mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 10:44:56 +00:00
Bug 1523175 - land NSS b7713856ebf2 UPGRADE_NSS_RELEASE, r=me
--HG-- extra : rebase_source : 9dbb754fb73fde471308ac331ae445a45c77c870 extra : amend_source : 68c501b209d49f8c5d04c891056dda2a9057fbd9
This commit is contained in:
parent
950939d55a
commit
323f397330
@ -47,7 +47,7 @@ dnl Set the version number of the libs included with mozilla
|
||||
dnl ========================================================
|
||||
MOZPNG=10635
|
||||
NSPR_VERSION=4
|
||||
NSPR_MINVER=4.19
|
||||
NSPR_MINVER=4.21
|
||||
NSS_VERSION=3
|
||||
|
||||
dnl Set the minimum version of toolkit libs used by mozilla
|
||||
|
@ -1,47 +1,37 @@
|
||||
# This file is rendered via JSON-e in a hook with context:
|
||||
# {
|
||||
# tasks_for: 'hg-push',
|
||||
# push: {owner, pushlog_id, pushdate},
|
||||
# repository: {url, project, level},
|
||||
# now,
|
||||
# ownTaskId: // taskId of the task that will be created
|
||||
# }
|
||||
---
|
||||
version: 0
|
||||
metadata:
|
||||
name: "NSS Continuous Integration"
|
||||
description: "The Taskcluster task graph for the NSS tree"
|
||||
owner: "mozilla-taskcluster-maintenance@mozilla.com"
|
||||
source: {{{source}}}
|
||||
|
||||
scopes:
|
||||
# Note the below scopes are insecure however these get overriden on the server
|
||||
# side to whatever scopes are set by mozilla-taskcluster.
|
||||
- queue:*
|
||||
- docker-worker:*
|
||||
- scheduler:*
|
||||
|
||||
# Available mustache parameters (see the mozilla-taskcluster source):
|
||||
#
|
||||
# - owner: push user (email address)
|
||||
# - source: URL of this YAML file
|
||||
# - url: repository URL
|
||||
# - project: alias for the destination repository (basename of
|
||||
# the repo url)
|
||||
# - level: SCM level of the destination repository
|
||||
# (1 = try, 3 = core)
|
||||
# - revision: (short) hg revision of the head of the push
|
||||
# - revision_hash: (long) hg revision of the head of the push
|
||||
# - comment: comment of the push
|
||||
# - pushlog_id: id in the pushlog table of the repository
|
||||
#
|
||||
# and functions:
|
||||
# - as_slugid: convert a label into a slugId
|
||||
# - from_now: generate a timestamp at a fixed offset from now
|
||||
|
||||
version: 1
|
||||
tasks:
|
||||
- taskId: '{{#as_slugid}}decision task{{/as_slugid}}'
|
||||
reruns: 3
|
||||
task:
|
||||
created: '{{now}}'
|
||||
deadline: '{{#from_now}}1 day{{/from_now}}'
|
||||
expires: '{{#from_now}}14 days{{/from_now}}'
|
||||
- $let:
