The current taskqueue is blocked until the current function has finished; Running the event loop would only process events on the running thread.
Additionally, we make mIPCLaunchThread an nsISerialEventTarget to guarantee that at shutdown the tasks are run in order regardless of the IPC Launch Thread type.
Differential Revision: https://phabricator.services.mozilla.com/D81511
This adds the boolean pref security.sandbox.content.headless (on Linux
only) which does two things:
1. Sets the MOZ_HEADLESS env var for content processes, so that they
don't initialize GTK and don't connect to the X server.
2. Disallows brokered access to parts of the filesystem used only for
graphics -- most critically connecting to the X11 socket itself, but
also opening GPU device nodes and the parts of sysfs used by Mesa, for
example.
This is experimental; use at your own risk.
Setting this pref will break native widgets, so it's also necessary to
set widget.disable-native-theme-for-content
Additionally, it breaks Flash and WebGL; see bug 1638466 for the latter.
Differential Revision: https://phabricator.services.mozilla.com/D81425
Now that filesystem broker policy entries that depend on prefs can be
cached in the "common" policy object, let's do this wherever possible.
Should also fix bug 1621231.
Differential Revision: https://phabricator.services.mozilla.com/D81424
When the SandboxBrokerPolicyFactory is constructed, prefs aren't
available, which constrains the cached subset of the content process
policy to entries that don't depend on prefs. Delaying the computation
until a content process is started removes that restriction.
Differential Revision: https://phabricator.services.mozilla.com/D81423
Not strictly necessary, but I noticed this while I was making changes:
AddDynamicPathList can be a simple static function instead of a private
static method, and doesn't need to be in the header.
Differential Revision: https://phabricator.services.mozilla.com/D81422
Fix the content and Flash sandbox policies to use the major and minor number for OS version checks allowing video playback to work properly on macOS 11 Big Sur.
Pass the macOS major and minor version to sandbox policies as a combined string.
Remove unused OSXVersion methods and members and more minor cleanup in Sandbox.mm.
Leave in the checks for unsupported versions (macOS 10.9 - 10.11) for now in case this fix needs to be uplifted.
Differential Revision: https://phabricator.services.mozilla.com/D81385
This just spins the event loop during fast shutdown until all queued
cert_storage tasks have completed. The patch achieves this by simply
adding a counter which will be incremented and decremented on the
main thread via tying into the tasks' `new` and `done` methods. A
slightly more performant solution would use a condvar and sleep the
main thread waiting on pending operations to complete, but given the
low frequency of these occuring during shutdown, such an approach
would be overkill.
Differential Revision: https://phabricator.services.mozilla.com/D80906
Before P1, GetCurrentThreadSerialEventTarget would have always returned the same data as NS_GetCurrentThread, making the comment incorrect Now it will properly return the running TaskQueue if any.
This change of name more clearly exposes what they are doing, as we aren't always dealing with threads directly; but a nsISerialEventTarget
Differential Revision: https://phabricator.services.mozilla.com/D80354
2020-06-22 Kevin Jacobs <kjacobs@mozilla.com>
* lib/util/quickder.c:
Bug 1646520 - Stricter leading-zero checks for ASN.1 INTEGER values.
r=jcj
This patch adjusts QuickDER to strictly enforce INTEGER encoding
with respect to leading zeros:
- If the MSB of the first (value) octet is set, a single zero byte MAY
be present to make the value positive. This singular pad byte is
removed.
- Otherwise, the first octet must not be zero.
[2bd2f3267dc5] [tip]
Differential Revision: https://phabricator.services.mozilla.com/D80543
2020-06-16 Sohaib ul Hassan <sohaibulhassan@tuni.fi>
* lib/freebl/mpi/mpi.c, lib/freebl/mpi/mpi.h,
lib/freebl/mpi/mplogic.c:
Bug 1631597 - Constant-time GCD and modular inversion
r=rrelyea,kjacobs
The implementation is based on the work by Bernstein and Yang
(https://eprint.iacr.org/2019/266) "Fast constant-time gcd
computation and modular inversion". It fixes the old mp_gcd and
s_mp_invmod_odd_m functions.
The patch also fix mpl_significant_bits s_mp_div_2d and s_mp_mul_2d
by having less control flow to reduce side-channel leaks.
Co Author : Billy Bob Brumley
[699541a7793b] [tip]
Differential Revision: https://phabricator.services.mozilla.com/D80120
I think at this point we can remove all of RemoteWebProgressManager, some/all of the TabProgressListener recreations, and probably a bunch more.
Differential Revision: https://phabricator.services.mozilla.com/D79240
I think at this point we can remove all of RemoteWebProgressManager, some/all of the TabProgressListener recreations, and probably a bunch more.
Differential Revision: https://phabricator.services.mozilla.com/D79240
I think at this point we can remove all of RemoteWebProgressManager, some/all of the TabProgressListener recreations, and probably a bunch more.
Differential Revision: https://phabricator.services.mozilla.com/D79240
This commit does:
- Sync files under security/sandbox/chromium/ with Chromium 81.0.4044.138
- Update files under security/sandbox/chromium-shim/
- Apply patches under security/sandbox/chromium-shim/patches/with_update/
- Apply a workaround for Clang's bug to compile filesystem_interception.cc
- Add mozilla::AddWin32kLockdownPolicy to apply MITIGATION_WIN32K_DISABLE before SUBSYS_WIN32K_LOCKDOWN
Depends on D79558
Differential Revision: https://phabricator.services.mozilla.com/D79560
This commit updates files under security/sandbox/chromium-shim/patches/
to prepare our codebase for Chromium sandbox update. See patch files for
the details of each patch.
This also removes the following patches from with_update no longer needed.
1) update_chromium_linux_x86_syscalls.patch is included in
b4f3df4e77
2) ifdef_out_ApplyMitigationsToCurrentThread.patch cannot be used because
we use ApplyMitigationsToCurrentThread since the following commit.
4bed2eb502
3) mingw_base_win_get_caller.patch is included in
d8b73eb8f0
4) fix_incorrect_int_use_in_Kernel32BaseVersion.patch is fixed by
https://hg.mozilla.org/mozilla-central/rev/dc9d71fb3bac807a37dbfba35d609ac4ffff1980
5) revert_removal_of_AlterEnvironment_on_Windows.patch is altered by adding
environment_internal.h/cc as a different commit.
