Bug 1539227 - land NSS 4e4eb31ce200 UPGRADE_NSS_RELEASE, r=me
authorJ.C. Jones <jc@mozilla.com>
Wed, 01 May 2019 19:07:31 +0000
changeset 531101 11f4bd1a3b416c6b892b3dde7e6069b5de04c97f
parent 531100 89d5d74f031b79607e7e68c2a273ffb91d2539bd
child 531102 ff789c47d78b925fda54cd7659de46791a92858a
push id11265
push userffxbld-merge
push dateMon, 13 May 2019 10:53:39 +0000
treeherdermozilla-beta@77e0fe8dbdd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme
bugs1539227
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1539227 - land NSS 4e4eb31ce200 UPGRADE_NSS_RELEASE, r=me
security/nss/Makefile
security/nss/TAG-INFO
security/nss/build.sh
security/nss/coreconf/config.gypi
security/nss/coreconf/coreconf.dep
security/nss/coreconf/fuzz.sh
security/nss/gtests/pk11_gtest/pk11_gtest.gyp
security/nss/gtests/softoken_gtest/softoken_gtest.gyp
security/nss/gtests/ssl_gtest/ssl_gtest.gyp
security/nss/help.txt
security/nss/lib/pk11wrap/pk11load.c
security/nss/lib/pk11wrap/pk11wrap.gyp
security/nss/lib/softoken/pkcs11.c
security/nss/lib/softoken/softoken.gyp
--- a/security/nss/Makefile
+++ b/security/nss/Makefile
@@ -82,20 +82,20 @@ NSPR_CONFIGURE_OPTS += --enable-debug-rt
 endif
 ifdef USE_STATIC_RTL
 NSPR_CONFIGURE_OPTS += --enable-static-rtl
 endif
 ifdef NS_USE_GCC
 NSPR_CONFIGURE_ENV = CC=gcc CXX=g++
 endif
 ifdef CC
-NSPR_CONFIGURE_ENV = CC=$(CC)
+NSPR_CONFIGURE_ENV = CC="$(CC)"
 endif
 ifdef CCC
-NSPR_CONFIGURE_ENV += CXX=$(CCC)
+NSPR_CONFIGURE_ENV += CXX="$(CCC)"
 endif
 # Remove -arch definitions. NSPR can't handle that.
 NSPR_CONFIGURE_ENV := $(filter-out -arch x86_64,$(NSPR_CONFIGURE_ENV))
 NSPR_CONFIGURE_ENV := $(filter-out -arch i386,$(NSPR_CONFIGURE_ENV))
 NSPR_CONFIGURE_ENV := $(filter-out -arch ppc,$(NSPR_CONFIGURE_ENV))
 
