Closed
Bug 1107731
Opened 10 years ago
Closed 10 years ago
Upgrade Mozilla 36 and 37 to use NSS 3.17.4
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla38
People
(Reporter: emk, Assigned: KaiE)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
57.66 KB,
patch
|
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
99.72 KB,
patch
|
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
To take a change from bug 1084986.
Reporter | ||
Updated•10 years ago
|
Summary: Upgrade Mozilla 37 to use NSS 3.17.4 → Upgrade Mozilla 37 to use NSS 3.18 beta
Comment 1•10 years ago
|
||
Masatoshi-san, does it make sense to update 36 (first week of Aurora this week) with this change as well?
Flags: needinfo?(VYV03354)
Reporter | ||
Comment 2•10 years ago
|
||
It would be better to update 36, but not mandatory.
Flags: needinfo?(VYV03354)
Assignee | ||
Comment 3•10 years ago
|
||
We just completed a release version of NSS 3.17.3 for the purpose of finalizing the NSS changes for Firefox 36. If you required the fix from bug 1084986 for Aurora 36, we'd be required to make another NSS release prior to the next Firefox merge day.
Reporter | ||
Comment 4•10 years ago
|
||
Then we can continue to use SSL_ERROR_NO_CYPHER_OVERLAP for 36.
Assignee | ||
Comment 5•10 years ago
|
||
I've landed a beta5 of 3.18 into mozilla-central for Firefox 37, with r=wtc We'd like to get several other changes into NSS 3.18 and into Firefox 37, but they aren't finalized yet, so we'll probably have to ask for landing approval a couple of times.
Summary: Upgrade Mozilla 37 to use NSS 3.18 beta → Upgrade Mozilla 37 to use NSS 3.18
Assignee | ||
Comment 6•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/fec317aa00bc
Assignee | ||
Updated•10 years ago
|
Whiteboard: [leave open]
Assignee | ||
Updated•10 years ago
|
Target Milestone: --- → mozilla37
Assignee | ||
Updated•10 years ago
|
status-firefox37:
--- → affected
Assignee | ||
Comment 8•10 years ago
|
||
Updated m-c (38) to beta 6. https://hg.mozilla.org/integration/mozilla-inbound/rev/90b2075e691f
Comment 10•10 years ago
|
||
(In reply to Kai Engert (:kaie) from comment #3) > If you required the fix from bug 1084986 for Aurora 36, we'd be required to > make another NSS release prior to the next Firefox merge day. Can we get the fix for bug 1084986 on Beta 36 now?
Flags: needinfo?(kaie)
Assignee | ||
Comment 11•10 years ago
|
||
(In reply to :Gavin Sharp [email: gavin@gavinsharp.com] from comment #10) > (In reply to Kai Engert (:kaie) from comment #3) > > If you required the fix from bug 1084986 for Aurora 36, we'd be required to > > make another NSS release prior to the next Firefox merge day. > > Can we get the fix for bug 1084986 on Beta 36 now? I had assumed you had given up targetting 36 based on comment 3 and comment 4. If you really want to target 36, then my original comment 3 is still correct I don't recommend taking NSS 3.18 for Firefox 36, because it's not ready yet, we plan some more NSS changes during this cycle, which should happen during Aurora, and which are probably too risky at the last minute of the Firefox beta cycle. If you want the fix for bug 1084986 and bug 1113780 in Firefox 36, we should do a NSS 3.17.x branch release, with that change, only. Gavin, the answer to your question is: "If you say you really want it in Firefox 36, then we can do it, it requires that we create a NSS 3.17.4 release (based on existing 3.17.3 plus the bugfix you want)."
Flags: needinfo?(kaie) → needinfo?(gavin.sharp)
Comment 12•10 years ago
|
||
(In reply to Kai Engert (:kaie) from comment #11) > Gavin, the answer to your question is: > "If you say you really want it in Firefox 36, then we can do it, it > requires > that we create a NSS 3.17.4 release (based on existing 3.17.3 plus the > bugfix > you want)." I don't have a great sense of how much work or risk is involved with that, but I do really want the fix in Firefox 36.
