2019-09-18 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/lib/derprint.c:
Bug 1581024 - Check for pointer wrap in derprint.c. r=jcj
Check for pointer wrap on output-length check in the derdump
utility.
[a3ee4f26b4c1] [tip]
2019-09-18 Giulio Benetti <giulio.benetti@micronovasrl.com>
* lib/freebl/gcm-aarch64.c:
Bug 1580126 - Fix build failure on aarch64_be while building
freebl/gcm r=kjacobs
Build failure is caused by different #ifdef conditions in gcm.c and
gcm-aarch64.c that leads to double declaration of the same gcm_*
functions.
Fix #ifdef condition in gcm-aarch64.c making it the same as the one
in gcm.c.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[fa0d958de0c3]
2019-09-17 Kai Engert <kaie@kuix.de>
* automation/taskcluster/graph/src/extend.js:
Bug 1385039 - Build NSPR tests as part of NSS continuous
integration. r=kjacobs
[cc97f1a93038]
2019-09-17 Landry Breuil <landry@openbsd.org>
* lib/freebl/Makefile:
Bug 1581391 - include gcm-aarch64 on all unices, not only linux
r=kjacobs
[e7b4f293fa4e]
2019-09-17 Martin Thomson <mt@lowentropy.net>
* mach:
Bug 1581041 - Rename mach-commands to mach-completion, r=jcj
This means that we can point our completion at the gecko one.
[bc91272fcbdc]
2019-09-16 Jenine <jenine_c@outlook.com>
* cmd/pk11importtest/pk11importtest.c, lib/softoken/pkcs11.c:
Bug 1558313 - Fix clang warnings in pk11importtest.c and pkcs11.c
r=marcusburghardt
[4569b745f74e]
2019-09-13 Daiki Ueno <dueno@redhat.com>
* lib/certhigh/certvfy.c:
Bug 1542207, fix policy check on signature algorithms, r=rrelyea
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1542207
[ed8a41d16c1c]
2019-09-05 Daiki Ueno <dueno@redhat.com>
* lib/freebl/drbg.c:
Bug 1560329, drbg: perform continuous test on entropy source,
r=rrelyea
Summary: FIPS 140-2 section 4.9.2 requires a conditional self test
to check that consecutive entropy blocks from the system are
different. As neither getentropy() nor /dev/urandom provides that
check on the output, this adds the self test at caller side.
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1560329
[c66dd879d16a]
2019-09-06 Martin Thomson <mt@lowentropy.net>
* automation/taskcluster/graph/src/queue.js:
Bug 1579290 - Disable LSAN during builds, r=ueno
Summary: See the bug description for details.
[f28f3d7b7cf0]
2019-09-13 Kai Engert <kaie@kuix.de>
* Makefile, build.sh, coreconf/nspr.sh, help.txt:
Bug 1385061 - Build NSPR tests with NSS make; Add gyp parameters to
build/run NSPR tests. r=jcj
[8b4a226f7d23]
2019-09-11 Kai Engert <kaie@kuix.de>
* nss.gyp:
Bug 1577359 - Build atob and btoa for Thunderbird. r=jcj
[1fe61aadaf57]
2019-09-10 Marcus Burghardt <mburghardt@mozilla.com>
* cmd/pk12util/pk12util.c:
Bug 1579036 - Define error when trying to export non-existent cert
with pk12util. r=jcj
[65ab97f03c89]
2019-09-04 Martin Thomson <mt@lowentropy.net>
* gtests/mozpkix_gtest/pkixder_input_tests.cpp:
Bug 1578626 - Remove undefined nullptr decrement, r=keeler
Summary: This uses uintptr_t to avoid the worst. It still looks
terrible and might trip static analysis warnings, but the
reinterpret_cast should hide that.
This assumes that sizeof(uintptr_t) == sizeof(void*), so I've added
an assertion so that we'll at least fail the test on those systems.
(We could use GTEST_SKIP instead, but we don't have that in the
version of gtest that we use.)
Reviewers: keeler
Tags: #secure-revision
Bug #: 1578626
[d2485b1c997e]
2019-09-05 Marcus Burghardt <mburghardt@mozilla.com>
* gtests/pk11_gtest/pk11_find_certs_unittest.cc:
Bug 1578751 - Ensure a consistent style for
pk11_find_certs_unittest.cc. r=jcj
Adjusted the style and clang-format after the changes in some var
names.
