From ed5640d8b587fbcfed7dd7967f3de04b37a76f26 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 11:06:44 +0200 Subject: Adding upstream version 4:7.4.7. Signed-off-by: Daniel Baumann --- external/nss/ExternalPackage_nss.mk | 67 +++++ external/nss/ExternalProject_nss.mk | 103 +++++++ external/nss/Makefile | 7 + external/nss/Module_nss.mk | 18 ++ external/nss/README | 37 +++ external/nss/UnpackedTarball_nss.mk | 49 ++++ external/nss/asan.patch.1 | 12 + external/nss/clang-cl.patch.0 | 122 +++++++++ external/nss/macos-dlopen.patch.0 | 25 ++ external/nss/nsinstall.py | 169 ++++++++++++ external/nss/nss-android.patch.1 | 93 +++++++ external/nss/nss-bz1646594.patch.1 | 15 ++ external/nss/nss-ios.patch | 300 +++++++++++++++++++++ .../nss-restore-manual-pre-dependencies.patch.1 | 83 ++++++ external/nss/nss-win32-make.patch.1 | 20 ++ external/nss/nss.aix.patch | 140 ++++++++++ external/nss/nss.bzmozilla1238154.patch | 12 + external/nss/nss.cygwin64.in32bit.patch | 14 + external/nss/nss.nowerror.patch | 12 + external/nss/nss.patch | 155 +++++++++++ external/nss/nss.utf8bom.patch.1 | 21 ++ external/nss/nss.vs2015.patch | 12 + external/nss/nss.vs2015.pdb.patch | 22 ++ external/nss/nss.windows.patch | 33 +++ external/nss/nss_macosx.patch | 90 +++++++ external/nss/ubsan.patch.0 | 38 +++ 26 files changed, 1669 insertions(+) create mode 100644 external/nss/ExternalPackage_nss.mk create mode 100644 external/nss/ExternalProject_nss.mk create mode 100644 external/nss/Makefile create mode 100644 external/nss/Module_nss.mk create mode 100644 external/nss/README create mode 100644 external/nss/UnpackedTarball_nss.mk create mode 100644 external/nss/asan.patch.1 create mode 100644 external/nss/clang-cl.patch.0 create mode 100644 external/nss/macos-dlopen.patch.0 create mode 100644 external/nss/nsinstall.py create mode 100644 external/nss/nss-android.patch.1 create mode 100644 external/nss/nss-bz1646594.patch.1 create mode 100644 external/nss/nss-ios.patch create mode 100644 external/nss/nss-restore-manual-pre-dependencies.patch.1 create mode 100644 external/nss/nss-win32-make.patch.1 create mode 100644 external/nss/nss.aix.patch create mode 100644 external/nss/nss.bzmozilla1238154.patch create mode 100644 external/nss/nss.cygwin64.in32bit.patch create mode 100644 external/nss/nss.nowerror.patch create mode 100644 external/nss/nss.patch create mode 100644 external/nss/nss.utf8bom.patch.1 create mode 100644 external/nss/nss.vs2015.patch create mode 100644 external/nss/nss.vs2015.pdb.patch create mode 100644 external/nss/nss.windows.patch create mode 100644 external/nss/nss_macosx.patch create mode 100644 external/nss/ubsan.patch.0 (limited to 'external/nss') diff --git a/external/nss/ExternalPackage_nss.mk b/external/nss/ExternalPackage_nss.mk new file mode 100644 index 000000000..2b15fc3eb --- /dev/null +++ b/external/nss/ExternalPackage_nss.mk @@ -0,0 +1,67 @@ +# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*- +# +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# + +$(eval $(call gb_ExternalPackage_ExternalPackage,nss,nss)) + +$(eval $(call gb_ExternalPackage_use_external_project,nss,nss)) + +ifeq ($(OS),iOS) +# nothing... +else ifeq ($(OS),MACOSX) +$(eval $(call gb_ExternalPackage_add_files,nss,$(LIBO_LIB_FOLDER),\ + dist/out/lib/libfreebl3.dylib \ + dist/out/lib/libnspr4.dylib \ + dist/out/lib/libnss3.dylib \ + dist/out/lib/libnssckbi.dylib \ + dist/out/lib/libnssdbm3.dylib \ + dist/out/lib/libnssutil3.dylib \ + dist/out/lib/libplc4.dylib \ + dist/out/lib/libplds4.dylib \ + dist/out/lib/libsmime3.dylib \ + dist/out/lib/libsoftokn3.dylib \ + dist/out/lib/libssl3.dylib \ +)) +else ifeq ($(OS),WNT) +$(eval $(call gb_ExternalPackage_add_files,nss,$(LIBO_LIB_FOLDER),\ + dist/out/lib/freebl3.dll \ + dist/out/lib/nspr4.dll \ + dist/out/lib/nss3.dll \ + dist/out/lib/nssckbi.dll \ + dist/out/lib/nssdbm3.dll \ + dist/out/lib/nssutil3.dll \ + dist/out/lib/plc4.dll \ + dist/out/lib/plds4.dll \ + dist/out/lib/smime3.dll \ + dist/out/lib/softokn3.dll \ + dist/out/lib/sqlite3.dll \ + dist/out/lib/ssl3.dll \ +)) +else # OS!=WNT/MACOSX +$(eval $(call gb_ExternalPackage_add_files,nss,$(LIBO_LIB_FOLDER),\ + dist/out/lib/libfreebl3.so \ + dist/out/lib/libnspr4.so \ + dist/out/lib/libnss3.so \ + dist/out/lib/libnssckbi.so \ + dist/out/lib/libnssdbm3.so \ + dist/out/lib/libnssutil3.so \ + dist/out/lib/libplc4.so \ + dist/out/lib/libplds4.so \ + dist/out/lib/libsmime3.so \ + dist/out/lib/libsoftokn3.so \ + dist/out/lib/libssl3.so \ + dist/out/lib/libsqlite3.so \ +)) +endif +ifeq ($(OS),LINUX) +$(eval $(call gb_ExternalPackage_add_files,nss,$(LIBO_LIB_FOLDER),\ + dist/out/lib/libfreeblpriv3.so \ +)) +endif + +# vim: set noet sw=4 ts=4: diff --git a/external/nss/ExternalProject_nss.mk b/external/nss/ExternalProject_nss.mk new file mode 100644 index 000000000..ee3c7839f --- /dev/null +++ b/external/nss/ExternalProject_nss.mk @@ -0,0 +1,103 @@ +# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*- +# +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# + +$(eval $(call gb_ExternalProject_ExternalProject,nss)) + +# nss build calls configure for nspr itself - if for some reason the configure step should be split out, +# make sure to create config.status (aka run configure) in dir specified with OBJDIR_NAME (nspr/out) +$(eval $(call gb_ExternalProject_register_targets,nss,\ + build \ +)) + +$(eval $(call gb_ExternalProject_use_externals,nss,\ + zlib \ +)) + +ifeq ($(OS),WNT) +$(call gb_ExternalProject_get_state_target,nss,build): \ + $(call gb_ExternalExecutable_get_dependencies,python) \ + $(SRCDIR)/external/nss/nsinstall.py + $(call gb_Trace_StartRange,nss,EXTERNAL) + $(call gb_ExternalProject_run,build,\ + $(if $(MSVC_USE_DEBUG_RUNTIME),USE_DEBUG_RTL=1,BUILD_OPT=1) \ + $(if $(gb_Module_CURRENTMODULE_SYMBOLS_ENABLED), \ + MOZ_DEBUG_SYMBOLS=1 \ + MOZ_DEBUG_FLAGS=" " \ + OPT_CODE_SIZE=0) \ + OS_TARGET=WIN95 \ + USE_SYSTEM_ZLIB=1 \ + $(if $(filter X86_64,$(CPUNAME)),USE_64=1) \ + $(if $(filter AARCH64,$(CPUNAME)),USE_64=1 CPU_ARCH=aarch64) \ + LIB="$(ILIB)" \ + XCFLAGS="$(SOLARINC) $(ZLIB_CFLAGS)" \ + NSPR_CONFIGURE_OPTS="$(gb_CONFIGURE_PLATFORMS)" \ + $(if $(CROSS_COMPILING),\ + CROSS_COMPILE=1 \ + $(if $(filter AARCH64,$(CPUNAME)),CPU_ARCH=aarch64)) \ + $(MAKE) nss_build_all RC="rc.exe $(SOLARINC)" \ + NSINSTALL='$(call gb_ExternalExecutable_get_command,python) $(SRCDIR)/external/nss/nsinstall.py' \ + NSS_DISABLE_GTESTS=1 \ + CCC="$(CXX)" \ + ,nss) + $(call gb_Trace_EndRange,nss,EXTERNAL) + +else # OS!