Backed out changeset b5195ecbebe6 (bug 1345368) for failing xpcshell's security/manager/ssl/tests/unit/test_broken_fips.js on Windows. r=backout UPGRADE_NSS_RELEASE
authorSebastian Hengst <archaeopteryx@coole-files.de>
Tue, 06 Jun 2017 14:08:08 +0200
changeset 410689 11f9875cfe18ecfbb4b28d9f87d5f5af94258430
parent 410688 99e99af157c2a7b38f9919fc3647d26bd36c9c1d
child 410690 fd90d75e1b5111ca178efea29c7e1af7d1bdee4e
push id7391
push usermtabara@mozilla.com
push dateMon, 12 Jun 2017 13:08:53 +0000
treeherdermozilla-beta@2191d7f87e2e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbackout
bugs1345368
milestone55.0a1
backs outb5195ecbebe63d1a72448636283040c5a16ee5d4
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset b5195ecbebe6 (bug 1345368) for failing xpcshell's security/manager/ssl/tests/unit/test_broken_fips.js on Windows. r=backout UPGRADE_NSS_RELEASE
security/nss/TAG-INFO
security/nss/automation/taskcluster/docker/setup.sh
security/nss/automation/taskcluster/graph/src/extend.js
security/nss/automation/taskcluster/graph/src/try_syntax.js
security/nss/automation/taskcluster/windows/build.sh
security/nss/automation/taskcluster/windows/build_gyp.sh
security/nss/automation/taskcluster/windows/releng.manifest
security/nss/automation/taskcluster/windows/setup.sh
security/nss/automation/taskcluster/windows/setup32.sh
security/nss/automation/taskcluster/windows/setup64.sh
security/nss/build.sh
security/nss/coreconf/config.gypi
security/nss/coreconf/coreconf.dep
security/nss/cpputil/scoped_ptrs.h
security/nss/fuzz/config/clone_libfuzzer.sh
security/nss/gtests/freebl_gtest/ecl_unittest.cc
security/nss/gtests/freebl_gtest/freebl_gtest.gyp
security/nss/gtests/freebl_gtest/mpi_unittest.cc
security/nss/gtests/freebl_gtest/prng_kat_unittest.cc
security/nss/lib/ckfw/builtins/builtins.gyp
security/nss/lib/ckfw/builtins/certdata.py
security/nss/lib/dev/devslot.c
security/nss/lib/dev/devtoken.c
security/nss/lib/freebl/ecl/ecp_jm.c
security/nss/lib/pk11wrap/dev3hack.c
security/nss/lib/softoken/legacydb/legacydb.gyp
security/nss/lib/softoken/softoken.gyp
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_31_BETA1
+29290a4a9bd0
--- a/security/nss/automation/taskcluster/docker/setup.sh
+++ b/security/nss/automation/taskcluster/docker/setup.sh
@@ -42,16 +42,19 @@ apt_packages+=('g++-6-multilib')
 apt_packages+=('g++-4.8-multilib')
 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 60C317803A41BA51845E371A1E9377A2BA9EF27F
 echo "deb http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu xenial main" > /etc/apt/sources.list.d/toolchain.list
 
 # Install packages.
 apt-get -y update
 apt-get install -y --no-install-recommends ${apt_packages[@]}
 
+# 32-bit builds
+ln -s /usr/include/x86_64-linux-gnu/zconf.h /usr/include
+
 # Download clang.
 curl -LO http://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz
 curl -LO http://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
 # Verify the signature.
 gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
 gpg --verify *.tar.xz.sig
 # Install into /usr/local/.
 tar xJvf *.tar.xz -C /usr/local --strip-components=1
--- a/security/nss/automation/taskcluster/graph/src/extend.js
+++ b/security/nss/automation/taskcluster/graph/src/extend.js
@@ -37,39 +37,40 @@ queue.filter(task => {
     // Make modular builds only on Linux make.
     if (task.symbol == "modular" && task.collection != "make") {
       return false;
     }
   }
 
   if (task.tests == "bogo" || task.tests == "interop") {
     // No windows
-    if (task.platform == "windows2012-64" ||
-        task.platform == "windows2012-32") {
+    if (task.platform == "windows2012-64") {
       return false;
     }
 
     // No ARM; TODO: enable
     if (task.platform == "aarch64") {
       return false;
     }
   }
 
   // Only old make builds have -Ddisable_libpkix=0 and can run chain tests.
-  if (task.tests == "chains" && task.collection != "make") {
+  if (task.tests == "chains" && task.collection != "make" &&
+      task.platform != "windows2012-64") {
     return false;
   }
 
   if (task.group == "Test") {
     // Don't run test builds on old make platforms
     if (task.collection == "make") {
       return false;
     }
   }
 
+
   // Don't run additional hardware tests on ARM (we don't have anything there).
   if (task.group == "Cipher" && task.platform == "aarch64" && task.env &&
       (task.env.NSS_DISABLE_PCLMUL == "1" || task.env.NSS_DISABLE_HW_AES == "1"
        || task.env.NSS_DISABLE_AVX == "1")) {
     return false;
   }
 
   return true;
@@ -148,44 +149,23 @@ export default async function main() {
       CCC: "clang++",
     },
     platform: "linux64",
     collection: "asan",
     image: LINUX_IMAGE,
     features: ["allowPtrace"],
   }, "--ubsan --asan");
 