6) mingw_undefine_MemoryBarrier.patch is no longer needed as
base::subtle::MemoryBarrier was removed by
bdbaaf4e7e
7) public_siginfo_fields.patch is included in
6bd491daaf
Differential Revision: https://phabricator.services.mozilla.com/D79558
2020-06-12 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/lib/secutil.c:
Bug 1645479 - Use SECITEM_CopyItem instead of SECITEM_MakeItem in
secutil.c. r=jcj
This patch converts a call to `SECITEM_MakeItem` to use
`SECITEM_CopyItem` instead. Using the former works fine in NSS CI,
but causes build failures in mozilla-central due to differences in
how both symbols are exported (i.e. when folding nssutil into nss).
[cbf75aedf480] [tip]
2020-06-11 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/ssl_resumption_unittest.cc:
Bug 1644774 - Use ClearServerCache instead of
SSLInt_ClearSelfEncryptKey for ticket invalidation. r=mt
[7b2413d80ce3]
2020-06-10 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/lib/basicutil.c, cmd/lib/secutil.c, cmd/lib/secutil.h,
cmd/selfserv/selfserv.c, cmd/tstclnt/tstclnt.c, lib/ssl/tls13psk.c:
Bug 1603042 - Support external PSKs in tstclnt/selfserv. r=jcj
This patch adds support for TLS 1.3 external PSKs in tstclnt and
selfserv with the `-z` option.
Command examples:
- `selfserv -D -p 4443 -d . -n localhost.localdomain -w nss -V tls1.3:
-H 1 -z 0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD[:label] -m`
- `tstclnt -h 127.0.0.1 -p 4443 -z
0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD[:label] -d . -w nss`
For OpenSSL interop:
- `openssl s_server -nocert -port 4433 -psk
AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD [-psk_identity label]`
Note: If the optional label is omitted, both NSS tools and OpenSSL
default to "Client_identity".
[c1b1112af415]
2020-06-09 Kevin Jacobs <kjacobs@mozilla.com>
* lib/ssl/tls13con.c:
Bug 1642638 - Don't assert sid ciphersuite to be defined in fuzzer
mode. r=mt
[238bd7912429]
2020-06-08 Kevin Jacobs <kjacobs@mozilla.com>
* lib/freebl/freebl.gyp, lib/freebl/freebl_base.gypi:
Bug 1642802 - Win64 GYP builds to use HACL* curve25519.
r=bbeurdouche
This patch causes Windows 64-bit GYP builds to use HACL* curve25519
rather than the 32-bit (fiat-crypto) implementation.
For non-clang/GCC Win64 builds, we define `KRML_VERIFIED_UINT128` to
workaround an upstream bug that breaks Win32 builds by selecting a
64-bit `__int128` implementation (in types.h).
For clang/GCC builds, using the compiler-provided type yields a ~5x
speedup on Win64.
[566fa62d6522]
2020-06-05 Jeff Walden <jwalden@mit.edu>
* lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11kea.c,
lib/pk11wrap/pk11merge.c, lib/pk11wrap/pk11nobj.c,
lib/pk11wrap/pk11obj.c, lib/pk11wrap/pk11skey.c,
lib/pk11wrap/secmodi.h:
Bug 1643557 - Make pk11_FindObjectByTemplate accept a size_t count
rather than a signed type to avoid internal signed-unsigned
comparison warnings. r=kjacobs
Depends on D78454
[5ee293d1a282]
* lib/pk11wrap/pk11skey.c:
Bug 1643557 - Make PK11_SetWrapKey explicitly handle being passed a
negative wrap argument, to avoid a signed-unsigned comparison.
r=kjacobs
Depends on D78453
[7bb3677a2ed0]
* lib/pk11wrap/pk11akey.c, lib/pk11wrap/pk11cert.c,
lib/pk11wrap/pk11obj.c, lib/pk11wrap/secmodi.h:
Bug 1643557 - Change the type of the size argument to
pk11_FindObjectsByTemplate to be size_t, consistent with the type of
some (small) numeric values passed to it after the previous
revision. r=kjacobs
Depends on D78452
[eaf223c2646a]
* lib/pk11wrap/pk11slot.c:
Bug 1643557 - Use size_t for various counts in pk11slot.c. r=kjacobs
Depends on D78451
[465a7954ce0a]
* lib/pk11wrap/pk11priv.h, lib/pk11wrap/pk11slot.c:
Bug 1643557 - Make pk11_MatchString accept a size_t length rather
than an int length (consistent with all callers), and reformulate
its internals to avoid a signed-unsigned comparison. r=kjacobs
Depends on D78450
[fff8c883ef7d]
* lib/pk11wrap/pk11skey.c, lib/ssl/sslsnce.c, lib/util/secport.h:
Bug 1643557 - Add PORT_AssertNotReached and use it instead of
PORT_Assert(!"str"), which may warn about vacuous string literal to
boolean conversions. r=kjacobs
Depends on D78449
[c0aa47eb2fdd]
* lib/util/secoid.c:
Bug 1643557 - Use SECOidTag as the type of a loop variable over all
values of that type to avoid a signed-unsigned comparison warning.
r=kjacobs
Depends on D78448
[d7f1e9975e67]
* lib/util/utilpars.c:
Bug 1643557 - Use size_t for a parameter-indexing variable to
eliminate a signed-unsigned comparison warning. r=kjacobs
Depends on D78447
[5d7206908ca7]
* lib/freebl/rsapkcs.c:
Bug 1643557 - Used unsigned int for two for-loops upper-bounded by
unsigned ints in rsa_FormatOneBlock. r=kjacobs
Depends on D78446
[ed9a1a41ca1e]
* lib/pk11wrap/debug_module.c:
Bug 1643557 - Use unsigned int for log level, consistent with
PRLogModuleLevel. r=kjacobs
[7f89fa701ce3]
Differential Revision: https://phabricator.services.mozilla.com/D79566
converts:
* security.sandbox.rdd.win32k-disable
* security.sandbox.gmp.win32k-disable
I'm assuming the pattern established by the other, newer, win32k StaticPrefs can
be followed here, and the xpcom checks aren't needed.
Differential Revision: https://phabricator.services.mozilla.com/D78933
In general, PSM caches intermediates from verified certificate chains in the
NSS certdb. Before bug 1619021, this would include preloaded intermediates,
which is unnecessary because cert_storage has a copy of those certificates, and
so they don't need to take up time and space in the NSS certdb. This patch
introduces the intermediate preloading healer, which periodically runs on a
background thread, looks for these duplicate intermediates, and removes them
from the NSS certdb.
