Update NSS to NSS 3.14 pre-release snapshot 2012-06-26 01:00:00 PDT.

patches/nss-static.patch

 Index: mozilla/security/nss/lib/certhigh/certvfy.c
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/certhigh/certvfy.c,v
-retrieving revision 1.75
-diff -p -u -8 -r1.75 certvfy.c
---- mozilla/security/nss/lib/certhigh/certvfy.c 14 Sep 2011 00:28:47 -0000      1.75
-+++ mozilla/security/nss/lib/certhigh/certvfy.c 25 Oct 2011 22:35:58 -0000
-@@ -40,27 +40,70 @@
+retrieving revision 1.77
+diff -p -u -8 -r1.77 certvfy.c
+--- mozilla/security/nss/lib/certhigh/certvfy.c 25 Apr 2012 14:49:27 -0000      1.77
++++ mozilla/security/nss/lib/certhigh/certvfy.c 7 Nov 2012 01:10:06 -0000
+@@ -8,27 +8,70 @@
  #include "secoid.h"
  #include "sslerr.h"
  #include "genname.h"
  #include "keyhi.h"
  #include "cert.h"
  #include "certdb.h"
  #include "certi.h"
  #include "cryptohi.h"
 +#ifndef NSS_DISABLE_LIBPKIX
  #include "pkix.h"
@@ skipping 53 matching lines @@
   * Check the validity times of a certificate
   */
  SECStatus
  CERT_CertTimesValid(CERTCertificate *c)
  {
      SECCertTimeValidity valid = CERT_CheckCertValidTimes(c, PR_Now(), PR_TRUE);
      return (valid == secCertTimeValid) ? SECSuccess : SECFailure;
 Index: mozilla/security/nss/lib/ckfw/nssck.api
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/ckfw/nssck.api,v
-retrieving revision 1.7
-diff -p -u -8 -r1.7 nssck.api
---- mozilla/security/nss/lib/ckfw/nssck.api     2 Feb 2005 22:28:11 -0000       1.7
-+++ mozilla/security/nss/lib/ckfw/nssck.api     25 Oct 2011 22:35:58 -0000
-@@ -1783,17 +1783,17 @@ C_WaitForSlotEvent
+retrieving revision 1.8
+diff -p -u -8 -r1.8 nssck.api
+--- mozilla/security/nss/lib/ckfw/nssck.api     25 Apr 2012 14:49:28 -0000      1.8
++++ mozilla/security/nss/lib/ckfw/nssck.api     7 Nov 2012 01:10:06 -0000
+@@ -1751,17 +1751,17 @@ C_WaitForSlotEvent
    CK_SLOT_ID_PTR pSlot,
    CK_VOID_PTR pRserved
  )
  {
    return __ADJOIN(MODULE_NAME,C_WaitForSlotEvent)(flags, pSlot, pRserved);
  }
  #endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
  
 -static CK_RV CK_ENTRY
 +CK_RV CK_ENTRY
  __ADJOIN(MODULE_NAME,C_GetFunctionList)
  (
    CK_FUNCTION_LIST_PTR_PTR ppFunctionList
  );
  
  static CK_FUNCTION_LIST FunctionList = {
    { 2, 1 },
  __ADJOIN(MODULE_NAME,C_Initialize),
-@@ -1861,30 +1861,32 @@ __ADJOIN(MODULE_NAME,C_UnwrapKey),
+@@ -1829,30 +1829,32 @@ __ADJOIN(MODULE_NAME,C_UnwrapKey),
  __ADJOIN(MODULE_NAME,C_DeriveKey),
  __ADJOIN(MODULE_NAME,C_SeedRandom),
  __ADJOIN(MODULE_NAME,C_GenerateRandom),
  __ADJOIN(MODULE_NAME,C_GetFunctionStatus),
  __ADJOIN(MODULE_NAME,C_CancelFunction),
  __ADJOIN(MODULE_NAME,C_WaitForSlotEvent)
  };
  
 -static CK_RV CK_ENTRY
 +CK_RV CK_ENTRY
@@ skipping 16 matching lines @@
  {
    return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList);
  }
 +#endif
  
