Add m-esr52 at 52.6.0

5 files changed, 1301 insertions, 0 deletions

diff --git a/config/external/nss/Makefile.in b/config/external/nss/Makefile.in
new file mode 100644
index 000000000..4b95a32bd
--- /dev/null
+++ b/config/external/nss/Makefile.in
@@ -0,0 +1,488 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ifndef MOZ_SYSTEM_NSS
+
+CC_WRAPPER =
+CXX_WRAPPER =
+
+default::
+
+include $(topsrcdir)/config/makefiles/functions.mk
+
+NSS_LIBS = \
+  nss3 \
+  nssutil3 \
+  smime3 \
+  ssl3 \
+  $(NULL)
+
+ifdef MOZ_FOLD_LIBS
+NSS_DLLS = $(LIBRARY_NAME)
+else
+NSS_DLLS = $(NSS_LIBS)
+endif
+
+NSS_EXTRA_DLLS = \
+  nssckbi \
+  softokn3 \
+  $(NULL)
+
+ifndef NSS_DISABLE_DBM
+NSS_EXTRA_DLLS += nssdbm3
+endif
+
+SDK_LIBS = crmf
+
+ifneq (,$(filter WINNT,$(OS_ARCH)))
+SDK_LIBS += $(NSS_DLLS)
+endif
+
+# Default
+HAVE_FREEBL_LIBS = 1
+
+# 32-bit HP-UX PA-RISC
+ifeq ($(OS_ARCH), HP-UX)
+ifneq ($(OS_TEST), ia64)
+ifndef HAVE_64BIT_BUILD
+HAVE_FREEBL_LIBS =
+HAVE_FREEBL_LIBS_32INT32 = 1
+HAVE_FREEBL_LIBS_32FPU = 1
+endif
+endif
+endif
+
+# SunOS SPARC
+ifeq ($(OS_ARCH), SunOS)
+ifneq (86,$(findstring 86,$(OS_TEST)))
+ifdef HAVE_64BIT_BUILD
+HAVE_FREEBL_LIBS =
+HAVE_FREEBL_LIBS_64 = 1
+else
+HAVE_FREEBL_LIBS =
+HAVE_FREEBL_LIBS_32FPU = 1
+HAVE_FREEBL_LIBS_32INT64 = 1
+endif
+endif
+endif
+
+ifeq ($(OS_TARGET),Linux)
+HAVE_FREEBL_LIBS = 
+HAVE_FREEBL_LIBS_PRIV = 1
+FREEBL_LOWHASH_FLAG = FREEBL_LOWHASH=1
+endif
+
+ifdef HAVE_FREEBL_LIBS
+NSS_EXTRA_DLLS += freebl3
+endif
+ifdef HAVE_FREEBL_LIBS_PRIV
+NSS_EXTRA_DLLS += freeblpriv3
+endif
+ifdef HAVE_FREEBL_LIBS_32INT32
+NSS_EXTRA_DLLS += freebl_32int_3
+endif
+ifdef HAVE_FREEBL_LIBS_32FPU
+NSS_EXTRA_DLLS += freebl_32fpu_3
+endif
+ifdef HAVE_FREEBL_LIBS_32INT64
+NSS_EXTRA_DLLS += freebl_32int64_3
+endif
+ifdef HAVE_FREEBL_LIBS_64
+NSS_EXTRA_DLLS += freebl_64int_3
+NSS_EXTRA_DLLS += freebl_64fpu_3
+endif
+
+# For all variables such as DLLFLAGS, that may contain $(DIST)
+DIST := $(ABS_DIST)
+# TODO: move this all to configure, but in Python
+ifndef MOZ_BUILD_NSPR
+NSPR_INCLUDE_DIR = $(firstword $(filter -I%,$(NSPR_CFLAGS)))
+ifneq (,$(strip $(NSPR_INCLUDE_DIR)))
+NSPR_INCLUDE_DIR := $(subst -I,,$(subst -I$(DIST),-I$(ABS_DIST),$(NSPR_INCLUDE_DIR)))
+else
+$(error Your NSPR CFLAGS are broken!)
+endif
+NSPR_LIB_DIR = $(firstword $(filter -L%,$(NSPR_LIBS)))
+ifneq (,$(strip $(NSPR_LIB_DIR)))
+NSPR_LIB_DIR := $(subst -L,,$(subst -L$(DIST),-L$(ABS_DIST),$(NSPR_LIB_DIR)))
+else
+$(error Your NSPR LDFLAGS are broken!)
+endif
+endif
+
+# To get debug symbols from NSS
+export MOZ_DEBUG_SYMBOLS
+
+DEFAULT_GMAKE_FLAGS =
+DEFAULT_GMAKE_FLAGS += CC='$(CC)'
+DEFAULT_GMAKE_FLAGS += MT='$(MT)'
+DEFAULT_GMAKE_FLAGS += LD='$(LD)'
+DEFAULT_GMAKE_FLAGS += SOURCE_MD_DIR=$(ABS_DIST)
+DEFAULT_GMAKE_FLAGS += SOURCE_MDHEADERS_DIR=$(NSPR_INCLUDE_DIR)
+DEFAULT_GMAKE_FLAGS += DIST=$(ABS_DIST)
+DEFAULT_GMAKE_FLAGS += NSPR_INCLUDE_DIR=$(NSPR_INCLUDE_DIR)
+DEFAULT_GMAKE_FLAGS += NSPR_LIB_DIR=$(NSPR_LIB_DIR)
+DEFAULT_GMAKE_FLAGS += MOZILLA_CLIENT=1
+DEFAULT_GMAKE_FLAGS += NO_MDUPDATE=1
+DEFAULT_GMAKE_FLAGS += NSS_ENABLE_ECC=1
+DEFAULT_GMAKE_FLAGS += NSS_ENABLE_TLS_1_3=1
+ifeq ($(OS_ARCH)_$(GNU_CC),WINNT_1)
+DEFAULT_GMAKE_FLAGS += OS_DLLFLAGS='-static-libgcc' NSPR31_LIB_PREFIX=lib
+endif
+ifndef MOZ_SYSTEM_SQLITE
+ifdef MOZ_FOLD_LIBS
+DEFAULT_GMAKE_FLAGS += SQLITE_LIB_NAME=nss3
+else
+DEFAULT_GMAKE_FLAGS += SQLITE_LIB_NAME=mozsqlite3
+DEFAULT_GMAKE_FLAGS += SQLITE_LIB_DIR=$(ABS_DIST)/../config/external/sqlite
+endif # MOZ_FOLD_LIBS
+DEFAULT_GMAKE_FLAGS += SQLITE_INCLUDE_DIR=$(ABS_DIST)/include
+endif
+ifdef NSS_DISABLE_DBM 
+DEFAULT_GMAKE_FLAGS += NSS_DISABLE_DBM=1
+endif
+# Hack to force NSS build system to use "normal" object directories
+DEFAULT_GMAKE_FLAGS += topsrcdir='$(topsrcdir)'
+# topsrcdir can't be expanded here because msys path mangling likes to break
+# paths in that case.
+DEFAULT_GMAKE_FLAGS += BUILD='$(MOZ_BUILD_ROOT)/security/$$(subst $$(topsrcdir)/security/,,$$(CURDIR))'
+DEFAULT_GMAKE_FLAGS += BUILD_TREE='$$(BUILD)' OBJDIR='$$(BUILD)' DEPENDENCIES='$$(BUILD)/.deps' SINGLE_SHLIB_DIR='$$(BUILD)'
+DEFAULT_GMAKE_FLAGS += SOURCE_XP_DIR=$(ABS_DIST)
+ifndef MOZ_DEBUG
+DEFAULT_GMAKE_FLAGS += BUILD_OPT=1 OPT_CODE_SIZE=1
+endif
+ifdef GNU_CC
+DEFAULT_GMAKE_FLAGS += NS_USE_GCC=1
+else
+DEFAULT_GMAKE_FLAGS += NS_USE_GCC=
+endif
+ifdef USE_N32
+# It is not really necessary to specify USE_PTHREADS=1.  USE_PTHREADS
+# merely adds _PTH to coreconf's OBJDIR name.
