Closed
Bug 1339789
Opened 8 years ago
Closed 8 years ago
Upgrade Firefox 52 (regular and ESR) to NSS 3.28.3 to fix binary compatibility issues
Categories
(Core :: Security: PSM, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla54
| Tracking | Status | |
|---|---|---|
| firefox51 | --- | wontfix |
| firefox52 | + | fixed |
| firefox-esr52 | --- | fixed |
| firefox53 | --- | unaffected |
| firefox54 | --- | unaffected |
People
(Reporter: KaiE, Assigned: KaiE)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-assigned])
Attachments
(2 files)
|
800 bytes,
patch
|
Details | Diff | Splinter Review | |
|
121 bytes,
text/plain
|
jcristau
:
approval-mozilla-beta+
|
Details |
The NSS version used by Firefox 51 and Firefox 52 contain an accidental change of an API data structure, which breaks binary compatibility with previous NSS versions.
Although this isn't an issue when NSS is built as part of Firefox, I would like to ask to get this fixed prior to the releases of Firefox 52.
The new Firefox ESR version will likely be a major driver to cause NSS consumers to upgrade, such as in enterprise deployments. We should avoid that they upgrade to the ABI-incompatible change. We can do so, by upgrading Firefox 52 to NSS 3.28.3, which contains the fix, and restores the old compatibility.
Also, there was a problem with the recent upgrade of Firefox to NSS 3.28.2.
The version number reported by NSS 3.28.2 is the incorrect 3.28.1, which may Linux distributions to accidentally consume the 3.28.1, and which would prevent them from picking up the important fixes from NSS 3.28.2.
If you agree to this fix, a single code patch will be added on top of what Firefox 52 is using today, see bug 1334108 attachment 8837341 [details] [diff] [review].
(For Firefox 53, because it uses NSS 3.29, I'll file a separate bug, which will request to upgrade to NSS 3.29.1)
|
Assignee | |
Comment 1•8 years ago
|
||
|
|
Assignee | |
Comment 2•8 years ago
|
||
We don't need to respin ff51.
Setting ff53 to unaffected, because it's handled in bug 1339790
ff54 will be fixed with the next nightly merge on m-c
status-firefox51:
--- → wontfix
status-firefox52:
--- → affected
status-firefox53:
--- → unaffected
status-firefox54:
--- → affected
|
|
Assignee | |
Comment 3•8 years ago
|
||
I don't think this can cause any issues, but I've started a try build of the esr52 branch with the suggested change (I assume testing esr52 is sufficient to cover mozilla-beta 52, too):
https://treeherder.mozilla.org/#/jobs?repo=try&revision=c9e78c192d55b548b3ac0bad617ba0b113b5eded
|
||
Comment 4•8 years ago
|
||
Yeah, they're completely identical at this point. Thanks, Kai!
|
|
Assignee | |
Comment 6•8 years ago
|
||
We found an additional issue with NSS 3.28, bug 1340103.
We're trying to get this resolved ASAP.
Depends on: 1340103
|
||
Updated•8 years ago
|
Assignee: nobody → kaie
Priority: -- → P1
Whiteboard: [psm-assigned]
|
|
Assignee | |
Comment 7•8 years ago
|
||
We identified another ABI breakage, and it has been fixed, too.
The 3.28.3 release has been created, so we're ready to proceed.
I've started another try build:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=57f9f6877d4850e220b4d188be08c3d52cfcefc0
For comparison purposes, here's a try build on the same branch, but without any patches (so we know which try test failures are expected):
https://treeherder.mozilla.org/#/jobs?repo=try&revision=363a5d585206132d4176f7b8f743799b16556578
|
|
Assignee | |
Comment 8•8 years ago
|
||
The try builds look good to me.
I think it's safe to pick up these two correctness fixes, which have been released as 3.28.3
|
|
Assignee | |
Comment 9•8 years ago
|
||
Approval Request Comment
[Feature/Bug causing the regression]:
nss 3.28 release, bug 957105
[User impact if declined]:
shipping ABI incompatible NSS into enterprise deployments
[Is this code covered by automated tests?]:
yes
[Has the fix been verified in Nightly?]:
only in nightly NSS tests, not yet in nightly ff
[Needs manual test from QE? If yes, steps to reproduce]:
no
[List of other uplifts needed for the feature/fix]:
nothing else
[Is the change risky?]:
no
[Why is the change risky/not risky?]:
Passes all tests of both NSS and Firefox.
[String changes made/needed]:
none
Attachment #8839152 -
Flags: approval-mozilla-beta?
|
||
Comment 10•8 years ago
|
||
Comment on attachment 8839152 [details]
update-to-3.28.3.txt
nss update to undo ABI breakage, let's get this in today for 52.0b8
Attachment #8839152 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
Assignee | |
Updated•8 years ago
|
Summary: Upgrade Firefox 52 (regular and ESR) to NSS 3.28.3 to fix a binary compatibility issue → Upgrade Firefox 52 (regular and ESR) to NSS 3.28.3 to fix binary compatibility issues
|
|
Assignee | |
Comment 11•8 years ago
|
||
https://hg.mozilla.org/releases/mozilla-beta/rev/b570b28bb0f5092d293de5a70bc4d4c840460ee0
Should be auto-synced to esr52
|
|
||
Comment 12•8 years ago
|
||
Will be synced to es52, but isn't yet, so leaving as affected for now. :)
|
||
Comment 13•8 years ago
|
||
Setting qe-verify- based on Kai's assessment on manual testing needs (Comment 9) and the fact that this fix has automated coverage.
Flags: qe-verify-
|
|
||
Comment 14•8 years ago
|
||
| bugherder uplift | ||
|
|
Assignee | |
Updated•8 years ago
|
Target Milestone: --- → mozilla54
|
|
||
Comment 15•8 years ago
|
||
fixed in 54 as part of bug 1334127
|
||
Updated•1 year ago
|
Blocks: nss-uplift
You need to log in
before you can comment on or make changes to this bug.
Description
•