Closed
Bug 1345368
Opened 7 years ago
Closed 7 years ago
Upgrade Firefox 55 to NSS 3.31
Categories
(Core :: Security: PSM, enhancement, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla55
Tracking | Status | |
---|---|---|
firefox55 | --- | fixed |
People
(Reporter: franziskus, Assigned: franziskus)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-assigned])
Attachments
(1 file, 1 obsolete file)
972 bytes,
patch
|
ted
:
review+
|
Details | Diff | Splinter Review |
Tracking NSS 3.31 for Firefox 55.
Assignee | ||
Updated•7 years ago
|
Keywords: leave-open
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/128049485d00 land NSS 6fafb8fd9ff4, r=me https://hg.mozilla.org/integration/mozilla-inbound/rev/835425e189a5 bump NSS version in old-configure, r=me
Comment 2•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/128049485d00 https://hg.mozilla.org/mozilla-central/rev/835425e189a5
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/2cc8a6db5ec1 land NSS 848abc2061a4, r=me
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/3c437072e721 land NSS 09c491ef3b41, r=me
Comment 5•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2cc8a6db5ec1 https://hg.mozilla.org/mozilla-central/rev/3c437072e721
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ee690cc90757 land NSS cf81ccc154dd, r=me
Comment 7•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/ee690cc90757
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/6d17c6eda45f land NSS 37ccb22f8e51, r=me
Comment 9•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/6d17c6eda45f
![]() |
||
Updated•7 years ago
|
Priority: -- → P1
Whiteboard: [psm-assigned]
Comment 10•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/4d632924b0c7 land NSS d621b1e53054, r=me
Comment 11•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/4d632924b0c7
Comment 12•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/7cf29f98d6ec land NSS 06158d335df0, r=me
Comment 13•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/7cf29f98d6ec
Comment 14•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/c206ddf4676c land NSS 215207b4864c, r=me
Comment 15•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/c206ddf4676c
Comment 16•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/dc13294e543d land NSS 215207b4864c, r=me
Comment 17•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/dc13294e543d
Comment 18•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/6d89751bf9df land NSS 1fb7e5f584de, r=me
Comment 19•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/6d89751bf9df
Comment 20•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/53be95383c09 land NSS 7228445b43ac, r=me
Comment 21•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/53be95383c09
Comment 22•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/daa9293d37ee land NSS fa15eb3ce158, r=me
Comment 23•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/daa9293d37ee
![]() |
||
Comment 24•7 years ago
|
||
(In reply to Pulsebot from comment #20) > Pushed by franziskuskiefer@gmail.com: > https://hg.mozilla.org/integration/mozilla-inbound/rev/53be95383c09 > land NSS 7228445b43ac, r=me This change included two new files that look like they shouldn't be there: security/manager/ssl/RootHashes.inc.orig security/manager/tools/KnownRootHashes.json.orig fkiefer, were they committed by accident?
Flags: needinfo?(franziskuskiefer)
Assignee | ||
Comment 25•7 years ago
|
||
Hm, that's weird. They indeed shouldn't be there like this. I'll push a follow up and make sure to fix the script that pushed this change.
Flags: needinfo?(franziskuskiefer)
Comment 26•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/f3e41a81b136 root hashes follow-up
Comment 27•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/f3e41a81b136
Assignee | ||
Comment 28•7 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=b097dd39571750acd76656e275e6899c95d52269
Comment 29•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/f89fdc028cb1 land NSS 236a06d9c3c4, r=me
Comment 30•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/f89fdc028cb1
Assignee | ||
Comment 31•7 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=59b916e0710f6822dfb73804a1c475f6e75fc80c
Assignee | ||
Comment 32•7 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=64f2e33d0ca49b6870882d204e899442af785ba4
Comment 33•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/0751b01e0e65 land NSS 57e38a8407b3, r=me
Comment 34•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/0751b01e0e65
Comment 35•7 years ago
|
||
Just as an FYI it looks like this change increased the # of compiler warnings: == Change summary for alert #6673 (as of May 17 2017 14:30 UTC) == Regressions: 2% compiler warnings summary windowsxp debug 230.00 -> 234.00 2% compiler warnings summary windows2012-32 debug 230.00 -> 234.00 2% compiler warnings summary linux64 debug static-analysis361.67 -> 367.58 1% compiler warnings summary linux32 debug 468.00 -> 473.00 1% compiler warnings summary linux64-stylo debug 475.00 -> 480.00 1% compiler warnings summary linux64 debug 474.00 -> 479.00 For up to date results, see: https://treeherder.mozilla.org/perf.html#/alerts?id=6673
Comment 36•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/bf6ee973f04e land NSS 0c3800b6eaba UPGRADE_NSS_RELEASE, r=me
Comment 37•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ea4280e95894 land NSS 29290a4a9bd0 UPGRADE_NSS_RELEASE, r=me
Comment 38•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/ea4280e95894
Assignee | ||
Comment 39•7 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=831c39830bbe6b12c5da522fed9a57b3a57980e7
Assignee | ||
Comment 40•7 years ago
|
||
The certdata generation changed in NSS. This will have to land with the next version of NSS.
Attachment #8873467 -
Flags: review?(ted)
Assignee | ||
Comment 41•7 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=dce737a90c5ee1b5c74eec9614bfbff9c6f9d616
Comment 42•7 years ago
|
||
Comment on attachment 8873467 [details] [diff] [review] ff-certdata.patch Review of attachment 8873467 [details] [diff] [review]: ----------------------------------------------------------------- It looks like certdata.py unconditionally calls 'perl': https://hg.mozilla.org/projects/nss/file/1943d2f973c7/lib/ckfw/builtins/certdata.py That's going to break things for anyone who's building with perl that's not in their PATH or with a different binary name. Can we fix that to honor some sort of PERL variable like we currently do?