+DEFAULT_GMAKE_FLAGS += USE_N32=1 USE_PTHREADS=1
+endif
+ifdef HAVE_64BIT_BUILD
+DEFAULT_GMAKE_FLAGS += USE_64=1
+endif
+ifeq ($(OS_ARCH),WINNT)
+DEFAULT_GMAKE_FLAGS += OS_TARGET=WIN95
+ifdef MOZ_DEBUG
+ifndef MOZ_NO_DEBUG_RTL
+DEFAULT_GMAKE_FLAGS += USE_DEBUG_RTL=1
+endif
+endif
+endif # WINNT
+ifeq ($(OS_ARCH),Darwin)
+# Make nsinstall use absolute symlinks by default when building NSS
+# for Mozilla on Mac OS X. (Bugzilla bug 193164)
+ifndef NSDISTMODE
+DEFAULT_GMAKE_FLAGS += NSDISTMODE=absolute_symlink
+endif
+ifdef MACOS_SDK_DIR
+DEFAULT_GMAKE_FLAGS += MACOS_SDK_DIR=$(MACOS_SDK_DIR)
+endif
+endif
+
+# Turn off TLS compression support because it requires system zlib.
+# See bug 580679 comment 18.
+DEFAULT_GMAKE_FLAGS += NSS_SSL_ENABLE_ZLIB=
+
+# Disable building of the test programs in security/nss/lib/zlib
+DEFAULT_GMAKE_FLAGS += PROGRAMS=
+
+# Disable creating .chk files. They will be generated from packager.mk
+# When bug 681624 lands, we can replace CHECKLOC= with SKIP_SHLIBSIGN=1
+DEFAULT_GMAKE_FLAGS += CHECKLOC=
+
+ifdef CROSS_COMPILE
+
+DEFAULT_GMAKE_FLAGS += \
+	NATIVE_CC='$(HOST_CC)' \
+	CC='$(CC)' \
+	CCC='$(CXX)' \
+	AS='$(AS)' \
+	AR='$(AR) $(AR_FLAGS:$@=$$@)' \
+	RANLIB='$(RANLIB)' \
+	RC='$(RC) $(RCFLAGS)' \
+	OS_ARCH='$(OS_ARCH)' \
+	OS_TEST='$(OS_TEST)' \
+	CPU_ARCH='$(TARGET_CPU)' \
+	$(NULL)
+
+# Android has pthreads integrated into -lc, so OS_PTHREAD is set to nothing
+ifeq ($(OS_TARGET), Android)
+DEFAULT_GMAKE_FLAGS += \
+	OS_RELEASE='2.6' \
+	OS_PTHREAD= \
+	$(NULL)
+
+DEFAULT_GMAKE_FLAGS += ARCHFLAG='$(filter-out -W%,$(CFLAGS)) -DCHECK_FORK_GETPID $(addprefix -DANDROID_VERSION=,$(ANDROID_VERSION)) -include $(topsrcdir)/security/manager/android_stub.h'
+endif
+endif
+
+ifdef WRAP_LDFLAGS
+NSS_EXTRA_LDFLAGS += $(WRAP_LDFLAGS)
+endif
+
+# The SHARED_LIBS part is needed unconditionally on Android.  It's not
+# clear why this is the case, but see bug 1133073 (starting around
+# comment #8) for context.
+ifneq (,$(or $(MOZ_GLUE_WRAP_LDFLAGS), $(filter Android, $(OS_TARGET))))
+NSS_EXTRA_LDFLAGS += $(SHARED_LIBS:$(DEPTH)%=$(MOZ_BUILD_ROOT)%) $(MOZ_GLUE_WRAP_LDFLAGS)
+endif
+
+ifneq (,$(NSS_EXTRA_LDFLAGS))
+DEFAULT_GMAKE_FLAGS += \
+	LDFLAGS='$(LDFLAGS) $(NSS_EXTRA_LDFLAGS)' \
+	DSO_LDOPTS='$(DSO_LDOPTS) $(LDFLAGS) $(NSS_EXTRA_LDFLAGS)' \
+	$(NULL)
+endif
+
+DEFAULT_GMAKE_FLAGS += FREEBL_NO_DEPEND=0 $(FREEBL_LOWHASH_FLAG)
+DEFAULT_GMAKE_FLAGS += NSS_ALLOW_SSLKEYLOGFILE=1
+
+ifdef MOZ_NO_WLZDEFS
+DEFAULT_GMAKE_FLAGS += ZDEFS_FLAG=
+endif
+ifdef MOZ_CFLAGS_NSS
+NSS_XCFLAGS += $(filter-out -W%,$(CFLAGS))
+DEFAULT_GMAKE_FLAGS += DARWIN_DYLIB_VERSIONS='-compatibility_version 1 -current_version 1 $(LDFLAGS)'
+endif
+ifeq (1_1,$(CLANG_CL)_$(MOZ_ASAN))
+XLDFLAGS := $(OS_LDFLAGS)
+DEFAULT_GMAKE_FLAGS += XLDFLAGS='$(XLDFLAGS)'
+endif
+
+DEFAULT_GMAKE_FLAGS += NSS_NO_PKCS11_BYPASS=1
+
+# Put NSS headers directly under $(DIST)/include
+DEFAULT_GMAKE_FLAGS += PUBLIC_EXPORT_DIR='$(ABS_DIST)/include/$$(MODULE)'
+DEFAULT_GMAKE_FLAGS += SOURCE_XPHEADERS_DIR='$$(SOURCE_XP_DIR)/include/$$(MODULE)'
+DEFAULT_GMAKE_FLAGS += MODULE_INCLUDES='$$(addprefix -I$$(SOURCE_XP_DIR)/include/,$$(REQUIRES))'
+
+# Work around NSS's MAKE_OBJDIR being racy. See bug #836220
+DEFAULT_GMAKE_FLAGS += MAKE_OBJDIR='$$(INSTALL) -D $$(OBJDIR)'
+
+# Work around NSS adding IMPORT_LIBRARY to TARGETS with no rule for
+# it, creating race conditions. See bug #836220
+DEFAULT_GMAKE_FLAGS += TARGETS='$$(LIBRARY) $$(SHARED_LIBRARY) $$(PROGRAM)'
+
+ifdef MOZ_FOLD_LIBS_FLAGS
+NSS_XCFLAGS += $(MOZ_FOLD_LIBS_FLAGS)
+endif
+
+# Pass on the MSVC target arch from the main build system.
+# Note this is case- and switch-character sensitive, while
+# the MSVC option is not.
+ifeq (WINNT,$(OS_TARGET))
+NSS_XCFLAGS += $(filter -arch:%,$(CFLAGS))
+endif
+
+# Enable short header experiment. Firefox only.
+NSS_XCFLAGS += -DNSS_ENABLE_TLS13_SHORT_HEADERS
+
+# Export accumulated XCFLAGS to modify nss defaults.