-  await scheduleWindows("Windows 2012 64 (debug, make)", {
-    platform: "windows2012-64",
-    collection: "make",
-    env: {USE_64: "1"}
-  }, "build.sh");
-
-  await scheduleWindows("Windows 2012 32 (debug, make)", {
-    platform: "windows2012-32",
-    collection: "make"
-  }, "build.sh");
-
   await scheduleWindows("Windows 2012 64 (opt)", {
-    platform: "windows2012-64",
-  }, "build_gyp.sh --opt");
+    env: {BUILD_OPT: "1"}
+  });
 
   await scheduleWindows("Windows 2012 64 (debug)", {
-    platform: "windows2012-64",
     collection: "debug"
-  }, "build_gyp.sh");
-
-  await scheduleWindows("Windows 2012 32 (opt)", {
-    platform: "windows2012-32",
-  }, "build_gyp.sh --opt -m32");
-
-  await scheduleWindows("Windows 2012 32 (debug)", {
-    platform: "windows2012-32",
-    collection: "debug"
-  }, "build_gyp.sh -m32");
+  });
 
   await scheduleFuzzing();
   await scheduleFuzzing32();
 
   await scheduleTools();
 
   let aarch64_base = {
     image: "franziskus/nss-aarch64-ci",
@@ -590,36 +570,38 @@ async function scheduleTestBuilds(base, 
   }));
 
   return queue.submit();
 }
 
 
 /*****************************************************************************/
 
-async function scheduleWindows(name, base, build_script) {
+async function scheduleWindows(name, base) {
   base = merge(base, {
     workerType: "nss-win2012r2",
+    platform: "windows2012-64",
     env: {
       PATH: "c:\\mozilla-build\\python;c:\\mozilla-build\\msys\\local\\bin;" +
             "c:\\mozilla-build\\7zip;c:\\mozilla-build\\info-zip;" +
             "c:\\mozilla-build\\python\\Scripts;c:\\mozilla-build\\yasm;" +
             "c:\\mozilla-build\\msys\\bin;c:\\Windows\\system32;" +
             "c:\\mozilla-build\\upx391w;c:\\mozilla-build\\moztools-x64\\bin;" +
             "c:\\mozilla-build\\wget",
       DOMSUF: "localdomain",
       HOST: "localhost",
+      USE_64: "1"
     }
   });
 
   // Build base definition.
   let build_base = merge(base, {
     command: [
       WINDOWS_CHECKOUT_CMD,
-      `bash -c 'nss/automation/taskcluster/windows/${build_script}'`
+      "bash -c nss/automation/taskcluster/windows/build.sh"
     ],
     artifacts: [{
       expires: 24 * 7,
       type: "directory",
       path: "public\\build"
     }],
     kind: "build",
     symbol: "B"
--- a/security/nss/automation/taskcluster/graph/src/try_syntax.js
+++ b/security/nss/automation/taskcluster/graph/src/try_syntax.js
@@ -17,20 +17,18 @@ function parseOptions(opts) {
   let builds = intersect(opts.build.split(""), ["d", "o"]);
 
   // If the given value is nonsense default to debug and opt builds.
   if (builds.length == 0) {
     builds = ["d", "o"];
   }
 
   // Parse platforms.
-  let allPlatforms = ["linux", "linux64", "linux64-asan",
-                      "win", "win64", "win-make", "win64-make",
-                      "linux64-make", "linux-make", "linux-fuzz",
-                      "linux64-fuzz", "aarch64"];
+  let allPlatforms = ["linux", "linux64", "linux64-asan", "win64",
+                      "linux64-make", "linux-make", "linux-fuzz", "linux64-fuzz", "aarch64"];
   let platforms = intersect(opts.platform.split(/\s*,\s*/), allPlatforms);
 
   // If the given value is nonsense or "none" default to all platforms.
   if (platforms.length == 0 && opts.platform != "none") {
     platforms = allPlatforms;
   }
 
   // Parse unit tests.
@@ -82,19 +80,16 @@ function filter(opts) {
     }
 
     // Filter unit tests.
     if (task.tests) {
       let found = opts.unittests.some(test => {
         if (task.group && task.group.toLowerCase() == "ssl" && test == "ssl") {
           return true;
         }
-        if (task.group && task.group.toLowerCase() == "cipher" && test == "cipher") {
-          return true;
-        }
         return task.symbol.toLowerCase().startsWith(test);
       });
 
       if (!found) {
         return false;
       }
     }
 
@@ -109,30 +104,26 @@ function filter(opts) {
     let found = opts.platforms.some(platform => {
       let aliases = {
         "linux": "linux32",
         "linux-fuzz": "linux32",
         "linux64-asan": "linux64",
         "linux64-fuzz": "linux64",
         "linux64-make": "linux64",
         "linux-make": "linux32",
-        "win64-make": "windows2012-64",
-        "win-make": "windows2012-32",
-        "win64": "windows2012-64",
-        "win": "windows2012-32"
+        "win64": "windows2012-64"
       };
 
       // Check the platform name.
       let keep = (task.platform == (aliases[platform] || platform));
 
