Backed out changeset 7ec471c99263 (bug 1219482) to hopefully fix the intermittent hazard failures CLOSED TREE
authorWes Kocher <wkocher@mozilla.com>
Fri, 29 Jan 2016 10:15:34 -0800
changeset 282342 5e5b76d866341d47db93066b393af616b1e78f43
parent 282341 7c16728755d3ce97463ab4030ae68b2a14ece625
child 282343 ebc3fa14b72acc7139173ee9933948a6bec0f7de
push id71131
push userkwierso@gmail.com
push dateFri, 29 Jan 2016 18:15:45 +0000
treeherdermozilla-inbound@ebc3fa14b72a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1219482
milestone47.0a1
backs out7ec471c9926360990ad4ec55376c53b54638da3f
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 7ec471c99263 (bug 1219482) to hopefully fix the intermittent hazard failures CLOSED TREE
security/apps/AppSignatureVerification.cpp
security/apps/AppTrustDomain.cpp
security/certverifier/CertVerifier.cpp
security/certverifier/ExtendedValidation.cpp
security/certverifier/NSSCertDBTrustDomain.cpp
security/certverifier/OCSPCache.cpp
security/certverifier/OCSPRequestor.cpp
security/manager/ssl/CertBlocklist.cpp
security/manager/ssl/PSMContentListener.cpp
security/manager/ssl/PublicKeyPinningService.cpp
security/manager/ssl/RootCertificateTelemetryUtils.cpp
security/manager/ssl/SSLServerCertVerification.cpp
security/manager/ssl/nsCertTree.cpp
security/manager/ssl/nsNSSCallbacks.cpp
security/manager/ssl/nsNSSCertificate.cpp
security/manager/ssl/nsNSSCertificateDB.cpp
security/manager/ssl/nsNSSComponent.cpp
security/manager/ssl/nsNSSIOLayer.cpp
security/manager/ssl/nsNSSShutDown.cpp
security/manager/ssl/nsNTLMAuthModule.cpp
security/manager/ssl/nsPK11TokenDB.cpp
security/manager/ssl/nsPKCS11Slot.cpp
security/manager/ssl/nsPKCS12Blob.cpp
security/manager/ssl/nsSecureBrowserUIImpl.cpp
security/manager/ssl/nsSecurityHeaderParser.cpp
security/manager/ssl/nsSiteSecurityService.cpp
security/manager/ssl/nsUsageArrayHelper.cpp
--- a/security/apps/AppSignatureVerification.cpp
+++ b/security/apps/AppSignatureVerification.cpp
@@ -35,17 +35,17 @@
 #include "pkix/pkixnss.h"
 #include "secmime.h"
 
 
 using namespace mozilla::pkix;
 using namespace mozilla;
 using namespace mozilla::psm;
 
-extern mozilla::LazyLogModule gPIPNSSLog;
+extern PRLogModuleInfo* gPIPNSSLog;
 
 namespace {
 
 // Reads a maximum of 1MB from a stream into the supplied buffer.
 // The reason for the 1MB limit is because this function is used to read
 // signature-related files and we want to avoid OOM. The uncompressed length of
 // an entry can be hundreds of times larger than the compressed version,
 // especially if someone has specifically crafted the entry to cause OOM or to
--- a/security/apps/AppTrustDomain.cpp
+++ b/security/apps/AppTrustDomain.cpp
@@ -32,17 +32,17 @@
 // Add-on signing Certificates
 #include "addons-public.inc"
 #include "addons-stage.inc"
 // Privileged Package Certificates
 #include "privileged-package-root.inc"
 
 using namespace mozilla::pkix;
 
-extern mozilla::LazyLogModule gPIPNSSLog;
+extern PRLogModuleInfo* gPIPNSSLog;
 
 static const unsigned int DEFAULT_MIN_RSA_BITS = 2048;
 static char kDevImportedDER[] =
   "network.http.signed-packages.developer-root";
 
 namespace mozilla { namespace psm {
 
 StaticMutex AppTrustDomain::sMutex;
--- a/security/certverifier/CertVerifier.cpp
+++ b/security/certverifier/CertVerifier.cpp
@@ -17,17 +17,17 @@
 #include "pkix/pkixnss.h"
 #include "prerror.h"
 #include "secerr.h"
 #include "sslerr.h"
 
 using namespace mozilla::pkix;
 using namespace mozilla::psm;
 