+DEFAULT_GMAKE_FLAGS += XCFLAGS='$(NSS_XCFLAGS)'
+
+NSS_SRCDIR = $(topsrcdir)
+
+NSS_DIRS =
+ifndef MOZ_FOLD_LIBS
+NSS_DIRS += nss/lib
+else
+ifndef NSS_DISABLE_DBM
+NSS_DIRS += nss/lib/dbm
+endif
+endif
+NSS_DIRS += \
+  nss/cmd/lib \
+  nss/cmd/shlibsign \
+  $(NULL)
+
+ifdef ENABLE_TESTS
+NSS_DIRS += \
+  nss/cmd/certutil \
+  nss/cmd/pk12util \
+  nss/cmd/modutil \
+  $(NULL)
+endif
+
+ifneq (,$(filter %--build-id,$(LDFLAGS)))
+DEFAULT_GMAKE_ENV = LDFLAGS=-Wl,--build-id
+endif
+
+ifdef MOZ_FOLD_LIBS
+# TODO: The following can be replaced by something simpler when bug 844880
+# is fixed.
+# All static libraries required for nss, smime, ssl and nssutil.
+# The strip is needed to remove potential linefeed characters, since they hang
+# around in some cases on Windows.
+NSS_STATIC_LIBS := $(strip $(shell $(MAKE) --no-print-directory -f $(srcdir)/nss.mk DEPTH='$(DEPTH)' topsrcdir='$(topsrcdir)' srcdir='$(srcdir)' echo-variable-libs))
+# Corresponding build directories
+NSS_STATIC_DIRS := $(foreach lib,$(NSS_STATIC_LIBS),$(patsubst %/,%,$(dir $(lib))))
+NSS_DIRS += $(NSS_STATIC_DIRS)
+
+# TODO: The following can be replaced by something simpler when bug 844884
+# is fixed.
+# Remaining nss/lib directories
+NSS_DIRS += nss/lib/freebl nss/lib/softoken nss/lib/jar nss/lib/crmf nss/lib/ckfw
+
+DEFAULT_GMAKE_FLAGS += NSS_DISABLE_LIBPKIX=1
+
+ifeq (WINNT,$(OS_TARGET))
+NSS_DIRS += nss/lib/zlib
+endif
+endif # MOZ_FOLD_LIBS
+
+# Filter-out $(LIBRARY_NAME) because it's already handled in config/rules.mk.
+NSS_DIST_DLL_FILES := $(addprefix $(DIST)/lib/$(DLL_PREFIX),$(addsuffix $(DLL_SUFFIX),$(filter-out $(LIBRARY_NAME),$(NSS_DLLS)) $(NSS_EXTRA_DLLS)))
+NSS_DIST_DLL_DEST := $(DIST)/bin
+NSS_DIST_DLL_TARGET := target
+INSTALL_TARGETS += NSS_DIST_DLL
+
+ifeq ($(OS_ARCH)_$(1), SunOS_softokn3)
+# has to use copy mode on Solaris, see #665509
+$(DIST)/bin/$(DLL_PREFIX)softokn3$(DLL_SUFFIX): INSTALL := $(INSTALL) -t
+endif
+
+NSS_SDK_LIB_FILES := \
+  $(addprefix $(DIST)/lib/$(LIB_PREFIX),$(addsuffix .$(LIB_SUFFIX),$(SDK_LIBS))) \
+  $(addprefix $(DIST)/bin/$(DLL_PREFIX),$(addsuffix $(DLL_SUFFIX),$(NSS_DLLS))) \
+  $(NULL)
+NSS_SDK_LIB_DEST := $(DIST)/sdk/lib
+NSS_SDK_LIB_TARGET := target
+INSTALL_TARGETS += NSS_SDK_LIB
+
+ifdef MOZ_FOLD_LIBS
+# Add all static libraries for nss, smime, ssl and nssutil
+STATIC_LIBS += $(addprefix $(DEPTH)/security/,$(NSS_STATIC_LIBS))
+
+IMPORT_LIB_FILES = $(IMPORT_LIBRARY)
+IMPORT_LIB_DEST ?= $(DIST)/lib
+IMPORT_LIB_TARGET = target
+INSTALL_TARGETS += IMPORT_LIB
+
+endif # MOZ_FOLD_LIBS
+
+include $(topsrcdir)/config/rules.mk
+
+ifeq (1,$(ALLOW_COMPILER_WARNINGS))
+DEFAULT_GMAKE_FLAGS += NSS_ENABLE_WERROR=0
+endif
+
+# Can't pass this in DEFAULT_GMAKE_FLAGS because that overrides
+# definitions in NSS, so just export it into the sub-make's environment.
+ifeq (WINNT_1,$(OS_TARGET)_$(MOZ_MEMORY))
+DLLFLAGS := -LIBPATH:$(ABS_DIST)/../mozglue/build -DEFAULTLIB:mozglue
+export DLLFLAGS
+endif
+
+ifdef MOZ_FOLD_LIBS
+# Force the linker to include everything from the static libraries.
+EXPAND_LIBS_EXEC += --extract
+
+$(SHARED_LIBRARY): $(addprefix $(DEPTH)/security/,$(NSS_STATIC_LIBS))
+
+ifdef IMPORT_LIB_SUFFIX
+IMPORT_PREFIX = $(LIB_PREFIX)
+IMPORT_SUFFIX = .$(IMPORT_LIB_SUFFIX)
+else
+IMPORT_PREFIX = $(DLL_PREFIX)
+IMPORT_SUFFIX = $(DLL_SUFFIX)
+endif
+
+NSPR_IMPORT_LIBS = $(addprefix $(DIST)/lib/$(IMPORT_PREFIX),$(addsuffix $(IMPORT_SUFFIX),nspr4 plc4 plds4))
+SQLITE_IMPORT_LIB = $(DIST)/lib/$(IMPORT_PREFIX)mozsqlite3$(IMPORT_SUFFIX)
+
+# TODO: The following can be replaced by something simpler when bug 844884
+# is fixed.
+# Associate target files with the rules that build them.
+$(DIST)/lib/$(LIB_PREFIX)crmf.$(LIB_SUFFIX): libs-nss/lib/crmf
+$(DIST)/lib/$(DLL_PREFIX)freebl3$(DLL_SUFFIX): libs-nss/lib/freebl
+$(DIST)/lib/$(DLL_PREFIX)nssckbi$(DLL_SUFFIX): libs-nss/lib/ckfw
+$(DIST)/lib/$(DLL_PREFIX)softokn3$(DLL_SUFFIX): libs-nss/lib/softoken
+$(DIST)/lib/$(DLL_PREFIX)nssdbm3$(DLL_SUFFIX): libs-nss/lib/softoken
+$(foreach lib,$(NSS_STATIC_LIBS),$(eval $(DEPTH)/security/$(lib): libs-$(patsubst %/,%,$(dir $(lib)))))
+
+# Create fake import libraries for the folded libraries, so that linking
+# against them works both for the NSS build system (see dependencies below)
+# and for the rest of the mozilla build system.
