[Libreoffice-commits] core.git: Branch 'libreoffice-5-3-3' - download.lst external/nss
Michael Stahl
mstahl at redhat.com
Tue May 2 16:56:24 UTC 2017
download.lst | 3 +-
external/nss/ExternalProject_nss.mk | 1
external/nss/UnpackedTarball_nss.mk | 1
external/nss/nss-ios.patch | 4 +-
external/nss/nss-more-static.patch | 34 ++++++++++++-------------
external/nss/nss.patch | 47 ++++++++++++++---------------------
external/nss/nss.utf8bom.patch.1 | 9 ------
external/nss/nss.windowbuild.patch.0 | 20 +++++++-------
external/nss/nss_macosx.patch | 19 +-------------
external/nss/ubsan-alignment.patch.0 | 40 -----------------------------
external/nss/ubsan.patch.0 | 11 --------
11 files changed, 53 insertions(+), 136 deletions(-)
New commits:
commit 67fe6ae146385d880c47c25a289e9a6b54333b1c
Author: Michael Stahl <mstahl at redhat.com>
Date: Thu Apr 20 22:19:45 2017 +0200
nss: upgrade to release 3.29.5
- fixes CVE-2017-5461 and CVE-2017-5462
- drop ubsan-alignment.patch.0, there is apparently now some
NO_SANITIZE_ALIGNMENT macro upstream to get this effect
- drop some hunks to prevent hard-coding CC/CCC vars, upstream now
respects environment vars (but doesn't quote them...)
- drop first hunk of ubsan.patch.0, fixed upstream
- drop hunk for gtest-internal.h, header looks much newer anyway
Change-Id: I5c484c02c1235e185af1ef5166b069303d3378e1
Reviewed-on: https://gerrit.libreoffice.org/36756
Reviewed-by: Michael Stahl <mstahl at redhat.com>
Tested-by: Michael Stahl <mstahl at redhat.com>
(cherry picked from commit 0cdf41419af854acccee0f819d4add7e8cafb7dc)
Reviewed-on: https://gerrit.libreoffice.org/36795
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit fd957eadfa1a042ceccc4083c275fcc43dfea458)
Reviewed-on: https://gerrit.libreoffice.org/37055
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice at googlemail.com>
Reviewed-by: Markus Mohrhard <markus.mohrhard at googlemail.com>
Tested-by: Markus Mohrhard <markus.mohrhard at googlemail.com>
diff --git a/download.lst b/download.lst
index f91a3384aa14..c8b95c4dc6cb 100644
--- a/download.lst
+++ b/download.lst
@@ -111,7 +111,8 @@ export MWAW_TARBALL := libmwaw-0.3.$(MWAW_VERSION_MICRO).tar.bz2
export MYSQLCPPCONN_TARBALL := 7239a4430efd4d0189c4f24df67f08e5-mysql-connector-c++-1.1.4.tar.gz
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
export NEON_TARBALL := 231adebe5c2f78fded3e3df6e958878e-neon-0.30.1.tar.gz
-export NSS_TARBALL := 0e3eee39402386cf16fd7aaa7399ebef-nss-3.27-with-nspr-4.13.tar.gz
+export NSS_MD5SUM := e55ee06b22687df68fafc6a30c0554b2
+export NSS_TARBALL := nss-3.29.5-with-nspr-4.13.1.tar.gz
export ODFGEN_MD5SUM := 32572ea48d9021bbd6fa317ddb697abc
export ODFGEN_VERSION_MICRO := 6
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2
diff --git a/external/nss/ExternalProject_nss.mk b/external/nss/ExternalProject_nss.mk
index 07cc472b9fb2..b7bdf4b26ac9 100644
--- a/external/nss/ExternalProject_nss.mk
+++ b/external/nss/ExternalProject_nss.mk
@@ -77,6 +77,7 @@ $(call gb_ExternalProject_get_state_target,nss,build): $(call gb_ExternalProject
$(MAKE) -j1 AR="$(AR)" \
RANLIB="$(RANLIB)" \
NMEDIT="$(NM)edit" \
+ CCC="$(CXX)" \
$(if $(CROSS_COMPILING),NSPR_CONFIGURE_OPTS="--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)") \
