[Libreoffice-commits] core.git: Branch 'libreoffice-6-1' - 2 commits - download.lst external/nss xmlsecurity/source

Libreoffice Gerrit user logerrit at kemper.freedesktop.org
Tue Aug 14 19:00:50 UTC 2018 

 download.lst                                     |    4 +--
 external/nss/nss-android.patch.1                 |   25 -----------------------
 external/nss/nss.vs2015.patch                    |   10 +++++++++
 xmlsecurity/source/xmlsec/nss/nssinitializer.cxx |   14 ++++++++++++
 4 files changed, 26 insertions(+), 27 deletions(-)

New commits:
commit 905b46799d2b94173ec0275e26ad25f4ab20f4f8
Author:     Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Thu Aug 9 11:55:09 2018 +0200
Commit:     Christian Lohmaier <lohmaier+LibreOffice at googlemail.com>
CommitDate: Tue Aug 14 21:00:40 2018 +0200

    xmlsecurity: nsscrypto_initialize: try to avoid profile migration
    
    https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.35_release_notes
    
    NSS 3.35 and later will automatically migrate migrate profiles from the
    old "dbm:" BDB format to the new "sql:" SQLite format.
    
    The new format can be read by NSS 3.12 and later, which is old enough that
    it can be assumed to be available.
    
    However LibreOffice still shouldn't migrate the profile on its own:
    LO typically uses a Mozilla Firefox or Thunderbird profile, and if it is
    a system Firefox with system NSS libraries, then it's probably a bad
    idea for LO to migrate the profile under Firefox's nose, particularly
    considering the "partial migration" scenario if the profile is
    password-protected.
    
    Try to avoid this by checking if the profile is the old format and
    explicitly using the "dbm:" prefix to prevent the migration.
    
    Change-Id: I06480522f830ce74e2fb7bf79fee84ad80979b82
    Reviewed-on: https://gerrit.libreoffice.org/58756
    Tested-by: Jenkins
    Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
    (cherry picked from commit 61688aa1abd9db9adbb8dc5d5aacc6269b21fd27)
    Reviewed-on: https://gerrit.libreoffice.org/58973
    Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice at googlemail.com>

diff --git a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
index c402e2833604..af1cf9816ebb 100644
--- a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
+++ b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
@@ -244,6 +244,20 @@ bool nsscrypto_initialize( const css::uno::Reference< css::uno::XComponentContex
     // there might be no profile
     if ( !sCertDir.isEmpty() )
     {
+        if (sCertDir.indexOf(':') == -1) //might be env var with explicit prefix
+        {
+            OUString sCertDirURL;
+            osl::FileBase::getFileURLFromSystemPath(
+                OStringToOUString(sCertDir, osl_getThreadTextEncoding()),
+                sCertDirURL);
+            osl::DirectoryItem item;
+            if (osl::FileBase::E_NOENT != osl::DirectoryItem::get(sCertDirURL + "/cert8.db", item) &&
+                osl::FileBase::E_NOENT == osl::DirectoryItem::get(sCertDirURL + "/cert9.db", item))
+            {
+                SAL_INFO("xmlsecurity.xmlsec", "nsscrypto_initialize: trying to avoid profile migration");
+                sCertDir = "dbm:" + sCertDir;
+            }
+        }
         if( NSS_InitReadWrite( sCertDir.getStr() ) != SECSuccess )
         {
             SAL_INFO("xmlsecurity.xmlsec", "Initializing NSS with profile failed.");
commit 54be5edb1b6d72efa0150f0482b6313fd26fbfb2
Author:     Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Tue Aug 7 18:11:41 2018 +0200
Commit:     Christian Lohmaier <lohmaier+LibreOffice at googlemail.com>
CommitDate: Tue Aug 14 21:00:28 2018 +0200

    nss: upgrade to release 3.38
    
    Fixes CVE-2018-0495 and "the ASN.1 code".
    
    Remove one hunk of nss-android.patch.1 that should be obsolete with the
    current Android toolchain baseline.
    
