Bug 1594931 - Stop compiling NSS' DBM legacy database r=kjacobs,keeler,mhowell,MattN
☠☠ backed out by feb4df107c5c ☠ ☠
authorJ.C. Jones <jjones@mozilla.com>
Fri, 13 Dec 2019 19:00:35 +0000
changeset 506939 7d55de92c19467fbc969ba68598d11d4fa305f3d
parent 506938 4d1e8e519010dc27b14e5d6f6ac22475732c0e78
child 506940 b51ab5405feb00b22317026ca65662d1288f7ccf
push id36917
push userdluca@mozilla.com
push dateSat, 14 Dec 2019 09:41:39 +0000
treeherdermozilla-central@0c3bc698f640 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskjacobs, keeler, mhowell, MattN
bugs1594931
milestone73.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1594931 - Stop compiling NSS' DBM legacy database r=kjacobs,keeler,mhowell,MattN This change removes the legacy libnssdbm database that we migrated away from since Firefox 60. This change modifies all tests that use key3/cert8 to use the new files. It removes test_sdr_upgraded_with_password, as without the upgrade part that is now the same test as test_sdr_preexisting_with_password. It otherwise removes support for libnssdbm everywhere in Gecko. Differential Revision: https://phabricator.services.mozilla.com/D55708
browser/installer/Makefile.in
browser/installer/package-manifest.in
mobile/android/installer/Makefile.in
mobile/android/installer/package-manifest.in
modules/libmar/tests/unit/data/cert8.db
modules/libmar/tests/unit/data/cert9.db
modules/libmar/tests/unit/data/key3.db
modules/libmar/tests/unit/data/key4.db
modules/libmar/tests/unit/data/secmod.db
python/mozbuild/mozbuild/artifacts.py
security/manager/ssl/moz.build
security/manager/ssl/tests/unit/test_broken_fips.js
security/manager/ssl/tests/unit/test_broken_fips/key3.db
security/manager/ssl/tests/unit/test_broken_fips/key4.db
security/manager/ssl/tests/unit/test_broken_fips/pkcs11.txt
security/manager/ssl/tests/unit/test_broken_fips/secmod.db
security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js
security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert8.db
security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key3.db
security/manager/ssl/tests/unit/test_sdr_preexisting.js
security/manager/ssl/tests/unit/test_sdr_preexisting/key3.db
security/manager/ssl/tests/unit/test_sdr_preexisting/key4.db
security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js
security/manager/ssl/tests/unit/test_sdr_preexisting_with_password/key3.db
security/manager/ssl/tests/unit/test_sdr_preexisting_with_password/key4.db
security/manager/ssl/tests/unit/test_sdr_upgraded_with_password.js
security/manager/ssl/tests/unit/test_sdr_upgraded_with_password/cert8.db
security/manager/ssl/tests/unit/test_sdr_upgraded_with_password/cert9.db
security/manager/ssl/tests/unit/test_sdr_upgraded_with_password/key3.db
security/manager/ssl/tests/unit/test_sdr_upgraded_with_password/key4.db
security/manager/ssl/tests/unit/xpcshell.ini
security/moz.build
toolkit/components/passwordmgr/test/unit/data/key3.db
toolkit/components/passwordmgr/test/unit/head.js
toolkit/moz.build
toolkit/moz.configure
toolkit/nss.configure
--- a/browser/installer/Makefile.in
+++ b/browser/installer/Makefile.in
@@ -40,20 +40,16 @@ endif
 ifdef MOZ_SYSTEM_NSPR
 DEFINES += -DMOZ_SYSTEM_NSPR=1
 endif
 
 ifdef MOZ_SYSTEM_NSS
 DEFINES += -DMOZ_SYSTEM_NSS=1
 endif
 
-ifdef NSS_DISABLE_DBM
-DEFINES += -DNSS_DISABLE_DBM=1
-endif
-
 ifdef MOZ_ARTIFACT_BUILDS
 DEFINES += -DMOZ_ARTIFACT_BUILDS=1
 endif
 
 ifdef MOZ_EME_WIN32_ARTIFACT
 DEFINES += -DMOZ_EME_WIN32_ARTIFACT=1
 endif
 
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -356,19 +356,16 @@
 #elif defined(XP_SOLARIS) && defined(SPARC64)
 bin/libfreebl_64fpu_3.so
 bin/libfreebl_64int_3.so
 #else
 @BINPATH@/@DLL_PREFIX@freebl3@DLL_SUFFIX@
 #endif
 @BINPATH@/@DLL_PREFIX@nss3@DLL_SUFFIX@
 @BINPATH@/@DLL_PREFIX@nssckbi@DLL_SUFFIX@
-#ifndef NSS_DISABLE_DBM
-@BINPATH@/@DLL_PREFIX@nssdbm3@DLL_SUFFIX@
-#endif
 #ifndef MOZ_FOLD_LIBS
 @BINPATH@/@DLL_PREFIX@nssutil3@DLL_SUFFIX@
 @BINPATH@/@DLL_PREFIX@smime3@DLL_SUFFIX@
 @BINPATH@/@DLL_PREFIX@ssl3@DLL_SUFFIX@
 #endif
 @BINPATH@/@DLL_PREFIX@softokn3@DLL_SUFFIX@
 #endif
 @RESPATH@/chrome/pippki@JAREXT@
--- a/mobile/android/installer/Makefile.in
+++ b/mobile/android/installer/Makefile.in
@@ -25,20 +25,16 @@ MOZ_CHROME_LOCALE_ENTRIES=@BINPATH@/chro
 DEFINES += \
   -DMOZ_APP_NAME=$(MOZ_APP_NAME) \
   -DPREF_DIR=$(PREF_DIR) \
   -DJAREXT= \
   -DMOZ_CHILD_PROCESS_NAME=$(MOZ_CHILD_PROCESS_NAME) \
   -DANDROID_CPU_ARCH=$(ANDROID_CPU_ARCH) \
   $(NULL)
 
-ifdef NSS_DISABLE_DBM
-DEFINES += -DNSS_DISABLE_DBM=1
-endif
-
 ifdef MOZ_DEBUG
 DEFINES += -DMOZ_DEBUG=1
 endif
 
 ifdef MOZ_ANDROID_EXCLUDE_FONTS
 DEFINES += -DMOZ_ANDROID_EXCLUDE_FONTS=1
 endif
 
--- a/mobile/android/installer/package-manifest.in
+++ b/mobile/android/installer/package-manifest.in
@@ -66,22 +66,16 @@
 @BINPATH@/@DLL_PREFIX@ssl3@DLL_SUFFIX@
 #endif
 @BINPATH@/@DLL_PREFIX@softokn3@DLL_SUFFIX@
 @BINPATH@/@DLL_PREFIX@freebl3@DLL_SUFFIX@
 #ifndef CROSS_COMPILE
 @BINPATH@/@DLL_PREFIX@freebl3.chk
 @BINPATH@/@DLL_PREFIX@softokn3.chk
 #endif
-#ifndef NSS_DISABLE_DBM
-@BINPATH@/@DLL_PREFIX@nssdbm3@DLL_SUFFIX@
-#ifndef CROSS_COMPILE
-@BINPATH@/@DLL_PREFIX@nssdbm3.chk
-#endif
-#endif
 
