зеркало из https://github.com/mozilla/gecko-dev.git
dde8b5dd22
``` 2021-07-22 Benjamin Beurdouche <bbeurdouche@mozilla.com> * doc/rst/index.rst: Display warning on the new NSS documentation [8f41147c2192] [tip] 2021-07-20 Robert Relyea <rrelyea@redhat.com> * lib/softoken/sdb.c: Bug 1721476 sqlite 3.34 changed it's open semantics, causing nss failures. https://sqlite.org/forum/info/42cf8e985bb051a2 sqlite is now permissive on opening a readonly file even if you ask for the file to be opened R/W. normally sqlite is very conservative in changing it's underlying semantics, but evidently they chose convience over compatibility. NSS now needs to check the file permissions itself to preserve nss semantics. [f2d34a957599] 2021-07-15 Robert Relyea <rrelyea@redhat.com> * tests/common/init.sh, tests/common/parsegtestreport.sed, tests/common/parsegtestreport.sh, tests/gtests/gtests.sh, tests/ssl_gtests/ssl_gtests.sh: Bug 1720230 Gtest update changed the gtest reports, losing gtest details in all.sh reports. This patch includes the updated .sed script, and an experiment using bash instead to see how hard it would be to make a more robust parser. The robust parser generates identical output as sed, but takes about 30x longer, so instead of subsecond operations, it takes almost half a minute. With that result, I think we can stay with sed and continue to update when we get new versions of gtests. (sigh). time cat report.xml.0 | sed -f parsegtestreport.sed > r1 real 0m0.710s user 0m0.705s sys 0m0.008s time cat report.xml.0 | sh parsegtestreport.sh > r2 real 0m25.066s user 0m17.759s sys 0m9.506s [rrelyea@localhost common]$ diff r1 r2 updated: with review comments from Martin and move the report parsing to the common code so it can be shared with both ssl_gtests and gtests shell scripts. [f12856d5d2c2] 2021-07-13 Robert Relyea <rrelyea@redhat.com> * gtests/softoken_gtest/softoken_dh_vectors.h, lib/softoken/pkcs11c.c, lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c, lib/softoken/sftkdhverify.c: Bug 1720228 NSS incorrectly accepting 1536 bit DH primes in FIPS mode When NSS is in FIPS mode, it should reject all primes smaller than 2048. The ike 1536 prime is in the accepted primes table. In FIPS mode it should be rejected. [d2ec946e601a] 2021-07-15 Robert Relyea <rrelyea@redhat.com> * cmd/manifest.mn, cmd/sdbthreadtst/Makefile, cmd/sdbthreadtst/manifest.mn, cmd/sdbthreadtst/sdbthreadtst.c, cmd/sdbthreadtst/sdbthreadtst.gyp, lib/softoken/sdb.c, lib/softoken/sftkdb.c, nss.gyp, tests/dbtests/dbtests.sh: Bug 1720232 SQLite calls could timeout in starvation situations. Some of our servers could cause random failures when trying to generate many key pairs from multiple threads. This is caused because some threads would starve long enough for them to give up on getting a begin transaction on sqlite. sqlite only allows one transaction at a time. Also, there were some bugs in error handling of the broken transaction case where NSS would try to cancel a transation after the begin failed (most cases were correct, but one case in particular was problematic). [b54b0d41e51b] 2021-07-13 Robert Relyea <rrelyea@redhat.com> * lib/pk11wrap/pk11cxt.c, lib/pk11wrap/pk11hpke.c, lib/softoken/kbkdf.c, lib/softoken/sftkhmac.c, lib/softoken/sftkike.c: Bug 1720225 Coverity/cpp scanner errors found in nss 3.67 A number of coverity/scanner issues were found in the kdf code which was added in nss 3.44 and the fixes never upstreamed, as well as coverity/scanner errors in nss 3.66. Not all errors were fixed, those errors which were determined to be false positives were just recorded. No attempt has been made to fix coverity/scanner errors in gtests. [d1b9709d8861] ``` Differential Revision: https://phabricator.services.mozilla.com/D120624 |
||
---|---|---|
.. | ||
addbuiltin | ||
atob | ||
bltest | ||
btoa | ||
certutil | ||
chktest | ||
crlutil | ||
crmf-cgi | ||
crmftest | ||
dbck | ||
dbtest | ||
derdump | ||
digest | ||
ecperf | ||
fbectest | ||
fipstest | ||
httpserv | ||
lib | ||
libpkix | ||
listsuites | ||
lowhashtest | ||
makepqg | ||
modutil | ||
mpitests | ||
multinit | ||
nss-policy-check | ||
ocspclnt | ||
ocspresp | ||
oidcalc | ||
p7content | ||
p7env | ||
p7sign | ||
p7verify | ||
pk1sign | ||
pk11ectest | ||
pk11gcmtest | ||
pk11importtest | ||
pk11mode | ||
pk11util | ||
pk12util | ||
pkix-errcodes | ||
pp | ||
ppcertdata | ||
pwdecrypt | ||
rsaperf | ||
rsapoptst | ||
samples | ||
sdbthreadtst | ||
sdrtest | ||
selfserv | ||
shlibsign | ||
signtool | ||
signver | ||
smimetools | ||
ssltap | ||
strsclnt | ||
symkeyutil | ||
tests | ||
tstclnt | ||
vfychain | ||
vfyserv | ||
Makefile | ||
manifest.mn | ||
platlibs.gypi | ||
platlibs.mk | ||
platrules.mk |