+$(NSPR_IMPORT_LIBS) \
+$(SQLITE_IMPORT_LIB) \
+$(DIST)/lib/$(IMPORT_PREFIX)nssutil3$(IMPORT_SUFFIX) \
+$(DIST)/lib/$(IMPORT_PREFIX)ssl3$(IMPORT_SUFFIX) \
+$(DIST)/lib/$(IMPORT_PREFIX)smime3$(IMPORT_SUFFIX): $(DIST)/lib/$(IMPORT_PREFIX)nss3$(IMPORT_SUFFIX)
+ifeq (WINNT,$(OS_TARGET))
+	cp $< $@
+else
+	ln -sf $< $@
+endif
+
+# Interdependencies between nss sub-directories, and dependencies on NSPR/SQLite
+libs-nss/lib/ckfw: libs-nss/lib/nss/../base $(NSPR_IMPORT_LIBS)
+libs-nss/lib/softoken: $(NSPR_IMPORT_LIBS) $(SQLITE_IMPORT_LIB)
+libs-nss/lib/softoken: libs-nss/lib/freebl
+ifndef NSS_DISABLE_DBM
+libs-nss/lib/softoken: libs-nss/lib/dbm
+endif
+libs-nss/lib/softoken: $(DIST)/lib/$(IMPORT_PREFIX)nssutil3$(IMPORT_SUFFIX)
+libs-nss/lib/freebl: $(DIST)/lib/$(IMPORT_PREFIX)nssutil3$(IMPORT_SUFFIX) $(NSPR_IMPORT_LIBS)
+
+# For each directory where we build static libraries, force the NSS build system
+# to only build static libraries.
+$(addprefix libs-,$(NSS_STATIC_DIRS)): DEFAULT_GMAKE_FLAGS += SHARED_LIBRARY= IMPORT_LIBRARY=
+else
+$(STATIC_LIBS) $(NSS_DIST_DLL_FILES) $(NSS_SDK_LIB_FILES): libs-nss/lib
+endif # MOZ_FOLD_LIBS
+
+ifeq ($(NSINSTALL_PY),$(NSINSTALL))
+DEFAULT_GMAKE_FLAGS += PYTHON='$(PYTHON)'
+DEFAULT_GMAKE_FLAGS += NSINSTALL_PY='$(abspath $(topsrcdir)/config/nsinstall.py)'
+DEFAULT_GMAKE_FLAGS += NSINSTALL='$$(PYTHON) $$(NSINSTALL_PY)'
+else
+DEFAULT_GMAKE_FLAGS += NSINSTALL='$(abspath $(NSINSTALL))'
+endif
+ifeq ($(OS_ARCH),WINNT)
+DEFAULT_GMAKE_FLAGS += INSTALL='$$(NSINSTALL) -t'
+endif
+DEFAULT_GMAKE_FLAGS += $(EXTRA_GMAKE_FLAGS)
+
+$(addprefix libs-,$(NSS_DIRS)): libs-%:
+# Work around NSS's export rule being racy when recursing for private_export
+# See bug #836220.
+$(addprefix export-,$(NSS_DIRS)): EXTRA_GMAKE_FLAGS = PRIVATE_EXPORTS=
+$(addprefix export-,$(NSS_DIRS)): export-%: private_export-%
+$(addprefix private_export-,$(NSS_DIRS)): EXTRA_GMAKE_FLAGS =
+$(addprefix private_export-,$(NSS_DIRS)): private_export-%:
+
+$(foreach p,libs export private_export,$(addprefix $(p)-,$(NSS_DIRS))):
+	$(DEFAULT_GMAKE_ENV) $(MAKE) -C $(NSS_SRCDIR)/security/$* $(@:-$*=) $(DEFAULT_GMAKE_FLAGS)
+
+export:: $(addprefix export-,$(NSS_DIRS))
+
+$(addprefix clean-,$(NSS_DIRS)): clean-%:
+	$(MAKE) -C $(NSS_SRCDIR)/security/$* $(DEFAULT_GMAKE_FLAGS) clean
+
+clean clobber clobber_all realclean distclean depend:: $(addprefix clean-,$(NSS_DIRS))
+
+NSS_CMD_TARGETS := $(addprefix libs-,$(filter-out nss/cmd/lib,$(filter nss/cmd/%,$(NSS_DIRS))))
+target:: $(NSS_CMD_TARGETS)
+
+ifdef MOZ_FOLD_LIBS
+$(NSS_CMD_TARGETS): $(addprefix $(DIST)/lib/$(IMPORT_PREFIX),$(addsuffix $(IMPORT_SUFFIX),$(NSS_LIBS)))
+libs-nss/cmd/modutil: libs-nss/lib/jar
+ifeq (WINNT,$(OS_TARGET))
+libs-nss/cmd/modutil: libs-nss/lib/zlib
+endif
+$(NSS_CMD_TARGETS): libs-nss/cmd/lib
+else
+$(NSS_CMD_TARGETS): libs-nss/lib libs-nss/cmd/lib
+endif # MOZ_FOLD_LIBS
+
+# Work around NSS build system race condition creating certdata.c in
+# security/nss/lib/ckfw/builtins. See bug #836220.
+libs-nss/lib$(if $(MOZ_FOLD_LIBS),/ckfw): $(call mkdir_deps,$(DEPTH)/security/nss/lib/ckfw/builtins)
+
+endif
diff --git a/config/external/nss/crmf/moz.build b/config/external/nss/crmf/moz.build
new file mode 100644
index 000000000..d2004a509
--- /dev/null
+++ b/config/external/nss/crmf/moz.build
@@ -0,0 +1,20 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+Library('crmf')
+
+if CONFIG['MOZ_SYSTEM_NSS']:
+    OS_LIBS += [l for l in CONFIG['NSS_LIBS'] if l.startswith('-L')]
+    OS_LIBS += ['-lcrmf']
+else:
+    USE_LIBS += [
+        # The dependency on nss is not real, but is required to force the
+        # parent directory being built before this one. This has no
+        # practical effect on linkage, since the only thing linking crmf
+        # will need nss anyways.
+        'nss',
+        'static:/security/nss/lib/crmf/crmf',
+    ]
diff --git a/config/external/nss/moz.build b/config/external/nss/moz.build
new file mode 100644
index 000000000..1c61b28fd
--- /dev/null
+++ b/config/external/nss/moz.build
@@ -0,0 +1,42 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DIRS += ['crmf']
+
+if CONFIG['MOZ_SYSTEM_NSS']:
+    Library('nss')
+    OS_LIBS += CONFIG['NSS_LIBS']
+elif CONFIG['MOZ_FOLD_LIBS']:
+    GeckoSharedLibrary('nss', linkage=None)
+    # TODO: The library name can be changed when bug 845217 is fixed.
+    SHARED_LIBRARY_NAME = 'nss3'
+
+    SDK_LIBRARY = True
+
+    USE_LIBS += [
+        'nspr4',
+        'plc4',
+        'plds4',
+    ]
+
+    OS_LIBS += CONFIG['REALTIME_LIBS']
+
+    SYMBOLS_FILE = 'nss.symbols'
+else:
+    Library('nss')
+    USE_LIBS += [
+        '/security/nss/lib/nss/nss3',
+        '/security/nss/lib/smime/smime3',
+        '/security/nss/lib/ssl/ssl3',
+        '/security/nss/lib/util/nssutil3',
+        'sqlite',
+    ]
+
+# XXX: We should fix these warnings.
