2017-06-13 12:26:51 +00:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
#
|
|
|
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
2017-08-25 07:37:32 +00:00
|
|
|
##########################################################################
|
2017-06-13 12:26:51 +00:00
|
|
|
#
|
|
|
|
|
# This is a collection of helper tools to get stuff done in NSS.
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
import sys
|
|
|
|
|
import argparse
|
2018-04-16 08:09:12 +00:00
|
|
|
import fnmatch
|
2019-06-07 17:51:08 +00:00
|
|
|
import io
|
2017-06-13 12:26:51 +00:00
|
|
|
import subprocess
|
|
|
|
|
import os
|
|
|
|
|
import platform
|
2019-06-07 17:51:08 +00:00
|
|
|
import shutil
|
|
|
|
|
import tarfile
|
2018-04-16 08:09:12 +00:00
|
|
|
import tempfile
|
|
|
|
|
|
2017-06-13 12:26:51 +00:00
|
|
|
from hashlib import sha256
|
|
|
|
|
|
2018-04-16 08:09:12 +00:00
|
|
|
DEVNULL = open(os.devnull, 'wb')
|
2017-06-13 12:26:51 +00:00
|
|
|
cwd = os.path.dirname(os.path.abspath(__file__))
|
|
|
|
|
|
2018-04-16 08:09:12 +00:00
|
|
|
def run_tests(test, cycles="standard", env={}, silent=False):
|
|
|
|
|
domsuf = os.getenv('DOMSUF', "localdomain")
|
|
|
|
|
host = os.getenv('HOST', "localhost")
|
|
|
|
|
env = env.copy()
|
|
|
|
|
env.update({
|
|
|
|
|
"NSS_TESTS": test,
|
|
|
|
|
"NSS_CYCLES": cycles,
|
|
|
|
|
"DOMSUF": domsuf,
|
|
|
|
|
"HOST": host
|
|
|
|
|
})
|
|
|
|
|
os_env = os.environ
|
|
|
|
|
os_env.update(env)
|
|
|
|
|
command = cwd + "/tests/all.sh"
|
|
|
|
|
stdout = stderr = DEVNULL if silent else None
|
|
|
|
|
subprocess.check_call(command, env=os_env, stdout=stdout, stderr=stderr)
|
2017-06-13 12:26:51 +00:00
|
|
|
|
2019-06-07 17:51:08 +00:00
|
|
|
|
2017-06-13 12:26:51 +00:00
|
|
|
class cfAction(argparse.Action):
|
2019-03-01 15:42:49 +00:00
|
|
|
docker_command = None
|
2017-08-04 12:13:06 +00:00
|
|
|
restorecon = None
|
2017-06-13 12:26:51 +00:00
|
|
|
|
|
|
|
|
def __call__(self, parser, args, values, option_string=None):
|
2019-03-01 15:42:49 +00:00
|
|
|
self.setDockerCommand(args)
|
2017-08-25 07:37:32 +00:00
|
|
|
|
|
|
|
|
if values:
|
2017-08-31 13:29:36 +00:00
|
|
|
files = [os.path.relpath(os.path.abspath(x), start=cwd) for x in values]
|
2017-06-13 12:26:51 +00:00
|
|
|
else:
|
2017-08-25 07:37:32 +00:00
|
|
|
files = self.modifiedFiles()
|
2017-06-13 12:26:51 +00:00
|
|
|
|
|
|
|
|
# First check if we can run docker.
|
|
|
|
|
try:
|
|
|
|
|
with open(os.devnull, "w") as f:
|
|
|
|
|
subprocess.check_call(
|
|
|
|
|
self.docker_command + ["images"], stdout=f)
|
|
|
|
|
except:
|
2019-03-01 15:42:49 +00:00
|
|
|
self.docker_command = None
|
|
|
|
|
|
|
|
|
|
if self.docker_command is None:
|
|
|
|
|
print("warning: running clang-format directly, which isn't guaranteed to be correct")
|
|
|
|
|
command = [cwd + "/automation/clang-format/run_clang_format.sh"] + files
|
|
|
|
|
repr(command)
|
|
|
|
|
subprocess.call(command)
|
|
|
|
|
return
|
2017-06-13 12:26:51 +00:00
|
|
|
|
2019-03-01 15:42:49 +00:00
|
|
|
files = [os.path.join('/home/worker/nss', x) for x in files]
|
2017-06-13 12:26:51 +00:00
|
|
|
docker_image = 'clang-format-service:latest'
|
|
|
|
|
cf_docker_folder = cwd + "/automation/clang-format"
|
|
|
|
|
|
|
|
|
|
# Build the image if necessary.
|
|
|
|
|
if self.filesChanged(cf_docker_folder):
|
|
|
|
|
self.buildImage(docker_image, cf_docker_folder)
|
|
|
|
|
|
|
|
|
|
# Check if we have the docker image.
|
|
|
|
|
try:
|
|
|
|
|
command = self.docker_command + [
|
|
|
|
|
"image", "inspect", "clang-format-service:latest"
|
|
|
|
|
]
|
|
|
|
|
with open(os.devnull, "w") as f:
|
|
|
|
|
subprocess.check_call(command, stdout=f)
|
|
|
|
|
except:
|
|
|
|
|
print("I have to build the docker image first.")
|
|
|
|
|
self.buildImage(docker_image, cf_docker_folder)
|
|
|
|
|
|
|
|
|
|
command = self.docker_command + [
|
2017-08-25 07:37:32 +00:00
|
|
|
'run', '-v', cwd + ':/home/worker/nss:Z', '--rm', '-ti', docker_image
|
2017-06-13 12:26:51 +00:00
|
|
|
]
|
2017-08-25 07:37:32 +00:00
|
|
|
# The clang format script returns 1 if something's to do. We don't
|
|
|
|
|
# care.
|
2017-08-04 12:13:06 +00:00
|
|
|
subprocess.call(command + files)
|
|
|
|
|
if self.restorecon is not None:
|
|
|
|
|
subprocess.call([self.restorecon, '-R', cwd])
|
2017-06-13 12:26:51 +00:00
|
|
|
|
|
|
|
|
def filesChanged(self, path):
|
|
|
|
|
hash = sha256()
|
|
|
|
|
for dirname, dirnames, files in os.walk(path):
|
|
|
|
|
for file in files:
|
|
|
|
|
with open(os.path.join(dirname, file), "rb") as f:
|
|
|
|
|
hash.update(f.read())
|
2017-07-24 08:12:57 +00:00
|
|
|
chk_file = cwd + "/.chk"
|
2017-06-13 12:26:51 +00:00
|
|
|
old_chk = ""
|
|
|
|
|
new_chk = hash.hexdigest()
|
|
|
|
|
if os.path.exists(chk_file):
|
|
|
|
|
with open(chk_file) as f:
|
|
|
|
|
old_chk = f.readline()
|
|
|
|
|
if old_chk != new_chk:
|
|
|
|
|
with open(chk_file, "w+") as f:
|
|
|
|
|
f.write(new_chk)
|
|
|
|
|
return True
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
def buildImage(self, docker_image, cf_docker_folder):
|
|
|
|
|
command = self.docker_command + [
|
|
|
|
|
"build", "-t", docker_image, cf_docker_folder
|
|
|
|
|
]
|
|
|
|
|
subprocess.check_call(command)
|
|
|
|
|
return
|
|
|
|
|
|
2019-03-01 15:42:49 +00:00
|
|
|
def setDockerCommand(self, args):
|
|
|
|
|
from distutils.spawn import find_executable
|
2017-06-13 12:26:51 +00:00
|
|
|
if platform.system() == "Linux":
|
2019-03-01 15:42:49 +00:00
|
|
|
self.restorecon = find_executable("restorecon")
|
|
|
|
|
dcmd = find_executable("docker")
|
|
|
|
|
if dcmd is not None:
|
|
|
|
|
self.docker_command = [dcmd]
|
|
|
|
|
if not args.noroot:
|
|
|
|
|
self.docker_command = ["sudo"] + self.docker_command
|
|
|
|
|
else:
|
|
|
|
|
self.docker_command = None
|
2017-06-13 12:26:51 +00:00
|
|
|
|
2017-08-25 07:37:32 +00:00
|
|
|
def modifiedFiles(self):
|
|
|
|
|
files = []
|
|
|
|
|
if os.path.exists(os.path.join(cwd, '.hg')):
|
|
|
|
|
st = subprocess.Popen(['hg', 'status', '-m', '-a'],
|
2018-04-11 10:54:08 +00:00
|
|
|
cwd=cwd, stdout=subprocess.PIPE, universal_newlines=True)
|
2017-08-25 07:37:32 +00:00
|
|
|
for line in iter(st.stdout.readline, ''):
|
|
|
|
|
files += [line[2:].rstrip()]
|
|
|
|
|
elif os.path.exists(os.path.join(cwd, '.git')):
|
|
|
|
|
st = subprocess.Popen(['git', 'status', '--porcelain'],
|
|
|
|
|
cwd=cwd, stdout=subprocess.PIPE)
|
|
|
|
|
for line in iter(st.stdout.readline, ''):
|
|
|
|
|
if line[1] == 'M' or line[1] != 'D' and \
|
|
|
|
|
(line[0] == 'M' or line[0] == 'A' or
|
|
|
|
|
line[0] == 'C' or line[0] == 'U'):
|
|
|
|
|
files += [line[3:].rstrip()]
|
|
|
|
|
elif line[0] == 'R':
|
|
|
|
|
files += [line[line.index(' -> ', beg=4) + 4:]]
|
|
|
|
|
else:
|
|
|
|
|
print('Warning: neither mercurial nor git detected!')