nss_build_all \
&& rm -f $(call gb_UnpackedTarball_get_dir,nss)/dist/out/lib/*.a \
diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk
index a0ac57173fd1..4a90853f543a 100644
--- a/external/nss/UnpackedTarball_nss.mk
+++ b/external/nss/UnpackedTarball_nss.mk
@@ -44,7 +44,6 @@ ifeq ($(COM_IS_CLANG),TRUE)
ifneq ($(filter -fsanitize=%,$(CC)),)
$(eval $(call gb_UnpackedTarball_add_patches,nss,\
external/nss/asan.patch.1 \
- external/nss/ubsan-alignment.patch.0 \
))
endif
endif
diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch
index d4107d77f954..9d4af2c724e9 100644
--- a/external/nss/nss-ios.patch
+++ b/external/nss/nss-ios.patch
@@ -52,8 +52,8 @@
--- a/a/nss/coreconf/Darwin.mk
+++ a/a/nss/coreconf/Darwin.mk
@@ -124,7 +124,7 @@
- # May override this with -bundle to create a loadable module.
- DSO_LDOPTS = -dynamiclib $(DARWIN_DYLIB_VERSIONS) -install_name @__________________________________________________OOO/$(notdir $@) -headerpad_max_install_names
+ DSO_LDOPTS += --coverage
+ endif
-MKSHLIB = $(CC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS)
+MKSHLIB = touch $@; echo
diff --git a/external/nss/nss-more-static.patch b/external/nss/nss-more-static.patch
index 6b06a4e4a226..26948f0be24c 100644
--- a/external/nss/nss-more-static.patch
+++ b/external/nss/nss-more-static.patch
@@ -9,30 +9,30 @@
/* determine if hybrid platform, then actually load the DSO. */
static PRStatus
@@ -136,9 +136,9 @@
- return PR_FAILURE;
- }
+ return PR_FAILURE;
+ }
-- handle = loader_LoadLibrary(name);
-- if (handle) {
-- PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector");
-+ handle = 0;
-+ {
-+ PRFuncPtr address = FREEBL_GetVector;
- PRStatus status;
- if (address) {
- FREEBLGetVectorFn * getVector = (FREEBLGetVectorFn *)address;
+- handle = loader_LoadLibrary(name);
+- if (handle) {
+- PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector");
++ handle = 0;
++ {
++ PRFuncPtr address = FREEBL_GetVector;
+ if (address) {
+ FREEBLGetVectorFn *getVector = (FREEBLGetVectorFn *)address;
+ const FREEBLVector *dsoVector = getVector();
@@ -887,6 +887,7 @@
void
BL_Unload(void)
{
+#if 0
- /* This function is not thread-safe, but doesn't need to be, because it is
- * only called from functions that are also defined as not thread-safe,
- * namely C_Finalize in softoken, and the SSL bypass shutdown callback called
+ /* This function is not thread-safe, but doesn't need to be, because it is
+ * only called from functions that are also defined as not thread-safe,
+ * namely C_Finalize in softoken, and the SSL bypass shutdown callback called
@@ -905,6 +905,7 @@
- blLib = NULL;
- }
- loadFreeBLOnce = pristineCallOnce;
+ }
+ blLib = NULL;
+ loadFreeBLOnce = pristineCallOnce;
+#endif
}
diff --git a/external/nss/nss.patch b/external/nss/nss.patch
index 771ebf59baed..b3b932343d83 100644
--- a/external/nss/nss.patch
+++ b/external/nss/nss.patch
@@ -54,24 +54,16 @@ diff -ru a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk
diff -ru nss.orig/nss/coreconf/arch.mk nss/nss/coreconf/arch.mk
--- a/nss.orig/nss/coreconf/arch.mk 2016-02-12 15:36:18.000000000 +0100
+++ b/nss/nss/coreconf/arch.mk 2016-02-23 20:48:31.595941079 +0100
-@@ -280,15 +280,21 @@
- # IMPL_STRATEGY may be defined too.