+ALLOW_COMPILER_WARNINGS = True
+
+if CONFIG['NSS_EXTRA_SYMBOLS_FILE']:
+    DEFINES['NSS_EXTRA_SYMBOLS_FILE'] = CONFIG['NSS_EXTRA_SYMBOLS_FILE']
diff --git a/config/external/nss/nss.mk b/config/external/nss/nss.mk
new file mode 100644
index 000000000..38d234a0b
--- /dev/null
+++ b/config/external/nss/nss.mk
@@ -0,0 +1,27 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(DEPTH)/config/autoconf.mk
+
+include $(topsrcdir)/config/config.mk
+
+dirs :=
+
+define add_dirs
+SHARED_LIBRARY_DIRS :=
+include $(topsrcdir)/security/$(1)/config.mk
+dirs += $$(addprefix $(1)/,$$(SHARED_LIBRARY_DIRS)) $(1)
+endef
+$(foreach dir,util nss ssl smime,$(eval $(call add_dirs,nss/lib/$(dir))))
+
+libs :=
+define add_lib
+LIBRARY_NAME :=
+include $(topsrcdir)/security/$(1)/manifest.mn
+libs += $$(addprefix $(1)/,$(LIB_PREFIX)$$(LIBRARY_NAME).$(LIB_SUFFIX))
+endef
+$(foreach dir,$(dirs),$(eval $(call add_lib,$(dir))))
+
+echo-variable-%:
+	@echo $($*)
diff --git a/config/external/nss/nss.symbols b/config/external/nss/nss.symbols
new file mode 100644
index 000000000..592c50b1f
--- /dev/null
+++ b/config/external/nss/nss.symbols
@@ -0,0 +1,724 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#ifndef XP_WIN
+# NSPR, unlike NSS, exports symbols with symbol visibility (Unix) or __declspec
+# (Windows).  When using a linker script, however, we need to explicitly
+# specify that NSPR's symbols should be globally visible.  Otherwise, NSPR's
+# exported symbols would be hidden.
+# .def files on Windows don't allow wildcards, of course, which is why this is
+# excluded on Windows, but it doesn't matter because the symbols are already
+# exported in NSPR (Windows peculiarity).
+PR_*
+PL_*
+#endif
+#include ../../../db/sqlite3/src/sqlite.symbols
+ATOB_AsciiToData
+ATOB_AsciiToData_Util
+ATOB_ConvertAsciiToItem
+ATOB_ConvertAsciiToItem_Util
+BTOA_ConvertItemToAscii_Util
+BTOA_DataToAscii
+BTOA_DataToAscii_Util
+CERT_AddCertToListHead
+CERT_AddCertToListTail
+CERT_AddExtension
+CERT_AddExtensionByOID
+__CERT_AddTempCertToPerm
+CERT_AsciiToName
+CERT_CacheOCSPResponseFromSideChannel
+CERT_CertChainFromCert
+CERT_CertificateRequestTemplate @DATA@
+CERT_CertificateTemplate @DATA@
+CERT_CertListFromCert
+CERT_ChangeCertTrust
+CERT_CheckCertUsage
+CERT_CheckCertValidTimes
+CERT_CheckNameSpace
+CERT_ClearOCSPCache
+CERT_CompareCerts
+CERT_CompareName
+CERT_ConvertAndDecodeCertificate
+CERT_CopyName
+CERT_CopyRDN
+CERT_CreateCertificate
+CERT_CreateCertificateRequest
+CERT_CreateSubjectCertList
+CERT_CreateValidity
+CERT_CrlTemplate @DATA@
+CERT_DecodeAltNameExtension
+CERT_DecodeAuthInfoAccessExtension
+CERT_DecodeAuthKeyID
+CERT_DecodeAVAValue
+CERT_DecodeBasicConstraintValue
+CERT_DecodeCertFromPackage
+CERT_DecodeCertificatePoliciesExtension
+CERT_DecodeCertPackage
+CERT_DecodeCRLDistributionPoints
+CERT_DecodeNameConstraintsExtension
+CERT_DecodeOidSequence
+CERT_DecodePrivKeyUsagePeriodExtension
+CERT_DecodeTrustString
+CERT_DecodeUserNotice
+CERT_DerNameToAscii
+CERT_DestroyCertArray
+CERT_DestroyCertificate
+CERT_DestroyCertificateList
+CERT_DestroyCertificatePoliciesExtension
+CERT_DestroyCertificateRequest
+CERT_DestroyCertList
+CERT_DestroyName
+CERT_DestroyOidSequence
+CERT_DestroyUserNotice
+CERT_DestroyValidity
+CERT_DisableOCSPChecking
+CERT_DisableOCSPDefaultResponder
+CERT_DupCertificate
+CERT_EnableOCSPChecking
+CERT_EncodeAltNameExtension
+CERT_EncodeAndAddBitStrExtension
+CERT_EncodeAuthKeyID
+CERT_EncodeBasicConstraintValue
+CERT_EncodeCertPoliciesExtension
+CERT_EncodeCRLDistributionPoints
+CERT_EncodeInfoAccessExtension
+CERT_EncodeInhibitAnyExtension
+CERT_EncodeNameConstraintsExtension
+CERT_EncodeNoticeReference
+CERT_EncodePolicyConstraintsExtension
+CERT_EncodePolicyMappingExtension
+CERT_EncodeSubjectKeyID
+CERT_EncodeUserNotice
+CERT_ExtractPublicKey
+CERT_FilterCertListByCANames
+CERT_FilterCertListByUsage
+CERT_FilterCertListForUserCerts
+CERT_FindCertByDERCert
+CERT_FindCertByIssuerAndSN
+CERT_FindCertByName
+CERT_FindCertByNickname
+CERT_FindCertByNicknameOrEmailAddr
+CERT_FindCertExtension
+CERT_FindCertIssuer
+CERT_FindKeyUsageExtension
+CERT_FindUserCertByUsage
+CERT_FindUserCertsByUsage
+CERT_FinishCertificateRequestAttributes
+CERT_FinishExtensions
+CERT_ForcePostMethodForOCSP
+CERT_FreeNicknames
+CERT_GenTime2FormattedAscii_Util
+CERT_GetCertChainFromCert
+CERT_GetCertEmailAddress
+CERT_GetCertificateRequestExtensions
+CERT_GetCertTimes
+CERT_GetCertTrust
+CERT_GetCommonName
+CERT_GetConstrainedCertificateNames
+CERT_GetCountryName
+CERT_GetDefaultCertDB
+CERT_GetFirstEmailAddress
+CERT_GetGeneralNameTypeFromString
+CERT_GetImposedNameConstraints
+CERT_GetLocalityName
+CERT_GetNextEmailAddress
+CERT_GetNextGeneralName
+CERT_GetNextNameConstraint
+CERT_GetOCSPAuthorityInfoAccessLocation
+CERT_GetOidString
+CERT_GetOrgName
+CERT_GetOrgUnitName
+CERT_GetStateName
+CERT_Hexify
+CERT_ImportCerts