       // Additional checks.
       if (platform == "linux64-asan") {
         keep &= coll("asan");
-      } else if (platform == "linux64-make" || platform == "linux-make" ||
-                 platform == "win64-make" || platform == "win-make") {
+      } else if (platform == "linux64-make" || platform == "linux-make") {
         keep &= coll("make");
       } else if (platform == "linux64-fuzz" || platform == "linux-fuzz") {
         keep &= coll("fuzz");
       } else {
         keep &= coll("opt") || coll("debug");
       }
 
       return keep;
--- a/security/nss/automation/taskcluster/windows/build.sh
+++ b/security/nss/automation/taskcluster/windows/build.sh
@@ -1,18 +1,14 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
 # Set up the toolchain.
-if [ "$USE_64" = 1 ]; then
-  source $(dirname $0)/setup64.sh
-else
-  source $(dirname $0)/setup32.sh
-fi
+source $(dirname $0)/setup.sh
 
 # Clone NSPR.
 hg_clone https://hg.mozilla.org/projects/nspr nspr default
 
 # Build.
 make -C nss nss_build_all
 
 # Package.
deleted file mode 100644
--- a/security/nss/automation/taskcluster/windows/build_gyp.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/usr/bin/env bash
-
-set -v -e -x
-
-# Set up the toolchain.
-if [[ "$@" == *"-m32"* ]]; then
-  source $(dirname $0)/setup32.sh
-else
-  source $(dirname $0)/setup64.sh
-fi
-
-# Install GYP.
-cd gyp
-python -m virtualenv test-env
-test-env/Scripts/python setup.py install
-test-env/Scripts/python -m pip install --upgrade pip
-test-env/Scripts/pip install --upgrade setuptools
-cd ..
-
-export GYP_MSVS_OVERRIDE_PATH="${VSPATH}"
-export GYP_MSVS_VERSION="2015"
-export GYP="${PWD}/gyp/test-env/Scripts/gyp"
-
-# Fool GYP.
-touch "${VSPATH}/VC/vcvarsall.bat"
-
-# Clone NSPR.
-hg_clone https://hg.mozilla.org/projects/nspr nspr default
-
-# Build with gyp.
-GYP=${GYP} ./nss/build.sh -g -v "$@"
-
-# Package.
-7z a public/build/dist.7z dist
--- a/security/nss/automation/taskcluster/windows/releng.manifest
+++ b/security/nss/automation/taskcluster/windows/releng.manifest
@@ -1,26 +1,10 @@
 [
   {
     "version": "Visual Studio 2015 Update 3 14.0.25425.01 / SDK 10.0.14393.0",
     "size": 326656969,
     "digest": "babc414ffc0457d27f5a1ed24a8e4873afbe2f1c1a4075469a27c005e1babc3b2a788f643f825efedff95b79686664c67ec4340ed535487168a3482e68559bc7",
     "algorithm": "sha512",
     "filename": "vs2015u3.zip",
     "unpack": true
-  },
-  {
-    "version": "Ninja 1.7.1",
-    "size": 184821,
-    "digest": "e4f9a1ae624a2630e75264ba37d396d9c7407d6e6aea3763056210ba6e1387908bd31cf4037a6a3661a418e86c4d2761e0c333e6a3bd0d66549d2b0d72d3f43b",
-    "algorithm": "sha512",
-    "filename": "ninja171.zip",
-    "unpack": true
-  },
-  {
-    "size": 13063963,
-    "visibility": "public",
-    "digest": "47a19f8f863eab3414abab2b9e9bd901ab896c799b3d9254b456b2f59374b085b99de805e21069a0819f01eecb3f43f7e2395a8c644c04bcbfa5711261cca29d",
-    "algorithm": "sha512",
-    "filename": "gyp-2017-05-23.zip",
-    "unpack": true
   }
 ]
--- a/security/nss/automation/taskcluster/windows/setup.sh
+++ b/security/nss/automation/taskcluster/windows/setup.sh
@@ -1,26 +1,30 @@
 #!/usr/bin/env bash
 
 set -v -e -x
 
-export VSPATH="$(pwd)/vs2015u3"
-export NINJA_PATH="$(pwd)/ninja/bin"
-
-export WINDOWSSDKDIR="${VSPATH}/SDK"
-export VS90COMNTOOLS="${VSPATH}/VC"
-export INCLUDE="${VSPATH}/VC/include:${VSPATH}/SDK/Include/10.0.14393.0/ucrt:${VSPATH}/SDK/Include/10.0.14393.0/shared:${VSPATH}/SDK/Include/10.0.14393.0/um"
-
 # Usage: hg_clone repo dir [revision=@]
 hg_clone() {
     repo=$1
     dir=$2
     rev=${3:-@}
     for i in 0 2 5; do
         sleep $i
         hg clone -r "$rev" "$repo" "$dir" && return
         rm -rf "$dir"
     done
     exit 1
 }
 
 hg_clone https://hg.mozilla.org/build/tools tools default
+
 tools/scripts/tooltool/tooltool_wrapper.sh $(dirname $0)/releng.manifest https://api.pub.build.mozilla.org/tooltool/ non-existant-file.sh /c/mozilla-build/python/python.exe /c/builds/tooltool.py --authentication-file /c/builds/relengapi.tok -c /c/builds/tooltool_cache
+VSPATH="$(pwd)/vs2015u3"
+
+export WINDOWSSDKDIR="${VSPATH}/SDK"
+export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT"
+export WIN_UCRT_REDIST_DIR="${VSPATH}/SDK/Redist/ucrt/DLLs/x64"
+
+export PATH="${VSPATH}/VC/bin/amd64:${VSPATH}/VC/bin:${VSPATH}/SDK/bin/x64:${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${PATH}"
+
+export INCLUDE="${VSPATH}/VC/include:${VSPATH}/SDK/Include/10.0.14393.0/ucrt:${VSPATH}/SDK/Include/10.0.14393.0/shared:${VSPATH}/SDK/Include/10.0.14393.0/um"
+export LIB="${VSPATH}/VC/lib/amd64:${VSPATH}/SDK/lib/10.0.14393.0/ucrt/x64:${VSPATH}/SDK/lib/10.0.14393.0/um/x64"
deleted file mode 100644
--- a/security/nss/automation/taskcluster/windows/setup32.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/env bash
-
-set -v -e -x
-
-source $(dirname $0)/setup.sh
-
-export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x86/Microsoft.VC140.CRT"
-export WIN_UCRT_REDIST_DIR="${VSPATH}/SDK/Redist/ucrt/DLLs/x86"
-export PATH="${NINJA_PATH}:${VSPATH}/VC/bin/amd64_x86:${VSPATH}/VC/bin/amd64:${VSPATH}/VC/bin:${VSPATH}/SDK/bin/x86:${VSPATH}/SDK/bin/x64:${VSPATH}/VC/redist/x86/Microsoft.VC140.CRT:${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x86:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${PATH}"
-export LIB="${VSPATH}/VC/lib:${VSPATH}/SDK/lib/10.0.14393.0/ucrt/x86:${VSPATH}/SDK/lib/10.0.14393.0/um/x86"
deleted file mode 100644
--- a/security/nss/automation/taskcluster/windows/setup64.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/env bash
-
-set -v -e -x
-
-source $(dirname $0)/setup.sh
-
-export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT"
-export WIN_UCRT_REDIST_DIR="${VSPATH}/SDK/Redist/ucrt/DLLs/x64"
-export PATH="${NINJA_PATH}:${VSPATH}/VC/bin/amd64:${VSPATH}/VC/bin:${VSPATH}/SDK/bin/x64:${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${PATH}"
-export LIB="${VSPATH}/VC/lib/amd64:${VSPATH}/SDK/lib/10.0.14393.0/ucrt/x64:${VSPATH}/SDK/lib/10.0.14393.0/um/x64"
--- a/security/nss/build.sh
+++ b/security/nss/build.sh
@@ -10,17 +10,16 @@
 # This build system is still under development.  It does not yet support all
 # the features or platforms that NSS supports.
 
 set -e
 
 cwd=$(cd $(dirname $0); pwd -P)
 source "$cwd"/coreconf/nspr.sh
 source "$cwd"/coreconf/sanitizers.sh
-GYP=${GYP:-gyp}
 
 # Usage info
 show_help()
 {
     cat "$cwd"/help.txt
 }
 
 run_verbose()
@@ -179,28 +178,28 @@ fi
 mkdir -p "$dist_dir"
 echo $target > "$dist_dir"/latest
 
 if [[ "$rebuild_nspr" = 1 && "$no_local_nspr" = 0 ]]; then
     nspr_build "${nspr_params[@]}"
     mv -f "$nspr_config".new "$nspr_config"
 fi
 if [ "$rebuild_gyp" = 1 ]; then
-    if ! hash ${GYP} 2> /dev/null; then
+    if ! hash gyp 2> /dev/null; then
         echo "Please install gyp" 1>&2
         exit 1
     fi
     # These extra arguments aren't used in determining whether to rebuild.
     obj_dir="$dist_dir"/$target
     gyp_params+=(-Dnss_dist_obj_dir=$obj_dir)
     if [ "$no_local_nspr" = 0 ]; then
         set_nspr_path "$obj_dir/include/nspr:$obj_dir/lib"
     fi
 
-    run_verbose run_scanbuild ${GYP} -f ninja "${gyp_params[@]}" "$cwd"/nss.gyp
+    run_verbose run_scanbuild gyp -f ninja "${gyp_params[@]}" "$cwd"/nss.gyp
 
