andre@0: Name: Network Security Services (NSS) andre@0: Short Name: nss andre@0: URL: http://www.mozilla.org/projects/security/pki/nss/ andre@0: Version: 3.16.2 Beta 3 andre@0: License: MPL 2 andre@0: License File: nss/COPYING andre@0: Security Critical: yes andre@0: andre@0: Description: andre@0: NSS 3.16.2 Beta 3 with NSPR 4.10.4 andre@0: andre@0: This copy of NSS has been customized for Chromium. NSPR is also put here andre@0: rather than in a separate directory to emphasize the fact that Chromium is andre@0: using NSPR strictly as an NSS dependency. andre@0: andre@0: We took a subset of NSS, omitting the SSL and SMIME libraries and the andre@0: built-in root CA certificates module. This NSS subset satisfies the andre@0: dependencies of the NSS SSL library in src/net/third_party/nss. Do NOT use andre@0: this copy of NSS on platforms that have NSS as system libraries, such as andre@0: Linux. andre@0: andre@0: The source code was checked out from the mozilla.org CVS or hg repository using andre@0: the nspr-checkout.sh and nss-checkout.sh scripts in the scripts directory. andre@0: The current source code was checked out with the hg tag NSS_3_16_2_BETA3 andre@0: and the hg tag NSPR_4_10_4_RTM. andre@0: andre@0: Local Modifications: andre@0: andre@0: We made the following local changes to NSPR. andre@0: - patches/nspr-static.patch: to build NSPR as static libraries. See NSPR andre@0: bug 533014 (https://bugzilla.mozilla.org/show_bug.cgi?id=533014). andre@0: - patches/prcpucfg.h: added to the nspr/pr/include directory. andre@0: - patches/nspr-attach-as-system-thread.patch: attach a "foreign" thread andre@0: (a thread not created by NSPR) to NSPR as a "system" thread rather than andre@0: a "user" thread, which needs to terminate before PR_Cleanup can return. andre@0: (The "system" vs. "user" thread distinction comes from Java, and andre@0: ultimately from Solaris threads.) This is a workaround for andre@0: http://crbug.com/40663. andre@0: - patches/nspr-remove-io.patch: Remove IO operations in NSPR to allow NSS andre@0: to work in the sandbox. Do not initialize IO when initializing NSPR. andre@0: Windows version of NSPR also tried to use getaddrinfo to resolve hostname andre@0: in a SSL connection. By removing _PR_HAVE_GETADDRINFO this will force it andre@0: to use PR_GetHostByName. Removing _PR_INET6_PROBE will prevent it from andre@0: creating an IPv6 socket to probe if IPv6 is there. andre@0: DO NOT upstream this patch. andre@0: andre@0: We made the following local changes to NSS. andre@0: - patches/nss-static.patch: to build NSS as static libraries and omit andre@0: libpkix (the new certification path validation library) and andre@0: softoken/legacydb (support for the old Berkeley DB databases). See NSS andre@0: bug 534471 (https://bugzilla.mozilla.org/show_bug.cgi?id=534471). andre@0: - nss/exports_win.def: The list of exports to use when building nss as a andre@0: dynamic library (crnss.dll). andre@0: - nss/lib/ckfw/builtins/certdata.c: a generated file. Do an upstream NSS andre@0: build and copy the generated certdata.c. andre@0: - nss/lib/freebl/build_config_mac.h: a header that defines the target arch andre@0: specific configuration macros for lib/freebl on iOS and Mac OS X. This andre@0: works around the lack of support for the xcode_settings andre@0: GCC_PREPROCESSOR_DEFINITIONS[arch=foo] by the ninja GYP generator andre@0: (http://crbug.com/122592). andre@0: - nss/lib/freebl/mpi/mpi_arm_mac.c: a wrapper file for mpi_arm.c for iOS andre@0: and Mac OS X. This works around the inability to specify target arch andre@0: specific source files in Xcode. andre@0: - patches/nss-remove-fortezza.patch: remove Fortezza certificate support andre@0: from PK11_ImportPublicKey. See NSS bug 668397 andre@0: (https://bugzilla.mozilla.org/show_bug.cgi?id=668397). andre@0: - patches/nss-urandom-abort.patch: call abort() if NSS cannot read from andre@0: /dev/urandom. See Chromium issue 244661 (http://crbug.com/244661). andre@0: - patches/nss-chacha20-poly1305.patch: Support ChaCha20+Poly1305 cipher andre@0: suites. See NSS bug 917571 andre@0: (https://bugzilla.mozilla.org/show_bug.cgi?id=917571). andre@0: - patches/nss-genname-warnings.patch: Fix compiler warnings in andre@0: lib/certdb/genname.c that are treated as errors by -Werror,-Wpointer-sign. andre@0: Will be fixed in NSS 3.16.2. andre@0: - patches/nss-rsa-key-check.patch: RSA_PrivateKeyCheck should not swap andre@0: members of the input RSAPrivateKey. andre@0: https://bugzilla.mozilla.org/show_bug.cgi?id=1021102