download.lst | 4 external/nss/ExternalProject_nss.mk | 6 external/nss/UnpackedTarball_nss.mk | 37 +- external/nss/clang-cl.patch.0 | 16 external/nss/nsinstall.py | 7 external/nss/nss-3.13.5-zlib-werror.patch | 7 external/nss/nss-chromium-nss-static.patch | 487 ----------------------------- external/nss/nss-more-static.patch | 39 -- external/nss/nss-win32-make.patch.1 | 2 external/nss/nss.aix.patch | 2 external/nss/nss.patch | 27 - external/nss/nss.vs2015.pdb.patch | 4 external/nss/nss.windows.patch | 4 13 files changed, 53 insertions(+), 589 deletions(-)
New commits: commit 55facd5b80348ec5621fda3c0c021a4021e1208b Author: Michael Stahl <[email protected]> AuthorDate: Fri Aug 7 18:57:00 2020 +0200 Commit: Andras Timar <[email protected]> CommitDate: Sun Oct 10 21:02:31 2021 +0200 nss: upgrade to release 3.55.0 Fixes CVE-2020-6829, CVE-2020-12400 CVE-2020-12401 CVE-2020-12403. (also CVE-2020-12402 CVE-2020-12399 in older releases since 3.47) * external/nss/nss.nspr-parallel-win-debug_build.patch: remove, merged upstream Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100345 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 495a5944a3d442cfe748a3bb0dcef76f6a961d30) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100420 Reviewed-by: Xisco Fauli <[email protected]> (cherry picked from commit 227d30a3a17f2fffb1a166cdc3e2a796bb335214) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100590 Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit 94cecbfdf3cf01fe3d5658c7edf78696da2a249f) Change-Id: I8b48e25ce68a2327cde1420abdaea8f9e51a7888 diff --git a/download.lst b/download.lst index 56b2885d968f..af2973526170 100644 --- a/download.lst +++ b/download.lst @@ -177,8 +177,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca export NEON_TARBALL := neon-0.30.2.tar.gz -export NSS_SHA256SUM := 861a4510b7c21516f49a4cfa5b871aa796e4e1ef2dfe949091970e56f9d60cdf -export NSS_TARBALL := nss-3.53-with-nspr-4.25.tar.gz +export NSS_SHA256SUM := ec6032d78663c6ef90b4b83eb552dedf721d2bce208cec3bf527b8f637db7e45 +export NSS_TARBALL := nss-3.55-with-nspr-4.27.tar.gz export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2 export ODFGEN_VERSION_MICRO := 6 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2 diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index 92902b2da6bf..2e6e7f80e3ee 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -21,7 +21,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/clang-cl.patch.0 \ external/nss/nss.vs2015.patch \ external/nss/nss.vs2015.pdb.patch \ - external/nss/nss.nspr-parallel-win-debug_build.patch \ $(if $(filter iOS,$(OS)), \ external/nss/nss-ios.patch) \ $(if $(filter ANDROID,$(OS)), \ diff --git a/external/nss/nss.nspr-parallel-win-debug_build.patch b/external/nss/nss.nspr-parallel-win-debug_build.patch deleted file mode 100644 index 86b55e1ccf7f..000000000000 --- a/external/nss/nss.nspr-parallel-win-debug_build.patch +++ /dev/null @@ -1,40 +0,0 @@ -Änderung: 4866:23940b78e965 -Nutzer: Jan-Marek Glogowski <[email protected]> -Datum: Fri May 01 22:50:55 2020 +0000 -Dateien: pr/tests/Makefile.in -Beschreibung: -Bug 290526 Write separate PDBs for test OBJs r=glandium - -Quite often when running a parallel NSS build, I get the following -compiler error message, resulting in a build failure, despite -compiling with the -FS flag: - -.../nss/nspr/pr/tests/zerolen.c: fatal error C1041: -Programmdatenbank "...\nss\nspr\out\pr\tests\vc140.pdb" kann nicht -ge<94>ffnet werden; verwenden Sie /FS, wenn mehrere CL.EXE in -dieselbe .PDB-Datei schreiben. - -The failing source file is always one of the last test object -files. But the actual problem is not the compiler accessing the -PDB file, but the linker already linking the first test -executables accessing the shared PDB; at least that's my guess. - -So instead of using a shared PDB for all test object files, this -uses -Fd$(@:.$(OBJ_SUFFIX)=.pdb) to write a separate PDB for every -test's object file. The linker works fine with the shared OBJ PDB. - -Differential Revision: https://phabricator.services.mozilla.com/D68693 - - -diff -r 219d131499d5 -r 23940b78e965 nss/nspr/pr/tests/Makefile.in ---- a/nss/nspr/pr/tests/Makefile.in Mon Feb 10 20:58:42 2020 +0000 -+++ b/nss/nspr/pr/tests/Makefile.in Fri May 01 22:50:55 2020 +0000 -@@ -211,6 +211,7 @@ - else - EXTRA_LIBS += ws2_32.lib - LDOPTS = -NOLOGO -DEBUG -DEBUGTYPE:CV -INCREMENTAL:NO -+ CFLAGS += -Fd$(@:.