Merge m-c to inbound.

2024-09-13 09:24:08 -07:00 · 2013-03-12 22:50:21 -04:00 · 2013-03-12 22:50:21 -04:00 · 1da02fd55a
commit 1da02fd55a
parent f11783b460 496c0fca18
18 changed files with 114 additions and 51 deletions
--- a/build/valgrind/x86_64-redhat-linux-gnu.sup
+++ b/build/valgrind/x86_64-redhat-linux-gnu.sup
@ -49,3 +49,12 @@
   obj:/lib64/libgobject-2.0.so.0.2200.5
   ...
 }
+{
+   Bug 850134
+   Memcheck:Leak
+   fun:realloc
+   fun:_ZN2js6VectorImLm0ENS_15TempAllocPolicyEE13growStorageByEm
+   fun:_ZN2js8SCOutput5writeEm
+   fun:_ZN2js8SCOutput9writePairEjj
+   ...
+}
--- a/configure.in
+++ b/configure.in
@ -3959,7 +3959,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
    _USE_SYSTEM_NSS=1 )

 if test -n "$_USE_SYSTEM_NSS"; then
-    AM_PATH_NSS(3.14.2, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+    AM_PATH_NSS(3.14.3, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
 fi

 if test -n "$MOZ_NATIVE_NSS"; then
--- a/dbm/include/moz.build
+++ b/dbm/include/moz.build
@ -1,5 +0,0 @@
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
--- a/dbm/moz.build
+++ b/dbm/moz.build
@ -1,5 +0,0 @@
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
--- a/dbm/src/moz.build
+++ b/dbm/src/moz.build
@ -1,5 +0,0 @@
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
--- a/dbm/tests/moz.build
+++ b/dbm/tests/moz.build
@ -1,5 +0,0 @@
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
--- a/security/coreconf/coreconf.dep
+++ b/security/coreconf/coreconf.dep
@ -10,3 +10,4 @@
 */

 #error "Do not include this header file."
+
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@ -1 +1 @@
-NSS_3_14_3_BETA1
+NSS_3_14_3_RTM
--- a/security/nss/TAG-INFO-CKBI
+++ b/security/nss/TAG-INFO-CKBI
@ -1 +1 @@
-NSS_3_14_3_BETA1
+NSS_3_14_3_RTM
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@ -313,7 +313,7 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
 		PRUint32 trailerLen = PL_strlen(trailer);
 		SECITEM_AllocItem(NULL, result,
 				  headerLen + obufLen + trailerLen);
-		if (!result->data) {
+		if (result->data) {
 		    PORT_Memcpy(result->data, header, headerLen);
 		    PORT_Memcpy(result->data + headerLen, obuf, obufLen);
 		    PORT_Memcpy(result->data + headerLen + obufLen,
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@ -4,7 +4,7 @@
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: blapi.h,v 1.50 2013/02/05 18:10:42 wtc%google.com Exp $ */
+/* $Id: blapi.h,v 1.51 2013/02/14 21:20:46 wtc%google.com Exp $ */

 #ifndef _BLAPI_H_
 #define _BLAPI_H_
@ -875,8 +875,8 @@ extern void MD5_End(MD5Context *cx, unsigned char *digest,
 		    unsigned int *digestLen, unsigned int maxDigestLen);

 /*
-** Export the raw state of the MD5 hash without appending the standard padding
-** and length bytes. Produce the digested results in "digest"
+** Export the current state of the MD5 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
 **	"cx" the context
 **	"digest" where the 16 bytes of digest data are stored
 **	"digestLen" where the digest length (16) is stored (optional)
@ -1044,9 +1044,9 @@ extern void SHA1_End(SHA1Context *cx, unsigned char *digest,