|
|
|
|
|
|
|
|
|
|
def isFormatted(x):
|
|
|
|
|
return x[-2:] == '.c' or x[-3:] == '.cc' or x[-2:] == '.h'
|
|
|
|
|
return [x for x in files if isFormatted(x)]
|
|
|
|
|
|
2017-06-13 12:26:51 +00:00
|
|
|
|
|
|
|
|
class buildAction(argparse.Action):
|
2017-08-25 07:37:32 +00:00
|
|
|
|
2017-06-13 12:26:51 +00:00
|
|
|
def __call__(self, parser, args, values, option_string=None):
|
|
|
|
|
subprocess.check_call([cwd + "/build.sh"] + values)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class testAction(argparse.Action):
|
2017-08-25 07:37:32 +00:00
|
|
|
|
2018-04-16 08:09:12 +00:00
|
|
|
def __call__(self, parser, args, values, option_string=None):
|
|
|
|
|
run_tests(values)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class covAction(argparse.Action):
|
|
|
|
|
|
|
|
|
|
def runSslGtests(self, outdir):
|
2017-06-13 12:26:51 +00:00
|
|
|
env = {
|
2018-04-16 08:09:12 +00:00
|
|
|
"GTESTFILTER": "*", # Prevent parallel test runs.
|
Bug 1602020 - land NSS c46bc59ce7d4 UPGRADE_NSS_RELEASE, r=kjacobs
2019-12-06 Daiki Ueno <dueno@redhat.com>
* lib/pki/pki3hack.c:
Bug 1593167, certdb: propagate trust information if trust module is
loaded afterwards, r=rrelyea,keeler
Summary: When the builtin trust module is loaded after some temp
certs being created, these temp certs are usually not accompanied by
trust information. This causes a problem in Firefox as it loads the
module from a separate thread while accessing the network cache
which populates temp certs.
This change makes it properly roll up the trust information, if a
temp cert doesn't have trust information.
Reviewers: rrelyea, keeler
Reviewed By: rrelyea, keeler
Subscribers: reviewbot, heftig
Bug #: 1593167
[c46bc59ce7d4] [tip]
2019-11-08 Martin Thomson <mt@lowentropy.net>
* lib/ssl/tls13subcerts.c:
Bug 1594965 - Include saltLength in DC SPKI, r=kjacobs
Summary: I discovered this when validating new additions to our root
store policy. The encodings there didn't line up with what we were
producing with DC.
[661058254ade]
2019-12-04 J.C. Jones <jjones@mozilla.com>
* automation/release/nss-release-helper.py:
Bug 1535787 - Further improvements to the release-helper API r=mt
[7baba392bf8b]
* automation/release/nss-release-helper.py:
Bug 1535787 - flake8 style updates to nss-release-helper.py
r=kjacobs
Depends on D23757
[b31e68a789fa]
* automation/release/nss-release-helper.py:
Bug 1535787 - Use Python for the regexes in nss-release-helper
r=keeler,kjacobs
automation/release/nss-release-helper.py doesn't actually edit the
files correctly on MacOS due to differences between GNU and BSD sed.
It's python, so let's just use python regexes.
[92271739e848]
2019-12-04 Franziskus Kiefer <franziskuskiefer@gmail.com>
* automation/taskcluster/graph/src/extend.js,
automation/taskcluster/graph/src/queue.js,
automation/taskcluster/scripts/check_abi.sh, build.sh,
coreconf/config.gypi, help.txt, lib/freebl/freebl_base.gypi, mach,
tests/all.sh, tests/common/init.sh, tests/remote/Makefile:
Bug 1594933 - disable libnssdbm by default; keep build on CI, r=jcj
Disale libnssdbm by default and add flag to enable it in builds. On
CI a build and certs test with enabled legacy DB are added.
Note that for some reason the coverage build fails. I have no idea
why. I'm open for ideas.
[c1fad130dce2]
2019-12-03 Makoto Kato <m_kato@ga2.so-net.ne.jp>
* lib/freebl/Makefile, lib/freebl/freebl.gyp, lib/freebl/gcm-
arm32-neon.c, lib/freebl/gcm.c:
Bug 1562548 - Improve GCM perfomance on aarch32 using NEON.
r=kjacobs
Optimize GCM perfomance using
https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf via ARM's
NEON.
[a9ba652046e6]
2019-12-03 J.C. Jones <jjones@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt, automation/abi-
check/previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h,
lib/util/nssutil.h:
Set version numbers to 3.49 beta
[3051793c68fc]
2019-12-02 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_48_BETA1 for changeset 77976f3fefca
[06d5b4f91a9c]
Differential Revision: https://phabricator.services.mozilla.com/D56378
--HG--
extra : moz-landing-system : lando
2019-12-16 20:53:59 +00:00
|
|
|
"ASAN_OPTIONS": "coverage=1:coverage_dir=" + outdir,
|
Bug 1758579 - land NSS NSS_3_77_BETA1 UPGRADE_NSS_RELEASE, r=keeler
2022-03-24 John M. Schanck <jschanck@mozilla.com>
* lib/ckfw/builtins/certdata.txt:
Bug 1754890 - Add two D-TRUST 2020 root certificates.
r=KathleenWilson
[f63fb86db692] [NSS_3_77_BETA1]
* lib/ckfw/builtins/certdata.txt:
Bug 1751298 - Add Telia Root CA v2 root certificate.
