This has the side effect of not initializing fontconfig before the
valgrind test itself runs, which changes the code path leading to
`FcConfigAddDirList`, which eventually leads to suppressed leaks.
Those leaks are then not discarded because the caller doesn't match what
is in the suppression file anymore, so we remove the caller.
Differential Revision: https://phabricator.services.mozilla.com/D85353
This solves the same problem we attempted to solve in bug 1654663. That was a low-cost, sensible solution when there was only one in-build reference to `glean_parser`, but with project FOG we're about to drastically increase the in-build reliance on the library, so the ad-hoc `sys.path` manipulation is an increasingly insensible solution. Here we address this in a first-class way by specifying that `glean_parser` should be imported in `virtualenv`s, but NOT by top-level `mach` commands that run outside of an in-`objdir` `virtualenv`.
Differential Revision: https://phabricator.services.mozilla.com/D85182
It turns out setting CARGO_PROFILE_RELEASE_LTO has unwanted side
effects.
First it's not actually strictly equivalent to using `cargo rustc --
-Clto`. For instance, it apparently also enables cross-language LTO in
newer versions of cargo.
Second, it changes the rust computed hash for all the dependencies of
the crate being built with the variable set, which makes them diverge
from when the same dependencies are built through another crate in the
tree that is not LTOed. This effectively makes us build a _lot_ of
crates twice, many of which are not cacheable.
Since the original problem is that cargo >= 1.45 passes extra flags (`-C
embed-bitcode=no`) to rustc that are incompatible with `-Clto`, and while
it knows to adjust based on the `lto` setting in the build profile
(which CARGO_PROFILE_RELEASE_LTO overrides the default of), cargo
ignores flags passed via `cargo rustc -- ...` when making those
adjustments.
So, we need to override with `-C embed-bitcode=yes` on our own at the
same time we pass `-Clto`. But doing that through `cargo rustc -- ...`
is not enough because all the dependencies of the crate built with
`-Clto` need to be built with `-C embed-bitcode=yes`. So we need to
override with `RUSTFLAGS`, which will affect all the dependencies.
But we also need to do this consistently across all crates, not only the
dependencies of crates built with `-Clto`, otherwise we'd still end up
building crates twice (once with and once without the override).
Unfortunately, the `-C embed-bitcode=*` flag is also not supported in
versions older than 1.45, so we have to avoid adding it on older
versions.
We unfortunately support a large range of versions of rustc (albeit only
for tools/crashreporter), but we actually need to upgrade the smaller
supported version because rustc < 1.38 doesn't support our top-level
Cargo.lock. This makes the version check slightly less awful.
Differential Revision: https://phabricator.services.mozilla.com/D84652
In preparation for Glean telemetry, we scope the availability of the out-of-date vendored
"glean_parser" library to its one usage: "run_glean_parser.py".
This allows Glean telemetry to load its modern "glean_parser" dependency from the
"--user" package environment.
Differential Revision: https://phabricator.services.mozilla.com/D84610
afa1afd410 changed a line at the edge of the context of this patch. I'm really not keen to fork this patch into a separate clang-12 version, so I'd prefer to just shrink the context a little.
Differential Revision: https://phabricator.services.mozilla.com/D84609
Two changes happened during the LLVM 11 timeframe that break our Searchfox plugin.
First, the conversion from `llvm::StringRef` to `std::string` became explicit: adcd026838 This is easy enough to fix in a version-agnostic way.
Second, `mangleCXXCtor` no longer exists: 29e1a16be8 Since there isn't a one-size-fits-all fix, I had to use an ifdef. I mostly cargo-culted the change from 29e1a16be8 (diff-dac09655ff6a54658c320a28a6ea297c).
Differential Revision: https://phabricator.services.mozilla.com/D83838
LLVM 11 introduces a hard requirement for SDK 10.12 in order to build for Mac. We want to keep building older LLVMs with 10.11 though, so this patch adds some flexibility so that build-clang can make use of whatever SDK package a particular task pulls from tooltool (but still requesting a deployment target of 10.11).
Differential Revision: https://phabricator.services.mozilla.com/D82621
After bug 1651806, we're trying to caution people against running `mach build $A_SPECIFIC_TARGET` because it's not generally supported. `dumbmake` is a piece of infrastructure that attempts to make this use case a little bit more useable, but it was always supposed to be a stopgap. There doesn't seem to be a need for it any more.
Differential Revision: https://phabricator.services.mozilla.com/D83136
This is where the `compare-mozconfig` test properly belongs, and `mozbuild` tests already re-run every time a `mozboot` file changes.
Differential Revision: https://phabricator.services.mozilla.com/D83130
Add an action that will trigger a task that runs
`mach release push-scriptworker-canary`
to test a new scriptworker deployment.
Differential Revision: https://phabricator.services.mozilla.com/D82821
clang/LLVM's build scripts can turn these on on their own, but explicitly
setting what we want is better than guessing. The change is not huge, maybe
~2-3% on the major shared libraries (`libclang`, `libclang-cpp`, `libLLVM`),
about 1% on the overall `.tar.zst` size, but every little bit counts, right?
Differential Revision: https://phabricator.services.mozilla.com/D82896
2020-06-26 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt, automation/abi-
check/previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h,
lib/util/nssutil.h:
Set version numbers to 3.55 beta
[332ab7db68ba]
2020-06-25 Kevin Jacobs <kjacobs@mozilla.com>
* tests/all.sh:
Bug 1649190 - Run cipher, sdr, and ocsp tests under standard test
cycle.
