download.lst | 4 ++--
external/nss/README | 26 +++++++++++---------------
2 files changed, 13 insertions(+), 17 deletions(-)
New commits:
commit 1742ce27ded54cc541356ae0a7b429a120341b70
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Fri Feb 16 10:34:54 2024 +0100
Commit: Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Sat Feb 17 20:33:40 2024 +0100
nss: upgrade to release 3.98
Fixes CVE-2023-5388
Also update README, and remove obsolete documentation of Debian's
mangled SONAME; relevant Debian changelog:
nss (2:3.13.4-2) unstable; urgency=low
* debian/control, debian/libnss3*, debian/rules,
mozilla/security/coreconf/*, mozilla/security/nss/lib/*/manifest.mn:
Move to unversioned library. ABI compatibility is ensured upstream, and
the SO version, if it needed a change at any time, would be a change in
the library name. There is no reason to keep making compatibility more
difficult with other distros and upstream binary releases. While
previous
versions were one-way compatible (binaries built against other distros
or
upstream nspr could work on Debian), this approach works both ways.
-- Mike Hommey <gland...@debian.org> Thu, 17 May 2012 09:45:36 +0200
Change-Id: Ifc1eae68827fa88ae001a3903c8555af67b488ac
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163482
Tested-by: Michael Stahl <michael.st...@allotropia.de>
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit c5e7af92ebcde59cb72fda2a88d08dc6656dc2e2)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163504
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
Signed-off-by: Xisco Fauli <xiscofa...@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163520
Tested-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
diff --git a/download.lst b/download.lst
index 11e012c78446..06d4416d09cf 100644
--- a/download.lst
+++ b/download.lst
@@ -477,8 +477,8 @@ MYTHES_TARBALL := mythes-1.2.5.tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-NSS_SHA256SUM :=
a7a920d295998563b33d9e06c1a36b799201493d81b64537fab42f2a733411ce
-NSS_TARBALL := nss-3.97-with-nspr-4.35.tar.gz
+NSS_SHA256SUM :=
59bb55a59b02e4004fc26ad0aa1a13fe8d73c6c90c447dd2f2efb73fb81083ed
+NSS_TARBALL := nss-3.98-with-nspr-4.35.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
diff --git a/external/nss/README b/external/nss/README
index 6997cea6ca06..09931f64ea20 100644
--- a/external/nss/README
+++ b/external/nss/README
@@ -1,5 +1,16 @@
Contains the Network Security Services (NSS) libraries from Mozilla
+== ESR versions ==
+
+Upstream releases both regular and "ESR" versions, the latter go into Firefox
+ESR and Thunderbird.
+
+There is a new ESR version about once a year, and a ESR version gets micro
+updates only when there are security issues to fix, and it's not always obvious
+from the release notes of a regular release if there are security issues that
+are relevant to LibreOffice, hence it's probably best to bundle only the ESR
+versions and upgrade for every micro release (as recommended by upstream).
+
== Fips 140 and signed libraries ==
Fips 140 mode is not supported. That is, the *.chk files containing the
@@ -20,18 +31,3 @@ With all supported macOS SDK we use
NSS_USE_SYSTEM_SQLITE=1
to build using the system sqlite.
-== system NSS on Linux ==
-
-Note that different Linux distributions use different SONAMEs for the
-NSS libraries, so it is not possible to use --with-system-nss and build
-a portable generic LO installation set, despite NSS upstream apparently
-maintaining ABI compatibility.
-
-Debian Squeeze:
-0x000000000000000e (SONAME) Library soname: [libnss3.so.1d]
-Fedora 20:
-0x000000000000000e (SONAME) Library soname: [libnss3.so]
-
-For the record, the LSB specified SONAME is libnss3.so
-http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/libnss3.html
-
commit 743c626c7ebd04d06a4c8e71c21a7589dfa8ddd9
Author: Andras Timar <andras.ti...@collabora.com>
AuthorDate: Wed Feb 14 22:18:30 2024 +0100
Commit: Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Sat Feb 17 20:33:30 2024 +0100
nss: upgrade to release 3.97
Change-Id: If0eaf6a93f57239d81491c635922745bf3f38fd5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163410
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit f25b7efba56757b085f7a836f57d9c2fc8fd14b8)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163407
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 74486211adfb81a8b4d23c51457ff62acd804956)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163498
Tested-by: Caolán McNamara <caolan.mcnam...@collabora.com>
diff --git a/download.lst b/download.lst
index f3c7f038740b..11e012c78446 100644
--- a/download.lst
+++ b/download.lst
@@ -477,8 +477,8 @@ MYTHES_TARBALL := mythes-1.2.5.tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-NSS_SHA256SUM :=
f78ab1d911cae8bbc94758fb3bd0f731df4087423a4ff5db271ba65381f6b739
-NSS_TARBALL := nss-3.90-with-nspr-4.35.tar.gz
+NSS_SHA256SUM :=
a7a920d295998563b33d9e06c1a36b799201493d81b64537fab42f2a733411ce
+NSS_TARBALL := nss-3.97-with-nspr-4.35.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
