NSS: update to 3.12.6 RC0
http://codereview.chromium.org/606034
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/nss@39095 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
diff --git a/README.chromium b/README.chromium
index d7d2d09..70b3f47 100644
--- a/README.chromium
+++ b/README.chromium
@@ -1,7 +1,7 @@
Network Security Services (NSS)
URL: http://www.mozilla.org/projects/security/pki/nss/
-Version: NSS 3.12.6 Beta 1 with NSPR 4.8.4 Beta 1
+Version: NSS 3.12.6 RC0 with NSPR 4.8.4 Beta 1
License: MPL/LGPL/GPL tri-license
License File: http://www.mozilla.org/MPL/
@@ -19,7 +19,7 @@
The source code was checked out from the mozilla.org CVS repository using
the nspr-checkout.sh and nss-checkout.sh scripts in the scripts directory.
-The current source code was checked out with the CVS tags -r NSS_3_12_6_BETA1
+The current source code was checked out with the CVS tags -r NSS_3_12_6_RC0
and -r NSPR_4_8_4_BETA1.
Local Modifications:
diff --git a/mozilla/security/nss/lib/certdb/alg1485.c b/mozilla/security/nss/lib/certdb/alg1485.c
index 5fc2029..80968b4 100644
--- a/mozilla/security/nss/lib/certdb/alg1485.c
+++ b/mozilla/security/nss/lib/certdb/alg1485.c
@@ -458,7 +458,7 @@
vt = SEC_ASN1_UTF8_STRING;
}
- derVal.data = valBuf;
+ derVal.data = (unsigned char*) valBuf;
derVal.len = valLen;
a = CERT_CreateAVAFromSECItem(arena, kind, vt, &derVal);
}
@@ -981,7 +981,7 @@
nameLen = strlen(tagName);
valueLen = (useHex ? avaValue->len :
- cert_RFC1485_GetRequiredLen(avaValue->data, avaValue->len,
+ cert_RFC1485_GetRequiredLen((char *)avaValue->data, avaValue->len,
&mode));
len = nameLen + valueLen + 2; /* Add 2 for '=' and trailing NUL */
@@ -1194,8 +1194,8 @@
if(!avaValue) {
return buf;
}
- valueLen = cert_RFC1485_GetRequiredLen(avaValue->data, avaValue->len,
- NULL) + 1;
+ valueLen = cert_RFC1485_GetRequiredLen((char *)avaValue->data,
+ avaValue->len, NULL) + 1;
if (arena) {
buf = (char *)PORT_ArenaZAlloc(arena, valueLen);
} else {
diff --git a/mozilla/security/nss/lib/certdb/certdb.c b/mozilla/security/nss/lib/certdb/certdb.c
index 481b64b..4ab8939 100644
--- a/mozilla/security/nss/lib/certdb/certdb.c
+++ b/mozilla/security/nss/lib/certdb/certdb.c
@@ -39,7 +39,7 @@
/*
* Certificate handling code
*
- * $Id: certdb.c,v 1.101 2009/05/18 21:33:25 nelson%bolyard.com Exp $
+ * $Id: certdb.c,v 1.102 2010/02/10 02:00:57 wtc%google.com Exp $
*/
#include "nssilock.h"
@@ -1553,14 +1553,16 @@
*/
int cnLen = current->name.other.len;
rv = CERT_RFC1485_EscapeAndQuote(cn, cnBufLen,
- current->name.other.data, cnLen);
+ (char *)current->name.other.data,
+ cnLen);
if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_OUTPUT_LEN) {
cnBufLen = cnLen * 3 + 3; /* big enough for worst case */
cn = (char *)PORT_ArenaAlloc(arena, cnBufLen);
if (!cn)
goto fail;
rv = CERT_RFC1485_EscapeAndQuote(cn, cnBufLen,
- current->name.other.data, cnLen);
+ (char *)current->name.other.data,
+ cnLen);
}
if (rv == SECSuccess)
rv = cert_TestHostName(cn ,hn);
diff --git a/mozilla/security/nss/lib/certdb/secname.c b/mozilla/security/nss/lib/certdb/secname.c
index 1010897..fba5182 100644
--- a/mozilla/security/nss/lib/certdb/secname.c
+++ b/mozilla/security/nss/lib/certdb/secname.c
@@ -590,7 +590,7 @@
if (ac > bc) return SECGreaterThan;
while (NULL != (aava = *aavas++)) {
- for (bavas = b->avas; bava = *bavas++; ) {
+ for (bavas = b->avas; NULL != (bava = *bavas++); ) {
rv = SECITEM_CompareItem(&aava->type, &bava->type);
if (SECEqual == rv) {
rv = CERT_CompareAVA(aava, bava);
diff --git a/mozilla/security/nss/lib/cryptohi/cryptohi.h b/mozilla/security/nss/lib/cryptohi/cryptohi.h
index 4a1d87b..52d8f6d 100644
--- a/mozilla/security/nss/lib/cryptohi/cryptohi.h
+++ b/mozilla/security/nss/lib/cryptohi/cryptohi.h
@@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: cryptohi.h,v 1.13 2009/09/23 22:51:56 wtc%google.com Exp $ */