 /*
 ** Export the current state of the SHA-1 hash without appending the standard
-** padding and length. Produce the digested results in "digest"
+** padding and length bytes. Produce the digested results in "digest"
 **	"cx" the context
-**	"digest" where the 16 bytes of digest data are stored
+**	"digest" where the 20 bytes of digest data are stored
 **	"digestLen" where the digest length (20) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
@ -1092,6 +1092,15 @@ extern void SHA224_Update(SHA224Context *cx, const unsigned char *input,
 			unsigned int inputLen);
 extern void SHA224_End(SHA224Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
+/*
+** Export the current state of the SHA-224 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 28 bytes of digest data are stored
+**	"digestLen" where the digest length (28) is stored (optional)
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
 extern void SHA224_EndRaw(SHA224Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
@ -1112,6 +1121,15 @@ extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
 			unsigned int inputLen);
 extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
+/*
+** Export the current state of the SHA-256 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 32 bytes of digest data are stored
+**	"digestLen" where the digest length (32) is stored (optional)
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
 extern void SHA256_EndRaw(SHA256Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
@ -1130,6 +1148,15 @@ extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit);
 extern void SHA512_Begin(SHA512Context *cx);
 extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
 			unsigned int inputLen);
+/*
+** Export the current state of the SHA-512 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 64 bytes of digest data are stored
+**	"digestLen" where the digest length (64) is stored (optional)
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
 extern void SHA512_EndRaw(SHA512Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
@ -1152,6 +1179,15 @@ extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
 			unsigned int inputLen);
 extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
+/*
+** Export the current state of the SHA-384 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 48 bytes of digest data are stored
+**	"digestLen" where the digest length (48) is stored (optional)
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
 extern void SHA384_EndRaw(SHA384Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
--- a/security/nss/lib/freebl/hmacct.h
+++ b/security/nss/lib/freebl/hmacct.h
@ -2,8 +2,8 @@
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

-#ifndef _ALGHMACCT_H_
-#define _ALGHMACCT_H_
+#ifndef _HMACCT_H_
+#define _HMACCT_H_

 SEC_BEGIN_PROTOS

--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@ -4,7 +4,7 @@
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: nss.h,v 1.103 2013/01/31 22:59:44 kaie%kuix.de Exp $ */
+/* $Id: nss.h,v 1.104 2013/02/14 19:16:13 kaie%kuix.de Exp $ */

 #ifndef __nss_h_
 #define __nss_h_
@ -34,12 +34,12 @@
 * The format of the version string should be
 *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
 */
-#define NSS_VERSION  "3.14.3.0" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
+#define NSS_VERSION  "3.14.3.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   14
 #define NSS_VPATCH   3
 #define NSS_VBUILD   0
-#define NSS_BETA     PR_TRUE
+#define NSS_BETA     PR_FALSE

 #ifndef RC_INVOKED

--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@ -25,11 +25,11 @@
 * The format of the version string should be
 *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
 */
-#define SOFTOKEN_VERSION  "3.14.3.0" SOFTOKEN_ECC_STRING " Beta"
+#define SOFTOKEN_VERSION  "3.14.3.0" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR   3
 #define SOFTOKEN_VMINOR   14
 #define SOFTOKEN_VPATCH   3
 #define SOFTOKEN_VBUILD   0
-#define SOFTOKEN_BETA     PR_TRUE
+#define SOFTOKEN_BETA     PR_FALSE

 #endif /* _SOFTKVER_H_ */
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@ -19,12 +19,12 @@
 * The format of the version string should be
 *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
 */
-#define NSSUTIL_VERSION  "3.14.3.0 Beta"
+#define NSSUTIL_VERSION  "3.14.3.0"
 #define NSSUTIL_VMAJOR   3
 #define NSSUTIL_VMINOR   14
 #define NSSUTIL_VPATCH   3
 #define NSSUTIL_VBUILD   0
-#define NSSUTIL_BETA     PR_TRUE
+#define NSSUTIL_BETA     PR_FALSE

 SEC_BEGIN_PROTOS

--- a/security/nss/lib/util/pkcs11n.h
+++ b/security/nss/lib/util/pkcs11n.h
@ -6,7 +6,7 @@
 #define _PKCS11N_H_

 #ifdef DEBUG
-static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.31 $ $Date: 2013/02/07 01:29:19 $";
+static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.32 $ $Date: 2013/02/12 22:33:53 $";
 #endif /* DEBUG */

 /*
@ -195,6 +195,20 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.31 $
 #define CKM_NSS_JPAKE_FINAL_SHA384  (CKM_NSS + 17)
 #define CKM_NSS_JPAKE_FINAL_SHA512  (CKM_NSS + 18)