r=KathleenWilson
[1fcbbd7e4f5f]
* lib/ckfw/builtins/certdata.txt:
Bug 1751305 - Remove expired explicitly distrusted certificates from
certdata.txt. r=KathleenWilson
[b722e523d662]
2022-03-23 Dana Keeler <dkeeler@mozilla.com>
* gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp,
gtests/mozpkix_gtest/pkixder_pki_types_tests.cpp,
gtests/mozpkix_gtest/pkixgtest.h,
gtests/mozpkix_gtest/pkixnss_tests.cpp,
lib/mozpkix/include/pkix/pkixder.h,
lib/mozpkix/include/pkix/pkixnss.h,
lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixc.cpp,
lib/mozpkix/lib/pkixcheck.cpp, lib/mozpkix/lib/pkixder.cpp,
lib/mozpkix/lib/pkixnss.cpp, lib/mozpkix/lib/pkixverify.cpp,
lib/mozpkix/test-lib/pkixtestnss.cpp:
Bug 1005084 - support specific RSA-PSS parameters in mozilla::pkix
r=jschanck
This patch adds support to mozilla::pkix for certificates signed
with RSA-PSS using one of the following parameters permitted by the
CA/Browser Forum Baseline Requirements 1.8.1:
* SHA-256, MGF-1 with SHA-256, and a salt length of 32 bytes
* SHA-384, MGF-1 with SHA-384, and a salt length of 48 bytes
* SHA-512, MGF-1 with SHA-512, and a salt length of 64 bytes
[853b64626b19]
2022-03-23 John M. Schanck <jschanck@mozilla.com>
* lib/util/secasn1d.c:
Bug 1753535 - Remove obsolete stateEnd check in
SEC_ASN1DecoderUpdate. r=rrelyea
The `stateEnd->parent != state` check was added in Bug 95458 to
avoid a crash in `sec_asn1d_free_child`. The diagnosis in Bug 95458
is incorrect---the crash was actually due to a `PORT_Assert(0)` that
was meant to highlight a memory leak when `SEC_ASN1DecoderStart` was
called with `their_pool==NULL`. The offending assertion was removed
in Bug 95311, which makes the `stateEnd` check obsolete. In Bug
1753535 it was observed that the `stateEnd` check could read from a
poisoned region of an arena when the decoder was used in a streaming
mode. This read-after-poison could lead to an arena memory leak,
although this is mitigated by the fact that the read-after-poison is
on an error-handling path where the caller typically frees the
entire arena.
[800111fa3bf8]
* lib/dev/dev.h, lib/dev/devslot.c, lib/dev/devt.h,
lib/dev/devtoken.c, lib/pk11wrap/dev3hack.c:
Bug 1756271 - Remove token member from NSSSlot struct. r=rrelyea
[55052f78244c]
* cmd/mpitests/mpi-test.c, lib/freebl/Makefile, lib/freebl/dh.c,
lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn,
lib/freebl/mpi/mpprime.c, lib/freebl/mpi/mpprime.h,
lib/freebl/pqg.c, lib/freebl/rsa.c, lib/freebl/secmpi.c,
lib/freebl/secmpi.h:
Bug 1602379 - Provide secure variants of mpp_pprime and
mpp_make_prime. r=mt
[b83ad33acd67]
2022-03-22 John M. Schanck <jschanck@mozilla.com>
* cmd/mpitests/mpi-test.c, lib/freebl/Makefile, lib/freebl/dh.c,
lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn,
lib/freebl/mpi/mpprime.c, lib/freebl/mpi/mpprime.h,
lib/freebl/pqg.c, lib/freebl/rsa.c, lib/freebl/secmpi.c,
lib/freebl/secmpi.h:
Backed out changeset 6c1092f5203f
Caused Windows gyp build failures for cmd/mpitests
[ffa1e4ce758a]
2022-03-22 Masatoshi Kimura <VYV03354@nifty.ne.jp>
* gtests/pk11_gtest/pk11_module_unittest.cc, lib/pk11wrap/pk11load.c:
Bug 1757279 - Support UTF-8 library path in the module spec string.
r=nss-reviewers,jschanck
[31bce2dae97b]
* gtests/base_gtest/Makefile, gtests/base_gtest/base_gtest.gyp,
gtests/base_gtest/manifest.mn, gtests/base_gtest/utf8_unittest.cc,
gtests/manifest.mn, lib/base/utf8.c, nss.gyp,
tests/gtests/gtests.sh:
Bug 1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer
overrun. r=nss-reviewers,jschanck
[2f2c85648edb]
2022-03-22 John M. Schanck <jschanck@mozilla.com>
* cmd/mpitests/mpi-test.c, lib/freebl/Makefile, lib/freebl/dh.c,
lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn,
lib/freebl/mpi/mpprime.c, lib/freebl/mpi/mpprime.h,
lib/freebl/pqg.c, lib/freebl/rsa.c, lib/freebl/secmpi.c,
lib/freebl/secmpi.h:
Bug 1602379 - Provide secure variants of mpp_pprime and
mpp_make_prime. r=mt
[6c1092f5203f]
2022-03-22 Dennis Jackson <djackson@mozilla.com>
* automation/taskcluster/docker-builds/Dockerfile,
automation/taskcluster/graph/src/extend.js:
Bug 1760827 - Add a CI Target for gcc-11. r=nss-reviewers,nkulatova
[d4a3bb7731b0]
* automation/taskcluster/graph/src/extend.js:
Bug 1760828 - Change to makefiles for gcc-4.8. r=nss-reviewers,mt
[191e838399a6]
2022-03-22 J08nY <johny@neuromancer.sk>
* automation/taskcluster/graph/src/extend.js,
gtests/google_test/VERSION, gtests/google_test/gtest/CMakeLists.txt,
gtests/google_test/gtest/CONTRIBUTORS,
gtests/google_test/gtest/README.md,
gtests/google_test/gtest/cmake/gtest.pc.in,
gtests/google_test/gtest/cmake/gtest_main.pc.in,
gtests/google_test/gtest/cmake/internal_utils.cmake,
gtests/google_test/gtest/docs/Pkgconfig.md,
gtests/google_test/gtest/docs/README.md,
gtests/google_test/gtest/docs/advanced.md,
gtests/google_test/gtest/docs/faq.md,
gtests/google_test/gtest/docs/primer.md,
gtests/google_test/gtest/docs/pump_manual.md,
gtests/google_test/gtest/docs/samples.md,
gtests/google_test/gtest/include/gtest/gtest-death-test.h,
gtests/google_test/gtest/include/gtest/gtest-matchers.h,
gtests/google_test/gtest/include/gtest/gtest-message.h,
gtests/google_test/gtest/include/gtest/gtest-param-test.h,
gtests/google_test/gtest/include/gtest/gtest-printers.h,
gtests/google_test/gtest/include/gtest/gtest-spi.h,
gtests/google_test/gtest/include/gtest/gtest-test-part.h,
gtests/google_test/gtest/include/gtest/gtest-typed-test.h,
gtests/google_test/gtest/include/gtest/gtest.h,
gtests/google_test/gtest/include/gtest/gtest_pred_impl.h,
gtests/google_test/gtest/include/gtest/gtest_prod.h,
gtests/google_test/gtest/include/gtest/internal/custom/gtest-port.h,
gtests/google_test/gtest/include/gtest/internal/custom/gtest-
printers.h,
gtests/google_test/gtest/include/gtest/internal/custom/gtest.h,
gtests/google_test/gtest/include/gtest/internal/gtest-death-test-
internal.h, gtests/google_test/gtest/include/gtest/internal/gtest-
filepath.h, gtests/google_test/gtest/include/gtest/internal/gtest-
internal.h, gtests/google_test/gtest/include/gtest/internal/gtest-
param-util.h, gtests/google_test/gtest/include/gtest/internal/gtest-
port-arch.h, gtests/google_test/gtest/include/gtest/internal/gtest-
port.h, gtests/google_test/gtest/include/gtest/internal/gtest-
string.h, gtests/google_test/gtest/include/gtest/internal/gtest-
type-util.h, gtests/google_test/gtest/include/gtest/internal/gtest-
type-util.h.pump, gtests/google_test/gtest/samples/prime_tables.h,
gtests/google_test/gtest/samples/sample1.cc,
gtests/google_test/gtest/samples/sample1.h,
gtests/google_test/gtest/samples/sample10_unittest.cc,
gtests/google_test/gtest/samples/sample2.cc,
gtests/google_test/gtest/samples/sample2.h,
gtests/google_test/gtest/samples/sample2_unittest.cc,
gtests/google_test/gtest/samples/sample3-inl.h,
gtests/google_test/gtest/samples/sample3_unittest.cc,
gtests/google_test/gtest/samples/sample4.h,
