Bug 1244062, NSPR_4_12_BETA2, and Bug 1245053, NSS_3_23_BETA2
authorKai Engert <kaie@kuix.de>
Tue, 02 Feb 2016 11:50:47 +0100
changeset 282725 44ab9df0cd789bfac19f9d466b03c75ac9a61705
parent 282724 113fc521664e72b6c2fbf92152551e7e3920c4d0
child 282726 c0bd0d514c9f0e17e304afc0de8b85d582a95cb9
push id29970
push usercbook@mozilla.com
push dateWed, 03 Feb 2016 10:59:33 +0000
treeherdermozilla-central@f2f8fc172f4c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1244062, 1245053
milestone47.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1244062, NSPR_4_12_BETA2, and Bug 1245053, NSS_3_23_BETA2
nsprpub/TAG-INFO
nsprpub/config/prdepend.h
nsprpub/configure
nsprpub/configure.in
nsprpub/pr/include/md/_freebsd.cfg
nsprpub/pr/include/md/_freebsd.h
nsprpub/pr/include/md/_linux.h
nsprpub/pr/include/md/_netbsd.h
nsprpub/pr/include/md/_openbsd.h
nsprpub/pr/include/md/_unixos.h
nsprpub/pr/include/prenv.h
nsprpub/pr/include/prinit.h
nsprpub/pr/src/io/prlog.c
nsprpub/pr/src/io/prprf.c
nsprpub/pr/src/io/prscanf.c
nsprpub/pr/src/md/unix/unix.c
nsprpub/pr/src/md/windows/w95thred.c
nsprpub/pr/src/misc/prenv.c
nsprpub/pr/src/misc/prnetdb.c
nsprpub/pr/src/misc/prtpool.c
nsprpub/pr/src/misc/prtrace.c
nsprpub/pr/src/nspr.def
nsprpub/pr/src/pthreads/ptio.c
nsprpub/pr/src/pthreads/ptthread.c
nsprpub/pr/tests/env.c
nsprpub/pr/tests/server_test.c
nsprpub/pr/tests/vercheck.c
security/nss/TAG-INFO
security/nss/cmd/httpserv/httpserv.c
security/nss/cmd/lib/secutil.c
security/nss/cmd/lib/secutil.h
security/nss/cmd/libpkix/pkix/top/test_validatechain_NB.c
security/nss/cmd/modutil/installparse.c
security/nss/cmd/pk11mode/pk11mode.c
security/nss/cmd/pk11util/pk11util.c
security/nss/cmd/selfserv/selfserv.c
security/nss/cmd/shlibsign/shlibsign.c
security/nss/cmd/signtool/javascript.c
security/nss/cmd/signtool/util.c
security/nss/cmd/smimetools/cmsutil.c
security/nss/cmd/strsclnt/strsclnt.c
security/nss/cmd/tstclnt/tstclnt.c
security/nss/coreconf/coreconf.dep
security/nss/external_tests/google_test/gtest/test/gtest_unittest.cc
security/nss/external_tests/ssl_gtest/ssl_gtest.cc
security/nss/lib/certdb/certdb.c
security/nss/lib/certhigh/certvfypkix.c
security/nss/lib/certhigh/ocsp.c
security/nss/lib/freebl/Makefile
security/nss/lib/freebl/loader.c
security/nss/lib/freebl/mpi/utils/isprime.c
security/nss/lib/freebl/mpi/utils/metime.c
security/nss/lib/freebl/mpi/utils/primegen.c
security/nss/lib/freebl/rijndael.c
security/nss/lib/freebl/stubs.c
security/nss/lib/freebl/stubs.h
security/nss/lib/freebl/unix_rand.c
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
security/nss/lib/nss/nss.h
security/nss/lib/nss/nssinit.c
security/nss/lib/pk11wrap/debug_module.c
security/nss/lib/pk11wrap/pk11akey.c
security/nss/lib/pk11wrap/pk11load.c
security/nss/lib/pk11wrap/pk11pars.c
security/nss/lib/pk11wrap/pk11util.c
security/nss/lib/softoken/fipstokn.c
security/nss/lib/softoken/legacydb/lgattr.c
security/nss/lib/softoken/legacydb/lginit.c
security/nss/lib/softoken/lgglue.c
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/sdb.c
security/nss/lib/softoken/softkver.h
security/nss/lib/softoken/softoken.h
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/sslsnce.c
security/nss/lib/ssl/sslsock.c
security/nss/lib/sysinit/nsssysinit.c
security/nss/lib/util/nssutil.h
security/nss/lib/util/secoid.c
security/nss/lib/util/secport.c
security/nss/lib/util/utilpars.c
--- a/nsprpub/TAG-INFO
+++ b/nsprpub/TAG-INFO
@@ -1,1 +1,1 @@
-NSPR_4_11_RTM
+NSPR_4_12_BETA2
--- a/nsprpub/config/prdepend.h
+++ b/nsprpub/config/prdepend.h
@@ -5,9 +5,8 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSPR in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
-
--- a/nsprpub/configure
+++ b/nsprpub/configure
@@ -2483,17 +2483,17 @@ case $target_os in *\ *) target_os=`echo
 # The aliases save the names the user supplied, while $host etc.
 # will get canonicalized.
 test -n "$target_alias" &&
   test "$program_prefix$program_suffix$program_transform_name" = \
     NONENONEs,x,x, &&
   program_prefix=${target_alias}-
 
 MOD_MAJOR_VERSION=4
-MOD_MINOR_VERSION=11
+MOD_MINOR_VERSION=12
 MOD_PATCH_VERSION=0
 NSPR_MODNAME=nspr20
 _HAVE_PTHREADS=
 USE_PTHREADS=
 USE_USER_PTHREADS=
 USE_NSPR_THREADS=
 USE_N32=
 USE_X32=
@@ -7043,20 +7043,16 @@ tools are selected during the Xcode/Deve
     powerpc64)
         if test -n "$USE_64"; then
             CC="$CC -m64"
             CXX="$CXX -m64"
         else
             PR_MD_ASFILES=os_Linux_ppc.s
         fi
         ;;
-    m68k)
-        CFLAGS="$CFLAGS -m68020-60"
-        CXXFLAGS="$CXXFLAGS -m68020-60"
-        ;;
     esac
     ;;
 
 *-mingw*|*-msys*|*-cygwin*|*-mks*)
     $as_echo "#define XP_PC 1" >>confdefs.h
 
     $as_echo "#define WIN32 1" >>confdefs.h
 
@@ -7889,17 +7885,17 @@ fi
 $as_echo "$ac_cv_prog_gcc_traditional" >&6; }
   if test $ac_cv_prog_gcc_traditional = yes; then
     CC="$CC -traditional"
   fi
 fi
 
 _SAVE_LIBS="$LIBS"
 LIBS="$LIBS $OS_LIBS"
-for ac_func in dladdr gettid lchown setpriority strerror syscall
+for ac_func in dladdr gettid lchown setpriority strerror syscall  secure_getenv __secure_getenv
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
 if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
   cat >>confdefs.h <<_ACEOF
 #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
 
--- a/nsprpub/configure.in
+++ b/nsprpub/configure.in
@@ -10,17 +10,17 @@ AC_CONFIG_SRCDIR([pr/include/nspr.h])
 
 AC_CONFIG_AUX_DIR(${srcdir}/build/autoconf)
 AC_CANONICAL_TARGET
 
 dnl ========================================================
 dnl = Defaults
 dnl ========================================================
 MOD_MAJOR_VERSION=4
-MOD_MINOR_VERSION=11
+MOD_MINOR_VERSION=12
 MOD_PATCH_VERSION=0
 NSPR_MODNAME=nspr20
 _HAVE_PTHREADS=
 USE_PTHREADS=
 USE_USER_PTHREADS=
 USE_NSPR_THREADS=
 USE_N32=
 USE_X32=
@@ -1851,20 +1851,16 @@ tools are selected during the Xcode/Deve
     powerpc64)
         if test -n "$USE_64"; then
             CC="$CC -m64"
             CXX="$CXX -m64"
         else
             PR_MD_ASFILES=os_Linux_ppc.s
         fi
         ;;
-    m68k)
-        CFLAGS="$CFLAGS -m68020-60"
-        CXXFLAGS="$CXXFLAGS -m68020-60"
-        ;;
     esac    
     ;;
 
 *-mingw*|*-msys*|*-cygwin*|*-mks*)
     AC_DEFINE(XP_PC)
     AC_DEFINE(WIN32)
     PR_MD_ARCH_DIR=windows
     RESOLVE_LINK_SYMBOLS=1
@@ -2538,17 +2534,18 @@ dnl Check for typedefs and structs
 dnl ========================================================
 
 dnl ========================================================
 dnl Checks for library functions.
 dnl ========================================================
 AC_PROG_GCC_TRADITIONAL
 _SAVE_LIBS="$LIBS"
 LIBS="$LIBS $OS_LIBS"
-AC_CHECK_FUNCS(dladdr gettid lchown setpriority strerror syscall)
+AC_CHECK_FUNCS(dladdr gettid lchown setpriority strerror syscall dnl
+ secure_getenv __secure_getenv)
 LIBS="$_SAVE_LIBS"
 
 dnl ========================================================
 dnl Check options
 dnl ========================================================
 
 dnl ======================================================
 dnl = Enable compiling with ccache
--- a/nsprpub/pr/include/md/_freebsd.cfg
+++ b/nsprpub/pr/include/md/_freebsd.cfg
@@ -337,16 +337,62 @@
 #define PR_ALIGN_OF_FLOAT   4
 #define PR_ALIGN_OF_DOUBLE  8
 #define PR_ALIGN_OF_POINTER 4
 #define PR_ALIGN_OF_WORD    4
 
 #define PR_BYTES_PER_WORD_LOG2   2
 #define PR_BYTES_PER_DWORD_LOG2  3
 
+#elif defined(__aarch64__)
+
+#undef  IS_BIG_ENDIAN
+#define IS_LITTLE_ENDIAN 1
+#define IS_64
+
+#define PR_BYTES_PER_BYTE   1
+#define PR_BYTES_PER_SHORT  2
+#define PR_BYTES_PER_INT    4
+#define PR_BYTES_PER_INT64  8
+#define PR_BYTES_PER_LONG   8
+#define PR_BYTES_PER_FLOAT  4
+#define PR_BYTES_PER_DOUBLE 8
+#define PR_BYTES_PER_WORD   8
+#define PR_BYTES_PER_DWORD  8
+
+#define PR_BITS_PER_BYTE    8
+#define PR_BITS_PER_SHORT   16
+#define PR_BITS_PER_INT     32
+#define PR_BITS_PER_INT64   64
+#define PR_BITS_PER_LONG    64
+#define PR_BITS_PER_FLOAT   32
+#define PR_BITS_PER_DOUBLE  64
+#define PR_BITS_PER_WORD    64
+
+#define PR_BITS_PER_BYTE_LOG2   3
+#define PR_BITS_PER_SHORT_LOG2  4
+#define PR_BITS_PER_INT_LOG2    5
+#define PR_BITS_PER_INT64_LOG2  6
+#define PR_BITS_PER_LONG_LOG2   6
+#define PR_BITS_PER_FLOAT_LOG2  5
+#define PR_BITS_PER_DOUBLE_LOG2 6
+#define PR_BITS_PER_WORD_LOG2   6
+
+#define PR_ALIGN_OF_SHORT   2
+#define PR_ALIGN_OF_INT     4
+#define PR_ALIGN_OF_LONG    8
+#define PR_ALIGN_OF_INT64   8
+#define PR_ALIGN_OF_FLOAT   4
+#define PR_ALIGN_OF_DOUBLE  8
+#define PR_ALIGN_OF_POINTER 8
+#define PR_ALIGN_OF_WORD    8
+
+#define PR_BYTES_PER_WORD_LOG2  3
+#define PR_BYTES_PER_DWORD_LOG2 3
+
 #elif defined(__arm__)
 
 #if defined(__ARMEB__) || defined(__ARM_BIG_ENDIAN__)
 #undef  IS_LITTLE_ENDIAN
 #define IS_BIG_ENDIAN    1
 #else
 #undef  IS_BIG_ENDIAN
 #define IS_LITTLE_ENDIAN 1
--- a/nsprpub/pr/include/md/_freebsd.h
+++ b/nsprpub/pr/include/md/_freebsd.h
@@ -24,16 +24,18 @@
 #elif defined(__ia64__)
 #define _PR_SI_ARCHITECTURE "ia64"
 #elif defined(__amd64__)
 #define _PR_SI_ARCHITECTURE "amd64"
 #elif defined(__powerpc64__)
 #define _PR_SI_ARCHITECTURE "powerpc64"
 #elif defined(__powerpc__)
 #define _PR_SI_ARCHITECTURE "powerpc"
+#elif defined(__aarch64__)
+#define _PR_SI_ARCHITECTURE "aarch64"
 #elif defined(__arm__)
 #define _PR_SI_ARCHITECTURE "arm"
 #elif defined(__mips64__)
 #define _PR_SI_ARCHITECTURE "mips64"
 #elif defined(__mips__)
 #define _PR_SI_ARCHITECTURE "mips"
 #else
 #error "Unknown CPU architecture"
@@ -223,17 +225,17 @@ extern PRStatus _MD_WAKEUP_WAITER(PRThre
 extern void _MD_YIELD(void);
 
 #endif /* ! _PR_PTHREADS */
 
 extern void _MD_EarlyInit(void);
 
 #define _MD_EARLY_INIT                  _MD_EarlyInit
 #define _MD_FINAL_INIT			_PR_UnixInit
-#define _MD_INTERVAL_USE_GTOD
+#define _PR_HAVE_CLOCK_MONOTONIC
 
 /*
  * We wrapped the select() call.  _MD_SELECT refers to the built-in,
  * unwrapped version.
  */
 #define _MD_SELECT(nfds,r,w,e,tv) syscall(SYS_select,nfds,r,w,e,tv)
 
 #if defined(_PR_POLL_AVAILABLE)
--- a/nsprpub/pr/include/md/_linux.h
+++ b/nsprpub/pr/include/md/_linux.h
@@ -666,17 +666,17 @@ extern PRStatus _MD_WAKEUP_WAITER(PRThre
 extern void _MD_YIELD(void);
 
