Bug 834741, NSPR_4_9_5_BETA2 and NSS_3_14_2_BETA2, r=wtc

iaxat · Jan 25, 2013 · a64451d · a64451d
1 parent 029527d
commit a64451d
Show file tree

Hide file tree

Showing 64 changed files with 2,654 additions and 328 deletions.
diff --git a/dbm/src/mktemp.c b/dbm/src/mktemp.c
@@ -84,9 +84,6 @@ mkstempflags(char *path, int extraFlags)
 static int 
 _gettemp(char *path, register int *doopen, int extraFlags)
 {    
-#if !defined(_WINDOWS) || defined(_WIN32)
-	extern int errno;                    
-#endif
 	register char *start, *trv;
 	struct stat sbuf;
 	unsigned int pid;

diff --git a/nsprpub/TAG-INFO b/nsprpub/TAG-INFO
@@ -1 +1 @@
-NSPR_4_9_5_BETA1
+NSPR_4_9_5_BETA2
diff --git a/nsprpub/config/prdepend.h b/nsprpub/config/prdepend.h
@@ -10,4 +10,3 @@
  */
 
 #error "Do not include this header file."
-
diff --git a/nsprpub/configure b/nsprpub/configure
diff --git a/nsprpub/configure.in b/nsprpub/configure.in
@@ -127,7 +127,7 @@ arm-linux*-android*|*-linuxandroid*)
     android_tool_prefix="arm-linux-androideabi"
     ;;
 i?86-*android*)
-    android_tool_prefix="i686-android-linux"
+    android_tool_prefix="i686-linux-android"
     ;;
 mipsel-*android*)
     android_tool_prefix="mipsel-linux-android"
@@ -221,6 +221,17 @@ case "$target" in
         fi
     fi
 
+    dnl Old NDK support. If minimum requirement is changed to NDK r8b,
+    dnl please remove this.
+    case "$target_cpu" in
+    i?86)
+        if ! test -e "$android_toolchain"/bin/"$android_tool_prefix"-gcc; then
+            dnl Old NDK toolchain name
+            android_tool_prefix="i686-android-linux"
+        fi
+        ;;
+    esac
+
     dnl set up compilers
     AS="$android_toolchain"/bin/"$android_tool_prefix"-as
     CC="$android_toolchain"/bin/"$android_tool_prefix"-gcc

diff --git a/nsprpub/pr/src/Makefile.in b/nsprpub/pr/src/Makefile.in
@@ -118,7 +118,8 @@ OS_LIBS		+= -lc_r
 endif
 endif
 
-ifeq ($(OS_ARCH),Linux)
+# Linux, GNU/Hurd, and GNU/kFreeBSD systems
+ifneq (,$(filter Linux GNU%,$(OS_ARCH)))
 ifeq ($(USE_PTHREADS), 1)
 ifeq ($(OS_TARGET),Android)
 # Android has no libpthread.so in NDK
@@ -129,8 +130,11 @@ endif
 else
 OS_LIBS		= -ldl
 endif
+ifneq ($(OS_TARGET),Android)
+# Android has no librt - realtime functions are in libc
 OS_LIBS		+= -lrt
 endif
+endif
 
 ifeq ($(OS_ARCH),HP-UX)
 ifeq ($(USE_PTHREADS), 1)

diff --git a/nsprpub/pr/src/pthreads/ptio.c b/nsprpub/pr/src/pthreads/ptio.c
@@ -1150,7 +1150,7 @@ void _PR_InitIO(void)
         osfd = socket(AF_INET6, SOCK_STREAM, 0);
         if (osfd != -1) {
             int on;
-            int optlen = sizeof(on);
+            socklen_t optlen = sizeof(on);
             if (getsockopt(osfd, IPPROTO_IPV6, IPV6_V6ONLY,
                     &on, &optlen) == 0) {
                 _pr_ipv6_v6only_on_by_default = on;

