Last Comment Bug 698552 - Update mozilla-central to NSS 3.13.2 BETA 1 (NSS_3_13_2_BETA1)
: Update mozilla-central to NSS 3.13.2 BETA 1 (NSS_3_13_2_BETA1)
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: Security: PSM (show other bugs)
: Trunk
: All All
: P1 enhancement with 1 vote (vote)
: mozilla11
Assigned To: Brian Smith (:briansmith, :bsmith, use NEEDINFO?)
:
Mentors:
: 706728 (view as bug list)
Depends on:
Blocks: SPDY 674147
  Show dependency treegraph
 
Reported: 2011-10-31 12:54 PDT by Brian Smith (:briansmith, :bsmith, use NEEDINFO?)
Modified: 2012-01-28 00:38 PST (History)
9 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
TAG-INFO for NSS_3_13_2 (18 bytes, text/plain)
2011-11-30 18:15 PST, Brian Smith (:briansmith, :bsmith, use NEEDINFO?)
kaie: review+
Details
Update configure.in to require at least NSS 3.13.2 for --use-system-nss (1.05 KB, patch)
2011-11-30 18:18 PST, Brian Smith (:briansmith, :bsmith, use NEEDINFO?)
honzab.moz: review+
kaie: review+
Details | Diff | Review
Add SSL_RestartAfterAuthCertificate to mozilla-central's copy of NSS_3_13_2_BETA1 (99.83 KB, patch)
2011-11-30 18:23 PST, Brian Smith (:briansmith, :bsmith, use NEEDINFO?)
honzab.moz: review+
kaie: review+
Details | Diff | Review

Description Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2011-10-31 12:54:19 PDT
NSS 3.13.2 will contain changes needed for SPDY. We are going to update mozilla-central with the current state of NSS 3.13.2 and then track updates to NSS 3.13.2 until sometime after the Aurora merge date. Then we will freeze the NSS 3.13.2 release and import the 3.13.2 RTM into mozilla-central and mozilla-aurora.
Comment 1 Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2011-10-31 13:05:42 PDT
This is what I will do:
* python client.py update_nss NSS_3_13_2_MOZILLA_10_PRERELEASE_1.
* verify that security/coreconf/coreconf.dep is +/- a line
* update configure.in to require NSS 3.13.2 or later for --use-system-nss.
Comment 2 Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2011-11-30 18:12:31 PST
*** Bug 706728 has been marked as a duplicate of this bug. ***
Comment 3 Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2011-11-30 18:15:10 PST
Created attachment 578152 [details]
TAG-INFO for NSS_3_13_2

I will update to NSS 3.13.2 using:
python client.py update_nss NSS_3_13_2_BETA1

I verified that this will add a blank line to security/coreconf/coreconf.def so that a full rebuild of NSS is done.

I will post the patch to configure.in next.
Comment 4 Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2011-11-30 18:18:11 PST
Created attachment 578154 [details] [diff] [review]
Update configure.in to require at least NSS 3.13.2 for --use-system-nss
Comment 5 Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2011-11-30 18:23:56 PST
Created attachment 578157 [details] [diff] [review]
Add SSL_RestartAfterAuthCertificate to mozilla-central's copy of NSS_3_13_2_BETA1

This patch is a Mercurial patch that adds two patches reviewed by rrelyea in bug 542832 to NSS in mozilla-central: 

bug-542832-ssl-restart-4.patch
bug-542832-ssl-restart-tstclnt-4.patch

We are taking these local patches so we can start testing the functionality in mozilla-central, while we wait for feedback from Wan-Teh about any changes Google would like to make to the patches. Once all the feedback is in and the final changes (if any) are made, we will commit this to the NSS CVS HEAD, back out this patch, and then import the final NSS 3.13.2 release into mozilla-central.

Notice that this patch adds the above patch files to the security/patches/ directory, as is required for patches to NSS that are local to mozilla-central.
Comment 6 Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2011-11-30 18:25:01 PST
Honza, please work with Kai on reviewing the patch, to make sure you understand everything that is happening. 