+CERT_IsCACert
+CERT_IsUserCert
+CERT_MakeCANickname
+CERT_MergeExtensions
+CERT_NameTemplate @DATA@
+CERT_NameToAscii
+CERT_NewCertList
+CERT_NewTempCertificate
+CERT_NicknameStringsFromCertList
+CERT_OCSPCacheSettings
+CERT_RemoveCertListNode
+CERT_RFC1485_EscapeAndQuote
+CERT_SaveSMimeProfile
+CERT_SequenceOfCertExtensionTemplate @DATA@
+CERT_SetOCSPFailureMode
+CERT_SetOCSPTimeout
+CERT_SignedCrlTemplate @DATA@
+CERT_SignedDataTemplate @DATA@
+CERT_StartCertExtensions
+CERT_StartCertificateRequestAttributes
+CERT_SubjectPublicKeyInfoTemplate @DATA@
+CERT_TimeChoiceTemplate @DATA@
+CERT_VerifyCertificate
+CERT_VerifySignedDataWithPublicKeyInfo
+DER_AsciiToTime_Util
+DER_DecodeTimeChoice_Util
+DER_Encode
+DER_EncodeTimeChoice_Util
+DER_Encode_Util
+DER_GeneralizedTimeToTime
+DER_GeneralizedTimeToTime_Util
+DER_GetInteger
+DER_GetInteger_Util
+DER_Lengths
+DER_SetUInteger
+DER_UTCTimeToTime_Util
+DSAU_DecodeDerSigToLen
+DSAU_EncodeDerSigWithLen
+DTLS_GetHandshakeTimeout
+DTLS_ImportFD
+HASH_Begin
+HASH_Create
+HASH_Destroy
+HASH_End
+HASH_GetHashObject
+HASH_GetType
+HASH_HashBuf
+HASH_ResultLenByOidTag
+HASH_Update
+NSSBase64_DecodeBuffer
+NSSBase64_EncodeItem
+NSSBase64_EncodeItem_Util
+NSS_CMSContentInfo_GetContent
+NSS_CMSContentInfo_GetContentTypeTag
+NSS_CMSContentInfo_SetContent_Data
+NSS_CMSContentInfo_SetContent_EnvelopedData
+NSS_CMSContentInfo_SetContent_SignedData
+NSS_CMSDecoder_Cancel
+NSS_CMSDecoder_Finish
+NSS_CMSDecoder_Start
+NSS_CMSDecoder_Update
+NSS_CMSEncoder_Cancel
+NSS_CMSEncoder_Finish
+NSS_CMSEncoder_Start
+NSS_CMSEncoder_Update
+NSS_CMSEnvelopedData_AddRecipient
+NSS_CMSEnvelopedData_Create
+NSS_CMSEnvelopedData_GetContentInfo
+NSS_CMSMessage_ContentLevel
+NSS_CMSMessage_ContentLevelCount
+NSS_CMSMessage_Create
+NSS_CMSMessage_CreateFromDER
+NSS_CMSMessage_Destroy
+NSS_CMSMessage_GetContent
+NSS_CMSMessage_GetContentInfo
+NSS_CMSMessage_IsEncrypted
+NSS_CMSMessage_IsSigned
+NSS_CMSRecipientInfo_Create
+NSS_CMSSignedData_AddCertificate
+NSS_CMSSignedData_AddCertList
+NSS_CMSSignedData_AddSignerInfo
+NSS_CMSSignedData_Create
+NSS_CMSSignedData_CreateCertsOnly
+NSS_CMSSignedData_Destroy
+NSS_CMSSignedData_GetContentInfo
+NSS_CMSSignedData_GetSignerInfo
+NSS_CMSSignedData_ImportCerts
+NSS_CMSSignedData_SetDigestValue
+NSS_CMSSignedData_SignerInfoCount
+NSS_CMSSignedData_VerifySignerInfo
+NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs
+NSS_CMSSignerInfo_AddSigningTime
+NSS_CMSSignerInfo_AddSMIMECaps
+NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs
+NSS_CMSSignerInfo_Create
+NSS_CMSSignerInfo_GetSignerCommonName
+NSS_CMSSignerInfo_GetSignerEmailAddress
+NSS_CMSSignerInfo_GetSigningCertificate
+NSS_CMSSignerInfo_IncludeCerts
+NSS_CMSSignerInfo_Verify
+NSS_FindCertKEAType
+NSS_GetAlgorithmPolicy
+NSS_Get_CERT_CertificateRequestTemplate
+NSS_Get_CERT_CertificateTemplate
+NSS_Get_CERT_CrlTemplate
+NSS_Get_CERT_NameTemplate
+NSS_Get_CERT_SequenceOfCertExtensionTemplate
+NSS_Get_CERT_SignedCrlTemplate
+NSS_Get_CERT_SignedDataTemplate
+NSS_Get_CERT_SubjectPublicKeyInfoTemplate
+NSS_Get_CERT_TimeChoiceTemplate
+NSS_Get_SEC_AnyTemplate_Util
+NSS_Get_SEC_BitStringTemplate
+NSS_Get_SEC_BitStringTemplate_Util
+NSS_Get_SEC_BMPStringTemplate
+NSS_Get_SEC_BooleanTemplate_Util
+NSS_Get_SEC_GeneralizedTimeTemplate_Util
+NSS_Get_SEC_IA5StringTemplate
+NSS_Get_SEC_IA5StringTemplate_Util
+NSS_Get_SEC_IntegerTemplate
+NSS_Get_SEC_IntegerTemplate_Util
+NSS_Get_SECKEY_RSAPSSParamsTemplate
+NSS_Get_SEC_NullTemplate_Util
+NSS_Get_SEC_ObjectIDTemplate_Util
+NSS_Get_SEC_OctetStringTemplate
+NSS_Get_SEC_OctetStringTemplate_Util
+NSS_Get_SECOID_AlgorithmIDTemplate
+NSS_Get_SECOID_AlgorithmIDTemplate_Util
+NSS_Get_SEC_SignedCertificateTemplate
+NSS_Get_SEC_UTF8StringTemplate
+NSS_Get_SEC_UTF8StringTemplate_Util
+NSS_GetVersion
+NSS_Init
+NSS_Initialize
+NSS_InitWithMerge
+NSS_IsInitialized
+NSS_OptionSet
+NSS_NoDB_Init
+NSS_SecureMemcmp
+NSS_SetAlgorithmPolicy
+NSS_SetDomesticPolicy
+NSS_Shutdown
+NSSSMIME_GetVersion
+NSS_SMIMESignerInfo_SaveSMIMEProfile
+NSS_SMIMEUtil_FindBulkAlgForRecipients
+NSSSSL_GetVersion
+NSSUTIL_ArgDecodeNumber
+NSSUTIL_ArgFetchValue
+NSSUTIL_ArgGetLabel
+NSSUTIL_ArgGetParamValue
+NSSUTIL_ArgHasFlag
+NSSUTIL_ArgIsBlank
+NSSUTIL_ArgParseCipherFlags
+NSSUTIL_ArgParseModuleSpec
+NSSUTIL_ArgParseSlotFlags
+NSSUTIL_ArgParseSlotInfo
+NSSUTIL_ArgReadLong
+NSSUTIL_ArgSkipParameter
+NSSUTIL_ArgStrip
+NSSUTIL_DoModuleDBFunction
+_NSSUTIL_EvaluateConfigDir
+_NSSUTIL_GetSecmodName
+NSSUTIL_GetVersion
+NSSUTIL_MkModuleSpec
+NSSUTIL_MkNSSString
+NSSUTIL_MkSlotString
+NSSUTIL_Quote
+PK11_AlgtagToMechanism
+PK11_Authenticate
+PK11_ChangePW
+PK11_CheckUserPassword
+PK11_CipherOp
+PK11_ConfigurePKCS11
+PK11_CreateContextBySymKey
+PK11_CreateDigestContext
+PK11_CreateGenericObject
+PK11_CreateMergeLog
+PK11_CreatePBEV2AlgorithmID
+PK11_Decrypt
+PK11_DeleteTokenCertAndKey