 #
 # Some pwd commands on Windows (for example, the pwd
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-56826bedabba
+4e4eb31ce200
--- a/security/nss/build.sh
+++ b/security/nss/build.sh
@@ -89,17 +89,18 @@ while [ $# -gt 0 ]; do
         --ubsan=?*) enable_ubsan "${1#*=}" ;;
         --fuzz) fuzz=1 ;;
         --fuzz=oss) fuzz=1; fuzz_oss=1 ;;
         --fuzz=tls) fuzz=1; fuzz_tls=1 ;;
         --sancov) enable_sancov ;;
         --sancov=?*) enable_sancov "${1#*=}" ;;
         --emit-llvm) gyp_params+=(-Demit_llvm=1 -Dsign_libs=0) ;;
         --no-zdefs) gyp_params+=(-Dno_zdefs=1) ;;
-        --test) gyp_params+=(-Dtest_build=1) ;;
+        --test) gyp_params+=(-Dtest_build=1 -Dstatic_libs=1) ;;
+        --static) gyp_params+=(-Dstatic_libs=1) ;;
         --ct-verif) gyp_params+=(-Dct_verif=1) ;;
         --nspr) nspr_clean; rebuild_nspr=1 ;;
         --with-nspr=?*) set_nspr_path "${1#*=}"; no_local_nspr=1 ;;
         --system-nspr) set_nspr_path "/usr/include/nspr/:"; no_local_nspr=1 ;;
         --system-sqlite) gyp_params+=(-Duse_system_sqlite=1) ;;
         --enable-fips) gyp_params+=(-Ddisable_fips=0) ;;
         --enable-libpkix) gyp_params+=(-Ddisable_libpkix=0) ;;
         --mozpkix-only) gyp_params+=(-Dmozpkix_only=1 -Ddisable_tests=1 -Dsign_libs=0) ;;
--- a/security/nss/coreconf/config.gypi
+++ b/security/nss/coreconf/config.gypi
@@ -94,16 +94,17 @@
     'disable_libpkix%': 1,
     'disable_werror%': 0,
     'mozilla_client%': 0,
     'comm_client%': 0,
     'moz_fold_libs%': 0,
     'moz_folded_library_name%': '',
     'sanitizer_flags%': 0,
     'test_build%': 0,
+    'static_libs%': 0,
     'no_zdefs%': 0,
     'fuzz%': 0,
     'fuzz_tls%': 0,
     'fuzz_oss%': 0,
     'sign_libs%': 1,
     'use_pprof%': 0,
     'ct_verif%': 0,
     'emit_llvm%': 0,
@@ -117,16 +118,17 @@
     'mozpkix_only%': 0,
   },
   'target_defaults': {
     # Settings specific to targets should go here.
     # This is mostly for linking to libraries.
     'variables': {
       'mapfile%': '',
       'test_build%': 0,
+      'static_libs%': 0,
       'debug_optimization_level%': '0',
       'release_optimization_level%': '2',
     },
     'standalone_static_library': 0,
     'include_dirs': [
       '<(nspr_include_dir)',
       '<(nss_dist_dir)/private/<(module)',
     ],
@@ -137,16 +139,21 @@
         ],
       }],
       [ 'disable_fips==1', {
         'defines': [
           'NSS_FIPS_DISABLED',
           'NSS_NO_INIT_SUPPORT',
         ],
       }],
+      [ 'static_libs==1', {
+        'variables': {
+          'standalone_static_library': '1',
+        },
+      }],
       [ 'OS!="android" and OS!="mac" and OS!="win"', {
         'libraries': [
           '-lpthread',
         ],
       }],
       [ 'OS=="linux"', {
         'libraries': [
           '-ldl',
@@ -252,17 +259,17 @@
               ],
               'outputs': [
                 '<(INTERMEDIATE_DIR)/out.>(mapfile)',
               ],
               'action': ['<@(process_map_file)'],
             }],
           }]
         ],
-      }, 'test_build==1 and _type=="shared_library"', {
+      }, 'static_libs==1 and _type=="shared_library"', {
         # When linking a shared lib against a static one, XCode doesn't
         # export the latter's symbols by default. -all_load fixes that.
         'xcode_settings': {
           'OTHER_LDFLAGS': [
             '-all_load',
           ],
         },
       }],
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,9 +5,8 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
-
--- a/security/nss/coreconf/fuzz.sh
+++ b/security/nss/coreconf/fuzz.sh
@@ -9,17 +9,17 @@ if [ -z "$CC" ]; then
         echo "Fuzzing requires clang!"
         exit 1
     fi
     export CC=clang
     export CCC=clang++
     export CXX=clang++
 fi
 
-gyp_params+=(-Dtest_build=1 -Dfuzz=1 -Dsign_libs=0)
+gyp_params+=(-Dtest_build=1 -Dstatic_libs=1 -Dfuzz=1 -Dsign_libs=0)
 