Assignee | ||
Comment 43•7 years ago
|
||
We don't have access to any of the moz.build variables. But we can use an env variable if that works for you. Something like this https://nss-review.dev.mozaws.net/D346? We might have to set PERL=buildconfig.substs['PERL'] somewhere if that's not the case yet.
Flags: needinfo?(ted)
Assignee | ||
Comment 44•7 years ago
|
||
Set PERL env to buildconfig.substs['PERL'] to make NSS use $PERL instead of `perl`.
Attachment #8873467 -
Attachment is obsolete: true
Attachment #8873467 -
Flags: review?(ted)
Attachment #8873798 -
Flags: review?(ted)
Comment 45•7 years ago
|
||
Comment on attachment 8873798 [details] [diff] [review] ff-certdata.patch Review of attachment 8873798 [details] [diff] [review]: ----------------------------------------------------------------- This is OK, but looking at it again it feels like an odd way to go about it. You wrapped the Perl execution in a Python script to make things work better with MSYS/native path differences on Windows, but since we're already in Python here invoking another Python interpreter seems unnecessary. Could we instead just cheat and make the existing script drop the first entry in `inputs`?
Updated•7 years ago
|
Flags: needinfo?(ted)
Comment 46•7 years ago
|
||
Comment on attachment 8873798 [details] [diff] [review] ff-certdata.patch Review of attachment 8873798 [details] [diff] [review]: ----------------------------------------------------------------- I'm OK with landing this to unblock things, but it might be nicer to do what I mentioned in my previous comment.
Attachment #8873798 -
Flags: review?(ted) → review+
Comment 47•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/b5195ecbebe6 land NSS NSS_3_31_BETA1 UPGRADE_NSS_RELEASE, r=me https://hg.mozilla.org/integration/mozilla-inbound/rev/952cf10f8d8a adapt to new NSS certdata.py, r=ted
![]() |
||
Comment 48•7 years ago
|
||
Backed out for failing xpcshell's security/manager/ssl/tests/unit/test_broken_fips.js on Windows: https://hg.mozilla.org/integration/mozilla-inbound/rev/99e99af157c2a7b38f9919fc3647d26bd36c9c1d https://hg.mozilla.org/integration/mozilla-inbound/rev/11f9875cfe18ecfbb4b28d9f87d5f5af94258430 Push with failures: https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&revision=952cf10f8d8afa91d5b4e86702febfb0f19aa91e&filter-resultStatus=testfailed&filter-resultStatus=busted&filter-resultStatus=exception&filter-resultStatus=retry&filter-resultStatus=usercancel&filter-resultStatus=runnable&filter-resultStatus=success&filter-searchStr=windows+xpcshell Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=104828397&repo=mozilla-inbound 03:13:58 INFO - TEST-START | security/manager/ssl/tests/unit/test_broken_fips.js 03:13:58 WARNING - TEST-UNEXPECTED-FAIL | security/manager/ssl/tests/unit/test_broken_fips.js | xpcshell return code: 0 03:13:58 INFO - TEST-INFO took 311ms 03:13:58 INFO - >>>>>>> 03:13:58 INFO - (xpcshell/head.js) | test MAIN run_test pending (1) 03:13:58 WARNING - TEST-UNEXPECTED-FAIL | security/manager/ssl/tests/unit/test_broken_fips.js | run_test - [run_test : 27] FIPS should not be enabled - false == true 03:13:58 INFO - c:/slave/test/build/tests/xpcshell/tests/security/manager/ssl/tests/unit/test_broken_fips.js:run_test:27 03:13:58 INFO - c:\slave\test\build\tests\xpcshell\head.js:_execute_test:544 03:13:58 INFO - -e:null:1 03:13:58 INFO - exiting test 03:13:58 INFO - "CONSOLE_MESSAGE: (info) No chrome package registered for chrome://branding/locale/brand.properties" 03:13:58 INFO - <<<<<<<
Flags: needinfo?(franziskuskiefer)
Assignee | ||
Comment 49•7 years ago
|
||
David, can we remove that test? The FIPS DB is working again on Windows so that the test fails.
Flags: needinfo?(franziskuskiefer) → needinfo?(dkeeler)
![]() |
||
Comment 50•7 years ago
|
||
We should just make this line "skip-if = os != 'mac'" here: https://dxr.mozilla.org/mozilla-central/rev/2c6289f56812c30254acfdddabcfec1e149c0336/security/manager/ssl/tests/unit/xpcshell.ini#45 (and update the comment).
Flags: needinfo?(dkeeler)
Assignee | ||
Comment 51•7 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=e995f611f59a8f10af70781a1ee50e6c89f4a8d9
Comment 52•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/aafc907d2aae land NSS NSS_3_31_BETA2 UPGRADE_NSS_RELEASE, r=me https://hg.mozilla.org/integration/mozilla-inbound/rev/d93732fda32c Disable test_broken_fips on all platforms other than mac, r=keeler https://hg.mozilla.org/integration/mozilla-inbound/rev/b55ffc5807df adapt to new NSS certdata.py, r=ted
Comment 53•7 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/aafc907d2aae https://hg.mozilla.org/mozilla-central/rev/d93732fda32c https://hg.mozilla.org/mozilla-central/rev/b55ffc5807df
Comment 54•7 years ago
|
||
Pushed by franziskuskiefer@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ccf7273933f0 land NSS NSS_3_31_RTM UPGRADE_NSS_RELEASE, r=me
Assignee | ||
Updated•7 years ago
|
Keywords: leave-open
Comment 55•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/ccf7273933f0
Updated•7 months ago
|
Blocks: nss-uplift
You need to log in
before you can comment on or make changes to this bug.
Description
•