$(OBJ_SUFFIX)=.pdb) - ifdef PROFILE - LDOPTS += -PROFILE -MAP - endif # profile - commit 51db9cdee0cfd9fcc6d3a59be2fe8bea65b8cdab Author: Jan-Marek Glogowski <[email protected]> AuthorDate: Wed Jun 26 18:09:19 2019 +0200 Commit: Andras Timar <[email protected]> CommitDate: Sun Oct 10 21:02:24 2021 +0200 NSS: enable parallel build Since NSS 3.53, the Makefile based build should be fixed (upstream bug 290526). The only missing patch is a minimal NSPR fix for the "NSPR, configure + make, parallel, Windows, MS VS, debug" build. That patch isn't incuded in the NSPR 4.25 release (but it's already in the mercurial repo for NSPR 4.26). Reviewed-on: https://gerrit.libreoffice.org/c/core/+/95218 Tested-by: Jenkins Reviewed-by: Jan-Marek Glogowski <[email protected]> (cherry picked from commit b56e8d6def26a0430853835e997f1be841840a61) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100419 Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit c1bce55faebd9ad8751d7b6b9a7f77dff7b3d507) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100589 (cherry picked from commit 3e4dbb1708d4b3b7619602b63602b884a7bb2caa) Change-Id: I8eaa3792a12bdff734e56ac3f552991478957e23 diff --git a/download.lst b/download.lst index f82d9ffee7e4..56b2885d968f 100644 --- a/download.lst +++ b/download.lst @@ -177,8 +177,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca export NEON_TARBALL := neon-0.30.2.tar.gz -export NSS_SHA256SUM := 07d4276168f59bb3038c7826dabb5fbfbab8336ddf65e4e6e43bce89ada78c64 -export NSS_TARBALL := nss-3.47.1-with-nspr-4.23.tar.gz +export NSS_SHA256SUM := 861a4510b7c21516f49a4cfa5b871aa796e4e1ef2dfe949091970e56f9d60cdf +export NSS_TARBALL := nss-3.53-with-nspr-4.25.tar.gz export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2 export ODFGEN_VERSION_MICRO := 6 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2 diff --git a/external/nss/ExternalProject_nss.mk b/external/nss/ExternalProject_nss.mk index 8ce10b0a4ee9..3409427b69b1 100644 --- a/external/nss/ExternalProject_nss.mk +++ b/external/nss/ExternalProject_nss.mk @@ -19,11 +19,11 @@ ifeq ($(OS),WNT) $(call gb_ExternalProject_get_state_target,nss,build): $(call gb_ExternalExecutable_get_dependencies,python) $(call gb_ExternalProject_run,build,\ $(if $(MSVC_USE_DEBUG_RUNTIME),USE_DEBUG_RTL=1,BUILD_OPT=1) \ - MOZ_MSVCVERSION=9 OS_TARGET=WIN95 \ + OS_TARGET=WIN95 \ $(if $(filter X86_64,$(CPUNAME)),USE_64=1) \ LIB="$(ILIB)" \ XCFLAGS="-arch:SSE $(SOLARINC)" \ - $(MAKE) -j1 nss_build_all RC="rc.exe $(SOLARINC)" \ + $(MAKE) nss_build_all RC="rc.exe $(SOLARINC)" \ NSINSTALL='$(call gb_ExternalExecutable_get_command,python) $(SRCDIR)/external/nss/nsinstall.py' \ ,nss) @@ -45,7 +45,7 @@ $(call gb_ExternalProject_get_state_target,nss,build): $(call gb_ExternalExecuta $(if $(filter IOS-ARM,$(OS)-$(CPUNAME)),CPU_ARCH=arm) \ NSPR_CONFIGURE_OPTS="--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)") \ NSDISTMODE=copy \ - $(MAKE) -j1 AR="$(AR)" \ + $(MAKE) AR="$(AR)" \ RANLIB="$(RANLIB)" \ NMEDIT="$(NM)edit" \ COMMA=$(COMMA) \ diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index f1c025093216..92902b2da6bf 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -12,32 +12,32 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,nss)) $(eval $(call gb_UnpackedTarball_set_tarball,nss,$(NSS_TARBALL))) $(eval $(call gb_UnpackedTarball_add_patches,nss,\ - external/nss/nss.patch \ - external/nss/nss.aix.patch \ - external/nss/nss-3.13.5-zlib-werror.patch \ - external/nss/nss_macosx.patch \ - external/nss/nss-win32-make.patch.1 \ - $(if $(filter WNT,$(OS)),external/nss/nss.windows.patch \ - external/nss/nss.nowerror.patch \ - external/nss/nss.vs2015.patch) \ + external/nss/nss.patch \ + external/nss/nss.aix.patch \ + external/nss/nss-3.13.5-zlib-werror.patch \ + external/nss/nss_macosx.patch \ + external/nss/nss-win32-make.patch.1 \ external/nss/ubsan.patch.0 \ external/nss/clang-cl.patch.0 \ - $(if $(filter IOS,$(OS)), \ + external/nss/nss.vs2015.patch \ + external/nss/nss.vs2015.pdb.patch \ + external/nss/nss.nspr-parallel-win-debug_build.patch \ + $(if $(filter iOS,$(OS)), \ external/nss/nss-ios.patch) \ - $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \ - external/nss/nss.cygwin64.in32bit.patch) \ - $(if $(filter WNT,$(OS)), \ - external/nss/nss.vs2015.pdb.patch) \ - $(if $(filter WNT,$(OS)), \ - external/nss/nss.utf8bom.patch.1) \ - $(if $(filter ANDROID,$(OS)), \ - external/nss/nss-android.patch.1) \ + $(if $(filter ANDROID,$(OS)), \ + external/nss/nss-android.patch.1) \ + $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \ + external/nss/nss.cygwin64.in32bit.patch) \ + $(if $(filter WNT,$(OS)), \ + external/nss/nss.windows.patch \ + external/nss/nss.nowerror.patch \ + external/nss/nss.utf8bom.patch.1) \ )) ifeq ($(COM_IS_CLANG),TRUE) ifneq ($(filter -fsanitize=%,$(CC)),) $(eval $(call gb_UnpackedTarball_add_patches,nss,\ - external/nss/asan.patch.1 \ + external/nss/asan.patch.1 \ )) endif endif diff --git a/external/nss/nsinstall.py b/external/nss/nsinstall.py index 31b3de3450c5..80e9c1679373 100644 --- a/external/nss/nsinstall.py +++ b/external/nss/nsinstall.py @@ -155,7 +155,12 @@ def nsinstall(argv): target = args.pop() # ensure target directory if not os.path.isdir(target): - os.makedirs(target) + try: + os.makedirs(target) + except FileExistsError: + if not os.path.isdir(target): + sys.stderr.write('nsinstall: ' + target + ' is not a directoy!