     mv -f "$gyp_config".new "$gyp_config"
 fi
 
 # Run ninja.
 if hash ninja 2>/dev/null; then
     ninja=ninja
 elif hash ninja-build 2>/dev/null; then
--- a/security/nss/coreconf/config.gypi
+++ b/security/nss/coreconf/config.gypi
@@ -475,32 +475,30 @@
                     'MinimumRequiredVersion': '5.01',  # XP.
                     'TargetMachine': '1',
                     'ImageHasSafeExceptionHandlers': 'false',
                   },
                   'VCCLCompilerTool': {
                     'PreprocessorDefinitions': [
                       'WIN32',
                     ],
-                    'AdditionalOptions': [ '/EHsc' ],
                   },
                 },
               }],
               [ 'target_arch=="x64"', {
                 'msvs_configuration_platform': 'x64',
                 'msvs_settings': {
                   'VCLinkerTool': {
                     'TargetMachine': '17', # x86-64
                   },
                   'VCCLCompilerTool': {
                     'PreprocessorDefinitions': [
                       'WIN64',
                       '_AMD64_',
                     ],
-                    'AdditionalOptions': [ '/EHsc' ],
                   },
                 },
               }],
             ],
           }],
           [ 'disable_dbm==1', {
             'defines': [
               'NSS_DISABLE_DBM',
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,9 +5,8 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
-
--- a/security/nss/cpputil/scoped_ptrs.h
+++ b/security/nss/cpputil/scoped_ptrs.h
@@ -29,17 +29,16 @@ struct ScopedDelete {
   void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); }
   void operator()(SECItem* item) { SECITEM_FreeItem(item, true); }
   void operator()(SECKEYPublicKey* key) { SECKEY_DestroyPublicKey(key); }
   void operator()(SECKEYPrivateKey* key) { SECKEY_DestroyPrivateKey(key); }
   void operator()(SECKEYPrivateKeyList* list) {
     SECKEY_DestroyPrivateKeyList(list);
   }
   void operator()(PK11URI* uri) { PK11URI_DestroyURI(uri); }
-  void operator()(PLArenaPool* arena) { PORT_FreeArena(arena, PR_FALSE); }
 };
 
 template <class T>
 struct ScopedMaybeDelete {
   void operator()(T* ptr) {
     if (ptr) {
       ScopedDelete del;
       del(ptr);
@@ -58,13 +57,12 @@ SCOPED(PK11SlotInfo);
 SCOPED(PK11SymKey);
 SCOPED(PRFileDesc);
 SCOPED(SECAlgorithmID);
 SCOPED(SECItem);
 SCOPED(SECKEYPublicKey);
 SCOPED(SECKEYPrivateKey);
 SCOPED(SECKEYPrivateKeyList);
 SCOPED(PK11URI);
-SCOPED(PLArenaPool);
 
 #undef SCOPED
 
 #endif  // scoped_ptrs_h__
--- a/security/nss/fuzz/config/clone_libfuzzer.sh
+++ b/security/nss/fuzz/config/clone_libfuzzer.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-LIBFUZZER_REVISION=56bd1d43451cca4b6a11d3be316bb77ab159b09d
+LIBFUZZER_REVISION=8837e6cbbc842ab7524b06a2f7360c36add316b3
 
