.size());
     }
 
+    void initialize();
+
     std::vector<unsigned char> finalize();
 
     static std::vector<unsigned char> calculateHash(const unsigned char* 
pInput, size_t length, HashType eType);
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx 
b/vcl/source/gdi/pdfwriter_impl.cxx
index 77b682ac7a35..98383835d9cb 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -6179,6 +6179,11 @@ bool PDFWriterImpl::emitTrailer()
         aLine.append( "]
" );
     }
 
+    // After calling m_DocDigest.finalize(), we need to initialize the hash 
again,
+    // otherwise, m_DocDigest.update() inside writeBuffer will fail with
+    // Assertion failure: rv == SECSuccess, at sechash.c:140
+    m_DocDigest.initialize();
+
     aLine.append( ">>
"
                   "startxref
" );
     aLine.append( static_cast<sal_Int64>(nXRefOffset) );

Reply via email to