-mozilla::LazyLogModule gCertVerifierLog("certverifier");
+PRLogModuleInfo* gCertVerifierLog = nullptr;
 
 namespace mozilla { namespace psm {
 
 const CertVerifier::Flags CertVerifier::FLAG_LOCAL_ONLY = 1;
 const CertVerifier::Flags CertVerifier::FLAG_MUST_BE_EV = 2;
 const CertVerifier::Flags CertVerifier::FLAG_TLS_IGNORE_STATUS_REQUEST = 4;
 
 CertVerifier::CertVerifier(OcspDownloadConfig odc,
@@ -47,16 +47,19 @@ CertVerifier::CertVerifier(OcspDownloadC
 
 CertVerifier::~CertVerifier()
 {
 }
 
 void
 InitCertVerifierLog()
 {
+  if (!gCertVerifierLog) {
+    gCertVerifierLog = PR_NewLogModule("certverifier");
+  }
 }
 
 Result
 IsCertChainRootBuiltInRoot(CERTCertList* chain, bool& result)
 {
   if (!chain || CERT_LIST_EMPTY(chain)) {
     return Result::FATAL_ERROR_LIBRARY_FAILURE;
   }
--- a/security/certverifier/ExtendedValidation.cpp
+++ b/security/certverifier/ExtendedValidation.cpp
@@ -11,17 +11,17 @@
 #include "base64.h"
 #include "hasht.h"
 #include "pkix/pkixtypes.h"
 #include "pk11pub.h"
 #include "secerr.h"
 #include "prerror.h"
 #include "prinit.h"
 
-extern mozilla::LazyLogModule gPIPNSSLog;
+extern PRLogModuleInfo* gPIPNSSLog;
 
 #define CONST_OID static const unsigned char
 #define OI(x) { siDEROID, (unsigned char*) x, sizeof x }
 
 struct nsMyTrustedEVInfo
 {
   const char* dotted_oid;
   const char* oid_name; // Set this to null to signal an invalid structure,
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -28,17 +28,17 @@
 #include "ScopedNSSTypes.h"
 #include "secerr.h"
 
 #include "CNNICHashWhitelist.inc"
 
 using namespace mozilla;
 using namespace mozilla::pkix;
 
-extern LazyLogModule gCertVerifierLog;
+extern PRLogModuleInfo* gCertVerifierLog;
 
 static const uint64_t ServerFailureDelaySeconds = 5 * 60;
 
 namespace mozilla { namespace psm {
 
 const char BUILTIN_ROOTS_MODULE_DEFAULT_NAME[] = "Builtin Roots Module";
 
 NSSCertDBTrustDomain::NSSCertDBTrustDomain(SECTrustType certDBTrustType,
--- a/security/certverifier/OCSPCache.cpp
+++ b/security/certverifier/OCSPCache.cpp
@@ -27,17 +27,17 @@
 #include <limits>
 
 #include "NSSCertDBTrustDomain.h"
 #include "pk11pub.h"
 #include "pkix/pkixnss.h"
 #include "ScopedNSSTypes.h"
 #include "secerr.h"
 
-extern mozilla::LazyLogModule gCertVerifierLog;
+extern PRLogModuleInfo* gCertVerifierLog;
 
 using namespace mozilla::pkix;
 
 namespace mozilla { namespace psm {
 
 // Let derIssuer be the DER encoding of the issuer of aCert.
 // Let derPublicKey be the DER encoding of the public key of aIssuerCert.
 // Let serialNumber be the bytes of the serial number of aCert.
--- a/security/certverifier/OCSPRequestor.cpp
+++ b/security/certverifier/OCSPRequestor.cpp
@@ -11,17 +11,17 @@
 #include "mozilla/Base64.h"
 #include "mozilla/Scoped.h"
 #include "nsIURLParser.h"
 #include "nsNSSCallbacks.h"
 #include "nsNetCID.h"
 #include "nsServiceManagerUtils.h"
 #include "secerr.h"
 