gtests/google_test/gtest/samples/sample5_unittest.cc,
gtests/google_test/gtest/samples/sample6_unittest.cc,
gtests/google_test/gtest/samples/sample7_unittest.cc,
gtests/google_test/gtest/samples/sample8_unittest.cc,
gtests/google_test/gtest/samples/sample9_unittest.cc,
gtests/google_test/gtest/scripts/README.md,
gtests/google_test/gtest/scripts/gen_gtest_pred_impl.py,
gtests/google_test/gtest/scripts/pump.py,
gtests/google_test/gtest/scripts/release_docs.py,
gtests/google_test/gtest/scripts/run_with_path.py,
gtests/google_test/gtest/scripts/upload.py,
gtests/google_test/gtest/src/gtest-death-test.cc,
gtests/google_test/gtest/src/gtest-filepath.cc,
gtests/google_test/gtest/src/gtest-internal-inl.h,
gtests/google_test/gtest/src/gtest-matchers.cc,
gtests/google_test/gtest/src/gtest-port.cc,
gtests/google_test/gtest/src/gtest-printers.cc,
gtests/google_test/gtest/src/gtest-test-part.cc,
gtests/google_test/gtest/src/gtest-typed-test.cc,
gtests/google_test/gtest/src/gtest.cc,
gtests/google_test/gtest/src/gtest_main.cc,
gtests/google_test/gtest/test/BUILD.bazel,
gtests/google_test/gtest/test/googletest-catch-exceptions-test_.cc,
gtests/google_test/gtest/test/googletest-death-test-test.cc,
gtests/google_test/gtest/test/googletest-death-test_ex_test.cc,
gtests/google_test/gtest/test/googletest-env-var-test.py,
gtests/google_test/gtest/test/googletest-env-var-test_.cc,
gtests/google_test/gtest/test/googletest-failfast-unittest.py,
gtests/google_test/gtest/test/googletest-failfast-unittest_.cc,
gtests/google_test/gtest/test/googletest-filepath-test.cc,
gtests/google_test/gtest/test/googletest-filter-unittest_.cc,
gtests/google_test/gtest/test/googletest-global-environment-
unittest.py, gtests/google_test/gtest/test/googletest-global-
environment-unittest_.cc, gtests/google_test/gtest/test/googletest-
json-output-unittest.py, gtests/google_test/gtest/test/googletest-
list-tests-unittest_.cc, gtests/google_test/gtest/test/googletest-
listener-test.cc, gtests/google_test/gtest/test/googletest-message-
test.cc, gtests/google_test/gtest/test/googletest-options-test.cc,
gtests/google_test/gtest/test/googletest-output-test-golden-lin.txt,
gtests/google_test/gtest/test/googletest-output-test.py,
gtests/google_test/gtest/test/googletest-output-test_.cc,
gtests/google_test/gtest/test/googletest-param-test-invalid-
name1-test_.cc, gtests/google_test/gtest/test/googletest-param-test-
invalid-name2-test_.cc, gtests/google_test/gtest/test/googletest-
param-test-test.cc, gtests/google_test/gtest/test/googletest-param-
test-test.h, gtests/google_test/gtest/test/googletest-param-
test2-test.cc, gtests/google_test/gtest/test/googletest-port-
test.cc, gtests/google_test/gtest/test/googletest-printers-test.cc,
gtests/google_test/gtest/test/googletest-setuptestsuite-test.py,
gtests/google_test/gtest/test/googletest-setuptestsuite-test_.cc,
gtests/google_test/gtest/test/googletest-shuffle-test_.cc,
gtests/google_test/gtest/test/googletest-test-part-test.cc,
gtests/google_test/gtest/test/googletest-test2_test.cc,
gtests/google_test/gtest/test/googletest-throw-on-failure-test_.cc,
gtests/google_test/gtest/test/gtest-typed-test2_test.cc,
gtests/google_test/gtest/test/gtest-typed-test_test.cc,
gtests/google_test/gtest/test/gtest-typed-test_test.h,
gtests/google_test/gtest/test/gtest-unittest-api_test.cc,
gtests/google_test/gtest/test/gtest_assert_by_exception_test.cc,
gtests/google_test/gtest/test/gtest_environment_test.cc,
gtests/google_test/gtest/test/gtest_help_test.py,
gtests/google_test/gtest/test/gtest_list_output_unittest.py,
gtests/google_test/gtest/test/gtest_list_output_unittest_.cc,
gtests/google_test/gtest/test/gtest_pred_impl_unittest.cc,
gtests/google_test/gtest/test/gtest_premature_exit_test.cc,
gtests/google_test/gtest/test/gtest_repeat_test.cc,
gtests/google_test/gtest/test/gtest_skip_check_output_test.py,
gtests/google_test/gtest/test/gtest_skip_test.cc,
gtests/google_test/gtest/test/gtest_stress_test.cc,
gtests/google_test/gtest/test/gtest_test_utils.py,
gtests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc,
gtests/google_test/gtest/test/gtest_unittest.cc,
gtests/google_test/gtest/test/gtest_xml_outfiles_test.py,
gtests/google_test/gtest/test/gtest_xml_output_unittest.py,
gtests/google_test/gtest/test/gtest_xml_output_unittest_.cc,
gtests/google_test/gtest/test/gtest_xml_test_utils.py,
gtests/google_test/gtest/test/production.h,
gtests/google_test/update.sh,
gtests/ssl_gtest/ssl_agent_unittest.cc:
Bug 1741688 - Update googletest to 1.11.0 r=nss-reviewers,mt
[88249e154a23]
2022-03-22 Dennis Jackson <djackson@mozilla.com>
* gtests/ssl_gtest/tls_ech_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/sslexp.h, lib/ssl/sslimpl.h, lib/ssl/sslsock.c,
lib/ssl/tls13ech.c, lib/ssl/tls13ech.h:
Bug 1759525 - Add SetTls13GreaseEchSize to experimental API. r=mt
[c2f93669b92c]
2022-03-22 Leander Schwarz <lschwarz@mozilla.com>
* gtests/ssl_gtest/ssl_version_unittest.cc,
gtests/ssl_gtest/tls_filter.cc, gtests/ssl_gtest/tls_filter.h,
lib/ssl/tls13con.c:
Bug 1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
r=djackson
[7d931c59d09f]
2022-03-22 Dennis Jackson <djackson@mozilla.com>
* lib/ssl/tls13ech.c:
Bug 1755904 - Fix calculation of ECH HRR Transcript. r=mt
[33c530e653b3]
2022-03-22 Zi Lin <lziest@chromium.org>
* coreconf/Linux.mk:
Bug 1758741 - Allow ld path to be set as environment variable. r=mt
Submitted on behalf of Zi Lin, the author of the patch.
[d9368381598f]
2022-03-22 Dennis Jackson <djackson@mozilla.com>
* gtests/ssl_gtest/tls_connect.cc:
Bug 1760653 - Ensure we don't read uninitialized memory in ssl
gtests. r=mt,nss-reviewers
[9a7b3c7f4e70]
* cpputil/databuffer.h:
Bug 1758478 - Fix DataBuffer Move Assignment. r=mt
[f12fd43d69c7]
2022-03-18 Robert Relyea <rrelyea@redhat.com>
* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/ssl_auth_unittest.cc, lib/certdb/cert.h,
lib/certdb/certdb.c, lib/nss/nss.def, lib/pk11wrap/pk11obj.c,
lib/pk11wrap/pk11pub.h, lib/ssl/authcert.c, lib/ssl/ssl.def,
lib/ssl/ssl.h, lib/ssl/ssl3con.c, lib/ssl/sslimpl.h,
lib/ssl/sslsock.c, lib/ssl/tls13con.c, lib/ssl/tls13subcerts.c,
mach, tests/ssl/ssl.sh, tests/ssl/sslauth.txt:
Bug 1552254 internal_error alert on Certificate Request with
sha1+ecdsa in TLS 1.3
We need to be able to select Client certificates based on the
schemes sent to us from the server. Rather than changing the
callback function, this patch adds those schemes to the ssl socket
info as suggested by Dana. In addition, two helpful functions have
been added to aid User applications in properly selecting the
Certificate: PRBool SSL_CertIsUsable(PRFileDesc *fd, CERTCertificate
*cert) - returns true if the given cert matches the schemes of the
server, the schemes configured on the socket, capability of the
token the private key resides on, and the current policy. For future
SSL protocol, additional restrictions may be parsed.