 #ifndef MOZ_FOLD_LIBS
 @BINPATH@/@DLL_PREFIX@mozsqlite3@DLL_SUFFIX@
 #endif
 
 @BINPATH@/@DLL_PREFIX@mozglue@DLL_SUFFIX@
 # This should be MOZ_CHILD_PROCESS_NAME, but that has a "lib/" prefix.
 @BINPATH@/@MOZ_CHILD_PROCESS_NAME@
deleted file mode 100644
index d1ed9300dbd081e81fe09c961b1ac11e5b1ab440..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..e0d6191e64c4bc012336d5befc9a2bd89e63aa27
GIT binary patch
literal 36864
zc%1E=2|QI>+rZDnaSUghazw*1q@*~L<H&H088gdJ6jBHwWC|f7Q$)gzo1sw}P)bD+
zMJml2q-2UTiB!C2Z@o@+b%*c!y>H*|yX*h6pZ%=$tmoNlZOdAFt#fQ^OH<E4ck<c|
z0X{B)WI9R^g+`;a$Yc}>g<&5A6bCN$f%__rM*TS$l%j0305po?=IurCy@eY1j`Df&
zEo3JE000000001h{~%i2+$7Rmw1cPb8ut*l^)8-kd^c{i2y*rIbi?af>1*5Qla0*u
z^zF%rjcjg4p0bk{xKJrHc}*@Pf-Mrk+r`!0d#VKYHxUrq_YvswdN^*9<Xp59;=eJ-
z)yv&2aH<5?Hxa&Ae_so#yf&7bH1pr>@Z7jD$UR`H2=1F8lg963u&DA0=4d==?p$=L
zPoRsdxBHZJO2K@IW23EOs{ge&`^H#U87<Scav+=NJCJS7j4W;S;VbBxn=Lgp(zPLL
z>zG^FEF!y5*aww;(AWnZ){zW2hYDx0;3Nx9vXCTPgvEe`GAx*|P=N&t7OJptfrTqu
zs3M^#lM;zYp&@eeIt)ZABa(?o6-2TSsftJ!M7ko<4XM~<^(O0w=(I^4iA+Nx(~!tC
zBr*+&OhY2mkjQkzi;j5F5idI8MMu1th?R+0nTVB%SecVnBqkGyse+VbO-kerA}ys+
zCUw}ChSZipVM9Zz{6$6XHBy?6l%^x48I;M=lLaSp=!j$>QW=r(wHe4&8OT)`$nQlN
z@l{5Al_`@su&<lDGMzzJrgBsoNByb*gQF^QR3=AN;i#-BmC12qa@?34Hzvo8`ENHS
zr#ehdb(oy$Fgev>a;n4RRENo_4wF+IwyMfeT{x;MM|I<<YdESqM_oImA{}8;b>&pY
z6|T-2Wf#gCSLBYfC<vVU%S8GuO?4_mg>#ox81hsMH%Wgk8Z|kz_<OTg^s8Kg0yiM(
zRa1Y!tEf{dmOUi$z~dsks7FH|VU;j>0ssI200000000000Pz0{9vm+UUicqHK^LH-
zP&L#HJ%WayTTnMN`m^f>00000000000002MKNlV>4lVe=PJ#d{LealO@*p|I>$35%
zB3n)J;f57;w!#G~^VkXwRy5cO7FOh{NWK_67Dv!zE0gPgdlcjfIYIVNFLVv6gz}&*
z(7K=9QUCw|00000000000RHcT!=lgxSn$9CKNHJDQ$(mj6o?yZi^GcWEDI&;x(5W(
zxqoQk`jLf(`=JFZj%A=J!c;*DangeSV!@EG48nAV$@PB<3VH_BLnZ9>|7GYP^edFb
z&H?}c0000000000008ix0FM<$m!KR8U(P&V&UknW;SV+nVDlgB3Bcw*S^pnFLGPib
zP%HEjYKJaC=b$Qf761SM00000000000Dzyuk2VOtoVoe15@?@LH)L1fOCFAsN5g)}
z!w|6Igvq?g_5Vuv^Zy2DA9Mvug?gbN=rB7A000000000000000z+V9VGJb;-V^g?l
zfX*Uw%5D=>>M&{Bp)~~9aH2Gt?u6Urf;-1^e^|}wf_R^;HV<qNlzbPuq@~P(8fYaS
z&ZAP5X{W6=`3-;{#hd&Bz>j=6pZ`yHNdXl6zY3-(-dMr`+<dkI0090+Y_Z3M;zWr=
zVK~8*_<PR8zg1e44dTUEG?@Xv=A+eG*BXr~K{-zQJs=DhYTtY-Q8ZkNeb|0ETcZ+|
zh3?4|e<UK;<9Uzo_}gZET%|&4@!SI;Pt}|1_TQ}B+_Bd`DGD0~H%$VS;fNCbrfp2d
z|E6uif1$DPn@iXyG#d3~ACnS;E26|;wijYCXv~*(Q3SXN3*!yrM+DGlelFCsw}3K-
zBtT_Slqn1fi^`;{I)0a&-YEtn{dI6O7YZALfl%yxUQ7%Ijk+q)xm~1Rahu};(fC|{
z-X5u<r+uP@Tt|lY>BMx%jLdO1%CeZrhw(W>>?hw=bk@WBK{Cp&Bd))`#W#GcYO<>^
zq<;`(MZI|2`SAJ8J=bxCg`?LWn$$9mc5+D@wA=H%$EqDbU!P5&EiE;+R8SK3x$+=Q
zrf9Wkr-w*n|0#81Qt&cvzu`)$*qd__<BLVc0<L$oynU&=r_*9{o!SBWJrB#BhBNAq
zDboWI5;N1cCmh2UG1d;%A009sTk%LX;i!2@YEOrYhT8(S^@fUkn)Y)X%@2Fm9yx#O
z{em(p4Rq}(%clYUWBo+2p%->Fvj%yb<xXBcX!_AlT{)*@-$>TLLc2EY-MWJ*f)zV!
zXNROHY$~zXqVVKsju?5!@A!f`Vp*%Q?d3|<OA7OL7HtjLw~x<m+||Q3?OgE+ks0S}
zoo2lZVlCcpr#i=|GWoDmyVPBmFsYc*>R1iKPuUmB=~Qaj#=WswLBDEcH||x6UGF>G
zH2nODnw?+r;x073)1Xn~YLs4FR6a4XRdPwDz~W|OO9L6V4HH#fsO1b#r5f8l(dOoN
z{+de<wjJ3j(r*$dDO|aKop@G#W|=V6;6SgE?kcVX&x(lqk(<K=)~IUAr-y{y)bDB=
z6zJt2rF+Pk<S<FP9-n5s;~u=W@M8VyLxr({8?9OlQm!>OmcG@yctRC}MWfK)bw4cJ
zG0qa+D`2fi{sQu13%fBd6Xw<$C<*D+47Ycfe`tGz&o2K3yT#~5UqqGjli}Rnnk`rE
zq{k_<G!%%2N7R;>j(9Up^Qh%FJU>y3fAG-86mpXfOwbH4;yINS)}a+qT#HTK7`OEP
zU}al@_1pIFlLb-2^(HH8I^u<|843B%d#zn<ed5W3XO6fC`}A7IlA|X`gYy@@J1%|c
zxcbDBiPCl6GQ3#T4Yc1PhKc>WLo!{NpKfL(kW6gG7B=2k>saxyp?79oG}Y@&pW80p
zo#cYtg{Z7YcjLD__|!Kmb!cdFS!Hz3j!!HGre^ya%M;z_{H|^&^-;P!meF(aU85?q
zS`6P1STyhA-tp?jd~fG)`U|sz&mzLyd+wiaCnY`*+iZUElTcn_!nt#i`I!QGTl0m2
zSMf>N)-}~gHm<*&R&AH>r%|joP-V8MLsM)_DdY3nH~U+!C(Joh-EErdB)IjXV5qdf
zgEWiMjPQ#M#Xhp>Zhb0>C23vGI&l-_kywMJC$vNKk~YUNt83+4S{DnSCVLLxNl$hK
zsos)_Y&$wUkVD)`xtb9wZ&G$^VSWX!ac<(QA`xc#fhEdEa+eE6wY>QtMkriicbd;~
z`}~!|ntYc|9E$EHSel8RHGeT7)JOYFCe&?pm+nc6%8y~i7~gv|yL6Fd(I>aw0<RRE
z=n-SvtH>La|7a+l);8TE9Q>Kh7CQ`Qa$)>;Cl~mQQJl$Tx_>W)8)Vu2`?*D5lDh=$
zbFNBo-NjX(okq$|%{$|_JX8(OBCsyjeyF8yZlXpfg`ttTMI4o}93}cq(-{Bpxdna)
z7V4|Hg*~<W#va)dIa7;e_xDrFG&kVenT1Ms{4P1I&!0^!N0OBm9}!b|y>{;EuBOM1
zpBMHW!h0V(;&^s;*L>R@-rTRfnSCA`Fw0I4Txk`&Sl1L3XR>1T$$*c`C`C@4On1FX
z|FS&42mYV8NFKA0V=Xv5*E0Stf2QO_ZoRt7F&jgz?V_ja(l2loKC^|IY@}Ir8mB6D
zjjM>vkPx$wSRsuIx;Io=>usdi``BmCLtFj`jlJ4w%j4oQCV1_}wX=eQ%4o8q16{2O
z9xsAvJ^Z&_-iznHdG{*#wHijaKg(>v%1>7v>`P*+T-8mM`*z#EPGc4|3kuI3zZMp(
zbt~sU`mrjTefCXw0iLrVE_<r$=OhNSsc2e@V4hZ)h(K}=LrgR)j!-iqL`%#Rt8@pA
zizOZ$=C^6hZ<q)Q;<*x;@k#0q{hgY4pn}Ifn@`8X58N%;t@2s(z#RQ>Yt>^(50kDe
zYWE88UDT>MSXWthzkBxHOyA{6L9L7?-l5>~9jVn)&ClMqv~_K8s0vpN)w1%+*mE+f
z-ZXx934uWE3RHE{eH!g-8MQuoXF+XxXwIJ81rEB60s}4CQNvvYv7syLOj$nRP++;S
zRm24kX|v$sjq^%#nt2R(UrxOAdt*yXl6b-OY(~HdYXxqJ%igc&k@Xxt78(rnt`Uw|
zVskd<S>!SoxnrkVjzgK<GY{|ak$ytwJ#uXKBbm+5eB~=d4sK{#l%4g%iAC6il$_D=
zbk~ScTv|q<X83NeSmnp|xIyQg-FYLMZ<0K##+bU}JlV`m!98AlPb~M&mpc1a$Lz2|
zyk%zf^J<x`$Feqb2yJhux$<(U4GXPTdeAlEG9hzT;{DTmUGn&bE=$Z>BZSgy+(+L<
zYb`03bu6<S^VH7sfN*Jq^5=oC@}BdFuPQiPZa`uPtsGYk9nBMCV&~mEu0JQX<*p>^
z__>1C*p_Xcx$$QWFHGFgFD|>a@_dHwvAif&swY>!bI?4o66ZsOPC~IM73Y4{klwz2
zpk=iX*4)BUWw}_fL#khM*v;Oy@k-^z<H^?vc2}+?NyQR{pBT;E@OHkoLTuJZ*@eRw
zpNk*8DQ_Nqr;@AxA$OOBxzXl`;GBi-r>YtLDRP-hX`Y4>S^XQXw6*BGx-e&!<=|t?
zQtgi-+f2^iI>3)1pjY;qL^yWnyz5itJNc@YoaPhRhH1S#(BGY(vW&l=s_ga6%(Uk`
zn?_dUbZIRPTl#2KCI6CBh72M$+z&OZu6QG^MJ6a&=(okv%kpckb9q{J<C|5F822v?
zaT+&Fd~-W>-MV9g4hFJI4&PUmOx{`69F?DMxlzlrw$$aM;Vs{L`v<)`bFEqNy42kt
z;-WndW@c-MAH7ZY;=X>N^PtY9^y{;;)sqzXwrm}rlg0n!$?UaF8H;w^+5c|Nqbfp?
z8$59R!7x0XX}YyPJgva%e=c-5iZ_x_#Qg$CXRCn!4qKH8VN)~u*N6%;h(u&!BeJc+
z+xWkm$=EjH-<;Ba2mB66_6dVb>2L=7G~M13duBu<W!OKZQaK)#J{^YE;(a1JUha9`
zttS%Qbbo{IpveQhGm+YY%cvq2Seu>@s*ls?Om)qZ0;7?~vp)2tPNb!zsAxMy>tZXe
zb=rSG75hDYq0@H5OFT7pcI7M`XtlJWJ=g15tM#mZ+Y)l8zu&i8xQ(clduQ>Oz)l$k
zm)A8*e}3+v_?{LSS+3`<%=ts1EADAud`mMSrfnqn9gbVkaA~=T;HyLf|B?$Q63w^O
zmS%Em#p>Q1mufX}d*zMqO3t~|tG7caxSV`xIi0bSd;@#@Y-EPVZ+R!erR^)nH@$q`
zts~TZKcMo!sI%2-0oL2bv7+(|HcXB9M3PXDkmu^n1FCNLXxtK`ikZ5K8f(gSlbiLc
zR(_DVq6_KfN^0ZZDaz3f<?9$q7zd9=ZL-g~rPjCi{%MajHL^3Vsu~hIbXN(sT9fxy
zr>rC1m=P%yy8c$->^?V}q#5BW*6w!Ltv+VzC&9a7=N_f~l38N~&-j}p(wskT>|CkU
zAKHE@h)&jxFy6`Ivx7(D(<Z#g>B4f$1<#DF`SZ$ydA#Qb)!3y!dG(8e0C|@*=}q*V
zU+a^!-<6PZ53JaF&w0^_Q}p<Q1B*h`hFqF6dp_D%SYuy!n_6g@eeNcm#)z&>-qqgw
