Closed Bug 1386955 Opened 2 years ago Closed 2 years ago

Upgrade Firefox 57 to NSS 3.33

Categories

(Core :: Security: PSM, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
mozilla57
Tracking Status
firefox57 --- fixed

People

(Reporter: franziskus, Assigned: franziskus)

References

(Depends on 1 open bug, )

Details

Attachments

(3 files)

Tracking NSS 3.33 for Firefox 57.
Pushed by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/23a8354b20a3
land NSS 6254e8431392 UPGRADE_NSS_RELEASE, r=me
https://hg.mozilla.org/integration/mozilla-inbound/rev/0d570ffa07be
bump NSS version old-configure.in to 3.33, r=me
I had to back out again. This broke some tests.
https://hg.mozilla.org/integration/mozilla-inbound/rev/11b012d6c40d79b35c118b0329d678b0b2b04f81
https://hg.mozilla.org/integration/mozilla-inbound/rev/2400df900d2ef4672da1e1e9503ba502bbd2b71a

The tests either using NSS in way they shouldn't have or we broke NSS.

>  0:00.59 LOG: Thread-1 ERROR Unexpected exception Component returned failure code: 0x805a1fee [nsIPK11Token.changePassword]
> resetMasterPassword@/home/franziskus/Code/automation/mozilla-inbound/obj-x86_64-pc-linux-gnu/_tests/xpcshell/toolkit/components/passwordmgr/test/unit/test_logins_decrypt_failure.js:23:3
> test_logins_decrypt_failure@/home/franziskus/Code/automation/mozilla-inbound/obj-x86_64-pc-linux-gnu/_tests/xpcshell/toolkit/components/passwordmgr/test/unit/test_logins_decrypt_failure.js:39:3
> asyncFunction@resource://gre/modules/Task.jsm:241:18
> Task_spawn@resource://gre/modules/Task.jsm:166:12
> _run_next_test@/home/franziskus/Code/automation/mozilla-inbound/testing/xpcshell/head.js:1488:9
> run@/home/franziskus/Code/automation/mozilla-inbound/testing/xpcshell/head.js:701:9
> _do_main@/home/franziskus/Code/automation/mozilla-inbound/testing/xpcshell/head.js:221:3
> _execute_test@/home/franziskus/Code/automation/mozilla-inbound/testing/xpcshell/head.js:544:5
Before the backout, these improvements were noticed:

== Change summary for alert #8512 (as of August 03 2017 08:27 UTC) ==

Improvements:

  7%  remote-twitter summary android-7-1-armv8-api15 opt      1,008.16 -> 934.13
  7%  remote-blank summary android-7-1-armv8-api15 opt        703.58 -> 652.07
  7%  remote-blank summary android-6-0-armv8-api15 opt        572.47 -> 531.56
  6%  remote-nytimes summary android-6-0-armv8-api15 opt      1,346.78 -> 1,260.61
  6%  remote-nytimes summary android-7-1-armv8-api15 opt      1,430.53 -> 1,343.94
  5%  remote-blank summary android-4-4-armv7-api15 opt        918.98 -> 872.73
  4%  remote-twitter summary android-4-4-armv7-api15 opt      1,382.38 -> 1,325.28
  3%  remote-blank summary android-4-2-armv7-api15 opt        1,464.46 -> 1,425.48

For up to date results, see: https://treeherder.mozilla.org/perf.html#/alerts?id=8512
(In reply to Franziskus Kiefer [:fkiefer or :franziskus] from comment #2)
> I had to back out again. This broke some tests.
> https://hg.mozilla.org/integration/mozilla-inbound/rev/
> 11b012d6c40d79b35c118b0329d678b0b2b04f81
> https://hg.mozilla.org/integration/mozilla-inbound/rev/
> 2400df900d2ef4672da1e1e9503ba502bbd2b71a
> 
> The tests either using NSS in way they shouldn't have or we broke NSS.
> 
> >  0:00.59 LOG: Thread-1 ERROR Unexpected exception Component returned failure code: 0x805a1fee [nsIPK11Token.changePassword]
> > resetMasterPassword@/home/franziskus/Code/automation/mozilla-inbound/obj-x86_64-pc-linux-gnu/_tests/xpcshell/toolkit/components/passwordmgr/test/unit/test_logins_decrypt_failure.js:23:3
> > test_logins_decrypt_failure@/home/franziskus/Code/automation/mozilla-inbound/obj-x86_64-pc-linux-gnu/_tests/xpcshell/toolkit/components/passwordmgr/test/unit/test_logins_decrypt_failure.js:39:3
> > asyncFunction@resource://gre/modules/Task.jsm:241:18
> > Task_spawn@resource://gre/modules/Task.jsm:166:12
> > _run_next_test@/home/franziskus/Code/automation/mozilla-inbound/testing/xpcshell/head.js:1488:9
> > run@/home/franziskus/Code/automation/mozilla-inbound/testing/xpcshell/head.js:701:9
> > _do_main@/home/franziskus/Code/automation/mozilla-inbound/testing/xpcshell/head.js:221:3
> > _execute_test@/home/franziskus/Code/automation/mozilla-inbound/testing/xpcshell/head.js:544:5