SSL_FilterCertListBySocket(PRFileDesc *fd, CERTCertList *certlist) -
removes the certs from the cert list that doesn't pass the
SSL_CertIsUsable() call.
In addition the built in cert selection function
(NSS_GetClientAuthData) uses the above functions to filter the list.
In order to support the NSS_GetClientAuthData three new functions
have been added: SECStatus
CERT_FilterCertListByNickname(CERTCertList *certList, char
*nickname, void *pwarg) -- removes the certs that don't match the
'nickname'. SECStatus CERT_FilterCertListByCertList(CERTCertlist
*certList, const CERTCertlist *filterList ) -- removes all the certs
on the first cert list that isn't on the second. PRBool
CERT_IsInList(CERTCertificate *, const CERTCertList *certList) --
returns true if cert is on certList.
In addition
* PK11_FindObjectForCert() is exported so the token the cert lives on
can be accessed.
* the ssle ssl_PickClientSignatureScheme() function (along with
several supporing functions) have been modified so it can be used by
SSL_CertIsUsable()
[be6a97823bfe]
Differential Revision: https://phabricator.services.mozilla.com/D141995
2022-03-24 21:34:20 +00:00
|
|
|
"NSS_DEFAULT_DB_TYPE": "sql",
|
|
|
|
|
"NSS_DISABLE_UNLOAD": "1"
|
2017-06-13 12:26:51 +00:00
|
|
|
}
|
2018-04-16 08:09:12 +00:00
|
|
|
|
|
|
|
|
run_tests("ssl_gtests", env=env, silent=True)
|
|
|
|
|
|
|
|
|
|
def findSanCovFile(self, outdir):
|
|
|
|
|
for file in os.listdir(outdir):
|
|
|
|
|
if fnmatch.fnmatch(file, 'ssl_gtest.*.sancov'):
|
|
|
|
|
return os.path.join(outdir, file)
|
|
|
|
|
|
|
|
|
|
return None
|
2017-06-13 12:26:51 +00:00
|
|
|
|
|
|
|
|
def __call__(self, parser, args, values, option_string=None):
|
2018-04-16 08:09:12 +00:00
|
|
|
outdir = args.outdir
|
|
|
|
|
print("Output directory: " + outdir)
|
|
|
|
|
|
|
|
|
|
print("\nBuild with coverage sanitizers...\n")
|
|
|
|
|
sancov_args = "edge,no-prune,trace-pc-guard,trace-cmp"
|
|
|
|
|
subprocess.check_call([
|
Bug 1602020 - land NSS c46bc59ce7d4 UPGRADE_NSS_RELEASE, r=kjacobs
2019-12-06 Daiki Ueno <dueno@redhat.com>
* lib/pki/pki3hack.c:
Bug 1593167, certdb: propagate trust information if trust module is
loaded afterwards, r=rrelyea,keeler
Summary: When the builtin trust module is loaded after some temp
certs being created, these temp certs are usually not accompanied by
trust information. This causes a problem in Firefox as it loads the
module from a separate thread while accessing the network cache
which populates temp certs.
This change makes it properly roll up the trust information, if a
temp cert doesn't have trust information.
Reviewers: rrelyea, keeler
Reviewed By: rrelyea, keeler
Subscribers: reviewbot, heftig
Bug #: 1593167
[c46bc59ce7d4] [tip]
2019-11-08 Martin Thomson <mt@lowentropy.net>
* lib/ssl/tls13subcerts.c:
Bug 1594965 - Include saltLength in DC SPKI, r=kjacobs
Summary: I discovered this when validating new additions to our root
store policy. The encodings there didn't line up with what we were
producing with DC.
[661058254ade]
2019-12-04 J.C. Jones <jjones@mozilla.com>
* automation/release/nss-release-helper.py:
Bug 1535787 - Further improvements to the release-helper API r=mt
[7baba392bf8b]
* automation/release/nss-release-helper.py:
Bug 1535787 - flake8 style updates to nss-release-helper.py
r=kjacobs
Depends on D23757
[b31e68a789fa]
* automation/release/nss-release-helper.py:
Bug 1535787 - Use Python for the regexes in nss-release-helper
r=keeler,kjacobs
automation/release/nss-release-helper.py doesn't actually edit the
files correctly on MacOS due to differences between GNU and BSD sed.
It's python, so let's just use python regexes.
[92271739e848]
2019-12-04 Franziskus Kiefer <franziskuskiefer@gmail.com>
* automation/taskcluster/graph/src/extend.js,
automation/taskcluster/graph/src/queue.js,
automation/taskcluster/scripts/check_abi.sh, build.sh,
coreconf/config.gypi, help.txt, lib/freebl/freebl_base.gypi, mach,
tests/all.sh, tests/common/init.sh, tests/remote/Makefile:
Bug 1594933 - disable libnssdbm by default; keep build on CI, r=jcj
Disale libnssdbm by default and add flag to enable it in builds. On
CI a build and certs test with enabled legacy DB are added.
Note that for some reason the coverage build fails. I have no idea
why. I'm open for ideas.
[c1fad130dce2]
2019-12-03 Makoto Kato <m_kato@ga2.so-net.ne.jp>
* lib/freebl/Makefile, lib/freebl/freebl.gyp, lib/freebl/gcm-
arm32-neon.c, lib/freebl/gcm.c:
Bug 1562548 - Improve GCM perfomance on aarch32 using NEON.
r=kjacobs
Optimize GCM perfomance using
https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf via ARM's
NEON.
[a9ba652046e6]
2019-12-03 J.C. Jones <jjones@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt, automation/abi-
check/previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h,
lib/util/nssutil.h:
Set version numbers to 3.49 beta
[3051793c68fc]
2019-12-02 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_48_BETA1 for changeset 77976f3fefca
[06d5b4f91a9c]
Differential Revision: https://phabricator.services.mozilla.com/D56378
--HG--
extra : moz-landing-system : lando
2019-12-16 20:53:59 +00:00
|
|
|
os.path.join(cwd, "build.sh"), "-c", "--clang", "--asan", "--enable-legacy-db",
|
2018-04-16 08:09:12 +00:00
|
|
|
"--sancov=" + sancov_args
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
print("\nRun ssl_gtests to get a coverage report...")
|
|
|
|
|
self.runSslGtests(outdir)
|
|
|
|
|
print("Done.")
|
|
|
|
|
|
|
|
|
|
sancov_file = self.findSanCovFile(outdir)
|
|
|
|
|
if not sancov_file:
|
|
|
|
|
print("Couldn't find .sancov file.")
|
|
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
|
|
symcov_file = os.path.join(outdir, "ssl_gtest.symcov")
|
|
|
|
|
out = open(symcov_file, 'wb')
|
Bug 1602020 - land NSS c46bc59ce7d4 UPGRADE_NSS_RELEASE, r=kjacobs
2019-12-06 Daiki Ueno <dueno@redhat.com>
* lib/pki/pki3hack.c:
Bug 1593167, certdb: propagate trust information if trust module is
loaded afterwards, r=rrelyea,keeler
Summary: When the builtin trust module is loaded after some temp
certs being created, these temp certs are usually not accompanied by
trust information. This causes a problem in Firefox as it loads the
module from a separate thread while accessing the network cache
which populates temp certs.
This change makes it properly roll up the trust information, if a
temp cert doesn't have trust information.
Reviewers: rrelyea, keeler
Reviewed By: rrelyea, keeler
Subscribers: reviewbot, heftig
Bug #: 1593167
[c46bc59ce7d4] [tip]
2019-11-08 Martin Thomson <mt@lowentropy.net>
* lib/ssl/tls13subcerts.c:
Bug 1594965 - Include saltLength in DC SPKI, r=kjacobs
Summary: I discovered this when validating new additions to our root
store policy. The encodings there didn't line up with what we were
producing with DC.