+/* $Id: cryptohi.h,v 1.14 2010/02/10 00:49:43 wtc%google.com Exp $ */
#ifndef _CRYPTOHI_H_
#define _CRYPTOHI_H_
@@ -137,7 +137,8 @@
** "algid" the signature/hash algorithm to sign with
** (must be compatible with the key type).
*/
-extern SECStatus SEC_SignData(SECItem *result, unsigned char *buf, int len,
+extern SECStatus SEC_SignData(SECItem *result,
+ const unsigned char *buf, int len,
SECKEYPrivateKey *pk, SECOidTag algid);
/*
@@ -348,8 +349,8 @@
** the key type.
** "wincx" void pointer to the window context
*/
-extern SECStatus VFY_VerifyData(unsigned char *buf, int len,
- SECKEYPublicKey *key, SECItem *sig,
+extern SECStatus VFY_VerifyData(const unsigned char *buf, int len,
+ const SECKEYPublicKey *key, const SECItem *sig,
SECOidTag sigAlg, void *wincx);
/*
** Verify the signature on a block of data. The signature data is an RSA
@@ -391,7 +392,7 @@
*/
extern SECStatus VFY_VerifyDataWithAlgorithmID(const unsigned char *buf,
int len, const SECKEYPublicKey *key,
- const SECItem *sig,
+ const SECItem *sig,
const SECAlgorithmID *algid, SECOidTag *hash,
void *wincx);
diff --git a/mozilla/security/nss/lib/cryptohi/secsign.c b/mozilla/security/nss/lib/cryptohi/secsign.c
index 48d68c1..38220ff 100644
--- a/mozilla/security/nss/lib/cryptohi/secsign.c
+++ b/mozilla/security/nss/lib/cryptohi/secsign.c
@@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: secsign.c,v 1.21 2009/09/23 22:51:56 wtc%google.com Exp $ */
+/* $Id: secsign.c,v 1.22 2010/02/10 00:49:43 wtc%google.com Exp $ */
#include <stdio.h>
#include "cryptohi.h"
@@ -277,7 +277,7 @@
** signature. Returns zero on success, an error code on failure.
*/
SECStatus
-SEC_SignData(SECItem *res, unsigned char *buf, int len,
+SEC_SignData(SECItem *res, const unsigned char *buf, int len,
SECKEYPrivateKey *pk, SECOidTag algid)
{
SECStatus rv;
diff --git a/mozilla/security/nss/lib/cryptohi/secvfy.c b/mozilla/security/nss/lib/cryptohi/secvfy.c
index fd1ffb7..0fdf174 100644
--- a/mozilla/security/nss/lib/cryptohi/secvfy.c
+++ b/mozilla/security/nss/lib/cryptohi/secvfy.c
@@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: secvfy.c,v 1.22 2008/02/28 04:27:36 nelson%bolyard.com Exp $ */
+/* $Id: secvfy.c,v 1.23 2010/02/10 00:49:43 wtc%google.com Exp $ */
#include <stdio.h>
#include "cryptohi.h"
@@ -721,8 +721,8 @@
}
SECStatus
-VFY_VerifyData(unsigned char *buf, int len, SECKEYPublicKey *key,
- SECItem *sig, SECOidTag algid, void *wincx)
+VFY_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key,
+ const SECItem *sig, SECOidTag algid, void *wincx)
{
SECOidTag encAlg, hashAlg;
SECStatus rv = sec_DecodeSigAlg(key, algid, NULL, &encAlg, &hashAlg);
diff --git a/mozilla/security/nss/lib/nss/nss.h b/mozilla/security/nss/lib/nss/nss.h
index 7de97ed..0416d23 100644
--- a/mozilla/security/nss/lib/nss/nss.h
+++ b/mozilla/security/nss/lib/nss/nss.h
@@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: nss.h,v 1.74 2009/11/20 20:15:05 christophe.ravel.bugs%sun.com Exp $ */
+/* $Id: nss.h,v 1.76 2010/02/11 19:12:45 christophe.ravel.bugs%sun.com Exp $ */
#ifndef __nss_h_
#define __nss_h_
@@ -66,12 +66,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define NSS_VERSION "3.12.6.0" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
+#define NSS_VERSION "3.12.6.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 12
#define NSS_VPATCH 6
#define NSS_VBUILD 0
-#define NSS_BETA PR_TRUE
+#define NSS_BETA PR_FALSE
