Mercurial > trustbridge > nss-cmake-static
view README.chromium @ 3:150b72113545
Add DBM and legacydb support
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Tue, 05 Aug 2014 18:32:02 +0200 |
parents | 1e5118fa0cb1 |
children |
line wrap: on
line source
Name: Network Security Services (NSS) Short Name: nss URL: http://www.mozilla.org/projects/security/pki/nss/ Version: 3.16.2 Beta 3 License: MPL 2 License File: nss/COPYING Security Critical: yes Description: NSS 3.16.2 Beta 3 with NSPR 4.10.4 This copy of NSS has been customized for Chromium. NSPR is also put here rather than in a separate directory to emphasize the fact that Chromium is using NSPR strictly as an NSS dependency. We took a subset of NSS, omitting the SSL and SMIME libraries and the built-in root CA certificates module. This NSS subset satisfies the dependencies of the NSS SSL library in src/net/third_party/nss. Do NOT use this copy of NSS on platforms that have NSS as system libraries, such as Linux. The source code was checked out from the mozilla.org CVS or hg repository using the nspr-checkout.sh and nss-checkout.sh scripts in the scripts directory. The current source code was checked out with the hg tag NSS_3_16_2_BETA3 and the hg tag NSPR_4_10_4_RTM. Local Modifications: We made the following local changes to NSPR. - patches/nspr-static.patch: to build NSPR as static libraries. See NSPR bug 533014 (https://bugzilla.mozilla.org/show_bug.cgi?id=533014). - patches/prcpucfg.h: added to the nspr/pr/include directory. - patches/nspr-attach-as-system-thread.patch: attach a "foreign" thread (a thread not created by NSPR) to NSPR as a "system" thread rather than a "user" thread, which needs to terminate before PR_Cleanup can return. (The "system" vs. "user" thread distinction comes from Java, and ultimately from Solaris threads.) This is a workaround for http://crbug.com/40663. - patches/nspr-remove-io.patch: Remove IO operations in NSPR to allow NSS to work in the sandbox. Do not initialize IO when initializing NSPR. Windows version of NSPR also tried to use getaddrinfo to resolve hostname in a SSL connection. By removing _PR_HAVE_GETADDRINFO this will force it to use PR_GetHostByName. Removing _PR_INET6_PROBE will prevent it from creating an IPv6 socket to probe if IPv6 is there. DO NOT upstream this patch. We made the following local changes to NSS. - patches/nss-static.patch: to build NSS as static libraries and omit libpkix (the new certification path validation library) and softoken/legacydb (support for the old Berkeley DB databases). See NSS bug 534471 (https://bugzilla.mozilla.org/show_bug.cgi?id=534471). - nss/exports_win.def: The list of exports to use when building nss as a dynamic library (crnss.dll). - nss/lib/ckfw/builtins/certdata.c: a generated file. Do an upstream NSS build and copy the generated certdata.c. - nss/lib/freebl/build_config_mac.h: a header that defines the target arch specific configuration macros for lib/freebl on iOS and Mac OS X. This works around the lack of support for the xcode_settings GCC_PREPROCESSOR_DEFINITIONS[arch=foo] by the ninja GYP generator (http://crbug.com/122592). - nss/lib/freebl/mpi/mpi_arm_mac.c: a wrapper file for mpi_arm.c for iOS and Mac OS X. This works around the inability to specify target arch specific source files in Xcode. - patches/nss-remove-fortezza.patch: remove Fortezza certificate support from PK11_ImportPublicKey. See NSS bug 668397 (https://bugzilla.mozilla.org/show_bug.cgi?id=668397). - patches/nss-urandom-abort.patch: call abort() if NSS cannot read from /dev/urandom. See Chromium issue 244661 (http://crbug.com/244661). - patches/nss-chacha20-poly1305.patch: Support ChaCha20+Poly1305 cipher suites. See NSS bug 917571 (https://bugzilla.mozilla.org/show_bug.cgi?id=917571). - patches/nss-genname-warnings.patch: Fix compiler warnings in lib/certdb/genname.c that are treated as errors by -Werror,-Wpointer-sign. Will be fixed in NSS 3.16.2. - patches/nss-rsa-key-check.patch: RSA_PrivateKeyCheck should not swap members of the input RSAPrivateKey. https://bugzilla.mozilla.org/show_bug.cgi?id=1021102