[e95fee7f59e5]
Differential Revision: https://phabricator.services.mozilla.com/D46246
--HG--
extra : moz-landing-system : lando
We always define it to the same thing, and we're inconsistent in whether
we use `CPP_THROW_NEW` or `throw()`, so we might as well just use the
standard C++ thing and get rid of some baggage.
Differential Revision: https://phabricator.services.mozilla.com/D40425
--HG--
extra : moz-landing-system : lando
Since kernel32.lib is a defaultlib we do not need to explicitly include it
in the OS_LIBS list; the linker will implicitly add it to the end of the list.
In fact, its presence interferes with other explicitly added .lib files that
should take precedence.
Differential Revision: https://phabricator.services.mozilla.com/D41806
--HG--
extra : moz-landing-system : lando
We needed these rules and bits for the QT widget port, but there's no
longer a QT port in the tree, so we might as well remove them.
Differential Revision: https://phabricator.services.mozilla.com/D38886
--HG--
extra : moz-landing-system : lando
When we build mar, there is no reason not to build signmar as well. It
used to be optional because not all platforms were supported, but they
are now.
... except when building the newly added tools/update-packaging,
which builds the mar tool as a standalone thing, and building signmar
as well causes complications.
Differential Revision: https://phabricator.services.mozilla.com/D36992
--HG--
extra : moz-landing-system : lando
When we build mar, there is no reason not to build signmar as well. It
used to be optional because not all platforms were supported, but they
are now.
Differential Revision: https://phabricator.services.mozilla.com/D36992
--HG--
extra : moz-landing-system : lando
We've been relying on frame pointers being indirectly enabled via things
like --enable-profiling for some time, but this doesn't scale because
some things may want frame pointers while wanting --disable-profiling.
So we move MOZ_FRAMEPTR_FLAGS to python configure and add a new option
to decide whether to enable frame pointers or not.
Differential Revision: https://phabricator.services.mozilla.com/D34117
--HG--
extra : moz-landing-system : lando
There are ongoing lmdb issues we need to sort out before we can ship
cert_storage (see e.g. bug 1538541 and bug 1550174).
Differential Revision: https://phabricator.services.mozilla.com/D32885
--HG--
extra : moz-landing-system : lando
This also enables using cert_storage for OneCRL, since it and intermediate
preloading both use the same backend.
Differential Revision: https://phabricator.services.mozilla.com/D31345
--HG--
extra : moz-landing-system : lando
The definitions can't be entirely removed yet because NSS still needs them.
Differential Revision: https://phabricator.services.mozilla.com/D23454
--HG--
extra : moz-landing-system : lando
That will make it detected when we bump the MACOSX_DEPLOYMENT_TARGET
to a value >= 10.12.
Differential Revision: https://phabricator.services.mozilla.com/D18310
--HG--
extra : moz-landing-system : lando
Since ./mach bootstrap installs Android SDK into ~/.mozbuild, we should detect
this location as default SDK install path.
Also, --with-android-max-sdk and --with-android-min-sdk are still in android.m4
because confvars.sh sets MOZ_ANDROID_MIN_SDK_VERSION.
Differential Revision: https://phabricator.services.mozilla.com/D15463
--HG--
extra : moz-landing-system : lando
Those tests rely on the build not being a cross-compile, which is fine
most of the time, but more importantly, rely on the fact that the
version of sqlite that Firefox is being built against is the same as the
one it will be running against, which is not likely to be true.
So, all in all, it's better to do the checks at runtime.
And while they could be restricted to when building against system
sqlite, we still run them for in-tree sqlite, to ensure that we actually
built it with the expected options.
Differential Revision: https://phabricator.services.mozilla.com/D18057
--HG--
extra : moz-landing-system : lando
It relies on AC_TRY_RUN, which doesn't work on cross-compiles. What this
means is that the feature has been disabled on mac builds on automation
ever since we switched to cross-compiles. It's still enabled on local
mac builds because the test runs there, and returns "yes". It also means
it's disabled on Android, where it probably works (at least debug tests
on try don't complain).
It also doesn't currently run on Windows because it's in a skipped
section on Windows, but if moved out of that section, the test returns
"no".
So, we remove any configure test for the feature, in favor of
preprocessor checks in nsTraceRefcnt.cpp.
Depends on D18055
Differential Revision: https://phabricator.services.mozilla.com/D18056
--HG--
extra : moz-landing-system : lando
Autoconf 2.13 documentation says: "If the memcmp function is not
available, or does not work on 8-bit data (like the one on SunOS 4.1.3),
add `memcmp.o' to output variable LIBOBJS."