 #endif /* ! _PR_PTHREADS */
 
 extern void _MD_EarlyInit(void);
 
 #define _MD_EARLY_INIT                  _MD_EarlyInit
 #define _MD_FINAL_INIT                  _PR_UnixInit
-#define HAVE_CLOCK_MONOTONIC
+#define _PR_HAVE_CLOCK_MONOTONIC
 
 /*
  * We wrapped the select() call.  _MD_SELECT refers to the built-in,
  * unwrapped version.
  */
 #define _MD_SELECT __select
 
 #ifdef _PR_POLL_AVAILABLE
--- a/nsprpub/pr/include/md/_netbsd.h
+++ b/nsprpub/pr/include/md/_netbsd.h
@@ -206,17 +206,17 @@ struct _MDCPU {
 #define _MD_CLEAN_THREAD(_thread)
 
 #endif /* ! _PR_PTHREADS */
 
 extern void _MD_EarlyInit(void);
 
 #define _MD_EARLY_INIT                  _MD_EarlyInit
 #define _MD_FINAL_INIT			_PR_UnixInit
-#define _MD_INTERVAL_USE_GTOD
+#define _PR_HAVE_CLOCK_MONOTONIC
 
 /*
  * We wrapped the select() call.  _MD_SELECT refers to the built-in,
  * unwrapped version.
  */
 #define _MD_SELECT(nfds,r,w,e,tv) syscall(SYS_select,nfds,r,w,e,tv)
 #if defined(_PR_POLL_AVAILABLE)
 #include <poll.h>
--- a/nsprpub/pr/include/md/_openbsd.h
+++ b/nsprpub/pr/include/md/_openbsd.h
@@ -187,17 +187,17 @@ struct _MDCPU {
 #define _MD_SUSPEND_THREAD(thread)      _MD_suspend_thread
 #define _MD_RESUME_THREAD(thread)       _MD_resume_thread
 #define _MD_CLEAN_THREAD(_thread)
 
 #endif /* ! _PR_PTHREADS */
 
 #define _MD_EARLY_INIT                  _MD_EarlyInit
 #define _MD_FINAL_INIT			_PR_UnixInit
-#define _MD_INTERVAL_USE_GTOD
+#define _PR_HAVE_CLOCK_MONOTONIC
 
 /*
  * We wrapped the select() call.  _MD_SELECT refers to the built-in,
  * unwrapped version.
  */
 #define _MD_SELECT(nfds,r,w,e,tv) syscall(SYS_select,nfds,r,w,e,tv)
 #include <poll.h>
 #define _MD_POLL(fds,nfds,timeout) syscall(SYS_poll,fds,nfds,timeout)
--- a/nsprpub/pr/include/md/_unixos.h
+++ b/nsprpub/pr/include/md/_unixos.h
@@ -297,17 +297,17 @@ extern void		_MD_FreeSegment(PRSegment *
 #ifdef _MD_INTERVAL_USE_GTOD
 extern PRIntervalTime   _PR_UNIX_GetInterval(void);
 extern PRIntervalTime   _PR_UNIX_TicksPerSecond(void);
 #define _MD_INTERVAL_INIT()
 #define _MD_GET_INTERVAL		_PR_UNIX_GetInterval
 #define _MD_INTERVAL_PER_SEC		_PR_UNIX_TicksPerSecond
 #endif
 
-#ifdef HAVE_CLOCK_MONOTONIC
+#ifdef _PR_HAVE_CLOCK_MONOTONIC
 extern PRIntervalTime   _PR_UNIX_GetInterval2(void);
 extern PRIntervalTime   _PR_UNIX_TicksPerSecond2(void);
 #define _MD_INTERVAL_INIT()
 #define _MD_GET_INTERVAL		_PR_UNIX_GetInterval2
 #define _MD_INTERVAL_PER_SEC		_PR_UNIX_TicksPerSecond2
 #endif
 
 #define _MD_INTERVAL_PER_MILLISEC()	(_PR_MD_INTERVAL_PER_SEC() / 1000)
--- a/nsprpub/pr/include/prenv.h
+++ b/nsprpub/pr/include/prenv.h
@@ -86,16 +86,30 @@ PR_BEGIN_EXTERN_C
 **   conceptual environment space than that operated upon by
 **   NSPR's functions or other environment manipulating
 **   functions on the same platform. (!)
 ** 
 */
 NSPR_API(char*) PR_GetEnv(const char *var);
 
 /*
+** PR_GetEnvSecure() -- get a security-sensitive environment variable
+**
+** Description:
+**
+** PR_GetEnvSecure() is similar to PR_GetEnv(), but it returns NULL if
+** the program was run with elevated privilege (e.g., setuid or setgid
+** on Unix).  This can be used for cases like log file paths which
+** could otherwise be used for privilege escalation.  Note that some
+** platforms may have platform-specific privilege elevation mechanisms
+** not recognized by this function; see the implementation for details.
+*/
+NSPR_API(char*) PR_GetEnvSecure(const char *var);
+
+/*
 ** PR_SetEnv() -- set, unset or change an environment variable
 ** 
 ** Description:
 ** PR_SetEnv() is modeled on the Unix putenv() function.
 ** 
 ** Inputs: 
 **   string -- pointer to a caller supplied
 **   constant, persistent string of the form name=value. Where
--- a/nsprpub/pr/include/prinit.h
+++ b/nsprpub/pr/include/prinit.h
@@ -26,21 +26,21 @@ PR_BEGIN_EXTERN_C
 /*
 ** NSPR's version is used to determine the likelihood that the version you
 ** used to build your component is anywhere close to being compatible with
 ** what is in the underlying library.
 **
 ** The format of the version string is
 **     "<major version>.<minor version>[.<patch level>] [<Beta>]"
 */
-#define PR_VERSION  "4.11"
+#define PR_VERSION  "4.12 Beta"
 #define PR_VMAJOR   4
-#define PR_VMINOR   11
+#define PR_VMINOR   12
 #define PR_VPATCH   0
-#define PR_BETA     PR_FALSE
+#define PR_BETA     PR_TRUE
 
 /*
 ** PRVersionCheck
 **
 ** The basic signature of the function that is called to provide version
 ** checking. The result will be a boolean that indicates the likelihood
 ** that the underling library will perform as the caller expects.
 **
--- a/nsprpub/pr/src/io/prlog.c
+++ b/nsprpub/pr/src/io/prlog.c
@@ -233,23 +233,17 @@ void _PR_InitLog(void)
             }
             /*found:*/
             count = sscanf(&ev[pos], " , %n", &delta);
             pos += delta;
             if (count == EOF) break;
         }
         PR_SetLogBuffering(isSync ? 0 : bufSize);
 
-#ifdef XP_UNIX
-        if ((getuid() != geteuid()) || (getgid() != getegid())) {
-            return;
-        }
-#endif /* XP_UNIX */
-
-        ev = PR_GetEnv("NSPR_LOG_FILE");
+        ev = PR_GetEnvSecure("NSPR_LOG_FILE");
         if (ev && ev[0]) {
             if (!PR_SetLogFile(ev)) {
 #ifdef XP_PC
                 char* str = PR_smprintf("Unable to create nspr log file '%s'\n", ev);
                 if (str) {
                     OutputDebugStringA(str);
                     PR_smprintf_free(str);
                 }
--- a/nsprpub/pr/src/io/prprf.c
+++ b/nsprpub/pr/src/io/prprf.c
@@ -32,17 +32,17 @@
 
 typedef struct SprintfStateStr SprintfState;
 
 struct SprintfStateStr {
     int (*stuff)(SprintfState *ss, const char *sp, PRUint32 len);
 
     char *base;
     char *cur;
-    PRUint32 maxlen;
+    PRUint32 maxlen;  /* Must not exceed PR_INT32_MAX. */
 
     int (*func)(void *arg, const char *sp, PRUint32 len);
     void *arg;
 };
 
 /*
 ** Numbered Argument
 */
@@ -692,17 +692,17 @@ static int dosprintf(SprintfState *ss, c
 #endif
     } u;
     const char *fmt0;
     static char *hex = "0123456789abcdef";
     static char *HEX = "0123456789ABCDEF";
     char *hexp;
     int rv, i;
     struct NumArg* nas = NULL;
-    struct NumArg* nap;
+    struct NumArg* nap = NULL;
     struct NumArg  nasArray[ NAS_DEFAULT_NUM ];
     char  pattern[20];
     const char* dolPt = NULL;  /* in "%4$.2f", dolPt will point to . */
 #ifdef WIN32
     char *pBuf = NULL;
 #endif
 
     /*
@@ -1055,16 +1055,23 @@ static int dosprintf(SprintfState *ss, c
 }
 
 /************************************************************************/
 
 static int FuncStuff(SprintfState *ss, const char *sp, PRUint32 len)
 {
     int rv;
 
+    /*
+    ** We will add len to ss->maxlen at the end of the function. First check
+    ** if ss->maxlen + len would overflow or be greater than PR_INT32_MAX.
+    */
+    if (PR_UINT32_MAX - ss->maxlen < len || ss->maxlen + len > PR_INT32_MAX) {
+	return -1;
+    }
     rv = (*ss->func)(ss->arg, sp, len);
     if (rv < 0) {
 	return rv;
     }
     ss->maxlen += len;
     return 0;
 }
 
@@ -1100,19 +1107,31 @@ PR_IMPLEMENT(PRUint32) PR_vsxprintf(PRSt
 */
 static int GrowStuff(SprintfState *ss, const char *sp, PRUint32 len)
 {
     ptrdiff_t off;
     char *newbase;
     PRUint32 newlen;
 
     off = ss->cur - ss->base;
+    if (PR_UINT32_MAX - len < off) {
+	/* off + len would be too big. */
+	return -1;
+    }
     if (off + len >= ss->maxlen) {
 	/* Grow the buffer */
-	newlen = ss->maxlen + ((len > 32) ? len : 32);
+	PRUint32 increment = (len > 32) ? len : 32;
+	if (PR_UINT32_MAX - ss->maxlen < increment) {
+	    /* ss->maxlen + increment would overflow. */
+	    return -1;
+	}
+	newlen = ss->maxlen + increment;
+	if (newlen > PR_INT32_MAX) {
+	    return -1;
+	}
 	if (ss->base) {
 	    newbase = (char*) PR_REALLOC(ss->base, newlen);
 	} else {
 	    newbase = (char*) PR_MALLOC(newlen);
 	}
 	if (!newbase) {
 	    /* Ran out of memory */
 	    return -1;
@@ -1205,18 +1224,18 @@ PR_IMPLEMENT(PRUint32) PR_snprintf(char 
 }
 
 PR_IMPLEMENT(PRUint32) PR_vsnprintf(char *out, PRUint32 outlen,const char *fmt,
                                   va_list ap)
 {
     SprintfState ss;
     PRUint32 n;
 
-    PR_ASSERT((PRInt32)outlen > 0);
-    if ((PRInt32)outlen <= 0) {
+    PR_ASSERT(outlen != 0 && outlen <= PR_INT32_MAX);
+    if (outlen == 0 || outlen > PR_INT32_MAX) {
 	return 0;
     }
 
     ss.stuff = LimitStuff;
     ss.base = out;
     ss.cur = out;
     ss.maxlen = outlen;
     (void) dosprintf(&ss, fmt, ap);
@@ -1242,17 +1261,20 @@ PR_IMPLEMENT(char *) PR_sprintf_append(c
 
 PR_IMPLEMENT(char *) PR_vsprintf_append(char *last, const char *fmt, va_list ap)
 {
     SprintfState ss;
     int rv;
 
     ss.stuff = GrowStuff;
     if (last) {
-	int lastlen = strlen(last);
+	size_t lastlen = strlen(last);
+	if (lastlen > PR_INT32_MAX) {
+	    return 0;
+	}
 	ss.base = last;
 	ss.cur = last + lastlen;
 	ss.maxlen = lastlen;
     } else {
 	ss.base = 0;
 	ss.cur = 0;
 	ss.maxlen = 0;
     }
--- a/nsprpub/pr/src/io/prscanf.c
+++ b/nsprpub/pr/src/io/prscanf.c
@@ -189,17 +189,17 @@ static PRUint64
  */
 #define FMAX 31
 #define DECIMAL_POINT '.'
 
 static PRStatus
 GetInt(ScanfState *state, int code)
 {
     char buf[FMAX + 1], *p;
-    int ch;
+    int ch = 0;
     static const char digits[] = "0123456789abcdefABCDEF";
     PRBool seenDigit = PR_FALSE;
     int base;
     int dlen;
 
     switch (code) {
         case 'd': case 'u':
             base = 10;
@@ -299,17 +299,17 @@ GetInt(ScanfState *state, int code)
     }
     return PR_SUCCESS;
 }
 
 static PRStatus
 GetFloat(ScanfState *state)
 {
     char buf[FMAX + 1], *p;
-    int ch;
+    int ch = 0;
     PRBool seenDigit = PR_FALSE;
 
     if (state->width == 0 || state->width > FMAX) {
         state->width = FMAX;
     }
     p = buf;
     GET_IF_WITHIN_WIDTH(state, ch);
     if (WITHIN_WIDTH(state) && (ch == '+' || ch == '-')) {
--- a/nsprpub/pr/src/md/unix/unix.c
+++ b/nsprpub/pr/src/md/unix/unix.c
@@ -3035,17 +3035,17 @@ PRIntervalTime _PR_UNIX_GetInterval()
 }  /* _PR_UNIX_GetInterval */
 
 PRIntervalTime _PR_UNIX_TicksPerSecond()
 {
     return 1000;  /* this needs some work :) */
 }
 #endif
 