See the documentation for this at https://developer.mozilla.org/en/Updating_NSPR_or_NSS_in_mozilla-central
Comment 7 Kai Engert (:kaie) 2011-12-01 08:11:28 PST
(In reply to Brian Smith (:bsmith) from comment #5)
> 
> We are taking these local patches so we can start testing the functionality
> in mozilla-central, while we wait for feedback from Wan-Teh about any
> changes Google would like to make to the patches. 

If I understand correctly, both patches have been reviewed in bug 542832 already.

Wouldn't it be less confusing to:
- check in the code that has been reviewed
- include that in the BETA tag
- for the additional discussion and feedback, do a follow patch?

(I don't want to create additional burden for you to handle at the last minute, but we should use this approach in the future.)
Comment 8 Kai Engert (:kaie) 2011-12-01 12:00:32 PST
Comment on attachment 578152 [details]
TAG-INFO for NSS_3_13_2

During the conf. call the NSS team decided this is OK. r=kaie
Comment 9 Kai Engert (:kaie) 2011-12-01 12:01:20 PST
Comment on attachment 578154 [details] [diff] [review]
Update configure.in to require at least NSS 3.13.2 for --use-system-nss

r=kaie
Comment 10 Kai Engert (:kaie) 2011-12-01 12:04:08 PST
Comment on attachment 578157 [details] [diff] [review]
Add SSL_RestartAfterAuthCertificate to mozilla-central's copy of NSS_3_13_2_BETA1

I assume this is identical to the patches, already reviewed, mentioned attached in the bug you have mentioned,
plus adding the patch file to the security/patches directory.

During the conf. call, Wan-Teh requested that you also add/update a README file in that directory, and add the respective bug numbers and a one line description of the patch.

If you do that, r=kaie

(it's not necessary to add a patch here, just commit a reasonable README file)
Comment 11 Honza Bambas (:mayhemer) 2011-12-01 12:11:52 PST
Comment on attachment 578157 [details] [diff] [review]
Add SSL_RestartAfterAuthCertificate to mozilla-central's copy of NSS_3_13_2_BETA1

Review of attachment 578157 [details] [diff] [review]:
-----------------------------------------------------------------

r=honzab, I checked (in limits of how CVS and HG patches can be compared byte-to-byte) the patches are identical.
Comment 13 Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2011-12-01 16:46:43 PST
(In reply to Kai Engert (:kaie) from comment #10)
> Comment on attachment 578157 [details] [diff] [review] [diff] [details] [review]
> Add SSL_RestartAfterAuthCertificate to mozilla-central's copy of
> NSS_3_13_2_BETA1
> 
> I assume this is identical to the patches, already reviewed, mentioned
> attached in the bug you have mentioned,
> plus adding the patch file to the security/patches directory.
> 
> During the conf. call, Wan-Teh requested that you also add/update a README
> file in that directory, and add the respective bug numbers and a one line
> description of the patch.
> 
> If you do that, r=kaie
> 
> (it's not necessary to add a patch here, just commit a reasonable README
> file)

I added the comment when I checked this in:
https://hg.mozilla.org/mozilla-central/diff/0ef53633ccc7/security/patches/README
Comment 14 :Ms2ger 2011-12-02 06:16:14 PST
https://hg.mozilla.org/mozilla-central/rev/2050e4dfe6e3

     1.1 --- a/dbm/src/Makefile.in
     1.2 +++ b/dbm/src/Makefile.in
     1.3 @@ -74,16 +74,17 @@ endif
     1.4  ifeq (,$(filter -DHAVE_SNPRINTF=1,$(ACDEFINES)))
     1.5  CSRCS += snprintf.c
     1.6  endif
     1.7  endif # WINNT
     1.8  
     1.9  LOCAL_INCLUDES	= -I$(srcdir)/../include
    1.10  
    1.11  FORCE_STATIC_LIB = 1
    1.12 +FORCE_USE_PIC = 1

Note bug 698248.
Comment 15 Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2011-12-02 13:26:21 PST
(In reply to Ms2ger from comment #14)
>     1.12 +FORCE_USE_PIC = 1
> 
> Note bug 698248.

I filed bug 707300 about changing this in NSS CVS. Please reply to my question in that bug.

Note You need to log in before you can comment on or make changes to this bug.