[Libreoffice-commits] core.git: Branch 'distro/cib/libreoffice-5-4' - 4 commits - download.lst external/curl external/nss xmlsecurity/source
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Wed Aug 15 09:12:22 UTC 2018
download.lst | 4
external/curl/ExternalProject_curl.mk | 1
external/nss/nss.patch | 116 ++++++++++-------------
external/nss/nss.vs2015.patch | 10 +
xmlsecurity/source/xmlsec/nss/nssinitializer.cxx | 14 ++
5 files changed, 80 insertions(+), 65 deletions(-)
New commits:
commit 92fbe703f9ca480d3a2b8610d87e991c729edf77
Author: Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Tue Aug 7 18:11:41 2018 +0200
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Wed Aug 15 10:43:29 2018 +0200
nss: upgrade to release 3.38
Fixes CVE-2018-0495 and "the ASN.1 code".
(Remove one hunk of nss-android.patch.1 that should be obsolete with the
current Android toolchain baseline (but that hunk didn't exist in
libreoffice-6-0 or older anyway).)
Change-Id: I5516edec17b72f53acd2749e8840805eead077bc
Reviewed-on: https://gerrit.libreoffice.org/58697
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
(cherry picked from commit 3ef76067bfa1f9f60ec3989bd6b40a5760137903)
Reviewed-on: https://gerrit.libreoffice.org/58722
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
(cherry picked from commit e4874f777048535650a2bb1ce875e1a6e3e4b7ef)
diff --git a/download.lst b/download.lst
index eb284737b142..58617f6e8f3e 100644
--- a/download.lst
+++ b/download.lst
@@ -162,8 +162,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
export NEON_SHA256SUM := 00c626c0dc18d094ab374dbd9a354915bfe4776433289386ed489c2ec0845cdd
export NEON_TARBALL := 231adebe5c2f78fded3e3df6e958878e-neon-0.30.1.tar.gz
-export NSS_SHA256SUM := 571ef672468d92808d5a4cd15ee17f914720fbe377eb40fe18e8b9a4f3da24ee
-export NSS_TARBALL := nss-3.31.1-with-nspr-4.15.tar.gz
+export NSS_SHA256SUM := f271ec73291fa3e4bd4b59109f8035cc3a192fc33886f40ed4f9ee4b31c746e9
+export NSS_TARBALL := nss-3.38-with-nspr-4.19.tar.gz
export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2
export ODFGEN_VERSION_MICRO := 6
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2
diff --git a/external/nss/nss.vs2015.patch b/external/nss/nss.vs2015.patch
index de4f8762fd5b..c3e6b5a5acaa 100644
--- a/external/nss/nss.vs2015.patch
+++ b/external/nss/nss.vs2015.patch
@@ -10,3 +10,13 @@ diff -ru nss.org/nss/coreconf/WIN32.mk nss/nss/coreconf/WIN32.mk
ifeq ($(_MSC_VER_GE_12),1)
OS_CFLAGS += -FS
endif
+--- a/nss/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc 2018-08-08 11:08:42.922939267 +0200
++++ b/nss/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc 2018-08-08 11:08:47.778929835 +0200
+@@ -6,6 +6,7 @@
+ #include "config.h"
+
+ #include <algorithm>
++#include <iterator>
+ #include <cstdlib>
+ #include <iostream>
+ #include <memory>
commit bb76a4045e8526f71425d9ca8ac3bcdc4feaa057
Author: Gautam Prajapati <gautamprajapati06 at gmail.com>
AuthorDate: Mon Aug 28 18:17:29 2017 +0530
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Wed Aug 15 10:42:05 2018 +0200
nss: Upgrade to release 3.31.1 and update patches
This commit updates the NSS to release 3.31.1 and NSPR
to 4.15. It also updates the external/nss/nss.patch and
external/nss/nss-android.patch to incorporate the
NSS source changes.