zcB!>~sg{_~>h>gwSe@J0=i>oK?^qK=>tcnpRf~6~pz<eVhw$-6X!tP+h2E;n^Yi*G
z{L0hs`|WgN+t>XTJV*VrpQEPwE&eBtx5ewSzwfuxE%m<cw_s!GpS`j4rQdF`=l*Hi
z%Cdj9txTWX%h3P*(mzw|m(H>ZEf=c}-=XWL5@%sz)dv*0gln&qP_*5z?{{$cv{@=C
zitFcXE31FEtxTV0TUq}vY%9~hS^TR|sE*$yr+50Z)jxRJ`e#3F{c!a!6@baliuYFR
zzBGQv&GKGyeMuR$V%IM|yjE6ml@kNh<29lVmLr~uSDIWr{rgar>%!jn7w8<y_adsl
za*)eAoqp?9q{&ReXy9$1H>0BgeA_JRR}ZS=6C;g_xdfWGmn59+jT25JC?|NVH$P<O
zJM!S_v-XF4N>b?ZhTs)f*LM!M%eL588Qjn}XdEWa#wUk$ZKzcv6P+$SU3$nbpf|ah
zf2G`P%_HY|uV%}Qh3Z*bXr8u1xn^e=SFG|$kZJcMamhLGUkt(ZcogM1$T}^5)29-+
zb3s9WAbKrz?V0Rr?$%B*Cm-3UamCgup5MMIR(luE%^j+8OQ?5qrDM%puEp(Be2}^@
zK+<pwRZ&nUJ3whOzBm7K<!Pn8fdW;J-0HE-qH6~BDlF!1x)^;Y1{&Db<7XtjtNoo4
z<#pE4+@`*5%#em*M&Ze2=hfZCi?&EV4k*rjZ<G`i$hdn|7P^Dy64ftN5?DSsEBeyD
zsG5;-O3%HI8JE*B^4jDRF{u&FEiN`UQj%xQU}c|5n?cHUKYeCVSz@So`NIyD80NEp
zsq08-$V^9ENb!52w8sKG?INDy{mo*#8HwS8+9he%sw~IUZ~1IZ^)Vw~QVJYh(sobs
zs=x=abvuaGZg~eE3H;i!uu>wR@@3`cRtauOc|}C{&EZBrR@F@VF*N-{O^6*lcKy*%
NJgsfIwH>_v{}(t#9A^Lk
deleted file mode 100644
index baa9fe40c16006df7d0aaf0452a876751124c5ff..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..85c9c5a21533842e2a37885ee2f64b30998ef8a8
GIT binary patch
literal 61440
zc%1E>1z1#VxAzBz7`i*8M7kNeTe?9chVE`f7(g09x<yJs0YSh*T0to(C6$trkS>8w
z(C6iSJnsX3=X~dS&i9`E8}{03_PX!If7Xt<?>*Nwqphi8=V?V_?c(kP^Q7Sg;erql
zK$0{xAP@-c`-1axLHNF)d|!}2ryzjN2Mxr*5QK%Z1A?H7f-shGnlXwoU>FzBN6<yl
zOMat20000000000!2ci|QBg^#s1V?+o-lJqD<>;Ym@Lc__Qx6`qa`P$BS)hnC9NVy
z^T$>iCOb<S4J{>ADJ?@9WjR9{T{R_5T{#+cH5wUpHF*^!866reISmyl896qZ?;}$u
z?jI{2W=;qSi3}A2$j;f)%Gblq@%vU&n3t!^$#c^`@|$x1;h{;RppcNzA{d=CuyBCc
zSvq@oXt>*X!#u4}e~MF5la(`|ISC$1IBh_~1mou7VU|Qb$)SIe!x3g~<#^fz<xe?I
zg8v~0FS9%n3JC=*g6R+0Ugq{z7M`a~kpGn9XZT+z;bxWrqmYpO@oMZmJiM&jPun2<
zDb0`Qf5;-p%^a?UfJ#D3i*U>3WS5<WPd&sx?Y4hTaQ=>yl2+H!VWWX@eP6!sHyF?N
zh4<J$*>Jpt`*@S!@l(O$r-CO>kDCbc9UJ~*13fkZ$42nj2pt>Pu`&N{gica%{jet)
zxp+?OkN?AWV);)j^u!9BSiuu3bYfvA*8Id;oCy0N?}xq<pXY~vl9}fuGtWt8o|DWx
zCz*LpGV`2d<~`}fd(w;dq!;f=FW!@0(32?iBnmx=LQkU5AJLPX(36}3CoKhk*pmvL
zyiy*nAO3M)o)fivT;Jh2k^Iv=sr5-~-jmk6C$0IoezgA4@W&S36U%pE`A_We|K>aS
zuY4!}mG5M~@SpVMKk3WQ^<&F%UkfXKUOrxa?o*fN)cvOhe5Wq|sS7=I1x{VTf4I=o
zZqU<i(9>?v({9i|x<OCnKu_gBPvt;Q<v>s6Ku_gBPvt;Q<$QOAPF>ikYkulloVu2$
zuGOh){SWu#K=|RBpUN>mmSf2e<FYhAskk8538(dio*cJ4LjTwxa9U*nK4xA-6cPp6
zzq&A<p24Qvr#|@m<r{K*4M+aIAmVHtyVyAUKO6u6000000000000000fPWLP5WgEt
z1oZC~j57nm*}<8?S^2v~0RR9100000000000002|=YfEc5FjJ^<ltimElA=9A}SaO
z4N_o}@?-wL2EzG<v;BPq000000000000000008iB0TLL506sQ|U@!>n$NYaDgtLpY
z`h5ie0000000000000000Pz1as9=1ALeLfP&ov?n7$5EX8kqkB000000000000000
z0Q?(q=KQ|~gfoZJ{e1-h0000000000000000PsHsQZOIFD`P&NYeMeQZ0cO;%Ai}D
zBoPlR!N-BeMM1pANU1QSI>^wbh;b9?ysi`?378KJmtw<DxTDmN+f$4A8bqKbQC~{r
z`1}76aQ2UrVgTR&4*&oF0000000000008iB#__}-gwBPIQvjmF7zJVMW9efFVvb<e
zVv%9)VRK>QVXa~HVO3!zV|nACVJ~2}V?V@>#dgM4#~8(#z-hv{iDQkUfWw5DgBgU$
zhzY?o$CUlMUlITS000000002M|7NJcQV1S)Hl`L<?w+PRP;)4^0MyF#kDoYa#RO9!
zxWYU<d|ccuWvRdtCv6?9{7kt7EzS7_xM8M0eutcghw-c^*Tp|Yg#@{Htp%+9(U<A0
zDA%PwXNK`X1%#mg=*w_cl#BjPuaBGS7tu0jhPkBw9OnK-w$zznF3De#{~}!C%rKYu
zpZ5%(xzP7LV`=)w&%q0x8Rio>D-7ilJ1fj@E^=lVCVFOANchaKpwOSg{J*>~?lZ%D
zTxW%$T+p+^{N{XThGG0?hJ|>~3=8s{buO9nvz!^`V?HYk<>EZ^L^WqWK9&EIXE}`H
z%&-s}7WN(p8~OX9hgFG%jcJeZ8iNi!0BsPB7jg@A9#t0Q4)WfQ2PooCkN?Mj8xeqC
zAN=10IOOkE008j67&sjlvQ#iW=#2Mcco5fB6f~AF#jtHG1Y~S3buOvXr<h!PNHlmj
znKK%bq@s?@uW!?jp!lWM85;E|i(U{8y(<qN!Kgt*KtM#G;X+4&{OE>=_Rl^N&4n2%
z$<AWNkr=aO$8Q}~D>MS6Inv50_WAyT@=o_HIN@}hzli+x&GR=z4#t}WZ8&9>_2;bd
zby7k0Ta$Vg%NAayM~Q65TC}@+oF|gRK)OIuC6|iDFYXJE<UQ|#kgF_U#{KyAqY(1x
zM1)#69mkm>`C-2yvM{T5E{<F(I<AOM3oj-)($hW>t=GC}hLGTLP*&SQ!g(UAZn`kU
zAW96{KY%^@+!LMHrnt1e_c6CrGcUg<KRIU$PRD+>Nb}zincPG3?QS!fu5N8>4liGp
zyeeMzr8S8nFinM1R~JHa*Lfn}3BmUlHZ@X+G`cv%aTa&0y1JW{g_L7a^-Qe~c$3oM
zbZlpf6#5O3!?)0PLaQ7o-}m@#El8>+1y9>&*&Dp}l*0S`z*KYJ{XCJEAKI_wn49He
z60}Za*woub>Saz&?FK+s-Bj!fl7!IUbgXBK6#Na5+<V_@hAf1`Sf(J<dl`W#;*h-5
zu}Q<+PubK8A_e9q=ZSQQ3i!N{T|!W?!dBhO@}ARc(g4lzi~A0{tnw5oJ1Qoej^#{|
z=KQ}QGGL4{ni)RcgJl->)~0LT*1<X~>rSSj1((ajV<EQ+((^>}vRJQeA#SEc-kSwy
zF!;YyeINy|%T6Lzth-MV;V`oUr(-@_<nLU9I)nEJ_1G6#3DFqEDZ11$94<<_b*4I2
z@O%OJ>B&E0IZq_j9ZE0F^jC8AW;zX4;U-TaQIb5h2Jg%kC{n4A&-H7=X_=5Eev15;
zGu+?Ms6Di2+p<!e-(2fc$A(pE#dqT-af`LF2UisJ0D7ln_<0(?-q>jy<wzuRi5_kz
z9yt&g+KaE1;HLL@*fr_B@gk}kPJ8K0jlXl19J8kgBKnM?ZYjm&QHS<&yZ&X&*ODgx
z-1~<N5WL9i>*r~F>-eC;l|Bi!Bq<rXU7BJ%7<KO}-}F4u<p_l<XhEW)a9YMcYy9;t
z!*6KhrHPDtX7(iROXGHMZCFwHE}I+Gi&$T}g#PpcfxUX#^E5uhSbNd-jNp}Fz_yrj
zs?JtR@3;rYo?J#+f#%)b<ice*?Zq=S{!SgqWVbFFTEBh*d4tP$P)8J_+9Wc0IZ&fL
z=FY+B#hJrT=V|nyg>k5pM$y+oUq0Q;=P|y2%@lgLet;B$_w?F`wn7n{mf;tTzubKI
z4UGc~K51%>iVydjIw}iBJ}We`YogZGCGjLYTEARP&!2IgMs3G9SfGg+0(yatcH+%+
ztoOH?7|9>!4(VhwyrdYqr3I&@KU3rH)X~STX-yM`<R=UpvSuYKjKDc0w)~878`67^
zIgi#aNclXCa`y)_hA})kKHI0?axUgHiBmty^(k#Gy;BxLua-MY2?8OY{M}=)zaK2*
z3J@VE5`>J2WCLyjQz7~y^kLjUAHp%huEEB`a>Q&!-~dIU^P$B-79et{)BkNk;B*py
zelPeBH`RXQm;t++4^v$g4t-al5&}`nP+(Giob5zlSL(G&5sQr)$aUT^6EU8;WU{d`
zLLS*#vG=rHBp-8|?kb&AdQSi6wA!tsS8zJ<vqk>SfnCZRKpX6IBr@Be+wj74moewy
zYXxY&T285-Cm!9A_vv{eHH`;Eo)2D{7MXJF3_>H1#hBihlH6|6Z|YeD`yjG%!|9-B
z4(xwx%v|fhEd;a2iwt?>;C371N`C5tvThNSvG$UQAR{%tF@^I)Mm-`ypC$5&eWuz#
zX#~EmkP#ODprjTG_IdJ9GtH;Y0#3(&rpVtKGe@P0JNY|c8ihOWsq5tU@yjL`IqD|%
zvt@hVG<3~-BYU36Ry6KMqo0BoTUAPE3*#N@D9Glr7ueNNdo>Bzu5u>}!Rh$U7Wq44
z=56_;xOj^yTB9$y^=e>L{(;_9)JL;2viyTb_&lE#u+9?+#aqxNk4&xKWNIt43f~rz
zGpfJDrN7GUrh)YoQb;Kar{g_a<nN4`yPvF=EW2WD4`3n_b$u{|<vgBcx1|>fi{9oP
zqE_IQKTo7!;{a51bZ`OzosOS%6Y-8Rd<=@6Zs|K)aC6XuAiWGu$8)yG-x)JoDbIR(
z`U$p%l*dy@5U^e+=Cmyf-=ci2<Wt0@Jlq&^o=9QJN8A2U_sj^(UbSY&d(jW>1m|2_
zG3pwH3rs{XNzTLRxX+#u|IU~>h3Sg6A71(4kjQflH>EHm!GxGN2mU+AOC8rslLE7>
z&J#&|xz2i#6BYBTYO!iuG_r8;r@~yc?srW*t{Eb7CVlTQ=@EJV+b+TY|Bjf-B2)3f
zA%A?<haRq{WK|sEpQP9S3`da8RKOVejZ2h^2?gWlfsBca0Ole?BHU+i6yP9P4sFAd
zwk(weA$&<AQ2T!PBH@~Ij#l5DujvhT4J9RC&!>gc$^81Z_<ujPr>C^~Kqb4yRZPxN
zI_FG0j9Tw!Ji`0nFj`2*?($aw{_{?pyG5k1cY0G#c5~;hl1B`9sVio$@)XryjR`X@
zaJPCW0;iKcTjcM&Ez&=a-n>`1evq#Z8@GNIQ(_bKRNh~N>H-DU+nC8|k+0{8<Yc0E
zi!hlSQi9`KrUj+n-OogOTSvfRXK$LZOyVH#3#XI%MdYs^O#X&Qzs$H9B+~$|fLV#;
zd`mO&5g~N?tB*DpEFGns#C6Bdy_IC7`?22{$3pfw2P<+Go{EG%f`9U+DxcaN%}@5b