=WNT +# make sure to specify NSPR_CONFIGURE_OPTS as env (before make command), so nss can append it's own defaults +# OTOH specify e.g. CC and NSINSTALL as arguments (after make command), so they will overrule nss makefile values +$(call gb_ExternalProject_get_state_target,nss,build): \ + $(call gb_ExternalExecutable_get_dependencies,python) \ + $(SRCDIR)/external/nss/nsinstall.py + $(call gb_Trace_StartRange,nss,EXTERNAL) + $(call gb_ExternalProject_run,build,\ + $(if $(filter ANDROID FREEBSD LINUX MACOSX,$(OS)),$(if $(filter X86_64,$(CPUNAME)),USE_64=1)) \ + $(if $(filter AARCH64,$(CPUNAME)),USE_64=1 CPU_ARCH=aarch64) \ + $(if $(filter POWERPC64,$(CPUNAME)),USE_64=1 CPU_ARCH=ppc64le) \ + $(if $(filter MACOSX,$(OS)),\ + MACOS_SDK_DIR=$(MACOSX_SDK_PATH) \ + NSS_USE_SYSTEM_SQLITE=1) \ + $(if $(filter LINUX,$(OS)),$(if $(ENABLE_DBGUTIL),,BUILD_OPT=1)) \ + $(if $(filter SOLARIS,$(OS)),NS_USE_GCC=1) \ + $(if $(filter ARM,$(CPUNAME)),NSS_DISABLE_ARM32_NEON=1) \ + NSPR_CONFIGURE_OPTS="$(gb_CONFIGURE_PLATFORMS)" \ + $(if $(CROSS_COMPILING),CROSS_COMPILE=1) \ + $(if $(filter MACOSX-X86_64-arm64,$(OS)-$(CPUNAME)-$(shell uname -m)), \ + CPU_ARCH=x86_64) \ + NSDISTMODE=copy \ + $(MAKE) \ + AR="$(AR)" \ + RANLIB="$(RANLIB)" \ + NMEDIT="$(NM)edit" \ + COMMA=$(COMMA) \ + CC="$(CC)$(if $(filter iOS,$(OS)), -DNSS_STATIC_SOFTOKEN=1 -DNSS_STATIC_FREEBL=1 -DNSS_STATIC_PKCS11=1)$(if $(filter ANDROID,$(OS)), -D_PR_NO_LARGE_FILES=1 -DSQLITE_DISABLE_LFS=1)" CCC="$(CXX)" \ + $(if $(CROSS_COMPILING),NSINSTALL="$(if $(filter MACOSX,$(OS_FOR_BUILD)),xcrun python3,$(call gb_ExternalExecutable_get_command,python)) $(SRCDIR)/external/nss/nsinstall.py") \ + $(if $(filter ANDROID,$(OS)),OS_TARGET=Android OS_TARGET_RELEASE=16 ARCHFLAG="" DEFAULT_COMPILER=clang ANDROID_NDK=$(ANDROID_NDK_DIR) ANDROID_TOOLCHAIN_VERSION=$(ANDROID_GCC_TOOLCHAIN_VERSION) ANDROID_PREFIX=$(HOST_PLATFORM) ANDROID_SYSROOT=$(ANDROID_NDK_DIR)/sysroot ANDROID_TOOLCHAIN=$(ANDROID_BINUTILS_PREBUILT_ROOT)) \ + NSS_DISABLE_GTESTS=1 \ + nss_build_all \ + && rm -f $(call gb_UnpackedTarball_get_dir,nss)/dist/out/lib/*.a \ + $(if $(filter MACOSX,$(OS)),\ + && chmod u+w $(call gb_UnpackedTarball_get_dir,nss)/dist/out/lib/*.dylib \ + && $(PERL) \ + $(SRCDIR)/solenv/bin/macosx-change-install-names.pl shl OOO \ + $(EXTERNAL_WORKDIR)/dist/out/lib/libfreebl3.dylib \ + $(EXTERNAL_WORKDIR)/dist/out/lib/libnspr4.dylib \ + $(EXTERNAL_WORKDIR)/dist/out/lib/libnss3.dylib \ + $(EXTERNAL_WORKDIR)/dist/out/lib/libnssckbi.dylib \ + $(EXTERNAL_WORKDIR)/dist/out/lib/libnssdbm3.dylib \ + $(EXTERNAL_WORKDIR)/dist/out/lib/libnssutil3.dylib \ + $(EXTERNAL_WORKDIR)/dist/out/lib/libplc4.dylib \ + $(EXTERNAL_WORKDIR)/dist/out/lib/libplds4.dylib \ + $(EXTERNAL_WORKDIR)/dist/out/lib/libsmime3.dylib \ + $(EXTERNAL_WORKDIR)/dist/out/lib/libsoftokn3.dylib \ + $(EXTERNAL_WORKDIR)/dist/out/lib/libssl3.dylib) \ + ,nss) + $(call gb_Trace_EndRange,nss,EXTERNAL) + +endif + +# vim: set noet sw=4 ts=4: diff --git a/external/nss/Makefile b/external/nss/Makefile new file mode 100644 index 000000000..e4968cf85 --- /dev/null +++ b/external/nss/Makefile @@ -0,0 +1,7 @@ +# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*- + +module_directory:=$(dir $(realpath $(firstword $(MAKEFILE_LIST)))) + +include $(module_directory)/../../solenv/gbuild/partial_build.mk + +# vim: set noet sw=4 ts=4: diff --git a/external/nss/Module_nss.mk b/external/nss/Module_nss.mk new file mode 100644 index 000000000..eae9e9524 --- /dev/null +++ b/external/nss/Module_nss.mk @@ -0,0 +1,18 @@ +# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*- +# +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# + +$(eval $(call gb_Module_Module,nss)) + +$(eval $(call gb_Module_add_targets,nss,\ + UnpackedTarball_nss \ + ExternalPackage_nss \ + ExternalProject_nss \ +)) + +# vim: set noet sw=4 ts=4: diff --git a/external/nss/README b/external/nss/README new file mode 100644 index 000000000..6997cea6c --- /dev/null +++ b/external/nss/README @@ -0,0 +1,37 @@ +Contains the Network Security Services (NSS) libraries from Mozilla + +== Fips 140 and signed libraries == + +Fips 140 mode is not supported. That is, the *.chk files containing the +checksums for the cryptographic module are not delivered into instdir and will +not be part of the OOo installation sets. + +Signing has been turned off because +- we change the rpath (install names) after signing which breaks the signatures +(Mac) +- sqlite conflicts with the system sqlite when signing which breaks the build + +See also +[https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6] + +== libsqlite3 == + +With all supported macOS SDK we use +NSS_USE_SYSTEM_SQLITE=1 +to build using the system sqlite. + +== system NSS on Linux == + +Note that different Linux distributions use different SONAMEs for the +NSS libraries, so it is not possible to use --with-system-nss and build +a portable generic LO installation set, despite NSS upstream apparently +maintaining ABI compatibility. + +Debian Squeeze: +0x000000000000000e (SONAME) Library soname: [libnss3.so.1d] +Fedora 20: +0x000000000000000e (SONAME) Library soname: [libnss3.so] + +For the record, the LSB specified SONAME is libnss3.so +http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/libnss3.html + diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk new file mode 100644 index 000000000..ab64f95de --- /dev/null +++ b/external/nss/UnpackedTarball_nss.mk @@ -0,0 +1,49 @@ +# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*- +# +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# + +$(eval $(call gb_UnpackedTarball_UnpackedTarball,nss)) + +$(eval $(call gb_UnpackedTarball_set_tarball,nss,$(NSS_TARBALL))) + +$(eval $(call gb_UnpackedTarball_update_autoconf_configs,nss,nspr/build/autoconf)) + +$(eval $(call gb_UnpackedTarball_add_patches,nss,\ + external/nss/nss.patch \ + external/nss/nss.aix.patch \ + external/nss/nss_macosx.patch \ + external/nss/nss-win32-make.patch.1 \ + external/nss/ubsan.patch.0 \ + external/nss/clang-cl.patch.0 \ + external/nss/nss.vs2015.patch \ + external/nss/nss.vs2015.pdb.patch \ + external/nss/nss.bzmozilla1238154.patch \ + external/nss/nss-bz1646594.patch.1 \ + external/nss/macos-dlopen.patch.0 \ + external/nss/nss-restore-manual-pre-dependencies.patch.1 \ + $(if $(filter iOS,$(OS)), \ + external/nss/nss-ios.patch) \ + $(if $(filter ANDROID,$(OS)), \ + external/nss/nss-android.patch.1) \ + $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \ + external/nss/nss.cygwin64.in32bit.patch) \ + $(if $(filter WNT,$(OS)), \ + external/nss/nss.windows.patch \ + external/nss/nss.nowerror.patch \ + external/nss/nss.utf8bom.patch.1) \ +)) + +ifeq ($(COM_IS_CLANG),TRUE) +ifneq ($(filter -fsanitize=%,$(CC)),) +$(eval $(call gb_UnpackedTarball_add_patches,nss,\ + external/nss/asan.patch.1 \ +)) +endif +endif + +# vim: set noet sw=4 ts=4: diff --git a/external/nss/asan.patch.1 b/external/nss/asan.patch.1 new file mode 100644 index 000000000..ccabd446e --- /dev/null +++ b/external/nss/asan.patch.1 @@ -0,0 +1,12 @@ +diff -ur nss.org/nss/coreconf/Linux.mk nss/nss/coreconf/Linux.mk +--- nss.org/nss/coreconf/Linux.mk 2014-05-06 04:36:01.817838877 +0200 ++++ nss/nss/coreconf/Linux.mk 2014-05-06 04:37:25.387835456 +0200 +@@ -157,7 +157,7 @@ + # we don't use -z defs there. + # Also, -z defs conflicts with Address Sanitizer, which emits relocations + # against the libsanitizer runtime built into the main executable. +-ZDEFS_FLAG = -Wl,-z,defs ++ZDEFS_FLAG = + DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG)) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN') + LDFLAGS += $(ARCHFLAG) -z noexecstack + diff --git a/external/nss/clang-cl.patch.0 b/external/nss/clang-cl.patch.0 new file mode 100644 index 000000000..e20aab3b9 --- /dev/null +++ b/external/nss/clang-cl.patch.0 @@ -0,0 +1,122 @@ +# "#pragma deprecated" and "#pragma intrinsic" not (yet?) handled in the "if +# (LangOpts.MicrosoftExt)" block in Preprocessor::RegisterBuiltinPragmas in +# Clang's lib/Lex/Pragma.cpp: +--- nspr/pr/include/pratom.h ++++ nspr/pr/include/pratom.h +@@ -83,7 +83,7 @@ + + #include + +-#ifdef _MSC_VER ++#if defined _WIN32 && !defined __clang__ + #pragma intrinsic(_InterlockedIncrement) + #pragma intrinsic(_InterlockedDecrement) + #pragma intrinsic(_InterlockedExchange) +--- nspr/pr/include/prbit.h ++++ nspr/pr/include/prbit.h +@@ -15,7 +15,7 @@ + */ + #if defined(_WIN32) && (_MSC_VER >= 1300) && \ + (defined(_M_IX86) || defined(_M_X64) || defined(_M_ARM) || \ +- defined(_M_ARM64)) ++ defined(_M_ARM64)) && !defined __clang__ + # include + # pragma intrinsic(_BitScanForward,_BitScanReverse) + __forceinline static int __prBitScanForward32(unsigned int val) +@@ -33,7 +33,7 @@ + # define pr_bitscan_ctz32(val) __prBitScanForward32(val) + # define pr_bitscan_clz32(val) __prBitScanReverse32(val) + # define PR_HAVE_BUILTIN_BITSCAN32 +-#elif ((__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) && \ ++#elif defined __GNUC__ && ((__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) && \ + (defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \ + defined(__aarch64__)) + # define pr_bitscan_ctz32(val) __builtin_ctz(val) +@@ -138,7 +138,7 @@ + */ + + #if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || \ +- defined(_M_X64) || defined(_M_ARM) || defined(_M_ARM64)) ++ defined(_M_X64) || defined(_M_ARM) || defined(_M_ARM64)) && !defined __clang__ + #include + #pragma intrinsic(_rotl, _rotr) + #define PR_ROTATE_LEFT32(a, bits) _rotl(a, bits) +--- nss/lib/certdb/certdb.h ++++ nss/lib/certdb/certdb.h +@@ -21,7 +21,7 @@ + /* On Windows, Mac, and Linux (and other gcc platforms), we can give compile + * time deprecation warnings when applications use the old CERTDB_VALID_PEER + * define */ +-#if __GNUC__ > 3 ++#if defined __GNUC__ && __GNUC__ > 3 + #if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5) + typedef unsigned int __CERTDB_VALID_PEER __attribute__((deprecated)); + #else +@@ -30,7 +30,7 @@ + #endif + #define CERTDB_VALID_PEER ((__CERTDB_VALID_PEER)CERTDB_TERMINAL_RECORD) + #else +-#ifdef _WIN32 ++#if defined _WIN32 && !defined __clang__ + #pragma deprecated(CERTDB_VALID_PEER) + #endif + #define CERTDB_VALID_PEER CERTDB_TERMINAL_RECORD +--- nss/lib/freebl/blapit.h ++++ nss/lib/freebl/blapit.h +@@ -53,7 +53,7 @@ + * Mark the old defines as deprecated. This will warn code that expected + * DSA1 only that they need to change if the are to support DSA2. + */ +-#if defined(__GNUC__) && (__GNUC__ > 3) ++#if defined(__GNUC__) && (__GNUC__ > 3) || defined __clang__ + /* make GCC warn when we use these #defines */ + typedef int __BLAPI_DEPRECATED __attribute__((deprecated)); + #define DSA_SUBPRIME_LEN ((__BLAPI_DEPRECATED)DSA1_SUBPRIME_LEN) +--- nss/lib/util/pkcs11n.h ++++ nss/lib/util/pkcs11n.h +@@ -563,7 +563,7 @@ + /* keep the old value for compatibility reasons*/ + #define CKT_NSS_MUST_VERIFY ((__CKT_NSS_MUST_VERIFY)(CKT_NSS + 4)) + #else +-#ifdef _WIN32 ++#if defined _WIN32 && !defined __clang__ + /* This magic gets the windows compiler to give us a deprecation + * warning */ + #pragma deprecated(CKT_NSS_UNTRUSTED, CKT_NSS_MUST_VERIFY, CKT_NSS_VALID) + +# While MSVC uses +# #pragma warning(disable : 4103) +# in the inner pkcs11p.h, clang-cl wants +# #pragma clang diagnostic ignored "-Wpragma-pack" +# in the outer pkcs11t.h: +--- nss/lib/util/pkcs11t.h ++++ nss/lib/util/pkcs11t.h +@@ -78,7 +78,14 @@ + #define CK_INVALID_HANDLE 0 + + /* pack */ ++#if defined __clang__ && defined _MSC_VER ++#pragma clang diagnostic push ++#pragma clang diagnostic ignored "-Wpragma-pack" ++#endif + #include "pkcs11p.h" ++#if defined __clang__ && defined _MSC_VER ++#pragma clang diagnostic pop ++#endif + + typedef struct CK_VERSION { + CK_BYTE major; /* integer portion of version number */ +@@ -2586,6 +2593,13 @@ + #include "pkcs11n.h" + + /* undo packing */ ++#if defined __clang__ && defined _MSC_VER ++#pragma clang diagnostic push ++#pragma clang diagnostic ignored "-Wpragma-pack" ++#endif + #include "pkcs11u.h" ++#if defined __clang__ && defined _MSC_VER ++#pragma clang diagnostic pop ++#endif + + #endif diff --git a/external/nss/macos-dlopen.patch.0 b/external/nss/macos-dlopen.patch.0 new file mode 100644 index 000000000..e8abc8f59 --- /dev/null +++ b/external/nss/macos-dlopen.patch.0 @@ -0,0 +1,25 @@ +--- nspr/pr/src/linking/prlink.c ++++ nspr/pr/src/linking/prlink.c +@@ -555,7 +555,7 @@ + * The reason is that DARWIN's dlopen ignores the provided path + * and checks for the plain filename in DYLD_LIBRARY_PATH, + * which could load an unexpected version of a library. */ +- if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL) { ++ if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL || strncmp(name, "@loader_path/", 13) == 0) { + /* no slash, allow to load from any location */ + okToLoad = PR_TRUE; + } else { +--- nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c ++++ nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c +@@ -224,7 +224,11 @@ + static PRStatus PR_CALLBACK pkix_getDecodeFunction(void) + { + pkix_decodeFunc.smimeLib = ++#if