\n') + return 1 copy_all_entries(args, target) return 0 diff --git a/external/nss/nss-3.13.5-zlib-werror.patch b/external/nss/nss-3.13.5-zlib-werror.patch index 6cda50023f1b..0cdbf7808f81 100644 --- a/external/nss/nss-3.13.5-zlib-werror.patch +++ b/external/nss/nss-3.13.5-zlib-werror.patch @@ -1,9 +1,10 @@ --- a/a/nss/lib/zlib/gzguts.h 2010-08-22 03:07:03.000000000 +0200 +++ b/b/nss/lib/zlib/gzguts.h 2012-07-17 08:52:14.821552788 +0200 -@@ -26,6 +26,9 @@ - # include <limits.h> +@@ -26,6 +26,10 @@ + # define write _write + # define close _close #endif - #include <fcntl.h> ++ +#ifndef _WIN32 +#include <unistd.h> +#endif diff --git a/external/nss/nss-win32-make.patch.1 b/external/nss/nss-win32-make.patch.1 index bc5a759275e2..7ba3df451ee6 100644 --- a/external/nss/nss-win32-make.patch.1 +++ b/external/nss/nss-win32-make.patch.1 @@ -1,7 +1,7 @@ --- nss/nss/coreconf/rules.mk.orig2 2014-06-03 15:30:01.667200000 +0200 +++ nss/nss/coreconf/rules.mk 2014-06-03 15:30:14.537200000 +0200 @@ -259,7 +259,7 @@ - @$(MAKE_OBJDIR) + $(LIBRARY): $(OBJS) | $$(@D)/d rm -f $@ ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET))) - $(AR) $(subst /,\\,$(OBJS)) diff --git a/external/nss/nss.nspr-parallel-win-debug_build.patch b/external/nss/nss.nspr-parallel-win-debug_build.patch new file mode 100644 index 000000000000..86b55e1ccf7f --- /dev/null +++ b/external/nss/nss.nspr-parallel-win-debug_build.patch @@ -0,0 +1,40 @@ +Änderung: 4866:23940b78e965 +Nutzer: Jan-Marek Glogowski <[email protected]> +Datum: Fri May 01 22:50:55 2020 +0000 +Dateien: pr/tests/Makefile.in +Beschreibung: +Bug 290526 Write separate PDBs for test OBJs r=glandium + +Quite often when running a parallel NSS build, I get the following +compiler error message, resulting in a build failure, despite +compiling with the -FS flag: + +.../nss/nspr/pr/tests/zerolen.c: fatal error C1041: +Programmdatenbank "...\nss\nspr\out\pr\tests\vc140.pdb" kann nicht +ge<94>ffnet werden; verwenden Sie /FS, wenn mehrere CL.EXE in +dieselbe .PDB-Datei schreiben. + +The failing source file is always one of the last test object +files. But the actual problem is not the compiler accessing the +PDB file, but the linker already linking the first test +executables accessing the shared PDB; at least that's my guess. + +So instead of using a shared PDB for all test object files, this +uses -Fd$(@:.$(OBJ_SUFFIX)=.pdb) to write a separate PDB for every +test's object file. The linker works fine with the shared OBJ PDB. + +Differential Revision: https://phabricator.services.mozilla.com/D68693 + + +diff -r 219d131499d5 -r 23940b78e965 nss/nspr/pr/tests/Makefile.in +--- a/nss/nspr/pr/tests/Makefile.in Mon Feb 10 20:58:42 2020 +0000 ++++ b/nss/nspr/pr/tests/Makefile.in Fri May 01 22:50:55 2020 +0000 +@@ -211,6 +211,7 @@ + else + EXTRA_LIBS += ws2_32.lib + LDOPTS = -NOLOGO -DEBUG -DEBUGTYPE:CV -INCREMENTAL:NO ++ CFLAGS += -Fd$(@:.$(OBJ_SUFFIX)=.pdb) + ifdef PROFILE + LDOPTS += -PROFILE -MAP + endif # profile + diff --git a/external/nss/nss.windows.patch b/external/nss/nss.windows.patch index 9dbeaa946520..901846e7bc1f 100644 --- a/external/nss/nss.windows.patch +++ b/external/nss/nss.windows.patch @@ -18,8 +18,8 @@ -core_abspath = '$(if $(findstring :,$(1)),$(1),$(if $(filter /%,$(1)),$(1),$(PWD)/$(1)))' +core_abspath = '$(if $(findstring :,$(1)),$(1),$(if $(filter /%,$(shell cygpath -m $(1))),$(1),$(shell cygpath -m $(PWD)/$(1))))' - $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.c - @$(MAKE_OBJDIR) + $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.c | $$(@D)/d + ifdef USE_NT_C_SYNTAX --- a/a/nspr/pr/include/md/_win95.h +++ b/b/nspr/pr/include/md/_win95.h @@ -312,7 +312,7 @@ commit 1ce4ce551eb764079b10248aecf6e20c60e696a9 Author: Michael Stahl <[email protected]> AuthorDate: Mon Nov 25 12:34:28 2019 +0100 Commit: Andras Timar <[email protected]> CommitDate: Sun Oct 10 21:02:16 2021 +0200 nss: upgrade to release 3.47.1 Fixes CVE-2019-11745. Remove nss.fix-freebl-add-lcc-support.patch.1, fixed upstream. Reviewed-on: https://gerrit.libreoffice.org/83673 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit a6238c3fba80889f9090d997e2a4979b78b34ac7) Change-Id: I72e35c90fabb0a83f547a787dbaee774e35f9c08 diff --git a/download.lst b/download.lst index eae918049d89..f82d9ffee7e4 100644 --- a/download.lst +++ b/download.lst @@ -177,8 +177,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca export NEON_TARBALL := neon-0.30.2.tar.gz -export NSS_SHA256SUM := fae11751100510d26f16a245f0db9a5b3d638ab28ce0bccd50d4314f7e526ba1 -export NSS_TARBALL := nss-3.45-with-nspr-4.21.tar.gz +export NSS_SHA256SUM := 07d4276168f59bb3038c7826dabb5fbfbab8336ddf65e4e6e43bce89ada78c64 +export NSS_TARBALL := nss-3.47.1-with-nspr-4.23.tar.gz export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2 export ODFGEN_VERSION_MICRO := 6 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2 diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index 195e57197425..f1c025093216 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -22,7 +22,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/nss.vs2015.patch) \ external/nss/ubsan.patch.0 \ external/nss/clang-cl.patch.0 \ - external/nss/nss.fix-freebl-add-lcc-support.patch.1 \ $(if $(filter IOS,$(OS)), \ external/nss/nss-ios.patch) \ $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \ diff --git a/external/nss/clang-cl.patch.0 b/external/nss/clang-cl.patch.0 index 111ec934d147..1d615c2397d8 100644 --- a/external/nss/clang-cl.patch.0 +++ b/external/nss/clang-cl.patch.0 @@ -22,7 +22,7 @@ + defined(_M_ARM64)) && !defined __clang__ # include <intrin.h> # pragma intrinsic(_BitScanForward,_BitScanReverse) - __forceinline static int __prBitScanForward32(unsigned int val) + __forceinline static int __prBitScanForward32(unsigned int val) @@ -32,7 +32,7 @@ # define pr_bitscan_ctz32(val) __prBitScanForward32(val) # define pr_bitscan_clz32(val) __prBitScanReverse32(val) diff --git a/external/nss/nss.aix.patch b/external/nss/nss.aix.patch index da9aacb10e84..4b0c6bfb3261 100644 --- a/external/nss/nss.aix.patch +++ b/external/nss/nss.aix.patch @@ -38,7 +38,7 @@ diff -ru a/nspr/pr/src/Makefile.in b/nspr/pr/src/Makefile.in --- a/a/nspr/pr/src/Makefile.in 2014-09-29 16:46:35.281395079 +0100 +++ b/b/nspr/pr/src/Makefile.in 2014-09-29 16:50:33.909375948 +0100 @@ -74,7 +74,6 @@ - endif + endif # SunOS ifeq ($(OS_ARCH),AIX) -DSO_LDOPTS += -binitfini::_PR_Fini diff --git a/external/nss/nss.fix-freebl-add-lcc-support.patch.1 b/external/nss/nss.fix-freebl-add-lcc-support.patch.1 deleted file mode 100644 index 3e3c06327dde..000000000000 --- a/external/nss/nss.fix-freebl-add-lcc-support.patch.1 +++ /dev/null @@ -1,11 +0,0 @@ ---- b/nss/lib/freebl/Makefile -+++ a/nss/lib/freebl/Makefile -@@ -495,7 +495,7 @@ - ifdef USE_64 - # no __int128 at least up to lcc 1.23 (pretending to be gcc5) - # NB: CC_NAME is not defined here --ifneq ($(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q'),lcc) -+ifneq ($(shell $(CC) -? 2>&1 >/dev/null </dev/null | sed -e 's/:.*//;1q'),lcc) - ifdef CC_IS_CLANG - HAVE_INT128_SUPPORT = 1 - DEFINES += -DHAVE_INT128_SUPPORT diff --git a/external/nss/nss.patch b/external/nss/nss.patch index c367bce9097b..d9aaee5199bb 100644 --- a/external/nss/nss.patch +++ b/external/nss/nss.patch @@ -12,14 +12,14 @@ --- a/nss.orig/nspr/pr/src/misc/prnetdb.c 2017-08-29 23:44:13.690045031 +0530 +++ b/nss/nspr/pr/src/misc/prnetdb.c 2017-08-29 23:47:03.810814019 +0530 @@ -438,7 +438,7 @@ - char *buf = *bufp; - PRIntn buflen = *buflenp; + char *buf = *bufp; + PRIntn buflen = *buflenp; -- if (align && ((long)buf & (align - 1))) { -+ if (align && ((ptrdiff_t)buf & (align - 1))) { - PRIntn skip = align - ((ptrdiff_t)buf & (align - 1)); - if (buflen < skip) { - return 0; +- if (align && ((long)buf & (align - 1))) { ++ if (align && ((ptrdiff_t)buf & (align - 1))) { + PRIntn skip = align - ((ptrdiff_t)buf & (align - 1)); + if (buflen < skip) { + return 0; --- a/a/nss/cmd/platlibs.mk 2017-08-29 23:44:13.554044416 +0530 +++ b/b/nss/cmd/platlibs.mk 2017-08-29 23:46:09.638569150 +0530 @@ -10,17 +10,22 @@ diff --git a/external/nss/nss.vs2015.pdb.patch b/external/nss/nss.vs2015.pdb.patch index dc4f4638b476..c66940132cdd 100644 --- a/external/nss/nss.vs2015.pdb.patch +++ b/external/nss/nss.vs2015.pdb.patch @@ -18,5 +18,5 @@ diff -ru nss.orig/nss/coreconf/WIN32.mk nss/nss/coreconf/WIN32.mk - OPTIMIZER += -Zi -Fd$(OBJDIR)/ -Od + OPTIMIZER += -Zi -Fd./ -Od NULLSTRING := - SPACE := $(NULLSTRING) # end of the line - USERNAME := $(subst $(SPACE),_,$(USERNAME)) + DEFINES += -DDEBUG -UNDEBUG + DLLFLAGS += -DEBUG -OUT:$@ commit 5e9854eb56c0c2e74b9c63d27bb9d5ea41d5836c Author: Jan-Marek Glogowski <[email protected]> AuthorDate: Fri Jul 12 15:01:41 2019 +0200 Commit: Andras Timar <[email protected]> CommitDate: Sun Oct 10 21:02:09 2021 +0200 NSS fix lcc support patch This hangs the build process with current MSVC cl.exe. It even hangs when just calling "cl -? >/dev/null". Probably a cl.exe bug to detect redirection properly? This adds stdin redirection to /dev/null, like in configure.ac checks. Reviewed-on: https://gerrit.libreoffice.org/75495 Reviewed-by: Jan-Marek Glogowski <[email protected]> Reviewed-by: Tor Lillqvist <[email protected]> Tested-by: Tor Lillqvist <[email protected]> (cherry picked from commit b11ea5e9c37b19f0d60a4075146668954a7bf728) Change-Id: Ie03c3103ac68cd131dc280755621a8ce0417314f diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index f1c025093216..195e57197425 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -22,6 +22,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/nss.vs2015.patch) \ external/nss/ubsan.patch.0 \ external/nss/clang-cl.patch.0 \ + external/nss/nss.fix-freebl-add-lcc-support.patch.1 \ $(if $(filter IOS,$(OS)), \ external/nss/nss-ios.patch) \ $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \ diff --git a/external/nss/nss.fix-freebl-add-lcc-support.patch.1 b/external/nss/nss.fix-freebl-add-lcc-support.patch.1 new file mode 100644 index 000000000000..3e3c06327dde --- /dev/null +++ b/external/nss/nss.fix-freebl-add-lcc-support.patch.1 @@ -0,0 +1,11 @@ +--- b/nss/lib/freebl/Makefile ++++ a/nss/lib/freebl/Makefile +@@ -495,7 +495,7 @@ + ifdef USE_64 + # no __int128 at least up to lcc 1.23 (pretending to be gcc5) + # NB: CC_NAME is not defined here +-ifneq ($(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q'),lcc) ++ifneq ($(shell $(CC) -? 