zQYFc7I?1y|{!S$WU*##IgPdi&b}@6kZw&{;U>xkd976yPy)(Qj(9?PDy@mA#_Cq_8
zr}fWp5j!RaYcf@zu5#}yBTZix4*6(N&zS_L6a3|3{_DrAzadfy5m_wA1%JHcp{zyY
zE<xCrF(PCsj0Uj}Zzw*tx~!(2Cz2`Dm(QgSv@j81AMydSBL2l^U!=pKiABep8(zb~
zCf`L0oGtQqZh$0Od?dKu;5O4J-2J|Hh}G4F(l(*zP!_T^uP0rf`hns+k(3a}rj0G9
zm(M>D!Bi9aWM8vQMbWJ)ZzawcX^+RxXnend6#U(nu=9Y^iJe)<-x~7@L!6_d>6@9*
z8ScT$J9*aKuGDbrQ&CHlyq0@W!7n*;ULpC%ORj|(B%()C^`qa$7gEIXK=dQMa4iPo
z#X}|=#T`{Ro#>e&e{0M;P-P<cVszJg*TqbC`F%I2L0dy*Uw*TzREi_yE7Jzmc_QZ(
z7C1a<z2p!`)F(-|KIM4nCz@+ndm0P19j4aXzBh!^iJUF+cgDO~R%_<;uS8-JDT%F2
znLgynfvcIPDTIaUQ$U^B8P_n*6FCW+eXne%Qt;|)#|Ak5p*pA1-A7NJW^pt4LAT_G
zlj-4f!e@*8oiT5SFTEpTjpfuT*?u%_`9j%&47-!TrGq=HWA?H2?dinliR`z@v6mZ6
zQyV4PSV&v99sD#%oO(5WJb!~jDx4&{G7(NEbhgOf8S_&3U?jX<1eNu%Ik&#3icFRr
zzEGp(kkqA{^Hxsa`P#W}I9nPl3xSwNe5oTNZ5LQ;kaz?=rG^T%FGg0q%CmUW_zCO#
z$%BA24MO_wo7n>Z008`Lq>v%N5s(P6vGIS65aRP;gT6nou|XhgeEbMZ5Pl@+=06@k
z!9I>-|JO7?3T#roufPb$U%q<0;rr@eeIE<LF~`C0f1TtL(F6+|5m%T9!!q2^XKC{%
z=LvI>%Qo*x2Y;g9rZ!PZ)*!<`bb5ikKr_H$B8%#ZL(gx%ZJxc3`f9(XO}|Q!cNbSM
z@XPwd=;ywicSyOpJMTu78~7egAk!%f8$h<eBE<;rsL*)ii!N)ja^gF^9f_mQH&dCg
zCAhKhR1`bPTNTB1vzj)fk2*4}fMC!4-KUQAWtp4_jetgxVuPH~a^uZ}mI{7e_wdNX
z_~`Ho)O<ecm6k^<Dtks_4B?N|3vbPSf{9r$SvV+iV2B$~Ur~SP*icsAzr|FlC5F)O
zRCChZZEpdac;$<JE#(r#gz?Fn5|w>dQU0{Td)vv2Ec(4t=`u^PxK&9FRKBsSK7|@^
z*6~Ma#560el}wG;rCt2GZ>oh}vtCTfzv+AL9)|v*xvg_tU4an+QGJ6k<+7I``+a>O
zYNhI!hsMLSA7K8p!9~wP#1y}!G?nvmbC-JLg(Q1rOQy8uafUcJZ?<iI9v9JfjbWcg
z;GIxt73&O?4Gqk~zR^V?oQTEVepyq2-ooXm#vY`{XUAEqJ5Si&zTqY=U(#E4lVCyF
zlLEi`z71(|OJXTLw?gq8r;I6bxLwutp&J4ISe8QK%<;bdeR9*iOIUN5JG{1x%4tv%
z8QX6}8z@WNEX^%u4{}31J+wL$V!PX0i`HeE9}6LX5V(R7q5ooLj^&4lQ&Xv3w37YM
z61t#WVEJYD_;XIAU_?mWSQvwlm=R?}HJOWl2FCt$%uWO$$FyIR0AA@4S>43ZCcoW>
zF^N6l7sZTsD(u<<E}^YJEGf#ZX09>6y({lxA7H~B-L7l#ZrBd=$b~@a!7Zk5E3(NI
z_qrz3wCYp1hZ=bn=5IR}n7{LB-6YtKB+2x2DP=U@BHMtDL_e7*?}zdq!gZk}O*}KJ
zHD0%HHdw?X^)a->47*2!rrHUYZm$X0NW}HFcRE6%T{c?ZfLGXM*o|ejb8uCc*`Q3d
z_ug!Me46p~f>4bn9EV)OkocpgY%b4K>P33nggcu;vux3d)<&yyHe!NgMGM~sk6Pli
z@j70vXDaGk3$@^HG}q8VC8hKEGLd9g#=#emrR)Fl(6LwhBDs{Q#r{!Hc!J+>Yu`Yx
zra|MDj9bj$^pXfPN@kUO+H}Bf%#-we))r!RkduIO;7~EF+MBS7Jc>LEkKM3pJbX22
z!h1!-bYR`s^P3{|mlx~NxSrLFn5c4;)vt36W;02a(s(gk8*F%~VgpQFU-)Pv>bcwz
zA~T#WW+>=VL{jVcwnW2`9_njZ?m=8Jsq!^ZoFY(8tJ|(6UAFm%LjWA?CtM_S|HWr{
zG@l~GF*tP_vFSnZWj~uX1*HDMU9|)1()hhvLu(;X!Ao-c*Vh7R13zX)k4WXT6Mv4g
zosPd-V^<D#q|<JlC9`UNttz?36^!t&j+~3!L(J_Qx{t)mCjyhG>BMJ4AWbJn4gw@I
zAS^td)fr<$6`DtXaXX_u7lLgjX}%M^omz4j(l^8TOjq@eou<3ljppbcTJiCjNfPC(
z(IT3e1_yK<i<r#9H(f8KzotIn8VW#|v5sD0&L}#1+XkIYU?!rmd4YZ}veEX^?N!35
zf}#>J^+n&xn;YiJOt?>{Y66C5GO#{h<}<7=^ksXwM3z5Cqz2`xG1Pvrl0f^O;)-F8
z`)d@=&$84U^ofLT6`-#vAET4d+a{MU69-d<Hb>r{Gr6KX7Hu&07^9Sv7-FLJgh7j&
zMoQY)F2p<9Tv3&I81tPZlFTr<KTFgodL2fs^tIV+>!`4yy&N0fo(OzH>%KSrpP5vH
zaLJt-*IxZa<*r2rvN*X=MB=>vP&_!eQ`bB{^XO;g20h-~NFQ(rmc4R=F7vGk9?ND0
zdE3(!P>lUsev*94;m*(sT8Ui0qlP?nBpV4nv~|IeoZhHq(b<$McC_y<3?tYr<xE-;
z>|Lc;83@|A5G~{6b#vHsa(pyg>(v96MurGH*qf1OsVd6RSmL6|S=i1BT7fq~4$rRb
zJDKN@_UI&rY_Ig0t6Wv~N-e<|fJf*<uD=)2${4}K7|O(woK3(lLq`?M-9Z<T@aT$W
z9*s-I&)s(Z%xC4aIiBC;)?6HD;vq_n<?>-&L!*cRS6Nn6id7+YHo=cB6=Wv1UwS9Z
ze|-vZ%G`o+PWzKQq}2m|vjjE9eS5ZeuW!9iTFyN2;1h+mH)G6SRL&68K|;s=1p`-P
zj!LyzJ%G1VOz&sqd<(A1?)uz#;%yLzJf<ab)gXV^l6d^<bf-t`&JwaRQ{Z*yEopd>
zDt@#IsCO9kP1v_l#s%o}crNk9*i}PyUN7@OV!j|s7>REByZgaqp{Di%8ae2u%A`lv
zoYW9?ANm9Y5MIDcGJWqk(%t@1vi0S<giTT>vxsSgI;Lfq^R_{kWc#d!iTtiKYAtHQ
zm8dy<oanggZU_%o=24an{KB*|^Hgjovu_I(xUpfGc(3|9w<+j-&7sW-h+Y8aE-uC7
z99+qJO+Hd^T~M@%^E3WOE#c=Qy_~3Z&`LSk&F43!5$Ygl?FG=Rp2$xRUlr+L_@rsy
zVT_JkW`S7*DePSsw+ZUJ;p&I;7nOT`R5(1&B{Qn*AeISXm!I^We2D$Ca{Ri8O<P+}
zTIp|)DIW;mE7i?RY<-kNWl9XUo=<Rxr*R|Sb*YX<)V2Y?Cyj4N>HrswrZ^d;uJJy5
zm&;+S=qNhyC59k4h?scf2zRFa`YjsYk9kDp8J`1qM*O2O4YArTx}etZ&V+BRT;?lh
zh^$*na2222t#an~G3)4o*NsG1Gzpp4U84Xq=$rG3qPs<P<MfL%JC=MBdXFVe<e&V~
zdSe>lKtyW_Eu1EvL}<#EM6O){sjhNC=2eR&7={-^oT9IgT+6C$<W(D6ZStv+?B0YB
z5l6>GlZ3oHvx^%8u8V6ym9}Nqh*jur%MN&7iuDsyl<&U1`XI*OXgXg+;fY^>&dTna
zzo=ZD*!v48ElIBLUECOsM&72tS@>9gR&L+DYlP~0Xta{YOMQsWl5$OSEy=eyt!U@4
z&X$;H?*RmloCoCoSo#dbq~CBk%^kiNeYk)Xs6W`VN2L*FB2C0_rKi?6g|3o+=^!rk
zJ+T_|hkh##myp$0_Dxx|!#Ar@MRFvP+_d>svFLT5vt__5OhoAF8>^f_L)bUULYMG{
zrqv}bqWcXZrC#SGN{X31l<&x@AE@<+u{XIWQ1J3gs>D0+%%!Qcb;{}RyVRACTXuaF
zvs4`=7$()4Wr>#cr0+aYBo7F5-3H7;w1gh*eTj7axVo`IM(7ze<vd0a$)SNa2rIO{
z8T|^a97^gQ`RN(D;Ncd*Ce@~0ZPk61^|ISfNoOl=LB5YO5fFg+KL7y0zcVRhh=2S1
zA1z4Y2I!ah|G)a8)_<P=m&I_hmk|rBT3;}mZu@xUfMxyxs$)gjm6uf0mvnDCqO3YX
z=WSgORi7`u?ZRztZ1W0LHZptSzOTxaZ#)6DlC5?t&2$}cJAhMEXfO&gJ-nb9_5m}I
z;wYm<RG>mfQ8JqFd1HJNa_*EaPMZ#$V58X6s?<XP0wQu^4RRwoB(K4h>IO$8j=7Ic
zIitFm*TwRr;`Bm86OPdJ52cd5y-Il)b{40*SZ%*}^UPunz_v&;);7L+uZkezFC?om
zUH#T+XiykZV=k(!=R9Mu8VAj9$Hk{Q?DqGT>`yC>uc*<vXV8X<1$pTU%X!v99qHaH
zAg)b-I9a1ifWtWIt1Mns#+`7TuuzSoMrP@90r|*7Or5T*S4Uo6kheDyzR|wt-4G%5
zWVOAg^R4n)@rS~6fdlbkYPoCLLKRV?QE%CX?cJT(y2O_ns~d-AsPYn>^`gAG_}b7{
zyvuLjdPdtmwbju(?P6GSO~_AD%RV9JNnndgSb8BE8uzrPkg?2UkcnoXLr~J4hIqfU
zoD3#InO3aDj+DU7={q5QR~uCXovz_{mS5Jo-egOs=3U@%u_&z_qJX}9wCuX3iycM&
z1$m0d{joMH3i%ty)r&N;hWoh+i*uIv!NNK()242y!Wb)_c2wdd&X7IKaiSaNMK7yJ
zAEOVLa%Qd~C~;|HOG*Cg`Tui22J2a-{%Pm@(EMEfuSYY9JBvT(|L>sg-Gz@k@ck&%
z1s$?2**?hXxNX#kdtY$0qT^G5-Zi7Wa@zpbKvv|HscW%^bs!40dLVw|_S{i_x!NR`
z?M6L~=*LWJA7TN8gP?bnyM9?@8!Oo07~^KCOJM|GofUnCh98>0==*fXqu?8-J)0;L
zJLck&2ve1BOd($8c1+!>woRe!aPz3-i^JD4Py`jqq(+p>R6>^>jWVtYJBF`@Yplge
z1QZe)f)nx|V>S%e3WeUvo}XQMcaV<gTq8^m`l7GQZQ6*3!quc9Zu@ayyrCz1@jjlG
zU|@m61{+V}ie*i-l@`a%YCBaouebP44EUuB%tvnrTHCAD)DzboReHi>AexKR+zf6A
z%I&Xw!armoR>GffKX;4cp|$h~AX20oja6o~!FruAzD!^`yVb0Y*KkV^&wgaz1d?j~
zMWEYMWk3_H@(vwQ_;7OQoes|$)S+hsk{4dz-Ob5UF<xs(T();+U+=Mg6gC&)CX!bk
zX_Y<`@$qsk^&YD()~4lVB;Tes@)cWEj6Ngd)eDJ80TiWrM+`09glH?WT{$-s2{|g?
zWNu+0X>#A*?(s6a{0Oc;o1h&_cYsQk=jl#L38@m~yN%JK&bU)PYrv3C*l7{a&5t#l
z6ktsC<Pz`xThN3nL|Y;eE4->$I)dkL{>h;`B<$T2vEmvGQ>4i^D(H@qHT*CCVq9#0
zOARX`Z&EI0aXF8x9+?Dw6^H2OxVX7m+_S>wE@^i&ioTH{RT^fk1U?0(LUglYgnXd<
zv-$K{%mf|EiYgVu#jQ1&4z2qY?=WcDHS}I`l;6uE?B%>&Sl4Q_{XrrX6)(kSl{}n?
z`H44LT237HVz6jUPg+6&a)=I3uZ~eLnXCccc8=*(Q5MOoMCGZaeA5Iu<H97oU~ZM}
zu!gODl=zHf89uUPGn$>|Ue%T?e!48$FBXXp9>ATUTp`Ub9=yp^I1+JgRmO#6={1k9