  #undef __ADJOIN
  
 Index: mozilla/security/nss/lib/freebl/rsa.c
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/freebl/rsa.c,v
-retrieving revision 1.43
-diff -p -u -8 -r1.43 rsa.c
---- mozilla/security/nss/lib/freebl/rsa.c       21 Sep 2011 01:09:48 -0000      1.43
-+++ mozilla/security/nss/lib/freebl/rsa.c       25 Oct 2011 22:35:58 -0000
-@@ -1588,16 +1588,23 @@ void RSA_Cleanup(void)
+retrieving revision 1.44
+diff -p -u -8 -r1.44 rsa.c
+--- mozilla/security/nss/lib/freebl/rsa.c       25 Apr 2012 14:49:43 -0000      1.44
++++ mozilla/security/nss/lib/freebl/rsa.c       7 Nov 2012 01:10:06 -0000
+@@ -1556,16 +1556,23 @@ void RSA_Cleanup(void)
   * free_bl may have allocated along the way. Currently only RSA does this,
   * so I've put it here for now.
   */
  void BL_Cleanup(void)
  {
      RSA_Cleanup();
  }
  
 +#ifdef NSS_STATIC
 +void
 +BL_Unload(void)
 +{
 +}
 +#endif
 +
  PRBool bl_parentForkedAfterC_Initialize;
  
  /*
   * Set fork flag so it can be tested in SKIP_AFTER_FORK on relevant platforms.
   */
  void BL_SetForkState(PRBool forked)
  {
      bl_parentForkedAfterC_Initialize = forked;
 Index: mozilla/security/nss/lib/freebl/shvfy.c
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/freebl/shvfy.c,v
-retrieving revision 1.15
-diff -p -u -8 -r1.15 shvfy.c
---- mozilla/security/nss/lib/freebl/shvfy.c     6 Dec 2010 17:22:49 -0000       1.15
-+++ mozilla/security/nss/lib/freebl/shvfy.c     25 Oct 2011 22:35:58 -0000
-@@ -299,39 +299,55 @@ readItem(PRFileDesc *fd, SECItem *item)
+retrieving revision 1.17
+diff -p -u -8 -r1.17 shvfy.c
+--- mozilla/security/nss/lib/freebl/shvfy.c     12 Jun 2012 16:39:00 -0000      1.17
++++ mozilla/security/nss/lib/freebl/shvfy.c     7 Nov 2012 01:10:07 -0000
+@@ -269,39 +269,55 @@ readItem(PRFileDesc *fd, SECItem *item)
         PORT_Free(item->data);
         item->data = NULL;
         item->len = 0;
         return SECFailure;
      }
      return SECSuccess;
  }
  
 +/*
 + * Define PSEUDO_FIPS if you can't do FIPS software integrity test (e.g.,
@@ skipping 30 matching lines @@
  
  PRBool
  BLAPI_SHVerifyFile(const char *shName)
  {
 +#ifdef PSEUDO_FIPS
 +    return PR_TRUE;  /* a lie, hence *pseudo* FIPS */
 +#else
      char *checkName = NULL;
      PRFileDesc *checkFD = NULL;
      PRFileDesc *shFD = NULL;
-     SHA1Context *hashcx = NULL;
+     void  *hashcx = NULL;
+     SECHashObject *hashObj = NULL;
      SECItem signature = { 0, NULL, 0 };
      SECItem hash;
      int bytesRead, offset;
-     SECStatus rv;
-@@ -510,16 +526,17 @@ loser:
+@@ -488,16 +504,17 @@ loser:
      if (key.params.base.data != NULL) {
         PORT_Free(key.params.base.data);
      }
      if (key.publicValue.data != NULL) {
         PORT_Free(key.publicValue.data);
      }
  
      return result;
 +#endif  /* PSEUDO_FIPS */
  }
  
  PRBool
  BLAPI_VerifySelf(const char *name)
  {
      if (name == NULL) {
         /*
          * If name is NULL, freebl is statically linked into softoken.
 Index: mozilla/security/nss/lib/nss/nssinit.c
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/nss/nssinit.c,v
-retrieving revision 1.114
-diff -p -u -8 -r1.114 nssinit.c
---- mozilla/security/nss/lib/nss/nssinit.c      18 Oct 2011 19:03:31 -0000      1.114
-+++ mozilla/security/nss/lib/nss/nssinit.c      25 Oct 2011 22:35:58 -0000
-@@ -50,19 +50,21 @@
+retrieving revision 1.116
+diff -p -u -8 -r1.116 nssinit.c
+--- mozilla/security/nss/lib/nss/nssinit.c      25 Apr 2012 14:50:04 -0000      1.116
++++ mozilla/security/nss/lib/nss/nssinit.c      7 Nov 2012 01:10:07 -0000
+@@ -18,19 +18,21 @@
  #include "key.h"
  #include "secmod.h"
  #include "secoid.h"
  #include "nss.h"
  #include "pk11func.h"
  #include "secerr.h"
  #include "nssbase.h"
  #include "nssutil.h"
 +#ifndef NSS_DISABLE_LIBPKIX
  #include "pkixt.h"
  #include "pkix.h"
  #include "pkix_tools.h"
 +#endif  /* NSS_DISABLE_LIBPKIX */
  