+PK11_DeleteTokenPrivateKey
+PK11_DeleteTokenPublicKey
+PK11_DEREncodePublicKey
+PK11_Derive
+PK11_DeriveWithTemplate
+PK11_DestroyContext
+PK11_DestroyGenericObject
+PK11_DestroyMergeLog
+PK11_DestroyObject
+PK11_DestroyTokenObject
+PK11_DigestBegin
+PK11_DigestFinal
+PK11_DigestOp
+PK11_DoesMechanism
+PK11_Encrypt
+PK11_ExportDERPrivateKeyInfo
+PK11_ExportEncryptedPrivKeyInfo
+PK11_ExtractKeyValue
+PK11_FindCertFromNickname
+PK11_FindCertInSlot
+PK11_FindCertsFromEmailAddress
+PK11_FindCertsFromNickname
+PK11_FindKeyByAnyCert
+PK11_FindKeyByDERCert
+PK11_FindKeyByKeyID
+PK11_FindSlotByName
+PK11_FindSlotsByNames
+PK11_FreeSlot
+PK11_FreeSlotList
+PK11_FreeSlotListElement
+PK11_FreeSymKey
+PK11_GenerateKeyPair
+PK11_GenerateKeyPairWithFlags
+PK11_GenerateKeyPairWithOpFlags
+PK11_GenerateRandom
+PK11_GenerateRandomOnSlot
+PK11_GetAllSlotsForCert
+PK11_GetAllTokens
+PK11_GetBestSlot
+PK11_GetBestSlotMultiple
+PK11_GetBlockSize
+PK11_GetCertFromPrivateKey
+PK11_GetDefaultArray
+PK11_GetDefaultFlags
+PK11_GetDisabledReason
+PK11_GetFirstSafe
+PK11_GetInternalKeySlot
+PK11_GetInternalSlot
+PK11_GetIVLength
+PK11_GetKeyData
+PK11_GetKeyGen
+PK11_GetLowLevelKeyIDForPrivateKey
+PK11_GetMechanism
+PK11_GetMinimumPwdLength
+PK11_GetModInfo
+PK11_GetNextSafe
+PK11_GetNextSymKey
+PK11_GetPadMechanism
+PK11_GetPrivateKeyNickname
+PK11_GetPrivateModulusLen
+PK11_GetSlotID
+PK11_GetSlotInfo
+PK11_GetSlotName
+PK11_GetSlotPWValues
+PK11_GetSlotSeries
+PK11_GetSymKeyNickname
+PK11_GetTokenInfo
+PK11_GetTokenName
+PK11_HashBuf
+PK11_HasRootCerts
+PK11_ImportCert
+PK11_ImportCertForKey
+PK11_ImportCRL
+PK11_ImportDERPrivateKeyInfoAndReturnKey
+PK11_ImportPublicKey
+PK11_ImportSymKey
+PK11_InitPin
+PK11_IsDisabled
+PK11_IsFIPS
+PK11_IsFriendly
+PK11_IsHW
+PK11_IsInternal
+PK11_IsLoggedIn
+PK11_IsPresent
+PK11_IsReadOnly
+PK11_IsRemovable
+PK11_KeyForCertExists
+PK11_KeyGen
+PK11_KeyGenWithTemplate
+PK11_ListCerts
+PK11_ListCertsInSlot
+PK11_ListFixedKeysInSlot
+PK11_ListPrivateKeysInSlot
+PK11_ListPrivKeysInSlot
+PK11_LoadPrivKey
+PK11_Logout
+PK11_LogoutAll
+PK11_MakeIDFromPubKey
+PK11_MapSignKeyType
+PK11_MechanismToAlgtag
+PK11_MergeTokens
+PK11_NeedLogin
+PK11_NeedUserInit
+PK11_ParamFromIV
+PK11_PBEKeyGen
+PK11_PrivDecrypt
+PK11_PrivDecryptPKCS1
+PK11_ProtectedAuthenticationPath
+PK11_PubDeriveWithKDF
+PK11_PubEncrypt
+PK11_PubEncryptPKCS1
+PK11_PubUnwrapSymKey
+PK11_PubWrapSymKey
+PK11_RandomUpdate
+PK11_ReadRawAttribute
+PK11_ReferenceSlot
+PK11_ResetToken
+PK11SDR_Decrypt
+PK11SDR_Encrypt
+PK11_SetPasswordFunc
+PK11_SetSlotPWValues
+PK11_SetSymKeyNickname
+PK11_Sign
+PK11_SignatureLen
+PK11_SignWithMechanism
+PK11_TokenKeyGenWithFlags
+PK11_UnwrapPrivKey
+PK11_UnwrapSymKey
+PK11_UpdateSlotAttribute
+PK11_UserDisableSlot
+PK11_UserEnableSlot
+PK11_VerifyWithMechanism
+PK11_WrapPrivKey
+PK11_WrapSymKey
+PORT_Alloc
+PORT_Alloc_Util
+PORT_ArenaAlloc
+PORT_ArenaAlloc_Util
+PORT_ArenaGrow_Util
+PORT_ArenaMark_Util
+PORT_ArenaRelease_Util
+PORT_ArenaStrdup
+PORT_ArenaStrdup_Util
+PORT_ArenaUnmark_Util
+PORT_ArenaZAlloc
+PORT_ArenaZAlloc_Util
+PORT_DestroyCheapArena
+PORT_Free
+PORT_FreeArena
+PORT_FreeArena_Util
+PORT_Free_Util
+PORT_GetError
+PORT_GetError_Util
+PORT_InitCheapArena
+PORT_NewArena
+PORT_NewArena_Util
+PORT_Realloc_Util
+PORT_RegExpSearch
+PORT_SetError
+PORT_SetError_Util
+PORT_SetUCS2_ASCIIConversionFunction
+PORT_SetUCS2_ASCIIConversionFunction_Util
+PORT_Strdup
+PORT_Strdup_Util
+PORT_UCS2_ASCIIConversion_Util
+PORT_UCS2_UTF8Conversion
+PORT_UCS2_UTF8Conversion_Util
+PORT_ZAlloc
+PORT_ZAlloc_Util
+PORT_ZFree_Util
+SEC_AnyTemplate_Util @DATA@
+SEC_ASN1Decode
+SEC_ASN1DecodeInteger
+SEC_ASN1DecodeItem
+SEC_ASN1DecodeItem_Util
+SEC_ASN1Decode_Util
+SEC_ASN1EncodeInteger_Util
+SEC_ASN1EncodeItem
+SEC_ASN1EncodeItem_Util
+SEC_ASN1EncodeUnsignedInteger_Util
+SEC_ASN1Encode_Util
+SEC_BitStringTemplate @DATA@
+SEC_BitStringTemplate_Util @DATA@
+SEC_BMPStringTemplate @DATA@
+SEC_BooleanTemplate_Util @DATA@
+SEC_CertNicknameConflict
+SEC_DeletePermCertificate
+SEC_DerSignData
+SEC_DestroyCrl
+SEC_GeneralizedTimeTemplate_Util @DATA@
+SEC_GetSignatureAlgorithmOidTag
+SEC_IA5StringTemplate @DATA@
+SEC_IA5StringTemplate_Util @DATA@
+SEC_IntegerTemplate @DATA@
+SEC_IntegerTemplate_Util @DATA@
+SECITEM_AllocArray
+SECITEM_AllocItem
+SECITEM_AllocItem_Util
+SECITEM_ArenaDupItem_Util
+SECITEM_CompareItem
+SECITEM_CompareItem_Util
+SECITEM_CopyItem
+SECITEM_CopyItem_Util
+SECITEM_DupArray
+SECITEM_DupItem
+SECITEM_DupItem_Util
+SECITEM_FreeItem
+SECITEM_FreeItem_Util
+SECITEM_HashCompare
+SECITEM_ItemsAreEqual
+SECITEM_ItemsAreEqual_Util
+SECITEM_ReallocItemV2
+SECITEM_ZfreeItem
+SECITEM_ZfreeItem_Util
+SECKEY_ConvertToPublicKey
+SECKEY_CopyPrivateKey
+SECKEY_CopyPublicKey
+SECKEY_CopySubjectPublicKeyInfo
+SECKEY_CreateSubjectPublicKeyInfo
+SECKEY_DecodeDERSubjectPublicKeyInfo
+SECKEY_DestroyEncryptedPrivateKeyInfo
