Closed Bug 1371991 Opened 3 years ago Closed 2 years ago

Do not link against libcrmf


(Firefox Build System :: General, defect)

Not set


(firefox-esr52 unaffected, firefox-esr60 fixed, firefox60- wontfix, firefox61 fixed)

Tracking Status
firefox-esr52 --- unaffected
firefox-esr60 --- fixed
firefox60 - wontfix
firefox61 --- fixed


(Reporter: userwithuid, Assigned: franziskus)



(1 file)

libcrmf from nss seems to be unused since bug 1030963 removed the crypto api stuff that used it. Can -lcrmf be removed from the build system?


For sys-nss, currently has

if test -n "$MOZ_SYSTEM_NSS"; then
   NSS_LIBS="$NSS_LIBS -lcrmf"

and for in-tree-nss, security/manager/ssl/ has

    USE_LIBS += [

relating to this (at first glance).


Also, looks like OpenEmbedded discovered this a couple of months ago as well:
The arch bug link should be:
CCing some NSS folks. If we do remove this dependency we could also fix the nss.gyp file to not build libcrmf for the Mozilla build:
SGTM. Either we use -Dmozilla_client=1 or we introduce something new like -Ddisable_crmf.
This is still broken when building with system nss in 59b4.
Product: Core → Firefox Build System
Could it be that crmf was reintroduced in latest nss? I think that Arch linux stopped backing it out, if I understand their build script of firefox correctly. In this case, the bug here might be obsolete?
Assignee: nobody → franziskuskiefer
Comment on attachment 8964493 [details]
Bug 1371991 - don't link against crmf when building with --with-system-nss, r=ted

Ted Mielczarek [:ted.mielczarek] has approved the revision.
Attachment #8964493 - Flags: review+
Pushed by
don't link against crmf when building with --with-system-nss, r=ted
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
Can you please give this a push to the 60.0 branch as well?
I don't think this is something we want to uplift to beta. But marking it for the release drivers so they can decide.
What's the benefit of this change?  Pretend I don't know what libcrmf is.
Building NSS as a system library (using gyp) does not include libcrmf, so a Firefox build with --with-system-nss will fail. Since libcrmf is (no longer) used by Firefox, the link argument can be removed to fix the build without impacting Firefox's functionality.
ok, sounds like this wouldn't hurt, if someone wants to request uplift.
So, can we get an uplift to the new esr branch? This is kind of painfull for distros, because they have to "backport" the patch every time the nss deps in the script gets raised.
Franziskus, mind requesting uplift to esr60?
Flags: needinfo?(franziskuskiefer)
Comment on attachment 8964493 [details]
Bug 1371991 - don't link against crmf when building with --with-system-nss, r=ted

[Approval Request Comment]
If this is not a sec:{high,crit} bug, please state case for ESR consideration: Patching Firefox with system NSS is a hassle for maintainers. This minimal patch can make their life easier.
User impact if declined: Probably none, but Linux distributions might not take Firefox release or publish them with delay.
Fix Landed on Version: 61
Risk to taking this patch (and alternatives if risky): Not risky. The linked library is not used by Firefox.
String or UUID changes made by this patch: None

See for more info.
Flags: needinfo?(franziskuskiefer)
Attachment #8964493 - Flags: approval-mozilla-esr60?
Comment on attachment 8964493 [details]
Bug 1371991 - don't link against crmf when building with --with-system-nss, r=ted

approved for 60.1esr
Attachment #8964493 - Flags: approval-mozilla-esr60? → approval-mozilla-esr60+
You need to log in before you can comment on or make changes to this bug.