  #include "pki3hack.h"
  #include "certi.h"
  #include "secmodi.h"
  #include "ocspti.h"
  #include "ocspi.h"
  
  /*
-@@ -559,18 +561,20 @@ nss_Init(const char *configdir, const ch
+@@ -527,18 +529,20 @@ nss_Init(const char *configdir, const ch
                  NSSInitParameters *initParams,
                  PRBool readOnly, PRBool noCertDB, 
                  PRBool noModDB, PRBool forceOpen, PRBool noRootInit,
                  PRBool optimizeSpace, PRBool noSingleThreadedModules,
                  PRBool allowAlreadyInitializedModules,
                  PRBool dontFinalizeModules)
  {
      SECStatus rv = SECFailure;
 +#ifndef NSS_DISABLE_LIBPKIX
      PKIX_UInt32 actualMinorVersion = 0;
      PKIX_Error *pkixError = NULL;
 +#endif
      PRBool isReallyInitted;
      char *configStrings = NULL;
      char *configName = NULL;
      PRBool passwordRequired = PR_FALSE;
  
      /* if we are trying to init with a traditional NSS_Init call, maintain
       * the traditional idempotent behavior. */
      if (!initContextPtr && nssIsInitted) {
-@@ -711,28 +715,30 @@ nss_Init(const char *configdir, const ch
+@@ -679,28 +683,30 @@ nss_Init(const char *configdir, const ch
                     nss_FindExternalRoot(dbpath, secmodName);
                 }
             }
         }
  
         pk11sdr_Init();
         cert_CreateSubjectKeyIDHashTable();
  
 +#ifndef NSS_DISABLE_LIBPKIX
         pkixError = PKIX_Initialize
@@ skipping 10 matching lines @@
          }
 +#endif  /* NSS_DISABLE_LIBPKIX */
  
  
      }
  
      /*
       * Now mark the appropriate init state. If initContextPtr was passed
       * in, then return the new context pointer and add it to the
       * nssInitContextList. Otherwise set the global nss_isInitted flag
-@@ -1092,17 +1098,19 @@ nss_Shutdown(void)
+@@ -1064,17 +1070,19 @@ nss_Shutdown(void)
  
      rv = nss_ShutdownShutdownList();
      if (rv != SECSuccess) {
         shutdownRV = SECFailure;
      }
      cert_DestroyLocks();
      ShutdownCRLCache();
      OCSP_ShutdownGlobal();
 +#ifndef NSS_DISABLE_LIBPKIX
      PKIX_Shutdown(plContext);
 +#endif
      SECOID_Shutdown();
      status = STAN_Shutdown();
      cert_DestroySubjectKeyIDHashTable();
      pk11_SetInternalKeySlot(NULL);
      rv = SECMOD_Shutdown();
      if (rv != SECSuccess) {
         shutdownRV = SECFailure;
      }
 Index: mozilla/security/nss/lib/pk11wrap/pk11load.c
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
-retrieving revision 1.33
-diff -p -u -8 -r1.33 pk11load.c
---- mozilla/security/nss/lib/pk11wrap/pk11load.c        15 Jul 2011 15:03:43 -0000      1.33
-+++ mozilla/security/nss/lib/pk11wrap/pk11load.c        25 Oct 2011 22:35:58 -0000
-@@ -344,46 +344,55 @@ SECMOD_SetRootCerts(PK11SlotInfo *slot, 
+retrieving revision 1.35
+diff -p -u -8 -r1.35 pk11load.c
+--- mozilla/security/nss/lib/pk11wrap/pk11load.c        25 Apr 2012 14:50:05 -0000      1.35
++++ mozilla/security/nss/lib/pk11wrap/pk11load.c        7 Nov 2012 01:10:07 -0000
+@@ -312,46 +312,55 @@ SECMOD_SetRootCerts(PK11SlotInfo *slot, 
            mod->slotInfo = psi_list;
            mod->slotInfoCount++;
            