-extern mozilla::LazyLogModule gCertVerifierLog;
+extern PRLogModuleInfo* gCertVerifierLog;
 
 namespace mozilla {
 
 void
 ReleaseHttpServerSession(nsNSSHttpServerSession* httpServerSession)
 {
   delete httpServerSession;
 }
--- a/security/manager/ssl/CertBlocklist.cpp
+++ b/security/manager/ssl/CertBlocklist.cpp
@@ -29,17 +29,17 @@ NS_IMPL_ISUPPORTS(CertBlocklist, nsICert
 using namespace mozilla;
 using namespace mozilla::pkix;
 
 #define PREF_BACKGROUND_UPDATE_TIMER "app.update.lastUpdateTime.blocklist-background-update-timer"
 #define PREF_KINTO_ONECRL_CHECKED "services.kinto.onecrl.checked"
 #define PREF_MAX_STALENESS_IN_SECONDS "security.onecrl.maximum_staleness_in_seconds"
 #define PREF_ONECRL_VIA_AMO "security.onecrl.via.amo"
 
-static LazyLogModule gCertBlockPRLog("CertBlock");
+static PRLogModuleInfo* gCertBlockPRLog;
 
 uint32_t CertBlocklist::sLastBlocklistUpdate = 0U;
 uint32_t CertBlocklist::sLastKintoUpdate = 0U;
 uint32_t CertBlocklist::sMaxStaleness = 0U;
 bool CertBlocklist::sUseAMO = true;
 
 CertBlocklistItem::CertBlocklistItem(const uint8_t* DNData,
                                      size_t DNLength,
@@ -125,16 +125,19 @@ CertBlocklistItem::Hash() const
 }
 
 CertBlocklist::CertBlocklist()
   : mMutex("CertBlocklist::mMutex")
   , mModified(false)
   , mBackingFileIsInitialized(false)
   , mBackingFile(nullptr)
 {
+  if (!gCertBlockPRLog) {
+    gCertBlockPRLog = PR_NewLogModule("CertBlock");
+  }
 }
 
 CertBlocklist::~CertBlocklist()
 {
   Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged,
                                   PREF_BACKGROUND_UPDATE_TIMER,
                                   this);
   Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged,
--- a/security/manager/ssl/PSMContentListener.cpp
+++ b/security/manager/ssl/PSMContentListener.cpp
@@ -24,17 +24,17 @@
 #include "nsNetUtil.h"
 #include "nsIChannel.h"
 #include "nsIInputStream.h"
 #include "nsIURI.h"
 #include "nsNSSHelper.h"
 
 #include "mozilla/Logging.h"
 
-extern mozilla::LazyLogModule gPIPNSSLog;
+extern PRLogModuleInfo* gPIPNSSLog;
 
 namespace mozilla { namespace psm {
 
 namespace {
 
 const int32_t kDefaultCertAllocLength = 2048;
 
 enum {
--- a/security/manager/ssl/PublicKeyPinningService.cpp
+++ b/security/manager/ssl/PublicKeyPinningService.cpp
@@ -18,17 +18,18 @@
 #include "sechash.h"
 
 #include "StaticHPKPins.h" // autogenerated by genHPKPStaticpins.js
 
 using namespace mozilla;
 using namespace mozilla::pkix;
 using namespace mozilla::psm;
 
-LazyLogModule gPublicKeyPinningLog("PublicKeyPinningService");
+PRLogModuleInfo* gPublicKeyPinningLog =
+  PR_NewLogModule("PublicKeyPinningService");
 
 /**
  Computes in the location specified by base64Out the SHA256 digest
  of the DER Encoded subject Public Key Info for the given cert
 */
 static nsresult
 GetBase64HashSPKI(const CERTCertificate* cert, nsACString& hashSPKIDigest)
 {
--- a/security/manager/ssl/RootCertificateTelemetryUtils.cpp
+++ b/security/manager/ssl/RootCertificateTelemetryUtils.cpp
@@ -8,17 +8,18 @@
 
