bin/check-elf-dynamic-objects | 2 +- configure.ac | 10 +++++++++- m4/libo_externals.m4 | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-)
New commits: commit 0e784a933ae46a938ab47bd91ddb679b66237f3c Author: Michael Stahl <[email protected]> AuthorDate: Thu Aug 12 13:04:54 2021 +0200 Commit: Caolán McNamara <[email protected]> CommitDate: Tue May 17 20:58:05 2022 +0200 tdf#147250 configure: default to --with-system-nss on Linux NSS is very ABI compatible and part of current LSB 5.0 and so it should just work to use the one from the system, i'm not aware of a Linux that doesn't ship it. There used to be some feature patch in external/nss but this was removed years ago, now it just contains build fixes. Problems can occur if a mixture of system and bundled NSS libraries is loaded, if first an old version .so is loaded and then newer version .so depends on it but can't find some required symbol. See for example: https://www.mail-archive.com/[email protected]/msg287043.html Another issue is that e.g. Fedora ships libnsspem.so in the nss-pem package, which may cause trouble in ASAN builds, where the internal NSS is built to call __asan_poison_memory_region but the system libnss-pem.so doesn't call __asan_unpoison_memory_region so we get: ==2568944==ERROR: AddressSanitizer: use-after-poison on address 0x61d0019afab0 WRITE of size 192 at 0x61d0019afab0 thread T28 (utl::Moderator) 0 in __interceptor_memset.part.0 (instdir/program/soffice.bin+0x466460) 1 (/lib64/libnsspem.so+0x15f3d) 2 (/lib64/libnsspem.so+0x16185) 3 (/lib64/libnsspem.so+0x8a9b) 4 (/lib64/libnsspem.so+0xe13b) 5 in secmod_ModuleInit workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11load.c:244:11 .. 21 in curl_easy_perform workdir/UnpackedTarball/curl/lib/easy.c:715:10 Also, with system NSS, things like p11-kit integration become responsibility of the OS. Change-Id: I50caedd46914dd5d6905c5d32d44a599cd78119e Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120388 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 0028266e34a683b1650410cee65dac502e304c9f) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134293 Reviewed-by: Caolán McNamara <[email protected]> diff --git a/bin/check-elf-dynamic-objects b/bin/check-elf-dynamic-objects index 523a892e4259..712856d1104c 100755 --- a/bin/check-elf-dynamic-objects +++ b/bin/check-elf-dynamic-objects @@ -88,7 +88,7 @@ programfiles=$(echo ${files} | grep -o '/program/[^/]* ' | xargs -n 1 basename) # of maintaining ABI stability # allow extending the allowlist using the environment variable to be able to work # on the installer stuff without the need for a baseline setup -globalallowlist="ld-linux-x86-64.so.2 ld-linux.so.2 libc.so.6 libm.so.6 libdl.so.2 libpthread.so.0 librt.so.1 libutil.so.1 libnsl.so.1 libcrypt.so.1 libgcc_s.so.1 libstdc++.so.6 libz.so.1 libfontconfig.so.1 libfreetype.so.6 libxml2.so.2 libxslt.so.1 libexslt.so.0 ${LO_ELFCHECK_ALLOWLIST-}" +globalallowlist="ld-linux-x86-64.so.2 ld-linux.so.2 libc.so.6 libm.so.6 libdl.so.2 libpthread.so.0 librt.so.1 libutil.so.1 libnsl.so.1 libcrypt.so.1 libgcc_s.so.1 libstdc++.so.6 libz.so.1 libfontconfig.so.1 libfreetype.so.6 libxml2.so.2 libxslt.so.1 libexslt.so.0 libnspr4.so libnss3.so libnssutil3.so libplc4.so libplds4.so libsmime3.so libssl3.so ${LO_ELFCHECK_ALLOWLIST-}" x11allowlist="libX11.so.6 libX11-xcb.so.1 libXext.so.6 libSM.so.6 libICE.so.6 libXinerama.so.1 libXrender.so.1 libXrandr.so.2 libcairo.so.2" openglallowlist="libGL.so.1" gobjectallowlist="libgobject-2.0.so.0 libglib-2.0.so.0" diff --git a/configure.ac b/configure.ac index 0be3513046e5..4d30f78d7747 100644 --- a/configure.ac +++ b/configure.ac @@ -10473,7 +10473,15 @@ dnl =================================================================== dnl Check for system NSS dnl =================================================================== if test "$enable_fuzzers" != "yes" -a "$enable_nss" = "yes"; then - libo_CHECK_SYSTEM_MODULE([nss],[NSS],[nss >= 3.9.3 nspr >= 4.8]) + libo_CHECK_SYSTEM_MODULE([nss],[NSS],[nss >= 3.9.3 nspr >= 4.8],,,[ + case "$_os" in + Linux) + with_system_nss=yes + ;; + *) + with_system_nss=no + ;; + esac]) AC_DEFINE(HAVE_FEATURE_NSS) ENABLE_NSS=TRUE elif test $_os != iOS ; then diff --git a/m4/libo_externals.m4 b/m4/libo_externals.m4 index f755358bb395..659b539dc539 100644 --- a/m4/libo_externals.m4 +++ b/m4/libo_externals.m4 @@ -10,7 +10,7 @@ AC_DEFUN([libo_CHECK_SYSTEM_MODULE], [ AC_ARG_WITH(system-$1, AS_HELP_STRING([--with-system-$1], [Use $1 from operating system instead of building and bundling it.]),, - [with_system_$1="$with_system_libs"]) + ifelse([$6],,[with_system_$1="$with_system_libs"],[[$6]])) AC_MSG_CHECKING([which $1 to use]) if test "$with_system_$1" = "yes"; then AC_MSG_RESULT([external])
