diff --git a/build/valgrind/x86_64-redhat-linux-gnu.sup b/build/valgrind/x86_64-redhat-linux-gnu.sup index 3bf13316fbf8..13e72cee158c 100644 --- a/build/valgrind/x86_64-redhat-linux-gnu.sup +++ b/build/valgrind/x86_64-redhat-linux-gnu.sup @@ -49,3 +49,12 @@ obj:/lib64/libgobject-2.0.so.0.2200.5 ... } +{ + Bug 850134 + Memcheck:Leak + fun:realloc + fun:_ZN2js6VectorImLm0ENS_15TempAllocPolicyEE13growStorageByEm + fun:_ZN2js8SCOutput5writeEm + fun:_ZN2js8SCOutput9writePairEjj + ... +} diff --git a/configure.in b/configure.in index c093ef05cacc..9f436f16870c 100644 --- a/configure.in +++ b/configure.in @@ -3959,7 +3959,7 @@ MOZ_ARG_WITH_BOOL(system-nss, _USE_SYSTEM_NSS=1 ) if test -n "$_USE_SYSTEM_NSS"; then - AM_PATH_NSS(3.14.2, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])]) + AM_PATH_NSS(3.14.3, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])]) fi if test -n "$MOZ_NATIVE_NSS"; then diff --git a/dbm/include/moz.build b/dbm/include/moz.build deleted file mode 100644 index 58ce5e273390..000000000000 --- a/dbm/include/moz.build +++ /dev/null @@ -1,5 +0,0 @@ -# vim: set filetype=python: -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - diff --git a/dbm/moz.build b/dbm/moz.build deleted file mode 100644 index 58ce5e273390..000000000000 --- a/dbm/moz.build +++ /dev/null @@ -1,5 +0,0 @@ -# vim: set filetype=python: -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - diff --git a/dbm/src/moz.build b/dbm/src/moz.build deleted file mode 100644 index 58ce5e273390..000000000000 --- a/dbm/src/moz.build +++ /dev/null @@ -1,5 +0,0 @@ -# vim: set filetype=python: -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - diff --git a/dbm/tests/moz.build b/dbm/tests/moz.build deleted file mode 100644 index 58ce5e273390..000000000000 --- a/dbm/tests/moz.build +++ /dev/null @@ -1,5 +0,0 @@ -# vim: set filetype=python: -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - diff --git a/security/coreconf/coreconf.dep b/security/coreconf/coreconf.dep index 5182f75552c8..590d1bfaeee3 100644 --- a/security/coreconf/coreconf.dep +++ b/security/coreconf/coreconf.dep @@ -10,3 +10,4 @@ */ #error "Do not include this header file." + diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO index c1f02756231e..bcf4dd771b86 100644 --- a/security/nss/TAG-INFO +++ b/security/nss/TAG-INFO @@ -1 +1 @@ -NSS_3_14_3_BETA1 +NSS_3_14_3_RTM diff --git a/security/nss/TAG-INFO-CKBI b/security/nss/TAG-INFO-CKBI index c1f02756231e..bcf4dd771b86 100644 --- a/security/nss/TAG-INFO-CKBI +++ b/security/nss/TAG-INFO-CKBI @@ -1 +1 @@ -NSS_3_14_3_BETA1 +NSS_3_14_3_RTM diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index f8f28ee24773..a3358ab3ee26 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -313,7 +313,7 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, PRUint32 trailerLen = PL_strlen(trailer); SECITEM_AllocItem(NULL, result, headerLen + obufLen + trailerLen); - if (!result->data) { + if (result->data) { PORT_Memcpy(result->data, header, headerLen); PORT_Memcpy(result->data + headerLen, obuf, obufLen); PORT_Memcpy(result->data + headerLen + obufLen, diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h index 44b4c63956f3..b94edfc62390 100644 --- a/security/nss/lib/freebl/blapi.h +++ b/security/nss/lib/freebl/blapi.h @@ -4,7 +4,7 @@ * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: blapi.h,v 1.50 2013/02/05 18:10:42 wtc%google.com Exp $ */ +/* $Id: blapi.h,v 1.51 2013/02/14 21:20:46 wtc%google.com Exp $ */ #ifndef _BLAPI_H_ #define _BLAPI_H_ @@ -875,8 +875,8 @@ extern void MD5_End(MD5Context *cx, unsigned char *digest, unsigned int *digestLen, unsigned int maxDigestLen); /* -** Export the raw state of the MD5 hash without appending the standard padding -** and length bytes. Produce the digested results