+SECKEY_DestroyPrivateKey
+SECKEY_DestroyPrivateKeyList
+SECKEY_DestroyPublicKey
+SECKEY_DestroySubjectPublicKeyInfo
+SECKEY_ECParamsToBasePointOrderLen
+SECKEY_ECParamsToKeySize
+SECKEY_EncodeDERSubjectPublicKeyInfo
+SECKEY_ExtractPublicKey
+SECKEY_GetPublicKeyType
+SECKEY_ImportDERPublicKey
+SECKEY_PublicKeyStrength
+SECKEY_RSAPSSParamsTemplate @DATA@
+SECKEY_SignatureLen
+SECMIME_DecryptionAllowed
+SECMOD_AddNewModule
+SECMOD_AddNewModuleEx
+SECMOD_CancelWait
+SECMOD_CanDeleteInternalModule
+SECMOD_CloseUserDB
+SECMOD_CreateModule
+SECMOD_DeleteInternalModule
+SECMOD_DeleteModule
+SECMOD_DestroyModule
+SECMOD_FindModule
+SECMOD_GetDeadModuleList
+SECMOD_GetDefaultModuleList
+SECMOD_GetDefaultModuleListLock
+SECMOD_GetInternalModule
+SECMOD_GetModuleSpecList
+SECMOD_GetReadLock
+SECMOD_HasRemovableSlots
+SECMOD_InternaltoPubMechFlags
+SECMOD_LoadModule
+SECMOD_LoadUserModule
+SECMOD_OpenUserDB
+SECMOD_PubCipherFlagstoInternal
+SECMOD_PubMechFlagstoInternal
+SECMOD_ReferenceModule
+SECMOD_ReleaseReadLock
+SECMOD_UnloadUserModule
+SECMOD_UpdateModule
+SECMOD_WaitForAnyTokenEvent
+SEC_NullTemplate_Util @DATA@
+SEC_ObjectIDTemplate_Util @DATA@
+SEC_OctetStringTemplate @DATA@
+SEC_OctetStringTemplate_Util @DATA@
+SECOID_AddEntry
+SECOID_AddEntry_Util
+SECOID_AlgorithmIDTemplate @DATA@
+SECOID_AlgorithmIDTemplate_Util @DATA@
+SECOID_CopyAlgorithmID_Util
+SECOID_DestroyAlgorithmID
+SECOID_DestroyAlgorithmID_Util
+SECOID_FindOID
+SECOID_FindOIDByMechanism
+SECOID_FindOIDByTag
+SECOID_FindOIDByTag_Util
+SECOID_FindOIDTag
+SECOID_FindOIDTagDescription_Util
+SECOID_FindOIDTag_Util
+SECOID_FindOID_Util
+SECOID_GetAlgorithmTag
+SECOID_GetAlgorithmTag_Util
+SECOID_Init
+SECOID_SetAlgorithmID
+SECOID_SetAlgorithmID_Util
+SECOID_Shutdown
+SEC_PKCS12AddCertAndKey
+SEC_PKCS12AddPasswordIntegrity
+SEC_PKCS12CreateExportContext
+SEC_PKCS12CreatePasswordPrivSafe
+SEC_PKCS12CreateUnencryptedSafe
+SEC_PKCS12DecoderFinish
+SEC_PKCS12DecoderImportBags
+SEC_PKCS12DecoderIterateInit
+SEC_PKCS12DecoderIterateNext
+SEC_PKCS12DecoderRenameCertNicknames
+SEC_PKCS12DecoderStart
+SEC_PKCS12DecoderUpdate
+SEC_PKCS12DecoderValidateBags
+SEC_PKCS12DecoderVerify
+SEC_PKCS12DestroyExportContext
+SEC_PKCS12EnableCipher
+SEC_PKCS12Encode
+SEC_PKCS12IsEncryptionAllowed
+SEC_PKCS12SetPreferredCipher
+SEC_PKCS5GetPBEAlgorithm
+SEC_PKCS5IsAlgorithmPBEAlgTag
+SEC_PKCS7AddSigningTime
+SEC_PKCS7ContentIsEncrypted
+SEC_PKCS7ContentIsSigned
+SEC_PKCS7CopyContentInfo
+SEC_PKCS7CreateSignedData
+SEC_PKCS7DecodeItem
+SEC_PKCS7DecoderFinish
+SEC_PKCS7DecoderStart
+SEC_PKCS7DecoderUpdate
+SEC_PKCS7DestroyContentInfo
+SEC_PKCS7Encode
+SEC_PKCS7IncludeCertChain
+SEC_PKCS7VerifyDetachedSignature
+SEC_QuickDERDecodeItem
+SEC_QuickDERDecodeItem_Util
+SEC_RegisterDefaultHttpClient
+SEC_SignData
+SEC_SignedCertificateTemplate @DATA@
+SEC_StringToOID
+SEC_UTF8StringTemplate @DATA@
+SEC_UTF8StringTemplate_Util @DATA@
+SGN_Begin
+SGN_CreateDigestInfo
+SGN_CreateDigestInfo_Util
+SGN_DecodeDigestInfo
+SGN_DestroyContext
+SGN_DestroyDigestInfo
+SGN_DestroyDigestInfo_Util
+SGN_End
+SGN_NewContext
+SGN_Update
+SSL_AuthCertificateComplete
+SSL_AuthCertificateHook
+SSL_CipherPrefGet
+SSL_CipherPrefSet
+SSL_CipherPrefSetDefault
+SSL_ClearSessionCache
+SSL_ConfigSecureServer
+SSL_ConfigSecureServerWithCertChain
+SSL_ConfigServerSessionIDCache
+SSL_ExportKeyingMaterial
+SSL_ForceHandshake
+SSL_GetChannelInfo
+SSL_GetCipherSuiteInfo
+SSL_GetClientAuthDataHook
+SSL_GetImplementedCiphers
+SSL_GetNextProto
+SSL_GetNumImplementedCiphers
+SSL_GetSRTPCipher
+SSL_GetStatistics
+SSL_HandshakeCallback
+SSL_HandshakeNegotiatedExtension
+SSL_ImplementedCiphers @DATA@
+SSL_ImportFD
+SSL_NamedGroupConfig
+SSL_NumImplementedCiphers @DATA@
+SSL_OptionSet
+SSL_OptionSetDefault
+SSL_PeerCertificate
+SSL_PeerCertificateChain
+SSL_PeerSignedCertTimestamps
+SSL_PeerStapledOCSPResponses
+SSL_ResetHandshake
+SSL_SendAdditionalKeyShares
+SSL_SetCanFalseStartCallback
+SSL_SetDowngradeCheckVersion
+SSL_SetNextProtoNego
+SSL_SetPKCS11PinArg
+SSL_SetSockPeerID
+SSL_SetSRTPCiphers
+SSL_SetStapledOCSPResponses
+SSL_SetTrustAnchors
+SSL_SetURL
+SSL_ShutdownServerSessionIDCache
+SSL_SignatureSchemePrefSet
+SSL_SNISocketConfigHook
+SSL_VersionRangeGet
+SSL_VersionRangeGetDefault
+SSL_VersionRangeGetSupported
+SSL_VersionRangeSet
+SSL_VersionRangeSetDefault
+UTIL_SetForkState
+VFY_Begin
+VFY_CreateContext
+VFY_DestroyContext
+VFY_End
+VFY_EndWithSignature
+VFY_Update
+VFY_VerifyData
+VFY_VerifyDataWithAlgorithmID
+VFY_VerifyDigestDirect
+_SGN_VerifyPKCS1DigestInfo
+__PK11_SetCertificateNickname
+# These symbols are not used by Firefox itself, but are used by Java's security
+# libraries, which in turn are used by Java applets/plugins/etc.  Provide them
+# to make Java code happy.
+NSS_VersionCheck
+NSS_Initialize
+#ifdef NSS_EXTRA_SYMBOLS_FILE
+#include @NSS_EXTRA_SYMBOLS_FILE@
+#endif