Bug 580679: Build NSS with the TLS zlib compression code.

Add the security.ssl.enable_compression preference to
enable TLS compression, disabled by default.
r=khuey,kaie,sayrer,ted.  approval2.0+ by bsmedberg.

netwerk/base/public/security-prefs.js

@@ -8,6 +8,7 @@ pref("security.ssl.renego_unrestricted_hosts", "");
 pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
 pref("security.ssl.require_safe_negotiation",  false);
 pref("security.ssl.warn_missing_rfc5746",  1);
+pref("security.ssl.enable_compression", false);
 pref("security.ssl.enable_false_start", true);
 
 pref("security.ssl2.rc4_128", false);

security/coreconf/Linux.mk

@@ -154,6 +154,12 @@ ZDEFS_FLAG		= -Wl,-z,defs
 DSO_LDOPTS		+= $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))
 LDFLAGS			+= $(ARCHFLAG)
 
+# On Maemo, we need to use the -rpath-link flag for even the standard system
+# library directories.
+ifdef _SBOX_DIR
+LDFLAGS			+= -Wl,-rpath-link,/usr/lib:/lib
+endif
+
 # INCLUDES += -I/usr/include -Y/usr/include/linux
 G++INCLUDES		= -I/usr/include/g++
 

security/manager/Makefile.in

@@ -178,6 +178,7 @@ endif
 DEFAULT_GMAKE_FLAGS = MAKE="$(NSSMAKE) -j1" -j1
 DEFAULT_GMAKE_FLAGS += CC="$(CC)"
 DEFAULT_GMAKE_FLAGS += SOURCE_MD_DIR=$(ABS_DIST)
+DEFAULT_GMAKE_FLAGS += SOURCE_MDHEADERS_DIR=$(NSPR_INCLUDE_DIR)
 DEFAULT_GMAKE_FLAGS += DIST=$(ABS_DIST)
 DEFAULT_GMAKE_FLAGS += NSPR_INCLUDE_DIR=$(NSPR_INCLUDE_DIR)
 DEFAULT_GMAKE_FLAGS += NSPR_LIB_DIR=$(NSPR_LIB_DIR)
@@ -187,6 +188,7 @@ DEFAULT_GMAKE_FLAGS += NSS_ENABLE_ECC=1
 DEFAULT_GMAKE_FLAGS += NSINSTALL="$(NSINSTALL)"
 ifndef MOZ_NATIVE_SQLITE
 DEFAULT_GMAKE_FLAGS += SQLITE_LIB_NAME=mozsqlite3
+DEFAULT_GMAKE_FLAGS += SQLITE_INCLUDE_DIR=$(ABS_DIST)/include
 endif
 ifdef NSS_DISABLE_DBM 
 DEFAULT_GMAKE_FLAGS += NSS_DISABLE_DBM=1
@@ -239,10 +241,6 @@ DEFAULT_GMAKE_FLAGS += MACOS_SDK_DIR=$(MACOS_SDK_DIR)
 endif
 endif
 
-# Turn off TLS compression support because NSS 3.12.6 can't be built
-# with Mozilla's zlib.h.  See bug 527659 comment 10.
-DEFAULT_GMAKE_FLAGS += NSS_ENABLE_ZLIB=
-
 # Disable building of the test programs in security/nss/lib/zlib
 DEFAULT_GMAKE_FLAGS += PROGRAMS=
 

security/manager/ssl/src/nsNSSComponent.cpp

@@ -1719,6 +1719,8 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox)
       SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION, 
         enabled ? SSL_RENEGOTIATE_UNRESTRICTED : SSL_RENEGOTIATE_REQUIRES_XTN);
 
+      mPrefBranch->GetBoolPref("security.ssl.enable_compression", &enabled);
+      SSL_OptionSetDefault(SSL_ENABLE_DEFLATE, enabled);
 #ifdef SSL_ENABLE_FALSE_START // Requires NSS 3.12.8
       mPrefBranch->GetBoolPref("security.ssl.enable_false_start", &enabled);
       SSL_OptionSetDefault(SSL_ENABLE_FALSE_START, enabled);
@@ -2251,6 +2253,10 @@ nsNSSComponent::Observe(nsISupports *aSubject, const char *aTopic,
       PRInt32 warnLevel = 1;
       mPrefBranch->GetIntPref("security.ssl.warn_missing_rfc5746", &warnLevel);
       nsSSLIOLayerHelpers::setWarnLevelMissingRFC5746(warnLevel);
+    } else if (prefName.Equals("security.ssl.enable_compression")) {
+      mPrefBranch->GetBoolPref("security.ssl.enable_compression", &enabled);
+      SSL_OptionSetDefault(SSL_ENABLE_DEFLATE, enabled);
+      clearSessionCache = PR_TRUE;
 #ifdef SSL_ENABLE_FALSE_START // Requires NSS 3.12.8
     } else if (prefName.Equals("security.ssl.enable_false_start")) {
       mPrefBranch->GetBoolPref("security.ssl.enable_false_start", &enabled);

security/patches/README

@@ -4,3 +4,7 @@ on top of the NSS release.
 File: msvc-aslr.patch
 https://bugzilla.mozilla.org/show_bug.cgi?id=567134
 Use the -DYNAMICBASE linker option to enable ASLR on Windows.
+
+File: maemo-rpath-link.patch
+https://bugzilla.mozilla.org/show_bug.cgi?id=585247
+Add the -rpath-link linker flag required for Maemo/Scratchbox.

security/patches/maemo-rpath-link.patch

@@ -0,0 +1,30 @@
+Index: mozilla/security/coreconf/Linux.mk
+===================================================================
+RCS file: /cvsroot/mozilla/security/coreconf/Linux.mk,v
+retrieving revision 1.47
+diff -u -8 -r1.47 Linux.mk
+--- mozilla/security/coreconf/Linux.mk	29 Jul 2010 04:18:10 -0000	1.47
++++ mozilla/security/coreconf/Linux.mk	7 Aug 2010 02:59:37 -0000
+@@ -149,16 +149,22 @@
+ DSO_LDOPTS		= -shared $(ARCHFLAG)
+ # The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8)
+ # incorrectly reports undefined references in the libraries we link with, so
+ # we don't use -z defs there.
+ ZDEFS_FLAG		= -Wl,-z,defs
+ DSO_LDOPTS		+= $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))
+ LDFLAGS			+= $(ARCHFLAG)
+ 
++# On Maemo, we need to use the -rpath-link flag for even the standard system
++# library directories.
++ifdef _SBOX_DIR
++LDFLAGS			+= -Wl,-rpath-link,/usr/lib:/lib
++endif
++
+ # INCLUDES += -I/usr/include -Y/usr/include/linux
+ G++INCLUDES		= -I/usr/include/g++
+ 
+ #
+ # Always set CPU_TAG on Linux, WINCE.
+ #
+ CPU_TAG = _$(CPU_ARCH)
+