 #include "mozilla/Logging.h"
 #include "RootHashes.inc" // Note: Generated by genRootCAHashes.js
 #include "ScopedNSSTypes.h"
 #include "mozilla/ArrayUtils.h"
 
 namespace mozilla { namespace psm {
 
-mozilla::LazyLogModule gPublicKeyPinningTelemetryLog("PublicKeyPinningTelemetryService");
+PRLogModuleInfo* gPublicKeyPinningTelemetryLog =
+  PR_NewLogModule("PublicKeyPinningTelemetryService");
 
 // Used in the BinarySearch method, this does a memcmp between the pointer
 // provided to its construtor and whatever the binary search is looking for.
 //
 // This implementation assumes everything to be of HASH_LEN, so it should not
 // be used generically.
 class BinaryHashSearchArrayComparator
 {
--- a/security/manager/ssl/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@@ -128,17 +128,17 @@
 
 #include "ssl.h"
 #include "cert.h"
 #include "secerr.h"
 #include "secoidt.h"
 #include "secport.h"
 #include "sslerr.h"
 
-extern mozilla::LazyLogModule gPIPNSSLog;
+extern PRLogModuleInfo* gPIPNSSLog;
 
 using namespace mozilla::pkix;
 
 namespace mozilla { namespace psm {
 
 namespace {
 
 // do not use a nsCOMPtr to avoid static initializer/destructor
--- a/security/manager/ssl/nsCertTree.cpp
+++ b/security/manager/ssl/nsCertTree.cpp
@@ -21,17 +21,17 @@
 #include "nsXPCOMCID.h"
 #include "nsTHashtable.h"
 #include "nsHashKeys.h"
 
 #include "mozilla/Logging.h"
 
 using namespace mozilla;
 
-extern LazyLogModule gPIPNSSLog;
+extern PRLogModuleInfo* gPIPNSSLog;
 
 static NS_DEFINE_CID(kCertOverrideCID, NS_CERTOVERRIDE_CID);
 
 // treeArrayElStr
 //
 // structure used to hold map of tree.  Each thread (an organization
 // field from a cert) has an element in the array.  The numChildren field
 // stores the number of certs corresponding to that thread.
--- a/security/manager/ssl/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -23,17 +23,17 @@
 #include "nsNetUtil.h"
 #include "SharedSSLState.h"
 #include "ssl.h"
 #include "sslproto.h"
 
 using namespace mozilla;
 using namespace mozilla::psm;
 
-extern LazyLogModule gPIPNSSLog;
+extern PRLogModuleInfo* gPIPNSSLog;
 
 static void AccumulateCipherSuite(Telemetry::ID probe,
                                   const SSLChannelInfo& channelInfo);
 
 namespace {
 
 // Bits in bit mask for SSL_REASONS_FOR_NOT_FALSE_STARTING telemetry probe
 // These bits are numbered so that the least subtle issues have higher values.
--- a/security/manager/ssl/nsNSSCertificate.cpp
+++ b/security/manager/ssl/nsNSSCertificate.cpp
@@ -52,17 +52,17 @@
 
 #ifdef XP_WIN
 #include <winsock.h> // for htonl
 #endif
 
 using namespace mozilla;
 using namespace mozilla::psm;
 
-extern LazyLogModule gPIPNSSLog;
+extern PRLogModuleInfo* gPIPNSSLog;
 
 // This is being stored in an uint32_t that can otherwise
 // only take values from nsIX509Cert's list of cert types.
 // As nsIX509Cert is frozen, we choose a value not contained
 // in the list to mean not yet initialized.
 #define CERT_TYPE_NOT_YET_INITIALIZED (1 << 30)
 
 NS_IMPL_ISUPPORTS(nsNSSCertificate,
--- a/security/manager/ssl/nsNSSCertificateDB.cpp
+++ b/security/manager/ssl/nsNSSCertificateDB.cpp
@@ -51,17 +51,17 @@
 #ifdef XP_WIN
 #include <winsock.h> // for ntohl
 #endif
 
 using namespace mozilla;
 using namespace mozilla::psm;
 using mozilla::psm::SharedSSLState;
 
-extern LazyLogModule gPIPNSSLog;
+extern PRLogModuleInfo* gPIPNSSLog;
 
 static nsresult
 attemptToLogInWithDefaultPassword()
 {
 #ifdef NSS_DISABLE_DBM
   // The SQL NSS DB requires the user to be authenticated to set certificate
   // trust settings, even if the user's password is empty. To maintain
   // compatibility with the DBM-based database, try to log in with the
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -50,17 +50,17 @@
 