z3<j;NIaPwG9unpI%vm>Zcon>SRO`VJ-{qexh^}wphnqwJeylT8ySynwTl#VMMIbWj
z>m;OHLq7}OqYk`BF<qMoGMfAB3Nd#DmDXR5|3&5QP>Mfcza8S2KJAVf=^GI@XH38Q
zvvTjr$E9BpV)O}%O}!bzW7gVl-sde<A)3?Uit^T4@rjb@`Fb&&dq!>osl-bt%fN6d
z$yOM@Ft9*0Y%%{^;gt>blAW@$fb{(b1MWxVAFwVt;PZkrQJ&{%s4ZBxu^1BvtGcpb
z(7@SmvUV27*(H-jrt;5w(?=Rfrx4D+eDahF%Ux$o>Yb<Jl>rqwf_wUD)5Vo=l(Kgq
zrAsnLWqW}~(!%@kA@^j{`KjLt<`l4$-bQl%5D;UN%JGdCjkG5dzQf}(X@Tw)*V!o%
z(dr={C`?D+enjNUd_8oo@9=Fkdmm1gf$CfLi(Pt(8{9O5ELCO-#p}6huQTi;jZ6J`
zT5jOsv8@Q~Mg2wP0vZQmQ>nsm!I3y4K6s(hl8UrLKPz{8Ny6&!<DrG5q$EK%4zzN!
z=`w=A9mLc-PfhyzbnEf^1H%0&(ZvQH3*pBVHySP7%<j3kOc1Ttb5P&^Ryu0#4Ml!&
zw|k#CyFR`=iWx7ce2S}Rd?cY>Yk1HtxX<AtYnMu_QHS1!$B=dp`Ztvoy@;?jPpVrD
z_7<Jj2n}`Q^xf4OU<ODZS5p?P(?|USCBgRCP030%In)={+{hGl(d$%fW$Wj9T742R
z^RRnqi64xW(u+kq81uin%8RI$+(Qz9_JO<Km=QXsWDV=S8X5j@x+h8`#}j40kUJ&q
zZV9D4mgYFl3O^#e`EugN8;V#$GIz4yuC;sFecC!QpMJ>FgdzTTH})?ow>xE?SHJfB
zHA&n?b2M42vwH7#+8<}@)X@Bu6c%wun?}h<ND$04D5ldsszpwP=ZV@ob7B6<Z*W9p
zrjpmT#bgpmWtf~d?kn&<E7d1tM82s(C=z~iu^%Gv)lX*{8jxE3aYq~y?Xck}PtG&#
zn%gRx5Xok-zdmWEO&CVWW3#K|R{W|7t93_8sl7MfJd|zn(Ysq3cNOl@G%orhRW9Hk
z=4>CCxxQnzb{6E&F?^J@h=#f~E{w{5%aQ9-7V*JKxLJ@;wV$d>Rkul^3Xc2RWF=FI
zBSRY<C1N8Hi}k_is>SLFOSI0gk2lMLW0}pV`Q3*5kd=CPg5rq_qPGNdqk}yen#pfI
zZ&0$Yj4_gy8kiveRN4CFRV=3?{p?><t|-Q&&m+Aya2cv-YP13>@=wn2{8>4Y3+o)2
z6N$v7t9FPl1-Zyb+kKGR<KG133D9;(JojVjCws$2z=hLCAE-5hDTajGsoYZl6=8WL
zij$V1;27c1i(Jen>z3-X@`cn@u()~5ZKEZ~Kuow-r{Cy_=wTZMj0cK6`>hT|DX|aC
zdV$xiH&FR8qw|x%K3{|WTc$MLk$4}BYX|Rmp@)79C?WCZd}tef2`A1k6eZ8L#Oci^
z!b6Wi?RmDZO3H{n>+NVSislVp7<zqL8*D6rKVFhE6WD9CKzSw3xfM_RKKpAD(M$Qn
zfuQAUn~5V`a_U@6K7NFG#8K6-1sw5;A&ej&2Q{8N80+npK72xu>&-XAG^7O;%-)mn
zxembm9{>R0-<}jQ@ZUcFhm7cxgMOL+|Ephc`RDn65p9}nwbLg>ZPIyy+siqhXJiS2
z+J;=5my}0jU)+$wRplno0PD>9ayuFCkco;v!P>b|nY=rH>nJWZRzS))NCsThJz=m5
zDscVyMY^}gp7d4-RW+qFju{<?0rD!PnXL9*xbORg1?L(3UTn#X_w0LEN%VZk_T8Fp
zm?$e@vmNvd$e+!jmsb3Y2Bn(Ud6co^JkVSph8n$kt*4CpHB!N?u<3E6dPGA}B8p^)
zOy41Gm$JoIN7U(<wAXX8xADBoX<qB`@+HyqfGc0#NU*(|`S=>0LG_`}^5+?8yqO{Q
z>f#*}Ei){^_13-o@+KXqSXd+po)?~-S-_%@1!@qIuu>J742PIyX*x~2T+P*8`nNJT
zG8q(7s2d!NJP)#@70EAq?*#f7r1gu;=M6o#wX9_z>J(DM{v>0H+oesD_bk>1yNBoo
zo}WX1F4eq+P888KBkOd-bkRK(S8{Ztq#Vxs6v=ycrZC&c<4pEFCay{@_zgex;-!(f
zemM!^bQ>b}%?Fj>d2YET)6`{c%*=9ch~p)%TK)L(uM(_SG^unXYeDa`TcV^k3Q01G
zjcyK_uswdt8&<N&<}0!SYfqfrH>lDEe{odNkW@REA$g8SXdRO}Jhv{dEmtH-jAu3+
zMIItO0RDXF{^-3n8ewAyo|I5QQY<Lzh+zdaOzE%Z|BGqa-BAmpxZ7z5xX=s3>3Q=$
z-9P95%QaKM5#b3JUv%pyI<Hqc8B&<r8ExKSNayT)uqc<1^n~B=^{f_b4U4w^NI-H?
zmdGh_RuvR6IQ~c(=1Y}ZWjHwKURS}vqJt!dI;&#yo+K^z-a%2!tPpQYJJQ2uGJhYD
zi;NHUV=!0EuOT#Xrrakfp2qrUGOLB*VD%t7o7qUN=+)zDW$D(KN<*eO%SI9n3qG&7
z(G9X_fljAr2g4oXZae6>&WDYMpk6oIVu)C(eNCC^t(gP^kh{MDHpK-Tf(VlLLq$W;
zmxHNdVlKk6H_VKqlj<MD-xo9$o^y#n{eV8Jwz-%~s(Q)YrHJV5)eixA;5^FbuUekE
zAdvPsUcArG$nRK{ol0Pgg6w-MEPR<~C^a(OO+$!Hy!kpu>SoQ2w93T3RHL^fGbFsi
zj9-@@>N(D#2KZg|H54uw^#vDwz0cF%8N4UCK_RKWfNgvIiWQ?_?HfnB@zofVFagg<
zzI9I)jLC}(po3!kkgvQ%%b@|;*L<8FfK_7?7vvkq{PN38I()8OZuj6{dfO7#!xu^A
zn?+Lxk=ni8GkZAr05nBRk^>98kQ309BQTc9x>0*)0DW|_MFwpY)ci1%$%QK229>rc
z@96cUEDMGrQ-HzxrWuWv`t3&lc83;`P7krkYaa-Y&~JH;WPJ-?+}wmzQ?HEcBw4RH
zX-4`;P<>w4cDwo)<Kp<Xdi6k8MH`x<9b7{ZJHB4*wP!!a#Wc7>p%_)JjaQY0`VuA9
z4h$OAsVP!!6Jf^^UDDg99cVm)`pvFRUs#olnouak_cFAVDScg^6M98S8gFI2O5R+#
z8p^oSTcBB%Hd?#UaqCO$y=HV|X}sc{luhAE1+wJsnD+X8!hI<>^riN%a!U|p@3n}z
zGIu>9SVWoM9?x6K&N4@n4i0oC3dw8*{HB2H2~&k@t*C*brKw-8^n163Y~zpDT7QP6
zz~L-Qj9%5RjCc3q_Vv^a_B^AT?|OYx;*^tih{$Vyx&&RtrJB}vAM1`!r7NmSVXt90
zlwxE3f^$U{0fYW-)xEc6Ce-t5RW2m(;^z|e35mB^H5av#hYn_vUJjA`)n~EP`b(JA
zyfA1HV?g!&@&k4PS%;sMW2!F+T=kq#86$Vzr8HVd>gVIKERpkMP-AL|c%{430-=8$
zqTn79YhPbX>b7kI#u3l@Lai|D9O9L`N}$K}tzFG8?!LO?b)PqN%LJb!J8ab~!-Xve
zk^)%=TE0BmvQex+B)XX~@1C4PHjxx&H*Sl5=}i)16WEn`@UCnj##N2du|kml#3t&8
zx<ES%m6wqpbwb*wTPTZ!>mTk9Q}~Pt5j*D3UeG~GkdeAmR|mC<-Sgq_O%Dqr^hH`%
zJY**@6uiLVF^?*!Jwg5qY+g@@s(;yQd%FM7!k_AW^{qVJ_{}@5g-?^+>4>j)2u)KE
zj-t9LPi#D+WieR!Q2Gp4xm^XrgKX%p?m3O>BjI6fbXBQ$Wat@@iH~tsTbKT<+zmtQ
z1^GJJz|vYo-TUIow`r-(SD8~1UsOhSm(Y*mPY`Ww+1Vn^ZabC`Xa@TXOl4b4A%Hht
zKOg#5`|Y;HBObPtdCdo<H2oT359D-xm8GwY-W%&P!M}!T)|tCZGZ+)!)URe~=Dp;z
zTQ_zjb?4P~Xu8si&OOWooRuSflPN0l)VVbXnPq{jZ8>r~F^eoBjEMQLXo76&L3r@z
zG1iA+1Z{(?FKbzH#PY()A~V*r$un>U_#`7^Ty(ErL2?{Z*RCs`MTN|xQs20Iaf)w(
zAB-@{@R^NE{v)^yW9vfkJPma;{^#miv+lt$xwlNQe)qg9Dn3pNC`gI(;NB>ioN?o-
z01Fj8{ENy(&(YkTOGn)_HDR#Rq5hajRL1=LXXSQ4ilNx!W0eRP&k|q2yd5Ri+EmJh
zn$!AH?~M^^F>>N9FMq<Y-T&}X;y_#6>A9;YU8HNtOpTUWgErC16MrF*K2M^S8<%#!
z*0-Sb%R;@p8Kjld-Z*_^6c%H@^TE@-%?NKobkMe%OoX=djj+l^rMrAeIhEvM!Sf;g
z;cD)qWIAJ2oJzEx8O<0~DKlDMFdKeGjm+J;bWeypCN7cY;&tK=GBQND_nTFg?Jqc8
zXIx6RL0Wn;+^XHQwu50P>+>mUhy8145xZRHT$%@d<G2zIx59X$a95^fn2*`3bV|~C
zW7&*@0tL)r5gWfN9*y5nkVe89%%`Iy)_LP)FO{OIDg=j^4NLq*<*;uKn>jAXRXSec
z8Hl{6r7%}$O#ZWS8zz3@byl_!nHur-Ivrlp)K%iPbxz>69fZcHYQ2~5Y)X^DFPVvp
z?|*zpLBvm22!>rzlP{n~U%!Qm1Dljv66)VzX6bGvSvfS|u)3$hD+Yc>w8qAg;;&Jj
zvo_Fzuv6)HOX=;+hQySc(xna#H~5}lre@w!ydwanms;oR-~F~LpDv|!coXX_;THM)
zvwcj4t<@PCyrGZeipJ^JSI5$`T`1ox+DTfkt$1c_#<mm3kd&t<*@8Bnv&>)auh-mM
z@qF=eA7`^%QjPdCj>~T3>j(Q^FBA&o;kpOn85;y`W#Rg#EN5Sd(%Dm^wht{UMoY$4
zfgb1_YVm(eFA(h#o#MJAPQDa=GXMW$e2QcAUmM>70000000000000000Q@fn{{O?*
Gr2HRVZ>!4y
deleted file mode 100644
index 3378adb02259363221de9a3bbd7041dcd2f20b1e..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
--- a/python/mozbuild/mozbuild/artifacts.py
+++ b/python/mozbuild/mozbuild/artifacts.py
@@ -465,17 +465,16 @@ class MacArtifactJob(ArtifactJob):
         '{product}',
         '{product}-bin',
         'libfreebl3.dylib',
         'liblgpllibs.dylib',
         # 'liblogalloc.dylib',
         'libmozglue.dylib',
         'libnss3.dylib',
         'libnssckbi.dylib',
-        'libnssdbm3.dylib',
         'libplugin_child_interpose.dylib',
         # 'libreplace_jemalloc.dylib',
         # 'libreplace_malloc.dylib',
         'libmozavutil.dylib',
         'libmozavcodec.dylib',
         'libsoftokn3.dylib',
         'minidump-analyzer',
         'pingsender',
--- a/security/manager/ssl/moz.build
+++ b/security/manager/ssl/moz.build
@@ -223,19 +223,16 @@ LOCAL_INCLUDES += [
 LOCAL_INCLUDES += [
     '!/dist/public/nss',
 ]
 