Flags: needinfo?(gavin.sharp)
Assignee | ||
Comment 13•10 years ago
|
||
(In reply to :Gavin Sharp [email: gavin@gavinsharp.com] from comment #12) > I don't have a great sense of how much work or risk is involved with that, > but I do really want the fix in Firefox 36. Gavin, after an assessment of all the changes that have recently been included in NSS, it became clear that all changes have been of the "correctness fix" type. The most significant fixes were to NSS TLS server code (not used by Firefox IIUC) and libpkix (not used by Firefox). Are you willing to accept/approve taking an NSS release for Firefox 36 beta, that has these correctness fixes? We would be able to deliver that within the next couple of days. The list of changes can be seen here: https://hg.mozilla.org/projects/nss/graph (Everything that's on the main yellow line, after NSS_3_17_3_RTM from 7 weeks ago.)
Flags: needinfo?(gavin.sharp)
Comment 14•10 years ago
|
||
(In reply to Kai Engert (:kaie) from comment #13) > Are you willing to accept/approve taking an NSS release for Firefox 36 beta, > that has these correctness fixes? We would be able to deliver that within > the next couple of days. You're a much better judge of the potential impact of these changes than I am. If you're very confident that there are no changes that introduce risk to Firefox in that delta, then that sounds like the right plan.
Flags: needinfo?(gavin.sharp)
Comment 15•10 years ago
|
||
If the changes are safe, yes, we could take them to fix bug 1098371.
status-firefox36:
--- → affected
tracking-firefox36:
--- → +
Assignee | ||
Comment 16•10 years ago
|
||
Because no new APIs have been added (or changed) since the previous NSS release, it has been decided to use version number 3.17.4 (instead of 3.18). I'll push the 3.17.4 release candidate to inbound soon (when it's open). I suggest to land it into aurora and beta, too. Assuming no further issues, we intend to declare it a final NSS release early next week.
Summary: Upgrade Mozilla 37 to use NSS 3.18 → Upgrade Mozilla 36 and 37 to use NSS 3.17.4
Assignee | ||
Comment 17•10 years ago
|
||
Assignee: nobody → kaie
Attachment #8553298 -
Flags: approval-mozilla-aurora?
Assignee | ||
Comment 18•10 years ago
|
||
Assignee | ||
Updated•10 years ago
|
Attachment #8553302 -
Flags: approval-mozilla-beta?
Assignee | ||
Comment 19•10 years ago
|
||
The patches for aurora and beta might seem big, but I looked through them, and most of the changes are in comments, in license headers, in tests, and in code not used by Firefox. The few effective changes all look very safe, and are of correctness fix quality, as said before.
Assignee | ||
Comment 20•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/94076cd5ec2f
Updated•10 years ago
|
Attachment #8553298 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Updated•10 years ago
|
Attachment #8553302 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 22•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/6b4103d8c3f7 https://hg.mozilla.org/releases/mozilla-beta/rev/f4e1d64f9ab9 Leaving the flags set to affected per discussion w/ Kai until the RTM tag change is pushed.
status-firefox38:
--- → affected
Target Milestone: mozilla37 → mozilla38
Assignee | ||
Comment 23•10 years ago
|
||
The 3.17.4 release candidate has been tagged as final release without further changes.
Assignee | ||
Comment 24•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/32ee46cf5eda
Assignee | ||
Updated•10 years ago
|
Whiteboard: [leave open]
Assignee | ||
Comment 25•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/d4d912d78902 https://hg.mozilla.org/releases/mozilla-beta/rev/0e2a17da6dd9
https://hg.mozilla.org/mozilla-central/rev/32ee46cf5eda
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Updated•10 years ago
|
Updated•9 years ago
|
Updated•7 months ago
|
Blocks: nss-uplift
You need to log in
before you can comment on or make changes to this bug.
Description
•