[661058254ade]
2019-12-04 J.C. Jones <jjones@mozilla.com>
* automation/release/nss-release-helper.py:
Bug 1535787 - Further improvements to the release-helper API r=mt
[7baba392bf8b]
* automation/release/nss-release-helper.py:
Bug 1535787 - flake8 style updates to nss-release-helper.py
r=kjacobs
Depends on D23757
[b31e68a789fa]
* automation/release/nss-release-helper.py:
Bug 1535787 - Use Python for the regexes in nss-release-helper
r=keeler,kjacobs
automation/release/nss-release-helper.py doesn't actually edit the
files correctly on MacOS due to differences between GNU and BSD sed.
It's python, so let's just use python regexes.
[92271739e848]
2019-12-04 Franziskus Kiefer <franziskuskiefer@gmail.com>
* automation/taskcluster/graph/src/extend.js,
automation/taskcluster/graph/src/queue.js,
automation/taskcluster/scripts/check_abi.sh, build.sh,
coreconf/config.gypi, help.txt, lib/freebl/freebl_base.gypi, mach,
tests/all.sh, tests/common/init.sh, tests/remote/Makefile:
Bug 1594933 - disable libnssdbm by default; keep build on CI, r=jcj
Disale libnssdbm by default and add flag to enable it in builds. On
CI a build and certs test with enabled legacy DB are added.
Note that for some reason the coverage build fails. I have no idea
why. I'm open for ideas.
[c1fad130dce2]
2019-12-03 Makoto Kato <m_kato@ga2.so-net.ne.jp>
* lib/freebl/Makefile, lib/freebl/freebl.gyp, lib/freebl/gcm-
arm32-neon.c, lib/freebl/gcm.c:
Bug 1562548 - Improve GCM perfomance on aarch32 using NEON.
r=kjacobs
Optimize GCM perfomance using
https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf via ARM's
NEON.
[a9ba652046e6]
2019-12-03 J.C. Jones <jjones@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt, automation/abi-
check/previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h,
lib/util/nssutil.h:
Set version numbers to 3.49 beta
[3051793c68fc]
2019-12-02 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_48_BETA1 for changeset 77976f3fefca
[06d5b4f91a9c]
Differential Revision: https://phabricator.services.mozilla.com/D56378
--HG--
extra : moz-landing-system : lando
2019-12-16 20:53:59 +00:00
|
|
|
# Don't exit immediately on error
|
|
|
|
|
symbol_retcode = subprocess.call([
|
2018-04-16 08:09:12 +00:00
|
|
|
"sancov",
|
|
|
|
|
"-blacklist=" + os.path.join(cwd, ".sancov-blacklist"),
|
|
|
|
|
"-symbolize", sancov_file,
|
|
|
|
|
os.path.join(cwd, "../dist/Debug/bin/ssl_gtest")
|
|
|
|
|
], stdout=out)
|
|
|
|
|
out.close()
|
|
|
|
|
|
Bug 1602020 - land NSS c46bc59ce7d4 UPGRADE_NSS_RELEASE, r=kjacobs
2019-12-06 Daiki Ueno <dueno@redhat.com>
* lib/pki/pki3hack.c:
Bug 1593167, certdb: propagate trust information if trust module is
loaded afterwards, r=rrelyea,keeler
Summary: When the builtin trust module is loaded after some temp
certs being created, these temp certs are usually not accompanied by
trust information. This causes a problem in Firefox as it loads the
module from a separate thread while accessing the network cache
which populates temp certs.
This change makes it properly roll up the trust information, if a
temp cert doesn't have trust information.
Reviewers: rrelyea, keeler
Reviewed By: rrelyea, keeler
Subscribers: reviewbot, heftig
Bug #: 1593167
[c46bc59ce7d4] [tip]
2019-11-08 Martin Thomson <mt@lowentropy.net>
* lib/ssl/tls13subcerts.c:
Bug 1594965 - Include saltLength in DC SPKI, r=kjacobs
Summary: I discovered this when validating new additions to our root
store policy. The encodings there didn't line up with what we were
producing with DC.
[661058254ade]
2019-12-04 J.C. Jones <jjones@mozilla.com>
* automation/release/nss-release-helper.py:
Bug 1535787 - Further improvements to the release-helper API r=mt
[7baba392bf8b]
* automation/release/nss-release-helper.py:
Bug 1535787 - flake8 style updates to nss-release-helper.py
r=kjacobs
Depends on D23757
[b31e68a789fa]
* automation/release/nss-release-helper.py:
Bug 1535787 - Use Python for the regexes in nss-release-helper
r=keeler,kjacobs
automation/release/nss-release-helper.py doesn't actually edit the
files correctly on MacOS due to differences between GNU and BSD sed.
It's python, so let's just use python regexes.
[92271739e848]
2019-12-04 Franziskus Kiefer <franziskuskiefer@gmail.com>
* automation/taskcluster/graph/src/extend.js,
automation/taskcluster/graph/src/queue.js,
automation/taskcluster/scripts/check_abi.sh, build.sh,
coreconf/config.gypi, help.txt, lib/freebl/freebl_base.gypi, mach,
tests/all.sh, tests/common/init.sh, tests/remote/Makefile:
Bug 1594933 - disable libnssdbm by default; keep build on CI, r=jcj
Disale libnssdbm by default and add flag to enable it in builds. On
CI a build and certs test with enabled legacy DB are added.
Note that for some reason the coverage build fails. I have no idea
why. I'm open for ideas.
[c1fad130dce2]
2019-12-03 Makoto Kato <m_kato@ga2.so-net.ne.jp>
* lib/freebl/Makefile, lib/freebl/freebl.gyp, lib/freebl/gcm-
arm32-neon.c, lib/freebl/gcm.c:
Bug 1562548 - Improve GCM perfomance on aarch32 using NEON.
r=kjacobs
Optimize GCM perfomance using
https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf via ARM's
NEON.
[a9ba652046e6]
2019-12-03 J.C. Jones <jjones@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt, automation/abi-
check/previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h,
lib/util/nssutil.h:
Set version numbers to 3.49 beta
[3051793c68fc]
2019-12-02 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_48_BETA1 for changeset 77976f3fefca
[06d5b4f91a9c]
Differential Revision: https://phabricator.services.mozilla.com/D56378
--HG--
extra : moz-landing-system : lando
2019-12-16 20:53:59 +00:00
|
|
|
print("\nCopying ssl_gtests to artifacts...")
|
|
|
|
|
shutil.copyfile(os.path.join(cwd, "../dist/Debug/bin/ssl_gtest"),
|
|
|
|
|
os.path.join(outdir, "ssl_gtest"))
|
2017-06-13 12:26:51 +00:00
|
|
|
|
Bug 1602020 - land NSS c46bc59ce7d4 UPGRADE_NSS_RELEASE, r=kjacobs
2019-12-06 Daiki Ueno <dueno@redhat.com>
* lib/pki/pki3hack.c:
Bug 1593167, certdb: propagate trust information if trust module is
loaded afterwards, r=rrelyea,keeler
Summary: When the builtin trust module is loaded after some temp
certs being created, these temp certs are usually not accompanied by
trust information. This causes a problem in Firefox as it loads the
module from a separate thread while accessing the network cache
which populates temp certs.
This change makes it properly roll up the trust information, if a
temp cert doesn't have trust information.
Reviewers: rrelyea, keeler
Reviewed By: rrelyea, keeler
Subscribers: reviewbot, heftig
Bug #: 1593167
[c46bc59ce7d4] [tip]
2019-11-08 Martin Thomson <mt@lowentropy.net>
* lib/ssl/tls13subcerts.c:
Bug 1594965 - Include saltLength in DC SPKI, r=kjacobs
Summary: I discovered this when validating new additions to our root
store policy. The encodings there didn't line up with what we were
producing with DC.