Differential Revision: https://phabricator.services.mozilla.com/D77152
2020-06-01 Kevin Jacobs <kjacobs@mozilla.com>
* coreconf/config.gypi, lib/freebl/Makefile, lib/freebl/blinit.c,
lib/freebl/freebl.gyp, lib/freebl/sha256-armv8.c,
lib/freebl/sha256.h, lib/freebl/sha512.c, mach:
Bug 1528113 - Use ARM's crypto extension for SHA256
[ea54fd986036]
2020-04-08 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/manifest.mn,
gtests/ssl_gtest/ssl_0rtt_unittest.cc,
gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/ssl_gtest.gyp, gtests/ssl_gtest/tls_agent.cc,
gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_connect.cc,
gtests/ssl_gtest/tls_connect.h,
gtests/ssl_gtest/tls_psk_unittest.cc, lib/ssl/manifest.mn,
lib/ssl/ssl.gyp, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c,
lib/ssl/ssl3ext.h, lib/ssl/sslerr.h, lib/ssl/sslexp.h,
lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslsecur.c,
lib/ssl/sslsock.c, lib/ssl/sslt.h, lib/ssl/tls13con.c,
lib/ssl/tls13con.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13psk.c,
lib/ssl/tls13psk.h, lib/ssl/tls13replay.c:
Bug 1603042 - TLS 1.3 out-of-band PSK support
[a448d7919077]
2020-06-01 Makoto Kato <m_kato@ga2.so-net.ne.jp>
* coreconf/config.gypi, lib/freebl/Makefile, lib/freebl/blinit.c,
lib/freebl/freebl.gyp, lib/freebl/sha256-armv8.c,
lib/freebl/sha256.h, lib/freebl/sha512.c:
Bug 1528113 - Use ARM's crypto extension for SHA256 r=kjacobs
ARMv8 CPU has accelerated hardware instruction for SHA256 that
supports GCC 4.9+. We should use it if available.
[61c83f79e90c]
2020-06-02 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/manifest.mn,
gtests/ssl_gtest/ssl_0rtt_unittest.cc,
gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/ssl_gtest.gyp, gtests/ssl_gtest/tls_agent.cc,
gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_connect.cc,
gtests/ssl_gtest/tls_connect.h,
gtests/ssl_gtest/tls_psk_unittest.cc, lib/ssl/manifest.mn,
lib/ssl/ssl.gyp, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c,
lib/ssl/ssl3ext.h, lib/ssl/sslerr.h, lib/ssl/sslexp.h,
lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslsecur.c,
lib/ssl/sslsock.c, lib/ssl/sslt.h, lib/ssl/tls13con.c,
lib/ssl/tls13con.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13psk.c,
lib/ssl/tls13psk.h, lib/ssl/tls13replay.c:
Bug 1603042 - TLS 1.3 out-of-band PSK support r=mt
This patch adds support for External (out-of-band) PSKs in TLS 1.3.
An External PSK (EPSK) can be set by calling `SSL_AddExternalPsk`,
and removed with `SSL_RemoveExternalPsk`. `SSL_AddExternalPsk0Rtt`
can be used to add a PSK while also specifying a suite and
max_early_data_size for use with 0-RTT.
As part of handling PSKs more generically, the patch also changes
how resumption PSKs are handled internally, so as to rely on the
same mechanisms where possible.
A socket is currently limited to only one External PSK at a time. If
the server doesn't find the same identity for the configured EPSK,
it will fall back to certificate authentication.
[a2293e897889]
* lib/freebl/mpi/mplogic.c:
cast in LZCNTLOOP
[96e65b2e9531]
* lib/freebl/freebl.gyp:
Use KRML_VERIFIED_UINT128 on MSVC builds
[abd50c862bdb]
2020-06-03 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/ssl_exporter_unittest.cc, lib/ssl/sslinfo.c,
lib/ssl/tls13con.c:
Bug 1643123 - Allow External PSKs to be used with Early Export
[46ef0c025cfc]
2020-06-02 Sylvestre Ledru <sledru@mozilla.com>
* lib/ssl/tls13con.c:
Bug 1642809 - Fix an assert (we need a comparison, not assignment)
r=kjacobs
[d0789cb32d8e]
2020-06-03 Mike Hommey <mh@glandium.org>
* cmd/shlibsign/Makefile:
Bug 1642153 - Avoid infinite recursion when CHECKLOC is not set.
r=jcj
[e955ece90b05]
2020-06-03 Martin Thomson <mt@lowentropy.net>
* gtests/ssl_gtest/ssl_auth_unittest.cc,
gtests/ssl_gtest/ssl_resumption_unittest.cc, lib/ssl/tls13con.c:
Bug 1642871 - Allow tickets and PHA after resumption, r=kjacobs
The first part of this is fairly simple: we accidentally disabled
sending of session tickets after resumption.
The second part is much less obvious, because the spec is unclear.
This change takes the interpretation that it is OK to use post-
handshake authentication if the handshake is resumed, but not OK if
the handshake is based on a PSK. (This is based on a first-
principles understanding of resumption being a continuation of a
certificate-based connection rather than a reading of the spec, see
the bug for why the spec appears to be unhelpful on this point.)
This still prohibits the use of post-handshake authentication if an
external PSK was used, but that is more an abundance of caution than
anything principled.
[e9502f71b7fe]
2020-06-04 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/ssl_exporter_unittest.cc, lib/ssl/sslinfo.c,
lib/ssl/tls13con.c:
Bug 1643123 - Allow External PSKs to be used with Early Export r=mt
This patch adjusts `tls13_exporter` to pull the hash algorithm from
the first PSK when a suite is not configured yet, which allows early
export with external PSKs.
[d211f3013abb]
Differential Revision: https://phabricator.services.mozilla.com/D78578
In general, PSM caches intermediates from verified certificate chains in the
NSS certdb. Before bug 1619021, this would include preloaded intermediates,
which is unnecessary because cert_storage has a copy of those certificates, and
so they don't need to take up time and space in the NSS certdb. This patch
introduces the intermediate preloading healer, which periodically runs on a
background thread, looks for these duplicate intermediates, and removes them
from the NSS certdb.
Differential Revision: https://phabricator.services.mozilla.com/D77152
Content processes allow a restricted subset of F_{GET,SET}{FD,FL} that
prevents setting unknown or known-unsafe flags, which was copied to the
socket process policy; this patch moves it to the common policy and
removes RDD's copy of GMP's override.