 GeneratedFile('nsSTSPreloadList.h',
               script='../../../xpcom/ds/tools/make_dafsa.py',
               inputs=['nsSTSPreloadList.inc'])
 
-if CONFIG['NSS_DISABLE_DBM']:
-    DEFINES['NSS_DISABLE_DBM'] = '1'
-
 DEFINES['SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES'] = 'True'
 DEFINES['NSS_ENABLE_ECC'] = 'True'
 
 if not CONFIG['MOZ_SYSTEM_NSS']:
     USE_LIBS += [
         'crmf',
     ]
 
--- a/security/manager/ssl/tests/unit/test_broken_fips.js
+++ b/security/manager/ssl/tests/unit/test_broken_fips.js
@@ -3,29 +3,29 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 "use strict";
 
 // Tests that if Firefox attempts and fails to load a PKCS#11 module DB that was
 // in FIPS mode, Firefox can still make use of keys in the key database.
 // secomd.db can be created via `certutil -N -d <dir>`. Putting it in FIPS mode
-// involves running `modutil -fips true -dbdir <dir>`. key3.db is from
-// test_sdr_preexisting/key3.db.
+// involves running `modutil -fips true -dbdir <dir>`. key4.db is from
+// test_sdr_preexisting/key4.db.
 
 function run_test() {
   let profile = do_get_profile();
 
-  let keyDBName = "key3.db";
+  let keyDBName = "key4.db";
   let keyDBFile = do_get_file(`test_broken_fips/${keyDBName}`);
   keyDBFile.copyTo(profile, keyDBName);
 
-  let secmodDBName = "secmod.db";
-  let secmodDBFile = do_get_file(`test_broken_fips/${secmodDBName}`);
-  secmodDBFile.copyTo(profile, secmodDBName);
+  let pkcs11modDBName = "pkcs11.txt";
+  let pkcs11modDBFile = do_get_file(`test_broken_fips/${pkcs11modDBName}`);
+  pkcs11modDBFile.copyTo(profile, pkcs11modDBName);
 
   let moduleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
     Ci.nsIPKCS11ModuleDB
   );
   ok(!moduleDB.isFIPSEnabled, "FIPS should not be enabled");
 
   let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
     Ci.nsISecretDecoderRing
@@ -36,12 +36,15 @@ function run_test() {
   const expectedResult = "password";
   let decrypted = sdr.decryptString(encrypted);
   equal(
     decrypted,
     expectedResult,
     "decrypted ciphertext should match expected plaintext"
   );
 
-  let secmodDBFileFIPS = do_get_profile();
-  secmodDBFileFIPS.append(`${secmodDBName}.fips`);
-  ok(secmodDBFileFIPS.exists(), "backed-up PKCS#11 module db should now exist");
+  let pkcs11modDBFileFIPS = do_get_profile();
+  pkcs11modDBFileFIPS.append(`${pkcs11modDBName}.fips`);
+  ok(
+    pkcs11modDBFileFIPS.exists(),
+    "backed-up PKCS#11 module db should now exist"
+  );
 }
deleted file mode 100644
index b81b629dfa071fef21e019ce6fe749052ee9a7ca..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
rename from security/manager/ssl/tests/unit/test_sdr_preexisting/key4.db
rename to security/manager/ssl/tests/unit/test_broken_fips/key4.db
index ba1c88ae8de5988dba863dd31f2e1f26e29317b1..8f320dfdbd2627fcf731a77ea68dccecaa616b06
GIT binary patch
literal 36864
zc%1FsU1(cn7zgn8^rUH$ex%k)R!Z^24`{T^lk@R5K?iHoY{u2L%R244i*VAML9`#*
zq^p9J6=Z^fH-b12ywEz>^wJCO1hLn<@WPwom5MsN5p6fU@Vw94>|MIaM3Axa|Lx?-
zllS8}Pjj}k>7YGve7susjWbKj3tru@SvS)(cGxf&W1-*{WlDH=tU+UU7Geh<IoBEA
zVUgGj>xjj_YX7=@t^LW^c5EiL`7ibZ0002MJz~DCEio{ltv_D(%Jcq$U-!nmy4Sdm
z<cj%`>AW#LGCH0&8l%QwwPH*a3(t-ePZ`JZr;L*mh2tml#^i*No18c@UdT-w#r)Lx
zNG?BQ1Yfl-q~)EJdLj}|<OVcWU99-8)LxzsMoZpGeTg2I8ud%*Miw0nhZBjUcA6H<
zz35ddi?!O+a`miN_uF=xD@=^#XAGJYEvN;?pqDnS)ZtdD@jTU-_sagfS`u!mL6f)C
zuv14u;Y5E@E6KK3$}jkHb+x3msmAW~Z8}M(a(Xz?*Z63vwc3imtk#5@%E;MUs$|ls
zH@Vi9NG7#+hUt>2X_d7!UACJG-1)+dj7}D(hYZgQZozf)tl(ygoCd^5S`1~x!;E;C
zp@(8g#u334fr~IKLPmtF2%ZS#AY`eODI--hEsF9y4n>zDr#MV8LorLyqgbXmM~%t$
zWPg-fGN;NGRko<IMU^e8Y*A&4D%-Tnrd>AevT2u1yEx5qn&mXhX_m`bs>!M5Fs;nU
zNY5aBq?RdjvDcz*9W!82%eyH(*R<NE)i$kmOu1Svlp{7phoVbSoZF$ZI&@Ztu8T{1
zUE1rKazyN%^IhAq-Ly(AmEN?#QK_p^uF_$ZW^SZhZR2ViSKGMS#v9wXYKN<KxN3*1
zcDQPXt9H0*hpTpiG^<iirDc`QskEX}U!`Ymr1Td-re)PmS+rAeJ+o4#XFOvP_5AW|
z%5DiKjwb)<#ZUb!Eu~ei2QSeP@jBfZ+_X4j@w@x!0ssI20002sf3?1*t%iELx_a39
zVDn5b8|oq~_|wy~XJ7B`%zt-4-i0)6gUy=b=3uz}vGY%#-|o~pS~cD53-w-m{o*s*
z*MI!u(yOEFleZ&<gKu4Uutn2CMyYG+^p_|6Lg&_6_WkQu{U0uGTzL4Wjjs0|WuMLV
zfAD=!_JN(|vuO>%$$~?iU(<ron3#+2u=t+!000000001R?`zXTQSluJ`TqYe790Qo
z000000I(0~I*a1{KL7v#0002M{-)mlUt_@m000000002{O<3=VZm?PT{{Jcq4gdfE
z00000*az;{hoXCbETH`P{~xm8000000001hyQ8GH4mj(Pm%LhSb!oYB@!insp`+ao
z9s2eod-3wr8>8*tTrr=z&94slcy?mz_su`=+uZv6yZ*jUzsUXkoGX5HK=-lqxwW1v
nuU-1}>@Nq3V{5(g|Nnnu!2tjO000000Q*OWKA<(ep`iZ_-%;mw
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_broken_fips/pkcs11.txt
@@ -0,0 +1,5 @@
+library=
+name=NSS Internal FIPS PKCS #11 Module
+parameters=configdir='.' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
+NSS=slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,SHA256,SHA512,Camellia,SEED,RANDOM ] }  Flags=internal,FIPS,critical
+
deleted file mode 100644
index c9245b7482960389721c2e49dcb8bfc4c35deaa5..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
--- a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js
@@ -12,19 +12,17 @@
 // X1" certificate (copied below for reference) and perform the following steps:
 //
 // `certutil -d . -N` (use an empty password)
 // `certutil -d . -A -n "GeoTrust Primary Certification Authority - G2" -t ,, \
 //   -a -i GeoTrust.pem`
 // `certutil -d . -A -n "Let's Encrypt Authority X1" -t ,, -a \
 //   -i LetsEncrypt.pem`
 //
-// This should create cert8.db and key3.db files for use on non-Android
-// platforms. Perform the same steps with "sql:." as the argument to the "-d"
-// flag to create cert9.db and key4.db for use with Android.
+// This should create the cert9.db and key4.db files.
 //
 // (The crucial property of the first certificate is that it is a built-in trust
 // anchor, so any replacement must also have this property. The second
 // certificate is not a built-in trust anchor, so any replacement must not be a
 // built-in trust anchor.)
 //
 // GeoTrust Primary Certification Authority - G2:
 // -----BEGIN CERTIFICATE-----
@@ -72,19 +70,18 @@
 // ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
 // 6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
 // f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
 // -----END CERTIFICATE-----
 
 "use strict";
 
 function run_test() {
-  const isAndroid = AppConstants.platform == "android";
-  const certDBName = isAndroid ? "cert9.db" : "cert8.db";
-  const keyDBName = isAndroid ? "key4.db" : "key3.db";
+  const certDBName = "cert9.db";
+  const keyDBName = "key4.db";
   let profile = do_get_profile();
   let certDBFile = do_get_file(`test_cert_isBuiltInRoot_reload/${certDBName}`);
   certDBFile.copyTo(profile, certDBName);
   let keyDBFile = do_get_file(`test_cert_isBuiltInRoot_reload/${keyDBName}`);
   keyDBFile.copyTo(profile, keyDBName);
 
   let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
     Ci.nsIX509CertDB
deleted file mode 100644
index 87abcf35a3e0aa92034c6b6f1c22e5d745ebaf7e..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
deleted file mode 100644
index 37241a7437ab7e1963b05cd295aa04126969ad2e..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
--- a/security/manager/ssl/tests/unit/test_sdr_preexisting.js
+++ b/security/manager/ssl/tests/unit/test_sdr_preexisting.js
@@ -4,181 +4,21 @@
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 "use strict";
 