 #ifdef XP_WIN
 #include "nsILocalFileWin.h"
 #endif
 
 using namespace mozilla;
 using namespace mozilla::psm;
 
-LazyLogModule gPIPNSSLog("pipnss");
+PRLogModuleInfo* gPIPNSSLog = nullptr;
 
 int nsNSSComponent::mInstanceCount = 0;
 
 // This function can be called from chrome or content processes
 // to ensure that NSS is initialized.
 bool EnsureNSSInitializedChromeOrContent()
 {
   nsresult rv;
@@ -216,16 +216,18 @@ GetRevocationBehaviorFromPrefs(/*out*/ C
 nsNSSComponent::nsNSSComponent()
   :mutex("nsNSSComponent.mutex"),
    mNSSInitialized(false),
 #ifndef MOZ_NO_SMART_CARDS
    mThreadList(nullptr),
 #endif
    mCertVerificationThread(nullptr)
 {
+  if (!gPIPNSSLog)
+    gPIPNSSLog = PR_NewLogModule("pipnss");
   MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::ctor\n"));
 
   NS_ASSERTION( (0 == mInstanceCount), "nsNSSComponent is a singleton, but instantiated multiple times!");
   ++mInstanceCount;
   mShutdownObjectList = nsNSSShutDownList::construct();
 }
 
 void
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -77,17 +77,17 @@ typedef enum {ASK, AUTO} SSM_UserCertCho
 // order to false start, as a compatibility hack to work around
 // implementations that just stop responding during false start. However, now
 // false start is resricted to modern crypto (TLS 1.2 and AEAD cipher suites)
 // so it is less likely that requring NPN or ALPN is still necessary.
 static const bool FALSE_START_REQUIRE_NPN_DEFAULT = false;
 
 } // unnamed namespace
 
-extern LazyLogModule gPIPNSSLog;
+extern PRLogModuleInfo* gPIPNSSLog;
 
 nsNSSSocketInfo::nsNSSSocketInfo(SharedSSLState& aState, uint32_t providerFlags)
   : mFd(nullptr),
     mCertVerificationState(before_cert_verification),
     mSharedState(aState),
     mForSTARTTLS(false),
     mHandshakePending(true),
     mRememberClientAuthCertificate(false),
--- a/security/manager/ssl/nsNSSShutDown.cpp
+++ b/security/manager/ssl/nsNSSShutDown.cpp
@@ -2,17 +2,17 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsNSSShutDown.h"
 #include "nsCOMPtr.h"
 
 using namespace mozilla;
 
-extern LazyLogModule gPIPNSSLog;
+extern PRLogModuleInfo* gPIPNSSLog;
 
 struct ObjectHashEntry : PLDHashEntryHdr {
   nsNSSShutDownObject *obj;
 };
 
 static bool
 ObjectSetMatchEntry(PLDHashTable *table, const PLDHashEntryHdr *hdr,
                          const void *key)
--- a/security/manager/ssl/nsNTLMAuthModule.cpp
+++ b/security/manager/ssl/nsNTLMAuthModule.cpp
@@ -23,20 +23,28 @@
 #include "nsNetCID.h"
 #include "nsNSSShutDown.h"
 #include "nsUnicharUtils.h"
 #include "pk11pub.h"
 #include "mozilla/Logging.h"
 #include "prsystem.h"
 
 static bool sNTLMv1Forced = false;
-static mozilla::LazyLogModule sNTLMLog("NTLM");
 
-#define LOG(x) MOZ_LOG(sNTLMLog, mozilla::LogLevel::Debug, x)
-#define LOG_ENABLED() MOZ_LOG_TEST(sNTLMLog, mozilla::LogLevel::Debug)
+static PRLogModuleInfo *
+GetNTLMLog()
+{
+  static PRLogModuleInfo *sNTLMLog;
+  if (!sNTLMLog)
+    sNTLMLog = PR_NewLogModule("NTLM");
+  return sNTLMLog;
+}
+
+#define LOG(x) MOZ_LOG(GetNTLMLog(), mozilla::LogLevel::Debug, x)
+#define LOG_ENABLED() MOZ_LOG_TEST(GetNTLMLog(), mozilla::LogLevel::Debug)
 
 static void des_makekey(const uint8_t *raw, uint8_t *key);
 static void des_encrypt(const uint8_t *key, const uint8_t *src, uint8_t *hash);
 
