Closed Bug 1558549 Opened 5 years ago Closed 5 years ago

Upgrade Firefox 68 to use NSS 3.44.1

Categories

(Core :: Security: PSM, task, P1)

68 Branch
task

Tracking

()

RESOLVED FIXED
Tracking Status
firefox68 + fixed

People

(Reporter: jcj, Assigned: jcj)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-other, sec-high, Whiteboard: [post-critsmash-triage])

Attachments

(1 file)

[Tracking Requested - why for this release]:

This is an update for NSS 3.44 for Firefox 68. It contains patches for:

...as well as a number of small follow-on fixes for the 3.44 branch intended for ESR support.

When ready, the tag will be NSS_3_44_1_RTM.

We should also take

  • Bug 1554336, a sec-moderate (currently embargoed, likely to pull this out into next week)
Depends on: 1554336

NSS_3_44_1_RTM is tagged. I will package a script and a patch against 68 to this bug soon.

Flags: needinfo?(jjones)

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration:
  • User impact if declined: One sec-high, three sec-moderates, one sec-low.

Also a few FIPS updates that RedHat would like in ESR.

  • Fix Landed on Version: 69 (and portions backporting to esr60)
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): These fixes mostly affect corner-case correctness
  • String or UUID changes made by this patch:

Beta/Release Uplift Approval Request

  • User impact if declined: Security.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky):
  • String changes made/needed:
Flags: needinfo?(jjones)
Attachment #9073317 - Flags: approval-mozilla-esr68?
Attachment #9073317 - Flags: approval-mozilla-beta?
Comment on attachment 9073317 [details]
Update to NSS_3_44_1_RTM

NSS update, sec-high, Beta68+, ESR68+
Attachment #9073317 - Flags: approval-mozilla-esr68?
Attachment #9073317 - Flags: approval-mozilla-esr68+
Attachment #9073317 - Flags: approval-mozilla-beta?
Attachment #9073317 - Flags: approval-mozilla-beta+
Comment on attachment 9073317 [details]
Update to NSS_3_44_1_RTM

esr68 is kept in sync with beta still, no need for a separate uplift
Attachment #9073317 - Flags: approval-mozilla-esr68+
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.