- #
-
--ifdef CROSS_COMPILE
--OBJDIR_NAME = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJ
--else
--OBJDIR_NAME = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(COMPILER_TAG)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJ
--endif
+@@ -280,11 +280,17 @@
+ OBJDIR_NAME_COMPILER = $(COMPILER_TAG)
+ endif
+ OBJDIR_NAME_BASE = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(OBJDIR_NAME_COMPILER)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG)
+-OBJDIR_NAME = $(OBJDIR_NAME_BASE).OBJ
+# OBJDIR_NAME is used to build the directory containing the built objects, for
+# example mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ
+# We need to deliver the contents of that folder into instdir. To make that
+# easier in the makefile we rename this directory to "out".
-+#ifdef CROSS_COMPILE
-+#OBJDIR_NAME = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJ
-+#else
-+#OBJDIR_NAME = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(COMPILER_TAG)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJ
-+#endif
++#OBJDIR_NAME = $(OBJDIR_NAME_BASE).OBJ
+OBJDIR_NAME = out
@@ -96,20 +88,6 @@ diff -ru a/nss/coreconf/FreeBSD.mk b/nss/coreconf/FreeBSD.mk
diff -ru a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk
--- a/a/nss/coreconf/Linux.mk 2014-09-29 16:46:38.189421588 +0100
+++ b/b/nss/coreconf/Linux.mk 2014-09-29 16:47:42.985012235 +0100
-@@ -16,8 +16,11 @@
- IMPL_STRATEGY = _PTH
- endif
-
--CC = gcc
--CCC = g++
-+# CC is taken from environment automatically.
-+#CC = gcc
-+# Use CCC from environment.
-+#CCC = g++
-+CCC = $(CXX)
- RANLIB = ranlib
-
- DEFAULT_COMPILER = gcc
@@ -157,7 +160,7 @@
# against the libsanitizer runtime built into the main executable.
ZDEFS_FLAG = -Wl,-z,defs
@@ -172,6 +150,19 @@ diff -ru a/nss/Makefile b/nss/Makefile
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
+@@ -91,10 +91,10 @@
+ NSPR_CONFIGURE_ENV = CC=gcc CXX=g++
+ endif
+ ifdef CC
+-NSPR_CONFIGURE_ENV = CC=$(CC)
++NSPR_CONFIGURE_ENV = CC="$(CC) "
+ endif
+ ifdef CCC
+-NSPR_CONFIGURE_ENV += CXX=$(CCC)
++NSPR_CONFIGURE_ENV += CXX="$(CCC) "
+ endif
+ # Remove -arch definitions. NSPR can't handle that.
+ NSPR_CONFIGURE_ENV := $(filter-out -arch x86_64,$(NSPR_CONFIGURE_ENV))
diff -ru nss.orig/nss/coreconf/Werror.mk nss/nss/coreconf/Werror.mk
--- a/nss.orig/nss/coreconf/Werror.mk 2016-02-12 15:36:18.000000000 +0100
+++ b/nss/nss/coreconf/Werror.mk 2016-02-23 23:58:15.119584046 +0100
diff --git a/external/nss/nss.utf8bom.patch.1 b/external/nss/nss.utf8bom.patch.1
index bc37f184ce64..e8c56abefcde 100644
--- a/external/nss/nss.utf8bom.patch.1
+++ b/external/nss/nss.utf8bom.patch.1
@@ -1,12 +1,3 @@
-diff -ur nss.org/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-internal.h nss/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-internal.h
---- nss.org/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-internal.h 2016-03-31 18:26:06.763009800 +0800
-+++ nss/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-internal.h 2016-03-31 19:17:11.724452000 +0800
-@@ -1,4 +1,4 @@
--// Copyright 2005, Google Inc.
-+// Copyright 2005, Google Inc.
- // All rights reserved.