         }
         psi->hasRootCerts = 1;
      }
  }
  
 +#ifdef NSS_STATIC
 +extern CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
@@ skipping 35 matching lines @@
  }
 +#endif  /* !NSS_STATIC */
  
  /*
   * load a new module into our address space and initialize it.
   */
  SECStatus
  secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) {
      PRLibrary *library = NULL;
      CK_C_GetFunctionList entry = NULL;
-@@ -392,16 +401,26 @@ secmod_LoadPKCS11Module(SECMODModule *mo
+@@ -360,16 +369,26 @@ secmod_LoadPKCS11Module(SECMODModule *mo
      SECStatus rv;
      PRBool alreadyLoaded = PR_FALSE;
      char *disableUnload = NULL;
  
      if (mod->loaded) return SECSuccess;
  
      /* intenal modules get loaded from their internal list */
      if (mod->internal && (mod->dllName == NULL)) {
 +#ifdef NSS_STATIC
 +    if (mod->isFIPS) {
 +        entry = FC_GetFunctionList;
 +    } else {
 +        entry = NSC_GetFunctionList;
 +    }
 +    if (mod->isModuleDB) {
 +        mod->moduleDBFunc = NSC_ModuleDBFunc;
 +    }
 +#else
      /*
       * Loads softoken as a dynamic library,
       * even though the rest of NSS assumes this as the "internal" module.
       */
      if (!softokenLib && 
          PR_SUCCESS != PR_CallOnce(&loadSoftokenOnce, &softoken_LoadDSO))
          return SECFailure;
  
-@@ -417,26 +436,36 @@ secmod_LoadPKCS11Module(SECMODModule *mo
+@@ -385,26 +404,36 @@ secmod_LoadPKCS11Module(SECMODModule *mo
  
      if (!entry)
          return SECFailure;
  
      if (mod->isModuleDB) {
          mod->moduleDBFunc = (CK_C_GetFunctionList) 
                      PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc");
      }
 +#endif
  
@@ skipping 16 matching lines @@
 +       }
 +#endif
  
         /* load the library. If this succeeds, then we have to remember to
          * unload the library if anything goes wrong from here on out...
          */
         library = PR_LoadLibrary(mod->dllName);
         mod->library = (void *)library;
  
         if (library == NULL) {
-@@ -449,16 +478,17 @@ secmod_LoadPKCS11Module(SECMODModule *mo
+@@ -417,16 +446,19 @@ secmod_LoadPKCS11Module(SECMODModule *mo
         if (!mod->moduleDBOnly) {
             entry = (CK_C_GetFunctionList)
                         PR_FindSymbol(library, "C_GetFunctionList");
         }
         if (mod->isModuleDB) {
             mod->moduleDBFunc = (void *)
                         PR_FindSymbol(library, "NSS_ReturnModuleSpecData");
         }
++#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
 +library_loaded:
++#endif
         if (mod->moduleDBFunc == NULL) mod->isModuleDB = PR_FALSE;
         if (entry == NULL) {
             if (mod->isModuleDB) {
                 mod->loaded = PR_TRUE;
                 mod->moduleDBOnly = PR_TRUE;
                 return SECSuccess;
             }
             PR_UnloadLibrary(library);
-@@ -588,33 +618,40 @@ SECMOD_UnloadModule(SECMODModule *mod) {
+@@ -556,33 +588,40 @@ SECMOD_UnloadModule(SECMODModule *mod) {
      }
      mod->moduleID = 0;
      mod->loaded = PR_FALSE;
      
      /* do we want the semantics to allow unloading the internal library?
       * if not, we should change this to SECFailure and move it above the
       * mod->loaded = PR_FALSE; */
      if (mod->internal && (mod->dllName == NULL)) {
 +#ifndef NSS_STATIC
          if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
@@ skipping 23 matching lines @@
      }
  
      disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
      if (!disableUnload) {
          PR_UnloadLibrary(library);
      }
      return SECSuccess;
 Index: mozilla/security/nss/lib/softoken/lgglue.c
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/softoken/lgglue.c,v
-retrieving revision 1.13
-diff -p -u -8 -r1.13 lgglue.c
---- mozilla/security/nss/lib/softoken/lgglue.c  16 Apr 2009 18:19:26 -0000      1.13
-+++ mozilla/security/nss/lib/softoken/lgglue.c  25 Oct 2011 22:35:58 -0000
-@@ -50,16 +50,17 @@
+retrieving revision 1.14
+diff -p -u -8 -r1.14 lgglue.c
+--- mozilla/security/nss/lib/softoken/lgglue.c  25 Apr 2012 14:50:10 -0000      1.14
++++ mozilla/security/nss/lib/softoken/lgglue.c  7 Nov 2012 01:10:07 -0000
+@@ -18,16 +18,17 @@
  
