Differential D44927

Bug 1577822 - land NSS cf0df88aa807 UPGRADE_NSS_RELEASE, r=kjacobs
ClosedPublic
Actions

Authored by • jcj on Sep 6 2019, 12:23 AM.

Details

Reviewers

kjacobs

Commits

rMOZILLACENTRALdf53ccb59e06: Bug 1577822 - land NSS cf0df88aa807 UPGRADE_NSS_RELEASE, r=kjacobs

Bugzilla Bug ID

1577822

Summary

2019-08-30 Alexander Scheel <[email protected]>

automation/taskcluster/scripts/build_softoken.sh,

cmd/lib/pk11table.c, gtests/pk11_gtest/pk11_aes_cmac_unittest.cc,
gtests/pk11_gtest/pk11_gtest.gyp, lib/pk11wrap/debug_module.c,
lib/pk11wrap/pk11mech.c, lib/softoken/pkcs11.c,
lib/softoken/pkcs11c.c, lib/util/pkcs11t.h:
Bug 1570501 - Expose AES-CMAC in PKCS #11 API, r=mt

[cf0df88aa807] [tip]

cpputil/freebl_scoped_ptrs.h, gtests/freebl_gtest/cmac_unittests.cc,

gtests/freebl_gtest/freebl_gtest.gyp, lib/freebl/blapi.h,
lib/freebl/cmac.c, lib/freebl/cmac.h, lib/freebl/exports.gyp,
lib/freebl/freebl_base.gypi, lib/freebl/ldvector.c,
lib/freebl/loader.c, lib/freebl/loader.h, lib/freebl/manifest.mn:
Bug 1570501 - Add AES-CMAC implementation to freebl, r=mt

[a42c6882ba1b]

2019-09-05 David Cooper <[email protected]>

lib/smime/cmssiginfo.c:

Bug 657379 - NSS uses the wrong OID for signatureAlgorithm field of
signerInfo in CMS for DSA and ECDSA. r=rrelyea
[7a83b248de30]

2019-09-05 Daiki Ueno <[email protected]>

lib/freebl/drbg.c:

Backed out changeset 934c8d0e7aba

It turned out to cause some new errors in LSan; backing out for now.
[34a254dd1357]

lib/freebl/drbg.c:

Bug 1560329, drbg: perform continuous test on entropy source,
r=rrelyea

Summary: FIPS 140-2 section 4.9.2 requires a conditional self test
to check that consecutive entropy blocks from the system are
different. As neither getentropy() nor /dev/urandom provides that
check on the output, this adds the self test at caller side.

Reviewers: rrelyea

Reviewed By: rrelyea

Bug #: 1560329

[934c8d0e7aba]

2019-08-30 Kevin Jacobs <[email protected]>

coreconf/WIN32.mk:

Bug 1576664 - Remove -mms-bitfields from win32 makefile r=jcj

[bf4de7985f3d]

2019-08-29 Dana Keeler <[email protected]>

automation/abi-check/expected-report-libnss3.so.txt,

gtests/pk11_gtest/pk11_find_certs_unittest.cc, lib/nss/nss.def,
lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11pub.h:
bug 1577038 - add PK11_GetCertsFromPrivateKey r=jcj,kjacobs

PK11_GetCertFromPrivateKey only returns one certificate with a
public key that matches the given private key. This change
introduces PK11_GetCertsFromPrivateKey, which returns a list of all
certificates with public keys that match the given private key.

[9befa8d296c0]

2019-08-30 J.C. Jones <[email protected]>

automation/abi-check/previous-nss-release, lib/nss/nss.h,

lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.47 beta
[685cea0a7b48]

lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:

Set version numbers to 3.46 final
[decbf7bd40fd] [NSS_3_46_RTM]

Diff Detail

Repository: rMOZILLACENTRAL mozilla-central

Event Timeline

• jcj created this revision.Sep 6 2019, 12:23 AM

Herald added a project: secure-revision. · View Herald TranscriptSep 6 2019, 12:23 AM

Harbormaster completed remote builds in B111768: Diff 159127.Sep 6 2019, 12:23 AM

phab-bot requested review of this revision.Sep 6 2019, 12:23 AM

phab-bot changed the visibility from "Custom Policy" to "Public (No Login Required)".

phab-bot changed the edit policy from "Custom Policy" to "Restricted Project (Project)".

phab-bot removed a project: secure-revision.

LGTM

This revision is now accepted and ready to land.Sep 6 2019, 12:25 AM

Closed by commit rMOZILLACENTRALdf53ccb59e06: Bug 1577822 - land NSS cf0df88aa807 UPGRADE_NSS_RELEASE, r=kjacobs (authored by • jcj). · Explain WhySep 6 2019, 12:29 AM

This revision was automatically updated to reflect the committed changes.

• jcj added a commit: rMOZILLACENTRALdf53ccb59e06: Bug 1577822 - land NSS cf0df88aa807 UPGRADE_NSS_RELEASE, r=kjacobs.

In our previous code coverage analysis run, we found some files which had no coverage and are being modified in this patch:
security/nss/lib/pk11wrap/debug_module.c
security/nss/cmd/lib/pk11table.c

Should they have tests, or are they dead code?
You can file a bug blocking https://bugzilla.mozilla.org/show_bug.cgi?id=1415824 for untested files that should be tested.
You can file a bug blocking https://bugzilla.mozilla.org/show_bug.cgi?id=1415819 for untested files that should be removed.

If you see a problem in this automated review, please report it here.