 # Add debug symbols even for opt builds.
 nspr_params+=(--enable-debug-symbols)
 
 if [ "$fuzz_oss" = 1 ]; then
   gyp_params+=(-Dno_zdefs=1 -Dfuzz_oss=1)
 else
   enable_sanitizer asan
--- a/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
+++ b/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
@@ -24,30 +24,30 @@
         'pk11_prng_unittest.cc',
         'pk11_rsapkcs1_unittest.cc',
         'pk11_rsapss_unittest.cc',
         'pk11_der_private_key_import_unittest.cc',
         '<(DEPTH)/gtests/common/gtests.cc'
       ],
       'dependencies': [
         '<(DEPTH)/exports.gyp:nss_exports',
-        '<(DEPTH)/lib/util/util.gyp:nssutil3',
         '<(DEPTH)/cpputil/cpputil.gyp:cpputil',
         '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
       ],
       'conditions': [
-        [ 'test_build==1', {
+        [ 'static_libs==1', {
           'dependencies': [
+            '<(DEPTH)/lib/base/base.gyp:nssb',
+            '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+            '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+            '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+            '<(DEPTH)/lib/dev/dev.gyp:nssdev',
             '<(DEPTH)/lib/nss/nss.gyp:nss_static',
             '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
-            '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
-            '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
-            '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
-            '<(DEPTH)/lib/base/base.gyp:nssb',
-            '<(DEPTH)/lib/dev/dev.gyp:nssdev',
             '<(DEPTH)/lib/pki/pki.gyp:nsspki',
             '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
           ],
         }, {
           'dependencies': [
             '<(DEPTH)/lib/nss/nss.gyp:nss3',
             '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
           ],
--- a/security/nss/gtests/softoken_gtest/softoken_gtest.gyp
+++ b/security/nss/gtests/softoken_gtest/softoken_gtest.gyp
@@ -14,17 +14,17 @@
         'softoken_gtest.cc',
       ],
       'dependencies': [
         '<(DEPTH)/exports.gyp:nss_exports',
         '<(DEPTH)/lib/util/util.gyp:nssutil3',
         '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
       ],
       'conditions': [
-        [ 'test_build==1', {
+        [ 'static_libs==1', {
           'dependencies': [
             '<(DEPTH)/lib/nss/nss.gyp:nss_static',
             '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
             '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
             '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
             '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
             '<(DEPTH)/lib/base/base.gyp:nssb',
             '<(DEPTH)/lib/dev/dev.gyp:nssdev',
--- a/security/nss/gtests/ssl_gtest/ssl_gtest.gyp
+++ b/security/nss/gtests/ssl_gtest/ssl_gtest.gyp
@@ -71,17 +71,17 @@
         '<(DEPTH)/lib/pki/pki.gyp:nsspki',
         '<(DEPTH)/lib/dev/dev.gyp:nssdev',
         '<(DEPTH)/lib/base/base.gyp:nssb',
         '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib',
         '<(DEPTH)/cpputil/cpputil.gyp:cpputil',
         '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
       ],
       'conditions': [
-        [ 'test_build==1', {
+        [ 'static_libs==1', {
           'dependencies': [
             '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
           ],
         }, {
           'dependencies': [
             '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
             '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
             '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
--- a/security/nss/help.txt
+++ b/security/nss/help.txt
@@ -35,16 +35,17 @@ NSS build tool options:
                      --fuzz=tls to enable TLS fuzzing mode
                      --fuzz=oss to build for OSS-Fuzz
     --sancov         do sanitize coverage builds
                      --sancov=func sets coverage to function level for example
     --emit-llvm      emit LLVM bitcode while building
                      (requires the gold linker, use clang-3.8 for SAW)
     --no-zdefs       don't set -Wl,-z,defs
     --test           ignore map files and export everything we have
+    --static         create static libraries and use static linking
     --ct-verif       build with valgrind for ct-verif
     --nspr           force a rebuild of NSPR
     --with-nspr      use the NSPR build at the given locations
                      --with-nspr=<include>:<lib> sets include and lib paths
     --system-nspr    attempt to use system nspr
                      shorthand for --with-nspr=/usr/include/nspr:
     --system-sqlite  use system sqlite
     --enable-fips    enable FIPS checks
--- a/security/nss/lib/pk11wrap/pk11load.c
+++ b/security/nss/lib/pk11wrap/pk11load.c
@@ -348,17 +348,17 @@ SECMOD_SetRootCerts(PK11SlotInfo *slot, 
             /* increment module count & store new list */
             mod->slotInfo = psi_list;
             mod->slotInfoCount++;
         }
         psi->hasRootCerts = 1;
     }
 }
 
-#ifndef NSS_TEST_BUILD
+#ifndef NSS_STATIC_SOFTOKEN
 static const char *my_shlib_name =
     SHLIB_PREFIX "nss" SHLIB_VERSION "." SHLIB_SUFFIX;
 static const char *softoken_shlib_name =
     SHLIB_PREFIX "softokn" SOFTOKEN_SHLIB_VERSION "." SHLIB_SUFFIX;
 static const PRCallOnceType pristineCallOnce;
 static PRCallOnceType loadSoftokenOnce;
 static PRLibrary *softokenLib;
 static PRInt32 softokenLoadCount;
@@ -398,17 +398,17 @@ secmod_LoadPKCS11Module(SECMODModule *mo
     PRBool alreadyLoaded = PR_FALSE;
     char *disableUnload = NULL;
 
     if (mod->loaded)
         return SECSuccess;
 