Change-Id: Icdd933b67e717f8d91622cd5f6001e34e261b746
Reviewed-on: https://gerrit.libreoffice.org/41636
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Michael Stahl <mstahl at redhat.com>
(cherry picked from commit c6df07f905cd9562132b06e44f90b0479b250f7a)
diff --git a/download.lst b/download.lst
index 2b194a8cd40e..eb284737b142 100644
--- a/download.lst
+++ b/download.lst
@@ -162,8 +162,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
export NEON_SHA256SUM := 00c626c0dc18d094ab374dbd9a354915bfe4776433289386ed489c2ec0845cdd
export NEON_TARBALL := 231adebe5c2f78fded3e3df6e958878e-neon-0.30.1.tar.gz
-export NSS_SHA256SUM := 8cb8624147737d1b4587c50bf058afbb6effc0f3c205d69b5ef4077b3bfed0e4
-export NSS_TARBALL := nss-3.29.5-with-nspr-4.13.1.tar.gz
+export NSS_SHA256SUM := 571ef672468d92808d5a4cd15ee17f914720fbe377eb40fe18e8b9a4f3da24ee
+export NSS_TARBALL := nss-3.31.1-with-nspr-4.15.tar.gz
export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2
export ODFGEN_VERSION_MICRO := 6
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2
diff --git a/external/nss/nss.patch b/external/nss/nss.patch
index b3b932343d83..1eb0bf70d866 100644
--- a/external/nss/nss.patch
+++ b/external/nss/nss.patch
@@ -1,5 +1,16 @@
---- a/nss.orig/nspr/pr/src/misc/prnetdb.c 2016-02-12 14:51:25.000000000 +0100
-+++ b/nss/nspr/pr/src/misc/prnetdb.c 2016-03-04 19:23:00.462892600 +0100
+--- a/a/nspr/configure 2017-08-29 23:44:13.686045013 +0530
++++ b/b/nspr/configure 2017-08-29 23:46:53.774768655 +0530
+@@ -7034,7 +7034,7 @@
+ PR_MD_CSRCS=linux.c
+ MKSHLIB='$(CC) $(DSO_LDOPTS) -o $@'
+ DSO_CFLAGS=-fPIC
+- DSO_LDOPTS='-shared -Wl,-soname -Wl,$(notdir $@)'
++ DSO_LDOPTS='-shared -Wl,-z,origin -Wl,-rpath,\$$ORIGIN -Wl,-soname -Wl,$(notdir $@)'
+ _OPTIMIZE_FLAGS=-O2
+ _DEBUG_FLAGS="-g -fno-inline" # most people on linux use gcc/gdb, and that
+ # combo is not yet good at debugging inlined
+--- a/nss.orig/nspr/pr/src/misc/prnetdb.c 2017-08-29 23:44:13.690045031 +0530
++++ b/nss/nspr/pr/src/misc/prnetdb.c 2017-08-29 23:47:03.810814019 +0530
@@ -438,7 +438,7 @@
char *buf = *bufp;
PRIntn buflen = *buflenp;
@@ -9,21 +20,8 @@
PRIntn skip = align - ((ptrdiff_t)buf & (align - 1));
if (buflen < skip) {
return 0;
-diff -ru a/nspr/configure b/nspr/configure
---- a/a/nspr/configure 2014-09-29 16:46:38.427423757 +0100
-+++ b/b/nspr/configure 2014-09-29 16:47:42.984012225 +0100
-@@ -7018,7 +7018,7 @@
- PR_MD_CSRCS=linux.c
- MKSHLIB='$(CC) $(DSO_LDOPTS) -o $@'
- DSO_CFLAGS=-fPIC
-- DSO_LDOPTS='-shared -Wl,-soname -Wl,$(notdir $@)'
-+ DSO_LDOPTS='-shared -Wl,-z,origin -Wl,-rpath,\$$ORIGIN -Wl,-soname -Wl,$(notdir $@)'
- _OPTIMIZE_FLAGS=-O2
- _DEBUG_FLAGS="-g -fno-inline" # most people on linux use gcc/gdb, and that
- # combo is not yet good at debugging inlined
-diff -ru a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk
