NSS 3.13.2 will contain changes needed for SPDY. We are going to update mozilla-central with the current state of NSS 3.13.2 and then track updates to NSS 3.13.2 until sometime after the Aurora merge date. Then we will freeze the NSS 3.13.2 release and import the 3.13.2 RTM into mozilla-central and mozilla-aurora.

This is what I will do: * python client.py update_nss NSS_3_13_2_MOZILLA_10_PRERELEASE_1. * verify that security/coreconf/coreconf.dep is +/- a line * update configure.in to require NSS 3.13.2 or later for --use-system-nss.

I will update to NSS 3.13.2 using: python client.py update_nss NSS_3_13_2_BETA1 I verified that this will add a blank line to security/coreconf/coreconf.def so that a full rebuild of NSS is done. I will post the patch to configure.in next.

This patch is a Mercurial patch that adds two patches reviewed by rrelyea in bug 542832 to NSS in mozilla-central: bug-542832-ssl-restart-4.patch bug-542832-ssl-restart-tstclnt-4.patch We are taking these local patches so we can start testing the functionality in mozilla-central, while we wait for feedback from Wan-Teh about any changes Google would like to make to the patches. Once all the feedback is in and the final changes (if any) are made, we will commit this to the NSS CVS HEAD, back out this patch, and then import the final NSS 3.13.2 release into mozilla-central. Notice that this patch adds the above patch files to the security/patches/ directory, as is required for patches to NSS that are local to mozilla-central.

Honza, please work with Kai on reviewing the patch, to make sure you understand everything that is happening. See the documentation for this at https://developer.mozilla.org/en/Updating_NSPR_or_NSS_in_mozilla-central

(In reply to Brian Smith (:bsmith) from comment #5) > > We are taking these local patches so we can start testing the functionality > in mozilla-central, while we wait for feedback from Wan-Teh about any > changes Google would like to make to the patches. If I understand correctly, both patches have been reviewed in bug 542832 already. Wouldn't it be less confusing to: - check in the code that has been reviewed - include that in the BETA tag - for the additional discussion and feedback, do a follow patch? (I don't want to create additional burden for you to handle at the last minute, but we should use this approach in the future.)

Comment on attachment 578152 [details] TAG-INFO for NSS_3_13_2 During the conf. call the NSS team decided this is OK. r=kaie

Comment on attachment 578154 [details] [diff] [review] Update configure.in to require at least NSS 3.13.2 for --use-system-nss r=kaie

Comment on attachment 578157 [details] [diff] [review] Add SSL_RestartAfterAuthCertificate to mozilla-central's copy of NSS_3_13_2_BETA1 I assume this is identical to the patches, already reviewed, mentioned attached in the bug you have mentioned, plus adding the patch file to the security/patches directory. During the conf. call, Wan-Teh requested that you also add/update a README file in that directory, and add the respective bug numbers and a one line description of the patch. If you do that, r=kaie (it's not necessary to add a patch here, just commit a reasonable README file)

Comment on attachment 578157 [details] [diff] [review] Add SSL_RestartAfterAuthCertificate to mozilla-central's copy of NSS_3_13_2_BETA1 Review of attachment 578157 [details] [diff] [review]: ----------------------------------------------------------------- r=honzab, I checked (in limits of how CVS and HG patches can be compared byte-to-byte) the patches are identical.

https://hg.mozilla.org/mozilla-central/rev/0ef53633ccc7 https://hg.mozilla.org/mozilla-central/rev/9381d62e583d https://hg.mozilla.org/mozilla-central/rev/2050e4dfe6e3

(In reply to Kai Engert (:kaie) from comment #10) > Comment on attachment 578157 [details] [diff] [review] [diff] [details] [review] > Add SSL_RestartAfterAuthCertificate to mozilla-central's copy of > NSS_3_13_2_BETA1 > > I assume this is identical to the patches, already reviewed, mentioned > attached in the bug you have mentioned, > plus adding the patch file to the security/patches directory. > > During the conf. call, Wan-Teh requested that you also add/update a README > file in that directory, and add the respective bug numbers and a one line > description of the patch. > > If you do that, r=kaie > > (it's not necessary to add a patch here, just commit a reasonable README > file) I added the comment when I checked this in: https://hg.mozilla.org/mozilla-central/diff/0ef53633ccc7/security/patches/README

https://hg.mozilla.org/mozilla-central/rev/2050e4dfe6e3 1.1 --- a/dbm/src/Makefile.in 1.2 +++ b/dbm/src/Makefile.in 1.3 @@ -74,16 +74,17 @@ endif 1.4 ifeq (,$(filter -DHAVE_SNPRINTF=1,$(ACDEFINES))) 1.5 CSRCS += snprintf.c 1.6 endif 1.7 endif # WINNT 1.8 1.9 LOCAL_INCLUDES = -I$(srcdir)/../include 1.10 1.11 FORCE_STATIC_LIB = 1 1.12 +FORCE_USE_PIC = 1 Note bug 698248.

(In reply to Ms2ger from comment #14) > 1.12 +FORCE_USE_PIC = 1 > > Note bug 698248. I filed bug 707300 about changing this in NSS CVS. Please reply to my question in that bug.