mir/libreoffice
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nss: upgrade to 3.103

Browse Source 
Add initialize() method to hash class: in PDFWriterImpl::emitTrailer
we need to re-initialize the hash after calling finalize(),
otherwise update() inside writeBuffer will fail with
Assertion failure: rv == SECSuccess, at sechash.c:140
See https://lists.freedesktop.org/archives/libreoffice/2025-March/093075.html

Downloaded from https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_103_RTM/src/nss-3.103-with-nspr-4.35.tar.gz

Change-Id: Iebf144be7bce9f45900b427adedc7465e4b2e4e3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/183075
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
This commit is contained in:
Xisco Fauli
2025-03-18 12:49:20 +01:00
parent a8ce824a21
commit c8bfafbbf8
6 changed files with 37 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
comphelper/source/misc/hash.cxx
View File

@@ -105,9 +105,18 @@ struct HashImpl
} }
} }
mpContext = HASH_Create(getNSSType()); mpContext = HASH_Create(getNSSType());
HASH_Begin(mpContext);
#elif USE_TLS_OPENSSL #elif USE_TLS_OPENSSL
mpContext = EVP_MD_CTX_create(); mpContext = EVP_MD_CTX_create();
#endif
initialize();
}
void initialize()
{
#if USE_TLS_NSS
HASH_Begin(mpContext);
#elif USE_TLS_OPENSSL
EVP_DigestInit_ex(mpContext, getOpenSSLType(), nullptr); EVP_DigestInit_ex(mpContext, getOpenSSLType(), nullptr);
#endif #endif
} }
@@ -143,6 +152,11 @@ void Hash::update(const unsigned char* pInput, size_t length)
#endif #endif
} }
void Hash::initialize()
{
mpImpl->initialize();
}
std::vector<unsigned char> Hash::finalize() std::vector<unsigned char> Hash::finalize()
{ {
std::vector<unsigned char> hash(getLength(), 0); std::vector<unsigned char> hash(getLength(), 0);

4
download.lst
View File

@@ -512,8 +512,8 @@ MYTHES_TARBALL := mythes-1.2.5.tar.xz
# three static lines # three static lines
# so that git cherry-pick # so that git cherry-pick
# will not run into conflicts # will not run into conflicts
NSS_SHA256SUM := ddfdec73fb4b0eedce5fc4de09de9ba14d2ddbfbf67e42372903e1510f2d3d65 NSS_SHA256SUM := 1636c8c85794e779855183997805b6edfe2dfb43cdf5b6cf1934bf16b1b32520
NSS_TARBALL := nss-3.102.1-with-nspr-4.35.tar.gz NSS_TARBALL := nss-3.103-with-nspr-4.35.tar.gz
# three static lines # three static lines
# so that git cherry-pick # so that git cherry-pick
# will not run into conflicts # will not run into conflicts

14
external/nss/nss-android.patch.1 vendored
View File

@@ -41,7 +41,7 @@ diff -ur nss.org/nspr/configure nss/nspr/configure
diff -ur nss.org/nss/Makefile nss/nss/Makefile diff -ur nss.org/nss/Makefile nss/nss/Makefile
--- nss.org/nss/Makefile 2017-09-07 15:29:44.933245745 +0200 --- nss.org/nss/Makefile 2017-09-07 15:29:44.933245745 +0200
+++ nss/nss/Makefile 2017-09-07 15:32:04.347181076 +0200 +++ nss/nss/Makefile 2017-09-07 15:32:04.347181076 +0200
@@ -65,7 +65,7 @@ @@ -67,7 +67,7 @@
ifeq ($(OS_TARGET),Android) ifeq ($(OS_TARGET),Android)
NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) \ NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) \
@@ -50,16 +50,14 @@ diff -ur nss.org/nss/Makefile nss/nss/Makefile
--with-android-version=$(OS_TARGET_RELEASE) \ --with-android-version=$(OS_TARGET_RELEASE) \
--with-android-toolchain=$(ANDROID_TOOLCHAIN) \ --with-android-toolchain=$(ANDROID_TOOLCHAIN) \
--with-android-platform=$(ANDROID_SYSROOT) --with-android-platform=$(ANDROID_SYSROOT)
--- nss/nss/Makefile.orig 2019-11-26 14:52:15.934561202 +0100 @@ -143,7 +143,6 @@
+++ nss/nss/Makefile 2019-11-26 14:52:20.538559612 +0100 ifndef NSS_DISABLE_NSPR_TESTS
@@ -140,7 +140,6 @@
build_nspr: $(NSPR_CONFIG_STATUS) build_nspr: $(NSPR_CONFIG_STATUS)
$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests - $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests
else
install_nspr: build_nspr build_nspr: $(NSPR_CONFIG_STATUS)
$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
--- nss/nss/lib/ckfw/builtins/manifest.mn.orig 2019-11-26 15:18:22.185985193 +0100 --- nss/nss/lib/ckfw/builtins/manifest.mn.orig 2019-11-26 15:18:22.185985193 +0100
+++ nss/nss/lib/ckfw/builtins/manifest.mn 2019-11-26 15:18:29.281982387 +0100 +++ nss/nss/lib/ckfw/builtins/manifest.mn 2019-11-26 15:18:29.281982387 +0100
@@ -5,7 +5,7 @@ @@ -5,7 +5,7 @@