---- a/a/nss/cmd/platlibs.mk 2014-09-29 16:46:38.306422654 +0100
-+++ b/b/nss/cmd/platlibs.mk 2014-09-29 16:47:42.987012253 +0100
+--- a/a/nss/cmd/platlibs.mk 2017-08-29 23:44:13.554044416 +0530
++++ b/b/nss/cmd/platlibs.mk 2017-08-29 23:46:09.638569150 +0530
@@ -10,17 +10,22 @@
ifeq ($(OS_ARCH), SunOS)
@@ -51,10 +49,9 @@ diff -ru a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk
endif
endif
-diff -ru nss.orig/nss/coreconf/arch.mk nss/nss/coreconf/arch.mk
---- a/nss.orig/nss/coreconf/arch.mk 2016-02-12 15:36:18.000000000 +0100
-+++ b/nss/nss/coreconf/arch.mk 2016-02-23 20:48:31.595941079 +0100
-@@ -280,11 +280,17 @@
+--- a/nss.org/nss/coreconf/arch.mk 2017-08-29 23:44:13.646044832 +0530
++++ b/nss/nss/coreconf/arch.mk 2017-08-29 23:45:51.494487134 +0530
+@@ -305,11 +305,17 @@
OBJDIR_NAME_COMPILER = $(COMPILER_TAG)
endif
OBJDIR_NAME_BASE = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(OBJDIR_NAME_COMPILER)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG)
@@ -74,9 +71,8 @@ diff -ru nss.orig/nss/coreconf/arch.mk nss/nss/coreconf/arch.mk
#
# Define USE_DEBUG_RTL if you want to use the debug runtime library
# (RTL) in the debug build
-diff -ru a/nss/coreconf/FreeBSD.mk b/nss/coreconf/FreeBSD.mk
---- a/a/nss/coreconf/FreeBSD.mk 2014-09-29 16:46:38.189421588 +0100
-+++ b/b/nss/coreconf/FreeBSD.mk 2014-09-29 16:47:42.984012225 +0100
+--- a/nss.org/nss/coreconf/FreeBSD.mk 2017-08-29 23:44:13.642044814 +0530
++++ b/nss/nss/coreconf/FreeBSD.mk 2017-08-29 23:45:20.850348615 +0530
@@ -25,6 +25,7 @@
DSO_CFLAGS = -fPIC
@@ -85,19 +81,18 @@ diff -ru a/nss/coreconf/FreeBSD.mk b/nss/coreconf/FreeBSD.mk
#
# The default implementation strategy for FreeBSD is pthreads.
-diff -ru a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk
---- a/a/nss/coreconf/Linux.mk 2014-09-29 16:46:38.189421588 +0100
-+++ b/b/nss/coreconf/Linux.mk 2014-09-29 16:47:42.985012235 +0100
-@@ -157,7 +160,7 @@
+--- a/nss.org/nss/coreconf/Linux.mk 2017-08-29 23:44:13.642044814 +0530
++++ b/nss/nss/coreconf/Linux.mk 2017-08-29 23:47:26.318915759 +0530
+@@ -147,7 +147,7 @@
+ # Also, -z defs conflicts with Address Sanitizer, which emits relocations
# against the libsanitizer runtime built into the main executable.
ZDEFS_FLAG = -Wl,-z,defs
- ifneq ($(USE_ASAN),1)
-DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))
-+DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) -Wl,-z,origin '-Wl,-rpath,$$ORIGIN'
- endif
- LDFLAGS += $(ARCHFLAG)
++DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) -Wl,-z,origin '-Wl,-rpath,$$ORIGIN'
+ LDFLAGS += $(ARCHFLAG) -z noexecstack
-@@ -189,8 +192,13 @@
+ # On Maemo, we need to use the -rpath-link flag for even the standard system
+@@ -177,8 +177,13 @@
endif
endif
@@ -111,9 +106,8 @@ diff -ru a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk
# The -rpath '$$ORIGIN' linker option instructs this library to search for its
# dependencies in the same directory where it resides.
-diff -ru a/nss/coreconf/rules.mk b/nss/coreconf/rules.mk
---- a/a/nss/coreconf/rules.mk 2014-09-29 16:46:38.188421578 +0100
-+++ b/b/nss/coreconf/rules.mk 2014-09-29 16:47:42.986012244 +0100
+--- a/nss.org/nss/coreconf/rules.mk 2017-08-29 23:44:13.646044832 +0530
++++ b/nss/nss/coreconf/rules.mk 2017-08-29 23:47:37.442966042 +0530
@@ -261,7 +261,7 @@
ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
$(AR) $(subst /,\\,$(OBJS))
@@ -123,34 +117,43 @@ diff -ru a/nss/coreconf/rules.mk b/nss/coreconf/rules.mk
endif
$(RANLIB) $@
-diff -ru a/nss/coreconf/SunOS5.mk b/nss/coreconf/SunOS5.mk
---- a/a/nss/coreconf/SunOS5.mk 2014-09-29 16:46:38.175421471 +0100
-+++ b/b/nss/coreconf/SunOS5.mk 2014-09-29 16:47:42.985012235 +0100
-@@ -48,8 +48,12 @@
+--- a/nss.org/nss/coreconf/SunOS5.mk 2017-08-29 23:44:13.646044832 +0530
++++ b/nss/nss/coreconf/SunOS5.mk 2017-08-29 23:45:00.902258445 +0530
+@@ -48,8 +48,11 @@
# OPTIMIZER += -mno-omit-leaf-frame-pointer -fno-omit-frame-pointer
endif
else
- CC = cc
- CCC = CC
-+# CC is taken from environment automatically.
-+# CC = cc
-+# Use CXX from environment.
-+# CCC = CC
-+ CCC = $(CXX)
-+
++ # CC is taken from environment automatically.
++ # CC = cc
++ # Use CXX from environment.
++ # CCC = CC
++ CCC = $(CXX)
ASFLAGS += -Wa,-P
OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG)
ifndef BUILD_OPT
-diff -ru a/nss/Makefile b/nss/Makefile
---- a/a/nss/Makefile 2014-09-29 16:46:38.171421425 +0100
-+++ b/b/nss/Makefile 2014-09-29 16:47:42.987012253 +0100
+--- a/nss.org/nss/coreconf/Werror.mk 2017-08-29 23:44:13.646044832 +0530
++++ b/nss/nss/coreconf/Werror.mk 2017-08-29 23:44:23.994091608 +0530
+@@ -94,7 +94,8 @@
+ endif #ndef NSS_ENABLE_WERROR
+
+ ifeq ($(NSS_ENABLE_WERROR),1)
+- WARNING_CFLAGS += -Werror
++ # We do not treat warnings as errors.
++ # WARNING_CFLAGS += -Werror
+ else
+ # Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions.
+ # Use this to disable use of that #pragma and the warnings it suppresses.
+--- a/nss.org/nss/Makefile 2017-08-29 23:44:13.402043729 +0530
++++ b/nss/nss/Makefile 2017-08-29 23:44:39.774162939 +0530
@@ -1,3 +1,5 @@
+export AR
+export RANLIB
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
-@@ -91,10 +91,10 @@
+@@ -89,10 +91,10 @@
NSPR_CONFIGURE_ENV = CC=gcc CXX=g++
endif
ifdef CC
@@ -163,16 +166,3 @@ diff -ru a/nss/Makefile b/nss/Makefile
endif
# Remove -arch definitions. NSPR can't handle that.
NSPR_CONFIGURE_ENV := $(filter-out -arch x86_64,$(NSPR_CONFIGURE_ENV))
-diff -ru nss.orig/nss/coreconf/Werror.mk nss/nss/coreconf/Werror.mk
---- a/nss.orig/nss/coreconf/Werror.mk 2016-02-12 15:36:18.000000000 +0100
-+++ b/nss/nss/coreconf/Werror.mk 2016-02-23 23:58:15.119584046 +0100
-@@ -94,7 +94,8 @@
- endif #ndef NSS_ENABLE_WERROR
-
- ifeq ($(NSS_ENABLE_WERROR),1)
-- WARNING_CFLAGS += -Werror
-+# We do not treat warnings as errors.
