Update mozilla-central to NSS 3.13.2 BETA 1 (NSS_3_13_2_BETA1)

RESOLVED FIXED in mozilla11

Status

()

Core
Security: PSM
P1
enhancement
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: briansmith, Assigned: briansmith)

Tracking

Trunk
mozilla11
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

NSS 3.13.2 will contain changes needed for SPDY. We are going to update mozilla-central with the current state of NSS 3.13.2 and then track updates to NSS 3.13.2 until sometime after the Aurora merge date. Then we will freeze the NSS 3.13.2 release and import the 3.13.2 RTM into mozilla-central and mozilla-aurora.
This is what I will do:
* python client.py update_nss NSS_3_13_2_MOZILLA_10_PRERELEASE_1.
* verify that security/coreconf/coreconf.dep is +/- a line
* update configure.in to require NSS 3.13.2 or later for --use-system-nss.
Summary: Update mozilla-central to NSS 3.13.2 → Update mozilla-central to NSS 3.13.2 BETA 1 (NSS_3_13_2_BETA1)
Duplicate of this bug: 706728
Created attachment 578152 [details]
TAG-INFO for NSS_3_13_2

I will update to NSS 3.13.2 using:
python client.py update_nss NSS_3_13_2_BETA1

I verified that this will add a blank line to security/coreconf/coreconf.def so that a full rebuild of NSS is done.

I will post the patch to configure.in next.
Attachment #578152 - Flags: review?(honzab.moz)
Created attachment 578154 [details] [diff] [review]
Update configure.in to require at least NSS 3.13.2 for --use-system-nss
Attachment #578154 - Flags: review?(honzab.moz)
Created attachment 578157 [details] [diff] [review]
Add SSL_RestartAfterAuthCertificate to mozilla-central's copy of NSS_3_13_2_BETA1

This patch is a Mercurial patch that adds two patches reviewed by rrelyea in bug 542832 to NSS in mozilla-central: 

bug-542832-ssl-restart-4.patch
bug-542832-ssl-restart-tstclnt-4.patch

We are taking these local patches so we can start testing the functionality in mozilla-central, while we wait for feedback from Wan-Teh about any changes Google would like to make to the patches. Once all the feedback is in and the final changes (if any) are made, we will commit this to the NSS CVS HEAD, back out this patch, and then import the final NSS 3.13.2 release into mozilla-central.

Notice that this patch adds the above patch files to the security/patches/ directory, as is required for patches to NSS that are local to mozilla-central.
Attachment #578157 - Flags: review?(honzab.moz)
Honza, please work with Kai on reviewing the patch, to make sure you understand everything that is happening. 

See the documentation for this at https://developer.mozilla.org/en/Updating_NSPR_or_NSS_in_mozilla-central

Comment 7

6 years ago
(In reply to Brian Smith (:bsmith) from comment #5)
> 
> We are taking these local patches so we can start testing the functionality
> in mozilla-central, while we wait for feedback from Wan-Teh about any
> changes Google would like to make to the patches. 

If I understand correctly, both patches have been reviewed in bug 542832 already.

Wouldn't it be less confusing to:
- check in the code that has been reviewed
- include that in the BETA tag
- for the additional discussion and feedback, do a follow patch?

(I don't want to create additional burden for you to handle at the last minute, but we should use this approach in the future.)

Comment 8

6 years ago
Comment on attachment 578152 [details]
TAG-INFO for NSS_3_13_2

During the conf. call the NSS team decided this is OK. r=kaie
Attachment #578152 - Flags: review?(honzab.moz) → review+

Comment 9

6 years ago
Comment on attachment 578154 [details] [diff] [review]
Update configure.in to require at least NSS 3.13.2 for --use-system-nss

r=kaie
Attachment #578154 - Flags: review+

Comment 10

6 years ago
Comment on attachment 578157 [details] [diff] [review]
Add SSL_RestartAfterAuthCertificate to mozilla-central's copy of NSS_3_13_2_BETA1

I assume this is identical to the patches, already reviewed, mentioned attached in the bug you have mentioned,
plus adding the patch file to the security/patches directory.

During the conf. call, Wan-Teh requested that you also add/update a README file in that directory, and add the respective bug numbers and a one line description of the patch.

If you do that, r=kaie

(it's not necessary to add a patch here, just commit a reasonable README file)
Attachment #578157 - Flags: review+
Attachment #578154 - Flags: review?(honzab.moz) → review+
Comment on attachment 578157 [details] [diff] [review]
Add SSL_RestartAfterAuthCertificate to mozilla-central's copy of NSS_3_13_2_BETA1

Review of attachment 578157 [details] [diff] [review]:
-----------------------------------------------------------------

r=honzab, I checked (in limits of how CVS and HG patches can be compared byte-to-byte) the patches are identical.
Attachment #578157 - Flags: review?(honzab.moz) → review+
https://hg.mozilla.org/mozilla-central/rev/0ef53633ccc7
https://hg.mozilla.org/mozilla-central/rev/9381d62e583d
https://hg.mozilla.org/mozilla-central/rev/2050e4dfe6e3
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: mozilla10 → mozilla11
Blocks: 674147
(In reply to Kai Engert (:kaie) from comment #10)
> Comment on attachment 578157 [details] [diff] [review] [diff] [details] [review]
> Add SSL_RestartAfterAuthCertificate to mozilla-central's copy of
> NSS_3_13_2_BETA1
> 
> I assume this is identical to the patches, already reviewed, mentioned
> attached in the bug you have mentioned,
> plus adding the patch file to the security/patches directory.
> 
> During the conf. call, Wan-Teh requested that you also add/update a README
> file in that directory, and add the respective bug numbers and a one line
> description of the patch.
> 
> If you do that, r=kaie
> 
> (it's not necessary to add a patch here, just commit a reasonable README
> file)

I added the comment when I checked this in:
https://hg.mozilla.org/mozilla-central/diff/0ef53633ccc7/security/patches/README
https://hg.mozilla.org/mozilla-central/rev/2050e4dfe6e3

     1.1 --- a/dbm/src/Makefile.in
     1.2 +++ b/dbm/src/Makefile.in
     1.3 @@ -74,16 +74,17 @@ endif
     1.4  ifeq (,$(filter -DHAVE_SNPRINTF=1,$(ACDEFINES)))
     1.5  CSRCS += snprintf.c
     1.6  endif
     1.7  endif # WINNT
     1.8  
     1.9  LOCAL_INCLUDES	= -I$(srcdir)/../include
    1.10  
    1.11  FORCE_STATIC_LIB = 1
    1.12 +FORCE_USE_PIC = 1

Note bug 698248.
(In reply to Ms2ger from comment #14)
>     1.12 +FORCE_USE_PIC = 1
> 
> Note bug 698248.

I filed bug 707300 about changing this in NSS CVS. Please reply to my question in that bug.
You need to log in before you can comment on or make changes to this bug.