defined DARWIN ++ PR_LoadLibrary("@loader_path/" SHLIB_PREFIX"smime3."SHLIB_SUFFIX); ++#else + PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX); ++#endif + if (pkix_decodeFunc.smimeLib == NULL) { + return PR_FAILURE; + } diff --git a/external/nss/nsinstall.py b/external/nss/nsinstall.py new file mode 100644 index 000000000..d90a85e6c --- /dev/null +++ b/external/nss/nsinstall.py @@ -0,0 +1,169 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is Mozilla. +# +# The Initial Developer of the Original Code is +# the Mozilla Foundation. +# Portions created by the Initial Developer are Copyright (C) 2007 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Axel Hecht +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +# This is a partial python port of nsinstall. +# It's intended to be used when there's no natively compile nsinstall +# available, and doesn't intend to be fully equivalent. +# Its major use is for l10n repackaging on systems that don't have +# a full build environment set up. +# The basic limitation is, it doesn't even try to link and ignores +# all related options. + +from optparse import OptionParser +import os +import os.path +import sys +import shutil + +def nsinstall(argv): + usage = "usage: %prog [options] arg1 [arg2 ...] target-directory" + p = OptionParser(usage=usage) + + p.add_option('-D', action="store_true", + help="Create a single directory only") + p.add_option('-t', action="store_true", + help="Preserve time stamp") + p.add_option('-m', action="store", + help="Set mode", metavar="mode") + p.add_option('-d', action="store_true", + help="Create directories in target") + p.add_option('-R', action="store_true", + help="Use relative symbolic links (ignored)") + p.add_option('-l', action="store_true", + help="Create link (ignored)") + p.add_option('-L', action="store", metavar="linkprefix", + help="Link prefix (ignored)") + + # The remaining arguments are not used in our tree, thus they're not + # implented. + def BadArg(option, opt, value, parser): + parser.error('option not supported: %s' % opt) + + p.add_option('-C', action="callback", metavar="CWD", + callback=BadArg, + help="NOT SUPPORTED") + p.add_option('-o', action="callback", callback=BadArg, + help="Set owner (NOT SUPPORTED)", metavar="owner") + p.add_option('-g', action="callback", callback=BadArg, + help="Set group (NOT SUPPORTED)", metavar="group") + + (options, args) = p.parse_args(argv) + + if options.m: + # mode is specified + try: + options.m = int(options.m, 8) + # I have no idea why nss insists on using this mode for installed headers. + # It causes problems with updating the files during a rebuild. + if options.m == 0o444: + options.m = 0o644 + except: + sys.stderr.write('nsinstall: ' + options.m + ' is not a valid mode\n') + return 1 + + # just create one directory? + if options.D: + if len(args) != 1: + return 1 + try: + if options.m: + os.makedirs(args[0], options.m) + else: + os.makedirs(args[0]) + except FileExistsError: + if not os.path.isdir(args[0]): + sys.stderr.write('nsinstall: ' + args[0] + ' is not a directory\n') + sys.exit(1) + if options.m: + os.chmod(args[0], options.m) + return 0 + + # nsinstall arg1 [...] directory + if len(args) < 2: + p.error('not enough arguments') + + def copy_all_entries(entries, target): + for e in entries: + dest = os.path.join(target, + os.path.basename(os.path.normpath(e))) + handleTarget(e, dest) + if options.m: + os.chmod(dest, options.m) + + # set up handler + if options.d: + # we're supposed to create directories + def handleTarget(srcpath, targetpath): + # target directory was already created, just use mkdir + os.mkdir(targetpath) + else: + # we're supposed to copy files + def handleTarget(srcpath, targetpath): + if os.path.isdir(srcpath): + if not os.path.exists(targetpath): + os.mkdir(targetpath) + entries = [os.path.join(srcpath, e) for e in os.listdir(srcpath)] + copy_all_entries(entries, targetpath) + # options.t is not relevant for directories + if options.m: + os.chmod(targetpath, options.m) + elif options.t: + if os.path.exists(targetpath): + os.remove(targetpath) + shutil.copy2(srcpath, targetpath) + else: + if os.path.exists(targetpath): + os.chmod(targetpath, 0o755) + os.remove(targetpath) + shutil.copy(srcpath, targetpath) + + # the last argument is the target directory + target = args.pop() + # ensure target directory + if not os.path.isdir(target): + try: + os.makedirs(target) + except FileExistsError: + if not os.path.isdir(target): + sys.stderr.write('nsinstall: ' + target + ' is not a directoy!\n') + return 1 + + copy_all_entries(args, target) + return 0 + +if __name__ == '__main__': + sys.exit(nsinstall(sys.argv[1:])) diff --git a/external/nss/nss-android.patch.1 b/external/nss/nss-android.patch.1 new file mode 100644 index 000000000..707fcf99a --- /dev/null +++ b/external/nss/nss-android.patch.1 @@ -0,0 +1,93 @@ +diff -ur nss.org/nspr/build/autoconf/config.sub nss/nspr/build/autoconf/config.sub +--- nss.org/nspr/build/autoconf/config.sub 2017-09-07 15:29:45.031246453 +0200 ++++ nss/nspr/build/autoconf/config.sub 2017-09-07 15:32:13.087235423 +0200 +@@ -110,6 +110,11 @@ + exit 1;; + esac + ++if test $1 = "arm-unknown-linux-androideabi"; then echo $1; exit; fi ++if test $1 = "aarch64-unknown-linux-android"; then echo $1; exit; fi ++if test $1 = "i686-pc-linux-android"; then echo $1; exit; fi ++if test $1 = "x86_64-pc-linux-android"; then echo $1; exit; fi ++ + # Split fields of configuration type + # shellcheck disable=SC2162 + IFS="-" read field1 field2 field3 field4 <>confdefs.h + +diff -ur nss.org/nss/Makefile nss/nss/Makefile +--- nss.org/nss/Makefile 2017-09-07 15:29:44.933245745 +0200 ++++ nss/nss/Makefile 2017-09-07 15:32:04.347181076 +0200 +@@ -65,7 +65,7 @@ + + ifeq ($(OS_TARGET),Android) + NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) \ +- --target=$(ANDROID_PREFIX) \ ++ --with-arch=toolchain-default \ + --with-android-version=$(OS_TARGET_RELEASE) \ + --with-android-toolchain=$(ANDROID_TOOLCHAIN) \ + --with-android-platform=$(ANDROID_SYSROOT) +--- nss/nss/Makefile.orig 2019-11-26 14:52:15.934561202 +0100 ++++ nss/nss/Makefile 2019-11-26 14:52:20.538559612 +0100 +@@ -140,7 +140,6 @@ + + build_nspr: $(NSPR_CONFIG_STATUS) + $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) +- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests + + install_nspr: build_nspr + $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install +--- nss/nss/lib/ckfw/builtins/manifest.mn.orig 2019-11-26 15:18:22.185985193 +0100 ++++ nss/nss/lib/ckfw/builtins/manifest.mn 2019-11-26 15:18:29.281982387 +0100 +@@ -5,7 +5,7 @@ + + CORE_DEPTH = ../../.. + +-DIRS = testlib ++DIRS = + + MODULE = nss + +diff -ur nss/nss/coreconf/arch.mk nss/nss/coreconf/arch.mk +--- nss/nss/coreconf/arch.mk 2019-11-01 10:29:44.933245745 +0100 ++++ nss/nss/coreconf/arch.mk 2019-11-01 10:32:04.347181076 +0100 +@@ -213,7 +213,15 @@ + # + # this should be configurable from the user + # +- OS_TEST := arm ++ ifneq (,$(filter x86 x86_64,$(ANDROID_APP_ABI))) ++ OS_TEST := $(ANDROID_APP_ABI) ++ else ++ ifeq ($(USE_64),1) ++ OS_TEST := aarch64 ++ else ++ OS_TEST := arm ++ endif ++ endif + OS_ARCH = Android + ifndef OS_TARGET_RELEASE + OS_TARGET_RELEASE := 8 diff --git a/external/nss/nss-bz1646594.patch.1 b/external/nss/nss-bz1646594.patch.1 new file mode 100644 index 000000000..cffb9f5fe --- /dev/null +++ b/external/nss/nss-bz1646594.patch.1 @@ -0,0 +1,15 @@ +regression from https://bugzilla.mozilla.org/show_bug.cgi?id=1646594 + +--- nss/nss/coreconf/arch.mk.orig2 2020-08-18 14:33:21.295252404 +0200 ++++ nss/nss/coreconf/arch.mk 2020-08-18 14:33:46.360320806 +0200 +@@ -94,8 +94,10 @@ + OS_RELEASE := $(word 1,$(OS_RELEASE)).$(word 2,$(OS_RELEASE)) + endif + KERNEL = Linux ++ifneq ($(OS_TARGET),Android) + include $(CORE_DEPTH)/coreconf/Linux.mk + endif ++endif + + # Since all uses of OS_ARCH that follow affect only userland, we can + # merge other Glibc systems with Linux here. diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch new file mode 100644 index 000000000..58239f718 --- /dev/null +++ b/external/nss/nss-ios.patch @@ -0,0 +1,300 @@ +--- a/a/nss/Makefile ++++ a/a/nss/Makefile +@@ -91,13 +91,11 @@ + ifdef NS_USE_GCC + NSPR_CONFIGURE_ENV = CC=gcc CXX=g++ + endif +-# Make sure to remove -arch arguments. NSPR can't handle that. +-remove_arch = $(filter-out __REMOVEME%,$(subst $(NULL) -arch , __REMOVEME,$(1))) + ifdef CC +-NSPR_CONFIGURE_ENV = CC="$(call remove_arch,$(CC))" ++NSPR_CONFIGURE_ENV = CC="$(CC)" + endif + ifdef CCC +-NSPR_CONFIGURE_ENV += CXX="$(call remove_arch,$(CCC))" ++NSPR_CONFIGURE_ENV += CXX="$(CCC)" + endif + + # +@@ -140,7 +138,6 @@ + + build_nspr: $(NSPR_CONFIG_STATUS) + $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) +- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests + + install_nspr: build_nspr + $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install +--- a/a/nss/lib/ckfw/builtins/manifest.mn ++++ a/a/nss/lib/ckfw/builtins/manifest.mn +@@ -5,7 +5,7 @@ + + CORE_DEPTH = ../../.. + +-DIRS = testlib ++DIRS = + + MODULE = nss + +--- a/a/nss/lib/nss/nssinit.c ++++ a/a/nss/lib/nss/nssinit.c +@@ -275,6 +275,7 @@ + const char *secmodprefix, + char **retoldpath, char **retnewpath) + { ++#ifndef NSS_STATIC_PKCS11 + char *path, *oldpath = NULL, *lastsep; + int len, path_len, secmod_len, dll_len; + +@@ -309,6 +310,10 @@ + } + *retoldpath = oldpath; + *retnewpath = path; ++#else ++ *retoldpath = NULL; ++ *retnewpath = PORT_Strdup("NSSCKBI"); ++#endif + return; + } + +--- a/a/nss/lib/pk11wrap/pk11load.c ++++ a/a/nss/lib/pk11wrap/pk11load.c +@@ -390,6 +390,8 @@ + /* + * load a new module into our address space and initialize it. + */ ++extern CK_RV NSSCKBI_C_GetFunctionList(); ++ + SECStatus + secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) + { +@@ -468,6 +470,7 @@ + /* load the library. If this succeeds, then we have to remember to + * unload the library if anything goes wrong from here on out... + */ ++#ifndef NSS_STATIC_PKCS11 // With NSS_STATIC_PKCS11, the only module wodule we load here is nssckbi + #if defined(_WIN32) + if (nssUTF8_Length(mod->dllName, NULL)) { + wchar_t *dllNameWide = _NSSUTIL_UTF8ToWide(mod->dllName); +@@ -507,6 +510,11 @@ + mod->moduleDBFunc = (void *) + PR_FindSymbol(library, "NSS_ReturnModuleSpecData"); + } ++#else ++ if (strcmp(mod->dllName, "NSSCKBI") == 0) ++ fentry = NSSCKBI_C_GetFunctionList; ++#endif ++ + if (mod->moduleDBFunc == NULL) + mod->isModuleDB = PR_FALSE; + if ((ientry == NULL) && (fentry == NULL)) { +@@ -643,10 +651,12 @@ + } + fail: + mod->functionList = NULL; ++#ifndef NSS_STATIC_PKCS11 + disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); + if (library && !disableUnload) { + PR_UnloadLibrary(library); + } ++#endif + return SECFailure; + } + +--- a/a/nss/lib/ckfw/nssck.api ++++ a/a/nss/lib/ckfw/nssck.api +@@ -1842,7 +1842,11 @@ + + /* This one is always present */ + CK_RV CK_ENTRY ++#ifndef NSS_STATIC_PKCS11 + C_GetFunctionList ++#else ++NSSCKBI_C_GetFunctionList ++#endif + ( + CK_FUNCTION_LIST_PTR_PTR ppFunctionList + ) +--- a/a/nss/lib/freebl/loader.c ++++ a/a/nss/lib/freebl/loader.c +@@ -35,6 +35,7 @@ + static PRStatus + freebl_LoadDSO(void) + { ++#ifndef NSS_STATIC_FREEBL + PRLibrary *handle; + const char *name = getLibName(); + +@@ -47,32 +48,42 @@ + if (handle) { + PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector"); + if (address) { +- FREEBLGetVectorFn *getVector = (FREEBLGetVectorFn *)address; ++#else ++ FREEBLGetVectorFn *getVector = FREEBL_GetVector; ++#endif + const FREEBLVector *dsoVector = getVector(); + if (dsoVector) { + unsigned short dsoVersion = dsoVector->version; + unsigned short myVersion = FREEBL_VERSION; + if (MSB(dsoVersion) == MSB(myVersion) && + LSB(dsoVersion) >= LSB(myVersion) && + dsoVector->length >= sizeof(FREEBLVector)) { + vector = dsoVector; ++#ifndef NSS_STATIC_FREEBL + libraryName = name; + blLib = handle; ++#else ++ libraryName = "self"; ++#endif + return PR_SUCCESS; + } + } ++ else ++ return PR_FAILURE; ++#ifndef NSS_STATIC_FREEBL + } + #ifdef DEBUG + if (blLib) { + PRStatus status = PR_UnloadLibrary(blLib); + PORT_Assert(PR_SUCCESS == status); + } + #else + if (blLib) + PR_UnloadLibrary(blLib); + #endif + } + return PR_FAILURE; ++#endif + } + + static const PRCallOnceType pristineCallOnce; +@@ -860,6 +871,7 @@ + void + BL_Unload(void) + { ++#ifndef NSS_STATIC_FREEBL + /* This function is not thread-safe, but doesn't need to be, because it is + * only called from functions that are also defined as not thread-safe, + * namely C_Finalize in softoken, and the SSL bypass shutdown callback called +@@ -872,6 +884,7 @@ + PR_UnloadLibrary(blLib); + #endif + } ++#endif + blLib = NULL; + loadFreeBLOnce = pristineCallOnce; + } +--- a/a/nspr/build/autoconf/config.sub 2017-09-07 15:29:45.031246453 +0200 ++++ a/a/nspr/build/autoconf/config.sub 2017-09-07 15:32:13.087235423 +0200 +@@ -110,6 +110,9 @@ + exit 1;; + esac + ++if test $1 = "arm64-apple-darwin"; then echo $1; exit; fi ++if test $1 = "aarch64-apple-darwin"; then