The immediate reason for this is DMD using F_GETFL via fdopen to use a
file descriptor passed over IPC, but in general this should be safe and
it's a reasonable thing to expect to be able to use.
Differential Revision: https://phabricator.services.mozilla.com/D77379
2020-05-29 J.C. Jones <jjones@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.53 final
[7e453a5afcb4] [NSS_3_53_RTM] <NSS_3_53_BRANCH>
2020-05-28 Kevin Jacobs <kjacobs@mozilla.com>
* .hgtags:
Added tag NSS_3_53_BETA2 for changeset 8fe22033a88e
[90c954f62c9d]
Differential Revision: https://phabricator.services.mozilla.com/D77555
To implement filtering client certificates by the acceptable CAs list sent by
servers when they request client certificates, we need the CAs that issued the
client certificates. To that end, this change modifies the macOS backend of
the osclientcerts module to also gather issuing CAs while looking for client
certificates. These certificates will not affect trust decisions in gecko.
Differential Revision: https://phabricator.services.mozilla.com/D74985
There's no use case for stateful comparators, so they can be just plain
function pointers.
This is used in some hot places like CSS selector matching.
Differential Revision: https://phabricator.services.mozilla.com/D77084
This is mostly changes to handle retrieving the security state asynchronously via the parent process, needing lots of async/await additions.
It also removes the docshell mixed content flag checks (which don't seem to be used in code, only tests), which are mostly still covered by checks of the security UI.
Differential Revision: https://phabricator.services.mozilla.com/D75448
This removes all docshell nsISecureBrowserUI and mixed content properties, and moves them into CanonicalBrowsingContext/WindowGlobalParent. It makes the mixed content blocker just compute the state for the current load, and then send the results to the parent process, where we update the security state accordingly.
I think we could in the future remove onSecurityChange entirely, and instead just fire an event to the <browser> element notifying it of changes to the queryable securityUI.
Unfortunately we have a lot of existing code that depends on specific ordering between onSecurityChange and onLocationChange, so I had to hook into the RemoteWebProgress implementation in BrowserParent to mimic the same timings.
Differential Revision: https://phabricator.services.mozilla.com/D75447
This is mostly changes to handle retrieving the security state asynchronously via the parent process, needing lots of async/await additions.
It also removes the docshell mixed content flag checks (which don't seem to be used in code, only tests), which are mostly still covered by checks of the security UI.
Differential Revision: https://phabricator.services.mozilla.com/D75448
This removes all docshell nsISecureBrowserUI and mixed content properties, and moves them into CanonicalBrowsingContext/WindowGlobalParent. It makes the mixed content blocker just compute the state for the current load, and then send the results to the parent process, where we update the security state accordingly.
I think we could in the future remove onSecurityChange entirely, and instead just fire an event to the <browser> element notifying it of changes to the queryable securityUI.
Unfortunately we have a lot of existing code that depends on specific ordering between onSecurityChange and onLocationChange, so I had to hook into the RemoteWebProgress implementation in BrowserParent to mimic the same timings.
Differential Revision: https://phabricator.services.mozilla.com/D75447
We have evidence that some sites have disabled ciphersuites with SHA-1-based
MACs due to attacks against SHA-1 (disregarding the fact that these attacks
don't necessarily apply to HMAC-SHA-1) while still relying on RSA key exchange.
Before this patch, PSM did not enable any ciphersuites with RSA key exchange
and non-SHA-1-based MACs. Consequently, Firefox would be unable to connect to
these sites while other browsers would.
This patch enables TLS_RSA_WITH_AES_128_GCM_SHA256 and
TLS_RSA_WITH_AES_256_GCM_SHA384, which are the only two ciphersuites (other
than grease) that Chrome enables that Firefox did not (before this patch).
Differential Revision: https://phabricator.services.mozilla.com/D76543
2020-05-22 J.C. Jones <jjones@mozilla.com>
* lib/freebl/altivec-types.h, lib/freebl/ppc-crypto.h:
Bug 1629414 - Guard USE_PPC_CRYPTO and VSX types with __VSX__ and
__ALTIVEC__ r=kjacobs
This avoids build errors on non-VSX architectures even when not
compiling the POWER accelerated code.
[c7a1c91cd9be] [tip]
2020-05-21 Jeff Walden <jwalden@mit.edu>
* lib/freebl/aes-x86.c:
Bug 1639033 - Use unsigned int for a loop counter to eliminate a
signed-unsigned comparison warning in aes-x86.c. r=kjacobs
Depends on D75847
[e23fe363fa05]
* lib/freebl/ec.c:
Bug 1639033 - Used unsigned int instead of int in a few places in
ec.c to eliminate signed-unsigned comparison warnings. r=kjacobs
Depends on D75846
[0d778b0e778f]
* lib/freebl/cmac.c:
Bug 1639033 - Use unsigned int rather than int for two variables to
eliminate a bunch of signed-unsigned comparison warnings. r=kjacobs
Depends on D75845
[df5c8f6430a0]
* lib/freebl/mpi/mplogic.c, lib/freebl/mpi/mplogic.h:
Bug 1639033 - Use unsigned int for various count variables in
mplogic.c to eliminate signed-unsigned comparison warnings.
r=kjacobs
Depends on D75844
[ce5b8b7e010c]
* lib/freebl/aeskeywrap.c:
Bug 1639033 - Use size_t for loops up to sizeof(T) in aeskeywrap.c
to eliminate some signed-comparison warnings. r=kjacobs
Depends on D75843
[563a7cd7484b]
* lib/softoken/pkcs11i.h, lib/softoken/sftkike.c:
Bug 1639033 - Change +sftk_xcbc_mac_pad's block-size argument to be
unsigned int to avoid sign-comparison warnings. r=kjacobs
Depends on D75842
[a5f80d0805ca]
2020-05-22 Jeff Walden <jwalden@mit.edu>
* lib/jar/jar.c:
Bug 1639033 - Use the jarType enum type, not int, for certain
variables and arguments in jar.c -- for greater precision, and to
avoid sign-comparison warnings. r=kjacobs
Depends on D75841
[e65dd5c2cf86]
2020-05-19 Jeff Walden <jwalden@mit.edu>
* lib/softoken/pkcs11.c, lib/softoken/pkcs11i.h:
Bug 1639033 - Make all |moduleIndex| variables in pkcs11.c be
unsigned, to eliminate a -Wsign-compare warning. r=kjacobs
Depends on D75840
[6512178a58f5]
* cmd/lib/basicutil.c:
Bug 1639033 - Fix signed-unsigned comparison warning in basicutil.c.
