OLD | NEW |
| (Empty) |
1 Name: Network Security Services (NSS) | |
2 Short Name: nss | |
3 URL: http://www.mozilla.org/projects/security/pki/nss/ | |
4 Version: 3.21 | |
5 License: MPL 2 | |
6 License File: nss/COPYING | |
7 Security Critical: yes | |
8 | |
9 Description: | |
10 NSS 3.21 with NSPR 4.11 | |
11 | |
12 This copy of NSS has been customized for Chromium. NSPR is also put here | |
13 rather than in a separate directory to emphasize the fact that Chromium is | |
14 using NSPR strictly as an NSS dependency. | |
15 | |
16 We took a subset of NSS, omitting the SSL and SMIME libraries. | |
17 This NSS subset satisfies the dependencies of the NSS SSL library in | |
18 src/net/third_party/nss. Do NOT use this copy of NSS on platforms that | |
19 have NSS as system libraries, such as Linux. | |
20 | |
21 The source code was checked out from the mozilla.org CVS or hg repository using | |
22 the nspr-checkout.sh and nss-checkout.sh scripts in the scripts directory. | |
23 The current source code was checked out with the hg tag NSS_3_21_RTM | |
24 and the hg tag NSPR_4_11_RTM. | |
25 | |
26 Local Modifications: | |
27 | |
28 We made the following local changes to NSPR. | |
29 - patches/nspr-static.patch: to build NSPR as static libraries. See NSPR | |
30 bug 533014 (https://bugzilla.mozilla.org/show_bug.cgi?id=533014). | |
31 - patches/prcpucfg.h: added to the nspr/pr/include directory. | |
32 - patches/nspr-attach-as-system-thread.patch: attach a "foreign" thread | |
33 (a thread not created by NSPR) to NSPR as a "system" thread rather than | |
34 a "user" thread, which needs to terminate before PR_Cleanup can return. | |
35 (The "system" vs. "user" thread distinction comes from Java, and | |
36 ultimately from Solaris threads.) This is a workaround for | |
37 http://crbug.com/40663. | |
38 - patches/nspr-remove-io.patch: Remove IO operations in NSPR to allow NSS | |
39 to work in the sandbox. Do not initialize IO when initializing NSPR. | |
40 Windows version of NSPR also tried to use getaddrinfo to resolve hostname | |
41 in a SSL connection. By removing _PR_HAVE_GETADDRINFO this will force it | |
42 to use PR_GetHostByName. Removing _PR_INET6_PROBE will prevent it from | |
43 creating an IPv6 socket to probe if IPv6 is there. | |
44 DO NOT upstream this patch. | |
45 | |
46 We made the following local changes to NSS. | |
47 | |
48 Files Added: | |
49 - nss/lib/ckfw/builtins/certdata.c: a generated file. Do an upstream NSS | |
50 build and copy the generated certdata.c. | |
51 - nss/lib/freebl/nss_build_config_mac.h: a header that defines the target | |
52 arch specific configuration macros for lib/freebl on iOS and Mac OS X. | |
53 This works around the lack of support for the xcode_settings | |
54 GCC_PREPROCESSOR_DEFINITIONS[arch=foo] by the ninja GYP generator | |
55 (http://crbug.com/122592). | |
56 - nss/lib/freebl/mpi/mpi_arm_mac.c: a wrapper file for mpi_arm.c for iOS | |
57 and Mac OS X. This works around the inability to specify target arch | |
58 specific source files in Xcode. | |
59 | |
60 Patches Applied: | |
61 - patches/nss-remove-fortezza.patch: remove Fortezza certificate support | |
62 from PK11_ImportPublicKey. See NSS bug 668397 | |
63 (https://bugzilla.mozilla.org/show_bug.cgi?id=668397). | |
64 - patches/nss-urandom-abort.patch: call abort() if NSS cannot read from | |
65 /dev/urandom. See Chromium issue 244661 (http://crbug.com/244661). | |
66 - patches/nss-static.patch: to build NSS as static libraries and omit | |
67 libpkix (the new certification path validation library) and | |
68 softoken/legacydb (support for the old Berkeley DB databases). See NSS | |
69 bug 534471 (https://bugzilla.mozilla.org/show_bug.cgi?id=534471). | |
70 | |
OLD | NEW |