     /* internal modules get loaded from their internal list */
     if (mod->internal && (mod->dllName == NULL)) {
-#ifdef NSS_TEST_BUILD
+#ifdef NSS_STATIC_SOFTOKEN
         entry = (CK_C_GetFunctionList)NSC_GetFunctionList;
 #else
         /*
          * Loads softoken as a dynamic library,
          * even though the rest of NSS assumes this as the "internal" module.
          */
         if (!softokenLib &&
             PR_SUCCESS != PR_CallOnce(&loadSoftokenOnce, &softoken_LoadDSO))
@@ -425,17 +425,17 @@ secmod_LoadPKCS11Module(SECMODModule *mo
         }
 
         if (!entry)
             return SECFailure;
 #endif
 
         if (mod->isModuleDB) {
             mod->moduleDBFunc = (CK_C_GetFunctionList)
-#ifdef NSS_TEST_BUILD
+#ifdef NSS_STATIC_SOFTOKEN
                 NSC_ModuleDBFunc;
 #else
                 PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc");
 #endif
         }
 
         if (mod->moduleDBOnly) {
             mod->loaded = PR_TRUE;
@@ -607,17 +607,17 @@ SECMOD_UnloadModule(SECMODModule *mod)
     }
     mod->moduleID = 0;
     mod->loaded = PR_FALSE;
 
     /* do we want the semantics to allow unloading the internal library?
      * if not, we should change this to SECFailure and move it above the
      * mod->loaded = PR_FALSE; */
     if (mod->internal && (mod->dllName == NULL)) {
-#ifndef NSS_TEST_BUILD
+#ifndef NSS_STATIC_SOFTOKEN
         if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
             if (softokenLib) {
                 disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
                 if (!disableUnload) {
 #ifdef DEBUG
                     PRStatus status = PR_UnloadLibrary(softokenLib);
                     PORT_Assert(PR_SUCCESS == status);
 #else
--- a/security/nss/lib/pk11wrap/pk11wrap.gyp
+++ b/security/nss/lib/pk11wrap/pk11wrap.gyp
@@ -5,17 +5,17 @@
   'includes': [
     '../../coreconf/config.gypi'
   ],
   'targets': [
     {
       'target_name': 'pk11wrap_static',
       'type': 'static_library',
       'defines': [
-        'NSS_TEST_BUILD',
+        'NSS_STATIC_SOFTOKEN',
       ],
       'dependencies': [
         'pk11wrap_base',
         '<(DEPTH)/exports.gyp:nss_exports',
         '<(DEPTH)/lib/softoken/softoken.gyp:softokn_static',
       ],
     },
     {
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -3152,17 +3152,17 @@ nsc_CommonFinalize(CK_VOID_PTR pReserved
 
     /* tell freeBL to clean up after itself */
     BL_Cleanup();
 
     /* reset fork status in freebl. We must do this before BL_Unload so that
      * this call doesn't force freebl to be reloaded. */
     BL_SetForkState(PR_FALSE);
 
-#ifndef NSS_TEST_BUILD
+#ifndef NSS_STATIC_SOFTOKEN
     /* unload freeBL shared library from memory. This may only decrement the
      * OS refcount if it's been loaded multiple times, eg. by libssl */
     BL_Unload();
 #endif
 
     /* clean up the default OID table */
     SECOID_Shutdown();
 
--- a/security/nss/lib/softoken/softoken.gyp
+++ b/security/nss/lib/softoken/softoken.gyp
@@ -5,17 +5,17 @@
   'includes': [
     '../../coreconf/config.gypi'
   ],
   'targets': [
     {
       'target_name': 'softokn_static',
       'type': 'static_library',
       'defines': [
-        'NSS_TEST_BUILD',
+        'NSS_STATIC_SOFTOKEN',
       ],
       'dependencies': [
         'softokn_base',
         '<(DEPTH)/exports.gyp:nss_exports',
         '<(DEPTH)/lib/freebl/freebl.gyp:freebl_static',
       ],
       'conditions': [
         [ 'use_system_sqlite==1', {