r=kjacobs
[98390eef50a1]
2020-05-22 Martin Thomson <mt@lowentropy.net>
* lib/ssl/sslencode.c:
Bug 1640041 - Don't memcpy nothing, r=jcj
Depends on D76421
[8d7c96ab80a7]
* lib/ssl/sslsock.c:
Bug 1640042 - Don't memcpy nothing, r=jcj
[1a634da46b87]
* gtests/ssl_gtest/ssl_0rtt_unittest.cc,
gtests/ssl_gtest/ssl_recordsep_unittest.cc,
gtests/ssl_gtest/tls_connect.cc, lib/ssl/ssl.h, lib/ssl/ssl3gthr.c,
lib/ssl/sslimpl.h, lib/ssl/sslsock.c, lib/ssl/tls13con.c:
Bug 1639413 - Option to disable TLS 1.3 EndOfEarlyData message,
r=kjacobs
This adds the ability to disable EndOfEarlyData.
On the client this is relatively simple, you just turn the message
off.
The server is complicated because the server uses this to drive the
installation of the right keys. Without it, things get very messy.
Thus, I have decided that this is best left to the
SSL_RecordLayerData interface. That needs an ugly hack in order to
let the new data to pass, but the damage is otherwise relatively
minor, apart from one obvious thing.
We never really built the SSL_RecordLayerData API to take
application data. It only did that to support testing of the
functions. Now that we have to deal with this new wrinkle, adding
support for 0-RTT is necessary. This change does that. That requires
a barrage of new checks to see if application data is acceptable.
And then early data is captured in a completely different way, which
adds another layer of awfulness.
Note that this exposes us to the possibility that Certificate or
Finished are received in early data when using SSL_RecordLayerData
and this option. I don't think that fixing that is worthwhile as it
requires tracking the epoch of handshake messages separate to
ss->ssl3.crSpec and the epoch only really exists on that API so that
applications don't accidentally do bad things. In QUIC, we
specifically block handshake messages in early data, so we have
ample protection.
[10325739e149]
Differential Revision: https://phabricator.services.mozilla.com/D76572
This matches how the `Dispatch(already_AddRefed<nsIRunnable>)`
overloads work in C++: `Dispatch` takes ownership of the runnable, and
leaks it if dispatch fails—because the thread manager is shutting down,
for instance. This avoids a race where a runnable can be released on
either the owning or target thread.
Rust doesn't allow arbitrary `Self` types yet (see
rust-lang/rust#44874), so we need to change `dispatch` and
`dispatch_with_options` to be associated methods.
Differential Revision: https://phabricator.services.mozilla.com/D75858
This function ought to be declared by `winapi`, but is not, for whatever
reason. However, its definition is stable enough that we can just
declare it inline rather than invoking bindgen every single build (and
unnecessarily compiling a build script on non-windows platforms) to
discover its definition for us.
Differential Revision: https://phabricator.services.mozilla.com/D76015
2020-05-19 Robert Relyea <rrelyea@redhat.com>
* lib/freebl/dsa.c:
Bug 1631576 - Force a fixed length for DSA exponentiation
r=pereida,bbrumley
[daa823a4a29b] [tip]
2020-05-14 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/freebl/Makefile, lib/freebl/deprecated/seed.c,
lib/freebl/deprecated/seed.h, lib/freebl/freebl.gyp,
lib/freebl/freebl_base.gypi, lib/freebl/seed.c, lib/freebl/seed.h:
Bug 1636389 - Relocate deprecated seed algorithm. r=kjacobs
[d2cfb4ccdf16]
2020-05-14 Jan-Marek Glogowski <glogow@fbihome.de>
* automation/taskcluster/scripts/split.sh, lib/Makefile,
lib/manifest.mn:
Bug 1637083 fix the lib dependencies for the split build
r=jcj,rrelyea
This build can be tested by running NSS_BUILD_MODULAR=1
nss/automation/taskcluster/scripts/build.sh from a directory
containing the nss and nspr repositories.
To make this build's make conditionals easier to handle, it also
merges the manifest.mn into the Makefile, because parts of the
conditionals depends on $(OS_ARCH) setting.
In the end, the goal is just to set the correct build $(DIRS).
This also drops the freebl dependeny of ssl, which seems not to be
needed, even if it's declared in /lib/ssl/ssl.gyp.
[789d7241e1f0]
2020-05-13 Jan-Marek Glogowski <glogow@fbihome.de>
* coreconf/rules.mk, lib/ckfw/builtins/manifest.mn,
lib/ckfw/manifest.mn, manifest.mn:
Bug 1637083 Replace pre-dependency with shell hack r=rrelyea
Originally I tried multiple variants using make's conditionals to
limit DIRS and enforce building the parent directory before the sub-
directory. None of them worked for me, most resulting in an infinite
recursion, so I used the current pre-depends workaround to fulfill
the real dependency.
Now I remembered that automake can handle this case for SUBDIRS
specifying "." as a directory. The generated Makefile handles it via
shell scripting; not nice, but it works.
So this gets rid of the workaround, replacing it with a small shell
test.
[744881490c78]
Differential Revision: https://phabricator.services.mozilla.com/D76050
2020-05-12 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/freebl_gtest/mpi_unittest.cc:
Bug 1561331 - Additional modular inverse test r=jcj
[e2061fe522f5] [tip]
2020-05-08 Jan-Marek Glogowski <glogow@fbihome.de>
* coreconf/rules.mk, lib/ckfw/builtins/Makefile,
lib/ckfw/builtins/testlib/Makefile, lib/ckfw/capi/Makefile,
lib/dev/Makefile, lib/freebl/Makefile, lib/pk11wrap/Makefile,
lib/softoken/Makefile:
Bug 1629553 Use order-prereq for $(MAKE_OBJDIR) r=rrelyea
Introduces a simple "%/d" rule to create directories using
$(MAKE_OBJDIR) and replace all explicit $(MAKE_OBJDIR) calls with an
order-only-prerequisites.
To expand the $(@D) prerequisite, this needs .SECONDEXPANSION.