 d=$(dirname $0)
 $d/git-copy.sh https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer $LIBFUZZER_REVISION $d/../libFuzzer
deleted file mode 100644
--- a/security/nss/gtests/freebl_gtest/ecl_unittest.cc
+++ /dev/null
@@ -1,124 +0,0 @@
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#include "gtest/gtest.h"
-
-#include <stdint.h>
-
-#include "blapi.h"
-#include "scoped_ptrs.h"
-#include "secerr.h"
-
-namespace nss_test {
-
-class ECLTest : public ::testing::Test {
- protected:
-  const ECCurveName GetCurveName(std::string name) {
-    if (name == "P256") return ECCurve_NIST_P256;
-    if (name == "P384") return ECCurve_NIST_P384;
-    if (name == "P521") return ECCurve_NIST_P521;
-    return ECCurve_pastLastCurve;
-  }
-  std::vector<uint8_t> hexStringToBytes(std::string s) {
-    std::vector<uint8_t> bytes;
-    for (size_t i = 0; i < s.length(); i += 2) {
-      bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));
-    }
-    return bytes;
-  }
-  std::string bytesToHexString(std::vector<uint8_t> bytes) {
-    std::stringstream s;
-    for (auto b : bytes) {
-      s << std::setfill('0') << std::setw(2) << std::uppercase << std::hex
-        << static_cast<int>(b);
-    }
-    return s.str();
-  }
-  void ecName2params(const std::string curve, SECItem *params) {
-    SECOidData *oidData = nullptr;
-
-    switch (GetCurveName(curve)) {
-      case ECCurve_NIST_P256:
-        oidData = SECOID_FindOIDByTag(SEC_OID_ANSIX962_EC_PRIME256V1);
-        break;
-      case ECCurve_NIST_P384:
-        oidData = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP384R1);
-        break;
-      case ECCurve_NIST_P521:
-        oidData = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP521R1);
-        break;
-      default:
-        FAIL();
-    }
-    ASSERT_NE(oidData, nullptr);
-
-    if (SECITEM_AllocItem(nullptr, params, (2 + oidData->oid.len)) == nullptr) {
-      FAIL() << "Couldn't allocate memory for OID.";
-    }
-    params->data[0] = SEC_ASN1_OBJECT_ID;
-    params->data[1] = oidData->oid.len;
-    memcpy(params->data + 2, oidData->oid.data, oidData->oid.len);
-  }
-
-  void TestECDH_Derive(const std::string p, const std::string secret,
-                       const std::string group_name, const std::string result,
-                       const SECStatus expected_status) {
-    ECParams ecParams = {0};
-    ScopedSECItem ecEncodedParams(SECITEM_AllocItem(nullptr, nullptr, 0U));
-    ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
-
-    ASSERT_TRUE(arena && ecEncodedParams);
-
-    ecName2params(group_name, ecEncodedParams.get());
-    EC_FillParams(arena.get(), ecEncodedParams.get(), &ecParams);
-
-    std::vector<uint8_t> p_bytes = hexStringToBytes(p);
-    ASSERT_GT(p_bytes.size(), 0U);
-    SECItem public_value = {siBuffer, p_bytes.data(),
-                            static_cast<unsigned int>(p_bytes.size())};
-
-    std::vector<uint8_t> secret_bytes = hexStringToBytes(secret);
-    ASSERT_GT(secret_bytes.size(), 0U);
-    SECItem secret_value = {siBuffer, secret_bytes.data(),
-                            static_cast<unsigned int>(secret_bytes.size())};
-
-    ScopedSECItem derived_secret(SECITEM_AllocItem(nullptr, nullptr, 0U));
-
-    SECStatus rv = ECDH_Derive(&public_value, &ecParams, &secret_value, false,
-                               derived_secret.get());
-    ASSERT_EQ(expected_status, rv);
-    if (expected_status != SECSuccess) {
-      // Abort when we expect an error.
-      return;
-    }
-
-    std::string derived_result = bytesToHexString(std::vector<uint8_t>(
-        derived_secret->data, derived_secret->data + derived_secret->len));
-    std::cout << "derived secret: " << derived_result << std::endl;
-    EXPECT_EQ(derived_result, result);
-  }
-};
-
-TEST_F(ECLTest, TestECDH_DeriveP256) {
-  TestECDH_Derive(
-      "045ce5c643dffa402bc1837bbcbc223e51d06f20200470d341adfa9deed1bba10e850a16"
-      "368b673732a5c220a778990b22a0e74cdc3b22c7410b9dd552a5635497",
-      "971", "P256", "0", SECFailure);
-}
-TEST_F(ECLTest, TestECDH_DeriveP521) {
-  TestECDH_Derive(
-      "04"
-      "00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b"
-      "5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66"
-      "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee"
-      "72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
-      "01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa5186"
-      "8783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e913863f7",
-      "P521",
-      "01BC33425E72A12779EACB2EDCC5B63D1281F7E86DBC7BF99A7ABD0CFE367DE4666D6EDB"
-      "B8525BFFE5222F0702C3096DEC0884CE572F5A15C423FDF44D01DD99C61D",
-      SECSuccess);
-}
-
-}  // nss_test
--- a/security/nss/gtests/freebl_gtest/freebl_gtest.gyp
+++ b/security/nss/gtests/freebl_gtest/freebl_gtest.gyp
@@ -8,17 +8,16 @@
   ],
   'targets': [
     {
       'target_name': 'freebl_gtest',
       'type': 'executable',
       'sources': [
         'mpi_unittest.cc',
         'dh_unittest.cc',
-        'ecl_unittest.cc',
         '<(DEPTH)/gtests/common/gtests.cc'
       ],
       'dependencies': [
         '<(DEPTH)/exports.gyp:nss_exports',
         '<(DEPTH)/lib/util/util.gyp:nssutil3',
         '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
         '<(DEPTH)/lib/nss/nss.gyp:nss_static',
         '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
@@ -61,17 +60,16 @@
       'defines': [
         'NSS_USE_STATIC_LIBS'
       ],
     },
   ],
   'target_defaults': {
     'include_dirs': [
       '<(DEPTH)/lib/freebl/mpi',
-      '<(DEPTH)/lib/freebl/',
     ],
     # For test builds we have to set MPI defines.
     'conditions': [
       [ 'ct_verif==1', {
         'defines': [
           'CT_VERIF',
         ],
       }],
--- a/security/nss/gtests/freebl_gtest/mpi_unittest.cc
+++ b/security/nss/gtests/freebl_gtest/mpi_unittest.cc
@@ -1,16 +1,21 @@
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
 // You can obtain one at http://mozilla.org/MPL/2.0/.
 
+#include "secdert.h"
+#include "secitem.h"
+#include "secport.h"
+
 #include "gtest/gtest.h"
 
 #include <stdint.h>
 #include <string.h>
+#include <string>
 
 #ifdef __MACH__
 #include <mach/clock.h>
 #include <mach/mach.h>
 #endif
 
 #include "mpi.h"
 namespace nss_test {
--- a/security/nss/gtests/freebl_gtest/prng_kat_unittest.cc
+++ b/security/nss/gtests/freebl_gtest/prng_kat_unittest.cc
@@ -29,30 +29,29 @@ typedef struct PRNGTestValuesStr {
 
 std::vector<PRNGTestValues> test_vector;
 
 bool contains(std::string& s, const char* to_find) {
   return s.find(to_find) != std::string::npos;
 }
 
 std::string trim(std::string str) {
-  std::string whitespace = " \t\r\n";
+  std::string whitespace = " \t";
   const auto strBegin = str.find_first_not_of(whitespace);
   if (strBegin == std::string::npos) {
     return "";
   }
   const auto strEnd = str.find_last_not_of(whitespace);
   const auto strRange = strEnd - strBegin + 1;
   return str.substr(strBegin, strRange);
 }
 