The documentation of more recent versions of autoconf also mention NeXT
x86 OpenStep, and say "This macro is obsolescent, as current systems
have a working memcmp. New programs need not use this macro."
We're also not using LIBOBJS, so, even if somehow some machine had the
test detect something weird going on, the result of the test wouldn't
have an effect on the build anyways.
Apart from that, it's also one of the few tests that relies on actually
running a compiled binary during configure, which requires some
autoconf-specific definition of cross-compilation (where --target=i686
--host=x86_64 is not cross-compilation), and we're better off getting
rid of such tests completely.
Depends on D18054
Differential Revision: https://phabricator.services.mozilla.com/D18055
--HG--
extra : moz-landing-system : lando
While not related, it turns out this test was opted in by ourselves,
while it's practically useless. Recent autoconf documentation says it's
obsolescent, and even autoconf 2.13 documentation said with "recent
versions of the GNU C compiler", the issue it's detecting "is becoming
a less prevalent problem". Recent as of 20 years ago.
Differential Revision: https://phabricator.services.mozilla.com/D18054
--HG--
extra : moz-landing-system : lando
We currently rely on WIN_DIA_SDK_BIN_DIR being passed, but we can
actually derive it from the DIA SDK directory. So we now do that, except
when it's given explicitly.
While in the vicinity, move the dia2.h check to python configure.
With WIN_DIA_SDK_BIN_DIR being derived and not set when dia2.h is not
found, we don't really need MSVC_HAS_DIA_SDK anymore, so we just check
for WIN_DIA_SDK_BIN_DIR to determine whether to build dump_syms or not.
One exception to the above is when WIN_DIA_SDK_BIN_DIR is passed in,
which we only keep for the in-tree mozconfigs for now. We'll remove that
possibility after bug 1523201.
Depends on D17892
Differential Revision: https://phabricator.services.mozilla.com/D17893
--HG--
extra : moz-landing-system : lando
which, at this point, is only the AC_SUBST, so we don't even need to
give it to old-configure anymore.
Depends on D17207
Differential Revision: https://phabricator.services.mozilla.com/D17208
--HG--
extra : moz-landing-system : lando
The only use in configure itself is for a MSVC version check that is now
always true (we don't accept versions < 19.15 anymore).
The only uses in the build system are in code that could just use
CC_TYPE instead.
Differential Revision: https://phabricator.services.mozilla.com/D17207
--HG--
extra : moz-landing-system : lando
which, at this point, is only the AC_SUBST, so we don't even need to
give it to old-configure anymore.
Depends on D17207
Differential Revision: https://phabricator.services.mozilla.com/D17208
--HG--
extra : moz-landing-system : lando
The only use in configure itself is for a MSVC version check that is now
always true (we don't accept versions < 19.15 anymore).
The only uses in the build system are in code that could just use
CC_TYPE instead.
Differential Revision: https://phabricator.services.mozilla.com/D17207
--HG--
extra : moz-landing-system : lando
Because old-configure is only refreshed when, essentially,
old-configure.in changes, hardcoded (absolute) paths don't necessarily
match the build environment of the current build.
So instead, use an environment variable that we pass from python
configure when invoking old-configure.
Also do dummy changes to old-configure.in so that old-configure is
refreshed at least once to get the environment-based value.
Differential Revision: https://phabricator.services.mozilla.com/D17077
--HG--
extra : moz-landing-system : lando
Add a dummy change to old-configure.in so that old-configure is
force-refreshed.
Differential Revision: https://phabricator.services.mozilla.com/D16797
--HG--
extra : moz-landing-system : lando
This happens to remove the last use of perl from configure.
Depends on D16621
Differential Revision: https://phabricator.services.mozilla.com/D16622
--HG--
extra : moz-landing-system : lando
Because subconfigure.py is only used for js/src and we're not going to
add any more subconfigures, we can hardcode js/src into the script, and
remove the branches that aren't taken as a consequence.
Depends on D16382
Differential Revision: https://phabricator.services.mozilla.com/D16402
--HG--
extra : moz-landing-system : lando
It was useful to run the prepare phase and the actual subconfigure
separately, but it's not anymore after all the recent simplications.