in "digest" +** Export the current state of the MD5 hash without appending the standard +** padding and length bytes. Produce the digested results in "digest" ** "cx" the context ** "digest" where the 16 bytes of digest data are stored ** "digestLen" where the digest length (16) is stored (optional) @@ -1044,9 +1044,9 @@ extern void SHA1_End(SHA1Context *cx, unsigned char *digest, /* ** Export the current state of the SHA-1 hash without appending the standard -** padding and length. Produce the digested results in "digest" +** padding and length bytes. Produce the digested results in "digest" ** "cx" the context -** "digest" where the 16 bytes of digest data are stored +** "digest" where the 20 bytes of digest data are stored ** "digestLen" where the digest length (20) is stored (optional) ** "maxDigestLen" the maximum amount of data that can ever be ** stored in "digest" @@ -1092,6 +1092,15 @@ extern void SHA224_Update(SHA224Context *cx, const unsigned char *input, unsigned int inputLen); extern void SHA224_End(SHA224Context *cx, unsigned char *digest, unsigned int *digestLen, unsigned int maxDigestLen); +/* +** Export the current state of the SHA-224 hash without appending the standard +** padding and length bytes. Produce the digested results in "digest" +** "cx" the context +** "digest" where the 28 bytes of digest data are stored +** "digestLen" where the digest length (28) is stored (optional) +** "maxDigestLen" the maximum amount of data that can ever be +** stored in "digest" +*/ extern void SHA224_EndRaw(SHA224Context *cx, unsigned char *digest, unsigned int *digestLen, unsigned int maxDigestLen); extern SECStatus SHA224_HashBuf(unsigned char *dest, const unsigned char *src, @@ -1112,6 +1121,15 @@ extern void SHA256_Update(SHA256Context *cx, const unsigned char *input, unsigned int inputLen); extern void SHA256_End(SHA256Context *cx, unsigned char *digest, unsigned int *digestLen, unsigned int maxDigestLen); +/* +** Export the current state of the SHA-256 hash without appending the standard +** padding and length bytes. Produce the digested results in "digest" +** "cx" the context +** "digest" where the 32 bytes of digest data are stored +** "digestLen" where the digest length (32) is stored (optional) +** "maxDigestLen" the maximum amount of data that can ever be +** stored in "digest" +*/ extern void SHA256_EndRaw(SHA256Context *cx, unsigned char *digest, unsigned int *digestLen, unsigned int maxDigestLen); extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src, @@ -1130,6 +1148,15 @@ extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit); extern void SHA512_Begin(SHA512Context *cx); extern void SHA512_Update(SHA512Context *cx, const unsigned char *input, unsigned int inputLen); +/* +** Export the current state of the SHA-512 hash without appending the standard +** padding and length bytes. Produce the digested results in "digest" +** "cx" the context +** "digest" where the 64 bytes of digest data are stored +** "digestLen" where the digest length (64) is stored (optional) +** "maxDigestLen" the maximum amount of data that can ever be +** stored in "digest" +*/ extern void SHA512_EndRaw(SHA512Context *cx, unsigned char *digest, unsigned int *digestLen, unsigned int maxDigestLen); extern void SHA512_End(SHA512Context *cx, unsigned char *digest, @@ -1152,6 +1179,15 @@ extern void SHA384_Update(SHA384Context *cx, const unsigned char *input, unsigned int inputLen); extern void SHA384_End(SHA384Context *cx, unsigned char *digest, unsigned int *digestLen, unsigned int maxDigestLen); +/* +** Export the current state of the SHA-384 hash without appending the standard +** padding and length bytes. Produce the digested results in "digest" +** "cx" the context +** "digest" where the 48 bytes