Upgrade Firefox 70 to use NSS 3.46.1
Categories
(Core :: Security: PSM, task, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox-esr68 | --- | unaffected |
| firefox69 | --- | unaffected |
| firefox70 | + | fixed |
| firefox71 | --- | unaffected |
People
(Reporter: jcj, Assigned: jcj)
References
(Blocks 1 open bug, )
Details
(Keywords: sec-other, Whiteboard: [post-critsmash-triage])
Attachments
(1 file)
|
47 bytes,
text/x-phabricator-request
|
lizzard
:
approval-mozilla-beta+
|
Details | Review |
[Tracking Requested - why for this release]:
This is a cumulative security update for NSS 3.46 for Firefox 70. When ready, the tag will be NSS_3_46_1_RTM.
|
||
Updated•5 years ago
|
|
Assignee | |
Comment 1•5 years ago
|
||
We're proposing releasing this on 9 October, the day before 70.0b14. Would that be OK date for uplift to beta 70, or would you want it a different day?
|
|
||
Updated•5 years ago
|
|
||
Comment 2•5 years ago
|
||
That timing would mean it would release on Friday in beta 14, and we'd have only the weekend to detect and fix any regressions before building the 70 release candidate on Monday. So, if it's possible to do this a week earlier that would be better, to give us some time to find and fix any release-blocking problems.
|
|
Assignee | |
Comment 3•5 years ago
|
||
OK, 2 October it is then. Noting that for the sec-approvals.
|
|
Assignee | |
Comment 4•5 years ago
|
||
2019-10-02 J.C. Jones <jjones@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.46.1 final
[42682c941fd6] [NSS_3_46_1_RTM] <NSS_3_46_BRANCH>
2019-10-01 Kevin Jacobs <kjacobs@mozilla.com>
* lib/softoken/pkcs11c.c:
Bug 1577953 - Support longer (up to RFC maximum) HKDF outputs r=jcj
HKDF-Expand enforces a maximum output length much shorter than
stated in the RFC. This patch aligns the implementation with the RFC
by allocating more output space when necessary.
[f8dc0ce54c16] <NSS_3_46_BRANCH>
2019-09-26 Deian Stefan <deian@cs.ucsd.edu>
* lib/softoken/pkcs11c.c, lib/softoken/tlsprf.c:
Bug 1582343 - Use constant time memcmp in more places r=kjacobs,jcj
[e2945c434286] <NSS_3_46_BRANCH>
2019-08-30 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_46_RTM for changeset decbf7bd40fd
[a75ea4cdacd9] <NSS_3_46_BRANCH>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.46 final
[decbf7bd40fd] [NSS_3_46_RTM]
|
|
Assignee | |
Comment 5•5 years ago
|
||
Comment on attachment 9098413 [details]
Bug 1581998 - land NSS NSS_3_46_1_RTM UPGRADE_NSS_RELEASE, r=kjacobs
Beta/Release Uplift Approval Request
- User impact if declined: One sec-high, one sec-audit.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: n/a
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): The functionality fixes are straightforward and limited to specific crypto operaitons' correctness. See Bug 1566873 for the same patch against ESR.
- String changes made/needed: n/a
|
|
||
Comment 6•5 years ago
|
||
Comment on attachment 9098413 [details]
Bug 1581998 - land NSS NSS_3_46_1_RTM UPGRADE_NSS_RELEASE, r=kjacobs
NSS update, let's uplift for beta 13 (this just barely missed beta 12)
|
|
||
Comment 7•5 years ago
|
||
So, when this lands on beta it will fix bug 1577953 and bug 1582343, right?
|
||
Comment 9•5 years ago
|
||
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
||
Updated•1 year ago
|
Description
•