diff --git a/security/coreconf/Android.mk b/security/coreconf/Android.mk
@@ -0,0 +1,6 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/Linux.mk
diff --git a/security/coreconf/Linux.mk b/security/coreconf/Linux.mk
@@ -8,7 +8,9 @@ include $(CORE_DEPTH)/coreconf/UNIX.mk
 #
 # The default implementation strategy for Linux is now pthreads
 #
-USE_PTHREADS = 1
+ifneq ($(OS_TARGET),Android)
+	USE_PTHREADS = 1
+endif
 
 ifeq ($(USE_PTHREADS),1)
 	IMPL_STRATEGY = _PTH
@@ -20,6 +22,26 @@ RANLIB			= ranlib
 
 DEFAULT_COMPILER = gcc
 
+ifeq ($(OS_TARGET),Android)
+ifndef ANDROID_NDK
+	$(error Must set ANDROID_NDK to the path to the android NDK first)
+endif
+	ANDROID_PREFIX=$(OS_TEST)-linux-androideabi
+	ANDROID_TARGET=$(ANDROID_PREFIX)-4.4.3
+	# should autodetect which linux we are on, currently android only
+	# supports linux-x86 prebuilts
+	ANDROID_TOOLCHAIN=$(ANDROID_NDK)/toolchains/$(ANDROID_TARGET)/prebuilt/linux-x86
+	ANDROID_SYSROOT=$(ANDROID_NDK)/platforms/android-$(OS_TARGET_RELEASE)/arch-$(OS_TEST)
+	ANDROID_CC=$(ANDROID_TOOLCHAIN)/bin/$(ANDROID_PREFIX)-gcc
+# internal tools need to be built with the native compiler
+ifndef INTERNAL_TOOLS
+	CC = $(ANDROID_CC) --sysroot=$(ANDROID_SYSROOT)
+	DEFAULT_COMPILER=$(ANDROID_PREFIX)-gcc
+	ARCHFLAG = --sysroot=$(ANDROID_SYSROOT)
+	DEFINES += -DNO_SYSINFO -DNO_FORK_CHECK -DANDROID
+	CROSS_COMPILE = 1
+endif
+endif
 ifeq ($(OS_TEST),ppc64)
 	CPU_ARCH	= ppc
 ifeq ($(USE_64),1)
@@ -67,7 +89,9 @@ endif
 endif
 
 
+ifneq ($(OS_TARGET),Android)
 LIBC_TAG		= _glibc
+endif
 
 ifeq ($(OS_RELEASE),2.0)
 	OS_REL_CFLAGS	+= -DLINUX2_0
@@ -103,7 +127,7 @@ endif
 # Place -ansi and *_SOURCE before $(DSO_CFLAGS) so DSO_CFLAGS can override
 # -ansi on platforms like Android where the system headers are C99 and do
 # not build with -ansi.
-STANDARDS_CFLAGS	= -ansi -D_POSIX_SOURCE -D_BSD_SOURCE -D_XOPEN_SOURCE
+STANDARDS_CFLAGS	= -D_POSIX_SOURCE -D_BSD_SOURCE -D_XOPEN_SOURCE
 OS_CFLAGS		= $(STANDARDS_CFLAGS) $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -DHAVE_STRERROR
 OS_LIBS			= $(OS_PTHREAD) -ldl -lc
 
@@ -141,12 +165,14 @@ CPU_TAG = _$(CPU_ARCH)
 # dependencies by default.  Set FREEBL_NO_DEPEND to 0 in the environment to
 # override this.
 #
+ifneq ($(OS_TARGET),Android)
 ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE))))
 ifndef FREEBL_NO_DEPEND
 FREEBL_NO_DEPEND = 1
 FREEBL_LOWHASH = 1
 endif
 endif
+endif
 
 USE_SYSTEM_ZLIB = 1
 ZLIB_LIBS = -lz

diff --git a/security/coreconf/SunOS5.mk b/security/coreconf/SunOS5.mk
@@ -63,8 +63,6 @@ else
 	endif
 endif
 