  static LGOpenFunc legacy_glue_open = NULL;
  static LGReadSecmodFunc legacy_glue_readSecmod = NULL;
  static LGReleaseSecmodFunc legacy_glue_releaseSecmod = NULL;
  static LGDeleteSecmodFunc legacy_glue_deleteSecmod = NULL;
  static LGAddSecmodFunc legacy_glue_addSecmod = NULL;
  static LGShutdownFunc legacy_glue_shutdown = NULL;
  
 +#ifndef NSS_STATIC
  /*
   * The following 3 functions duplicate the work done by bl_LoadLibrary.
   * We should make bl_LoadLibrary a global and replace the call to
   * sftkdb_LoadLibrary(const char *libname) with it.
   */
  #ifdef XP_UNIX
  #include <unistd.h>
  #define LG_MAX_LINKS 20
-@@ -187,16 +188,17 @@ done:
+@@ -155,16 +156,17 @@ done:
         PRLibSpec libSpec;
         libSpec.type = PR_LibSpec_Pathname;
         libSpec.value.pathname = libname;
         lib = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
      }
  
      return lib;
  }
 +#endif  /* STATIC LIBRARIES */
  
  /*
   * stub files for legacy db's to be able to encrypt and decrypt
   * various keys and attributes.
   */
  static SECStatus
  sftkdb_encrypt_stub(PRArenaPool *arena, SDB *sdb, SECItem *plainText,
                     SECItem **cipherText)
-@@ -299,16 +301,31 @@ sftkdbLoad_Legacy(PRBool isFIPS)
+@@ -267,16 +269,31 @@ sftkdbLoad_Legacy(PRBool isFIPS)
                  * get cleared in shutdown */
                 return SECFailure;
             }
             legacy_glue_libCheckSucceeded = PR_TRUE;
         } 
         return SECSuccess;
      }
  
 +#ifdef NSS_STATIC
 +#ifdef NSS_DISABLE_DBM
@@ skipping 11 matching lines @@
 +#endif
 +#else
      lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME);
      if (lib == NULL) {
         return SECFailure;
      }
      
      legacy_glue_open = (LGOpenFunc)PR_FindFunctionSymbol(lib, "legacy_Open");
      legacy_glue_readSecmod = (LGReadSecmodFunc) PR_FindFunctionSymbol(lib,
                                                  "legacy_ReadSecmodDB");
-@@ -324,21 +341,24 @@ sftkdbLoad_Legacy(PRBool isFIPS)
+@@ -292,21 +309,24 @@ sftkdbLoad_Legacy(PRBool isFIPS)
                                                 "legacy_SetCryptFunctions");
  
      if (!legacy_glue_open || !legacy_glue_readSecmod || 
             !legacy_glue_releaseSecmod || !legacy_glue_deleteSecmod || 
             !legacy_glue_addSecmod || !setCryptFunction) {
         PR_UnloadLibrary(lib);
         return SECFailure;
      }
 +#endif  /* NSS_STATIC */
  
      /* verify the loaded library if we are in FIPS mode */
      if (isFIPS) {
         if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) {
 +#ifndef NSS_STATIC
             PR_UnloadLibrary(lib);
 +#endif
             return SECFailure;
         }
         legacy_glue_libCheckSucceeded = PR_TRUE;
      } 
  