[661058254ade]
2019-12-04 J.C. Jones <jjones@mozilla.com>
* automation/release/nss-release-helper.py:
Bug 1535787 - Further improvements to the release-helper API r=mt
[7baba392bf8b]
* automation/release/nss-release-helper.py:
Bug 1535787 - flake8 style updates to nss-release-helper.py
r=kjacobs
Depends on D23757
[b31e68a789fa]
* automation/release/nss-release-helper.py:
Bug 1535787 - Use Python for the regexes in nss-release-helper
r=keeler,kjacobs
automation/release/nss-release-helper.py doesn't actually edit the
files correctly on MacOS due to differences between GNU and BSD sed.
It's python, so let's just use python regexes.
[92271739e848]
2019-12-04 Franziskus Kiefer <franziskuskiefer@gmail.com>
* automation/taskcluster/graph/src/extend.js,
automation/taskcluster/graph/src/queue.js,
automation/taskcluster/scripts/check_abi.sh, build.sh,
coreconf/config.gypi, help.txt, lib/freebl/freebl_base.gypi, mach,
tests/all.sh, tests/common/init.sh, tests/remote/Makefile:
Bug 1594933 - disable libnssdbm by default; keep build on CI, r=jcj
Disale libnssdbm by default and add flag to enable it in builds. On
CI a build and certs test with enabled legacy DB are added.
Note that for some reason the coverage build fails. I have no idea
why. I'm open for ideas.
[c1fad130dce2]
2019-12-03 Makoto Kato <m_kato@ga2.so-net.ne.jp>
* lib/freebl/Makefile, lib/freebl/freebl.gyp, lib/freebl/gcm-
arm32-neon.c, lib/freebl/gcm.c:
Bug 1562548 - Improve GCM perfomance on aarch32 using NEON.
r=kjacobs
Optimize GCM perfomance using
https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf via ARM's
NEON.
[a9ba652046e6]
2019-12-03 J.C. Jones <jjones@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt, automation/abi-
check/previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h,
lib/util/nssutil.h:
Set version numbers to 3.49 beta
[3051793c68fc]
2019-12-02 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_48_BETA1 for changeset 77976f3fefca
[06d5b4f91a9c]
Differential Revision: https://phabricator.services.mozilla.com/D56378
--HG--
extra : moz-landing-system : lando
2019-12-16 20:53:59 +00:00
|
|
|
print("\nCoverage report: " + symcov_file)
|
|
|
|
|
if symbol_retcode > 0:
|
|
|
|
|
print("sancov failed to symbolize with return code {}".format(symbol_retcode))
|
|
|
|
|
sys.exit(symbol_retcode)
|
2017-06-13 12:26:51 +00:00
|
|
|
|
2017-08-04 12:13:06 +00:00
|
|
|
class commandsAction(argparse.Action):
|
|
|
|
|
commands = []
|
2017-08-25 07:37:32 +00:00
|
|
|
|
2017-08-04 12:13:06 +00:00
|
|
|
def __call__(self, parser, args, values, option_string=None):
|
|
|
|
|
for c in commandsAction.commands:
|
|
|
|
|
print(c)
|
|
|
|
|
|
2017-06-13 12:26:51 +00:00
|
|
|
def parse_arguments():
|
|
|
|
|
parser = argparse.ArgumentParser(
|
|
|
|
|
description='NSS helper script. ' +
|
|
|
|
|
'Make sure to separate sub-command arguments with --.')
|
|
|
|
|
subparsers = parser.add_subparsers()
|
|
|
|
|
|
|
|
|
|
parser_build = subparsers.add_parser(
|
|
|
|
|
'build', help='All arguments are passed to build.sh')
|
|
|
|
|
parser_build.add_argument(
|
|
|
|
|
'build_args', nargs='*', help="build arguments", action=buildAction)
|
|
|
|
|
|
|
|
|
|
parser_cf = subparsers.add_parser(
|
|
|
|
|
'clang-format',
|
2017-08-25 07:37:32 +00:00
|
|
|
help="""
|
|
|
|
|
Run clang-format.
|
|
|
|
|
|
|
|
|
|
By default this runs against any files that you have modified. If
|
|
|
|
|
there are no modified files, it checks everything.
|
|
|
|
|
""")
|
|
|
|
|
parser_cf.add_argument(
|
|
|
|
|
'--noroot',
|
|
|
|
|
help='On linux, suppress the use of \'sudo\' for running docker.',
|
|
|
|
|
action='store_true')
|
2017-06-13 12:26:51 +00:00
|
|
|
parser_cf.add_argument(
|
2017-08-25 07:37:32 +00:00
|
|
|
'<file/dir>',
|
2017-06-13 12:26:51 +00:00
|
|
|
nargs='*',
|
2017-08-25 07:37:32 +00:00
|
|
|
help="Specify files or directories to run clang-format on",
|
2017-06-13 12:26:51 +00:00
|
|
|
action=cfAction)
|
|
|
|
|
|
|
|
|
|
parser_test = subparsers.add_parser(
|
|
|
|
|
'tests', help='Run tests through tests/all.sh.')
|
|
|
|
|
tests = [
|
|
|
|
|
"cipher", "lowhash", "chains", "cert", "dbtests", "tools", "fips",
|
|
|
|
|
"sdr", "crmf", "smime", "ssl", "ocsp", "merge", "pkits", "ec",
|
2018-07-25 13:17:58 +00:00
|
|
|
"gtests", "ssl_gtests", "bogo", "interop", "policy"
|
2017-06-13 12:26:51 +00:00
|
|
|
]
|
|
|
|
|
parser_test.add_argument(
|
|
|
|
|
'test', choices=tests, help="Available tests", action=testAction)
|
2017-08-04 12:13:06 +00:00
|
|
|
|
2018-04-16 08:09:12 +00:00
|
|
|
parser_cov = subparsers.add_parser(
|
|
|
|
|
'coverage', help='Generate coverage report')
|
|
|
|
|
cov_modules = ["ssl_gtests"]
|
|
|
|
|
parser_cov.add_argument(
|
|
|
|
|
'--outdir', help='Output directory for coverage report data.',
|
|
|
|
|
default=tempfile.mkdtemp())
|
|
|
|
|
parser_cov.add_argument(
|
|
|
|
|
'module', choices=cov_modules, help="Available coverage modules",
|
|
|
|
|
action=covAction)
|
|
|
|
|
|
2017-08-04 12:13:06 +00:00
|
|
|
parser_commands = subparsers.add_parser(
|
Bug 1577822 - land NSS a3ee4f26b4c1 UPGRADE_NSS_RELEASE, r=kjacobs
2019-09-18 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/lib/derprint.c:
Bug 1581024 - Check for pointer wrap in derprint.c. r=jcj
Check for pointer wrap on output-length check in the derdump
utility.
[a3ee4f26b4c1] [tip]
2019-09-18 Giulio Benetti <giulio.benetti@micronovasrl.com>
* lib/freebl/gcm-aarch64.c:
Bug 1580126 - Fix build failure on aarch64_be while building
freebl/gcm r=kjacobs
Build failure is caused by different #ifdef conditions in gcm.c and
gcm-aarch64.c that leads to double declaration of the same gcm_*
functions.
Fix #ifdef condition in gcm-aarch64.c making it the same as the one
in gcm.c.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[fa0d958de0c3]
2019-09-17 Kai Engert <kaie@kuix.de>
* automation/taskcluster/graph/src/extend.js:
Bug 1385039 - Build NSPR tests as part of NSS continuous
integration. r=kjacobs
[cc97f1a93038]
2019-09-17 Landry Breuil <landry@openbsd.org>
* lib/freebl/Makefile:
Bug 1581391 - include gcm-aarch64 on all unices, not only linux
r=kjacobs
[e7b4f293fa4e]
2019-09-17 Martin Thomson <mt@lowentropy.net>
* mach:
Bug 1581041 - Rename mach-commands to mach-completion, r=jcj
This means that we can point our completion at the gecko one.