 std::vector<uint8_t> hex_string_to_bytes(std::string s) {
   std::vector<uint8_t> bytes;
-  assert(s.length() % 2 == 0);
-  for (size_t i = 0; i < s.length(); i += 2) {
+  for (size_t i = 0; i < s.length() - 1; i += 2) {
     bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));
   }
   return bytes;
 }
 
 std::vector<uint8_t> read_option_s(std::string& s) {
   size_t start = s.find("=") + 1;
   assert(start > 0);
--- a/security/nss/lib/ckfw/builtins/builtins.gyp
+++ b/security/nss/lib/ckfw/builtins/builtins.gyp
@@ -14,46 +14,44 @@
         'bfind.c',
         'binst.c',
         'bobject.c',
         'bsession.c',
         'bslot.c',
         'btoken.c',
         'ckbiver.c',
         'constants.c',
-        '<(certdata_c)',
+        '<(INTERMEDIATE_DIR)/certdata.c'
       ],
       'dependencies': [
         '<(DEPTH)/exports.gyp:nss_exports',
         '<(DEPTH)/lib/ckfw/ckfw.gyp:nssckfw',
         '<(DEPTH)/lib/base/base.gyp:nssb'
       ],
       'actions': [
         {
           'msvs_cygwin_shell': 0,
           'action': [
-            'python',
-            'certdata.py',
+            'perl',
+            'certdata.perl',
             'certdata.txt',
             '<@(_outputs)',
           ],
           'inputs': [
-            'certdata.py',
             'certdata.perl',
             'certdata.txt'
           ],
           'outputs': [
-            '<(certdata_c)'
+            '<(INTERMEDIATE_DIR)/certdata.c'
           ],
           'action_name': 'generate_certdata_c'
         }
       ],
       'variables': {
-        'mapfile': 'nssckbi.def',
-        'certdata_c': '<(INTERMEDIATE_DIR)/certdata.c',
+        'mapfile': 'nssckbi.def'
       }
     }
   ],
   'target_defaults': {
     'include_dirs': [
       '.'
     ]
   },
deleted file mode 100755
--- a/security/nss/lib/ckfw/builtins/certdata.py
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/usr/bin/env python
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-import subprocess
-import os
-import sys
-
-def main():
-    args = [os.path.realpath(x) for x in sys.argv[1:]]
-    script = os.path.dirname(os.path.abspath(__file__))+'/certdata.perl'
-    subprocess.check_call([os.environ.get('PERL', 'perl'), script] + args,
-                          env=os.environ)
-
-if __name__ == '__main__':
-    main()
--- a/security/nss/lib/dev/devslot.c
+++ b/security/nss/lib/dev/devslot.c
@@ -26,17 +26,16 @@
 static PRIntervalTime s_token_delay_time = 0;
 
 NSS_IMPLEMENT PRStatus
 nssSlot_Destroy(
     NSSSlot *slot)
 {
     if (slot) {
         if (PR_ATOMIC_DECREMENT(&slot->base.refCount) == 0) {
-            PK11_FreeSlot(slot->pk11slot);
             PZ_DestroyLock(slot->base.lock);
             return nssArena_Destroy(slot->base.arena);
         }
     }
     return PR_SUCCESS;
 }
 
 void
@@ -220,27 +219,20 @@ nssSlot_GetCryptokiEPV(
 {
     return slot->epv;
 }
 
 NSS_IMPLEMENT NSSToken *
 nssSlot_GetToken(
     NSSSlot *slot)
 {
-    NSSToken *rvToken = NULL;
-    nssSlot_EnterMonitor(slot);
-
-    /* Even if a token should be present, check `slot->token` too as it
-     * might be gone already. This would happen mostly on shutdown. */
-    if (nssSlot_IsTokenPresent(slot) && slot->token) {
-        rvToken = nssToken_AddRef(slot->token);
+    if (nssSlot_IsTokenPresent(slot)) {
+        return nssToken_AddRef(slot->token);
     }
-
-    nssSlot_ExitMonitor(slot);
-    return rvToken;
+    return (NSSToken *)NULL;
 }
 
 NSS_IMPLEMENT PRStatus
 nssSession_EnterMonitor(
     nssSession *s)
 {
     if (s->lock)
         PZ_Lock(s->lock);
--- a/security/nss/lib/dev/devtoken.c
+++ b/security/nss/lib/dev/devtoken.c
@@ -24,26 +24,21 @@ extern const NSSError NSS_ERROR_PKCS11;
 #define OBJECT_STACK_SIZE 16
 
 NSS_IMPLEMENT PRStatus
 nssToken_Destroy(
     NSSToken *tok)
 {
     if (tok) {
         if (PR_ATOMIC_DECREMENT(&tok->base.refCount) == 0) {
-            PK11_FreeSlot(tok->pk11slot);
             PZ_DestroyLock(tok->base.lock);
             nssTokenObjectCache_Destroy(tok->cache);
-
-            /* We're going away, let the nssSlot know in case it's held
-             * alive by someone else. Usually we should hold the last ref. */
-            nssSlot_EnterMonitor(tok->slot);
-            tok->slot->token = NULL;
-            nssSlot_ExitMonitor(tok->slot);
-
+            /* The token holds the first/last reference to the slot.
+             * When the token is actually destroyed, that ref must go too.
+             */
             (void)nssSlot_Destroy(tok->slot);
             return nssArena_Destroy(tok->base.arena);
         }
     }
     return PR_SUCCESS;
 }
 