Depends on D16381
Differential Revision: https://phabricator.services.mozilla.com/D16382
--HG--
extra : moz-landing-system : lando
Because we only ever run one subconfigure, the machinery to execute
several is not useful anymore. Inlining it allows to simplify the code
too, because it doesn't need to be generic anymore. This also removes
the last remaining bits of acwinpaths.m4.
Also remove now unused support for --list in build/subconfigure.py.
Depends on D16380
Differential Revision: https://phabricator.services.mozilla.com/D16381
--HG--
extra : moz-landing-system : lando
This also moves the corresponding ASFLAGS from moz.build to python
configure.
Differential Revision: https://phabricator.services.mozilla.com/D16320
--HG--
extra : moz-landing-system : lando
With `ac_add_options --enable-project=tools/crashreporter` in a
mozconfig, `./mach build` builds minidump_stackwalk, dump_syms
and fileid.
One caveat is that due to limitation in how the build system works
currently, it's cumbersome to keep dump_syms as a host program for
Gecko, and to make it a target program for this project. For now,
keep it as a host program. We're not going to use it on automation,
but it's still convenient to have for quick local builds (I've had
to resort to awful hacks downstream).
Differential Revision: https://phabricator.services.mozilla.com/D16299
--HG--
extra : moz-landing-system : lando
MOZ_D3D_CPU_SUFFIX and MOZ_HAS_WINSDK_WITH_D3D are not used in the
build, and nothing includes d3d10.h except some angle code in a
preprocessed branch that is only taken for a macro we never define,
so we don't move the code corresponding to those. We also simplify the
detection code, which is convoluted now that it doesn't search for
multiple different DLLs.
Differential Revision: https://phabricator.services.mozilla.com/D16295
--HG--
extra : moz-landing-system : lando
It was used to disable libpkix in NSS when NSS was built with its
Makefiles, but it's now built with gyp, and this knob does nothing.
The equivalent is the gyp variable disable_libpkix, which is set in
security/moz.build.
Depends on D16285
Differential Revision: https://phabricator.services.mozilla.com/D16286
--HG--
extra : moz-landing-system : lando
This was useful when old-configure was calling nspr configure, but now
is noop.
Differential Revision: https://phabricator.services.mozilla.com/D16285
--HG--
extra : moz-landing-system : lando
We remove --disable-libjpeg-turbo because that's only useful when Yasm
is too old, and the required version is now almost 8 years old, so we
can reasonably require people to upgrade rather than workaround with a
--disable option.
The valid_yasm_version function can seem overkill, but that's because
future moves of other things to python configure will pile up.
Differential Revision: https://phabricator.services.mozilla.com/D15184
--HG--
extra : moz-landing-system : lando
Now that we're not even building host static libraries, we don't need
variables for the tools used to build them.
Ironically, we weren't even running HOST_RANLIB.
Depends on D15172
Differential Revision: https://phabricator.services.mozilla.com/D15173
--HG--
extra : moz-landing-system : lando
Remove the version check for WINDRES, because, as per bug 454112, it
didn't actually work, and, making it work actually causes problems
because llvm's windres, used with mingw clang, has version 0.1.
Differential Revision: https://phabricator.services.mozilla.com/D15070
--HG--
extra : moz-landing-system : lando
There's only really one place where it's used, and we can "inline" it
there.
Depends on D14947
Differential Revision: https://phabricator.services.mozilla.com/D14948
--HG--
extra : moz-landing-system : lando
It is only used in one place, where it is redundant with VPX_AS_CONVERSION.
Depends on D14945
Differential Revision: https://phabricator.services.mozilla.com/D14946
--HG--
extra : moz-landing-system : lando
It is used nowhere. Also remove the warning when there no assembly for
VPX. Barely anybody notices it, and there's nothing really noteworthy
about it.
Differential Revision: https://phabricator.services.mozilla.com/D14945
--HG--
extra : moz-landing-system : lando
J.C. Jones
Landry Breuil
Nathan Froyd
Tom Ritter
Mike Hommey
Aaron Klotz
rdalal
Makoto Kato
Ryan VanderMeulen
Bogdan Tara
Alvina Waseem
J.C. Jones
Dana Keeler
Matthew Finkel
Mike de Boer
Martin Stransky
Nicholas Nethercote
Andreea Pavel
Alex Gaynor
David Major
Cosmin Sabou
Gabriele Svelto
Jan Henning
Ciure Andrei
shindli
Margareta Eliza Balazs
Jeff Muizelaar
Coroiu Cristina
Narcis Beleuzu
Razvan Maries
Gijs Kruitbosch
Dorel Luca