15
external/nss/nss-ios.patch vendored
View File

@@ -16,14 +16,14 @@
endif endif
# #
@@ -140,7 +138,6 @@ @@ -141,7 +143,6 @@
ifndef NSS_DISABLE_NSPR_TESTS
build_nspr: $(NSPR_CONFIG_STATUS) build_nspr: $(NSPR_CONFIG_STATUS)
$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests - $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests
else
install_nspr: build_nspr build_nspr: $(NSPR_CONFIG_STATUS)
$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
--- a/a/nss/lib/ckfw/builtins/manifest.mn --- a/a/nss/lib/ckfw/builtins/manifest.mn
+++ a/a/nss/lib/ckfw/builtins/manifest.mn +++ a/a/nss/lib/ckfw/builtins/manifest.mn
@@ -5,7 +5,7 @@ @@ -5,7 +5,7 @@
@@ -75,7 +75,7 @@
#if defined(_WIN32) #if defined(_WIN32)
if (nssUTF8_Length(mod->dllName, NULL)) { if (nssUTF8_Length(mod->dllName, NULL)) {
wchar_t *dllNameWide = _NSSUTIL_UTF8ToWide(mod->dllName); wchar_t *dllNameWide = _NSSUTIL_UTF8ToWide(mod->dllName);
@@ -507,6 +510,11 @@ @@ -507,6 +510,10 @@
mod->moduleDBFunc = (void *) mod->moduleDBFunc = (void *)
PR_FindSymbol(library, "NSS_ReturnModuleSpecData"); PR_FindSymbol(library, "NSS_ReturnModuleSpecData");
} }
@@ -83,11 +83,10 @@
+ if (strcmp(mod->dllName, "NSSCKBI") == 0) + if (strcmp(mod->dllName, "NSSCKBI") == 0)
+ fentry = NSSCKBI_C_GetFunctionList; + fentry = NSSCKBI_C_GetFunctionList;
+#endif +#endif
+
if (mod->moduleDBFunc == NULL) if (mod->moduleDBFunc == NULL)
mod->isModuleDB = PR_FALSE; mod->isModuleDB = PR_FALSE;
if ((ientry == NULL) && (fentry == NULL)) { if ((ientry == NULL) && (fentry == NULL)) {
@@ -643,10 +651,12 @@ @@ -643,10 +650,12 @@
} }
fail: fail:
mod->functionList = NULL; mod->functionList = NULL;

2
include/comphelper/hash.hxx
View File

@@ -66,6 +66,8 @@ public:
update(rInput.data(), rInput.size()); update(rInput.data(), rInput.size());
} }
void initialize();
std::vector<unsigned char> finalize(); std::vector<unsigned char> finalize();
static std::vector<unsigned char> calculateHash(const unsigned char* pInput, size_t length, HashType eType); static std::vector<unsigned char> calculateHash(const unsigned char* pInput, size_t length, HashType eType);

5
vcl/source/gdi/pdfwriter_impl.cxx
View File

@@ -6179,6 +6179,11 @@ bool PDFWriterImpl::emitTrailer()
aLine.append( "]\n" ); aLine.append( "]\n" );
} }
// After calling m_DocDigest.finalize(), we need to initialize the hash again,
// otherwise, m_DocDigest.update() inside writeBuffer will fail with
// Assertion failure: rv == SECSuccess, at sechash.c:140
m_DocDigest.initialize();
aLine.append( ">>\n" aLine.append( ">>\n"
"startxref\n" ); "startxref\n" );
aLine.append( static_cast<sal_Int64>(nXRefOffset) ); aLine.append( static_cast<sal_Int64>(nXRefOffset) );