Upgrade Firefox 49 to NSS 3.25

RESOLVED FIXED in Firefox 49

Status

()

defect
P1
normal
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: kaie, Assigned: kaie)

Tracking

49 Branch
mozilla49
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox49 fixed)

Details

(Whiteboard: [psm-assigned])

Attachments

(4 attachments)

Assignee

Description

3 years ago
Firefox 49 should use NSS 3.25, which is currently being worked on.
Assignee

Updated

3 years ago
Summary: Upgrade Firefox 45 to NSS 3.25 → Upgrade Firefox 49 to NSS 3.25
Assignee

Updated

3 years ago
Depends on: 1275533
Assignee

Comment 1

3 years ago
Try build with today's snapshot 765c0adb71b7
https://treeherder.mozilla.org/#/jobs?repo=try&revision=d6d705067fc8
I'm a bit concerned about the Win7 cl tests failing. But I don't see any relation to NSS there so I think we should be good to land a beta.

Comment 3

3 years ago
(In reply to Franziskus Kiefer [:fkiefer or :franziskus] from comment #2)
> I'm a bit concerned about the Win7 cl tests failing. But I don't see any
> relation to NSS there so I think we should be good to land a beta.

That's Bug 1270962.
tl;dr - Win7 VM instances (ones with spot in the machine name) currently can't run clipboard related tests successfully. In this case, all the M-cl tests failures are in fact on spot machines, so the try push looks fine.

(On a side note, it might be a good idea to exclude things like Reftests in future NSS try pushes as well, since those tests test code that have zero relation to NSS.)
Assignee

Comment 4

3 years ago
(In reply to :Cykesiopka from comment #3)
> 
> (On a side note, it might be a good idea to exclude things like Reftests in
> future NSS try pushes as well, since those tests test code that have zero
> relation to NSS.)

Anything else that should be excluded? Would you like to recommend a complete trychooser parameter that seems reasonable for NSS try runs?
Maybe something like "try: -b do -p all -u xpcshell,cppunit,gtest,mochitests -t none"?
Assignee: nobody → kaie
Whiteboard: [psm-assigned]

Comment 7

3 years ago
(In reply to David Keeler [:keeler] (use needinfo?) from comment #5)
> Maybe something like "try: -b do -p all -u xpcshell,cppunit,gtest,mochitests
> -t none"?

Yeah, that looks reasonable.
Keywords: leave-open
Blocks: 975832
Depends on: 1278434
the configure check was not updated, while nsNSSCallbacks.cpp uses new values (TLS_ECDHE_*_WITH_AES_256_GCM_SHA384)
(In reply to Mike Hommey [:glandium] from comment #9)
> the configure check was not updated, while nsNSSCallbacks.cpp uses new
> values (TLS_ECDHE_*_WITH_AES_256_GCM_SHA384)

What is "the configure check"? What happens if it is not updated?
(In reply to Masatoshi Kimura [:emk] from comment #10)
> (In reply to Mike Hommey [:glandium] from comment #9)
> > the configure check was not updated, while nsNSSCallbacks.cpp uses new
> > values (TLS_ECDHE_*_WITH_AES_256_GCM_SHA384)
> 
> What is "the configure check"?

https://dxr.mozilla.org/mozilla-central/rev/b6f7d0eb61b1878d3d906bd231edf225463ece3f/old-configure.in#2469

> What happens if it is not updated?

Build failure against system NSS between 3.23 (currently checked minimal version) and 3.25 (better to fail during configure than during the build).
Per ChaCha20/Poly1305 precedent[1], we will update the configure check when NSS 3.25 RTM is merged to m-c.