- //
- // Redistribution and use in source and binary forms, with or without
diff -ur nss.org/nss/lib/ckfw/builtins/certdata.perl nss/nss/lib/ckfw/builtins/certdata.perl
--- nss.org/nss/lib/ckfw/builtins/certdata.perl 2016-03-31 18:26:07.890190900 +0800
+++ nss/nss/lib/ckfw/builtins/certdata.perl 2016-03-31 19:16:16.727269600 +0800
diff --git a/external/nss/nss.windowbuild.patch.0 b/external/nss/nss.windowbuild.patch.0
index 04b13a7bea27..c25ff4d6437b 100644
--- a/external/nss/nss.windowbuild.patch.0
+++ b/external/nss/nss.windowbuild.patch.0
@@ -1,5 +1,5 @@
---- ./nss/external_tests/ssl_gtest/tls_connect.cc
-+++ ./nss/external_tests/ssl_gtest/tls_connect.cc
+--- ./nss/gtests/ssl_gtest/tls_connect.cc
++++ ./nss/gtests/ssl_gtest/tls_connect.cc
@@ -375,6 +375,12 @@
}
}
@@ -13,8 +13,8 @@
void TlsConnectTestBase::EnableAlpn() {
client_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_));
server_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_));
---- ./nss/external_tests/ssl_gtest/tls_connect.h
-+++ ./nss/external_tests/ssl_gtest/tls_connect.h
+--- ./nss/gtests/ssl_gtest/tls_connect.h
++++ ./nss/gtests/ssl_gtest/tls_connect.h
@@ -113,12 +113,6 @@
SessionResumptionMode expected_resumption_mode_;
std::vector<std::vector<uint8_t>> session_ids_;
@@ -26,10 +26,10 @@
- const uint8_t alpn_dummy_val_[4] = {0x01, 0x62, 0x01, 0x61};
-
private:
- void CheckResumption(SessionResumptionMode expected);
- void CheckExtendedMasterSecret();
---- ./nss/external_tests/ssl_gtest/ssl_loopback_unittest.cc
-+++ ./nss/external_tests/ssl_gtest/ssl_loopback_unittest.cc
+ static inline Mode ToMode(const std::string& str) {
+ return str == "TLS" ? STREAM : DGRAM;
+--- ./nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
++++ ./nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
@@ -51,6 +51,12 @@
CheckAlpn("a");
}
@@ -43,8 +43,8 @@
TEST_P(TlsConnectGeneric, ConnectAlpnClone) {
EnsureModelSockets();
client_model_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_));
---- ./nss/external_tests/ssl_gtest/databuffer.h
-+++ ./nss/external_tests/ssl_gtest/databuffer.h
+--- ./nss/gtests/ssl_gtest/databuffer.h
++++ ./nss/gtests/ssl_gtest/databuffer.h
@@ -10,6 +10,7 @@
#include <algorithm>
#include <cassert>
diff --git a/external/nss/nss_macosx.patch b/external/nss/nss_macosx.patch
index dfbad1a36f32..3144fa687761 100644
--- a/external/nss/nss_macosx.patch
+++ b/external/nss/nss_macosx.patch
@@ -13,21 +13,6 @@ diff -ru a/nspr/configure b/nspr/configure
diff -ru a/nss/coreconf/Darwin.mk b/nss/coreconf/Darwin.mk
--- a/a/nss/coreconf/Darwin.mk 2014-09-29 16:50:22.992304799 +0100
+++ b/b/nss/coreconf/Darwin.mk 2014-09-29 16:51:59.214931953 +0100
-@@ -8,8 +8,12 @@
-
- DEFAULT_COMPILER = gcc
-
--CC = gcc
--CCC = g++
-+# CC is taken from environment automatically.
-+#CC = cc
-+# Use CCC from environment.
