Closed
Bug 1277255
Opened 8 years ago
Closed 8 years ago
Upgrade Firefox 49 to NSS 3.25
Categories
(Core :: Security: PSM, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla49
Tracking | Status | |
---|---|---|
firefox49 | --- | fixed |
People
(Reporter: KaiE, Assigned: KaiE)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-assigned])
Attachments
(4 files)
451.98 KB,
patch
|
KaiE
:
review+
|
Details | Diff | Splinter Review |
42 bytes,
text/plain
|
Details | |
796 bytes,
patch
|
KaiE
:
review+
lizzard
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
42 bytes,
text/plain
|
franziskus
:
review+
lizzard
:
approval-mozilla-aurora+
|
Details |
Firefox 49 should use NSS 3.25, which is currently being worked on.
Assignee | ||
Updated•8 years ago
|
Summary: Upgrade Firefox 45 to NSS 3.25 → Upgrade Firefox 49 to NSS 3.25
Assignee | ||
Comment 1•8 years ago
|
||
Try build with today's snapshot 765c0adb71b7
https://treeherder.mozilla.org/#/jobs?repo=try&revision=d6d705067fc8
Comment 2•8 years ago
|
||
I'm a bit concerned about the Win7 cl tests failing. But I don't see any relation to NSS there so I think we should be good to land a beta.
Comment 3•8 years ago
|
||
(In reply to Franziskus Kiefer [:fkiefer or :franziskus] from comment #2)
> I'm a bit concerned about the Win7 cl tests failing. But I don't see any
> relation to NSS there so I think we should be good to land a beta.
That's Bug 1270962.
tl;dr - Win7 VM instances (ones with spot in the machine name) currently can't run clipboard related tests successfully. In this case, all the M-cl tests failures are in fact on spot machines, so the try push looks fine.
(On a side note, it might be a good idea to exclude things like Reftests in future NSS try pushes as well, since those tests test code that have zero relation to NSS.)
Assignee | ||
Comment 4•8 years ago
|
||
(In reply to :Cykesiopka from comment #3)
>
> (On a side note, it might be a good idea to exclude things like Reftests in
> future NSS try pushes as well, since those tests test code that have zero
> relation to NSS.)
Anything else that should be excluded? Would you like to recommend a complete trychooser parameter that seems reasonable for NSS try runs?
Comment 5•8 years ago
|
||
Maybe something like "try: -b do -p all -u xpcshell,cppunit,gtest,mochitests -t none"?
Assignee: nobody → kaie
Whiteboard: [psm-assigned]
Pushed by kaie@kuix.de:
https://hg.mozilla.org/integration/mozilla-inbound/rev/a2f23b6058a2
land NSS_3_25_BETA1, r=franziskus
Comment 7•8 years ago
|
||
(In reply to David Keeler [:keeler] (use needinfo?) from comment #5)
> Maybe something like "try: -b do -p all -u xpcshell,cppunit,gtest,mochitests
> -t none"?
Yeah, that looks reasonable.
Updated•8 years ago
|
Keywords: leave-open
Comment 8•8 years ago
|
||
bugherder |
Comment 9•8 years ago
|
||
the configure check was not updated, while nsNSSCallbacks.cpp uses new values (TLS_ECDHE_*_WITH_AES_256_GCM_SHA384)
Comment 10•8 years ago
|
||
(In reply to Mike Hommey [:glandium] from comment #9)
> the configure check was not updated, while nsNSSCallbacks.cpp uses new
> values (TLS_ECDHE_*_WITH_AES_256_GCM_SHA384)
What is "the configure check"? What happens if it is not updated?
Comment 11•8 years ago
|
||
(In reply to Masatoshi Kimura [:emk] from comment #10)
> (In reply to Mike Hommey [:glandium] from comment #9)
> > the configure check was not updated, while nsNSSCallbacks.cpp uses new
> > values (TLS_ECDHE_*_WITH_AES_256_GCM_SHA384)
>
> What is "the configure check"?
https://dxr.mozilla.org/mozilla-central/rev/b6f7d0eb61b1878d3d906bd231edf225463ece3f/old-configure.in#2469
> What happens if it is not updated?
Build failure against system NSS between 3.23 (currently checked minimal version) and 3.25 (better to fail during configure than during the build).
Comment 12•8 years ago
|
||
Per ChaCha20/Poly1305 precedent[1], we will update the configure check when NSS 3.25 RTM is merged to m-c.
[1] https://hg.mozilla.org/mozilla-central/rev/5e135136e21c
Comment 13•8 years ago
|
||
(In reply to Masatoshi Kimura [:emk] from comment #12)
> Per ChaCha20/Poly1305 precedent[1], we will update the configure check when
> NSS 3.25 RTM is merged to m-c.
>
> [1] https://hg.mozilla.org/mozilla-central/rev/5e135136e21c
That's backwards. Building aurora *is* broken with versions that pass configure.
Comment 14•8 years ago
|
||
Tim, could you land this?
try run is at [1]
[1] https://treeherder.mozilla.org/#/jobs?repo=try&revision=f601aeda21cf092ee332a077555364b93c307ad6
Flags: needinfo?(ttaubert)
Comment 15•8 years ago
|
||
Comment on attachment 8762370 [details] [diff] [review]
NSS_3.25_RC0.patch
Review of attachment 8762370 [details] [diff] [review]:
-----------------------------------------------------------------
There are a few other files that need changing in the tree I think. Kai usually just asks for review on a version number and we land the changes using the scripts.