|
||||
# sometimes the push user is just `ffxbld` or the like, but we want an
|
||||
# email-like field..
|
||||
ownerEmail:
|
||||
$if: '"@" in push.owner'
|
||||
then: '${push.owner}'
|
||||
else: '${push.owner}@noreply.mozilla.org'
|
||||
# ensure there's no trailing `/` on the repo URL
|
||||
repoUrl:
|
||||
$if: 'repository.url[-1] == "/"'
|
||||
then: {$eval: 'repository.url[:-1]'}
|
||||
else: {$eval: 'repository.url'}
|
||||
in:
|
||||
taskId: '${ownTaskId}'
|
||||
taskGroupId: '${ownTaskId}'
|
||||
schedulerId: 'gecko-level-nss'
|
||||
created: {$fromNow: ''}
|
||||
deadline: {$fromNow: '1 day'}
|
||||
expires: {$fromNow: '14 days'}
|
||||
|
||||
metadata:
|
||||
owner: mozilla-taskcluster-maintenance@mozilla.com
|
||||
source: {{{source}}}
|
||||
source: "${repository.url}"
|
||||
name: "NSS Decision Task"
|
||||
description: |
|
||||
The task that creates all of the other tasks in the task graph
|
||||
@ -49,24 +39,27 @@ tasks:
|
||||
workerType: "hg-worker"
|
||||
provisionerId: "aws-provisioner-v1"
|
||||
|
||||
scopes:
|
||||
- 'assume:repo:${repoUrl[8:]}:branch:default'
|
||||
- 'queue:route:notify.email.${ownerEmail}.*'
|
||||
tags:
|
||||
createdForUser: {{owner}}
|
||||
createdForUser: "${ownerEmail}"
|
||||
|
||||
routes:
|
||||
- "tc-treeherder-stage.v2.{{project}}.{{revision}}.{{pushlog_id}}"
|
||||
- "tc-treeherder.v2.{{project}}.{{revision}}.{{pushlog_id}}"
|
||||
- "tc-treeherder-stage.v2.${repository.project}.${push.revision}.${push.pushlog_id}"
|
||||
- "tc-treeherder.v2.${repository.project}.${push.revision}.${push.pushlog_id}"
|
||||
|
||||
payload:
|
||||
image: nssdev/nss-decision:0.0.2
|
||||
# TODO: use nssdev org , not djmitche, once the image is pushed there
|
||||
image: djmitche/nss-decision:0.0.3
|
||||
|
||||
env:
|
||||
TC_OWNER: {{owner}}
|
||||
TC_SOURCE: {{{source}}}
|
||||
TC_PROJECT: {{project}}
|
||||
TC_COMMENT: '{{comment}}'
|
||||
NSS_PUSHLOG_ID: '{{pushlog_id}}'
|
||||
NSS_HEAD_REPOSITORY: '{{{url}}}'
|
||||
NSS_HEAD_REVISION: '{{revision}}'
|
||||
TC_OWNER: "${push.owner}"
|
||||
TC_SOURCE: "${repository.url}"
|
||||
TC_PROJECT: ${repository.project}
|
||||
NSS_PUSHLOG_ID: '${push.pushlog_id}'
|
||||
NSS_HEAD_REPOSITORY: '${repository.url}'
|
||||
NSS_HEAD_REVISION: '${push.revision}'
|
||||
|
||||
maxRunTime: 1800
|
||||
|
||||
|
@ -1 +1 @@
|
||||
794984bb1169
|
||||
b7713856ebf2
|
||||
|
@ -0,0 +1,5 @@
|
||||
|
||||
1 Added function:
|
||||
|
||||
'function SECOidTag HASH_GetHashOidTagByHashType(HASH_HashType)' {HASH_GetHashOidTagByHashType@@NSS_3.43}
|
||||
|
@ -1,4 +1,4 @@
|
||||
4.20
|
||||
4.21
|
||||
|
||||
# The first line of this file must contain the human readable NSPR
|
||||
# version number, which is the minimum required version of NSPR
|
||||
|
@ -9,6 +9,7 @@ RUN apt-get update \
|
||||
locales \
|
||||
mercurial \
|
||||
nodejs \
|
||||
npm \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& apt-get autoremove -y && apt-get clean -y
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -5,10 +5,17 @@
|
||||
import * as try_syntax from "./try_syntax";
|
||||
import extend from "./extend";
|
||||
|
||||
// Init try syntax filter.
|
||||
if (process.env.TC_PROJECT == "nss-try") {
|
||||
try_syntax.initFilter();
|
||||
}
|
||||
const main = async () => {
|
||||
// Init try syntax filter.
|
||||
if (process.env.TC_PROJECT == "nss-try") {
|
||||
await try_syntax.initFilter();
|
||||
}
|
||||
|
||||
// Extend the task graph.
|
||||
extend().catch(console.error);
|
||||
// Extend the task graph.
|
||||
await extend();
|
||||
};
|
||||
|
||||
main().catch(err => {
|
||||
console.error(err);
|
||||
process.exit(1);
|
||||
});
|
||||
|
@ -5,6 +5,10 @@
|
||||
import * as queue from "./queue";
|
||||
import intersect from "intersect";
|
||||
import parse_args from "minimist";
|
||||
import util from "util";
|
||||
import child_process from 'child_process';
|
||||
|
||||
let execFile = util.promisify(child_process.execFile);
|
||||
|
||||
function parseOptions(opts) {
|
||||
opts = parse_args(opts.split(/\s+/), {
|
||||
@ -154,8 +158,13 @@ function filter(opts) {
|
||||
}
|
||||
}
|
||||
|
||||
export function initFilter() {
|
||||
let comment = process.env.TC_COMMENT || "";
|
||||
async function getCommitComment() {
|
||||
const res = await execFile('hg', ['log', '-r', '.', '-T', '{desc}']);
|
||||
return res.stdout;
|
||||
};
|
||||
|
||||
export async function initFilter() {
|
||||
let comment = await getCommitComment();
|
||||
|
||||
// Check for try syntax in changeset comment.
|
||||
let match = comment.match(/^\s*try:\s*(.*)\s*$/);
|
||||
|
@ -10,3 +10,4 @@
|
||||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
@ -397,6 +397,16 @@ TEST_P(TlsConnectGeneric, RecordSizeServerExtensionInvalid) {
|
||||
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
|
||||
}
|
||||
|
||||
TEST_P(TlsConnectGeneric, RecordSizeServerExtensionExtra) {
|
||||
EnsureTlsSetup();
|
||||
server_->SetOption(SSL_RECORD_SIZE_LIMIT, 1000);
|
||||
static const uint8_t v[] = {0x01, 0x00, 0x00};
|
||||
auto replace = MakeTlsFilter<TlsExtensionReplacer>(
|
||||
server_, ssl_record_size_limit_xtn, DataBuffer(v, sizeof(v)));
|
||||
replace->EnableDecryption();
|
||||
ConnectExpectAlert(client_, kTlsAlertDecodeError);
|
||||
}
|
||||
|
||||
class RecordSizeDefaultsTest : public ::testing::Test {
|
||||
public:
|
||||
void SetUp() {
|
||||
|
@ -202,13 +202,46 @@ HASH_GetHashTypeByOidTag(SECOidTag hashOid)
|
||||
ht = HASH_AlgSHA512;
|
||||
break;
|
||||
default:
|
||||
ht = HASH_AlgNULL;
|
||||
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
|
||||
break;
|
||||
}
|
||||
return ht;
|
||||
}
|
||||
|
||||
SECOidTag
|
||||
HASH_GetHashOidTagByHashType(HASH_HashType type)
|
||||
{
|
||||
SECOidTag oid = SEC_OID_UNKNOWN;
|
||||
|
||||
switch (type) {
|
||||
case HASH_AlgMD2:
|
||||
oid = SEC_OID_MD2;
|
||||
break;
|
||||
case HASH_AlgMD5:
|
||||
oid = SEC_OID_MD5;
|
||||
break;
|
||||
case HASH_AlgSHA1:
|
||||
oid = SEC_OID_SHA1;
|
||||
break;
|
||||
case HASH_AlgSHA224:
|
||||
oid = SEC_OID_SHA224;
|
||||
break;
|
||||
case HASH_AlgSHA256:
|
||||
oid = SEC_OID_SHA256;
|
||||
break;
|
||||
case HASH_AlgSHA384:
|
||||
oid = SEC_OID_SHA384;
|
||||
break;
|
||||
case HASH_AlgSHA512:
|
||||
oid = SEC_OID_SHA512;
|
||||
break;
|
||||
default:
|
||||
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
|
||||
break;
|
||||
}
|
||||
return oid;
|
||||
}
|
||||
|
||||
SECOidTag
|
||||
HASH_GetHashOidTagByHMACOidTag(SECOidTag hmacOid)
|
||||
{
|
||||
|
@ -53,6 +53,8 @@ extern HASH_HashType HASH_GetHashTypeByOidTag(SECOidTag hashOid);
|
||||
extern SECOidTag HASH_GetHashOidTagByHMACOidTag(SECOidTag hmacOid);
|
||||
extern SECOidTag HASH_GetHMACOidTagByHashOidTag(SECOidTag hashOid);
|
||||
|
||||
extern SECOidTag HASH_GetHashOidTagByHashType(HASH_HashType type);
|
||||
|
||||
SEC_END_PROTOS
|
||||
|
||||
#endif /* _HASH_H_ */
|
||||
|
@ -1139,3 +1139,9 @@ CERT_GetCertKeyType;
|
||||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
;+NSS_3.43 { # NSS 3.43 release
|
||||
;+ global:
|
||||
HASH_GetHashOidTagByHashType;
|
||||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
|
@ -1927,7 +1927,7 @@ ssl_HandleRecordSizeLimitXtn(const sslSocket *ss, TLSExtensionData *xtnData,
|
||||
return SECFailure;
|
||||
}
|
||||
if (data->len != 0 || limit < 64) {
|
||||
ssl3_ExtSendAlert(ss, alert_fatal, illegal_parameter);
|
||||
ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
|
||||
PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
|
||||
return SECFailure;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user