-#if defined(HAVE_CLOCK_MONOTONIC)
+#if defined(_PR_HAVE_CLOCK_MONOTONIC)
 PRIntervalTime _PR_UNIX_GetInterval2()
 {
     struct timespec time;
     PRIntervalTime ticks;
 
     if (clock_gettime(CLOCK_MONOTONIC, &time) != 0) {
         fprintf(stderr, "clock_gettime failed: %d\n", errno);
         abort();
--- a/nsprpub/pr/src/md/windows/w95thred.c
+++ b/nsprpub/pr/src/md/windows/w95thred.c
@@ -60,24 +60,29 @@ PRStatus
         ** Warning:
         ** --------
         ** NSPR requires a real handle to every thread.
         ** GetCurrentThread() returns a pseudo-handle which
         ** is not suitable for some thread operations (e.g.,
         ** suspending).  Therefore, get a real handle from
         ** the pseudo handle via DuplicateHandle(...)
         */
-        DuplicateHandle(
+        BOOL ok = DuplicateHandle(
                 GetCurrentProcess(),     /* Process of source handle */
                 GetCurrentThread(),      /* Pseudo Handle to dup */
                 GetCurrentProcess(),     /* Process of handle */
                 &(thread->md.handle),    /* resulting handle */
                 0L,                      /* access flags */
                 FALSE,                   /* Inheritable */
                 DUPLICATE_SAME_ACCESS);  /* Options */
+        if (!ok) {
+            return PR_FAILURE;
+        }
+        thread->id = GetCurrentThreadId();
+        thread->md.id = thread->id;
     }
 
     /* Create the blocking IO semaphore */
     thread->md.blocked_sema = CreateSemaphore(NULL, 0, 1, NULL);
     if (thread->md.blocked_sema == NULL)
         return PR_FAILURE;
 	else
 		return PR_SUCCESS;
--- a/nsprpub/pr/src/misc/prenv.c
+++ b/nsprpub/pr/src/misc/prenv.c
@@ -1,27 +1,34 @@
 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include <string.h>
+#include <stdlib.h>
 #include "primpl.h"
 #include "prmem.h"
 
 #if defined(XP_UNIX)
+#include <unistd.h>
 #if defined(DARWIN)
 #if defined(HAVE_CRT_EXTERNS_H)
 #include <crt_externs.h>
 #endif /* HAVE_CRT_EXTERNS_H */
 #else  /* DARWIN */
 PR_IMPORT_DATA(char **) environ;
 #endif /* DARWIN */
 #endif /* XP_UNIX */
 
+#if !defined(HAVE_SECURE_GETENV) && defined(HAVE___SECURE_GETENV)
+#define secure_getenv __secure_getenv
+#define HAVE_SECURE_GETENV 1
+#endif
+
 /* Lock used to lock the environment */
 #if defined(_PR_NO_PREEMPT)
 #define _PR_NEW_LOCK_ENV()
 #define _PR_DELETE_LOCK_ENV()
 #define _PR_LOCK_ENV()
 #define _PR_UNLOCK_ENV()
 #elif defined(_PR_LOCAL_THREADS_ONLY)
 extern _PRCPU * _pr_primordialCPU;
@@ -58,16 +65,44 @@ PR_IMPLEMENT(char*) PR_GetEnv(const char
     if (!_pr_initialized) _PR_ImplicitInitialization();
 
     _PR_LOCK_ENV();
     ev = _PR_MD_GET_ENV(var);
     _PR_UNLOCK_ENV();
     return ev;
 }
 
+PR_IMPLEMENT(char*) PR_GetEnvSecure(const char *var)
+{
+#ifdef HAVE_SECURE_GETENV
+  char *ev;
+
+  if (!_pr_initialized) _PR_ImplicitInitialization();
+
+  _PR_LOCK_ENV();
+  ev = secure_getenv(var);
+  _PR_UNLOCK_ENV();
+
+  return ev;
+#else
+#ifdef XP_UNIX
+  /*
+  ** Fall back to checking uids and gids.  This won't detect any other
+  ** privilege-granting mechanisms the platform may have.  This also
+  ** can't detect the case where the process already called
+  ** setuid(geteuid()) and/or setgid(getegid()).
+  */
+  if (getuid() != geteuid() || getgid() != getegid()) {
+    return NULL;
+  }
+#endif /* XP_UNIX */
+  return PR_GetEnv(var);
+#endif /* HAVE_SECURE_GETENV */
+}
+
 PR_IMPLEMENT(PRStatus) PR_SetEnv(const char *string)
 {
     PRIntn result;
 
     if (!_pr_initialized) _PR_ImplicitInitialization();
 
     if (!strchr(string, '=')) return(PR_FAILURE);
 
--- a/nsprpub/pr/src/misc/prnetdb.c
+++ b/nsprpub/pr/src/misc/prnetdb.c
@@ -58,18 +58,17 @@ PRLock *_pr_dnsLock = NULL;
 #include <arpa/inet.h>  /* pick up define for inet_addr */
 #include <sys/socket.h>
 #define _PR_HAVE_GETPROTO_R
 #define _PR_HAVE_GETPROTO_R_POINTER
 #endif
 
 #if defined(SOLARIS) || (defined(BSDI) && defined(_REENTRANT)) \
 	|| (defined(LINUX) && defined(_REENTRANT) \
-        && !(defined(__GLIBC__) && __GLIBC__ >= 2) \
-        && !defined(ANDROID))
+        && defined(__GLIBC__) && __GLIBC__ < 2)
 #define _PR_HAVE_GETPROTO_R
 #define _PR_HAVE_GETPROTO_R_POINTER
 #endif
 
 #if defined(OSF1) \
         || defined(AIX4_3_PLUS) || (defined(AIX) && defined(_THREAD_SAFE)) \
 	|| (defined(HPUX10_10) && defined(_REENTRANT)) \
         || (defined(HPUX10_20) && defined(_REENTRANT)) \
--- a/nsprpub/pr/src/misc/prtpool.c
+++ b/nsprpub/pr/src/misc/prtpool.c
@@ -276,18 +276,18 @@ add_to_jobq(PRThreadPool *tp, PRJob *job
  * io worker thread function
  */
 static void io_wstart(void *arg)
 {
 PRThreadPool *tp = (PRThreadPool *) arg;
 int pollfd_cnt, pollfds_used;
 int rv;
 PRCList *qp, *nextqp;
-PRPollDesc *pollfds;
-PRJob **polljobs;
+PRPollDesc *pollfds = NULL;
+PRJob **polljobs = NULL;
 int poll_timeout;
 PRIntervalTime now;
 
 	/*
 	 * scan io_jobq
 	 * construct poll list
 	 * call PR_Poll
 	 * for all fds, for which poll returns true, move the job to
--- a/nsprpub/pr/src/misc/prtrace.c
+++ b/nsprpub/pr/src/misc/prtrace.c
@@ -652,24 +652,18 @@ static PRFileDesc * InitializeRecording(
         _PR_InitializeTrace();
 
     PR_LOG( lm, PR_LOG_DEBUG,
         ("PR_RecordTraceEntries: begins"));
 
     logLostData = 0; /* reset at entry */
     logState = LogReset;
 
-#ifdef XP_UNIX
-    if ((getuid() != geteuid()) || (getgid() != getegid())) {
-        return NULL;
-    }
-#endif /* XP_UNIX */
-
     /* Get the filename for the logfile from the environment */
-    logFileName = PR_GetEnv( "NSPR_TRACE_LOG" );
+    logFileName = PR_GetEnvSecure( "NSPR_TRACE_LOG" );
     if ( logFileName == NULL )
     {
         PR_LOG( lm, PR_LOG_ERROR,
             ("RecordTraceEntries: Environment variable not defined. Exiting"));
         return NULL;
     }
     
     /* Open the logfile */
--- a/nsprpub/pr/src/nspr.def
+++ b/nsprpub/pr/src/nspr.def
@@ -450,8 +450,15 @@ EXPORTS ;-
 ;+      global:
 		PR_GetThreadName;
 		PR_SetCurrentThreadName;
 ;+} NSPR_4.8.9;
 ;+NSPR_4.10.3 {
 ;+      global:
 		PR_SyncMemMap;
 ;+} NSPR_4.9.2;
+;+# Function PR_DuplicateEnvironment had been added in NSPR 4.10.9,
+;+# but we neglected to add it to nspr.def until NSPR 4.12
+;+NSPR_4.12 {
+;+      global:
+		PR_DuplicateEnvironment;
+		PR_GetEnvSecure;
+;+} NSPR_4.10.3;
--- a/nsprpub/pr/src/pthreads/ptio.c
+++ b/nsprpub/pr/src/pthreads/ptio.c
@@ -3760,17 +3760,17 @@ static PRInt32 _pr_poll_with_poll(
     PRPollDesc *pds, PRIntn npds, PRIntervalTime timeout)
 {
     PRInt32 ready = 0;
     /*
      * For restarting poll() if it is interrupted by a signal.
      * We use these variables to figure out how much time has
      * elapsed and how much of the timeout still remains.
      */
-    PRIntervalTime start, elapsed, remaining;
+    PRIntervalTime start = 0, elapsed, remaining;
 
     if (pt_TestAbort()) return -1;
 
     if (0 == npds) PR_Sleep(timeout);
     else
     {
 #define STACK_POLL_DESC_COUNT 64
         struct pollfd stack_syspoll[STACK_POLL_DESC_COUNT];
@@ -4014,17 +4014,17 @@ static PRInt32 _pr_poll_with_select(
     PRPollDesc *pds, PRIntn npds, PRIntervalTime timeout)
 {
     PRInt32 ready = 0;
     /*
      * For restarting select() if it is interrupted by a signal.
      * We use these variables to figure out how much time has
      * elapsed and how much of the timeout still remains.
      */
-    PRIntervalTime start, elapsed, remaining;
+    PRIntervalTime start = 0, elapsed, remaining;
 
     if (pt_TestAbort()) return -1;
 
     if (0 == npds) PR_Sleep(timeout);
     else
     {
 #define STACK_POLL_DESC_COUNT 64
         int stack_selectfd[STACK_POLL_DESC_COUNT];
@@ -4914,17 +4914,17 @@ PR_IMPLEMENT(PRInt32) PR_Select(
     struct timeval tv, *tvp;
     PRInt32 max, max_fd;
     PRInt32 rv;
     /*
      * For restarting select() if it is interrupted by a Unix signal.
      * We use these variables to figure out how much time has elapsed
      * and how much of the timeout still remains.
      */
-    PRIntervalTime start, elapsed, remaining;
+    PRIntervalTime start = 0, elapsed, remaining;
 
     static PRBool unwarned = PR_TRUE;
     if (unwarned) unwarned = _PR_Obsolete( "PR_Select", "PR_Poll");
 
     FD_ZERO(&rd);
     FD_ZERO(&wr);
     FD_ZERO(&ex);
 
--- a/nsprpub/pr/src/pthreads/ptthread.c
+++ b/nsprpub/pr/src/pthreads/ptthread.c
@@ -16,16 +16,20 @@
 #include "prpdce.h"
 
 #include <pthread.h>
 #include <unistd.h>
 #include <string.h>
 #include <signal.h>
 #include <dlfcn.h>
 
+#if defined(OPENBSD) || defined(FREEBSD) || defined(DRAGONFLY)
+#include <pthread_np.h>
+#endif
+
 #ifdef SYMBIAN
 /* In Open C sched_get_priority_min/max do not work properly, so we undefine
  * _POSIX_THREAD_PRIORITY_SCHEDULING here.
  */
 #undef _POSIX_THREAD_PRIORITY_SCHEDULING
 #endif
 
 #ifdef _PR_NICE_PRIORITY_SCHEDULING
@@ -1728,17 +1732,17 @@ PR_IMPLEMENT(void*)PR_GetSP(PRThread *th
 }  /* PR_GetSP */
 
 #endif /* !defined(_PR_DCETHREADS) */
 
 PR_IMPLEMENT(PRStatus) PR_SetCurrentThreadName(const char *name)
 {
     PRThread *thread;
     size_t nameLen;
-    int result;
+    int result = 0;
 
     if (!name) {
         PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
         return PR_FAILURE;
     }
 
     thread = PR_GetCurrentThread();
     if (!thread)
@@ -1746,18 +1750,20 @@ PR_IMPLEMENT(PRStatus) PR_SetCurrentThre
 
     PR_Free(thread->name);
     nameLen = strlen(name);
     thread->name = (char *)PR_Malloc(nameLen + 1);
     if (!thread->name)
         return PR_FAILURE;
     memcpy(thread->name, name, nameLen + 1);
 
-#if defined(OPENBSD) || defined(FREEBSD)
-    result = pthread_set_name_np(thread->id, name);
+#if defined(OPENBSD) || defined(FREEBSD) || defined(DRAGONFLY)
+    pthread_set_name_np(thread->id, name);
+#elif defined(NETBSD)
+    result = pthread_setname_np(thread->id, "%s", (void *)name);
 #else /* not BSD */
     /*
      * On OSX, pthread_setname_np is only available in 10.6 or later, so test
      * for it at runtime.  It also may not be available on all linux distros.
      */
 #if defined(DARWIN)
     int (*dynamic_pthread_setname_np)(const char*);
 #else
--- a/nsprpub/pr/tests/env.c
+++ b/nsprpub/pr/tests/env.c
@@ -13,16 +13,17 @@
 #include "plgetopt.h"
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
 PRIntn  debug = 0;
 PRIntn  verbose = 0;
+PRIntn  secure = 0;
 PRBool  failedAlready = PR_FALSE;
 
 #define  ENVNAME    "NSPR_ENVIRONMENT_TEST_VARIABLE"
 #define  ENVVALUE   "The expected result"
 #define  ENVBUFSIZE 256
 
 char    *envBuf; /* buffer pointer. We leak memory here on purpose! */
 
@@ -38,29 +39,38 @@ static char * NewBuffer( size_t size )
 
 int main(int argc, char **argv)
 {
     char    *value;
     PRStatus    rc;
 
     {   /* Get command line options */
         PLOptStatus os;
-        PLOptState *opt = PL_CreateOptState(argc, argv, "vd");
+        PLOptState *opt = PL_CreateOptState(argc, argv, "vds");
 
 	    while (PL_OPT_EOL != (os = PL_GetNextOpt(opt)))
         {
 		    if (PL_OPT_BAD == os) continue;
             switch (opt->option)
             {
             case 'd':  /* debug */
                 debug = 1;
                 break;
             case 'v':  /* verbose */
                 verbose = 1;
                 break;
+            case 's':  /* secure / set[ug]id */
+                /*
+                ** To test PR_GetEnvSecure, make this executable (or a
+                ** copy of it) setuid / setgid / otherwise inherently
+                ** privileged (e.g., file capabilities) and run it
+                ** with this flag.
+                */
+                secure = 1;
+                break;
              default:
                 break;
             }
         }
 	    PL_DestroyOptState(opt);
     } /* end block "Get command line options" */
 