-+#CCC = c++
-+CCC = $(CXX)
-+
- RANLIB = ranlib
-
- ifndef CPU_ARCH
@@ -20,13 +24,17 @@
ifeq (,$(filter-out i%86,$(CPU_ARCH)))
@@ -71,8 +56,8 @@ diff -ru a/nss/coreconf/Darwin.mk b/nss/coreconf/Darwin.mk
-DSO_LDOPTS = -dynamiclib $(DARWIN_DYLIB_VERSIONS) -install_name @executable_path/$(notdir $@) -headerpad_max_install_names
+DSO_LDOPTS = -dynamiclib $(DARWIN_DYLIB_VERSIONS) -install_name @__________________________________________________OOO/$(notdir $@) -headerpad_max_install_names
- MKSHLIB = $(CC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS)
- DLL_SUFFIX = dylib
+ ifdef USE_GCOV
+ OS_CFLAGS += --coverage
diff -ru a/nss/Makefile b/nss/Makefile
--- a/a/nss/Makefile 2014-09-29 16:50:22.990304789 +0100
+++ b/b/nss/Makefile 2014-09-29 16:51:59.207931908 +0100
diff --git a/external/nss/ubsan-alignment.patch.0 b/external/nss/ubsan-alignment.patch.0
deleted file mode 100644
index 651939f7bc88..000000000000
--- a/external/nss/ubsan-alignment.patch.0
+++ /dev/null
@@ -1,40 +0,0 @@
---- nss/lib/freebl/md5.c
-+++ nss/lib/freebl/md5.c
-@@ -445,7 +445,7 @@
- /* Iterate over 64-byte chunks of the message. */
- while (inputLen >= MD5_BUFFER_SIZE) {
- #ifdef IS_LITTLE_ENDIAN
--#ifdef NSS_X86_OR_X64
-+#if 0
- /* x86 can handle arithmetic on non-word-aligned buffers */
- wBuf = (PRUint32 *)input;
- #else
---- nss/lib/freebl/sha_fast.c
-+++ nss/lib/freebl/sha_fast.c
-@@ -16,7 +16,7 @@
- #include "ssltrace.h"
- #endif
-
--static void shaCompress(volatile SHA_HW_t *X, const PRUint32 *datain);
-+static void shaCompress(volatile SHA_HW_t *X, const unsigned char *datain);
-
- #define W u.w
- #define B u.b
-@@ -241,7 +241,7 @@
- * code on AMD64.
- */
- static void
--shaCompress(volatile SHA_HW_t *X, const PRUint32 *inbuf)
-+shaCompress(volatile SHA_HW_t *X, const unsigned char *inbuf)
- {
- register SHA_HW_t A, B, C, D, E;
-
-@@ -277,7 +277,7 @@
- a = SHA_ROTL(b, 5) + SHA_F4(c, d, e) + a + XW(n) + K3; \
- c = SHA_ROTL(c, 30)
-
--#define LOAD(n) XW(n) = SHA_HTONL(inbuf[n])
-+#define LOAD(n) XW(n) = (((PRUint32)inbuf[4*n])<<24)|(((PRUint32)inbuf[4*n+1])<<16)|(((PRUint32)inbuf[4*n+2])<<8)|((PRUint32)inbuf[4*n+3])
-
- A = XH(0);
- B = XH(1);
diff --git a/external/nss/ubsan.patch.0 b/external/nss/ubsan.patch.0
index 1254afd0c4ad..059a9f3b2c0a 100644
--- a/external/nss/ubsan.patch.0
+++ b/external/nss/ubsan.patch.0
@@ -1,14 +1,3 @@
---- nss/lib/certdb/crl.c
-+++ nss/lib/certdb/crl.c
-@@ -1982,7 +1982,7 @@
- return SECSuccess;
- }
- /* all CRLs are good, sort them by thisUpdate */
-- qsort(cache->crls, cache->ncrls, sizeof(CachedCrl*), SortCRLsByThisUpdate);
-+ if (cache->ncrls != 0) qsort(cache->crls, cache->ncrls, sizeof(CachedCrl*), SortCRLsByThisUpdate);
-
- if (cache->ncrls) {
- /* pick the newest CRL */
--- nss/lib/softoken/legacydb/pk11db.c
+++ nss/lib/softoken/legacydb/pk11db.c
@@ -65,7 +65,7 @@
More information about the Libreoffice-commits
mailing list