Bug 1445731 - land NSS 3e452651e282 UPGRADE_NSS_RELEASE, r=me

security/nss/.sancov-blacklist

@@ -0,0 +1,2 @@
+src:*/gtests/google_test/*
+src:*/gtests/ssl_gtest/*

security/nss/TAG-INFO

@@ -1 +1 @@
-c1a4035420c3
+3e452651e282

security/nss/automation/taskcluster/scripts/gen_coverage_report.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+source $(dirname "$0")/tools.sh
+
+# Clone NSPR.
+hg_clone https://hg.mozilla.org/projects/nspr ./nspr default
+
+out=/home/worker/artifacts
+mkdir -p $out
+
+# Generate coverage report.
+cd nss && ./mach coverage --outdir=$out ssl_gtests

security/nss/coreconf/coreconf.dep

@@ -10,4 +10,3 @@
  */
 
 #error "Do not include this header file."
-

security/nss/lib/softoken/sdb.c

@@ -644,13 +644,18 @@ static int
 sdb_openDB(const char *name, sqlite3 **sqlDB, int flags)
 {
     int sqlerr;
-    /*
-     * in sqlite3 3.5.0, there is a new open call that allows us
-     * to specify read only. Most new OS's are still on 3.3.x (including
-     * NSS's internal version and the version shipped with Firefox).
-     */
+    int openFlags;
+
     *sqlDB = NULL;
-    sqlerr = sqlite3_open(name, sqlDB);
+
+    if (flags & SDB_RDONLY) {
+        openFlags = SQLITE_OPEN_READONLY;
+    } else {
+        openFlags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE;
+    }
+
+    /* Requires SQLite 3.5.0 or newer. */
+    sqlerr = sqlite3_open_v2(name, sqlDB, openFlags, NULL);
     if (sqlerr != SQLITE_OK) {
         return sqlerr;
     }

security/nss/lib/ssl/ssl3prot.h

@@ -16,7 +16,7 @@ typedef PRUint16 SSL3ProtocolVersion;
 /* The TLS 1.3 draft version. Used to avoid negotiating
  * between incompatible pre-standard TLS 1.3 drafts.
  * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
-#define TLS_1_3_DRAFT_VERSION 26
+#define TLS_1_3_DRAFT_VERSION 28
 
 typedef PRUint16 ssl3CipherSuite;
 /* The cipher suites are defined in sslproto.h */