Hi Charles,
It looks like all of these are in the legacy BerkleyDB. In NSS 3.12
<
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.12_release_notes.html>
(2008) we began shipping a newer database implementation based on SQLite,
and made it the default in NSS 3.35
<
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.35_release_notes>
in 2018.
I'm afraid these hadn't risen to my attention, but the legacy DB is
unmaintained and will be removed in the future when all migrations are
completed. I believe final removal would be end of 2020, corresponding to
retirement of RHEL6, but I would need to double-check that with my
colleagues at RedHat. This does remind me that we should stop building DBM
by default soon, as January will mark two years since we changed the
default to SQLite.
I've opened bug 1594931
<
https://bugzilla.mozilla.org/show_bug.cgi?id=1594931> to disable building
DBM entirely for Firefox builds, which I believe we can do at any time.
I've also opened bug 1594933
<
https://bugzilla.mozilla.org/show_bug.cgi?id=1594933> to disable building
DBM by default in future versions of NSS, leaving it to maintainers to
handle exceptions for now.
J.C.
On Thu, Nov 7, 2019 at 3:16 PM Charles Robertson <
CGRob...@suse.com>
wrote:
> _______________________________________________
> dev-security mailing list
>
dev-se...@lists.mozilla.org
>
https://lists.mozilla.org/listinfo/dev-security
>