 NSS_IMPLEMENT void
--- a/security/nss/lib/freebl/ecl/ecp_jm.c
+++ b/security/nss/lib/freebl/ecl/ecp_jm.c
@@ -122,27 +122,16 @@ ec_GFp_pt_add_jm_aff(const mp_int *px, c
     }
 
     /* A = qx * pz^2, B = qy * pz^3 */
     MP_CHECKOK(group->meth->field_sqr(pz, A, group->meth));
     MP_CHECKOK(group->meth->field_mul(A, pz, B, group->meth));
     MP_CHECKOK(group->meth->field_mul(A, qx, A, group->meth));
     MP_CHECKOK(group->meth->field_mul(B, qy, B, group->meth));
 
-    /* Check P == Q */
-    if (mp_cmp(A, px) == 0) {
-        if (mp_cmp(B, py) == 0) {
-            /* If Px == Qx && Py == Qy, double P. */
-            return ec_GFp_pt_dbl_jm(px, py, pz, paz4, rx, ry, rz, raz4,
-                                    scratch, group);
-        }
-        /* If Px == Qx && Py != Qy, return point at infinity. */
-        return ec_GFp_pt_set_inf_jac(rx, ry, rz);
-    }
-
     /* C = A - px, D = B - py */
     MP_CHECKOK(group->meth->field_sub(A, px, C, group->meth));
     MP_CHECKOK(group->meth->field_sub(B, py, D, group->meth));
 
     /* C2 = C^2, C3 = C^3 */
     MP_CHECKOK(group->meth->field_sqr(C, C2, group->meth));
     MP_CHECKOK(group->meth->field_mul(C, C2, C3, group->meth));
 
--- a/security/nss/lib/pk11wrap/dev3hack.c
+++ b/security/nss/lib/pk11wrap/dev3hack.c
@@ -109,17 +109,17 @@ nssSlot_CreateFromPK11SlotInfo(NSSTrustD
     rvSlot = nss_ZNEW(arena, NSSSlot);
     if (!rvSlot) {
         nssArena_Destroy(arena);
         return NULL;
     }
     rvSlot->base.refCount = 1;
     rvSlot->base.lock = PZ_NewLock(nssILockOther);
     rvSlot->base.arena = arena;
-    rvSlot->pk11slot = PK11_ReferenceSlot(nss3slot);
+    rvSlot->pk11slot = nss3slot;
     rvSlot->epv = nss3slot->functionList;
     rvSlot->slotID = nss3slot->slotID;
     /* Grab the slot name from the PKCS#11 fixed-length buffer */
     rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name, td->arena);
     rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock;
     return rvSlot;
 }
 
@@ -145,17 +145,17 @@ nssToken_CreateFromPK11SlotInfo(NSSTrust
     }
     rvToken->base.refCount = 1;
     rvToken->base.lock = PZ_NewLock(nssILockOther);
     if (!rvToken->base.lock) {
         nssArena_Destroy(arena);
         return NULL;
     }
     rvToken->base.arena = arena;
-    rvToken->pk11slot = PK11_ReferenceSlot(nss3slot);
+    rvToken->pk11slot = nss3slot;
     rvToken->epv = nss3slot->functionList;
     rvToken->defaultSession = nssSession_ImportNSS3Session(td->arena,
                                                            nss3slot->session,
                                                            nss3slot->sessionLock,
                                                            nss3slot->defRWSession);
 #if 0 /* we should do this instead of blindly continuing. */
     if (!rvToken->defaultSession) {
     PORT_SetError(SEC_ERROR_NO_TOKEN);
--- a/security/nss/lib/softoken/legacydb/legacydb.gyp
+++ b/security/nss/lib/softoken/legacydb/legacydb.gyp
@@ -52,15 +52,15 @@
         'mapfile': 'nssdbm.def'
       }
     }
   ],
   'target_defaults': {
     'defines': [
       'SHLIB_SUFFIX=\"<(dll_suffix)\"',
       'SHLIB_PREFIX=\"<(dll_prefix)\"',
-      'LG_LIB_NAME=\"<(dll_prefix)nssdbm3.<(dll_suffix)\"'
+      'LG_LIB_NAME=\"libnssdbm3.so\"'
     ]
   },
   'variables': {
     'module': 'nss'
   }
 }
--- a/security/nss/lib/softoken/softoken.gyp
+++ b/security/nss/lib/softoken/softoken.gyp
@@ -86,16 +86,16 @@
         'mapfile': 'softokn.def'
       }
     }
   ],
   'target_defaults': {
     'defines': [
       'SHLIB_SUFFIX=\"<(dll_suffix)\"',
       'SHLIB_PREFIX=\"<(dll_prefix)\"',
-      'SOFTOKEN_LIB_NAME=\"<(dll_prefix)softokn3.<(dll_suffix)\"',
+      'SOFTOKEN_LIB_NAME=\"libsoftokn3.so\"',
       'SHLIB_VERSION=\"3\"'
     ]
   },
   'variables': {
     'module': 'nss'
   }
 }