[c3f11da5acfc]
2020-05-05 Jan-Marek Glogowski <glogow@fbihome.de>
* coreconf/IRIX.mk, coreconf/OS2.mk, coreconf/README,
coreconf/SunOS4.1.3_U1.mk, coreconf/SunOS5.mk, coreconf/UNIX.mk,
coreconf/WIN32.mk, coreconf/config.mk, coreconf/location.mk,
coreconf/mkdepend/Makefile, coreconf/mkdepend/cppsetup.c,
coreconf/mkdepend/def.h, coreconf/mkdepend/ifparser.c,
coreconf/mkdepend/ifparser.h, coreconf/mkdepend/imakemdep.h,
coreconf/mkdepend/include.c, coreconf/mkdepend/main.c,
coreconf/mkdepend/mkdepend.man, coreconf/mkdepend/parse.c,
coreconf/mkdepend/pr.c, coreconf/rules.mk:
Bug 1438431 Remove mkdepend tool and targets r=rrelyea
[6c5f91e098a1]
* coreconf/README, coreconf/rules.mk:
Bug 1629553 Drop duplicate header DIR variables r=rrelyea
[d1f954627260]
* coreconf/OpenUNIX.mk, coreconf/README, coreconf/SCO_SV3.2.mk,
coreconf/config.mk, coreconf/cpdist.pl, coreconf/import.pl,
coreconf/jdk.mk, coreconf/jniregen.pl, coreconf/module.mk,
coreconf/outofdate.pl, coreconf/release.pl, coreconf/rules.mk,
coreconf/ruleset.mk, coreconf/source.mk, coreconf/version.mk:
Bug 1629553 Drop coreconf java support r=rrelyea
There aren't an Java sources in NSS, so just drop all the stuff
referencing java, jars, jni, etc.
I didn't try to remove it from tests.
[7d285fe69c8c]
* cmd/crmf-cgi/Makefile, cmd/crmf-cgi/config.mk,
cmd/crmftest/Makefile, cmd/crmftest/config.mk, cmd/lib/Makefile,
cmd/lib/config.mk, cmd/lib/manifest.mn, cmd/libpkix/config.mk,
cmd/libpkix/perf/Makefile, cmd/libpkix/perf/manifest.mn,
cmd/libpkix/pkix/Makefile, cmd/libpkix/pkix/certsel/Makefile,
cmd/libpkix/pkix/certsel/manifest.mn,
cmd/libpkix/pkix/checker/Makefile,
cmd/libpkix/pkix/checker/manifest.mn,
cmd/libpkix/pkix/crlsel/Makefile,
cmd/libpkix/pkix/crlsel/manifest.mn,
cmd/libpkix/pkix/params/Makefile,
cmd/libpkix/pkix/params/manifest.mn,
cmd/libpkix/pkix/results/Makefile,
cmd/libpkix/pkix/results/manifest.mn,
cmd/libpkix/pkix/store/Makefile, cmd/libpkix/pkix/store/manifest.mn,
cmd/libpkix/pkix/top/Makefile, cmd/libpkix/pkix/top/manifest.mn,
cmd/libpkix/pkix/util/Makefile, cmd/libpkix/pkix/util/manifest.mn,
cmd/libpkix/pkix_pl/Makefile, cmd/libpkix/pkix_pl/module/Makefile,
cmd/libpkix/pkix_pl/module/manifest.mn,
cmd/libpkix/pkix_pl/pki/Makefile,
cmd/libpkix/pkix_pl/pki/manifest.mn,
cmd/libpkix/pkix_pl/system/Makefile,
cmd/libpkix/pkix_pl/system/manifest.mn,
cmd/libpkix/testutil/manifest.mn, cpputil/Makefile,
cpputil/config.mk, cpputil/manifest.mn, lib/base/Makefile,
lib/base/config.mk, lib/base/manifest.mn, lib/certdb/Makefile,
lib/certdb/config.mk, lib/certdb/manifest.mn, lib/certhigh/Makefile,
lib/certhigh/config.mk, lib/certhigh/manifest.mn, lib/ckfw/Makefile,
lib/ckfw/builtins/Makefile, lib/ckfw/builtins/config.mk,
lib/ckfw/builtins/manifest.mn, lib/ckfw/builtins/testlib/Makefile,
lib/ckfw/builtins/testlib/config.mk,
lib/ckfw/builtins/testlib/manifest.mn, lib/ckfw/capi/Makefile,
lib/ckfw/capi/config.mk, lib/ckfw/capi/manifest.mn,
lib/ckfw/config.mk, lib/ckfw/dbm/Makefile, lib/ckfw/dbm/config.mk,
lib/ckfw/dbm/manifest.mn, lib/ckfw/manifest.mn, lib/crmf/Makefile,
lib/crmf/config.mk, lib/crmf/manifest.mn, lib/cryptohi/Makefile,
lib/cryptohi/config.mk, lib/cryptohi/manifest.mn,
lib/dbm/src/config.mk, lib/dbm/src/manifest.mn, lib/dev/Makefile,
lib/dev/config.mk, lib/dev/manifest.mn, lib/jar/Makefile,
lib/jar/config.mk, lib/jar/manifest.mn, lib/libpkix/Makefile,
lib/libpkix/config.mk, lib/libpkix/include/Makefile,
lib/libpkix/include/config.mk, lib/libpkix/pkix/Makefile,
lib/libpkix/pkix/certsel/Makefile,
lib/libpkix/pkix/certsel/config.mk,
lib/libpkix/pkix/certsel/manifest.mn,
lib/libpkix/pkix/checker/Makefile,
lib/libpkix/pkix/checker/config.mk,
lib/libpkix/pkix/checker/manifest.mn, lib/libpkix/pkix/config.mk,
lib/libpkix/pkix/crlsel/Makefile, lib/libpkix/pkix/crlsel/config.mk,
lib/libpkix/pkix/crlsel/manifest.mn,
lib/libpkix/pkix/params/Makefile, lib/libpkix/pkix/params/config.mk,
lib/libpkix/pkix/params/manifest.mn,
lib/libpkix/pkix/results/Makefile,
lib/libpkix/pkix/results/config.mk,
lib/libpkix/pkix/results/manifest.mn,
lib/libpkix/pkix/store/Makefile, lib/libpkix/pkix/store/config.mk,
lib/libpkix/pkix/store/manifest.mn, lib/libpkix/pkix/top/Makefile,
lib/libpkix/pkix/top/config.mk, lib/libpkix/pkix/top/manifest.mn,
lib/libpkix/pkix/util/Makefile, lib/libpkix/pkix/util/config.mk,
lib/libpkix/pkix/util/manifest.mn, lib/libpkix/pkix_pl_nss/Makefile,
lib/libpkix/pkix_pl_nss/config.mk,
lib/libpkix/pkix_pl_nss/module/Makefile,
lib/libpkix/pkix_pl_nss/module/config.mk,
lib/libpkix/pkix_pl_nss/module/manifest.mn,
lib/libpkix/pkix_pl_nss/pki/Makefile,
lib/libpkix/pkix_pl_nss/pki/config.mk,
lib/libpkix/pkix_pl_nss/pki/manifest.mn,
lib/libpkix/pkix_pl_nss/system/Makefile,
lib/libpkix/pkix_pl_nss/system/config.mk,
lib/libpkix/pkix_pl_nss/system/manifest.mn, lib/pk11wrap/Makefile,
lib/pk11wrap/config.mk, lib/pk11wrap/manifest.mn,
lib/pkcs12/Makefile, lib/pkcs12/config.mk, lib/pkcs12/manifest.mn,
lib/pkcs7/Makefile, lib/pkcs7/config.mk, lib/pkcs7/manifest.mn,
lib/pki/Makefile, lib/pki/config.mk, lib/pki/manifest.mn,
lib/sqlite/Makefile, lib/sysinit/Makefile, lib/util/Makefile,
lib/zlib/Makefile, lib/zlib/config.mk, lib/zlib/manifest.mn:
Bug 1629553 Merge simple config.mk files r=rrelyea
There is really no good reason to explicitly change the TARGET
variable. And the empty SHARED_LIBRARY variable should also be in
the manifest.mn to begin with.