of digest data are stored +** "digestLen" where the digest length (48) is stored (optional) +** "maxDigestLen" the maximum amount of data that can ever be +** stored in "digest" +*/ extern void SHA384_EndRaw(SHA384Context *cx, unsigned char *digest, unsigned int *digestLen, unsigned int maxDigestLen); extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src, diff --git a/security/nss/lib/freebl/hmacct.h b/security/nss/lib/freebl/hmacct.h index 8b0e91c8a26e..a773ea89c735 100644 --- a/security/nss/lib/freebl/hmacct.h +++ b/security/nss/lib/freebl/hmacct.h @@ -2,8 +2,8 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#ifndef _ALGHMACCT_H_ -#define _ALGHMACCT_H_ +#ifndef _HMACCT_H_ +#define _HMACCT_H_ SEC_BEGIN_PROTOS diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 8ab65b918e75..a142e8170a61 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -4,7 +4,7 @@ * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: nss.h,v 1.103 2013/01/31 22:59:44 kaie%kuix.de Exp $ */ +/* $Id: nss.h,v 1.104 2013/02/14 19:16:13 kaie%kuix.de Exp $ */ #ifndef __nss_h_ #define __nss_h_ @@ -34,12 +34,12 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.14.3.0" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta" +#define NSS_VERSION "3.14.3.0" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 #define NSS_VMINOR 14 #define NSS_VPATCH 3 #define NSS_VBUILD 0 -#define NSS_BETA PR_TRUE +#define NSS_BETA PR_FALSE #ifndef RC_INVOKED diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index ce9b764f7e52..6dd1261c7823 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -25,11 +25,11 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.14.3.0" SOFTOKEN_ECC_STRING " Beta" +#define SOFTOKEN_VERSION "3.14.3.0" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 #define SOFTOKEN_VMINOR 14 #define SOFTOKEN_VPATCH 3 #define SOFTOKEN_VBUILD 0 -#define SOFTOKEN_BETA PR_TRUE +#define SOFTOKEN_BETA PR_FALSE #endif /* _SOFTKVER_H_ */ diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index 1fda7c8fde21..500f8baaa1df 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,12 +19,12 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.14.3.0 Beta" +#define NSSUTIL_VERSION "3.14.3.0" #define NSSUTIL_VMAJOR 3 #define NSSUTIL_VMINOR 14 #define NSSUTIL_VPATCH 3 #define NSSUTIL_VBUILD 0 -#define NSSUTIL_BETA PR_TRUE +#define NSSUTIL_BETA PR_FALSE SEC_BEGIN_PROTOS diff --git a/security/nss/lib/util/pkcs11n.h b/security/nss/lib/util/pkcs11n.h index 6e6194602ee0..839d7d7d5fff 100644 --- a/security/nss/lib/util/pkcs11n.h +++ b/security/nss/lib/util/pkcs11n.h @@ -6,7 +6,7 @@ #define _PKCS11N_H_ #ifdef DEBUG -static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.31 $ $Date: 2013/02/07 01:29:19 $"; +static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.32 $ $Date: 2013/02/12 22:33:53 $"; #endif /* DEBUG */ /* @@ -195,6 +195,20 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.31 $ #define CKM_NSS_JPAKE_FINAL_SHA384 (CKM_NSS + 17) #define CKM_NSS_JPAKE_FINAL_SHA512 (CKM_NSS + 18) +/* Constant-time MAC mechanisms: + * + * These operations verify a padded, MAC-then-encrypt block of data in + * constant-time. Because of the order of operations, the padding bytes are not + * protected by the MAC. However, disclosing the value of the padding bytes + * gives an attacker the ability to decrypt ciphertexts. Such disclosure can be + * as subtle as taking slightly less time to perform the MAC when the padding + * is one byte longer. See https://www.isg.rhul.ac.uk/tls/ + * + * CKM_NSS_HMAC_CONSTANT_TIME: performs an HMAC authentication. + * CKM_NSS_SSL3_MAC_CONSTANT_TIME: performs an authentication with SSLv3 MAC. + * + * Parameter type: CK_NSS_MAC_CONSTANT_TIME_PARAMS + */ #define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19) #define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20) @@ -243,7 +257,15 @@ typedef struct CK_NSS_JPAKEFinalParams { CK_NSS_JPAKEPublicValue B; /* in */ } CK_NSS_JPAKEFinalParams; -/* NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and +/* macAlg: the MAC algorithm to use. This determines the hash function used in + * the HMAC/SSLv3 MAC calculations. + * ulBodyTotalLen: the total length of the data, including padding bytes and + * padding length. + * pHeader: points to a block of data that contains additional data to + * authenticate. For TLS this includes the sequence number etc. For SSLv3, + * this also includes the initial padding bytes. + * + * NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and * CKM_NSS_SSL3_MAC_CONSTANT_TIME requires that the sum of ulBodyTotalLen * and ulHeaderLen be much smaller than 2^32 / 8 bytes because it uses an * unsigned int variable to represent the length in bits. This should not diff --git a/security/nss/tests/pkcs11/netscape/trivial/moz.build b/security/nss/tests/pkcs11/netscape/trivial/moz.build deleted file mode 100644 index 58ce5e273390..000000000000 --- a/security/nss/tests/pkcs11/netscape/trivial/moz.build +++ /dev/null @@ -1,5 +0,0 @@ -# vim: set filetype=python: -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - diff --git a/testing/mozbase/generate_diff.py b/testing/mozbase/generate_diff.py index f5a047a407b7..32474c416627 100755 --- a/testing/mozbase/generate_diff.py +++ b/testing/mozbase/generate_diff.py @@ -86,6 +86,7 @@ def checkout(git_dir, tag): cwd=git_dir) process.communicate() + ### hg functions def untracked_files(hg_dir): @@ -153,6 +154,18 @@ def setup(**kwargs): assert current_package current_package_info[current_package] = kwargs +def checkout_tag(src, directory, version): + """ + front end to checkout + version_tag; + if version is None, checkout HEAD + """ + + if version is None: + tag = 'HEAD' + else: + tag = version_tag(directory, version) + checkout(src, tag) + def check_consistency(*package_info): """checks consistency between a set of packages""" @@ -213,6 +226,8 @@ def main(args=sys.argv[1:]): formatter=PlainDescriptionFormatter()) parser.add_option('-o', '--output', dest='output', help="specify the output file; otherwise will be in the current directory with a name based on the hash") + parser.add_option('--develop', dest='develop', + help="use development (HEAD) version of packages") parser.add_option('--packages', dest='output_packages', default=False, action='store_true', help="generate packages.txt and exit") @@ -277,10 +292,17 @@ def main(args=sys.argv[1:]): # ensure all directories and tags are available for index, (directory, version) in enumerate(versions): + + setup_py = os.path.join(src, directory, 'setup.py') + assert os.path.exists(setup_py), "'%s' not found" % setup_py + if not version: + + if options.develop: + # use HEAD of package; keep version=None + continue + # choose maximum version from setup.py - setup_py = os.path.join(src, directory, 'setup.py') - assert os.path.exists(setup_py), "'%s' not found" % setup_py with file(setup_py) as f: for line in f.readlines(): line = line.strip() @@ -305,8 +327,7 @@ def main(args=sys.argv[1:]): for directory, version in versions: # checkout appropriate revision of mozbase - tag = version_tag(directory, version) - checkout(src, tag) + checkout_tag(src, directory, version) # update the package information setup_py = os.path.join(src, directory, 'setup.py') @@ -324,8 +345,7 @@ def main(args=sys.argv[1:]): for directory, version in versions: # checkout appropriate revision of mozbase - tag = version_tag(directory, version) - checkout(src, tag) + checkout_tag(src, directory, version) # replace the directory remove(os.path.join(here, directory))