-+# WARNING_CFLAGS += -Werror
- else
- # Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions.
- # Use this to disable use of that #pragma and the warnings it suppresses.
commit f7115bc3fced2cf9b604d8f9890c063599b09cc5
Author: Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Thu Aug 9 11:55:09 2018 +0200
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Wed Aug 15 10:42:05 2018 +0200
xmlsecurity: nsscrypto_initialize: try to avoid profile migration
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.35_release_notes
NSS 3.35 and later will automatically migrate migrate profiles from the
old "dbm:" BDB format to the new "sql:" SQLite format.
The new format can be read by NSS 3.12 and later, which is old enough that
it can be assumed to be available.
However LibreOffice still shouldn't migrate the profile on its own:
LO typically uses a Mozilla Firefox or Thunderbird profile, and if it is
a system Firefox with system NSS libraries, then it's probably a bad
idea for LO to migrate the profile under Firefox's nose, particularly
considering the "partial migration" scenario if the profile is
password-protected.
Try to avoid this by checking if the profile is the old format and
explicitly using the "dbm:" prefix to prevent the migration.
Change-Id: I06480522f830ce74e2fb7bf79fee84ad80979b82
Reviewed-on: https://gerrit.libreoffice.org/58756
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
(cherry picked from commit 61688aa1abd9db9adbb8dc5d5aacc6269b21fd27)
Reviewed-on: https://gerrit.libreoffice.org/58974
(cherry picked from commit dc5474b2e2f361eec981c6955630dbb020442eae)
diff --git a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
index b970b7d4cb38..0b33800deadd 100644
--- a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
+++ b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
@@ -258,6 +258,20 @@ bool nsscrypto_initialize( const css::uno::Reference< css::uno::XComponentContex
// there might be no profile
if ( !sCertDir.isEmpty() )
{
+ if (sCertDir.indexOf(':') == -1) //might be env var with explicit prefix
+ {
+ OUString sCertDirURL;
+ osl::FileBase::getFileURLFromSystemPath(
+ OStringToOUString(sCertDir, osl_getThreadTextEncoding()),
+ sCertDirURL);
+ osl::DirectoryItem item;
+ if (osl::FileBase::E_NOENT != osl::DirectoryItem::get(sCertDirURL + "/cert8.db", item) &&
+ osl::FileBase::E_NOENT == osl::DirectoryItem::get(sCertDirURL + "/cert9.db", item))
+ {
+ SAL_INFO("xmlsecurity.xmlsec", "nsscrypto_initialize: trying to avoid profile migration");
+ sCertDir = "dbm:" + sCertDir;
+ }
+ }
if( NSS_InitReadWrite( sCertDir.getStr() ) != SECSuccess )
{
SAL_INFO("xmlsecurity.xmlsec", "Initializing NSS with profile failed.");
commit df704282888b7d3fe17c781aae83541896c4a4b4
Author: Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Mon Jul 9 12:33:33 2018 +0200
Commit: Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Wed Aug 15 10:42:05 2018 +0200
curl: in 7.52.1, the parameter is documented as --with-libidn2,
but actually it is --with-libidn (it's consistent in later versions).
Change-Id: Ib24767974173e4c737fc10d9420e6dbad3440239
(cherry picked from commit 66a2c1fe2e4fd57987ae62f6274a89fab0fab58a)
diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk
index 27669e367f16..155ad3c31834 100644
--- a/external/curl/ExternalProject_curl.mk
+++ b/external/curl/ExternalProject_curl.mk
@@ -47,6 +47,7 @@ $(call gb_ExternalProject_get_state_target,curl,build):
$(if $(ENABLE_NSS),--with-nss$(if $(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out"),--without-nss)) \
--without-ssl --without-gnutls --without-polarssl --without-cyassl --without-axtls \
--enable-ftp --enable-http --enable-ipv6 \
+ --without-libidn \
--without-libidn2 --without-libpsl --without-librtmp \
--without-libssh2 --without-metalink --without-nghttp2 \
--disable-ares \
More information about the Libreoffice-commits
mailing list