 //-----------------------------------------------------------------------------
 // this file contains a cross-platform NTLM authentication implementation. it
 // is based on documentation from: http://davenport.sourceforge.net/ntlm.html
 //-----------------------------------------------------------------------------
--- a/security/manager/ssl/nsPK11TokenDB.cpp
+++ b/security/manager/ssl/nsPK11TokenDB.cpp
@@ -9,17 +9,17 @@
 #include "prerror.h"
 #include "secerr.h"
 #include "nsReadableUtils.h"
 #include "nsNSSComponent.h"
 #include "nsServiceManagerUtils.h"
 
 #include "nsPK11TokenDB.h"
 
-extern mozilla::LazyLogModule gPIPNSSLog;
+extern PRLogModuleInfo* gPIPNSSLog;
 
 NS_IMPL_ISUPPORTS(nsPK11Token, nsIPK11Token)
 
 nsPK11Token::nsPK11Token(PK11SlotInfo *slot)
 {
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown())
     return;
--- a/security/manager/ssl/nsPKCS11Slot.cpp
+++ b/security/manager/ssl/nsPKCS11Slot.cpp
@@ -8,17 +8,17 @@
 #include "mozilla/Telemetry.h"
 #include "nsCOMPtr.h"
 #include "nsISupportsArray.h"
 #include "nsPK11TokenDB.h"
 #include "secmod.h"
 
 using mozilla::LogLevel;
 
-extern mozilla::LazyLogModule gPIPNSSLog;
+extern PRLogModuleInfo* gPIPNSSLog;
 
 NS_IMPL_ISUPPORTS(nsPKCS11Slot, nsIPKCS11Slot)
 
 nsPKCS11Slot::nsPKCS11Slot(PK11SlotInfo *slot)
 {
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown())
     return;
--- a/security/manager/ssl/nsPKCS12Blob.cpp
+++ b/security/manager/ssl/nsPKCS12Blob.cpp
@@ -27,18 +27,19 @@
 #include "nsKeygenHandler.h" //For GetSlotWithMechanism
 #include "nsPK11TokenDB.h"
 #include "nsICertificateDialogs.h"
 #include "nsNSSShutDown.h"
 #include "nsCRT.h"
 
 #include "secerr.h"
 
+extern PRLogModuleInfo* gPIPNSSLog;
+
 using namespace mozilla;
-extern LazyLogModule gPIPNSSLog;
 
 #define PIP_PKCS12_TMPFILENAME   NS_LITERAL_CSTRING(".pip_p12tmp")
 #define PIP_PKCS12_BUFFER_SIZE   2048
 #define PIP_PKCS12_RESTORE_OK          1
 #define PIP_PKCS12_BACKUP_OK           2
 #define PIP_PKCS12_USER_CANCELED       3
 #define PIP_PKCS12_NOSMARTCARD_EXPORT  4
 #define PIP_PKCS12_RESTORE_FAILED      5
--- a/security/manager/ssl/nsSecureBrowserUIImpl.cpp
+++ b/security/manager/ssl/nsSecureBrowserUIImpl.cpp
@@ -44,17 +44,17 @@ using namespace mozilla;
 // To enable logging (see prlog.h for full details):
 //
 //    set NSPR_LOG_MODULES=nsSecureBrowserUI:5
 //    set NSPR_LOG_FILE=nspr.log
 //
 // this enables LogLevel::Debug level information and places all output in
 // the file nspr.log
 //
-LazyLogModule gSecureDocLog("nsSecureBrowserUI");
+PRLogModuleInfo* gSecureDocLog = nullptr;
 
 struct RequestHashEntry : PLDHashEntryHdr {
     void *r;
 };
 
 static bool
 RequestMapMatchEntry(PLDHashTable *table, const PLDHashEntryHdr *hdr,
                          const void *key)
@@ -112,16 +112,19 @@ nsSecureBrowserUIImpl::nsSecureBrowserUI
 #ifdef DEBUG
   , mOnStateLocationChangeReentranceDetection(0)
 #endif
   , mTransferringRequests(&gMapOps, sizeof(RequestHashEntry))
 {
   MOZ_ASSERT(NS_IsMainThread());
 