Comment 16•8 years ago
|
||
(In reply to Martin Thomson [:mt:] from comment #15)
> Comment on attachment 8762370 [details] [diff] [review]
> NSS_3.25_RC0.patch
>
> Review of attachment 8762370 [details] [diff] [review]:
> -----------------------------------------------------------------
>
> There are a few other files that need changing in the tree I think. Kai
> usually just asks for review on a version number and we land the changes
> using the scripts.
This should contain everything (the patch is created using the scripts). I'd have landed it if I'd have commit access... So I'll just leave this here until someone lands it or tells me what else to change.
Assignee | ||
Comment 17•8 years ago
|
||
Comment on attachment 8762370 [details] [diff] [review]
NSS_3.25_RC0.patch
r-
I just ran command
python client.py update_nss NSS_3_25_RC0
against mozilla-inbound, and the result contains several differences when compared to this patch, although both patches (your and mine) claim to be the diff between tag beta1 and rc0.
It seems something went wrong when preparing this patch.
Attachment #8762370 -
Flags: review-
Assignee | ||
Comment 18•8 years ago
|
||
Attachment #8762370 -
Attachment is obsolete: true
Attachment #8762541 -
Flags: review?(franziskuskiefer)
Assignee | ||
Updated•8 years ago
|
Attachment #8762541 -
Attachment description: upgrade-to-325rc0.patch → Command to upgrade-to-325rc0
Attachment #8762541 -
Attachment filename: upgrade-to-325rc0.patch → upgrade-to-325rc0
Assignee | ||
Comment 19•8 years ago
|
||
Attachment #8762542 -
Flags: review?(franziskuskiefer)
Assignee | ||
Comment 20•8 years ago
|
||
(In reply to Kai Engert (:kaie) from comment #17)
> I just ran command
> python client.py update_nss NSS_3_25_RC0
> against mozilla-inbound, and the result contains several differences when
> compared to this patch, although both patches (your and mine) claim to be
> the diff between tag beta1 and rc0.
>
> It seems something went wrong when preparing this patch.
Ok, that's interesting.
I was wrong.
Although the patches look different, the difference is simply caused by the order of removal and insertion statements in the patch.
I confirmed that Franziskus' patch produces the identical output than the command I attached.
Assignee | ||
Updated•8 years ago
|
Attachment #8762541 -
Flags: review?(franziskuskiefer)
Assignee | ||
Comment 21•8 years ago
|
||
Comment on attachment 8762370 [details] [diff] [review]
NSS_3.25_RC0.patch
Changing my earlier r- to an r+ as explained
Attachment #8762370 -
Attachment is obsolete: false
Attachment #8762370 -
Flags: review- → review+
Assignee | ||
Comment 22•8 years ago
|
||
Comment on attachment 8762542 [details] [diff] [review]
bump-configure-to-3.25.patch
r=franziskus on IRC
Attachment #8762542 -
Flags: review?(franziskuskiefer) → review+
Comment 23•8 years ago
|
||
Pushed by kaie@kuix.de:
https://hg.mozilla.org/integration/mozilla-inbound/rev/bb5316a4c7c2
land NSS_3_25_RC0, r=kaie
https://hg.mozilla.org/integration/mozilla-inbound/rev/3a53ff76208b
bump configure to require NSS 3.25, r=franziskus
Comment 24•8 years ago
|
||
bugherder |
Updated•8 years ago
|
Flags: needinfo?(ttaubert)
Comment 25•8 years ago
|
||
Pushed by kaie@kuix.de:
https://hg.mozilla.org/integration/mozilla-inbound/rev/c4be443b20d0
land NSS_3_25_RC1, r=me
Updated•8 years ago
|
Priority: -- → P1
Comment 26•8 years ago
|
||
bugherder |
Assignee | ||
Comment 27•8 years ago
|
||
Aurora 49 uses a beta version of NSS.
We must upgrade it to the final release tag.
This is a placeholder attachment, which lists the command used to uplift the RTM tag.
Attachment #8764553 -
Flags: review?(franziskuskiefer)
Attachment #8764553 -
Flags: approval-mozilla-aurora?
Assignee | ||
Comment 28•8 years ago
|
||
Comment on attachment 8762542 [details] [diff] [review]
bump-configure-to-3.25.patch
This patch adjusts the configuration script to require the newer NSS version at build time.
Attachment #8762542 -
Flags: approval-mozilla-aurora?
Updated•8 years ago
|
Attachment #8764553 -
Flags: review?(franziskuskiefer) → review+
Comment 29•8 years ago
|
||
Comment on attachment 8764553 [details]
upgrade-to-325rtm
We want to make sure to release the non-beta version; please uplift this to aurora.
Attachment #8764553 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 30•8 years ago
|
||
bugherder uplift |
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Keywords: leave-open
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
Assignee | ||
Comment 31•8 years ago
|
||
Thank you
Updated•8 years ago
|
Attachment #8762542 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Updated•10 months ago
|
Blocks: nss-uplift
You need to log in
before you can comment on or make changes to this bug.
Description
•