 #if 0 
@@ -108,16 +118,42 @@ int main(int argc, char **argv)
     value = PR_GetEnv( ENVNAME );
     if ( (NULL == value ) || (strcmp( value, ENVVALUE)))  {
         if (debug) printf( "env: PR_GetEnv() Failed after setting\n" );
         failedAlready = PR_TRUE;
     } else {
         if (verbose) printf("env: PR_GetEnv() worked after setting it. Found: %s\n", value );
     }
 
+    if ( secure ) {
+        /*
+        ** In this case we've been run with elevated privileges, so
+        ** test that PR_GetEnvSecure *doesn't* find that env var.
+        */
+        value = PR_GetEnvSecure( ENVNAME );
+        if ( NULL != value ) {
+            if (debug) printf( "env: PR_GetEnvSecure() failed; expected NULL, found \"%s\"\n", value );
+            failedAlready = PR_TRUE;
+        } else {
+            if (verbose) printf("env: PR_GetEnvSecure() worked\n" );
+        }
+    } else {
+        /*
+        ** In this case the program is being run normally, so do the
+        ** same check for PR_GetEnvSecure as for PR_GetEnv.
+        */
+        value = PR_GetEnvSecure( ENVNAME );
+        if ( (NULL == value ) || (strcmp( value, ENVVALUE)))  {
+            if (debug) printf( "env: PR_GetEnvSecure() Failed after setting\n" );
+            failedAlready = PR_TRUE;
+        } else {
+            if (verbose) printf("env: PR_GetEnvSecure() worked after setting it. Found: %s\n", value );
+        }
+    }
+
 /* ---------------------------------------------------------------------- */
     /* check that PR_DuplicateEnvironment() agrees with PR_GetEnv() */
     {
 #if defined(XP_UNIX) && (!defined(DARWIN) || defined(HAVE_CRT_EXTERNS_H))
         static const PRBool expect_failure = PR_FALSE;
 #else
         static const PRBool expect_failure = PR_TRUE;
 #endif
--- a/nsprpub/pr/tests/server_test.c
+++ b/nsprpub/pr/tests/server_test.c
@@ -32,16 +32,17 @@
 #include <string.h>
 
 #define PORT 15004
 #define THREAD_STACKSIZE 0
 
 #define PASS 0
 #define FAIL 1
 static int debug_mode = 0;
+static int failed_already = 0;
 
 static int _iterations = 1000;
 static int _clients = 1;
 static int _client_data = 250;
 static int _server_data = (8*1024);
 
 static PRThreadScope ServerScope, ClientScope;
 
@@ -85,16 +86,17 @@ static void Test_Result (int result)
 {
 	switch (result)
 	{
 		case PASS:
 			printf ("PASS\n");
 			break;
 		case FAIL:
 			printf ("FAIL\n");
+			failed_already = 1;
 			break;
 		default:
 			break;
 	}
 }
 
 static void do_work(void);
 
@@ -241,39 +243,50 @@ WorkerThreadFunc(void *_listenSock)
         PR_AtomicDecrement(&workerThreadsBusy);
     }
 }
 
 PRFileDesc *
 ServerSetup(void)
 {
     PRFileDesc *listenSocket;
+    PRSocketOptionData sockOpt;
     PRNetAddr serverAddr;
     PRThread *WorkerThread;
 
-    if ( (listenSocket = PR_NewTCPSocket()) == NULL) {
+    if ((listenSocket = PR_NewTCPSocket()) == NULL) {
         if (debug_mode) printf("\tServer error creating listen socket\n");
 		else Test_Result(FAIL);
         return NULL;
     }
 
+    sockOpt.option = PR_SockOpt_Reuseaddr;
+    sockOpt.value.reuse_addr = PR_TRUE;
+    if (PR_SetSocketOption(listenSocket, &sockOpt) != PR_SUCCESS) {
+        if (debug_mode) printf("\tServer error setting socket option: OS error %d\n",
+                PR_GetOSError());
+        else Test_Result(FAIL);
+        PR_Close(listenSocket);
+        return NULL;
+    }
+
     memset(&serverAddr, 0, sizeof(PRNetAddr));
     serverAddr.inet.family = PR_AF_INET;
     serverAddr.inet.port = PR_htons(PORT);
     serverAddr.inet.ip = PR_htonl(PR_INADDR_ANY);
 
-    if ( PR_Bind(listenSocket, &serverAddr) == PR_FAILURE) {
+    if (PR_Bind(listenSocket, &serverAddr) != PR_SUCCESS) {
         if (debug_mode) printf("\tServer error binding to server address: OS error %d\n",
                 PR_GetOSError());
 		else Test_Result(FAIL);
         PR_Close(listenSocket);
         return NULL;
     }
 
-    if ( PR_Listen(listenSocket, 128) == PR_FAILURE) {
+    if (PR_Listen(listenSocket, 128) != PR_SUCCESS) {
         if (debug_mode) printf("\tServer error listening to server socket\n");
 		else Test_Result(FAIL);
         PR_Close(listenSocket);
 
         return NULL;
     }
 
     /* Create Clients */
@@ -543,17 +556,17 @@ int main(int argc, char **argv)
 {
 	/* The command line argument: -d is used to determine if the test is being run
 	in debug mode. The regress tool requires only one line output:PASS or FAIL.
 	All of the printfs associated with this test has been handled with a if (debug_mode)
 	test.
 	Usage: test_name -d
 	*/
 	PLOptStatus os;
-	PLOptState *opt = PL_CreateOptState(argc, argv, "d:");
+	PLOptState *opt = PL_CreateOptState(argc, argv, "d");
 	while (PL_OPT_EOL != (os = PL_GetNextOpt(opt)))
     {
 		if (PL_OPT_BAD == os) continue;
         switch (opt->option)
         {
         case 'd':  /* debug mode */
 			debug_mode = 1;
             break;
@@ -601,10 +614,10 @@ int main(int argc, char **argv)
  #if 0 
     Measure(do_workUK, "server loop user/kernel");
     Measure(do_workKU, "server loop kernel/user");
     Measure(do_workKK, "server loop kernel/kernel");
  #endif 
 
     PR_Cleanup();
 
-    return 0;
+    return failed_already;
 }
--- a/nsprpub/pr/tests/vercheck.c
+++ b/nsprpub/pr/tests/vercheck.c
@@ -17,51 +17,51 @@
 #include "prinit.h"
 
 #include <stdio.h>
 #include <stdlib.h>
 
 /*
  * This release (4.10.10) is backward compatible with the
  * 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 4.5.x, 4.6.x, 4.7.x,
- * 4.8.x, 4.9.x, and 4.10.x releases.
+ * 4.8.x, 4.9.x, 4.10.x and 4.11.X releases.
  * It, of course, is compatible with itself.
  */
 static char *compatible_version[] = {
     "4.0", "4.0.1", "4.1", "4.1.1", "4.1.2", "4.1.3",
     "4.2", "4.2.1", "4.2.2", "4.3", "4.4", "4.4.1",
     "4.5", "4.5.1",
     "4.6", "4.6.1", "4.6.2", "4.6.3", "4.6.4", "4.6.5",
     "4.6.6", "4.6.7", "4.6.8",
     "4.7", "4.7.1", "4.7.2", "4.7.3", "4.7.4", "4.7.5",
     "4.7.6",
     "4.8", "4.8.1", "4.8.2", "4.8.3", "4.8.4", "4.8.5",
     "4.8.6", "4.8.7", "4.8.8", "4.8.9",
     "4.9", "4.9.1", "4.9.2", "4.9.3", "4.9.4", "4.9.5",
     "4.9.6",
     "4.10", "4.10.1", "4.10.2", "4.10.3", "4.10.4",
     "4.10.5", "4.10.6", "4.10.7", "4.10.8", "4.10.9",
-    "4.10.10",
+    "4.10.10", "4.11",
     PR_VERSION
 };
 
 /*
  * This release is not backward compatible with the old
  * NSPR 2.1 and 3.x releases.
  *
  * Any release is incompatible with future releases and
  * patches.
  */
 static char *incompatible_version[] = {
     "2.1 19980529",
     "3.0", "3.0.1",
     "3.1", "3.1.1", "3.1.2", "3.1.3",
     "3.5", "3.5.1",
     "4.11.1",
-    "4.12", "4.12.1",
+    "4.12.1",
     "10.0", "11.1", "12.14.20"
 };
 
 int main(int argc, char **argv)
 {
     int idx;
     int num_compatible = sizeof(compatible_version) / sizeof(char *);
     int num_incompatible = sizeof(incompatible_version) / sizeof(char *);
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_22_RTM
+NSS_3_23_BETA2
--- a/security/nss/cmd/httpserv/httpserv.c
+++ b/security/nss/cmd/httpserv/httpserv.c
@@ -1263,21 +1263,21 @@ main(int argc, char **argv)
 	FILE *tmpfile=fopen(pidFile,"w+");
 
 	if (tmpfile) {
 	    fprintf(tmpfile,"%d",getpid());
 	    fclose(tmpfile);
 	}
     }
 
-    tmp = getenv("TMP");
+    tmp = PR_GetEnvSecure("TMP");
     if (!tmp)
-	tmp = getenv("TMPDIR");
+	tmp = PR_GetEnvSecure("TMPDIR");
     if (!tmp)
-	tmp = getenv("TEMP");
+	tmp = PR_GetEnvSecure("TEMP");
     /* we're an ordinary single process server. */
     listen_sock = getBoundListenSocket(port);
     prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE);
     if (prStatus != PR_SUCCESS)
         errExit("PR_SetFDInheritable");
 
     lm = PR_NewLogModule("TestCase");
 
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -411,17 +411,17 @@ struct matchobj {
 };
 
 char *
 SECU_DefaultSSLDir(void)
 {
     char *dir;
     static char sslDir[1000];
 
-    dir = PR_GetEnv("SSL_DIR");
+    dir = PR_GetEnvSecure("SSL_DIR");
     if (!dir)
 	return NULL;
 
     if (strlen(dir) >= PR_ARRAY_SIZE(sslDir)) {
 	return NULL;
     }
     sprintf(sslDir, "%s", dir);
 
@@ -450,17 +450,17 @@ SECU_ConfigDirectory(const char* base)
     const char *dir = ".netscape";
     char *home;
     static char buf[1000];
 
     if (initted) return buf;
     
 
     if (base == NULL || *base == 0) {
-	home = PR_GetEnv("HOME");
+	home = PR_GetEnvSecure("HOME");
 	if (!home) home = "";
 
 	if (*home && home[strlen(home) - 1] == '/')
 	    sprintf (buf, "%.900s%s", home, dir);
 	else
 	    sprintf (buf, "%.900s/%s", home, dir);
     } else {
 	sprintf(buf, "%.900s", base);
--- a/security/nss/cmd/lib/secutil.h
+++ b/security/nss/cmd/lib/secutil.h
@@ -111,17 +111,17 @@ extern SECStatus SEC_WriteDongleFile(int
 extern char *SEC_ReadDongleFile(int fd);
 
 
 /* End stolen headers */
 
 /* Just sticks the two strings together with a / if needed */
 char *SECU_AppendFilenameToDir(char *dir, char *filename);
 
-/* Returns result of getenv("SSL_DIR") or NULL */
+/* Returns result of PR_GetEnvSecure("SSL_DIR") or NULL */
 extern char *SECU_DefaultSSLDir(void);
 
 /*
 ** Should be called once during initialization to set the default 
 **    directory for looking for cert.db, key.db, and cert-nameidx.db files
 ** Removes trailing '/' in 'base' 
 ** If 'base' is NULL, defaults to set to .netscape in home directory.
 */
--- a/security/nss/cmd/libpkix/pkix/top/test_validatechain_NB.c
+++ b/security/nss/cmd/libpkix/pkix/top/test_validatechain_NB.c
@@ -244,17 +244,17 @@ int test_validatechain_NB(int argc, char
                 NULL,
                 PKIX_FALSE,
                 PKIX_FALSE,
                 PKIX_FALSE,
                 PKIX_FALSE,
                 chainCerts,
                 plContext);
 
-        ldapName = PR_GetEnv("LDAP");
+        ldapName = PR_GetEnvSecure("LDAP");
         /* Is LDAP set in the environment? */
         if ((ldapName == NULL) || (*ldapName == '\0')) {
                 testError("LDAP not set in environment");
                 goto cleanup;
         }
 
         pkixTestErrorResult = pkix_pl_Socket_CreateByName
                 (PKIX_FALSE,       /* isServer */
@@ -271,17 +271,17 @@ int test_validatechain_NB(int argc, char
                 testError("Unable to connect to LDAP Server");
                 goto cleanup;
         }
 
         PKIX_TEST_DECREF_BC(socket);
 
         testSetupCertStore(valParams, ldapName);
 
-        logging = PR_GetEnv("LOGGING");
+        logging = PR_GetEnvSecure("LOGGING");
         /* Is LOGGING set in the environment? */
         if ((logging != NULL) && (*logging != '\0')) {
 
                 PKIX_TEST_EXPECT_NO_ERROR
                         (PKIX_List_Create(&loggers, plContext));
 
 		testLogErrors
 			(PKIX_VALIDATE_ERROR, 2, loggers, plContext);
--- a/security/nss/cmd/modutil/installparse.c
+++ b/security/nss/cmd/modutil/installparse.c
@@ -196,19 +196,19 @@ Pk11Install_yyerror(char *message)
 #define YYACCEPT goto yyaccept
 #define YYERROR goto yyerrlab
 int
 yyparse()
 {
     register int yym, yyn, yystate;
 #if YYDEBUG
     register char *yys;
-    extern char *getenv();
+    extern char *PR_GetEnvSecure();
 
-    if ((yys = getenv("YYDEBUG")) != NULL)
+    if ((yys = PR_GetEnvSecure("YYDEBUG")) != NULL)
     {
         yyn = *yys;
         if (yyn >= '0' && yyn <= '9')
             yydebug = yyn - '0';
     }
 #endif
 
     yynerrs = 0;
--- a/security/nss/cmd/pk11mode/pk11mode.c
+++ b/security/nss/cmd/pk11mode/pk11mode.c
@@ -749,17 +749,17 @@ cleanup:
     }
     if (moduleSpec) {
         PR_smprintf_free(moduleSpec);
     }
 