echo $1; exit; fi ++ + # Split fields of configuration type + # shellcheck disable=SC2162 + IFS="-" read field1 field2 field3 field4 < +date: Wed May 13 19:00:40 2020 +0000 +summary: Bug 1637083 Replace pre-dependency with shell hack r=rrelyea + +--- b/nss/coreconf/rules.mk Wed May 13 19:00:40 2020 +0000 ++++ a/nss/coreconf/rules.mk Tue May 12 21:33:43 2020 +0000 +@@ -31,21 +31,10 @@ + USE_NT_C_SYNTAX=1 + endif + +-# For whatever reason, "." can't be handled using make conditionals. +-# Based on automake's SUBDIRS "." handling. + ifdef DIRS + ifndef IGNORE_DIRS +-ifneq (,$(filter .,$(DIRS))) +-TARGETS = $(NULL) +-ALL_TRASH = $(NULL) +-endif +- + $(DIRS): ++ $(IGNORE_ERROR)@$(MAKE) -C $@ $(MAKECMDGOALS) +- $(IGNORE_ERROR)@if [ "$@" != "." ]; then \ +- $(MAKE) -C $@ $(MAKECMDGOALS) ; \ +- else \ +- IGNORE_DIRS=1 $(MAKE) -C $@ $(MAKECMDGOALS) ; \ +- fi + @$(CLICK_STOPWATCH) + endif + endif +@@ -84,9 +73,7 @@ + check: $(DIRS) + + clean clobber: $(DIRS) +-ifneq (,$(ALL_TRASH)) + rm -rf $(ALL_TRASH) +-endif + + realclean clobber_all: $(DIRS) + rm -rf $(wildcard *.OBJ) dist $(ALL_TRASH) +--- b/nss/lib/ckfw/builtins/manifest.mn Wed May 13 19:00:40 2020 +0000 ++++ a/nss/lib/ckfw/builtins/manifest.mn Tue May 12 21:33:43 2020 +0000 +@@ -5,9 +5,7 @@ + + CORE_DEPTH = ../../.. + ++DIRS = testlib +-DIRS = . testlib +- +-testlib: . + + MODULE = nss + +--- b/nss/lib/ckfw/manifest.mn Wed May 13 19:00:40 2020 +0000 ++++ a/nss/lib/ckfw/manifest.mn Tue May 12 21:33:43 2020 +0000 +@@ -5,9 +5,7 @@ + + CORE_DEPTH = ../.. + ++DIRS = builtins +-DIRS = . builtins +- +-builtins: . + + PRIVATE_EXPORTS = \ + ck.h \ +--- b/nss/manifest.mn Wed May 13 19:00:40 2020 +0000 ++++ a/nss/manifest.mn Tue May 12 21:33:43 2020 +0000 +@@ -24,6 +24,12 @@ + # no real way to encode these in any sensible way + $(MAKE) -C coreconf/nsinstall program + $(MAKE) export ++ # pre-build child dir -> parent dir dependencies ++ # ckfw/builtins -> ckfw ++ IGNORE_DIRS=1 $(MAKE) -C lib/ckfw libs ++ # ckfw/builtins/testlib -> ckfw/builtins + base ++ $(MAKE) -C lib/base libs ++ IGNORE_DIRS=1 $(MAKE) -C lib/ckfw/builtins libs + + lib: coreconf + cmd: lib diff --git a/external/nss/nss-win32-make.patch.1 b/external/nss/nss-win32-make.patch.1 new file mode 100644 index 000000000..6a3201a08 --- /dev/null +++ b/external/nss/nss-win32-make.patch.1 @@ -0,0 +1,20 @@ +--- nss/nss/coreconf/rules.mk.orig2 2014-06-03 15:30:01.667200000 +0200 ++++ nss/nss/coreconf/rules.mk 2014-06-03 15:30:14.537200000 +0200 +@@ -174,7 +174,7 @@ + $(LIBRARY): $(OBJS) | $$(@D)/d + rm -f $@ + ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET))) +- $(AR) $(subst /,\\,$(OBJS)) ++ $(AR) $(OBJS) + else + $(AR) cr $@ $(OBJS) + endif +@@ -214,7 +214,7 @@ + ifdef NS_USE_GCC + $(LINK_DLL) $(OBJS) $(SUB_SHLOBJS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) $(LD_LIBS) $(RES) + else +- $(LINK_DLL) -MAP $(DLLBASE) $(subst /,\\,$(OBJS) $(SUB_SHLOBJS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) $(LD_LIBS) $(RES)) ++ $(LINK_DLL) -MAP $(DLLBASE) $(OBJS) $(SUB_SHLOBJS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) $(LD_LIBS) $(RES) + ifdef MT + if test -f $@.manifest; then \ + $(MT) -NOLOGO -MANIFEST $@.manifest -OUTPUTRESOURCE:$@\;2; \ diff --git a/external/nss/nss.aix.patch b/external/nss/nss.aix.patch new file mode 100644 index 000000000..10572f947 --- /dev/null +++ b/external/nss/nss.aix.patch @@ -0,0 +1,140 @@ +diff -ru a/nspr/configure b/nspr/configure +--- a/a/nspr/configure 2014-09-29 16:47:42.984012225 +0100 ++++ b/b/nspr/configure 2014-09-29 16:50:33.907375937 +0100 +@@ -6325,7 +6325,6 @@ + AIX_LINK_OPTS='-brtl -bnso -berok' + ;; + esac +- CFLAGS="$CFLAGS -qro -qroconst" + AIX_WRAP='$(DIST)/lib/aixwrap.o' + AIX_TMP='./_aix_tmp.o' + if test -n "$USE_64"; then +diff -ru a/nspr/configure.in b/nspr/configure.in +--- a/a/nspr/configure.in 2014-09-29 16:46:35.257394860 +0100 ++++ b/b/nspr/configure.in 2014-09-29 16:50:33.908375942 +0100 +@@ -1180,7 +1180,8 @@ + AC_DEFINE(XP_UNIX) + AC_DEFINE(AIX) + AC_DEFINE(SYSV) +- DSO_LDOPTS='-brtl -bnortllib -bM:SRE -bnoentry -bexpall -blibpath:/usr/lib:/lib' ++ DSO_LDOPTS='-Wl,-brtl -Wl,-bnortllib -Wl,-blibpath:/usr/lib:/lib' ++ MKSHLIB='$(CCC) -shared $(DSO_LDOPTS) -o $@' + AC_CHECK_HEADER(sys/atomic_op.h, AC_DEFINE(AIX_HAVE_ATOMIC_OP_H)) + case "${target_os}" in + aix3.2*) +@@ -1220,10 +1221,9 @@ + AC_DEFINE(HAVE_SOCKLEN_T) + AC_DEFINE(HAVE_FCNTL_FILE_LOCKING) + USE_IPV6=1 +- AIX_LINK_OPTS='-brtl -bnso -berok' ++ AIX_LINK_OPTS='-Wl,-brtl -Wl,-bnso -Wl,-berok' + ;; + esac +- CFLAGS="$CFLAGS -qro -qroconst" + AIX_WRAP='$(DIST)/lib/aixwrap.o' + AIX_TMP='./_aix_tmp.o' + if test -n "$USE_64"; then +diff -ru a/nspr/pr/src/Makefile.in b/nspr/pr/src/Makefile.in +--- a/a/nspr/pr/src/Makefile.in 2014-09-29 16:46:35.281395079 +0100 ++++ b/b/nspr/pr/src/Makefile.in 2014-09-29 16:50:33.909375948 +0100 +@@ -74,7 +74,6 @@ + endif # SunOS + + ifeq ($(OS_ARCH),AIX) +-DSO_LDOPTS += -binitfini::_PR_Fini + OS_LIBS = -lodm -lcfg + ifeq ($(CLASSIC_NSPR),1) + ifeq ($(OS_RELEASE),4.1) +diff -ru a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk +--- a/a/nss/cmd/platlibs.mk 2014-09-29 16:47:42.987012253 +0100 ++++ b/b/nss/cmd/platlibs.mk 2014-09-29 16:50:33.910375955 +0100 +@@ -171,7 +171,7 @@ + $(NULL) + + ifeq ($(OS_ARCH), AIX) +-EXTRA_SHARED_LIBS += -brtl ++EXTRA_SHARED_LIBS += -Wl,-brtl + endif + + # $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS) +@@ -217,7 +217,7 @@ + $(NULL) + + ifeq ($(OS_ARCH), AIX) +-EXTRA_SHARED_LIBS += -brtl ++EXTRA_SHARED_LIBS += -Wl,-brtl + endif + + # $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS) +diff -ru a/nss/cmd/shlibsign/Makefile b/nss/cmd/shlibsign/Makefile +--- a/a/nss/cmd/shlibsign/Makefile 2014-09-29 16:46:35.139393785 +0100 ++++ b/b/nss/cmd/shlibsign/Makefile 2014-09-29 16:50:33.910375955 +0100 +@@ -43,6 +43,9 @@ + + endif + ++ifeq ($(OS), AIX) ++EXTRA_SHARED_LIBS += -lpthreads ++endif + + # sign any and all shared libraries that contain the word freebl + ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1) +diff -ru a/nss/cmd/shlibsign/mangle/Makefile b/nss/cmd/shlibsign/mangle/Makefile +--- a/a/nss/cmd/shlibsign/mangle/Makefile 2014-09-29 16:46:35.139393785 +0100 ++++ b/b/nss/cmd/shlibsign/mangle/Makefile 2014-09-29 16:50:33.910375955 +0100 +@@ -43,7 +43,9 @@ + + endif + +- ++ifeq ($(OS), AIX) ++EXTRA_SHARED_LIBS += -lpthreads ++endif + + ####################################################################### + # (5) Execute "global" rules. (OPTIONAL) # +diff -ru a/nss/coreconf/AIX.mk