[f373809abfc0]
2020-06-15 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/p256ecdsa-sha256-vectors.h,
gtests/common/testvectors/p384ecdsa-sha384-vectors.h,
gtests/common/testvectors/p521ecdsa-sha512-vectors.h,
gtests/common/testvectors_base/test-structs.h,
gtests/common/wycheproof/genTestVectors.py,
gtests/pk11_gtest/pk11_ecdsa_unittest.cc:
Bug 1649226 - Add Wycheproof ECDSA tests.
[41292ff7f545]
2020-06-30 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/pkcs12/p12d.c:
Bug 1649322 - Fix null pointer passed as argument in
pk11wrap/pk11pbe.c:1246 r=kjacobs
[cc43ebf5bf88]
2020-06-30 Danh <congdanhqx@gmail.com>
* coreconf/arch.mk, coreconf/config.mk, lib/freebl/Makefile:
Bug 1646594 - Enable AVX2 if applicable on x86_64 with make 4.3
r=bbeurdouche
[b579895aceb0]
2020-07-02 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/ssl/ssl3con.c:
Bug 1649316 - Prevent memcmp to be called with a zero length in
ssl/ssl3con.c:6621 r=kjacobs
[8fe9213d0551]
2020-07-02 Alexander Scheel <ascheel@redhat.com>
* lib/cryptohi/secvfy.c:
Bug 1649487 - Fix bad assert in VFY_EndWithSignature. r=jcj
[c9438b528103]
2020-07-06 Dana Keeler <dkeeler@mozilla.com>
* automation/abi-check/expected-report-libnss3.so.txt,
gtests/pk11_gtest/pk11_find_certs_unittest.cc, lib/nss/nss.def,
lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11pub.h:
Bug 1649633 - add PK11_FindEncodedCertInSlot r=kjacobs,jcj
PK11_FindEncodedCertInSlot can be used to determine the PKCS#11
object handle of an encoded certificate in a given slot. If the
given certificate does not exist in that slot, CK_INVALID_HANDLE is
returned.
[32fe710a942f]
* gtests/pk11_gtest/pk11_find_certs_unittest.cc:
Bug 1649633 - follow-up to make test comparisons in
pk11_find_certs_unittest.cc yoda comparisons r=kjacobs
[424dae31a1c1]
2020-07-07 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc, lib/freebl/rsapkcs.c:
Bug 1067214 - Check minimum padding in RSA_CheckSignRecover.
r=rrelyea
This patch adds a check to `RSA_CheckSignRecover` enforcing a
minimum padding length of 8 bytes for PKCS #1 v1.5-formatted
signatures. In practice, RSA key size requirements already ensure
this requirement is met, but smaller (read: broken) key sizes can be
used via configuration overrides, and NSS should just follow the
spec.
[e5324bd5a885]
2020-07-08 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h,
gtests/ssl_gtest/ssl_record_unittest.cc,
gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h,
lib/ssl/dtls13con.c, lib/ssl/dtls13con.h, lib/ssl/ssl3con.c,
lib/ssl/ssl3prot.h, lib/ssl/sslspec.h, lib/ssl/sslt.h,
lib/ssl/tls13con.c, lib/ssl/tls13exthandle.c:
Bug 1647752 - Update DTLS 1.3 implementation to draft-38. r=mt
This patch updates DTLS 1.3 to draft-38. Specifically:
# `ssl_ct_ack` value changes from 25 to 26. # AEAD limits in
`tls13_UnprotectRecord` enforce a maximum of 2^36-1 (as we only
support GCM/ChaCha20 AEADs) decryption failures before the
connection is closed. # Post-handshake authentication will no longer
be negotiated in DTLS 1.3. This allows us to side-step the more
convoluted state machine requirements.
[132a87fc8689]
2020-07-09 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/pk11wrap/pk11pbe.c, lib/pkcs12/p12d.c:
Bug 1649322 - Fix null pointer passed as argument in
pk11wrap/pk11pbe.c:1246 r=kjacobs
This is a fixup patch that reverts https://hg.mozilla.org/projects/n
ss/rev/cc43ebf5bf88355837c5fafa2f3c46e37626707a and adds a null
check around the memcpy in question.
[80bea0e22b20]
2020-07-09 J.C. Jones <jjones@mozilla.com>
* lib/softoken/pkcs11.c:
Bug 1651520 - slotLock race in NSC_GetTokenInfo r=kjacobs
Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before
accessing slot after obtaining it, even though slotLock is defined
as its lock. [0]
[0] https://searchfox.org/nss/rev/a412e70e55218aaf670f1f10322fa734d8
a9fbde/lib/softoken/pkcs11i.h#320-321
[58c2abd7404e] [tip]
Differential Revision: https://phabricator.services.mozilla.com/D82466
Dorel Luca
Mike Hommey
Butkovits Atila
Moritz Birghan
Ricky Stewart
Andrew Halberstadt
Nathan Froyd
Mitchell Hentges
David Major
Andi-Bogdan Postelnicu
longsonr
Bob Clary
Narcis Beleuzu
Jason Orendorff
Tom Ritter
prathiksha
Tarek Ziadé
Ryan VanderMeulen
Mihai Alexandru Michis
Alex Chronopoulos
Tom Prince
Simon Giesecke
Jean-Yves Avenard
Kevin Jacobs
Razvan Maries