   ResetStateTracking();
+
+  if (!gSecureDocLog)
+    gSecureDocLog = PR_NewLogModule("nsSecureBrowserUI");
 }
 
 NS_IMPL_ISUPPORTS(nsSecureBrowserUIImpl,
                   nsISecureBrowserUI,
                   nsIWebProgressListener,
                   nsISupportsWeakReference,
                   nsISSLStatusProvider)
 
--- a/security/manager/ssl/nsSecurityHeaderParser.cpp
+++ b/security/manager/ssl/nsSecurityHeaderParser.cpp
@@ -41,19 +41,27 @@ IsQuotedTextSymbol(signed char chr) {
 }
 
 // The octet following the "\" in a quoted pair can be anything 0-127.
 bool
 IsQuotedPairSymbol(signed char chr) {
   return (chr >= 0);
 }
 
-static mozilla::LazyLogModule sSHParserLog("nsSecurityHeaderParser");
+static PRLogModuleInfo *
+GetSHParserLog()
+{
+  static PRLogModuleInfo *sSHParserLog;
+  if (!sSHParserLog) {
+    sSHParserLog = PR_NewLogModule("nsSecurityHeaderParser");
+  }
+  return sSHParserLog;
+}
 
-#define SHPARSERLOG(args) MOZ_LOG(sSHParserLog, mozilla::LogLevel::Debug, args)
+#define SHPARSERLOG(args) MOZ_LOG(GetSHParserLog(), mozilla::LogLevel::Debug, args)
 
 nsSecurityHeaderParser::nsSecurityHeaderParser(const char *aHeader)
   : mCursor(aHeader)
   , mError(false)
 {
 }
 
 nsSecurityHeaderParser::~nsSecurityHeaderParser() {
--- a/security/manager/ssl/nsSiteSecurityService.cpp
+++ b/security/manager/ssl/nsSiteSecurityService.cpp
@@ -36,19 +36,26 @@
 // influence its HSTS status via include subdomains, however).
 // This prevents the preload list from overriding the site's current
 // desired HSTS status.
 #include "nsSTSPreloadList.inc"
 
 using namespace mozilla;
 using namespace mozilla::psm;
 
-static LazyLogModule gSSSLog("nsSSService");
+static PRLogModuleInfo *
+GetSSSLog()
+{
+  static PRLogModuleInfo *gSSSLog;
+  if (!gSSSLog)
+    gSSSLog = PR_NewLogModule("nsSSService");
+  return gSSSLog;
+}
 
-#define SSSLOG(args) MOZ_LOG(gSSSLog, mozilla::LogLevel::Debug, args)
+#define SSSLOG(args) MOZ_LOG(GetSSSLog(), mozilla::LogLevel::Debug, args)
 
 ////////////////////////////////////////////////////////////////////////////////
 
 SiteHSTSState::SiteHSTSState(nsCString& aStateString)
   : mHSTSExpireTime(0)
   , mHSTSState(SecurityPropertyUnset)
   , mHSTSIncludeSubdomains(false)
 {
--- a/security/manager/ssl/nsUsageArrayHelper.cpp
+++ b/security/manager/ssl/nsUsageArrayHelper.cpp
@@ -14,17 +14,17 @@
 #include "nsServiceManagerUtils.h"
 #include "nspr.h"
 #include "pkix/pkixnss.h"
 #include "secerr.h"
 
 using namespace mozilla;
 using namespace mozilla::psm;
 
-extern LazyLogModule gPIPNSSLog;
+extern PRLogModuleInfo* gPIPNSSLog;
 
 static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); // XXX? needed?::
 
 nsUsageArrayHelper::nsUsageArrayHelper(CERTCertificate *aCert)
 :mCert(aCert)
 {
   nsNSSShutDownPreventionLock locker;
   defaultcertdb = CERT_GetDefaultCertDB();