All the other empty variables start empty or undefined, so there is
also no need to explicitly set them empty.
[dc1ef0faf4a6]
* cmd/libpkix/testutil/config.mk, coreconf/OS2.mk, coreconf/WIN32.mk,
coreconf/ruleset.mk, coreconf/suffix.mk, gtests/common/Makefile,
gtests/common/manifest.mn, gtests/google_test/Makefile,
gtests/google_test/manifest.mn, gtests/pkcs11testmodule/Makefile,
gtests/pkcs11testmodule/config.mk,
gtests/pkcs11testmodule/manifest.mn, lib/ckfw/builtins/config.mk,
lib/ckfw/builtins/manifest.mn, lib/ckfw/builtins/testlib/config.mk,
lib/ckfw/capi/config.mk, lib/ckfw/capi/manifest.mn,
lib/freebl/config.mk, lib/nss/config.mk, lib/nss/manifest.mn,
lib/smime/config.mk, lib/smime/manifest.mn, lib/softoken/config.mk,
lib/softoken/legacydb/config.mk, lib/softoken/legacydb/manifest.mn,
lib/softoken/manifest.mn, lib/sqlite/config.mk,
lib/sqlite/manifest.mn, lib/ssl/config.mk, lib/ssl/manifest.mn,
lib/sysinit/config.mk, lib/sysinit/manifest.mn, lib/util/config.mk,
lib/util/manifest.mn:
Bug 1629553 Rework the LIBRARY_NAME ruleset r=rrelyea
* Drop the WIN% "32" default DLL suffix
* Add default resource file handling => drop default RES
* Generate IMPORT_LIBRARY based on IMPORT_LIB_SUFFIX and
SHARED_LIBRARY, so we can drop all the explicit empty IMPORT_LIBRARY
lines
Originally this patch also tried to add a default MAPFILE rule, but
this fails, because the ARCH makefiles set linker flags based on an
existing MAPFILE variable.
[877d721d93cd]
* coreconf/rules.mk:
Bug 1629553 Use an eval template for C++ compile rules r=rrelyea
These pattern rules already had a comment to keep both in sync, so
just use an eval template to enforce this.
[9b628d9c57e5]
* lib/freebl/Makefile:
Bug 1629553 Use an eval template for freebl libs r=rrelyea
[71dd05b782e4]
* coreconf/rules.mk:
Bug 1629553 Use an eval template for export targets r=rrelyea
[45db681898be]
* lib/pk11wrap/manifest.mn, lib/pk11wrap/pk11load.c,
lib/pk11wrap/pk11wrap.gyp:
Bug 1629553 Prefix pk11wrap (SHLIB|LIBRARY)_VERSION with NSS_
r=rrelyea
In the manifest.mn the LIBRARY_VERSION is normally used to define
the major version of the build shared library. This ust works for
the pk11wrap case, because pk11wrap is a static library. But it's
still very confusing when reading the manifest.mn. Also the
referenced define in the code is just named SHLIB_VERSION.
So this prefixes the defines and the variables with NSS_, because it
tries to load the NSS library, just as the SOFTOKEN_.*_VERSION is
used to load the versioned softokn library.
[cbb737bc6c0c]
* Makefile, cmd/Makefile, cmd/shlibsign/Makefile,
cmd/smimetools/rules.mk, coreconf/rules.mk, gtests/manifest.mn,
lib/freebl/Makefile, lib/manifest.mn, manifest.mn:
Bug 290526 Drop double-colon usage and add directory depends
r=rrelyea
Double-colon rule behaviour isn't really compatible with parallel
build. This gets rid of all of them, so we can codify the directory
dependencies.
This leaves just three problems, which aren't really fixable with
the current build system without completely replacing it:
* everything depends on nsinstall
* everything depends on installed headers
* ckfw child directories depend on the build parent libs
This is handled by the prepare_build target.
Overall this allows most if the build to run in parallel.
P.S. the release_md:: has to stay :-( P.P.S. no clue, why freebl
must use libs: instead of using the TARGETS and .PHONY variables
[f3a0ef69c056]
* coreconf/WIN32.mk, gtests/certdb_gtest/manifest.mn,
gtests/common/Makefile, gtests/google_test/Makefile,
gtests/google_test/manifest.mn, gtests/pkcs11testmodule/Makefile:
Bug 290526 Fix gtests build for WIN% targets r=rrelyea
The google_test gtest build doesn't provide any exports for the
shared library on Windows and the gyp build also builds just a
static library. So build gtest and gtestutil libraries as static.
For whatever reason, the Windows linker doesn't find the main
function inside the gtestutil library, if we don't tell it to build
a console executable. But linking works fine, if the object file is
used directly. But since we can have different main() objects based
on build flags, we enforce building console applications binaries.