 #ifdef _WIN32
     FreeLibrary(hModule);
 #else
-    disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
     if (!disableUnload) {
         PR_UnloadLibrary(lib);
     }
 #endif
     if (CKR_OK == crv && doForkTests && !disableUnload) {
         /* try to fork with softoken both de-initialized and unloaded */
         crv = PKM_ForkCheck(123, NULL, PR_TRUE, NULL);
     }
--- a/security/nss/cmd/pk11util/pk11util.c
+++ b/security/nss/cmd/pk11util/pk11util.c
@@ -1399,17 +1399,17 @@ putOutput(Value **ptr)
     }
 }
 	   
 CK_RV
 unloadModule(Module *module)
 {
     char *disableUnload = NULL;
 
-    disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
 
     if (module->library && !disableUnload) {
 	PR_UnloadLibrary(module->library);
     }
 
     module->library = NULL;
     module->functionList = NULL;
 
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -2454,22 +2454,22 @@ main(int argc, char **argv)
     if (testBulk) {
         testBulkBuf = PORT_Malloc(testBulkSize);
         if (testBulkBuf == NULL)
             errExit("Out of memory: testBulkBuf");
         for (i = 0; i < testBulkSize; i++)
             testBulkBuf[i] = i;
     }
 
-    envString = getenv(envVarName);
-    tmp = getenv("TMP");
+    envString = PR_GetEnvSecure(envVarName);
+    tmp = PR_GetEnvSecure("TMP");
     if (!tmp)
-	tmp = getenv("TMPDIR");
+	tmp = PR_GetEnvSecure("TMPDIR");
     if (!tmp)
-	tmp = getenv("TEMP");
+	tmp = PR_GetEnvSecure("TEMP");
     if (envString) {
 	/* we're one of the children in a multi-process server. */
 	listen_sock = PR_GetInheritedFD(inheritableSockName);
 	if (!listen_sock)
 	    errExit("PR_GetInheritedFD");
 #ifndef WINNT
 	/* we can't do this on NT because it breaks NSPR and
 	PR_Accept will fail on the socket in the child process if
--- a/security/nss/cmd/shlibsign/shlibsign.c
+++ b/security/nss/cmd/shlibsign/shlibsign.c
@@ -1283,17 +1283,17 @@ cleanup:
         PL_strfree(output_file); 
     }
 #ifdef USES_LINKS
     if (link_file) { /* allocated by mkoutput function */
         PL_strfree(link_file); 
     }
 #endif
 
-    disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
     if (!disableUnload) {
         PR_UnloadLibrary(lib);
     }
     PR_Cleanup();
 
     if (crv != CKR_OK)
 	return crv;
     
--- a/security/nss/cmd/signtool/javascript.c
+++ b/security/nss/cmd/signtool/javascript.c
@@ -59,17 +59,17 @@ static int	num_handlers = 23;
 int
 InlineJavaScript(char *dir, PRBool recurse)
 {
     jartree = dir;
     if (verbosity >= 0) {
 	PR_fprintf(outputFD, "\nGenerating inline signatures from HTML files in: %s\n",
 	     dir);
     }
-    if (PR_GetEnv("SIGNTOOL_DUMP_PARSE")) {
+    if (PR_GetEnvSecure("SIGNTOOL_DUMP_PARSE")) {
 	dumpParse = PR_TRUE;
     }
 
     return foreach(dir, "", javascript_fn, recurse, PR_FALSE /*include dirs*/,
          		(void * )NULL);
 
 }
 
--- a/security/nss/cmd/signtool/util.c
+++ b/security/nss/cmd/signtool/util.c
@@ -1,15 +1,16 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "signtool.h"
 #include "prio.h"
 #include "prmem.h"
+#include "prenv.h"
 #include "nss.h"
 
 static int	is_dir (char *filename);
 
 /***********************************************************
  * Nasty hackish function definitions
  */
 
@@ -976,30 +977,30 @@ InitCrypto(char *cert_dir, PRBool readOn
 char	*get_default_cert_dir (void)
 {
     char	*home;
 
     char	*cd = NULL;
     static char	db [FNSIZE];
 
 #ifdef XP_UNIX
-    home = getenv ("HOME");
+    home = PR_GetEnvSecure ("HOME");
 
     if (home && *home) {
 	sprintf (db, "%s/.netscape", home);
 	cd = db;
     }
 #endif
 
 #ifdef XP_PC
     FILE * fp;
 
     /* first check the environment override */
 
-    home = getenv ("JAR_HOME");
+    home = PR_GetEnvSecure ("JAR_HOME");
 
     if (home && *home) {
 	sprintf (db, "%s/cert7.db", home);
 
 	if ((fp = fopen (db, "r")) != NULL) {
 	    fclose (fp);
 	    cd = home;
 	}
--- a/security/nss/cmd/smimetools/cmsutil.c
+++ b/security/nss/cmd/smimetools/cmsutil.c
@@ -1064,19 +1064,19 @@ main(int argc, char **argv)
     char *envFileName;
     SECItem input = { 0, 0, 0};
     SECItem envmsg = { 0, 0, 0 };
     SECStatus rv;
     PRFileDesc *contentFile = NULL;
     PRBool      batch = PR_FALSE;
 
 #ifdef NISCC_TEST
-    const char *ev = PR_GetEnv("NSS_DISABLE_ARENA_FREE_LIST");
+    const char *ev = PR_GetEnvSecure("NSS_DISABLE_ARENA_FREE_LIST");
     PORT_Assert(ev); 
-    ev = PR_GetEnv("NSS_STRICT_SHUTDOWN");
+    ev = PR_GetEnvSecure("NSS_STRICT_SHUTDOWN");
     PORT_Assert(ev); 
 #endif 
 
     progName = strrchr(argv[0], '/');
     if (!progName)
        progName = strrchr(argv[0], '\\');
     progName = progName ? progName+1 : argv[0];
 
--- a/security/nss/cmd/strsclnt/strsclnt.c
+++ b/security/nss/cmd/strsclnt/strsclnt.c
@@ -1443,17 +1443,17 @@ main(int argc, char **argv)
     if (port == 0)
 	Usage(progName);
 
     if (fileName)
     	readBigFile(fileName);
 
     PK11_SetPasswordFunc(SECU_GetModulePassword);
 
-    tmp = PR_GetEnv("NSS_DEBUG_TIMEOUT");
+    tmp = PR_GetEnvSecure("NSS_DEBUG_TIMEOUT");
     if (tmp && tmp[0]) {
         int sec = PORT_Atoi(tmp);
 	if (sec > 0) {
 	    maxInterval = PR_SecondsToInterval(sec);
     	}
     }
 
     /* Call the NSS initialization routines */
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -963,17 +963,17 @@ int main(int argc, char **argv)
     serverCertAuth.allowOCSPSideChannelData = PR_TRUE;
     serverCertAuth.allowCRLSideChannelData = PR_TRUE;
 
     progName = strrchr(argv[0], '/');
     if (!progName)
 	progName = strrchr(argv[0], '\\');
     progName = progName ? progName+1 : argv[0];
 
-    tmp = PR_GetEnv("NSS_DEBUG_TIMEOUT");
+    tmp = PR_GetEnvSecure("NSS_DEBUG_TIMEOUT");
     if (tmp && tmp[0]) {
        int sec = PORT_Atoi(tmp);
        if (sec > 0) {
            maxInterval = PR_SecondsToInterval(sec);
        }
     }
 
     SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/external_tests/google_test/gtest/test/gtest_unittest.cc
+++ b/security/nss/external_tests/google_test/gtest/test/gtest_unittest.cc
@@ -416,19 +416,19 @@ class FormatEpochTimeInMillisAsIso8601Te
   // 32 bits, even when 64-bit integer types are available.  We have to
   // force the constants to have a 64-bit type here.
   static const TimeInMillis kMillisPerSec = 1000;
 
  private:
   virtual void SetUp() {
     saved_tz_ = NULL;
 
-    GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996 /* getenv, strdup: deprecated */)
-    if (getenv("TZ"))
-      saved_tz_ = strdup(getenv("TZ"));
+    GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996 /* PR_GetEnvSecure, strdup: deprecated */)
+    if (PR_GetEnvSecure("TZ"))
+      saved_tz_ = strdup(PR_GetEnvSecure("TZ"));
     GTEST_DISABLE_MSC_WARNINGS_POP_()
 
     // Set up the time zone for FormatEpochTimeInMillisAsIso8601 to use.  We
     // cannot use the local time zone because the function's output depends
     // on the time zone.
     SetTimeZone("UTC+00");
   }
 
--- a/security/nss/external_tests/ssl_gtest/ssl_gtest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_gtest.cc
@@ -1,9 +1,10 @@
 #include "nspr.h"
+#include "prenv.h"
 #include "nss.h"
 #include "ssl.h"
 
 #include <cstdlib>
 
 #include "test_io.h"
 
 #define GTEST_HAS_RTTI 0
@@ -11,17 +12,17 @@
 
 std::string g_working_dir_path;
 
 int main(int argc, char **argv) {
   // Start the tests
   ::testing::InitGoogleTest(&argc, argv);
   g_working_dir_path = ".";
 
-  char* workdir = getenv("NSS_GTEST_WORKDIR");
+  char* workdir = PR_GetEnvSecure("NSS_GTEST_WORKDIR");
   if (workdir)
     g_working_dir_path = workdir;
 
   for (int i = 0; i < argc; i++) {
     if (!strcmp(argv[i], "-d")) {
       g_working_dir_path = argv[i + 1];
       ++i;
     }
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -1339,17 +1339,17 @@ CERT_AddOKDomainName(CERTCertificate *ce
 ** This function may modify string cn, so caller must pass a modifiable copy.
 */
 static SECStatus
 cert_TestHostName(char *cn, const char *hn)
 {
     static int useShellExp = -1;
 
     if (useShellExp < 0) {
-        useShellExp = (NULL != PR_GetEnv("NSS_USE_SHEXP_IN_CERT_NAME"));
+        useShellExp = (NULL != PR_GetEnvSecure("NSS_USE_SHEXP_IN_CERT_NAME"));
     }
     if (useShellExp) {
         /* Backward compatible code, uses Shell Expressions (SHEXP). */
         int regvalid = PORT_RegExpValid(cn);
         if (regvalid != NON_SXP) {
             SECStatus rv;
             /* cn is a regular expression, try to match the shexp */
             int match = PORT_RegExpCaseSearch(hn, cn);
--- a/security/nss/lib/certhigh/certvfypkix.c
+++ b/security/nss/lib/certhigh/certvfypkix.c
@@ -1132,17 +1132,17 @@ cert_VerifyCertChainPkix(
          * Setting the variable to false, to make additional chain
          * validations be handled by old nss. */
         usePKIXValidationEngine = PR_FALSE;
     }
     testStartFnStackPosition = 2;
     fnStackNameArr[0] = "cert_VerifyCertChainPkix";
     fnStackInvCountArr[0] = 0;
     PKIX_Boolean abortOnLeak =
-        (PR_GetEnv("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
+        (PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
                                                                    PKIX_FALSE
                                                                    : PKIX_TRUE;
     runningLeakTest = PKIX_TRUE;
 
     /* Prevent multi-threaded run of object leak test */
     fnInvLocalCount = PR_ATOMIC_INCREMENT(&parallelFnInvocationCount);
     PORT_Assert(fnInvLocalCount == 1);
 
@@ -2014,17 +2014,17 @@ CERT_PKIXVerifyCert(
          * Setting the variable to false, to make additional chain
          * validations be handled by old nss. */
         usePKIXValidationEngine = PR_FALSE;
     }
     testStartFnStackPosition = 1;
     fnStackNameArr[0] = "CERT_PKIXVerifyCert";
     fnStackInvCountArr[0] = 0;
     PKIX_Boolean abortOnLeak =
-        (PR_GetEnv("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
+        (PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
                                                                    PKIX_FALSE
                                                                    : PKIX_TRUE;
     runningLeakTest = PKIX_TRUE;
 
     /* Prevent multi-threaded run of object leak test */
     fnInvLocalCount = PR_ATOMIC_INCREMENT(&parallelFnInvocationCount);
     PORT_Assert(fnInvLocalCount == 1);
 
--- a/security/nss/lib/certhigh/ocsp.c
+++ b/security/nss/lib/certhigh/ocsp.c
@@ -154,17 +154,17 @@ cert_DupOCSPCertID(const CERTOCSPCertID 
 static PRBool
 wantOcspTrace(void)
 {
     static PRBool firstTime = PR_TRUE;
     static PRBool wantTrace = PR_FALSE;
 
 #ifdef NSS_HAVE_GETENV
     if (firstTime) {
-        char *ev = getenv("NSS_TRACE_OCSP");
+        char *ev = PR_GetEnvSecure("NSS_TRACE_OCSP");
         if (ev && ev[0]) {
             wantTrace = PR_TRUE;
         }
         firstTime = PR_FALSE;
     }
 #endif
     return wantTrace;
 }
--- a/security/nss/lib/freebl/Makefile
+++ b/security/nss/lib/freebl/Makefile
@@ -161,16 +161,19 @@ else
     DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
     DEFINES += -DNSS_USE_COMBA
     # The Intel AES assembly code requires Visual C++ 2010 (10.0). The _xgetbv
     # compiler intrinsic function requires Visual C++ 2010 (10.0) SP1.
     ifeq ($(_MSC_VER_GE_10SP1),1)
 	DEFINES += -DUSE_HW_AES -DINTEL_GCM
 	ASFILES += intel-aes-x64-masm.asm intel-gcm-x64-masm.asm
 	EXTRA_SRCS += intel-gcm-wrap.c
+	ifeq ($(CLANG_CL),1)
+	    INTEL_GCM_CLANG_CL = 1
+	endif
     endif
     MPI_SRCS += mpi_amd64.c
 endif
 endif
 endif
 
 ifeq ($(OS_TARGET),IRIX)
 ifeq ($(USE_N32),1)
--- a/security/nss/lib/freebl/loader.c
+++ b/security/nss/lib/freebl/loader.c
@@ -899,17 +899,17 @@ BL_Unload(void)
    * namely C_Finalize in softoken, and the SSL bypass shutdown callback called
    * from NSS_Shutdown. */
   char *disableUnload = NULL;
   vector = NULL;
   /* If an SSL socket is configured with SSL_BYPASS_PKCS11, but the application
    * never does a handshake on it, BL_Unload will be called even though freebl
    * was never loaded. So, don't assert blLib. */
   if (blLib) {
-      disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+      disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
       if (!disableUnload) {
 #ifdef DEBUG
           PRStatus status = PR_UnloadLibrary(blLib);
           PORT_Assert(PR_SUCCESS == status);
 #else
           PR_UnloadLibrary(blLib);
 #endif
       }
--- a/security/nss/lib/freebl/mpi/utils/isprime.c
+++ b/security/nss/lib/freebl/mpi/utils/isprime.c
@@ -33,17 +33,17 @@ int main(int argc, char *argv[])
 	    "Use '0x' prefix for a hexadecimal value\n", g_prog);
     return 1;
   }
 