#ifndef RC_INVOKED
@@ -263,11 +263,7 @@
NSS_INIT_NOPK11FINALIZE | \
NSS_INIT_RESERVED
-#ifdef macintosh
-#define SECMOD_DB "Security Modules"
-#else
#define SECMOD_DB "secmod.db"
-#endif
typedef struct NSSInitContextStr NSSInitContext;
diff --git a/mozilla/security/nss/lib/pk11wrap/pk11cert.c b/mozilla/security/nss/lib/pk11wrap/pk11cert.c
index a51a604..2a479b6 100644
--- a/mozilla/security/nss/lib/pk11wrap/pk11cert.c
+++ b/mozilla/security/nss/lib/pk11wrap/pk11cert.c
@@ -1945,7 +1945,7 @@
nssPKIObjectCollection_Destroy(collection);
return SECFailure;
}
- (void *)nssTrustDomain_GetCertsFromCache(td, certList);
+ (void)nssTrustDomain_GetCertsFromCache(td, certList);
transfer_token_certs_to_collection(certList, tok, collection);
instances = nssToken_FindObjects(tok, NULL, CKO_CERTIFICATE,
tokenOnly, 0, &nssrv);
diff --git a/mozilla/security/nss/lib/pk11wrap/pk11pars.c b/mozilla/security/nss/lib/pk11wrap/pk11pars.c
index c36cd25..5855084 100644
--- a/mozilla/security/nss/lib/pk11wrap/pk11pars.c
+++ b/mozilla/security/nss/lib/pk11wrap/pk11pars.c
@@ -1134,6 +1134,12 @@
for (; *index; index++) {
SECMODModule *child;
+ if (0 == PORT_Strcmp(*index, modulespec)) {
+ /* avoid trivial infinite recursion */
+ PORT_SetError(SEC_ERROR_NO_MODULE);
+ rv = SECFailure;
+ break;
+ }
child = SECMOD_LoadModule(*index,module,PR_TRUE);
if (!child) break;
if (child->isCritical && !child->loaded) {
diff --git a/mozilla/security/nss/lib/pkcs7/certread.c b/mozilla/security/nss/lib/pkcs7/certread.c
index 3142209..6077fbe 100644
--- a/mozilla/security/nss/lib/pkcs7/certread.c
+++ b/mozilla/security/nss/lib/pkcs7/certread.c
@@ -360,7 +360,7 @@
while ( cl >= NS_CERT_TRAILER_LEN ) {
if ( !PORT_Strncasecmp((char *)cp, NS_CERT_TRAILER,
NS_CERT_TRAILER_LEN) ) {
- certend = (unsigned char *)cp;
+ certend = cp;
break;
}
@@ -383,7 +383,7 @@
*certend = 0;
/* convert to binary */
- bincert = ATOB_AsciiToData(certbegin, &binLen);
+ bincert = ATOB_AsciiToData((char *)certbegin, &binLen);
if (!bincert) {
rv = SECFailure;
goto loser;
diff --git a/mozilla/security/nss/lib/pki/tdcache.c b/mozilla/security/nss/lib/pki/tdcache.c
index fb1adef..62cf4b8 100644
--- a/mozilla/security/nss/lib/pki/tdcache.c
+++ b/mozilla/security/nss/lib/pki/tdcache.c
@@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: tdcache.c,v $ $Revision: 1.48 $ $Date: 2008/11/19 16:08:05 $";
+static const char CVS_ID[] = "@(#) $RCSfile: tdcache.c,v $ $Revision: 1.49 $ $Date: 2010/02/10 02:04:32 $";
#endif /* DEBUG */
#ifndef PKIM_H
@@ -499,7 +499,7 @@
PRUint32 count;
certList = nssList_Create(NULL, PR_FALSE);
if (!certList) return PR_FAILURE;
- (void *)nssTrustDomain_GetCertsFromCache(td, certList);
+ (void)nssTrustDomain_GetCertsFromCache(td, certList);
count = nssList_Count(certList);
if (count > 0) {
cached = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
diff --git a/mozilla/security/nss/lib/pki/trustdomain.c b/mozilla/security/nss/lib/pki/trustdomain.c
index c9797bc..b899f00 100644
--- a/mozilla/security/nss/lib/pki/trustdomain.c
+++ b/mozilla/security/nss/lib/pki/trustdomain.c
@@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.60 $ $Date: 2008/10/06 02:56:00 $";
+static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.61 $ $Date: 2010/02/10 02:04:32 $";
#endif /* DEBUG */
#ifndef DEV_H
@@ -1048,7 +1048,7 @@
certList = nssList_Create(NULL, PR_FALSE);
if (!certList)
return NULL;