Looks like that test is doing this:

  token.reset();
  token.changePassword("", "");

Which I don't think was ever valid - we should change the second line to token.initPassword("");
Attachment #8893506 - Flags: review?(dtownsend) → review+
and we see the corresponding android device regressions after the backout:
== Change summary for alert #8525 (as of August 03 2017 10:25 UTC) ==

Regressions:

  8%  remote-twitter summary android-7-1-armv8-api15 opt      927.35 -> 997.42
  8%  remote-blank summary android-6-0-armv8-api15 opt        532.89 -> 573.14
  6%  remote-nytimes summary android-7-1-armv8-api15 opt      1,344.15 -> 1,429.67
  5%  remote-blank summary android-4-4-armv7-api15 opt        872.40 -> 914.19
  4%  remote-twitter summary android-4-4-armv7-api15 opt      1,325.62 -> 1,378.11

For up to date results, see: https://treeherder.mozilla.org/perf.html#/alerts?id=8525


looking forward to this landing.
> Which I don't think was ever valid - we should change the second line to token.initPassword("");

initPassword should certainly work. But there's more here that we need to fix. I'm happy with changing the test in gecko but I'll still fix the general problem in NSS. Main issue being that NSC_InitToken ignores the provided password.
Pushed by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/7185eea462e9
land NSS a0a4e05dcdd5 UPGRADE_NSS_RELEASE, r=me
https://hg.mozilla.org/integration/mozilla-inbound/rev/5f192263de3e
update test_logins_decrypt_failure.js to work after fixing NSS bug 1379273 r=mossop
oh, here are the improvements from this patch:
== Change summary for alert #8565 (as of August 04 2017 13:42 UTC) ==

Improvements:

  7%  remote-twitter summary android-7-1-armv8-api15 opt      1,003.91 -> 931.37
  7%  remote-blank summary android-7-1-armv8-api15 opt        698.47 -> 649.33
  7%  remote-blank summary android-6-0-armv8-api15 opt        568.59 -> 530.13
  7%  remote-nytimes summary android-6-0-armv8-api15 opt      1,350.25 -> 1,260.52
  6%  remote-nytimes summary android-7-1-armv8-api15 opt      1,422.72 -> 1,333.35
  4%  remote-blank summary android-4-4-armv7-api15 opt        913.75 -> 875.01
  4%  remote-twitter summary android-4-4-armv7-api15 opt      1,383.78 -> 1,330.19
  3%  remote-blank summary android-4-2-armv7-api15 opt        1,468.05 -> 1,419.46

For up to date results, see: https://treeherder.mozilla.org/perf.html#/alerts?id=8565
Pushed by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/165a764bb2ed
land NSS 3e81bdac8449 UPGRADE_NSS_RELEASE, r=me
Pushed by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/0777ec282546
land NSS 984849c0a0f1 UPGRADE_NSS_RELEASE, r=me
Backout by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/952c576fdcd6
Backed out changeset 0777ec282546 due to test bustage UPGRADE_NSS_RELEASE,
Fixing some pwd manager tests. We have to logout now when changing from an empty password to a non-empty one and want to get a password prompt.
Attachment #8898646 - Flags: review?(jhofmann)
Comment on attachment 8898646 [details] [diff] [review]
pwd-manager-fix.patch

Review of attachment 8898646 [details] [diff] [review]:
-----------------------------------------------------------------

Seems good.
Attachment #8898646 - Flags: review?(jhofmann) → review+
Pushed by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/d1449101425e
land NSS d50a14c51077 UPGRADE_NSS_RELEASE, r=me
https://hg.mozilla.org/integration/mozilla-inbound/rev/403576c827b7
fix password manager test adapting to new NSS behaviour, r=johannh
Pushed by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/5807c147fcde
land NSS fff2c933097d UPGRADE_NSS_RELEASE, r=me
Pushed by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/c0cb06ef8b9a
land NSS 7fcf7848095c UPGRADE_NSS_RELEASE, r=me
Pushed by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/a94ec6a0d746
land NSS 4bf658832d89 UPGRADE_NSS_RELEASE, r=me
Backout by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/5d0904a71fa8
Backed out changeset a94ec6a0d746 for build bustage CLOSED TREE UPGRADE_NSS_RELEASE
Pushed by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/017b5811a868
land NSS 4bf658832d89 UPGRADE_NSS_RELEASE, r=me
Pushed by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/f0361c81ca3e
land NSS a83094ccf952 UPGRADE_NSS_RELEASE, r=me
Both NSS trunk and NSS 3.33 branch must be updated to require NSPR 4.17
Attachment #8908038 - Flags: review?(franziskuskiefer)
Attachment #8908038 - Flags: review?(franziskuskiefer) → review+
Keywords: leave-open
Pushed by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/46c0aa7327b3
land NSS_3_33_RTM, no code changes, only version numbers, UPGRADE_NSS_RELEASE, r=me
Depends on: 1435595
You need to log in before you can comment on or make changes to this bug.