-INCLUDES   += -I/usr/dt/include -I/usr/openwin/include
-
 RANLIB      = echo
 CPU_ARCH    = sparc
 OS_DEFINES += -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT

diff --git a/security/coreconf/arch.mk b/security/coreconf/arch.mk
@@ -249,6 +249,17 @@ ifeq (MINGW32_NT,$(findstring MINGW32_NT,$(OS_ARCH)))
     endif
 endif
 
+ifeq ($(OS_TARGET),Android)
+#
+# this should be  configurable from the user
+#
+   OS_TEST := arm
+   OS_ARCH = Android
+   ifndef OS_TARGET_RELEASE
+	OS_TARGET_RELEASE := 8
+   endif
+endif
+
 ifndef OS_TARGET
     OS_TARGET = $(OS_ARCH)
 endif

diff --git a/security/coreconf/config.mk b/security/coreconf/config.mk
@@ -31,7 +31,7 @@ endif
 #######################################################################
 
 TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
-              AIX RISCOS WINNT WIN95 Linux
+              AIX RISCOS WINNT WIN95 Linux Android
 
 ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
 include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk

diff --git a/security/coreconf/coreconf.dep b/security/coreconf/coreconf.dep
@@ -10,5 +10,3 @@
  */
 
 #error "Do not include this header file."
-
-
diff --git a/security/nss/Makefile b/security/nss/Makefile
@@ -61,6 +61,9 @@ NSPR_CONFIGURE = $(CORE_DEPTH)/../nsprpub/configure
 # Translate coreconf build options to NSPR configure options.
 #
 
+ifeq ($(OS_TARGET),Android)
+NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) --target=arm-linux-androideabi --with-android-version=$(OS_TARGET_RELEASE)
+endif
 ifdef BUILD_OPT
 NSPR_CONFIGURE_OPTS += --disable-debug --enable-optimize
 endif
@@ -150,31 +153,3 @@ nss_RelEng_bld: build_coreconf import build_dbm all
 package:
 	$(MAKE) -C pkg publish
 
