Closed Bug 1466028 Opened 7 years ago Closed 7 years ago

Upgrade Firefox 60 ESR to use NSS 3.36.4

Categories

(Core :: Security: PSM, enhancement)

Product:
Core
Component:
Security: PSM
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox-esr60 60+ fixed
firefox60 + fixed
firefox61 --- unaffected
firefox62 --- unaffected

People

(Reporter: franziskus, Assigned: franziskus)

References

(Blocks 1 open bug)

Details

Attachments

(2 files, 2 obsolete files)

upgrade-nss
88 bytes, text/plain
RyanVM
: approval-mozilla-esr60+
Details
upgrade-nss 60.0.2
88 bytes, text/plain
jcristau
: approval-mozilla-release+
jcristau
: approval-mozilla-esr60+
Details
Because of bug 1461731 a new NSS release (3.36.3) for uplift to Firefox 60 ESR was requested. This release includes fixes for * bug 1461731 * bug 1459739 If there's a Firefox 60 dot release, this should be taken as well.
Is there an ETA for the NSS_3_36_3_RTM tag?
Flags: needinfo?(franziskuskiefer)
The fix for bug 1461731 landed in central two day ago. Since nothing is burning and there are no other bugs to take along we can start creating the release. When do you need it?
Flags: needinfo?(franziskuskiefer) → needinfo?(jcristau)
Bug 1459739 is actually a regression in 3.37 and doesn't need fixing here. So this is only bug 1461731.
We might have to build 60.0.2 for bug 1460223 so today/tomorrow would be great if we want to include this fix.
Flags: needinfo?(jcristau)
Attached file upgrade-nss (obsolete) —
[Approval Request Comment] If this is not a sec:{high,crit} bug, please state case for ESR consideration: There's a high number of crashes related to bug 1461731. User impact if declined: Firefox will crash on macOS when WebAuthn or PK11 tokens are used. Fix Landed on Version: NSS 3.38/Fx62 Risk to taking this patch (and alternatives if risky): Low risk. The code change is minimal. String or UUID changes made by this patch: none
Attachment #8983080 - Flags: approval-mozilla-esr60?
Franziskus would this also apply for 60.0.2 release? Or only for ESR?
Flags: needinfo?(franziskuskiefer)
Originally this was only intended for the ESR release but it should ride along if there is a 60 dot release. I'll attach approval request for 60.0.2 as well in case someone wants to take it.
Flags: needinfo?(franziskuskiefer)
Attached file upgrade-nss 60.0.2 (obsolete) —
Approval Request Comment [Feature/Bug causing the regression]: This fixes three NSS issues: bug 1462303, bug 1460673, bug 1461731, and bug 1459739. [User impact if declined]: macOS can crash on WebAuthn or PK11 operations; TLS 1.3 can fail [Is this code covered by automated tests?]: only in NSS [Has the fix been verified in Nightly?]: yes, bug 1462303, bug 1460673 have been in nightly, beta, and ESR for a while. bug 1461731 and bug 1459739 have been in nightly for a couple days as well. [Needs manual test from QE? If yes, steps to reproduce]: no. [List of other uplifts needed for the feature/fix]: - [Is the change risky?]: No. [Why is the change risky/not risky?]: The code changes are small and have been tested on other Firefox branches. [String changes made/needed]: -
Attachment #8983320 - Flags: approval-mozilla-release?
Attached file upgrade-nss
Sorry I messed up version numbers. [Approval Request Comment] If this is not a sec:{high,crit} bug, please state case for ESR consideration: There's a high number of crashes related to bug 1461731. User impact if declined: Firefox will crash on macOS when WebAuthn or PK11 tokens are used. Fix Landed on Version: NSS 3.38/Fx62 Risk to taking this patch (and alternatives if risky): Low risk. The code change is minimal. String or UUID changes made by this patch: none
Attachment #8983080 - Attachment is obsolete: true
Attachment #8983080 - Flags: approval-mozilla-esr60?
Attachment #8983343 - Flags: approval-mozilla-esr60?
Attached file upgrade-nss 60.0.2
Sorry, messed up version numbers. Approval Request Comment [Feature/Bug causing the regression]: This fixes three NSS issues: bug 1462303, bug 1460673, bug 1461731, and bug 1459739. [User impact if declined]: macOS can crash on WebAuthn or PK11 operations; TLS 1.3 can fail [Is this code covered by automated tests?]: only in NSS [Has the fix been verified in Nightly?]: yes, bug 1462303, bug 1460673 have been in nightly, beta, and ESR for a while. bug 1461731 and bug 1459739 have been in nightly for a couple days as well. [Needs manual test from QE? If yes, steps to reproduce]: no. [List of other uplifts needed for the feature/fix]: - [Is the change risky?]: No. [Why is the change risky/not risky?]: The code changes are small and have been tested on other Firefox branches. [String changes made/needed]: -
Attachment #8983320 - Attachment is obsolete: true
Attachment #8983320 - Flags: approval-mozilla-release?
Attachment #8983344 - Flags: approval-mozilla-release?
Summary: Upgrade Firefox 60 ESR to use NSS 3.36.3 → Upgrade Firefox 60 ESR to use NSS 3.36.4
Comment on attachment 8983344 [details] upgrade-nss 60.0.2 I'll take this for 60.0.2.
Attachment #8983344 - Flags: approval-mozilla-release?
Attachment #8983344 - Flags: approval-mozilla-release+
Attachment #8983344 - Flags: approval-mozilla-esr60+
Comment on attachment 8983343 [details] upgrade-nss Approved for ESR 60.1 as well.
Attachment #8983343 - Flags: approval-mozilla-esr60? → approval-mozilla-esr60+
https://hg.mozilla.org/releases/mozilla-esr60/rev/25a710304ebb (default)
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox61: --- → unaffected
status-firefox62: --- → unaffected
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: