From 4631ed8aab22e0ed56474b3a58fcf101765b6695 Mon Sep 17 00:00:00 2001
From: tsdgeos <aacid@kde.org>
Date: Fri, 18 Feb 2022 14:04:25 +0100
Subject: [PATCH] poppler: Build nss (#7297)

* poppler: Build nss

Will allow fuzzying of the signature code path

* poppler: Fix freetype repo url
---
 projects/poppler/Dockerfile |  5 +++--
 projects/poppler/build.sh   | 41 +++++++++++++++++++++++++++++++++++--
 2 files changed, 42 insertions(+), 4 deletions(-)

diff --git a/projects/poppler/Dockerfile b/projects/poppler/Dockerfile
index dd7160d65..80ebf78e4 100644
--- a/projects/poppler/Dockerfile
+++ b/projects/poppler/Dockerfile
@@ -16,10 +16,10 @@
 
 FROM gcr.io/oss-fuzz-base/base-builder
 RUN apt-get update && apt-get install -y wget autoconf automake libtool pkg-config gperf
-RUN pip3 install meson ninja
+RUN pip3 install meson ninja gyp-next
 
 RUN git clone --depth 1 https://github.com/madler/zlib.git
-RUN git clone --depth 1 git://git.sv.nongnu.org/freetype/freetype2.git
+RUN git clone --depth 1 https://gitlab.freedesktop.org/freetype/freetype.git
 RUN git clone --depth 1 https://github.com/mm2/Little-CMS.git
 RUN git clone --depth 1 https://github.com/uclouvain/openjpeg
 RUN git clone --depth 1 https://github.com/glennrp/libpng.git
@@ -30,6 +30,7 @@ RUN git clone --depth 1 https://gitlab.gnome.org/GNOME/pango.git
 ADD https://ftp.gnome.org/pub/gnome/sources/glib/2.70/glib-2.70.0.tar.xz $SRC
 RUN tar xvJf $SRC/glib-2.70.0.tar.xz
 RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.76.0/source/boost_1_76_0.tar.bz2
+RUN wget https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_75_RTM/src/nss-3.75-with-nspr-4.32.tar.gz
 RUN git clone --depth 1 --single-branch https://gitlab.freedesktop.org/poppler/poppler.git
 
 RUN git clone --depth 1 https://github.com/mozilla/pdf.js pdf.js && \
diff --git a/projects/poppler/build.sh b/projects/poppler/build.sh
index 8d6c94f34..b8c87f12b 100755
--- a/projects/poppler/build.sh
+++ b/projects/poppler/build.sh
@@ -39,7 +39,39 @@ pushd $SRC/zlib
 CFLAGS=-fPIC ./configure --static --prefix=$PREFIX
 make install -j$(nproc)
 
-pushd $SRC/freetype2
+pushd $SRC
+tar zxf nss-3.75-with-nspr-4.32.tar.gz
+cd nss-3.75
+nss_flag=""
+SAVE_CFLAGS="$CFLAGS"
+SAVE_CXXFLAGS="$CXXFLAGS"
+if [ "$SANITIZER" = "memory" ]; then
+    nss_flag="--msan"
+elif [ "$SANITIZER" = "address" ]; then
+    nss_flag="--asan"
+elif [ "$SANITIZER" = "undefined" ]; then
+    nss_flag="--ubsan"
+elif [ "$SANITIZER" = "coverage" ]; then
+    # some parts of nss don't like -fcoverage-mapping nor -fprofile-instr-generate :/
+    CFLAGS="${CFLAGS/"-fcoverage-mapping"/" "}"
+    CFLAGS="${CFLAGS/"-fprofile-instr-generate"/" "}"
+    CXXFLAGS="${CXXFLAGS/"-fcoverage-mapping"/" "}"
+    CXXFLAGS="${CXXFLAGS/"-fprofile-instr-generate"/" "}"
+fi
+
+./nss/build.sh $nss_flag --disable-tests --static -v -Dmozilla_client=1 -Dzlib_libs=$PREFIX/lib/libz.a
+
+CFLAGS="$SAVE_CFLAGS"
+CXXFLAGS="$SAVE_CXXFLAGS"
+
+# NSS has a .pc.in file but doesn't do anything with it
+cp nss/pkg/pkg-config/nss.pc.in $PREFIX/lib/pkgconfig/nss.pc
+sed -i "s#\${libdir}#${SRC}/nss-3.75/dist/Debug/lib#g" $PREFIX/lib/pkgconfig/nss.pc
+sed -i "s#\${includedir}#${SRC}/nss-3.75/dist/public/nss#g" $PREFIX/lib/pkgconfig/nss.pc
+sed -i "s#%NSS_VERSION%#3.75#g" $PREFIX/lib/pkgconfig/nss.pc
+cp dist/Debug/lib/pkgconfig/nspr.pc $PREFIX/lib/pkgconfig/
+
+pushd $SRC/freetype
 ./autogen.sh
 ./configure --prefix="$PREFIX" --disable-shared PKG_CONFIG_PATH="$PKG_CONFIG_PATH"
 make -j$(nproc)
@@ -153,7 +185,6 @@ cmake .. \
   -DENABLE_QT5=ON \
   -DENABLE_UTILS=OFF \
   -DWITH_Cairo=$POPPLER_ENABLE_GLIB \
-  -DWITH_NSS3=OFF \
   -DCMAKE_INSTALL_PREFIX=$PREFIX
 
 export PKG_CONFIG="`which pkg-config` --static"
@@ -169,6 +200,10 @@ if [ "$SANITIZER" != "memory" ]; then
 fi
 BUILD_CFLAGS="$CFLAGS `pkg-config --static --cflags $DEPS`"
 BUILD_LDFLAGS="-Wl,-static `pkg-config --static --libs $DEPS`"
+# static linking is hard ^_^
+NSS_STATIC_LIBS=`ls $SRC/nss-3.75/dist/Debug/lib/lib*.a`
+NSS_STATIC_LIBS="$NSS_STATIC_LIBS $NSS_STATIC_LIBS $NSS_STATIC_LIBS"
+BUILD_LDFLAGS="$BUILD_LDFLAGS $NSS_STATIC_LIBS"
 
 fuzzers=$(find $SRC/poppler/cpp/tests/fuzzing/ -name "*_fuzzer.cc")
 
@@ -191,6 +226,7 @@ if [ "$SANITIZER" != "memory" ]; then
     DEPS="gmodule-2.0 glib-2.0 gio-2.0 gobject-2.0 freetype2 lcms2 libopenjp2 cairo cairo-gobject pango fontconfig libpng"
     BUILD_CFLAGS="$CFLAGS `pkg-config --static --cflags $DEPS`"
     BUILD_LDFLAGS="-Wl,-static `pkg-config --static --libs $DEPS`"
+    BUILD_LDFLAGS="$BUILD_LDFLAGS $NSS_STATIC_LIBS"
 
     fuzzers=$(find $SRC/poppler/glib/tests/fuzzing/ -name "*_fuzzer.cc")
     for f in $fuzzers; do
@@ -216,6 +252,7 @@ if [ "$SANITIZER" != "memory" ]; then
 fi
 BUILD_CFLAGS="$CFLAGS `pkg-config --static --cflags $DEPS`"
 BUILD_LDFLAGS="-Wl,-static `pkg-config --static --libs $DEPS`"
+BUILD_LDFLAGS="$BUILD_LDFLAGS $NSS_STATIC_LIBS"
 
 fuzzers=$(find $SRC/poppler/qt5/tests/fuzzing/ -name "*_fuzzer.cc")
 for f in $fuzzers; do