-TESTPACKAGE="nss-$(OS_TARGET)$(CPU_TAG).tgz"
-package_for_testing:
-	echo "export OBJDIR=$(OBJDIR_NAME)"     > $(DIST)/platform.cfg
-	echo "export OS_ARCH=$(ANDROID)"       >> $(DIST)/platform.cfg
-	echo "export DLL_PREFIX=$(DLL_PREFIX)" >> $(DIST)/platform.cfg
-	echo "export DLL_SUFFIX=$(DLL_SUFFIX)" >> $(DIST)/platform.cfg
-ifeq ($(OS_TARGET),Android)
-	# Android doesn't support FIPS tests, so don't run them
-	echo "export NSS_TEST_DISABLE_FIPS=1"  >> $(DIST)/platform.cfg
-endif
-	echo 'echo "set HOST and DOMSUF if your system is not registered in DNS"; sleep 5' > $(DIST)/../../runtests.sh
-	echo 'export NSS_TESTS=$(NSS_TESTS)'         >> $(DIST)/../../runtests.sh
-	echo 'export NSS_SSL_TESTS=$(NSS_SSL_TESTS)' >> $(DIST)/../../runtests.sh
-	echo 'export NSS_SSL_RUN=$(NSS_SSL_RUN)'     >> $(DIST)/../../runtests.sh
-	echo 'export NSS_CYCLES=$(NSS_CYCLES)'       >> $(DIST)/../../runtests.sh
-	echo 'export OBJDIR=$(OBJDIR_NAME)'          >> $(DIST)/../../runtests.sh
-	echo 'export USE_64=$(USE_64)'               >> $(DIST)/../../runtests.sh
-	echo 'export BUILD_OPT=$(BUILD_OPT)'         >> $(DIST)/../../runtests.sh
-	echo 'rm -rf test_results'                   >> $(DIST)/../../runtests.sh
-	echo 'echo "running tests"'                  >> $(DIST)/../../runtests.sh
-	echo 'cd security/nss/tests; ./all.sh > ../../../logfile 2>&1 ; cd ../../../' >> $(DIST)/../../runtests.sh
-	echo 'tar czf tests_results.tgz tests_results' >> $(DIST)/../../runtests.sh
-	echo 'echo "created tests_results.tgz"' >> $(DIST)/../../runtests.sh
-	echo 'echo "results are in directory: "`ls -1d tests_results/security/*.1`' >> $(DIST)/../../runtests.sh
-	echo 'echo -n "number of PASSED tests: "; grep -cw PASSED logfile;'  >> $(DIST)/../../runtests.sh
-	echo 'echo -n "number of FAILED tests: "; grep -cw FAILED logfile;'  >> $(DIST)/../../runtests.sh
-	rm -f $(TESTPACKAGE)
-	(cd $(DIST)/../.. ; tar czhf dist/$(TESTPACKAGE) runtests.sh dist/$(OBJDIR_NAME) dist/public security/nss/tests security/nss/cmd/bltest/tests; echo "created "`pwd`"/dist/$(TESTPACKAGE)")
diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO
@@ -1 +1 @@
-NSS_3_14_2_BETA1
+NSS_3_14_2_BETA2
diff --git a/security/nss/TAG-INFO-CKBI b/security/nss/TAG-INFO-CKBI
@@ -1 +1 @@
-NSS_3_14_CKBI_1_93_RTM
+NSS_3_14_2_BETA2
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c
@@ -477,8 +477,7 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot,
 		}
 		rv = SECSuccess;
 	    } else {
-		rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate",
-                                                  the_cert->trust);
+		rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL);
 		if (rv != SECSuccess) {
 		    SECU_PrintError(progName, "problem printing certificate");
 		}
@@ -516,8 +515,7 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot,
 		    rv = SECFailure;
 		}
 	    } else {
-		rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate",
-                                                  the_cert->trust);
+		rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL);
 		if (rv != SECSuccess) {
 		    SECU_PrintError(progName, "problem printing certificate");
 		}

diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c
@@ -2143,7 +2143,7 @@ printflags(char *trusts, unsigned int flags)
 SECStatus
 SECU_PrintCertNickname(CERTCertListNode *node, void *data)
 {
-    CERTCertTrust *trust;
+    CERTCertTrust trust;
     CERTCertificate* cert;
     FILE *out;
     char trusts[30];
@@ -2165,13 +2165,12 @@ SECU_PrintCertNickname(CERTCertListNode *node, void *data)
         name = "(NULL)";
     }
 
-    trust = cert->trust;
-    if (trust) {
-        printflags(trusts, trust->sslFlags);
+    if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
+        printflags(trusts, trust.sslFlags);
         PORT_Strcat(trusts, ",");
-        printflags(trusts, trust->emailFlags);
+        printflags(trusts, trust.emailFlags);
         PORT_Strcat(trusts, ",");
-        printflags(trusts, trust->objectSigningFlags);
+        printflags(trusts, trust.objectSigningFlags);
     } else {
         PORT_Memcpy(trusts,",,",3);
     }
@@ -3068,6 +3067,7 @@ SEC_PrintCertificateAndTrust(CERTCertificate *cert,
 {
     SECStatus rv;
     SECItem data;
+    CERTCertTrust certTrust;
 
     data.data = cert->derCert.data;
     data.len = cert->derCert.len;
@@ -3080,8 +3080,8 @@ SEC_PrintCertificateAndTrust(CERTCertificate *cert,
     if (trust) {
 	SECU_PrintTrustFlags(stdout, trust,
 	                     "Certificate Trust Flags", 1);
-    } else if (cert->trust) {
-	SECU_PrintTrustFlags(stdout, cert->trust,
+    } else if (CERT_GetCertTrust(cert, &certTrust) == SECSuccess) {
+	SECU_PrintTrustFlags(stdout, &certTrust,
 	                     "Certificate Trust Flags", 1);
     }
 