      setCryptFunction(sftkdb_encrypt_stub,sftkdb_decrypt_stub);
      legacy_glue_lib = lib;
      return SECSuccess;
-@@ -445,20 +465,22 @@ sftkdbCall_Shutdown(void)
+@@ -413,20 +433,22 @@ sftkdbCall_Shutdown(void)
         return CKR_OK;
      }
      if (legacy_glue_shutdown) {
  #ifdef NO_FORK_CHECK
         PRBool parentForkedAfterC_Initialize = PR_FALSE;
  #endif
         crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize);
      }
 +#ifndef NSS_STATIC
      disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
      if (!disableUnload) {
          PR_UnloadLibrary(legacy_glue_lib);
      }
 +#endif
      legacy_glue_lib = NULL;
      legacy_glue_open = NULL;
      legacy_glue_readSecmod = NULL;
      legacy_glue_releaseSecmod = NULL;
      legacy_glue_deleteSecmod = NULL;
      legacy_glue_addSecmod = NULL;
      legacy_glue_libCheckFailed    = PR_FALSE;
      legacy_glue_libCheckSucceeded = PR_FALSE;
 Index: mozilla/security/nss/lib/softoken/lgglue.h
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/softoken/lgglue.h,v
-retrieving revision 1.4
-diff -p -u -8 -r1.4 lgglue.h
---- mozilla/security/nss/lib/softoken/lgglue.h  16 Apr 2009 18:19:26 -0000      1.4
-+++ mozilla/security/nss/lib/softoken/lgglue.h  25 Oct 2011 22:35:58 -0000
-@@ -65,16 +65,35 @@ typedef SECStatus (*LGDeleteSecmodFunc)(
+retrieving revision 1.5
+diff -p -u -8 -r1.5 lgglue.h
+--- mozilla/security/nss/lib/softoken/lgglue.h  25 Apr 2012 14:50:10 -0000      1.5
++++ mozilla/security/nss/lib/softoken/lgglue.h  7 Nov 2012 01:10:07 -0000
+@@ -33,16 +33,35 @@ typedef SECStatus (*LGDeleteSecmodFunc)(
                         const char *dbname, char *params, PRBool rw);
  typedef SECStatus (*LGAddSecmodFunc)(const char *appName, 
                         const char *filename, 
                         const char *dbname, char *params, PRBool rw);
  typedef SECStatus (*LGShutdownFunc)(PRBool forked);
  typedef void (*LGSetForkStateFunc)(PRBool);
  typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc);
  
 +extern CK_RV legacy_Open(const char *dir, const char *certPrefix, 
 +               const char *keyPrefix, 
@@ skipping 18 matching lines @@
   * Softoken Glue Functions
   */
  CK_RV sftkdbCall_open(const char *dir, const char *certPrefix, 
                 const char *keyPrefix, 
                 int certVersion, int keyVersion, int flags, PRBool isFIPS,
                 SDB **certDB, SDB **keyDB);
  char ** sftkdbCall_ReadSecmodDB(const char *appName, const char *filename, 
 Index: mozilla/security/nss/lib/util/secport.h
 ===================================================================
 RCS file: /cvsroot/mozilla/security/nss/lib/util/secport.h,v
-retrieving revision 1.27
-diff -p -u -8 -r1.27 secport.h
---- mozilla/security/nss/lib/util/secport.h     4 Oct 2011 18:46:04 -0000       1.27
-+++ mozilla/security/nss/lib/util/secport.h     25 Oct 2011 22:35:58 -0000
-@@ -248,16 +248,17 @@ sec_port_iso88591_utf8_conversion_functi
+retrieving revision 1.28
+diff -p -u -8 -r1.28 secport.h
+--- mozilla/security/nss/lib/util/secport.h     25 Apr 2012 14:50:16 -0000      1.28
++++ mozilla/security/nss/lib/util/secport.h     7 Nov 2012 01:10:07 -0000
+@@ -216,16 +216,17 @@ sec_port_iso88591_utf8_conversion_functi
    unsigned int maxOutBufLen,
    unsigned int *outBufLen
  );
  
  extern int NSS_PutEnv(const char * envVarName, const char * envValue);
  
  extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n);
  
 +#ifndef NSS_STATIC
  /*
   * Load a shared library called "newShLibName" in the same directory as
   * a shared library that is already loaded, called existingShLibName.
   * A pointer to a static function in that shared library,
   * staticShLibFunc, is required.
   *
   * existingShLibName:
   *   The file name of the shared library that shall be used as the 
-@@ -282,12 +283,13 @@ extern int NSS_SecureMemcmp(const void *
+@@ -250,12 +251,13 @@ extern int NSS_SecureMemcmp(const void *
   *
   * If the new shared library is not found in the same location as the reference
   * library, it will then be loaded from the normal system library path.
   */
  PRLibrary *
  PORT_LoadLibraryFromOrigin(const char* existingShLibName,
                   PRFuncPtr staticShLibFunc,
                   const char *newShLibName);
 +#endif  /* NSS_STATIC */
  
  SEC_END_PROTOS
  
  #endif /* _SECPORT_H_ */