b/nss/coreconf/AIX.mk +--- a/a/nss/coreconf/AIX.mk 2014-09-29 16:46:35.040392883 +0100 ++++ b/b/nss/coreconf/AIX.mk 2014-09-29 16:50:33.909375948 +0100 +@@ -30,35 +30,30 @@ + + DEFAULT_COMPILER = xlc_r + +-CC = xlc_r +-CCC = xlC_r ++CCC = $(CXX) + + CPU_ARCH = rs6000 + + RANLIB = ranlib + + OS_CFLAGS = -DAIX -DSYSV +-OS_LIBS += -blibpath:/usr/lib:/lib -lc -lm ++OS_LIBS += -Wl,-blibpath:/usr/lib:/lib -lc -lm + +-DSO_LDOPTS = -brtl -bnortllib -bM:SRE -bnoentry +-MKSHLIB = $(LD) $(DSO_LDOPTS) -blibpath:/usr/lib:/lib -lc -lm ++DSO_LDOPTS = -Wl,-brtl -Wl,-bnortllib ++MKSHLIB = $(CC) --shared $(DSO_LDOPTS) -Wl,-blibpath:/usr/lib:/lib -lc -lm + + AIX_WRAP = $(DIST)/lib/aixwrap.o + AIX_TMP = $(OBJDIR)/_aix_tmp.o + + ifdef MAPFILE +-DSO_LDOPTS += -bexport:$(MAPFILE) ++DSO_LDOPTS += -Wl,-bexport:$(MAPFILE) + else +-DSO_LDOPTS += -bexpall ++DSO_LDOPTS += -Wl,-bexpall + endif + + PROCESS_MAP_FILE = grep -v ';+' $< | grep -v ';-' | \ + sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' > $@ + +-ifdef BUILD_OPT +- OPTIMIZER += -qmaxmem=-1 +-endif +- + ifeq ($(USE_64), 1) + OS_CFLAGS += -DAIX_64BIT + OBJECT_MODE=64 diff --git a/external/nss/nss.bzmozilla1238154.patch b/external/nss/nss.bzmozilla1238154.patch new file mode 100644 index 000000000..425f38257 --- /dev/null +++ b/external/nss/nss.bzmozilla1238154.patch @@ -0,0 +1,12 @@ +diff -ru a/nspr/configure b/nspr/configure +--- a/a/nspr/configure 2019-01-26 12:23:06.589389910 +0100 ++++ b/b/nspr/configure 2019-01-26 12:26:56.566222293 +0100 +@@ -6883,7 +6883,7 @@ + + # Determine compiler version + +- _MSVC_VER_FILTER='s|.* \([0-9]\+\.[0-9]\+\.[0-9]\+\(\.[0-9]\+\)\?\).*|\1|p' ++ _MSVC_VER_FILTER='s|.*[^!-~]\([0-9]\+\.[0-9]\+\.[0-9]\+\(\.[0-9]\+\)\?\).*|\1|p' + + CC_VERSION=`${CC} -v 2>&1 | sed -ne "$_MSVC_VER_FILTER"` + if test -z "$CC_VERSION"; then diff --git a/external/nss/nss.cygwin64.in32bit.patch b/external/nss/nss.cygwin64.in32bit.patch new file mode 100644 index 000000000..bce0f1d09 --- /dev/null +++ b/external/nss/nss.cygwin64.in32bit.patch @@ -0,0 +1,14 @@ +This fixes architecture mismatch, when building +on Cygwin 64bit and in 32bit mode +diff -ru nss.orig/nss/Makefile nss/nss/Makefile +--- a/nss.orig/nss/Makefile 2016-02-26 01:00:52.146713100 +0100 ++++ b/nss/nss/Makefile 2016-02-26 01:02:05.303560100 +0100 +@@ -63,6 +63,8 @@ + # Translate coreconf build options to NSPR configure options. + # + ++NSPR_CONFIGURE_OPTS += --host=i686-pc-cygwin ++ + ifeq ($(OS_TARGET),Android) + NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) \ + --target=$(ANDROID_PREFIX) \ diff --git a/external/nss/nss.nowerror.patch b/external/nss/nss.nowerror.patch new file mode 100644 index 000000000..bdf7a33a8 --- /dev/null +++ b/external/nss/nss.nowerror.patch @@ -0,0 +1,12 @@ +diff -ur nss.org/nss/coreconf/WIN32.mk nss/nss/coreconf/WIN32.mk +--- a/nss.org/nss/coreconf/WIN32.mk 2016-04-13 11:33:09.322294523 +0200 ++++ b/nss/nss/coreconf/WIN32.mk 2016-04-13 11:33:27.744323969 +0200 +@@ -121,7 +121,7 @@ + -D_CRT_NONSTDC_NO_WARNINGS + OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS + ifndef NSS_ENABLE_WERROR +- NSS_ENABLE_WERROR = 1 ++ NSS_ENABLE_WERROR = 0 + endif + ifeq ($(NSS_ENABLE_WERROR),1) + WARNING_CFLAGS += -WX diff --git a/external/nss/nss.patch b/external/nss/nss.patch new file mode 100644 index 000000000..cc9eeed1b --- /dev/null +++ b/external/nss/nss.patch @@ -0,0 +1,155 @@ +--- a/a/nspr/configure 2017-08-29 23:44:13.686045013 +0530 ++++ b/b/nspr/configure 2017-08-29 23:46:53.774768655 +0530 +@@ -6794,7 +6794,7 @@ + PR_MD_CSRCS=linux.c + MKSHLIB='$(CC) $(DSO_LDOPTS) -o $@' + DSO_CFLAGS=-fPIC +- DSO_LDOPTS='-shared -Wl,-soname -Wl,$(notdir $@)' ++ DSO_LDOPTS='-shared -Wl,-soname -Wl,$(notdir $@) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin -Wl$(COMMA)-rpath$(COMMA)\$$ORIGIN)' + _OPTIMIZE_FLAGS=-O2 + _DEBUG_FLAGS="-g -fno-inline" # most people on linux use gcc/gdb, and that + # combo is not yet good at debugging inlined +--- a/nss.orig/nspr/pr/src/misc/prnetdb.c 2017-08-29 23:44:13.690045031 +0530 ++++ b/nss/nspr/pr/src/misc/prnetdb.c 2017-08-29 23:47:03.810814019 +0530 +@@ -441,7 +441,7 @@ + char *buf = *bufp; + PRIntn buflen = *buflenp; + +- if (align && ((long)buf & (align - 1))) { ++ if (align && ((ptrdiff_t)buf & (align - 1))) { + PRIntn skip = align - ((ptrdiff_t)buf & (align - 1)); + if (buflen < skip) { + return 0; +--- a/a/nss/cmd/platlibs.mk 2017-08-29 23:44:13.554044416 +0530 ++++ b/b/nss/cmd/platlibs.mk 2017-08-29 23:46:09.638569150 +0530 +@@ -10,17 +10,22 @@ + + ifeq ($(OS_ARCH), SunOS) + ifeq ($(USE_64), 1) +-EXTRA_SHARED_LIBS += -R '$$ORIGIN/../lib:/usr/lib/mps/secv1/64:/usr/lib/mps/64' ++#In OOo we would probable put the executables next to libs ++EXTRA_SHARED_LIBS += -R '$$ORIGIN' + else +-EXTRA_SHARED_LIBS += -R '$$ORIGIN/../lib:/usr/lib/mps/secv1:/usr/lib/mps' ++EXTRA_SHARED_LIBS += -R '$$ORIGIN' + endif + endif + ++ifeq ($(OS_ARCH), FreeBSD) ++EXTRA_SHARED_LIBS += -Wl,-z,origin -Wl,-rpath,'$$ORIGIN' ++endif ++ + ifeq ($(OS_ARCH), Linux) + ifeq ($(USE_64), 1) +-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib' ++EXTRA_SHARED_LIBS += -Wl,-z,origin -Wl,-rpath,'$$ORIGIN' + else +-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib' ++EXTRA_SHARED_LIBS += -Wl,-z,origin -Wl,-rpath,'$$ORIGIN' + endif + endif + +--- a/nss.org/nss/coreconf/arch.mk 2017-08-29 23:44:13.646044832 +0530 ++++ b/nss/nss/coreconf/arch.mk 2017-08-29 23:45:51.494487134 +0530 +@@ -284,11 +284,17 @@ + OBJDIR_NAME_COMPILER = $(COMPILER_TAG) + endif + OBJDIR_NAME_BASE = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(OBJDIR_NAME_COMPILER)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG) +-OBJDIR_NAME = $(OBJDIR_NAME_BASE).OBJ ++# OBJDIR_NAME is used to build the directory containing the built objects, for ++# example mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ ++# We need to deliver the contents of that folder into instdir. To make that ++# easier in the makefile we rename this directory to "out". ++#OBJDIR_NAME = $(OBJDIR_NAME_BASE).OBJ ++OBJDIR_NAME = out + + + ifeq (,$(filter-out WIN%,$(OS_TARGET))) +-ifndef BUILD_OPT ++ifdef THIS_HAS_BEEN_DISABLED_TO_GET_out ++ + # + # Define USE_DEBUG_RTL if you want to use the debug runtime library + # (RTL) in the debug build +--- a/nss.org/nss/coreconf/FreeBSD.mk 2017-08-29 23:44:13.642044814 +0530 ++++ b/nss/nss/coreconf/FreeBSD.mk 2017-08-29 23:45:20.850348615 +0530 +@@ -25,6 +25,7 @@ + + DSO_CFLAGS = -fPIC + DSO_LDOPTS = -shared -Wl,-soname -Wl,$(notdir $@) ++DSO_LDOPTS += -Wl,-z,origin '-Wl,-rpath,$$ORIGIN' + + # + # The default implementation strategy for FreeBSD is pthreads. +--- a/nss.org/nss/coreconf/Linux.mk 2017-08-29 23:44:13.642044814 +0530 ++++ b/nss/nss/coreconf/Linux.mk 2017-08-29 23:47:26.318915759 +0530 +@@ -158,7 +158,7 @@ + # Also, -z defs conflicts with Address Sanitizer, which emits relocations + # against the libsanitizer runtime built into the main executable. + ZDEFS_FLAG = -Wl,-z,defs +-DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG)) ++DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG)) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN') + LDFLAGS += $(ARCHFLAG) -z noexecstack + + # On Maemo, we need to use the -rpath-link flag for even the standard system +@@ -188,8 +188,13 @@ + endif + endif + ++ifneq ($(SYSTEM_ZLIB),) ++# Currently (3.12.4) only the tools modutil and signtool are linked with libz ++# If USE_SYSTEM_ZLIB is not set then the tools link statically libzlib.a which ++# is also built in nss. + USE_SYSTEM_ZLIB = 1 + ZLIB_LIBS = -lz ++endif + + # The -rpath '$$ORIGIN' linker option instructs this library to search for its + # dependencies in the same directory where it resides. +--- a/nss.org/nss/coreconf/rules.mk 2017-08-29 23:44:13.646044832 +0530 ++++ b/nss/nss/coreconf/rules.mk 2017-08-29 23:47:37.442966042 +0530 +@@ -176,7 +176,7 @@ + ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET))) + $(AR) $(subst /,\\,$(OBJS)) + else +- $(AR) $(OBJS) ++ $(AR) cr $@ $(OBJS) + endif + $(RANLIB) $@ + +--- a/nss.org/nss/coreconf/SunOS5.mk 2017-08-29 23:44:13.646044832 +0530 ++++ b/nss/nss/coreconf/SunOS5.mk 2017-08-29 23:45:00.902258445 +0530 +@@ -46,8 +46,11 @@ + # OPTIMIZER += -mno-omit-leaf-frame-pointer -fno-omit-frame-pointer + endif + else +- CC = cc +- CCC = CC ++ # CC is taken from environment automatically. ++ # CC = cc ++ # Use CXX from environment. ++ # CCC = CC ++ CCC = $(CXX) + ASFLAGS += -Wa,-P + OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG) + ifndef BUILD_OPT +--- a/nss.org/nss/coreconf/Werror.mk 2017-08-29 23:44:13.646044832 +0530 ++++ b/nss/nss/coreconf/Werror.mk 2017-08-29 23:44:23.994091608 +0530 +@@ -96,7 +96,8 @@ + endif #ndef NSS_ENABLE_WERROR + + ifeq ($(NSS_ENABLE_WERROR),1) +- WARNING_CFLAGS += -Werror ++ # We do not treat warnings as errors. ++ # WARNING_CFLAGS += -Werror + else + # Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. + # Use this to disable use of that #pragma and the warnings it suppresses. +--- a/nss.org/nss/Makefile 2017-08-29 23:44:13.402043729 +0530 ++++ b/nss/nss/Makefile 2017-08-29 23:44:39.774162939 +0530 +@@ -1,3 +1,5 @@ ++export AR ++export RANLIB + #! gmake + # + # This Source Code Form is subject to the terms of the Mozilla Public diff --git a/external/nss/nss.utf8bom.patch.1 b/external/nss/nss.utf8bom.patch.1 new file mode 100644 index 000000000..f474adf6f --- /dev/null +++ b/external/nss/nss.utf8bom.patch.1 @@ -0,0 +1,21 @@ +diff -ur nss.org/nss/lib/ckfw/builtins/certdata.perl nss/nss/lib/ckfw/builtins/certdata.perl +--- nss.org/nss/lib/ckfw/builtins/certdata.perl 2016-03-31 18:26:07.890190900 +0800 ++++ nss/nss/lib/ckfw/builtins/certdata.perl 2016-03-31 19:16:16.727269600 +0800 +@@ -122,6 +122,9 @@ + sub doprint { + my $i; + ++print chr(0xEF); ++print chr(0xBB); ++print chr(0xBF); + print <&1 | grep "clang version" | sed -e "s/^.*clang version[ ]*//" | awk '{ print $$1 }') + GCC_VERSION_FULL := $(shell $(CC) -dumpversion) + GCC_VERSION_MAJOR := $(shell echo $(GCC_VERSION_FULL) | awk -F. '{ print $$1 }') + GCC_VERSION_MINOR := $(shell echo $(GCC_VERSION_FULL) | awk -F. '{ print $$2 }') + GCC_VERSION = $(GCC_VERSION_MAJOR).$(GCC_VERSION_MINOR) ++ ifneq (,$(CLANG_VERSION_FULL)) ++ DARWIN_SDK_CFLAGS = -isysroot $(MACOS_SDK_DIR) ++ DARWIN_SDK_SHLIBFLAGS = -isysroot $(MACOS_SDK_DIR) + +- ifeq (,$(filter-out 2 3,$(GCC_VERSION_MAJOR))) ++ else ifeq (,$(filter-out 2 3,$(GCC_VERSION_MAJOR))) + # GCC <= 3 + DARWIN_SDK_FRAMEWORKS = -F$(MACOS_SDK_DIR)/System/Library/Frameworks + ifneq (,$(shell find $(MACOS_SDK_DIR)/Library/Frameworks -maxdepth 0)) +@@ -108,7 +113,7 @@ + # May override this with different compatibility and current version numbers. + DARWIN_DYLIB_VERSIONS = -compatibility_version 1 -current_version 1 + # May override this with -bundle to create a loadable module. +-DSO_LDOPTS = -dynamiclib $(DARWIN_DYLIB_VERSIONS) -install_name @executable_path/$(notdir $@) -headerpad_max_install_names ++DSO_LDOPTS = -dynamiclib $(DARWIN_DYLIB_VERSIONS) -install_name @__________________________________________________OOO/$(notdir $@) -headerpad_max_install_names + + ifdef USE_GCOV + OS_CFLAGS += --coverage +diff -ru a/nss/Makefile b/nss/Makefile +--- a/a/nss/Makefile 2014-09-29 16:50:22.990304789 +0100 ++++ b/b/nss/Makefile 2014-09-29 16:51:59.207931908 +0100 +@@ -82,6 +82,9 @@ + ifeq ($(OS_TARGET),WIN95) + NSPR_CONFIGURE_OPTS += --enable-win32-target=WIN95 + endif ++ifdef MACOS_SDK_DIR ++NSPR_CONFIGURE_OPTS += --with-macos-sdk=$(MACOS_SDK_DIR) ++endif + ifdef USE_DEBUG_RTL + NSPR_CONFIGURE_OPTS += --enable-debug-rtl + endif diff --git a/external/nss/ubsan.patch.0 b/external/nss/ubsan.patch.0 new file mode 100644 index 000000000..5f97d3e9d --- /dev/null +++ b/external/nss/ubsan.patch.0 @@ -0,0 +1,38 @@ +--- nss/lib/base/item.c ++++ nss/lib/base/item.c +@@ -182,5 +182,5 @@ + return PR_FALSE; + } + +- return nsslibc_memequal(one->data, two->data, one->size, statusOpt); ++ return one->size == 0 || nsslibc_memequal(one->data, two->data, one->size, statusOpt); + } +--- nss/lib/softoken/legacydb/pk11db.c ++++ nss/lib/softoken/legacydb/pk11db.c +@@ -65,7 +65,7 @@ + unsigned char isModuleDBOnly; + unsigned char isCritical; + unsigned char reserved[4]; +- unsigned char names[6]; /* enough space for the length fields */ ++ unsigned char names[1]; /* +5: enough space for the length fields */ + }; + + struct lgdbSlotDataStr { +@@ -148,7 +148,7 @@ + goto loser; + } + +- dataLen = sizeof(lgdbData) + len + len2 + len3 + sizeof(unsigned short) + ++ dataLen = sizeof(lgdbData)+5 + len + len2 + len3 + sizeof(unsigned short) + + count * sizeof(lgdbSlotData); + + data->data = (unsigned char *)PORT_ZAlloc(dataLen); +@@ -329,7 +329,7 @@ + } + if ((encoded->major == LGDB_DB_EXT1_VERSION_MAJOR) && + (encoded->minor >= LGDB_DB_EXT1_VERSION_MINOR)) { +- CHECK_SIZE(sizeof(lgdbData)); ++ CHECK_SIZE(sizeof(lgdbData)+5); + trustOrder = LGDB_GETLONG(encoded->trustOrder); + cipherOrder = LGDB_GETLONG(encoded->cipherOrder); + isModuleDB = (encoded->isModuleDB != 0) ? PR_TRUE : PR_FALSE; -- cgit v1.2.3