 // Tests that the SDR implementation is able to decrypt strings encrypted using
 // a preexisting NSS key database. Creating the database is straight-forward:
 // simply run Firefox (or xpcshell) and encrypt something using
 // nsISecretDecoderRing (e.g. by saving a password or directly using the
-// interface). The resulting key3.db file (in the profile directory) now
+// interface). The resulting key4.db file (in the profile directory) now
 // contains the private key used to encrypt the data.
-// "Upgrading" a key3.db with certutil to use on Android appears not to work.
-// Because the keys have to be the same for this test to work the way it does,
-// the key from key3.db must be extracted and added to a new key4.db. This can
-// be done with NSS' PK11_* APIs like so (although note that the following code
-// is not guaranteed to compile or work, but is more of a guideline for how to
-// do this in the future if necessary):
-//
-// #include <stdio.h>
-//
-// #include "nss.h"
-// #include "pk11pub.h"
-// #include "prerror.h"
-// #include "secerr.h"
-//
-// void printPRError(const char* message) {
-//   fprintf(stderr, "%s: %s\n", message, PR_ErrorToString(PR_GetError(), 0));
-// }
-//
-// int main(int argc, char* argv[]) {
-//   if (NSS_Initialize(".", "", "", "", NSS_INIT_NOMODDB | NSS_INIT_NOROOTINIT)
-//         != SECSuccess) {
-//     printPRError("NSS_Initialize failed");
-//     return 1;
-//   }
-//
-//   PK11SlotInfo* slot = PK11_GetInternalKeySlot();
-//   if (!slot) {
-//     printPRError("PK11_GetInternalKeySlot failed");
-//     return 1;
-//   }
-//
-//   // Create a key to wrap the SDR key to export it.
-//   unsigned char wrappingKeyIDBytes[] = { 0 };
-//   SECItem wrappingKeyID = {
-//     siBuffer,
-//     wrappingKeyIDBytes,
-//     sizeof(wrappingKeyIDBytes)
-//   };
-//   PK11SymKey* wrappingKey = PK11_TokenKeyGen(slot, CKM_DES3_CBC, 0, 0,
-//                                              &wrappingKeyID, PR_FALSE, NULL);
-//   if (!wrappingKey) {
-//     printPRError("PK11_TokenKeyGen failed");
-//     return 1;
-//   }
-//
-//   // This is the magic identifier NSS uses for the SDR key.
-//   unsigned char sdrKeyIDBytes[] = {
-//     0xF8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-//     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
-//   };
-//   SECItem sdrKeyID = { siBuffer, sdrKeyIDBytes, sizeof(sdrKeyIDBytes) };
-//   PK11SymKey* sdrKey = PK11_FindFixedKey(slot, CKM_DES3_CBC, &sdrKeyID,
-//                                          NULL);
-//   if (!sdrKey) {
-//     printPRError("PK11_FindFixedKey failed");
-//     return 1;
-//   }
-//
-//   // Wrap the SDR key.
-//   unsigned char wrappedKeyBuf[1024];
-//   SECItem wrapped = { siBuffer, wrappedKeyBuf, sizeof(wrappedKeyBuf) };
-//   if (PK11_WrapSymKey(CKM_DES3_ECB, NULL, wrappingKey, sdrKey, &wrapped)
-//         != SECSuccess) {
-//     printPRError("PK11_WrapSymKey failed");
-//     return 1;
-//   }
-//
-//   // Unwrap the SDR key (NSS considers the SDR key "sensitive" and so won't
-//   // just export it as raw key material - we have to export it and then
-//   // re-import it as non-sensitive to get that data.
-//   PK11SymKey* unwrapped = PK11_UnwrapSymKey(wrappingKey, CKM_DES3_ECB, NULL,
-//                                             &wrapped, CKM_DES3_CBC,
-//                                             CKA_ENCRYPT, 0);
-//   if (!unwrapped) {
-//     printPRError("PK11_UnwrapSymKey failed");
-//     return 1;
-//   }
-//   if (PK11_ExtractKeyValue(unwrapped) != SECSuccess) {
-//     printPRError("PK11_ExtractKeyValue failed");
-//     return 1;
-//   }
-//   SECItem* keyData = PK11_GetKeyData(unwrapped);
-//   if (!keyData) {
-//     printPRError("PK11_GetKeyData failed");
-//     return 1;
-//   }
-//   for (int i = 0; i < keyData->len; i++) {
-//     printf("0x%02hhx, ", keyData->data[i]);
-//   }
-//   printf("\n");
-//
-//   PK11_FreeSymKey(unwrapped);
-//   PK11_FreeSymKey(sdrKey);
-//   PK11_FreeSymKey(wrappingKey);
-//   PK11_FreeSlot(slot);
-//
-//   if (NSS_Shutdown() != SECSuccess) {
-//     printPRError("NSS_Shutdown failed");
-//     return 1;
-//   }
-//   return 0;
-// }
-//
-// The output of compiling and running the above should be the bytes of the SDR
-// key. Given that, create a key4.db with an empty password using
-// `certutil -N -d sql:.` and then compile and run the following:
-//
-// #include <stdio.h>
-//
-// #include "nss.h"
-// #include "pk11pub.h"
-// #include "prerror.h"
-// #include "secerr.h"
-// #include "secmod.h"
-//
-// void printPRError(const char* message) {
-//   fprintf(stderr, "%s: %s\n", message, PR_ErrorToString(PR_GetError(), 0));
-// }
-//
-// int main(int argc, char* argv[]) {
-//   if (NSS_Initialize("sql:.", "", "", "",
-//                      NSS_INIT_NOMODDB | NSS_INIT_NOROOTINIT) != SECSuccess) {
-//     printPRError("NSS_Initialize failed");
-//     return 1;
-//   }
-//
-//   PK11SlotInfo* slot = PK11_GetInternalKeySlot();
-//   if (!slot) {
-//     printPRError("PK11_GetInternalKeySlot failed");
-//     return 1;
-//   }
-//
-//   // These are the bytes of the SDR key from the previous step:
-//   unsigned char keyBytes[] = {
-//     0x70, 0xab, 0xea, 0x1f, 0x8f, 0xe3, 0x4a, 0x7a, 0xb5, 0xb0, 0x43, 0xe5,
-//     0x51, 0x83, 0x86, 0xe5, 0xb3, 0x43, 0xa8, 0x1f, 0xc1, 0x57, 0x86, 0x46
-//   };
-//   SECItem keyItem = { siBuffer, keyBytes, sizeof(keyBytes) };
-//   PK11SymKey* key = PK11_ImportSymKey(slot, CKM_DES3_CBC, PK11_OriginUnwrap,
-//                                       CKA_ENCRYPT, &keyItem, NULL);
-//   if (!key) {
-//     printPRError("PK11_ImportSymKey failed");
-//     return 1;
-//   }
-//
-//   PK11_FreeSymKey(key);
-//   PK11_FreeSlot(slot);
-//
-//   if (NSS_Shutdown() != SECSuccess) {
-//     printPRError("NSS_Shutdown failed");
-//     return 1;
-//   }
-//   return 0;
-// }
-//
-// This should create a key4.db file with the SDR key. (Note however that this
-// does not set the magic key ID for the SDR key. Currently this is not a
-// problem because the NSS implementation that backs the SDR simply tries all
-// applicable keys it has when decrypting, so this still works.)
 
 function run_test() {
-  const isAndroid = AppConstants.platform == "android";
-  const keyDBName = isAndroid ? "key4.db" : "key3.db";
+  const keyDBName = "key4.db";
   let profile = do_get_profile();
   let keyDBFile = do_get_file(`test_sdr_preexisting/${keyDBName}`);
   keyDBFile.copyTo(profile, keyDBName);
 
   let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
     Ci.nsISecretDecoderRing
   );
 
deleted file mode 100644
index b81b629dfa071fef21e019ce6fe749052ee9a7ca..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
--- a/security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js
+++ b/security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js
@@ -53,18 +53,18 @@ function run_test() {
     "@mozilla.org/embedcomp/window-watcher;1",
     gWindowWatcher
   );
   registerCleanupFunction(() => {
     MockRegistrar.unregister(windowWatcherCID);
   });
 
   let profile = do_get_profile();
-  let keyDBFile = do_get_file("test_sdr_preexisting_with_password/key3.db");
-  keyDBFile.copyTo(profile, "key3.db");
+  let keyDBFile = do_get_file("test_sdr_preexisting_with_password/key4.db");
+  keyDBFile.copyTo(profile, "key4.db");
 
   let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
     Ci.nsISecretDecoderRing
   );
 