[bc91272fcbdc]
2019-09-16 Jenine <jenine_c@outlook.com>
* cmd/pk11importtest/pk11importtest.c, lib/softoken/pkcs11.c:
Bug 1558313 - Fix clang warnings in pk11importtest.c and pkcs11.c
r=marcusburghardt
[4569b745f74e]
2019-09-13 Daiki Ueno <dueno@redhat.com>
* lib/certhigh/certvfy.c:
Bug 1542207, fix policy check on signature algorithms, r=rrelyea
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1542207
[ed8a41d16c1c]
2019-09-05 Daiki Ueno <dueno@redhat.com>
* lib/freebl/drbg.c:
Bug 1560329, drbg: perform continuous test on entropy source,
r=rrelyea
Summary: FIPS 140-2 section 4.9.2 requires a conditional self test
to check that consecutive entropy blocks from the system are
different. As neither getentropy() nor /dev/urandom provides that
check on the output, this adds the self test at caller side.
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1560329
[c66dd879d16a]
2019-09-06 Martin Thomson <mt@lowentropy.net>
* automation/taskcluster/graph/src/queue.js:
Bug 1579290 - Disable LSAN during builds, r=ueno
Summary: See the bug description for details.
[f28f3d7b7cf0]
2019-09-13 Kai Engert <kaie@kuix.de>
* Makefile, build.sh, coreconf/nspr.sh, help.txt:
Bug 1385061 - Build NSPR tests with NSS make; Add gyp parameters to
build/run NSPR tests. r=jcj
[8b4a226f7d23]
2019-09-11 Kai Engert <kaie@kuix.de>
* nss.gyp:
Bug 1577359 - Build atob and btoa for Thunderbird. r=jcj
[1fe61aadaf57]
2019-09-10 Marcus Burghardt <mburghardt@mozilla.com>
* cmd/pk12util/pk12util.c:
Bug 1579036 - Define error when trying to export non-existent cert
with pk12util. r=jcj
[65ab97f03c89]
2019-09-04 Martin Thomson <mt@lowentropy.net>
* gtests/mozpkix_gtest/pkixder_input_tests.cpp:
Bug 1578626 - Remove undefined nullptr decrement, r=keeler
Summary: This uses uintptr_t to avoid the worst. It still looks
terrible and might trip static analysis warnings, but the
reinterpret_cast should hide that.
This assumes that sizeof(uintptr_t) == sizeof(void*), so I've added
an assertion so that we'll at least fail the test on those systems.
(We could use GTEST_SKIP instead, but we don't have that in the
version of gtest that we use.)
Reviewers: keeler
Tags: #secure-revision
Bug #: 1578626
[d2485b1c997e]
2019-09-05 Marcus Burghardt <mburghardt@mozilla.com>
* gtests/pk11_gtest/pk11_find_certs_unittest.cc:
Bug 1578751 - Ensure a consistent style for
pk11_find_certs_unittest.cc. r=jcj
Adjusted the style and clang-format after the changes in some var
names.
[e95fee7f59e5]
Differential Revision: https://phabricator.services.mozilla.com/D46246
--HG--
extra : moz-landing-system : lando
2019-09-18 03:27:20 +00:00
|
|
|
'mach-completion',
|
2017-08-04 12:13:06 +00:00
|
|
|
help="list commands")
|
|
|
|
|
parser_commands.add_argument(
|
Bug 1577822 - land NSS a3ee4f26b4c1 UPGRADE_NSS_RELEASE, r=kjacobs
2019-09-18 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/lib/derprint.c:
Bug 1581024 - Check for pointer wrap in derprint.c. r=jcj
Check for pointer wrap on output-length check in the derdump
utility.
[a3ee4f26b4c1] [tip]
2019-09-18 Giulio Benetti <giulio.benetti@micronovasrl.com>
* lib/freebl/gcm-aarch64.c:
Bug 1580126 - Fix build failure on aarch64_be while building
freebl/gcm r=kjacobs
Build failure is caused by different #ifdef conditions in gcm.c and
gcm-aarch64.c that leads to double declaration of the same gcm_*
functions.
Fix #ifdef condition in gcm-aarch64.c making it the same as the one
in gcm.c.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[fa0d958de0c3]
2019-09-17 Kai Engert <kaie@kuix.de>
* automation/taskcluster/graph/src/extend.js:
Bug 1385039 - Build NSPR tests as part of NSS continuous
integration. r=kjacobs
[cc97f1a93038]
2019-09-17 Landry Breuil <landry@openbsd.org>
* lib/freebl/Makefile:
Bug 1581391 - include gcm-aarch64 on all unices, not only linux
r=kjacobs
[e7b4f293fa4e]
2019-09-17 Martin Thomson <mt@lowentropy.net>
* mach:
Bug 1581041 - Rename mach-commands to mach-completion, r=jcj
This means that we can point our completion at the gecko one.
[bc91272fcbdc]
2019-09-16 Jenine <jenine_c@outlook.com>
* cmd/pk11importtest/pk11importtest.c, lib/softoken/pkcs11.c:
Bug 1558313 - Fix clang warnings in pk11importtest.c and pkcs11.c
r=marcusburghardt
[4569b745f74e]
2019-09-13 Daiki Ueno <dueno@redhat.com>
* lib/certhigh/certvfy.c:
Bug 1542207, fix policy check on signature algorithms, r=rrelyea
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1542207
[ed8a41d16c1c]
2019-09-05 Daiki Ueno <dueno@redhat.com>
* lib/freebl/drbg.c:
Bug 1560329, drbg: perform continuous test on entropy source,
r=rrelyea
Summary: FIPS 140-2 section 4.9.2 requires a conditional self test
to check that consecutive entropy blocks from the system are
different. As neither getentropy() nor /dev/urandom provides that
check on the output, this adds the self test at caller side.
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1560329
[c66dd879d16a]
2019-09-06 Martin Thomson <mt@lowentropy.net>
* automation/taskcluster/graph/src/queue.js:
Bug 1579290 - Disable LSAN during builds, r=ueno
Summary: See the bug description for details.
[f28f3d7b7cf0]
2019-09-13 Kai Engert <kaie@kuix.de>
* Makefile, build.sh, coreconf/nspr.sh, help.txt:
Bug 1385061 - Build NSPR tests with NSS make; Add gyp parameters to
build/run NSPR tests. r=jcj
[8b4a226f7d23]
2019-09-11 Kai Engert <kaie@kuix.de>
* nss.gyp:
Bug 1577359 - Build atob and btoa for Thunderbird. r=jcj
[1fe61aadaf57]
2019-09-10 Marcus Burghardt <mburghardt@mozilla.com>
* cmd/pk12util/pk12util.c:
Bug 1579036 - Define error when trying to export non-existent cert
with pk12util. r=jcj
[65ab97f03c89]
2019-09-04 Martin Thomson <mt@lowentropy.net>
* gtests/mozpkix_gtest/pkixder_input_tests.cpp:
Bug 1578626 - Remove undefined nullptr decrement, r=keeler
Summary: This uses uintptr_t to avoid the worst. It still looks
terrible and might trip static analysis warnings, but the
reinterpret_cast should hide that.
This assumes that sizeof(uintptr_t) == sizeof(void*), so I've added
an assertion so that we'll at least fail the test on those systems.
(We could use GTEST_SKIP instead, but we don't have that in the
version of gtest that we use.)
Reviewers: keeler
Tags: #secure-revision
Bug #: 1578626
[d2485b1c997e]
2019-09-05 Marcus Burghardt <mburghardt@mozilla.com>
* gtests/pk11_gtest/pk11_find_certs_unittest.cc:
Bug 1578751 - Ensure a consistent style for
pk11_find_certs_unittest.cc. r=jcj
Adjusted the style and clang-format after the changes in some var
names.
[e95fee7f59e5]
Differential Revision: https://phabricator.services.mozilla.com/D46246
--HG--
extra : moz-landing-system : lando
2019-09-18 03:27:20 +00:00
|
|
|
'mach-completion',
|
2017-08-04 12:13:06 +00:00
|
|
|
nargs='*',
|
|
|
|
|
action=commandsAction)
|
|
|
|
|
|
|
|
|
|
commandsAction.commands = [c for c in subparsers.choices]
|
2017-06-13 12:26:51 +00:00
|
|
|
return parser.parse_args()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def main():
|
|
|
|
|
parse_arguments()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
|
main()
|