[a82a55886c1d]
* cmd/bltest/manifest.mn, cmd/chktest/manifest.mn, cmd/crmf-
cgi/manifest.mn, cmd/crmftest/manifest.mn, cmd/fipstest/manifest.mn,
cmd/lib/Makefile, cmd/libpkix/testutil/Makefile,
cmd/lowhashtest/manifest.mn, cmd/modutil/manifest.mn,
cmd/pk11gcmtest/manifest.mn, cmd/pk11mode/manifest.mn,
cmd/rsapoptst/manifest.mn, cmd/signtool/manifest.mn,
cmd/ssltap/manifest.mn, coreconf/README, coreconf/rules.mk,
cpputil/manifest.mn, gtests/google_test/manifest.mn,
gtests/pkcs11testmodule/Makefile, lib/base/Makefile,
lib/certdb/Makefile, lib/certhigh/Makefile, lib/ckfw/Makefile,
lib/crmf/Makefile, lib/cryptohi/Makefile, lib/dbm/include/Makefile,
lib/dev/Makefile, lib/dev/manifest.mn, lib/freebl/Makefile,
lib/libpkix/Makefile, lib/libpkix/include/Makefile,
lib/libpkix/include/manifest.mn, lib/libpkix/pkix/Makefile,
lib/libpkix/pkix/certsel/Makefile,
lib/libpkix/pkix/certsel/manifest.mn,
lib/libpkix/pkix/checker/Makefile,
lib/libpkix/pkix/checker/manifest.mn,
lib/libpkix/pkix/crlsel/Makefile,
lib/libpkix/pkix/crlsel/manifest.mn,
lib/libpkix/pkix/params/Makefile,
lib/libpkix/pkix/params/manifest.mn,
lib/libpkix/pkix/results/Makefile,
lib/libpkix/pkix/results/manifest.mn,
lib/libpkix/pkix/store/Makefile, lib/libpkix/pkix/store/manifest.mn,
lib/libpkix/pkix/top/Makefile, lib/libpkix/pkix/top/manifest.mn,
lib/libpkix/pkix/util/Makefile, lib/libpkix/pkix/util/manifest.mn,
lib/libpkix/pkix_pl_nss/Makefile,
lib/libpkix/pkix_pl_nss/module/Makefile,
lib/libpkix/pkix_pl_nss/module/manifest.mn,
lib/libpkix/pkix_pl_nss/pki/Makefile,
lib/libpkix/pkix_pl_nss/pki/manifest.mn,
lib/libpkix/pkix_pl_nss/system/Makefile,
lib/libpkix/pkix_pl_nss/system/manifest.mn, lib/nss/Makefile,
lib/pk11wrap/Makefile, lib/pki/Makefile, lib/pki/manifest.mn,
lib/softoken/Makefile, lib/softoken/legacydb/Makefile,
lib/sqlite/Makefile, lib/sqlite/manifest.mn, lib/ssl/Makefile,
lib/util/Makefile, lib/zlib/Makefile:
Bug 290526 Drop recursive private_exports r=rrelyea
Copying private headers is now simply included in the exports
target, as these headers use an extra directory anyway.
[989ecbd870f3]
* Makefile, cmd/shlibsign/Makefile, coreconf/Makefile,
coreconf/README, coreconf/nsinstall/Makefile, coreconf/rules.mk,
coreconf/ruleset.mk, lib/Makefile, lib/ckfw/Makefile:
Bug 290526 Parallelize part of the NSS build r=rrelyea
This still serializes many targets, but at least these targets
themself run their build in parallel. The main serialization happens
in nss/Makefile and nss/coreconf/rules.mk's all target.
We can't add these as real dependencies, as all Makefile snippets
use the same variable names. I tried to always run sub-makes to hack
in the depndencies, but these don't know of each other, so targets
very often run twice, and this breaks the build.
Having a tests:: target and a tests directory leads to misery (and
doesn't work), so it's renamed to check.
This just works with NSS_DISABLE_GTESTS=1 specified and is fixed by
a follow up patch, which removes the double-colon usage and adds the
directory dependencies!
[5d0bfa092e0f]
* coreconf/UNIX.mk, coreconf/WIN32.mk, coreconf/mkdepend/Makefile,
coreconf/nsinstall/Makefile, coreconf/ruleset.mk:
Bug 290526 Don't delete directories r=rrelyea
If these files exist and aren't directories, there might be other
problems. Trying to "fix" them by removing will break the build.
[fb377d36262d]
* coreconf/rules.mk:
Bug 290526 Handle empty install variables r=rrelyea
Originally I added the install commands to the individual build
targets. But this breaks the incremental build, because there is
actually no dependency for the install. But it turns out, that in
the end it's enough to ignore empty defined variables, so just do
this.
[585942b1d556]
* coreconf/rules.mk:
Bug 290526 Handle parallel PROGRAM and PROGRAMS r=rrelyea
I have no real clue, why PROGRAMS is actually working in the
sequence build. There is no special make code really handling it,
except for the install target.
This patches code is inspired by the $(eval ...) example in the GNU
make documentation. It generates a program specific make target and
maps the programs objects based on the defined variables.
[d30a6953b897]
Differential Revision: https://phabricator.services.mozilla.com/D75385
Kershaw Chang
ffxbld
Haik Aftandilian
Jon Bauman
Simon Giesecke
Jean-Yves Avenard
Dana Keeler
Noemi Erli
Jed Davis
Nihanth Subramanya
lougeniac64
Csoregi Natalia
Kevin Jacobs
Coroiu Cristina
Dorel Luca
R. Martinho Fernandes
Butkovits Atila
Doug Thayer
Mathieu Leplatre
Matt Woodrow
Narcis Beleuzu
tkhan
Cosmin Sabou
Gijs Kruitbosch
Mihai Alexandru Michis
Kris Maglione
Razvan Maries
Nicholas Nethercote
Bogdan Tara
Toshihito Kikuchi
Alexis Beingessner
Adam Roach [:abr]
Jan Andre Ikenmeyer
Christoph Kerschbaumer
Martin Thomson
Andrea Marchesini
Sylvestre Ledru
Jared Wein
Mike Hommey
J.C. Jones
Benjamin Beurdouche
Erica Wright
Emilio Cobos Álvarez
David Major
Moritz Birghan
Gian-Carlo Pascutto
Magnus Melin
Lina Cambridge
Nathan Froyd
Frederik Braun