[1] https://hg.mozilla.org/mozilla-central/rev/5e135136e21c
(In reply to Masatoshi Kimura [:emk] from comment #12)
> Per ChaCha20/Poly1305 precedent[1], we will update the configure check when
> NSS 3.25 RTM is merged to m-c.
> 
> [1] https://hg.mozilla.org/mozilla-central/rev/5e135136e21c

That's backwards. Building aurora *is* broken with versions that pass configure.
Comment on attachment 8762370 [details] [diff] [review]
NSS_3.25_RC0.patch

Review of attachment 8762370 [details] [diff] [review]:
-----------------------------------------------------------------

There are a few other files that need changing in the tree I think.  Kai usually just asks for review on a version number and we land the changes using the scripts.
(In reply to Martin Thomson [:mt:] from comment #15)
> Comment on attachment 8762370 [details] [diff] [review]
> NSS_3.25_RC0.patch
> 
> Review of attachment 8762370 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> There are a few other files that need changing in the tree I think.  Kai
> usually just asks for review on a version number and we land the changes
> using the scripts.

This should contain everything (the patch is created using the scripts). I'd have landed it if I'd have commit access... So I'll just leave this here until someone lands it or tells me what else to change.
Assignee

Comment 17

3 years ago
Comment on attachment 8762370 [details] [diff] [review]
NSS_3.25_RC0.patch

r-

I just ran command
  python client.py update_nss NSS_3_25_RC0
against mozilla-inbound, and the result contains several differences when compared to this patch, although both patches (your and mine) claim to be the diff between tag beta1 and rc0.

It seems something went wrong when preparing this patch.
Attachment #8762370 - Flags: review-
Assignee

Comment 18

3 years ago
Attachment #8762370 - Attachment is obsolete: true
Attachment #8762541 - Flags: review?(franziskuskiefer)
Assignee

Updated

3 years ago
Attachment #8762541 - Attachment description: upgrade-to-325rc0.patch → Command to upgrade-to-325rc0
Attachment #8762541 - Attachment filename: upgrade-to-325rc0.patch → upgrade-to-325rc0
Assignee

Comment 19

3 years ago
Attachment #8762542 - Flags: review?(franziskuskiefer)
Assignee

Comment 20

3 years ago
(In reply to Kai Engert (:kaie) from comment #17)
> I just ran command
>   python client.py update_nss NSS_3_25_RC0
> against mozilla-inbound, and the result contains several differences when
> compared to this patch, although both patches (your and mine) claim to be
> the diff between tag beta1 and rc0.
> 
> It seems something went wrong when preparing this patch.

Ok, that's interesting.

I was wrong.

Although the patches look different, the difference is simply caused by the order of removal and insertion statements in the patch.

I confirmed that Franziskus' patch produces the identical output than the command I attached.
Assignee

Updated

3 years ago
Attachment #8762541 - Flags: review?(franziskuskiefer)
Assignee

Comment 21

3 years ago
Comment on attachment 8762370 [details] [diff] [review]
NSS_3.25_RC0.patch

Changing my earlier r- to an r+ as explained
Attachment #8762370 - Attachment is obsolete: false
Attachment #8762370 - Flags: review- → review+
Assignee

Comment 22

3 years ago
Comment on attachment 8762542 [details] [diff] [review]
bump-configure-to-3.25.patch

r=franziskus on IRC
Attachment #8762542 - Flags: review?(franziskuskiefer) → review+
Flags: needinfo?(ttaubert)
Assignee

Comment 27

3 years ago
Posted file upgrade-to-325rtm
Aurora 49 uses a beta version of NSS.

We must upgrade it to the final release tag.

This is a placeholder attachment, which lists the command used to uplift the RTM tag.
Attachment #8764553 - Flags: review?(franziskuskiefer)
Attachment #8764553 - Flags: approval-mozilla-aurora?
Assignee

Comment 28

3 years ago
Comment on attachment 8762542 [details] [diff] [review]
bump-configure-to-3.25.patch

This patch adjusts the configuration script to require the newer NSS version at build time.
Attachment #8762542 - Flags: approval-mozilla-aurora?
Attachment #8764553 - Flags: review?(franziskuskiefer) → review+
Comment on attachment 8764553 [details]
upgrade-to-325rtm

We want to make sure to release the non-beta version; please uplift this to aurora.
Attachment #8764553 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Status: NEW → RESOLVED
Closed: 3 years ago
Keywords: leave-open
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
Assignee

Comment 31

3 years ago
Thank you
Attachment #8762542 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+

Updated

3 years ago
Depends on: 1304407
You need to log in before you can comment on or make changes to this bug.