   /* Read number of tests from environment, if present */
   {
     char *tmp;
 
-    if((tmp = getenv("RM_TESTS")) != NULL) {
+    if((tmp = PR_GetEnvSecure("RM_TESTS")) != NULL) {
       if((g_tests = atoi(tmp)) <= 0)
 	g_tests = RM_TESTS;
     }
   }
 
   mp_init(&a);
   if(argv[1][0] == '0' && argv[1][1] == 'x')
     mp_read_radix(&a, argv[1] + 2, 16);
--- a/security/nss/lib/freebl/mpi/utils/metime.c
+++ b/security/nss/lib/freebl/mpi/utils/metime.c
@@ -22,18 +22,18 @@ int main(int argc, char *argv[])
 {
   int          ix, num, prec = 8;
   unsigned int seed;
   clock_t      start, stop;
   double       sec;
 
   mp_int     a, m, c;
 
-  if(getenv("SEED") != NULL)
-    seed = abs(atoi(getenv("SEED")));
+  if(PR_GetEnvSecure("SEED") != NULL)
+    seed = abs(atoi(PR_GetEnvSecure("SEED")));
   else 
     seed = (unsigned int)time(NULL);
 
   if(argc < 2) {
     fprintf(stderr, "Usage: %s <num-tests> [<nbits>]\n", argv[0]);
     return 1;
   }
 
--- a/security/nss/lib/freebl/mpi/utils/primegen.c
+++ b/security/nss/lib/freebl/mpi/utils/primegen.c
@@ -41,17 +41,17 @@ int main(int argc, char *argv[])
   int		rawlen, bits, outlen, ngen, ix, jx;
   int           g_strong = 0;
   mp_int	testval;
   mp_err	res;
   clock_t	start, end;
 
   /* We'll just use the C library's rand() for now, although this
      won't be good enough for cryptographic purposes */
-  if((out = getenv("SEED")) == NULL) {
+  if((out = PR_GetEnvSecure("SEED")) == NULL) {
     srand((unsigned int)time(NULL));
   } else {
     srand((unsigned int)atoi(out));
   }
 
   if(argc < 2) {
     fprintf(stderr, "Usage: %s <bits> [<count> [strong]]\n", argv[0]);
     return 1;
--- a/security/nss/lib/freebl/rijndael.c
+++ b/security/nss/lib/freebl/rijndael.c
@@ -2,16 +2,17 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifdef FREEBL_NO_DEPEND
 #include "stubs.h"
 #endif
 
 #include "prinit.h"
+#include "prenv.h"
 #include "prerr.h"
 #include "secerr.h"
 
 #include "prtypes.h"
 #include "blapi.h"
 #include "rijndael.h"
 
 #include "cts.h"
@@ -1036,17 +1037,17 @@ aes_InitContext(AESContext *cx, const un
     }
     if (!cx) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
     	return SECFailure;
     }
 #ifdef USE_HW_AES
     if (has_intel_aes == 0) {
 	unsigned long eax, ebx, ecx, edx;
-	char *disable_hw_aes = getenv("NSS_DISABLE_HW_AES");
+	char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES");
 
 	if (disable_hw_aes == NULL) {
 	    freebl_cpuid(1, &eax, &ebx, &ecx, &edx);
 	    has_intel_aes = (ecx & (1 << 25)) != 0 ? 1 : -1;
 #ifdef INTEL_GCM
 	    has_intel_clmul = (ecx & (1 << 1)) != 0 ? 1 : -1;
 	    if ((ecx & (1 << 27)) != 0 && (ecx & (1 << 28)) != 0 &&
 		check_xcr0_ymm()) {
--- a/security/nss/lib/freebl/stubs.c
+++ b/security/nss/lib/freebl/stubs.c
@@ -133,16 +133,17 @@ STUB_DECLARE(PRFileDesc *,PR_Open,(const
 			 PRIntn mode));
 STUB_DECLARE(PRInt32,PR_Read,(PRFileDesc *fd, void *buf, PRInt32 amount));
 STUB_DECLARE(PROffset32,PR_Seek,(PRFileDesc *fd, PROffset32 offset, 
 			PRSeekWhence whence));
 STUB_DECLARE(PRStatus,PR_Sleep,(PRIntervalTime ticks));
 STUB_DECLARE(PRStatus,PR_Unlock,(PRLock *lock));
 STUB_DECLARE(PRStatus,PR_WaitCondVar,(PRCondVar *cvar,
 			PRIntervalTime timeout));
+STUB_DECLARE(char*,PR_GetEnvSecure,(const char *));
 
 
 STUB_DECLARE(SECItem *,SECITEM_AllocItem_Util,(PLArenaPool *arena,
 			SECItem *item,unsigned int len));
 STUB_DECLARE(SECComparison,SECITEM_CompareItem_Util,(const SECItem *a,
 			const SECItem *b));
 STUB_DECLARE(SECStatus,SECITEM_CopyItem_Util,(PLArenaPool *arena,
 			SECItem *to,const SECItem *from));
@@ -460,16 +461,23 @@ PR_NotifyAllCondVar_stub(PRCondVar *cvar
 extern PRStatus
 PR_WaitCondVar_stub(PRCondVar *cvar, PRIntervalTime timeout)
 {
     STUB_SAFE_CALL2(PR_WaitCondVar, cvar, timeout);
     abort();
     return PR_FAILURE;
 }
 
+extern char*
+PR_GetEnvSecure_stub(const char *var)
+{
+    STUB_SAFE_CALL1(PR_GetEnvSecure, var);
+    abort();
+    return NULL;
+}
 
 
 extern void
 PR_DestroyCondVar_stub(PRCondVar *cvar)
 {
     STUB_SAFE_CALL1(PR_DestroyCondVar, cvar);
     abort();
     return;
@@ -565,16 +573,17 @@ freebl_InitNSPR(void *lib)
     STUB_FETCH_FUNCTION(PR_NotifyCondVar);
     STUB_FETCH_FUNCTION(PR_NotifyAllCondVar);
     STUB_FETCH_FUNCTION(PR_WaitCondVar);
     STUB_FETCH_FUNCTION(PR_DestroyCondVar);
     STUB_FETCH_FUNCTION(PR_NewLock);
     STUB_FETCH_FUNCTION(PR_Unlock);
     STUB_FETCH_FUNCTION(PR_Lock);
     STUB_FETCH_FUNCTION(PR_DestroyLock);
+    STUB_FETCH_FUNCTION(PR_GetEnvSecure);
     return SECSuccess;
 }
 
 static SECStatus
 freebl_InitNSSUtil(void *lib)
 {
     STUB_FETCH_FUNCTION(PORT_Alloc_Util);
     STUB_FETCH_FUNCTION(PORT_Free_Util);
--- a/security/nss/lib/freebl/stubs.h
+++ b/security/nss/lib/freebl/stubs.h
@@ -53,12 +53,13 @@
 #define PR_NotifyCondVar PR_NotifyCondVar_stub
 #define PR_NotifyAllCondVar PR_NotifyAllCondVar_stub
 #define PR_Open  PR_Open_stub
 #define PR_Read  PR_Read_stub
 #define PR_Seek  PR_Seek_stub
 #define PR_Sleep  PR_Sleep_stub
 #define PR_Unlock  PR_Unlock_stub
 #define PR_WaitCondVar PR_WaitCondVar_stub
+#define PR_GetEnvSecure PR_GetEnvSecure_stub
 
 extern int  FREEBL_InitStubs(void);
 
 #endif
--- a/security/nss/lib/freebl/unix_rand.c
+++ b/security/nss/lib/freebl/unix_rand.c
@@ -12,16 +12,17 @@
 #include <sys/time.h>
 #include <sys/wait.h>
 #include <sys/stat.h>
 #include "secrng.h"
 #include "secerr.h"
 #include "prerror.h"
 #include "prthread.h"
 #include "prprf.h"
+#include "prenv.h"
 
 size_t RNG_FileUpdate(const char *fileName, size_t limit);
 
 /*
  * When copying data to the buffer we want the least signicant bytes
  * from the input since those bits are changing the fastest. The address
  * of least significant byte depends upon whether we are running on
  * a big-endian or little-endian machine.
@@ -883,19 +884,19 @@ void RNG_SystemInfoForRNG(void)
 	RNG_RandomUpdate(buf, strlen(buf));
     }
     GiveSystemInfo();
 
     /* grab some data from system's PRNG before any other files. */
     bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT);
 
     /* If the user points us to a random file, pass it through the rng */
-    randfile = getenv("NSRANDFILE");
+    randfile = PR_GetEnvSecure("NSRANDFILE");
     if ( ( randfile != NULL ) && ( randfile[0] != '\0') ) {
-	char *randCountString = getenv("NSRANDCOUNT");
+	char *randCountString = PR_GetEnvSecure("NSRANDCOUNT");
 	int randCount = randCountString ? atoi(randCountString) : 0;
 	if (randCount != 0) {
 	    RNG_FileUpdate(randfile, randCount);
 	} else {
 	    RNG_FileForRNG(randfile);
 	}
     }
 
@@ -1070,17 +1071,17 @@ int ReadOneFile(int fileToRead)
 #else
     struct dirent entry, firstEntry;
 #define entry_dir entry
 #endif
 
     int i, error = -1;
 
     if (fd == NULL) {
-	dir = getenv("HOME");
+	dir = PR_GetEnvSecure("HOME");
 	if (dir) {
 	    fd = opendir(dir);
 	}
     }
     if (fd == NULL) {
 	return 1;
     }
 
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
@@ -760,17 +760,17 @@ pkix_pl_Socket_RegisterSelf(void *plCont
         entry.comparator = NULL;
         entry.duplicateFunction = NULL;
 
         systemClasses[PKIX_SOCKET_TYPE] = entry;
 
 #ifdef PKIX_SOCKETTRACE
         {
                 char *val = NULL;
-                val = PR_GetEnv("SOCKETTRACE");
+                val = PR_GetEnvSecure("SOCKETTRACE");
                 /* Is SOCKETTRACE set in the environment? */
                 if ((val != NULL) && (*val != '\0')) {
                         socketTraceFlag =
                                 ((*val == '1')?PKIX_TRUE:PKIX_FALSE);
                 }
         }
 #endif
 
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
@@ -130,17 +130,17 @@ PKIX_PL_Initialize(
             PKIX_RETURN(OBJECT);
         }
 
         classTableLock = PR_NewLock();
         if (classTableLock == NULL) {
             return PKIX_ALLOC_ERROR();
         }
 
-        if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) {
+        if (PR_GetEnvSecure("NSS_STRICT_SHUTDOWN")) {
             pkixLog = PR_NewLogModule("pkix");
         }
         /*
          * Register Object, it is the base object of all other objects.
          */
         pkix_pl_Object_RegisterSelf(plContext);
 
         /*
@@ -257,17 +257,17 @@ PKIX_PL_Shutdown(void *plContext)
         }
 
         PR_DestroyLock(classTableLock);
 
         pkix_pl_HttpCertStore_Shutdown(plContext);
 
 #ifdef DEBUG
         numLeakedObjects = pkix_pl_lifecycle_ObjectLeakCheck(NULL);
-        if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) {
+        if (PR_GetEnvSecure("NSS_STRICT_SHUTDOWN")) {
            PORT_Assert(numLeakedObjects == 0);
         }
 #else
         pkix_pl_lifecycle_ObjectLeakCheck(NULL);
 #endif
 
         if (plContext != NULL) {
                 PKIX_PL_NssContext_Destroy(plContext);
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -28,22 +28,22 @@
 
 /*
  * NSS's major version, minor version, patch level, build number, and whether
  * this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION  "3.22" _NSS_ECC_STRING _NSS_CUSTOMIZED
+#define NSS_VERSION  "3.23" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
 #define NSS_VMAJOR   3
-#define NSS_VMINOR   22
+#define NSS_VMINOR   23
 #define NSS_VPATCH   0
 #define NSS_VBUILD   0
-#define NSS_BETA     PR_FALSE
+#define NSS_BETA     PR_TRUE
 
 #ifndef RC_INVOKED
 
 #include "seccomon.h"
 
 typedef struct NSSInitParametersStr NSSInitParameters;
 
 /*
--- a/security/nss/lib/nss/nssinit.c
+++ b/security/nss/lib/nss/nssinit.c
@@ -686,17 +686,17 @@ nss_Init(const char *configdir, const ch
 
 	pkixError = PKIX_Initialize
 	    (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
 	    PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
 
 	if (pkixError != NULL) {
 	    goto loser;
 	} else {
-            char *ev = getenv("NSS_ENABLE_PKIX_VERIFY");
+            char *ev = PR_GetEnvSecure("NSS_ENABLE_PKIX_VERIFY");
             if (ev && ev[0]) {
                 CERT_SetUsePKIXForValidation(PR_TRUE);
             }
         }
 
 
     }
 
--- a/security/nss/lib/pk11wrap/debug_module.c
+++ b/security/nss/lib/pk11wrap/debug_module.c
@@ -2680,17 +2680,17 @@ static void print_final_statistics(void)
     int total_calls = 0;
     PRIntervalTime total_time = 0;
     PRUint32 pr_total_time;
     char *type;
     char *fname;
     FILE *outfile = NULL;
     int i;
 