    Change-Id: I5516edec17b72f53acd2749e8840805eead077bc
    Reviewed-on: https://gerrit.libreoffice.org/58697
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
    (cherry picked from commit 3ef76067bfa1f9f60ec3989bd6b40a5760137903)
    Reviewed-on: https://gerrit.libreoffice.org/58719
    Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice at googlemail.com>

diff --git a/download.lst b/download.lst
index 1f294d5d01c6..9caade651421 100644
--- a/download.lst
+++ b/download.lst
@@ -181,8 +181,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
 export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
 export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca
 export NEON_TARBALL := neon-0.30.2.tar.gz
-export NSS_SHA256SUM := 878d505ec0be577c45990c57eb5d2e5c8696bfa3412bd0fae193b275297bf5c4
-export NSS_TARBALL := nss-3.33-with-nspr-4.17.tar.gz
+export NSS_SHA256SUM := f271ec73291fa3e4bd4b59109f8035cc3a192fc33886f40ed4f9ee4b31c746e9
+export NSS_TARBALL := nss-3.38-with-nspr-4.19.tar.gz
 export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2
 export ODFGEN_VERSION_MICRO := 6
 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2
diff --git a/external/nss/nss-android.patch.1 b/external/nss/nss-android.patch.1
index 6dc43c1b4ffe..d37c70f16ace 100644
--- a/external/nss/nss-android.patch.1
+++ b/external/nss/nss-android.patch.1
@@ -48,28 +48,3 @@ diff -ur nss.org/nss/Makefile nss/nss/Makefile
                         --with-android-toolchain=$(ANDROID_TOOLCHAIN) \
                         --with-android-platform=$(ANDROID_SYSROOT)
 unified headers / ndk16 does have it in it's support module
-diff -ur nss.org/nspr/pr/src/md/unix/unix.c nss/nspr/pr/src/md/unix/unix.c
---- nss.org/nspr/pr/src/md/unix/unix.c	2017-11-22 01:19:16.098553361 +0100
-+++ nss/nspr/pr/src/md/unix/unix.c	2017-11-22 01:20:03.794550181 +0100
-@@ -2714,21 +2714,6 @@
- #endif /* defined(_PR_NO_LARGE_FILES) || defined(SOLARIS2_5) */
- 
- /* Android <= 19 doesn't have mmap64. */
--#if defined(ANDROID) && __ANDROID_API__ <= 19
--PR_IMPORT(void) *__mmap2(void *, size_t, int, int, int, size_t);
--
--#define ANDROID_PAGE_SIZE 4096
--
--static void *
--mmap64(void *addr, size_t len, int prot, int flags, int fd, loff_t offset)
--{
--    if (offset & (ANDROID_PAGE_SIZE - 1)) {
--        errno = EINVAL;
--        return MAP_FAILED;
--    }
--    return __mmap2(addr, len, prot, flags, fd, offset / ANDROID_PAGE_SIZE);
--}
--#endif
- 
- #if defined(OSF1) && defined(__GNUC__)
- 
diff --git a/external/nss/nss.vs2015.patch b/external/nss/nss.vs2015.patch
index de4f8762fd5b..c3e6b5a5acaa 100644
--- a/external/nss/nss.vs2015.patch
+++ b/external/nss/nss.vs2015.patch
@@ -10,3 +10,13 @@ diff -ru nss.org/nss/coreconf/WIN32.mk nss/nss/coreconf/WIN32.mk
      ifeq ($(_MSC_VER_GE_12),1)
  	OS_CFLAGS += -FS
      endif
+--- a/nss/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc	2018-08-08 11:08:42.922939267 +0200
++++ b/nss/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc	2018-08-08 11:08:47.778929835 +0200
+@@ -6,6 +6,7 @@
+ #include "config.h"
+ 
+ #include <algorithm>
++#include <iterator>
+ #include <cstdlib>
+ #include <iostream>
+ #include <memory>

More information about the Libreoffice-commits mailing list