Closed Bug 1588559 Opened 5 years ago Closed 5 years ago

Upgrade Firefox 71 to use NSS 3.47.1

Categories

(Core :: Security: PSM, task, P1)

task

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox71 + fixed

People

(Reporter: jcj, Assigned: jcj)

References

(Blocks 1 open bug, )

Details

(Keywords: sec-other, Whiteboard: [adv-main71-])

Attachments

(1 file)

[Tracking Requested - why for this release]:

This is a cumulative security update for NSS 3.47 for Firefox 71 . When ready, the tag will be NSS_3_47_1_RTM.

Depends on: 1590495
Whiteboard: [land week of 18 November (nominally)]
Depends on: 1589810
Blocks: 1588558
No longer blocks: 1588558

2019-11-19 J.C. Jones <jjones@mozilla.com>

* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.47.1 final
[6339a6f350c9] [NSS_3_47_1_RTM] <NSS_3_47_BRANCH>

2019-11-19 Craig Disselkoen <cdisselk@cs.ucsd.edu>

* lib/softoken/pkcs11c.c:
Bug 1586176 - EncryptUpdate should use maxout not block size.
r=franziskus
[4c20de402b39] <NSS_3_47_BRANCH>

2019-10-21 Marcus Burghardt <mburghardt@mozilla.com>

* lib/ckfw/builtins/testlib/certdata-testlib.txt:
Bug 1589810 - Uninitialized variable warnings from certdata.perl.
r=mt

[86f505b65576] <NSS_3_47_BRANCH>

2019-11-04 Marcus Burghardt <mburghardt@mozilla.com>

* lib/pk11wrap/pk11cert.c:
Bug 1590495 - Crash in PK11_MakeCertFromHandle->pk11_fastCert. r=jcj

Fixed controls to avoid crashes caused by slots possibly without a
token in pk11_fastCert. Also, improved arguments controls in
PK11_MakeCertFromHandle.

[54ce0e2caeb8] <NSS_3_47_BRANCH>

2019-11-11 Tom Prince <mozilla@hocat.ca>

* automation/taskcluster/graph/src/extend.js,
automation/taskcluster/windows/setup.sh:
Bug 1594891 - Use tc-proxy for nss tooltool; r=dustin,jcj

[15b525236995] <NSS_3_47_BRANCH>

2019-11-08 Dustin J. Mitchell <dustin@mozilla.com>

* automation/taskcluster/graph/npm-shrinkwrap.json,
automation/taskcluster/graph/package.json,
automation/taskcluster/graph/src/image_builder.js,
automation/taskcluster/graph/src/queue.js,
automation/taskcluster/scripts/tools.sh,
automation/taskcluster/windows/gen_certs.sh,
automation/taskcluster/windows/run_tests.sh:
Bug 1594891 - Updates to run correctly on the new TC deployment
r=jcj

* Update the Taskcluster client used in the decision task to one
that understands Taskcluster rootUrls.
* Update scripts that fetch content to use the TASKCLUSTER_ROOT_URL
  * the absence of this variale signals an "old" worker so we use an
"old" URL

[054c57351ca0] <NSS_3_47_BRANCH>

2019-11-07 Tom Prince <mozilla@hocat.ca>

* .taskcluster.yml, automation/taskcluster/graph/src/extend.js,
automation/taskcluster/graph/src/queue.js:
Bug 1591275: Switch workers to use AWS Provder; r=kjacobs

[af55d9185ec5] <NSS_3_47_BRANCH>

2019-10-18 J.C. Jones <jjones@mozilla.com>

* .hgtags:
Added tag NSS_3_47_RTM for changeset 7ccb4ade5577
[dcadb95b9d77] <NSS_3_47_BRANCH>
Attachment #9110098 - Attachment description: Bug 1588559 - land NSS NSS_3_47_1_RTM UPGRADE_NSS_RELEASE, r=kjacobs → Bug 1588559 - land NSS NSS_3_47_1_RTM UPGRADE_NSS_RELEASE (Firefox 71), r=kjacobs
Attachment #9110098 - Attachment description: Bug 1588559 - land NSS NSS_3_47_1_RTM UPGRADE_NSS_RELEASE (Firefox 71), r=kjacobs → Bug 1588559 - land NSS NSS_3_47_1_RTM UPGRADE_NSS_RELEASE, r=kjacobs

Comment on attachment 9110098 [details]
Bug 1588559 - land NSS NSS_3_47_1_RTM UPGRADE_NSS_RELEASE, r=kjacobs

Beta/Release Uplift Approval Request

  • User impact if declined: sec-high CVE-2019-11745
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Minimal fix for CVE-2019-11745, and a backported crash fix that effects some enterprise profiles which had two weeks to bake in nightly
  • String changes made/needed: none
Attachment #9110098 - Flags: approval-mozilla-beta?

Comment on attachment 9110098 [details]
Bug 1588559 - land NSS NSS_3_47_1_RTM UPGRADE_NSS_RELEASE, r=kjacobs

Uplift approved for 71 beta 12, thanks.

Attachment #9110098 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Whiteboard: [land week of 18 November (nominally)]
Whiteboard: [adv-main71-]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: