Bug 1137470, Upgrade aurora to NSS_3_18_RTM, bump version requirement, remove obsolete doc patch, clobber, a=sledru

CLOBBER

@@ -22,4 +22,4 @@
 # changes to stick? As of bug 928195, this shouldn't be necessary! Please
 # don't change CLOBBER for WebIDL changes any more.
 
-Bug 1137470 NSS update required a clobber to fully rebuild
+Bug 1137470 NSS update required a clobber to fully rebuild, as an API was removed

configure.in

@@ -3627,7 +3627,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
     _USE_SYSTEM_NSS=1 )
 
 if test -n "$_USE_SYSTEM_NSS"; then
-    AM_PATH_NSS(3.17.4, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+    AM_PATH_NSS(3.18, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
 fi
 
 if test -n "$MOZ_NATIVE_NSS"; then

security/nss/TAG-INFO

@@ -1 +1 @@
-NSS_3_18_RC0
+NSS_3_18_RTM

security/nss/coreconf/coreconf.dep

@@ -10,4 +10,3 @@
  */
 
 #error "Do not include this header file."
-

security/nss/lib/certdb/cert.h

@@ -932,11 +932,6 @@ extern char * CERT_FindNSStringExtension (CERTCertificate *cert, int oidtag);
 extern SECStatus CERT_FindCertExtensionByOID
    (CERTCertificate *cert, SECItem *oid, SECItem *value);
 
-/* Find a URL extension in the cert.
-** The caller must free the result string using PORT_Free.
-*/
-extern char *CERT_FindCertURLExtension (CERTCertificate *cert, SECOidTag tag);
-
 /* Returns the decoded value of the authKeyID extension.
 **   Note that this uses passed in the arena to allocate storage for the result
 */

security/nss/lib/certdb/certdb.h

@@ -75,6 +75,21 @@ SECStatus SEC_DeletePermCertificate(CERTCertificate *cert);
 PRBool
 SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old);
 
+/*
+** Extract the validity times from a CRL
+**	"crl" is the CRL
+**	"notBefore" is the start of the validity period (last update)
+**	"notAfter" is the end of the validity period (next update)
+*/
+SECStatus
+SEC_GetCrlTimes(CERTCrl *crl, PRTime *notBefore, PRTime *notAfter);
+
+/*
+** Check the validity times of a crl vs. time 't', allowing
+** some slop for broken clocks and stuff.
+**	"crl" is the certificate to be checked
+**	"t" is the time to check against
+*/
 SECCertTimeValidity
 SEC_CheckCrlTimes(CERTCrl *crl, PRTime t);
 

security/nss/lib/certdb/certv3.c

@@ -43,72 +43,6 @@ CERT_StartCertExtensions(CERTCertificate *cert)
     return (cert_StartExtensions ((void *)cert, cert->arena, SetExts));
 }
 
-/* find a URL extension in the cert
- */
-char *
-CERT_FindCertURLExtension(CERTCertificate *cert, SECOidTag tag)
-{
-    SECStatus rv;
-    SECItem urlitem = {siBuffer,0};
-    SECItem urlstringitem = {siBuffer,0};
-    PLArenaPool *arena = NULL;
-    char *urlstring = NULL;
-    char *str;
-    int len;
-    
-    if (!cert) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return NULL;
-    }
-
-    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if ( ! arena ) {
-	goto loser;
-    }
-    
-    rv = cert_FindExtension(cert->extensions, tag, &urlitem);
-    if ( rv != SECSuccess ) {
-	goto loser;
-    }
-
-    rv = SEC_QuickDERDecodeItem(arena, &urlstringitem,
-                                SEC_ASN1_GET(SEC_IA5StringTemplate), &urlitem);
-
-    if ( rv != SECSuccess ) {
-	goto loser;
-    }
-    
-    len = urlstringitem.len + 1;
-    
-    str = urlstring = (char *)PORT_Alloc(len);
-    if ( urlstring == NULL ) {
-	goto loser;
-    }
-    
-    /* copy the URL */
-    PORT_Memcpy(str, urlstringitem.data, urlstringitem.len);
-    str += urlstringitem.len;
-    
-    *str = '\0';
-    goto done;
-    
-loser:
-    if ( urlstring ) {
-	PORT_Free(urlstring);
-    }
-    
-    urlstring = NULL;
-done:
-    if ( arena ) {
-	PORT_FreeArena(arena, PR_FALSE);
-    }
-    if ( urlitem.data ) {
-	PORT_Free(urlitem.data);
-    }
-
-    return(urlstring);
-}
-
 /*
  * get the value of the Netscape Certificate Type Extension
  */

security/nss/lib/ckfw/builtins/nssckbi.h

@@ -45,8 +45,8 @@
  * of the comment in the CK_VERSION type definition.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION "2.2"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 3
+#define NSS_BUILTINS_LIBRARY_VERSION "2.3"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1

security/nss/lib/nss/nss.def

@@ -1065,7 +1065,6 @@ PK11_PrivDecrypt;
 ;+NSS_3.18 { 	# NSS 3.18 release
 ;+    global:
 __PK11_SetCertificateNickname;
-CERT_FindCertURLExtension;
 SEC_CheckCrlTimes;
 SEC_GetCrlTimes;
 ;+    local:

security/nss/lib/nss/nss.h

@@ -37,7 +37,7 @@
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   18
 #define NSS_VPATCH   0
-#define NSS_VBUILD   0
+#define NSS_VBUILD   2
 #define NSS_BETA     PR_FALSE
 
 #ifndef RC_INVOKED

security/nss/lib/softoken/softkver.h

@@ -29,7 +29,7 @@
 #define SOFTOKEN_VMAJOR   3
 #define SOFTOKEN_VMINOR   18
 #define SOFTOKEN_VPATCH   0
-#define SOFTOKEN_VBUILD   0
+#define SOFTOKEN_VBUILD   2
 #define SOFTOKEN_BETA     PR_FALSE
 
 #endif /* _SOFTKVER_H_ */

security/nss/lib/util/nssutil.h

@@ -23,7 +23,7 @@
 #define NSSUTIL_VMAJOR   3
 #define NSSUTIL_VMINOR   18
 #define NSSUTIL_VPATCH   0
-#define NSSUTIL_VBUILD   0
+#define NSSUTIL_VBUILD   2
 #define NSSUTIL_BETA     PR_FALSE
 
 SEC_BEGIN_PROTOS

security/nss/tests/memleak/memleak.sh

@@ -206,7 +206,8 @@ set_test_mode()
 		${BINDIR}/modutil -dbdir ${CLIENT_DB} -list
 		
 		echo "${SCRIPTNAME}: FIPS is OFF"
-		cipher_list="A B C D E F :C001 :C002 :C003 :C004 :C005 :C006 :C007 :C008 :C009 :C00A :C010 :C011 :C012 :C013 :C014 c d e f g i j k l m n v y z"
+		# ciphers l and m removed, see bug 1136095
+		cipher_list="A B C D E F :C001 :C002 :C003 :C004 :C005 :C006 :C007 :C008 :C009 :C00A :C010 :C011 :C012 :C013 :C014 c d e f g i j k n v y z"
 	fi
 }