-    fname = PR_GetEnv("NSS_OUTPUT_FILE");
+    fname = PR_GetEnvSecure("NSS_OUTPUT_FILE");
     if (fname) {
 	/* need to add an optional process id to the filename */
 	outfile = fopen(fname,"w+");
     }
     if (!outfile) {
 	outfile = stdout;
     }
 	
--- a/security/nss/lib/pk11wrap/pk11akey.c
+++ b/security/nss/lib/pk11wrap/pk11akey.c
@@ -163,17 +163,17 @@ PK11_ImportPublicKey(PK11SlotInfo *slot,
         case ecKey:
 	    keyType = CKK_EC;
 	    PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));attrs++;
 	    PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));attrs++;
  	    signedattr = attrs;
 	    PK11_SETATTRS(attrs, CKA_EC_PARAMS, 
 		          pubKey->u.ec.DEREncodedParams.data,
 		          pubKey->u.ec.DEREncodedParams.len); attrs++;
-	    if (PR_GetEnv("NSS_USE_DECODED_CKA_EC_POINT")) {
+	    if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) {
 	    	PK11_SETATTRS(attrs, CKA_EC_POINT, 
 			  pubKey->u.ec.publicValue.data,
 			  pubKey->u.ec.publicValue.len); attrs++;
 	    } else {
 		pubValue = SEC_ASN1EncodeItem(NULL, NULL,
 			&pubKey->u.ec.publicValue,
 			SEC_ASN1_GET(SEC_OctetStringTemplate));
 		if (pubValue == NULL) {
--- a/security/nss/lib/pk11wrap/pk11load.c
+++ b/security/nss/lib/pk11wrap/pk11load.c
@@ -461,17 +461,17 @@ secmod_LoadPKCS11Module(SECMODModule *mo
     /*
      * We need to get the function list
      */
     if ((*entry)((CK_FUNCTION_LIST_PTR *)&mod->functionList) != CKR_OK) 
 								goto fail;
 
 #ifdef DEBUG_MODULE
     if (PR_TRUE) {
-	modToDBG = PR_GetEnv("NSS_DEBUG_PKCS11_MODULE");
+	modToDBG = PR_GetEnvSecure("NSS_DEBUG_PKCS11_MODULE");
 	if (modToDBG && strcmp(mod->commonName, modToDBG) == 0) {
 	    mod->functionList = (void *)nss_InsertDeviceLog(
 	                           (CK_FUNCTION_LIST_PTR)mod->functionList);
 	}
     }
 #endif
 
     mod->isThreadSafe = PR_TRUE;
@@ -553,17 +553,17 @@ secmod_LoadPKCS11Module(SECMODModule *mo
     mod->moduleID = nextModuleID++;
     return SECSuccess;
 fail2:
     if (enforceAlreadyInitializedError || (!alreadyLoaded)) {
         PK11_GETTAB(mod)->C_Finalize(NULL);
     }
 fail:
     mod->functionList = NULL;
-    disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
     if (library && !disableUnload) {
         PR_UnloadLibrary(library);
     }
     return SECFailure;
 }
 
 SECStatus
 SECMOD_UnloadModule(SECMODModule *mod) {
@@ -582,17 +582,17 @@ SECMOD_UnloadModule(SECMODModule *mod) {
     mod->loaded = PR_FALSE;
     
     /* do we want the semantics to allow unloading the internal library?
      * if not, we should change this to SECFailure and move it above the
      * mod->loaded = PR_FALSE; */
     if (mod->internal && (mod->dllName == NULL)) {
         if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
           if (softokenLib) {
-              disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+              disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
               if (!disableUnload) {
 #ifdef DEBUG
                   PRStatus status = PR_UnloadLibrary(softokenLib);
                   PORT_Assert(PR_SUCCESS == status);
 #else
                   PR_UnloadLibrary(softokenLib);
 #endif
               }
@@ -604,17 +604,17 @@ SECMOD_UnloadModule(SECMODModule *mod) {
     }
 
     library = (PRLibrary *)mod->library;
     /* paranoia */
     if (library == NULL) {
 	return SECFailure;
     }
 
-    disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
     if (!disableUnload) {
         PR_UnloadLibrary(library);
     }
     return SECSuccess;
 }
 
 void
 nss_DumpModuleLog(void)
--- a/security/nss/lib/pk11wrap/pk11pars.c
+++ b/security/nss/lib/pk11wrap/pk11pars.c
@@ -1081,17 +1081,17 @@ secmod_configIsDBM(char *configDir)
 	return PR_TRUE;
     }
     /* explicit open of a non-dbm database */
     if ((strncmp(configDir, "sql:",4) == 0) 
 	|| (strncmp(configDir, "rdb:", 4) == 0)
 	|| (strncmp(configDir, "extern:", 7) == 0)) {
 	return PR_FALSE;
     }
-    env = PR_GetEnv("NSS_DEFAULT_DB_TYPE");
+    env = PR_GetEnvSecure("NSS_DEFAULT_DB_TYPE");
     /* implicit dbm open */
     if ((env == NULL) || (strcmp(env,"dbm") == 0)) {
 	return PR_TRUE;
     }
     /* implicit non-dbm open */
     return PR_FALSE;
 }
 
--- a/security/nss/lib/pk11wrap/pk11util.c
+++ b/security/nss/lib/pk11wrap/pk11util.c
@@ -79,17 +79,17 @@ SECMOD_Shutdown()
     }
 
     /* make all the slots and the lists go away */
     PK11_DestroySlotLists();
 
     nss_DumpModuleLog();
 
 #ifdef DEBUG
-    if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) {
+    if (PR_GetEnvSecure("NSS_STRICT_SHUTDOWN")) {
 	PORT_Assert(secmod_PrivateModuleCount == 0);
     }
 #endif
     if (secmod_PrivateModuleCount) {
     	PORT_SetError(SEC_ERROR_BUSY);
 	return SECFailure;
     }
     return SECSuccess;
--- a/security/nss/lib/softoken/fipstokn.c
+++ b/security/nss/lib/softoken/fipstokn.c
@@ -431,17 +431,17 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserve
     CK_RV crv;
 
     sftk_ForkReset(pReserved, &crv);
 
     if (nsf_init) {
 	return CKR_CRYPTOKI_ALREADY_INITIALIZED;
     }
 
-    if ((envp = PR_GetEnv("NSS_ENABLE_AUDIT")) != NULL) {
+    if ((envp = PR_GetEnvSecure("NSS_ENABLE_AUDIT")) != NULL) {
 	sftk_audit_enabled = (atoi(envp) == 1);
     }
 
     crv = nsc_CommonInitialize(pReserved, PR_TRUE);
 
     /* not an 'else' rv can be set by either SFTK_LowInit or SFTK_SlotInit*/
     if (crv != CKR_OK) {
 	sftk_fatalError = PR_TRUE;
--- a/security/nss/lib/softoken/legacydb/lgattr.c
+++ b/security/nss/lib/softoken/legacydb/lgattr.c
@@ -566,17 +566,17 @@ lg_FindECPublicKeyAttribute(NSSLOWKEYPub
     case CKA_VERIFY_RECOVER:
     case CKA_WRAP:
 	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
     case CKA_EC_PARAMS:
 	return lg_CopyAttributeSigned(attribute,type,
 					key->u.ec.ecParams.DEREncoding.data,
 					key->u.ec.ecParams.DEREncoding.len);
     case CKA_EC_POINT:
-	if (getenv("NSS_USE_DECODED_CKA_EC_POINT")) {
+	if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) {
 	    return lg_CopyAttributeSigned(attribute, type,
 					key->u.ec.publicValue.data,
 					key->u.ec.publicValue.len);
 	} else {
 	    SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL, 
 					&(key->u.ec.publicValue), 
 					SEC_ASN1_GET(SEC_OctetStringTemplate));
 	    CK_RV crv;
--- a/security/nss/lib/softoken/legacydb/lginit.c
+++ b/security/nss/lib/softoken/legacydb/lginit.c
@@ -163,17 +163,17 @@ DB * rdbopen(const char *appName, const 
 	db = (*lg_rdbfunc)(appName,prefix,type,rdbmapflags(flags));
 	if (!db && status && lg_rdbstatusfunc) {
 	    *status = (*lg_rdbstatusfunc)();
 	}
 	return db;
     }
 
     /* couldn't find the entry point, unload the library and fail */
-    disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
     if (!disableUnload) {
         PR_UnloadLibrary(lib);
     }
     return NULL;
 }
 
 /*
  * the following data structures are from rdb.h.
--- a/security/nss/lib/softoken/lgglue.c
+++ b/security/nss/lib/softoken/lgglue.c
@@ -413,17 +413,17 @@ sftkdbCall_Shutdown(void)
 	return CKR_OK;
     }
     if (legacy_glue_shutdown) {
 #ifdef NO_FORK_CHECK
 	PRBool parentForkedAfterC_Initialize = PR_FALSE;
 #endif
 	crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize);
     }
-    disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
     if (!disableUnload) {
         PR_UnloadLibrary(legacy_glue_lib);
     }
     legacy_glue_lib = NULL;
     legacy_glue_open = NULL;
     legacy_glue_readSecmod = NULL;
     legacy_glue_releaseSecmod = NULL;
     legacy_glue_deleteSecmod = NULL;
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -31,16 +31,17 @@
 #include "pkcs11t.h"
 #include "secoid.h"
 #include "alghmac.h"
 #include "softoken.h"
 #include "secasn1.h"
 #include "secerr.h"
 
 #include "prprf.h"
+#include "prenv.h"
 
 #define __PASTE(x,y)    x##y
 
 /*
  * we renamed all our internal functions, get the correct
  * definitions for them...
  */ 
 #undef CK_PKCS11_FUNCTION_INFO
@@ -4765,17 +4766,17 @@ dhgn_done:
 	if (rv != SECSuccess) { 
 	    if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
 		sftk_fatalError = PR_TRUE;
 	    }
 	    crv = sftk_MapCryptError(PORT_GetError());
 	    break;
 	}
 
-	if (getenv("NSS_USE_DECODED_CKA_EC_POINT")) {
+	if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) {
 	    crv = sftk_AddAttributeType(publicKey, CKA_EC_POINT, 
 				sftk_item_expand(&ecPriv->publicValue));
 	} else {
 	    SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL, 
 					&ecPriv->publicValue, 
 					SEC_ASN1_GET(SEC_OctetStringTemplate));
 	    if (!pubValue) {
 		crv = CKR_ARGUMENTS_BAD;
--- a/security/nss/lib/softoken/sdb.c
+++ b/security/nss/lib/softoken/sdb.c
@@ -230,17 +230,17 @@ sdb_getFallbackTempDir(void)
         "/tmp",
         NULL     /* List terminator */
     };
     unsigned int i;
     struct stat buf;
     const char *zDir = NULL;
 
     azDirs[0] = sqlite3_temp_directory;
-    azDirs[1] = getenv("TMPDIR");
+    azDirs[1] = PR_GetEnvSecure("TMPDIR");
 
     for (i = 0; i < PR_ARRAY_SIZE(azDirs); i++) {
         zDir = azDirs[i];
         if (zDir == NULL) continue;
         if (stat(zDir, &buf)) continue;
         if (!S_ISDIR(buf.st_mode)) continue;
         if (access(zDir, 07)) continue;
         break;
@@ -1857,17 +1857,17 @@ sdb_init(char *dbname, char *table, sdbD
       *
       * NSS_SDB_USE_CACHE environment variable is set to "yes": cache will
       *   always be used.
       *
       * It is expected that most applications would use the "auto" selection,
       * the environment variable is primarily to simplify testing, and to 
       * correct potential corner cases where  */
 
-     env = PR_GetEnv("NSS_SDB_USE_CACHE");
+     env = PR_GetEnvSecure("NSS_SDB_USE_CACHE");
 
      if (env && PORT_Strcasecmp(env,"no") == 0) {
 	enableCache = PR_FALSE;
      } else if (env && PORT_Strcasecmp(env,"yes") == 0) {
 	enableCache = PR_TRUE;
      } else {
 	char *tempDir = NULL;
 	PRUint32 tempOps = 0;
@@ -2008,17 +2008,17 @@ s_open(const char *directory, const char
     }
 #endif
 
     /* how long does it take to test for a non-existant file in our working
      * directory? Allows us to test if we may be on a network file system */
     accessOps = 1;
     {
         char *env;
-        env = PR_GetEnv("NSS_SDB_USE_CACHE");
+        env = PR_GetEnvSecure("NSS_SDB_USE_CACHE");
         /* If the environment variable is set to yes or no, sdb_init() will
          * ignore the value of accessOps, and we can skip the measuring.*/
         if (!env || ((PORT_Strcasecmp(env, "no") != 0) &&
                      (PORT_Strcasecmp(env, "yes") != 0))){
            accessOps = sdb_measureAccess(directory);
         }
     }
 
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -20,16 +20,16 @@
 
 /*
  * Softoken's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION  "3.22" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION  "3.23" SOFTOKEN_ECC_STRING " Beta"
 #define SOFTOKEN_VMAJOR   3
-#define SOFTOKEN_VMINOR   22
+#define SOFTOKEN_VMINOR   23
 #define SOFTOKEN_VPATCH   0
 #define SOFTOKEN_VBUILD   0
-#define SOFTOKEN_BETA     PR_FALSE
+#define SOFTOKEN_BETA     PR_TRUE
 
 #endif /* _SOFTKVER_H_ */
--- a/security/nss/lib/softoken/softoken.h
+++ b/security/nss/lib/softoken/softoken.h
@@ -147,17 +147,17 @@ extern PRBool sftk_fatalError;
 ** macros to check for forked child process after C_Initialize
 */
 #if defined(XP_UNIX) && !defined(NO_FORK_CHECK)
 
 #ifdef DEBUG
 
 #define FORK_ASSERT() \
     { \
-        char* forkAssert = getenv("NSS_STRICT_NOFORK"); \
+        char* forkAssert = PR_GetEnvSecure("NSS_STRICT_NOFORK"); \
         if ( (!forkAssert) || (0 == strcmp(forkAssert, "1")) ) { \
             PORT_Assert(0); \
         } \
     }
 