2>&1 >/dev/null </dev/null | sed -e 's/:.*//;1q'),lcc) + ifdef CC_IS_CLANG + HAVE_INT128_SUPPORT = 1 + DEFINES += -DHAVE_INT128_SUPPORT commit 2f19aa942e491587c0f1ea070bad4ddeb5ceba12 Author: Michael Stahl <[email protected]> AuthorDate: Wed Jul 10 12:20:00 2019 +0200 Commit: Andras Timar <[email protected]> CommitDate: Sun Oct 10 21:01:55 2021 +0200 nss: upgrade to release 3.45 Fixes CVE-2019-11729 CVE-2019-11719 CVE-2019-11727, and the less important CVE-2018-12384 and CVE-2018-12404 from intermediate releases. Since NSS 3.44 it's possible to build as static libraries and for iOS; drop the nss-chromium-nss-static.patch and nss-more-static.patch and hope that it works. Drop one hunk from nss.patch that looks fixed upstream. Reviewed-on: https://gerrit.libreoffice.org/75344 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 6efc8a33f69bc7f4be45b7b81f67cd74c163b99e) Change-Id: I7f37ac36f7f8dfd49d0bfb4a6185ca49d4f618a3 Reviewed-on: https://gerrit.libreoffice.org/75410 Reviewed-by: Michael Stahl <[email protected]> Tested-by: Michael Stahl <[email protected]> diff --git a/download.lst b/download.lst index 2a6a43bac53f..eae918049d89 100644 --- a/download.lst +++ b/download.lst @@ -177,8 +177,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca export NEON_TARBALL := neon-0.30.2.tar.gz -export NSS_SHA256SUM := f271ec73291fa3e4bd4b59109f8035cc3a192fc33886f40ed4f9ee4b31c746e9 -export NSS_TARBALL := nss-3.38-with-nspr-4.19.tar.gz +export NSS_SHA256SUM := fae11751100510d26f16a245f0db9a5b3d638ab28ce0bccd50d4314f7e526ba1 +export NSS_TARBALL := nss-3.45-with-nspr-4.21.tar.gz export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2 export ODFGEN_VERSION_MICRO := 6 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2 diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index 98cfe73ab4aa..f1c025093216 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -23,8 +23,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/ubsan.patch.0 \ external/nss/clang-cl.patch.0 \ $(if $(filter IOS,$(OS)), \ - external/nss/nss-chromium-nss-static.patch \ - external/nss/nss-more-static.patch \ external/nss/nss-ios.patch) \ $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \ external/nss/nss.cygwin64.in32bit.patch) \ diff --git a/external/nss/clang-cl.patch.0 b/external/nss/clang-cl.patch.0 index 684cf74d3ca6..111ec934d147 100644 --- a/external/nss/clang-cl.patch.0 +++ b/external/nss/clang-cl.patch.0 @@ -15,11 +15,11 @@ --- nspr/pr/include/prbit.h +++ nspr/pr/include/prbit.h @@ -14,7 +14,7 @@ - ** functions. */ #if defined(_WIN32) && (_MSC_VER >= 1300) && \ -- (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_ARM)) -+ (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_ARM)) && !defined __clang__ + (defined(_M_IX86) || defined(_M_X64) || defined(_M_ARM) || \ +- defined(_M_ARM64)) ++ defined(_M_ARM64)) && !defined __clang__ # include <intrin.h> # pragma intrinsic(_BitScanForward,_BitScanReverse) __forceinline static int __prBitScanForward32(unsigned int val) @@ -29,15 +29,15 @@ # define PR_HAVE_BUILTIN_BITSCAN32 -#elif ((__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) && \ +#elif defined __GNUC__ && ((__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) && \ - (defined(__i386__) || defined(__x86_64__) || defined(__arm__)) + (defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \ + defined(__aarch64__)) # define pr_bitscan_ctz32(val) __builtin_ctz(val) - # define pr_bitscan_clz32(val) __builtin_clz(val) @@ -136,7 +136,7 @@ */ #if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || \ -- defined(_M_X64) || defined(_M_ARM)) -+ defined(_M_X64) || defined(_M_ARM)) && !defined __clang__ +- defined(_M_X64) || defined(_M_ARM) || defined(_M_ARM64)) ++ defined(_M_X64) || defined(_M_ARM) || defined(_M_ARM64)) && !defined __clang__ #include <stdlib.h> #pragma intrinsic(_rotl, _rotr) #define PR_ROTATE_LEFT32(a, bits) _rotl(a, bits) diff --git a/external/nss/nss-chromium-nss-static.patch b/external/nss/nss-chromium-nss-static.patch deleted file mode 100644 index 9d7a4e4352b1..000000000000 --- a/external/nss/nss-chromium-nss-static.patch +++ /dev/null @@ -1,487 +0,0 @@ -Based on http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/nss/patches/nss-static.patch - ---- a/a/nss/lib/certhigh/certvfy.c Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/certhigh/certvfy.c Fri May 31 17:44:06 2013 -0700 -@@ -13,9 +13,11 @@ - #include "certdb.h" - #include "certi.h" - #include "cryptohi.h" -+#ifndef NSS_DISABLE_LIBPKIX - #include "pkix.h" - /*#include "pkix_sample_modules.h" */ - #include "pkix_pl_cert.h" -+#endif /* NSS_DISABLE_LIBPKIX */ - - - #include "nsspki.h" -@@ -24,6 +26,47 @@ - #include "pki3hack.h" - #include "base.h" - -+#ifdef NSS_DISABLE_LIBPKIX -+SECStatus -+cert_VerifyCertChainPkix( -+ CERTCertificate *cert, -+ PRBool checkSig, -+ SECCertUsage requiredUsage, -+ PRTime time, -+ void *wincx, -+ CERTVerifyLog *log, -+ PRBool *pSigerror, -+ PRBool *pRevoked) -+{ -+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); -+ return SECFailure; -+} -+ -+SECStatus -+CERT_SetUsePKIXForValidation(PRBool enable) -+{ -+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); -+ return SECFailure; -+} -+ -+PRBool -+CERT_GetUsePKIXForValidation() -+{ -+ return PR_FALSE; -+} -+ -+SECStatus CERT_PKIXVerifyCert( -+ CERTCertificate *cert, -+ SECCertificateUsage usages, -+ CERTValInParam *paramsIn, -+ CERTValOutParam *paramsOut, -+ void *wincx) -+{ -+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); -+ return SECFailure; -+} -+#endif /* NSS_DISABLE_LIBPKIX */ -+ - /* - * Check the validity times of a certificate - */ ---- a/a/nss/lib/ckfw/nssck.api Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/ckfw/nssck.api Fri May 31 17:44:06 2013 -0700 -@@ -1752,7 +1752,7 @@ - } - #endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ - --static CK_RV CK_ENTRY -+CK_RV CK_ENTRY - __ADJOIN(MODULE_NAME,C_GetFunctionList) - ( - CK_FUNCTION_LIST_PTR_PTR ppFunctionList -@@ -1830,7 +1830,7 @@ - __ADJOIN(MODULE_NAME,C_WaitForSlotEvent) - }; - --static CK_RV CK_ENTRY -+CK_RV CK_ENTRY - __ADJOIN(MODULE_NAME,C_GetFunctionList) - ( - CK_FUNCTION_LIST_PTR_PTR ppFunctionList -@@ -1840,6 +1840,8 @@ - return CKR_OK; - } - -+#define NSS_STATIC -+#ifndef NSS_STATIC - /* This one is always present */ - CK_RV CK_ENTRY - C_GetFunctionList -@@ -1849,6 +1850,7 @@ - { - return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList); - } -+#endif - - #undef __ADJOIN - ---- a/a/nss/lib/freebl/rsa.c Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/freebl/rsa.c Fri May 31 17:44:06 2013 -0700 -@@ -1559,6 +1559,14 @@ - RSA_Cleanup(); - } - -+#define NSS_STATIC -+#ifdef NSS_STATIC -+void -+BL_Unload(void) -+{ -+} -+#endif -+ - PRBool bl_parentForkedAfterC_Initialize; - - /* ---- a/a/nss/lib/freebl/shvfy.c Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/freebl/shvfy.c Fri May 31 17:44:06 2013 -0700 -@@ -273,9 +273,22 @@ - return SECSuccess; - } - -+/* -+ * Define PSEUDO_FIPS if you can't do FIPS software integrity test (e.g., -+ * if you're using NSS as static libraries), but want to conform to the -+ * rest of the FIPS requirements. -+ */ -+#define NSS_STATIC -+#ifdef NSS_STATIC -+#define PSEUDO_FIPS -+#endif -+ - PRBool - BLAPI_SHVerify(const char *name, PRFuncPtr addr) - { -+#ifdef PSEUDO_FIPS -+ return PR_TRUE; /* a lie, hence *pseudo* FIPS */ -+#else - PRBool result = PR_FALSE; /* if anything goes wrong, - * the signature does not verify */ - /* find our shared library name */ -@@ -291,11 +303,15 @@ - } - - return result; -+#endif /* PSEUDO_FIPS */ - } - - PRBool - BLAPI_SHVerifyFile(const char *shName) - { -+#ifdef PSEUDO_FIPS -+ return PR_TRUE; /* a lie, hence *pseudo* FIPS */ -+#else - char *checkName = NULL; - PRFileDesc *checkFD = NULL; - PRFileDesc *shFD = NULL; -@@ -492,6 +508,7 @@ - } - - return result; -+#endif /* PSEUDO_FIPS */ - } - - PRBool ---- a/a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c Fri May 31 17:44:06 2013 -0700 -@@ -201,7 +201,11 @@ - - typedef SECStatus (*pkix_DecodeCertsFunc)(char *certbuf, int certlen, - CERTImportCertificateFunc f, void *arg); -- -+#define NSS_STATIC -+#ifdef NSS_STATIC -+extern SECStatus CERT_DecodeCertPackage(char* certbuf, int certlen, -+ CERTImportCertificateFunc f, void* arg); -+#endif - - struct pkix_DecodeFuncStr { - pkix_DecodeCertsFunc func; /* function pointer to the -@@ -223,6 +226,11 @@ - */ - static PRStatus PR_CALLBACK pkix_getDecodeFunction(void) - { -+#ifdef NSS_STATIC -+ pkix_decodeFunc.smimeLib = NULL; -+ pkix_decodeFunc.func = CERT_DecodeCertPackage; -+ return PR_SUCCESS; -+#else - pkix_decodeFunc.smimeLib = - PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX); - if (pkix_decodeFunc.smimeLib == NULL) { -@@ -235,7 +243,7 @@ - return PR_FAILURE; - } - return PR_SUCCESS; -- -+#endif - } - - /* ---- a/a/nss/lib/nss/nssinit.c Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/nss/nssinit.c Fri May 31 17:44:06 2013 -0700 -@@ -20,9 +20,11 @@ - #include "secerr.h" - #include "nssbase.h" - #include "nssutil.h" -+#ifndef NSS_DISABLE_LIBPKIX - #include "pkixt.h" - #include "pkix.h" - #include "pkix_tools.h" -+#endif /* NSS_DISABLE_LIBPKIX */ - - #include "pki3hack.h" - #include "certi.h" -@@ -530,8 +532,10 @@ - PRBool dontFinalizeModules) - { - SECStatus rv = SECFailure; -+#ifndef NSS_DISABLE_LIBPKIX - PKIX_UInt32 actualMinorVersion = 0; - PKIX_Error *pkixError = NULL; -+#endif - PRBool isReallyInitted; - char *configStrings = NULL; - char *configName = NULL; -@@ -685,6 +689,7 @@ - pk11sdr_Init(); - cert_CreateSubjectKeyIDHashTable(); - -+#ifndef NSS_DISABLE_LIBPKIX - pkixError = PKIX_Initialize - (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, - PKIX_MINOR_VERSION, &actualMinorVersion, &plContext); -@@ -697,6 +702,7 @@ - CERT_SetUsePKIXForValidation(PR_TRUE); - } - } -+#endif /* NSS_DISABLE_LIBPKIX */ - - - } -@@ -1081,7 +1087,9 @@ - cert_DestroyLocks(); - ShutdownCRLCache(); - OCSP_ShutdownGlobal(); -+#ifndef NSS_DISABLE_LIBPKIX - PKIX_Shutdown(plContext); -+#endif - SECOID_Shutdown(); - status = STAN_Shutdown(); - cert_DestroySubjectKeyIDHashTable(); ---- a/a/nss/lib/pk11wrap/pk11load.c Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/pk11wrap/pk11load.c Fri May 31 17:44:06 2013 -0700 -@@ -318,6 +318,13 @@ - } - } - -+#define NSS_STATIC -+#ifdef NSS_STATIC -+extern CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); -+extern CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); -+extern char **NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args); -+extern CK_RV builtinsC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); -+#else - static const char* my_shlib_name = - SHLIB_PREFIX"nss"SHLIB_VERSION"."SHLIB_SUFFIX; - static const char* softoken_shlib_name = -@@ -326,12 +332,14 @@ - static PRCallOnceType loadSoftokenOnce; - static PRLibrary* softokenLib; - static PRInt32 softokenLoadCount; -+#endif /* NSS_STATIC */ - - #include "prio.h" - #include "prprf.h" - #include <stdio.h> - #include "prsystem.h" - -+#ifndef NSS_STATIC - /* This function must be run only once. */ - /* determine if hybrid platform, then actually load the DSO. */ - static PRStatus -@@ -348,6 +356,7 @@ - } - return PR_FAILURE; - } -+#endif /* !NSS_STATIC */ - - /* - * load a new module into our address space and initialize it. -@@ -366,6 +375,16 @@ - - /* intenal modules get loaded from their internal list */ - if (mod->internal && (mod->dllName == NULL)) { -+#ifdef NSS_STATIC -+ if (mod->isFIPS) { -+ entry = FC_GetFunctionList; -+ } else { -+ entry = NSC_GetFunctionList; -+ } -+ if (mod->isModuleDB) { -+ mod->moduleDBFunc = NSC_ModuleDBFunc; -+ } -+#else - /* - * Loads softoken as a dynamic library, - * even though the rest of NSS assumes this as the "internal" module. -@@ -391,6 +410,7 @@ - mod->moduleDBFunc = (CK_C_GetFunctionList) - PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc"); - } -+#endif - - if (mod->moduleDBOnly) { - mod->loaded = PR_TRUE; -@@ -401,6 +421,15 @@ - if (mod->dllName == NULL) { - return SECFailure; - } -+#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS) -+ if (strstr(mod->dllName, "nssckbi") != NULL) { -+ mod->library = NULL; -+ PORT_Assert(!mod->moduleDBOnly); -+ entry = builtinsC_GetFunctionList; -+ PORT_Assert(!mod->isModuleDB); -+ goto library_loaded; -+ } -+#endif - - /* load the library. If this succeeds, then we have to remember to - * unload the library if anything goes wrong from here on out... -@@ -423,6 +452,9 @@ - mod->moduleDBFunc = (void *) - PR_FindSymbol(library, "NSS_ReturnModuleSpecData"); - } -+#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS) -+library_loaded: -+#endif - if (mod->moduleDBFunc == NULL) mod->isModuleDB = PR_FALSE; - if (entry == NULL) { - if (mod->isModuleDB) { -@@ -562,6 +594,7 @@ - * if not, we should change this to SECFailure and move it above the - * mod->loaded = PR_FALSE; */ - if (mod->internal && (mod->dllName == NULL)) { -+#ifndef NSS_STATIC - if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { - if (softokenLib) { - disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); -@@ -573,12 +606,18 @@ - } - loadSoftokenOnce = pristineCallOnce; - } -+#endif - return SECSuccess; - } - - library = (PRLibrary *)mod->library; - /* paranoia */ - if (library == NULL) { -+#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS) -+ if (strstr(mod->dllName, "nssckbi") != NULL) { -+ return SECSuccess; -+ } -+#endif - return SECFailure; - } - ---- a/a/nss/lib/softoken/lgglue.c Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/softoken/lgglue.c Fri May 31 17:44:06 2013 -0700 -@@ -23,6 +23,8 @@ - static LGAddSecmodFunc legacy_glue_addSecmod = NULL; - static LGShutdownFunc legacy_glue_shutdown = NULL; - -+#define NSS_STATIC -+#ifndef NSS_STATIC - /* - * The following 3 functions duplicate the work done by bl_LoadLibrary. - * We should make bl_LoadLibrary a global and replace the call to -@@ -160,6 +161,7 @@ - - return lib; - } -+#endif /* STATIC LIBRARIES */ - - /* - * stub files for legacy db's to be able to encrypt and decrypt -@@ -272,6 +274,21 @@ - return SECSuccess; - } - -+#ifdef NSS_STATIC -+#ifdef NSS_DISABLE_DBM -+ return SECFailure; -+#else -+ lib = (PRLibrary *) 0x8; -+ -+ legacy_glue_open = legacy_Open; -+ legacy_glue_readSecmod = legacy_ReadSecmodDB; -+ legacy_glue_releaseSecmod = legacy_ReleaseSecmodDBData; -+ legacy_glue_deleteSecmod = legacy_DeleteSecmodDB; -+ legacy_glue_addSecmod = legacy_AddSecmodDB; -+ legacy_glue_shutdown = legacy_Shutdown; -+ setCryptFunction = legacy_SetCryptFunctions; -+#endif -+#else - lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME); - if (lib == NULL) { - return SECFailure; -@@ -297,11 +314,14 @@ - PR_UnloadLibrary(lib); - return SECFailure; - } -+#endif /* NSS_STATIC */ - - /* verify the loaded library if we are in FIPS mode */ - if (isFIPS) { - if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) { -+#ifndef NSS_STATIC - PR_UnloadLibrary(lib); -+#endif - return SECFailure; - } - legacy_glue_libCheckSucceeded = PR_TRUE; -@@ -418,10 +438,12 @@ - #endif - crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize); - } -+#ifndef NSS_STATIC - disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); - if (!disableUnload) { - PR_UnloadLibrary(legacy_glue_lib); - } -+#endif - legacy_glue_lib = NULL; - legacy_glue_open = NULL; - legacy_glue_readSecmod = NULL; ---- a/a/nss/lib/softoken/lgglue.h Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/softoken/lgglue.h Fri May 31 17:44:06 2013 -0700 -@@ -38,6 +38,25 @@ - typedef void (*LGSetForkStateFunc)(PRBool); - typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc); - -+extern CK_RV legacy_Open(const char *dir, const char *certPrefix, -+ const char *keyPrefix, -+ int certVersion, int keyVersion, int flags, -+ SDB **certDB, SDB **keyDB); -+extern char ** legacy_ReadSecmodDB(const char *appName, -+ const char *filename, -+ const char *dbname, char *params, PRBool rw); -+extern SECStatus legacy_ReleaseSecmodDBData(const char *appName, -+ const char *filename, -+ const char *dbname, char **params, PRBool rw); -+extern SECStatus legacy_DeleteSecmodDB(const char *appName, -+ const char *filename, -+ const char *dbname, char *params, PRBool rw); -+extern SECStatus legacy_AddSecmodDB(const char *appName, -+ const char *filename, -+ const char *dbname, char *params, PRBool rw); -+extern SECStatus legacy_Shutdown(PRBool forked); -+extern void legacy_SetCryptFunctions(LGEncryptFunc, LGDecryptFunc); -+ - /* - * Softoken Glue Functions - */ ---- a/a/nss/lib/util/secport.h Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/util/secport.h Fri May 31 17:44:06 2013 -0700 -@@ -210,6 +210,8 @@ - - extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n); - -+#define NSS_STATIC -+#ifndef NSS_STATIC - /* - * Load a shared library called "newShLibName" in the same directory as - * a shared library that is already loaded, called existingShLibName. -@@ -244,6 +245,7 @@ - PORT_LoadLibraryFromOrigin(const char* existingShLibName, - PRFuncPtr staticShLibFunc, - const char *newShLibName); -+#endif /* NSS_STATIC */ - - SEC_END_PROTOS - diff --git a/external/nss/nss-more-static.patch b/external/nss/nss-more-static.patch deleted file mode 100644 index 26948f0be24c..000000000000 --- a/external/nss/nss-more-static.patch +++ /dev/null @@ -1,39 +0,0 @@ ---- a/a/nss/lib/freebl/loader.c -+++ a/a/nss/lib/freebl/loader.c -@@ -114,6 +114,7 @@ - - #include "genload.c" - -+extern FREEBLGetVectorFn FREEBL_GetVector; - /* This function must be run only once. */ - /* determine if hybrid platform, then actually load the DSO. */ - static PRStatus -@@ -136,9 +136,9 @@ - return PR_FAILURE; - } - -- handle = loader_LoadLibrary(name); -- if (handle) { -- PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector"); -+ handle = 0; -+ { -+ PRFuncPtr address = FREEBL_GetVector; - if (address) { - FREEBLGetVectorFn *getVector = (FREEBLGetVectorFn *)address; - const FREEBLVector *dsoVector = getVector(); -@@ -887,6 +887,7 @@ - void - BL_Unload(void) - { -+#if 0 - /* This function is not thread-safe, but doesn't need to be, because it is - * only called from functions that are also defined as not thread-safe, - * namely C_Finalize in softoken, and the SSL bypass shutdown callback called -@@ -905,6 +905,7 @@ - } - blLib = NULL; - loadFreeBLOnce = pristineCallOnce; -+#endif - } - - /* ============== New for 3.003 =============================== */ diff --git a/external/nss/nss.patch b/external/nss/nss.patch index 6219775c2d3c..c367bce9097b 100644 --- a/external/nss/nss.patch +++ b/external/nss/nss.patch @@ -153,16 +153,3 @@ #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public -@@ -89,10 +91,10 @@ - NSPR_CONFIGURE_ENV = CC=gcc CXX=g++ - endif - ifdef CC --NSPR_CONFIGURE_ENV = CC=$(CC) -+NSPR_CONFIGURE_ENV = CC="$(CC) " - endif - ifdef CCC --NSPR_CONFIGURE_ENV += CXX=$(CCC) -+NSPR_CONFIGURE_ENV += CXX="$(CCC) " - endif - # Remove -arch definitions. NSPR can't handle that. - NSPR_CONFIGURE_ENV := $(filter-out -arch x86_64,$(NSPR_CONFIGURE_ENV))