   let testcases = [
     // a full padding block
     {
deleted file mode 100644
index cac0808ac32c35752b08d886eef4a3d362e56acd..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..959718da343e7cf7de026e23e25c9bb0d816096f
GIT binary patch
literal 36864
zc%1FsUuauZ90%}ok~C?OH7T_t{wv-}#bs8#x%cKIl@->e=^yOcF6+=vu)Fy)i1v>*
z=_X@>Rhfw3i$3ka2epX$FvNjADn2Wsdr&Gqi^^UU?64Eh`Q4_c=_V6=P{a4rn_qtS
zo^yWp*L&O2w9p<qI$5n(j8n@ii*DVpStsM19X1Tcm|s4^Obg0KVAnopH|J*$^gY)R
z-(>BPLo9kF{#o?hs2ja2vJp8HdGBwm2LJ#7fd7z%P$<#U!`JSsyTygdVx{hmxOKPj
z+@34shi3D}?9lLJ-e?>(4phs=Okv{4P+`t^I6r3`pPD#&Ja0@-8M*1H(aDM2tWn6%
zOb+Gp{f7L`bTQ>US;+_6gNa-ZXVs;0<(b;k3-ai^yINnS{rN`y`BWnd4+n#ZL@$4g
zCX}9ZtL3FyZDyr<+O1bY+s#c(jpQFSXi&AFCm09ZlxZaow^5BpsK$a@tSsm$!KNBC
zcwG%UIT{Ei?&#(7UfZk1Cn}}7p3>G-V|(}pouraEe=u=d<GrcYYO9qMJtxpq#v8q^
zN;Z{zslY>t-d_IdGTkygtTSKJZQEVo<~MF=c)Bp#Z@8v>$ouA6@?oo-4yYq3bttQL
zvuZa>yJ||-Q6a5@P$8p2R)ql-TosBk3{WZ4i&W9HD0=5{D5fb2iW!PoiUSl~ibaYg
zYRqfT>yL8F%c-(Ol`X1lQDuuNTU6Pi$~LXCX_ZZ@Y+7a0DnX-yMg@%u8Wr9s)f7}S
zLo>5pq$^18sbzY(T5D0ajwxBx@^(tsnr7QH+osu$>CN^gdPi)E4#hM@b#8~w>d;vo
zx-V&3o2IpC(>tQpmMUr6vC}D?S~}e|!O>}2r$VP0oo07Zp_d80Oz34oFB6SrLboGy
zJ3_Z3bUQ+~BXm1Lw<B~rG9A#VtJ9)ROFAv<w4&2fJ1Ko2cxh3$Q&jDg)2>-A(iP8|
zL|<P)AGg-P&Vh`+${8nV`+|wF-oN_7s6T_}Q#x0#?c3GY@DBOlu`MPy00000004lN
z^gQQh1KqJ$7h5~nJkrhjV}!}KuC6`ny0=IEkz2i|0O#xMgn7hF2BQbhkDvdogYRqO
ze)IM~_xQ2ysY`7?h90`}yU%}5ZH%1$<Xi6Z-P;*3UjN|D$6t0!S2w5oF0FlWZT*GF
zxwBh~&&EFb`jx`>=SDx4b@y*JpN==kv&l_0z_~mcQDgB<7T+@;000000002~|3dyi
zSp5jXd;Pz~;`seP00000002Ns^7~mBum1r60000009u=V{eP9o4FCWD00000T20X3
z6<%j2yx0FfGr0i(0000006+`4#or&^`)2{^@Bhc&U~&Th000000DynRNncx!vle;E
zt<}yfuaw_;EpTRVtn=={Z{D((-k*7KIC}X@bMOZLI$-YC=>ER3D;L-9@4ImE+NbyY
zRIm=vzYgdWKYaMdMlAn!?n2jB<0tzsd%yqxg~<&700000003IYK7S8y{6xX`CylT0
A3IG5A
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/test_sdr_upgraded_with_password.js
+++ /dev/null
@@ -1,149 +0,0 @@
-// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this
-// file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-"use strict";
-
-// Tests that the SDR implementation is able to decrypt strings encrypted using
-// a preexisting NSS key database that a) has a password and b) has already been
-// upgraded from the old dbm format in a previous run of Firefox.
-// To create such a database, run the xpcshell test
-// `test_sdr_preexisting_with_password.js` and locate the file `key4.db` created
-// in the xpcshell test profile directory.
-// This does not apply to Android as the dbm implementation was never enabled on
-// that platform.
-
-var gMockPrompter = {
-  passwordToTry: "password",
-  numPrompts: 0,
-
-  // This intentionally does not use arrow function syntax to avoid an issue
-  // where in the context of the arrow function, |this != gMockPrompter| due to
-  // how objects get wrapped when going across xpcom boundaries.
-  promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
-    this.numPrompts++;
-    if (this.numPrompts > 1) {
-      // don't keep retrying a bad password
-      return false;
-    }
-    equal(
-      text,
-      "Please enter your master password.",
-      "password prompt text should be as expected"
-    );
-    equal(checkMsg, null, "checkMsg should be null");
-    ok(this.passwordToTry, "passwordToTry should be non-null");
-    password.value = this.passwordToTry;
-    return true;
-  },
-
-  QueryInterface: ChromeUtils.generateQI([Ci.nsIPrompt]),
-};
-
-// Mock nsIWindowWatcher. PSM calls getNewPrompter on this to get an nsIPrompt
-// to call promptPassword. We return the mock one, above.
-var gWindowWatcher = {
-  getNewPrompter: () => gMockPrompter,
-  QueryInterface: ChromeUtils.generateQI([Ci.nsIWindowWatcher]),
-};
-
-function run_test() {
-  let windowWatcherCID = MockRegistrar.register(
-    "@mozilla.org/embedcomp/window-watcher;1",
-    gWindowWatcher
-  );
-  registerCleanupFunction(() => {
-    MockRegistrar.unregister(windowWatcherCID);
-  });
-
-  let profile = do_get_profile();
-  let key3DBFile = do_get_file("test_sdr_upgraded_with_password/key3.db");
-  key3DBFile.copyTo(profile, "key3.db");
-  let key4DBFile = do_get_file("test_sdr_upgraded_with_password/key4.db");
-  key4DBFile.copyTo(profile, "key4.db");
-  // Unfortunately we have to also copy the certificate databases as well.
-  // Otherwise, NSS will think it has to create them, which will cause NSS to
-  // think it has to also do a migration, which will open key3.db and not close
-  // it until shutdown, which means that on Windows removing the file just after
-  // startup fails. Luckily users profiles will have both key and certificate
-  // databases anyway, so this is an accurate reflection of normal use.
-  let cert8DBFile = do_get_file("test_sdr_upgraded_with_password/cert8.db");
-  cert8DBFile.copyTo(profile, "cert8.db");
-  let cert9DBFile = do_get_file("test_sdr_upgraded_with_password/cert9.db");
-  cert9DBFile.copyTo(profile, "cert9.db");
-
-  let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
-    Ci.nsISecretDecoderRing
-  );
-
-  let testcases = [
-    // a full padding block
-    {
-      ciphertext:
-        "MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECGeDHwVfyFqzBBAYvqMq/kDMsrARVNdC1C8d",
-      plaintext: "password",
-    },
-    // 7 bytes of padding
-    {
-      ciphertext:
-        "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECCAzLDVmYG2/BAh3IoIsMmT8dQ==",
-      plaintext: "a",
-    },
-    // 6 bytes of padding
-    {
-      ciphertext:
-        "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECPN8zlZzn8FdBAiu2acpT8UHsg==",
-      plaintext: "bb",
-    },
-    // 1 byte of padding
-    {
-      ciphertext:
-        "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECD5px1eMKkJQBAgUPp35GlrDvQ==",
-      plaintext: "!seven!",
-    },
-    // 2 bytes of padding
-    {
-      ciphertext:
-        "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECMh0hLtKDyUdBAixw9UZsMt+vA==",
-      plaintext: "sixsix",
-    },
-    // long plaintext requiring more than two blocks
-    {
-      ciphertext:
-        "MFoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECDRX1qi+/FX1BDATFIcIneQjvBuq3wdFxzllJt2VtUD69ACdOKAXH3eA87oHDvuHqOeCDwRy4UzoG5s=",
-      plaintext: "thisismuchlongerandsotakesupmultipleblocks",
-    },
-    // this differs from the previous ciphertext by one bit and demonstrates
-    // that this implementation does not enforce message integrity
-    {
-      ciphertext:
-        "MFoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECDRX1qi+/FX1BDAbFIcIneQjvBuq3wdFxzllJt2VtUD69ACdOKAXH3eA87oHDvuHqOeCDwRy4UzoG5s=",
-      plaintext: "nnLbuwLRkhlongerandsotakesupmultipleblocks",
-    },
-  ];
-
-  for (let testcase of testcases) {
-    let decrypted = sdr.decryptString(testcase.ciphertext);
-    equal(
-      decrypted,
-      testcase.plaintext,
-      "decrypted ciphertext should match expected plaintext"
-    );
-  }
-  equal(
-    gMockPrompter.numPrompts,
-    1,
-    "Should have been prompted for a password once"
-  );
-
-  // NSS does not close the old database when performing an upgrade. Thus, on
-  // Windows, we can't delete the old database file on the run that we perform
-  // an upgrade. However, we can delete it on subsequent runs.
-  let key3DBInProfile = do_get_profile();
-  key3DBInProfile.append("key3.db");
-  ok(
-    !key3DBInProfile.exists(),
-    "key3.db should not exist after running with key4.db with a password"
-  );
-}
deleted file mode 100644
index ac40a3325724b598ba93a314d250bd03eb7f479f..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
deleted file mode 100644
index 163d07a6f325564ec436832b1abb6775b579edc9..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
deleted file mode 100644
index cac0808ac32c35752b08d886eef4a3d362e56acd..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
deleted file mode 100644
index 8c853543cc3e9d727862c6550865a7537eb05ff6..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
--- a/security/manager/ssl/tests/unit/xpcshell.ini
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@@ -34,17 +34,16 @@ support-files =
   test_missing_intermediate/**
   test_name_constraints/**
   test_ocsp_url/**
   test_onecrl/**
   test_pinning_dynamic/**
   test_sanctions/**
   test_sdr_preexisting/**
   test_sdr_preexisting_with_password/**
-  test_sdr_upgraded_with_password/**
   test_self_signed_certs/**
   test_signed_apps/**
   test_startcom_wosign/**
   test_validity/**
   tlsserver/**
 
 [test_add_preexisting_cert.js]
 [test_baseline_requirements_subject_common_name.js]
@@ -188,19 +187,16 @@ run-sequentially = hardcoded ports
 [test_pinning_dynamic.js]
 [test_pinning_header_parsing.js]
 run-sequentially = hardcoded ports
 [test_sdr.js]
 [test_sdr_preexisting.js]
 [test_sdr_preexisting_with_password.js]
 # Not relevant to Android. See the comment in the test.
 skip-if = toolkit == 'android'
-[test_sdr_upgraded_with_password.js]
-# Not relevant to Android. See the comment in the test.
-skip-if = toolkit == 'android'
 [test_self_signed_certs.js]
 [test_session_resumption.js]
 run-sequentially = hardcoded ports
 [test_signed_apps.js]
 [test_ssl_status.js]
 run-sequentially = hardcoded ports
 [test_sss_enumerate.js]
 run-sequentially = hardcoded ports
--- a/security/moz.build
+++ b/security/moz.build
@@ -78,18 +78,17 @@ gyp_vars['nss_dist_dir'] = '$PRODUCT_DIR
 # NSS wants to put public headers in $nss_dist_dir/public/nss by default,
 # which would wind up being mapped to dist/include/public/nss (by
 # gyp_reader's `handle_copies`).
 # This forces it to put them in dist/include/nss.
 gyp_vars['nss_public_dist_dir'] = '$PRODUCT_DIR/dist'
 gyp_vars['nss_dist_obj_dir'] = '$PRODUCT_DIR/dist/bin'
 # We don't currently build NSS tests.
 gyp_vars['disable_tests'] = 1
-if CONFIG['NSS_DISABLE_DBM']:
-    gyp_vars['disable_dbm'] = 1
+gyp_vars['disable_dbm'] = 1
 gyp_vars['disable_libpkix'] = 1
 gyp_vars['enable_sslkeylogfile'] = 1
 # pkg-config won't reliably find zlib on our builders, so just force it.
 # System zlib is only used for modutil and signtool unless
 # SSL zlib is enabled, which we are disabling immediately below this.
 gyp_vars['zlib_libs'] = '-lz'
 gyp_vars['ssl_enable_zlib'] = 0
 # System sqlite here is the in-tree mozsqlite.
deleted file mode 100644
index a83a0a577b0e1924ac9973ad16df4fd4f7d19c71..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
--- a/toolkit/components/passwordmgr/test/unit/head.js
+++ b/toolkit/components/passwordmgr/test/unit/head.js
@@ -75,18 +75,17 @@ const RecipeHelpers = {
 };
 
 // Initialization functions common to all tests
 
 add_task(async function test_common_initialize() {
   // Before initializing the service for the first time, we should copy the key
   // file required to decrypt the logins contained in the SQLite databases used
   // by migration tests.  This file is not required for the other tests.
-  const isAndroid = AppConstants.platform == "android";
-  const keyDBName = isAndroid ? "key4.db" : "key3.db";
+  const keyDBName = "key4.db";
   await OS.File.copy(
     do_get_file(`data/${keyDBName}`).path,
     OS.Path.join(OS.Constants.Path.profileDir, keyDBName)
   );
 
   // Ensure that the service and the storage module are initialized.
   await Services.logins.initializationPromise;
 });
--- a/toolkit/moz.build
+++ b/toolkit/moz.build
@@ -62,19 +62,16 @@ with Files('docs/**'):
     BUG_COMPONENT = ('Toolkit', 'General')
 
 with Files('moz.*'):
     BUG_COMPONENT = ('Firefox Build System', 'General')
 
 with Files('toolkit.mozbuild'):
     BUG_COMPONENT = ('Firefox Build System', 'General')
 
-with Files('nss.configure'):
-    BUG_COMPONENT = ('Firefox Build System', 'General')
-
 with Files('library/**'):
     BUG_COMPONENT = ('Firefox Build System', 'General')
 
 with Files('mozapps/installer/windows/**'):
     BUG_COMPONENT = ('Toolkit', 'NSIS Installer')
 
 with Files('mozapps/preferences/**'):
     BUG_COMPONENT = ('Toolkit', 'Preferences')
--- a/toolkit/moz.configure
+++ b/toolkit/moz.configure
@@ -810,18 +810,16 @@ set_define('MOZ_WEBSPEECH_TEST_BACKEND',
 
 # Enable IPDL's "expensive" unit tests
 # ==============================================================
 option('--enable-ipdl-tests', help='Enable expensive IPDL tests')
 
 set_config('MOZ_IPDL_TESTS',
            depends_if('--enable-ipdl-tests')(lambda _: True))
 
-include('nss.configure')
-
 # Graphics
 # ==============================================================
 option('--disable-skia', help='Disable use of Skia')
 
 @depends('--disable-skia')
 def skia(value):
     if not value:
         die('--disable-skia is not supported anymore')
deleted file mode 100644
--- a/toolkit/nss.configure
+++ /dev/null
@@ -1,17 +0,0 @@
-# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-
-# DBM support in NSS
-# ==============================================================
-@depends(build_project)
-def dbm_default(build_project):
-    return build_project != 'mobile/android'
-
-option('--enable-dbm', default=dbm_default,
-       help='{Enable|Disable} building DBM')
-
-set_config('NSS_DISABLE_DBM', depends('--enable-dbm')(lambda x: not x))