+/* Constant-time MAC mechanisms:
+ *
+ * These operations verify a padded, MAC-then-encrypt block of data in
+ * constant-time. Because of the order of operations, the padding bytes are not
+ * protected by the MAC. However, disclosing the value of the padding bytes
+ * gives an attacker the ability to decrypt ciphertexts. Such disclosure can be
+ * as subtle as taking slightly less time to perform the MAC when the padding
+ * is one byte longer. See https://www.isg.rhul.ac.uk/tls/
+ *
+ * CKM_NSS_HMAC_CONSTANT_TIME: performs an HMAC authentication.
+ * CKM_NSS_SSL3_MAC_CONSTANT_TIME: performs an authentication with SSLv3 MAC.
+ *
+ * Parameter type: CK_NSS_MAC_CONSTANT_TIME_PARAMS
+ */
 #define CKM_NSS_HMAC_CONSTANT_TIME      (CKM_NSS + 19)
 #define CKM_NSS_SSL3_MAC_CONSTANT_TIME  (CKM_NSS + 20)

@ -243,7 +257,15 @@ typedef struct CK_NSS_JPAKEFinalParams {
    CK_NSS_JPAKEPublicValue B; /* in */
 } CK_NSS_JPAKEFinalParams;

-/* NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and
+/* macAlg: the MAC algorithm to use. This determines the hash function used in
+ *     the HMAC/SSLv3 MAC calculations.
+ * ulBodyTotalLen: the total length of the data, including padding bytes and
+ *     padding length.
+ * pHeader: points to a block of data that contains additional data to
+ *     authenticate. For TLS this includes the sequence number etc. For SSLv3,
+ *     this also includes the initial padding bytes.
+ *
+ * NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and
 * CKM_NSS_SSL3_MAC_CONSTANT_TIME requires that the sum of ulBodyTotalLen
 * and ulHeaderLen be much smaller than 2^32 / 8 bytes because it uses an
 * unsigned int variable to represent the length in bits. This should not
--- a/security/nss/tests/pkcs11/netscape/trivial/moz.build
+++ b/security/nss/tests/pkcs11/netscape/trivial/moz.build
@ -1,5 +0,0 @@
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
--- a/testing/mozbase/generate_diff.py
+++ b/testing/mozbase/generate_diff.py
@ -86,6 +86,7 @@ def checkout(git_dir, tag):
                               cwd=git_dir)
    process.communicate()

+
 ### hg functions

 def untracked_files(hg_dir):
@ -153,6 +154,18 @@ def setup(**kwargs):
    assert current_package
    current_package_info[current_package] = kwargs

+def checkout_tag(src, directory, version):
+    """
+    front end to checkout + version_tag;
+    if version is None, checkout HEAD
+    """
+
+    if version is None:
+        tag = 'HEAD'
+    else:
+        tag = version_tag(directory, version)
+    checkout(src, tag)
+
 def check_consistency(*package_info):
    """checks consistency between a set of packages"""

@ -213,6 +226,8 @@ def main(args=sys.argv[1:]):
                                   formatter=PlainDescriptionFormatter())
    parser.add_option('-o', '--output', dest='output',
                      help="specify the output file; otherwise will be in the current directory with a name based on the hash")
+    parser.add_option('--develop', dest='develop',
+                      help="use development (HEAD) version of packages")
    parser.add_option('--packages', dest='output_packages',
                      default=False, action='store_true',
                      help="generate packages.txt and exit")
@ -277,10 +292,17 @@ def main(args=sys.argv[1:]):

        # ensure all directories and tags are available
        for index, (directory, version) in enumerate(versions):
+
+            setup_py = os.path.join(src, directory, 'setup.py')
+            assert os.path.exists(setup_py), "'%s' not found" % setup_py
+
            if not version:
+
+                if options.develop:
+                    # use HEAD of package; keep version=None
+                    continue
+
                # choose maximum version from setup.py
-                setup_py = os.path.join(src, directory, 'setup.py')
-                assert os.path.exists(setup_py), "'%s' not found" % setup_py
                with file(setup_py) as f:
                    for line in f.readlines():
                        line = line.strip()
@ -305,8 +327,7 @@ def main(args=sys.argv[1:]):
            for directory, version in versions:

                # checkout appropriate revision of mozbase
-                tag = version_tag(directory, version)
-                checkout(src, tag)
+                checkout_tag(src, directory, version)

                # update the package information
                setup_py = os.path.join(src, directory, 'setup.py')
@ -324,8 +345,7 @@ def main(args=sys.argv[1:]):
        for directory, version in versions:

            # checkout appropriate revision of mozbase
-            tag = version_tag(directory, version)
-            checkout(src, tag)
+            checkout_tag(src, directory, version)

            # replace the directory
            remove(os.path.join(here, directory))