@@ -3463,6 +3463,7 @@ SECU_FindCrlIssuer(CERTCertDBHandle *dbhandle, SECItem* subject,
 {
     CERTCertificate *issuerCert = NULL;
     CERTCertList *certList = NULL;
+    CERTCertTrust trust;
 
     if (!subject) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -3481,7 +3482,7 @@ SECU_FindCrlIssuer(CERTCertDBHandle *dbhandle, SECItem* subject,
             /* check cert CERTCertTrust data is allocated, check cert
                usage extension, check that cert has pkey in db. Select
                the first (newest) user cert */
-            if (cert->trust &&
+            if (CERT_GetCertTrust(cert, &trust) == SECSuccess &&
                 CERT_CheckCertUsage(cert, KU_CRL_SIGN) == SECSuccess &&
                 CERT_IsUserCert(cert)) {
 

diff --git a/security/nss/cmd/multinit/multinit.c b/security/nss/cmd/multinit/multinit.c
@@ -492,6 +492,7 @@ do_list_certs(const char *progName, int log)
    CERTCertList *list;
    CERTCertList *sorted;
    CERTCertListNode *node;
+   CERTCertTrust trust;
    int i;
 
    list = PK11_ListCerts(PK11CertListUnique, NULL);
@@ -543,10 +544,10 @@ do_list_certs(const char *progName, int log)
 	commonName = CERT_GetCommonName(&cert->subject);
 	appendString(commonName?commonName:"*NoName*");
 	PORT_Free(commonName);
-	if (cert->trust) {
-	    appendFlags(cert->trust->sslFlags);
-	    appendFlags(cert->trust->emailFlags);
-	    appendFlags(cert->trust->objectSigningFlags);
+	if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
+	    appendFlags(trust.sslFlags);
+	    appendFlags(trust.emailFlags);
+	    appendFlags(trust.objectSigningFlags);
 	}
    }
    CERT_DestroyCertList(list);

diff --git a/security/nss/cmd/ocspclnt/ocspclnt.c b/security/nss/cmd/ocspclnt/ocspclnt.c
@@ -5,7 +5,7 @@
 /*
  * Test program for client-side OCSP.
  *
- * $Id: ocspclnt.c,v 1.13 2012/03/20 14:47:10 gerv%gerv.net Exp $
+ * $Id: ocspclnt.c,v 1.14 2013/01/23 23:05:50 kaie%kuix.de Exp $
  */
 
 #include "secutil.h"
@@ -828,8 +828,7 @@ static char *responseStatusNames[] = {
     "tryLater (Try again later)",
     "unused ((4) is not used)",
     "sigRequired (Must sign the request)",
-    "unauthorized (Request unauthorized)",
-    "other (Status value out of defined range)"
+    "unauthorized (Request unauthorized)"
 };
 
 /*
@@ -853,9 +852,15 @@ print_response (FILE *out_file, SECItem *data, CERTCertDBHandle *handle)
     if (response == NULL)
 	return SECFailure;
 
-    PORT_Assert (response->statusValue <= ocspResponse_other);
-    fprintf (out_file, "Response Status: %s\n",
-	     responseStatusNames[response->statusValue]);
+    if (response->statusValue >= ocspResponse_min &&
+	response->statusValue <= ocspResponse_max) {
+	fprintf (out_file, "Response Status: %s\n",
+		 responseStatusNames[response->statusValue]);
+    } else {
+	fprintf (out_file,
+		 "Response Status: other (Status value %d out of defined range)\n",
+		 (int)response->statusValue);
+    }
 
     if (response->statusValue == ocspResponse_successful) {
 	ocspResponseBytes *responseBytes = response->responseBytes;
Original file line number	Diff line number	Diff line change
Expand Up		@@ -10,4 +10,3 @@
		*/

		#error "Do not include this header file."
Original file line number	Diff line number	Diff line change
Expand Up		@@ -10,5 +10,3 @@
		*/

		#error "Do not include this header file."