Bug 1316261 - Update Firefox 51 to NSS 3.27.2, r?franziskus
MozReview-Commit-ID: EkUvSfLgEXS
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_27_RTM
+NSS_3_27_2_RTM
--- a/security/nss/automation/taskcluster/graph/src/extend.js
+++ b/security/nss/automation/taskcluster/graph/src/extend.js
@@ -46,16 +46,20 @@ queue.map(task => {
if (task.collection == "arm-debug") {
// These tests take quite some time on our poor ARM devices.
if (task.tests == "chains" || (task.tests == "ssl" && task.cycle == "standard")) {
task.maxRunTime = 14400;
}
}
+ // Enable TLS 1.3 for every task.
+ task.env = task.env || {};
+ task.env.NSS_ENABLE_TLS_1_3 = "1";
+
return task;
});
/*****************************************************************************/
export default async function main() {
await scheduleLinux("Linux 32 (opt)", {
env: {BUILD_OPT: "1"},
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
/*
* A dummy header file that is a dependency for all the object files.
* Used to force a full recompilation of NSS in Mozilla's Tinderbox
* depend builds. See comments in rules.mk.
*/
#error "Do not include this header file."
+
--- a/security/nss/external_tests/ssl_gtest/Makefile
+++ b/security/nss/external_tests/ssl_gtest/Makefile
@@ -28,16 +28,20 @@ include $(CORE_DEPTH)/coreconf/config.mk
include ../common/gtest.mk
CFLAGS += -I$(CORE_DEPTH)/lib/ssl
ifdef NSS_SSL_ENABLE_ZLIB
include $(CORE_DEPTH)/coreconf/zlib.mk
endif
+ifndef NSS_ENABLE_TLS_1_3
+NSS_DISABLE_TLS_1_3=1
+endif
+
ifdef NSS_DISABLE_TLS_1_3
# Run parameterized tests only, for which we can easily exclude TLS 1.3
CPPSRCS := $(filter-out $(shell grep -l '^TEST_F' $(CPPSRCS)), $(CPPSRCS))
CFLAGS += -DNSS_DISABLE_TLS_1_3
endif
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -17,20 +17,20 @@
/*
* NSS's major version, minor version, patch level, build number, and whether
* this is a beta release.
*
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define NSS_VERSION "3.27" _NSS_CUSTOMIZED
+#define NSS_VERSION "3.27.2" _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 27
-#define NSS_VPATCH 0
+#define NSS_VPATCH 2
#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
#ifndef RC_INVOKED
#include "seccomon.h"
typedef struct NSSInitParametersStr NSSInitParameters;
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -20,16 +20,16 @@
/*
* Softoken's major version, minor version, patch level, build number,
* and whether this is a beta release.
*
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define SOFTOKEN_VERSION "3.27" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.27.2" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 27
-#define SOFTOKEN_VPATCH 0
+#define SOFTOKEN_VPATCH 2
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_FALSE
#endif /* _SOFTKVER_H_ */
--- a/security/nss/lib/ssl/config.mk
+++ b/security/nss/lib/ssl/config.mk
@@ -67,11 +67,15 @@ endif
endif
ifdef NSS_SSL_ENABLE_ZLIB
DEFINES += -DNSS_SSL_ENABLE_ZLIB
include $(CORE_DEPTH)/coreconf/zlib.mk
endif
+ifndef NSS_ENABLE_TLS_1_3
+NSS_DISABLE_TLS_1_3=1
+endif
+
ifdef NSS_DISABLE_TLS_1_3
DEFINES += -DNSS_DISABLE_TLS_1_3
endif
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -14297,16 +14297,19 @@ ssl3_DestroySSL3Info(sslSocket *ss)
if (ss->ssl3.peerCertArena != NULL)
ssl3_CleanupPeerCerts(ss);
if (ss->ssl3.clientCertChain != NULL) {
CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
ss->ssl3.clientCertChain = NULL;
}
+ if (ss->ssl3.ca_list) {
+ CERT_FreeDistNames(ss->ssl3.ca_list);
+ }
/* clean up handshake */
#ifndef NO_PKCS11_BYPASS
if (ss->opt.bypassPKCS11) {
if (ss->ssl3.hs.hashType == handshake_hash_combo) {
SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE);
MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE);
} else if (ss->ssl3.hs.hashType == handshake_hash_single) {
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -14,20 +14,20 @@
/*
* NSS utilities's major version, minor version, patch level, build number,
* and whether this is a beta release.
*
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
-#define NSSUTIL_VERSION "3.27"
+#define NSSUTIL_VERSION "3.27.2"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 27
-#define NSSUTIL_VPATCH 0
+#define NSSUTIL_VPATCH 2
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_FALSE
SEC_BEGIN_PROTOS
/*
* Returns a const string of the UTIL library version.
*/