- (void *)nssTrustDomain_GetCertsFromCache(td, certList);
+ (void)nssTrustDomain_GetCertsFromCache(td, certList);
cached = get_certs_from_list(certList);
collection = nssCertificateCollection_Create(td, cached);
nssCertificateArray_Destroy(cached);
diff --git a/mozilla/security/nss/lib/util/nssutil.h b/mozilla/security/nss/lib/util/nssutil.h
index aab1473..0046357 100644
--- a/mozilla/security/nss/lib/util/nssutil.h
+++ b/mozilla/security/nss/lib/util/nssutil.h
@@ -51,11 +51,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
-#define NSSUTIL_VERSION "3.12.6.0 Beta"
+#define NSSUTIL_VERSION "3.12.6.0"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 12
#define NSSUTIL_VPATCH 6
#define NSSUTIL_VBUILD 0
-#define NSSUTIL_BETA PR_TRUE
+#define NSSUTIL_BETA PR_FALSE
#endif /* __nssutil_h_ */
diff --git a/mozilla/security/nss/lib/util/secinit.c b/mozilla/security/nss/lib/util/secinit.c
deleted file mode 100644
index c62d83a..0000000
--- a/mozilla/security/nss/lib/util/secinit.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "nspr.h"
-#include "secport.h"
-
-static int sec_inited = 0;
-
-void
-SEC_Init(void)
-{
- /* PR_Init() must be called before SEC_Init() */
-#if !defined(SERVER_BUILD)
- PORT_Assert(PR_Initialized() == PR_TRUE);
-#endif
- if (sec_inited)
- return;
-
- sec_inited = 1;
-}
diff --git a/mozilla/security/nss/lib/util/secoid.c b/mozilla/security/nss/lib/util/secoid.c
index 7e8c1b6..4e5c685 100644
--- a/mozilla/security/nss/lib/util/secoid.c
+++ b/mozilla/security/nss/lib/util/secoid.c
@@ -42,6 +42,26 @@
#include "prenv.h"
#include "plhash.h"
#include "nssrwlk.h"
+#include "nssutil.h"
+
+/* Library identity and versioning */
+
+#if defined(DEBUG)
+#define _DEBUG_STRING " (debug)"
+#else
+#define _DEBUG_STRING ""
+#endif
+
+/*
+ * Version information for the 'ident' and 'what commands
+ *
+ * NOTE: the first component of the concatenated rcsid string
+ * must not end in a '$' to prevent rcs keyword substitution.
+ */
+const char __nss_util_rcsid[] = "$Header: NSS " NSSUTIL_VERSION _DEBUG_STRING
+ " " __DATE__ " " __TIME__ " $";
+const char __nss_util_sccsid[] = "@(#)NSS " NSSUTIL_VERSION _DEBUG_STRING
+ " " __DATE__ " " __TIME__;
/* MISSI Mosaic Object ID space */
#define USGOV 0x60, 0x86, 0x48, 0x01, 0x65
@@ -1861,6 +1881,9 @@
const SECOidData *oid;
int i;
char * envVal;
+ volatile char c; /* force a reference that won't get optimized away */
+
+ c = __nss_util_rcsid[0] + __nss_util_sccsid[0];
if (oidhash) {
return SECSuccess; /* already initialized */
diff --git a/nss.gyp b/nss.gyp
index 3ed50ef..9e36c60 100644
--- a/nss.gyp
+++ b/nss.gyp
@@ -551,7 +551,6 @@
'mozilla/security/nss/lib/util/secdig.h',
'mozilla/security/nss/lib/util/secdigt.h',
'mozilla/security/nss/lib/util/secerr.h',
- 'mozilla/security/nss/lib/util/secinit.c',
'mozilla/security/nss/lib/util/secitem.c',
'mozilla/security/nss/lib/util/secitem.h',
'mozilla/security/nss/lib/util/secload.c',
diff --git a/scripts/nss-checkout.sh b/scripts/nss-checkout.sh
index 10b6cf8..2ba1170 100755
--- a/scripts/nss-checkout.sh
+++ b/scripts/nss-checkout.sh
@@ -11,7 +11,7 @@
rm -rf mozilla/security/nss/lib
cvs -q -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot export \
- -r NSS_3_12_6_BETA1 mozilla/security/nss/lib
+ -r NSS_3_12_6_RC0 mozilla/security/nss/lib
# Rename one of the utf8.c files to avoid name conflict.
mv mozilla/security/nss/lib/base/utf8.c mozilla/security/nss/lib/base/nssutf8.c