 #else
 
 #define FORK_ASSERT()
@@ -234,17 +234,17 @@ extern PRBool sftkForkCheckDisabled;
             return CKR_DEVICE_ERROR; \
         } \
     } while (0)
 
 #define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x
 
 #define ENABLE_FORK_CHECK() \
     { \
-        char* doForkCheck = getenv("NSS_STRICT_NOFORK"); \
+        char* doForkCheck = PR_GetEnvSecure("NSS_STRICT_NOFORK"); \
         if ( doForkCheck && !strcmp(doForkCheck, "DISABLED") ) { \
             sftkForkCheckDisabled = PR_TRUE; \
         } \
     }
 
 
 #else
 
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -10160,26 +10160,26 @@ get_fake_cert(SECItem *pCertItem, int *p
     const char *extension;
     int         fileNum;
     PRInt32     numBytes   = 0;
     PRStatus    prStatus;
     PRFileInfo  info;
     char        cfn[100];
 
     pCertItem->data = 0;
-    if ((testdir = PR_GetEnv("NISCC_TEST")) == NULL) {
+    if ((testdir = PR_GetEnvSecure("NISCC_TEST")) == NULL) {
 	return SECSuccess;
     }
     *pIndex   = (NULL != strstr(testdir, "root"));
     extension = (strstr(testdir, "simple") ? "" : ".der");
     fileNum     = PR_ATOMIC_INCREMENT(&connNum) - 1;
-    if ((startat = PR_GetEnv("START_AT")) != NULL) {
+    if ((startat = PR_GetEnvSecure("START_AT")) != NULL) {
 	fileNum += atoi(startat);
     }
-    if ((stopat = PR_GetEnv("STOP_AT")) != NULL && 
+    if ((stopat = PR_GetEnvSecure("STOP_AT")) != NULL && 
 	fileNum >= atoi(stopat)) {
 	*pIndex = -1;
 	return SECSuccess;
     }
     sprintf(cfn, "%s/%08d%s", testdir, fileNum, extension);
     cf = PR_Open(cfn, PR_RDONLY, 0);
     if (!cf) {
 	goto loser;
--- a/security/nss/lib/ssl/sslsnce.c
+++ b/security/nss/lib/ssl/sslsnce.c
@@ -1523,17 +1523,17 @@ SSL_InheritMPServerSIDCacheInstance(cach
 
     ssl_InitSessionCacheLocks(PR_FALSE);
 
     ssl_sid_lookup  = ServerSessionIDLookup;
     ssl_sid_cache   = ServerSessionIDCache;
     ssl_sid_uncache = ServerSessionIDUncache;
 
     if (!envString) {
-    	envString  = getenv(envVarName);
+    	envString  = PR_GetEnvSecure(envVarName);
 	if (!envString) {
 	    SET_ERROR_CODE
 	    return SECFailure;
 	}
     }
     myEnvString = PORT_Strdup(envString);
     if (!myEnvString) 
 	return SECFailure;
@@ -1742,17 +1742,17 @@ LockPoller(void * arg)
 /* Launch thread to poll cache for expired locks */
 static SECStatus 
 LaunchLockPoller(cacheDesc *cache)
 {
     const char * timeoutString;
     PRThread *   pollerThread;
 
     cache->mutexTimeout = SID_LOCK_EXPIRATION_TIMEOUT;
-    timeoutString       = getenv("NSS_SSL_SERVER_CACHE_MUTEX_TIMEOUT");
+    timeoutString       = PR_GetEnvSecure("NSS_SSL_SERVER_CACHE_MUTEX_TIMEOUT");
     if (timeoutString) {
 	long newTime = strtol(timeoutString, 0, 0);
 	if (newTime == 0) 
 	    return SECSuccess;  /* application doesn't want poller thread */
 	if (newTime > 0)
 	    cache->mutexTimeout = (PRUint32)newTime;
 	/* if error (newTime < 0) ignore it and use default */
     }
--- a/security/nss/lib/ssl/sslsock.c
+++ b/security/nss/lib/ssl/sslsock.c
@@ -3327,84 +3327,84 @@ ssl_SetDefaultsFromEnvironment(void)
 {
 #if defined( NSS_HAVE_GETENV )
     static int firsttime = 1;
 
     if (firsttime) {
         char * ev;
         firsttime = 0;
 #ifdef DEBUG
-        ev = getenv("SSLDEBUGFILE");
+        ev = PR_GetEnvSecure("SSLDEBUGFILE");
         if (ev && ev[0]) {
             ssl_trace_iob = fopen(ev, "w");
         }
         if (!ssl_trace_iob) {
             ssl_trace_iob = stderr;
         }
 #ifdef TRACE
-        ev = getenv("SSLTRACE");
+        ev = PR_GetEnvSecure("SSLTRACE");
         if (ev && ev[0]) {
             ssl_trace = atoi(ev);
             SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
         }
 #endif /* TRACE */
-        ev = getenv("SSLDEBUG");
+        ev = PR_GetEnvSecure("SSLDEBUG");
         if (ev && ev[0]) {
             ssl_debug = atoi(ev);
             SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
         }
 #endif /* DEBUG */
-        ev = getenv("SSLKEYLOGFILE");
+        ev = PR_GetEnvSecure("SSLKEYLOGFILE");
         if (ev && ev[0]) {
             ssl_keylog_iob = fopen(ev, "a");
             if (!ssl_keylog_iob) {
                 SSL_TRACE(("SSL: failed to open key log file"));
             } else {
                 if (ftell(ssl_keylog_iob) == 0) {
                     fputs("# SSL/TLS secrets log file, generated by NSS\n",
                           ssl_keylog_iob);
                 }
                 SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
             }
         }
 #ifndef NO_PKCS11_BYPASS
-        ev = getenv("SSLBYPASS");
+        ev = PR_GetEnvSecure("SSLBYPASS");
         if (ev && ev[0]) {
             ssl_defaults.bypassPKCS11 = (ev[0] == '1');
             SSL_TRACE(("SSL: bypass default set to %d", \
                       ssl_defaults.bypassPKCS11));
         }
 #endif /* NO_PKCS11_BYPASS */
-        ev = getenv("SSLFORCELOCKS");
+        ev = PR_GetEnvSecure("SSLFORCELOCKS");
         if (ev && ev[0] == '1') {
             ssl_force_locks = PR_TRUE;
             ssl_defaults.noLocks = 0;
             strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED.  ");
             SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
         }
-        ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION");
+        ev = PR_GetEnvSecure("NSS_SSL_ENABLE_RENEGOTIATION");
         if (ev) {
             if (ev[0] == '1' || LOWER(ev[0]) == 'u')
                 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
             else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
                 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
             else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
                 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
             else if (ev[0] == '3' || LOWER(ev[0]) == 't')
                 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
             SSL_TRACE(("SSL: enableRenegotiation set to %d",
                        ssl_defaults.enableRenegotiation));
         }
-        ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
+        ev = PR_GetEnvSecure("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
         if (ev && ev[0] == '1') {
             ssl_defaults.requireSafeNegotiation = PR_TRUE;
             SSL_TRACE(("SSL: requireSafeNegotiation set to %d",
                         PR_TRUE));
         }
-        ev = getenv("NSS_SSL_CBC_RANDOM_IV");
+        ev = PR_GetEnvSecure("NSS_SSL_CBC_RANDOM_IV");
         if (ev && ev[0] == '0') {
             ssl_defaults.cbcRandomIV = PR_FALSE;
             SSL_TRACE(("SSL: cbcRandomIV set to 0"));
         }
     }
 #endif /* NSS_HAVE_GETENV */
 }
 
--- a/security/nss/lib/sysinit/nsssysinit.c
+++ b/security/nss/lib/sysinit/nsssysinit.c
@@ -1,15 +1,16 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "seccomon.h"
 #include "prio.h"
 #include "prprf.h"
 #include "plhash.h"
+#include "prenv.h"
 
 /*
  * The following provides a default example for operating systems to set up
  * and manage applications loading NSS on their OS globally.
  *
  * This code hooks in to the system pkcs11.txt, which controls all the loading
  * of pkcs11 modules common to all applications.
  */
@@ -36,17 +37,17 @@ testdir(char *dir)
    return S_ISDIR(buf.st_mode);
 }
 
 #define NSS_USER_PATH1 "/.pki"
 #define NSS_USER_PATH2 "/nssdb"
 static char *
 getUserDB(void)
 {
-   char *userdir = getenv("HOME");
+   char *userdir = PR_GetEnvSecure("HOME");
    char *nssdir = NULL;
 
    if (userdir == NULL) {
 	return NULL;
    }
 
    nssdir = PORT_Alloc(strlen(userdir)
 		+sizeof(NSS_USER_PATH1)+sizeof(NSS_USER_PATH2));
@@ -128,17 +129,17 @@ userCanModifySystemDB()
 #else
 #error "Need to write getUserDB, SystemDB, userIsRoot, and userCanModifySystemDB functions"
 #endif
 #endif
 
 static PRBool 
 getFIPSEnv(void)
 {
-    char *fipsEnv = getenv("NSS_FIPS");
+    char *fipsEnv = PR_GetEnvSecure("NSS_FIPS");
     if (!fipsEnv) {
 	return PR_FALSE;
     }
     if ((strcasecmp(fipsEnv,"fips") == 0) ||
 	(strcasecmp(fipsEnv,"true") == 0) ||
 	(strcasecmp(fipsEnv,"on") == 0) ||
 	(strcasecmp(fipsEnv,"1") == 0)) {
 	 return PR_TRUE;
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -14,22 +14,22 @@
 
 /*
  * NSS utilities's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION  "3.22"
+#define NSSUTIL_VERSION  "3.23 Beta"
 #define NSSUTIL_VMAJOR   3
-#define NSSUTIL_VMINOR   22
+#define NSSUTIL_VMINOR   23
 #define NSSUTIL_VPATCH   0
 #define NSSUTIL_VBUILD   0
-#define NSSUTIL_BETA     PR_FALSE
+#define NSSUTIL_BETA     PR_TRUE
 
 SEC_BEGIN_PROTOS
 
 /*
  * Returns a const string of the UTIL library version.
  */
 extern const char *NSSUTIL_GetVersion(void);
 
--- a/security/nss/lib/util/secoid.c
+++ b/security/nss/lib/util/secoid.c
@@ -1985,32 +1985,32 @@ SECOID_Init(void)
 
 #define NSS_VERSION_VARIABLE __nss_util_version
 #include "verref.h"
 
     if (oidhash) {
 	return SECSuccess; /* already initialized */
     }
 
-    if (!PR_GetEnv("NSS_ALLOW_WEAK_SIGNATURE_ALG")) {
+    if (!PR_GetEnvSecure("NSS_ALLOW_WEAK_SIGNATURE_ALG")) {
 	/* initialize any policy flags that are disabled by default */
 	xOids[SEC_OID_MD2                           ].notPolicyFlags = ~0;
 	xOids[SEC_OID_MD4                           ].notPolicyFlags = ~0;
 	xOids[SEC_OID_MD5                           ].notPolicyFlags = ~0;
 	xOids[SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
 	xOids[SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
 	xOids[SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
 	xOids[SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC].notPolicyFlags = ~0;
 	xOids[SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC].notPolicyFlags = ~0;
     }
 
     /* turn off NSS_USE_POLICY_IN_SSL by default */
     xOids[SEC_OID_APPLY_SSL_POLICY].notPolicyFlags = NSS_USE_POLICY_IN_SSL;
 
-    envVal = PR_GetEnv("NSS_HASH_ALG_SUPPORT");
+    envVal = PR_GetEnvSecure("NSS_HASH_ALG_SUPPORT");
     if (envVal)
     	handleHashAlgSupport(envVal);
 
     if (secoid_InitDynOidData() != SECSuccess) {
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         PORT_Assert(0); /* this function should never fail */
     	return SECFailure;
     }
--- a/security/nss/lib/util/secport.c
+++ b/security/nss/lib/util/secport.c
@@ -316,17 +316,17 @@ PORT_FreeArena(PLArenaPool *arena, PRBoo
     	return;
     if (ARENAPOOL_MAGIC == pool->magic ) {
 	len  = sizeof *pool;
 	lock = pool->lock;
 	PZ_Lock(lock);
     }
     if (!checkedEnv) {
 	/* no need for thread protection here */
-	doFreeArenaPool = (PR_GetEnv("NSS_DISABLE_ARENA_FREE_LIST") == NULL);
+	doFreeArenaPool = (PR_GetEnvSecure("NSS_DISABLE_ARENA_FREE_LIST") == NULL);
 	checkedEnv = PR_TRUE;
     }
     if (zero) {
 	PL_ClearArenaPool(arena, 0);
     }
     if (doFreeArenaPool) {
 	PL_FreeArenaPool(arena);
     } else {
--- a/security/nss/lib/util/utilpars.c
+++ b/security/nss/lib/util/utilpars.c
@@ -1078,17 +1078,17 @@ const char *
     } else if (PORT_Strncmp(configdir, EXTERNDB, sizeof(EXTERNDB)-1) == 0) {
 	dbType = NSS_DB_TYPE_EXTERN;
 	configdir = configdir + sizeof(EXTERNDB) -1;
     } else if (PORT_Strncmp(configdir, LEGACY, sizeof(LEGACY)-1) == 0) {
 	dbType = NSS_DB_TYPE_LEGACY;
 	configdir = configdir + sizeof(LEGACY) -1;
     } else {
 	/* look up the default from the environment */
-	char *defaultType = PR_GetEnv("NSS_DEFAULT_DB_TYPE");
+	char *defaultType = PR_GetEnvSecure("NSS_DEFAULT_DB_TYPE");
 	if (defaultType != NULL) {
 	    if (PORT_Strncmp(defaultType, SQLDB, sizeof(SQLDB)-2) == 0) {
 		dbType = NSS_DB_TYPE_SQL;
 	    } else if (PORT_Strncmp(defaultType,EXTERNDB,sizeof(EXTERNDB)-2)==0) {
 		dbType = NSS_DB_TYPE_EXTERN;
 	    } else if (PORT_Strncmp(defaultType, LEGACY, sizeof(LEGACY)-2) == 0) {
 		dbType = NSS_DB_TYPE_LEGACY;
 	    }