Closed Bug 1683004 Opened 4 years ago Closed 4 years ago

Upgrade Firefox 84 to use NSS 3.59.1

Categories

(Core :: Security: PSM, enhancement, P1)

Firefox 84
enhancement

Tracking

()

VERIFIED FIXED
Tracking Status
firefox84 + verified

People

(Reporter: kjacobs, Assigned: kjacobs)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Tracking NSS 3.59.1 for Firefox 84. Ultimate tag will be NSS_3_59_1_RTM.

[Tracking Requested - why for this release]:

It appears that Bug 1679290 requires uplift to 84. See bug 1682881.

[Tracking Requested - why for this release]:

Summary: Upgrade Firefox 75 to use NSS 3.59.1 → Upgrade Firefox 84 to use NSS 3.59.1
Version: Firefox 85 → Firefox 84

2020-12-16 Kevin Jacobs <kjacobs@mozilla.com>

* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.59.1 final
[8cb6b2f46a75] [NSS_3_59_1_RTM] <NSS_3_59_BRANCH>

2020-12-01 Kevin Jacobs <kjacobs@mozilla.com>

* lib/dev/devslot.c:
Bug 1679290 - Don't hold slot lock when taking session lock
r=bbeurdouche

[[ https://hg.mozilla.org/projects/nss/rev/0ed11a5835ac1556ff978362c
d61069d48f4c5db | 0ed11a5835ac1556ff978362cd61069d48f4c5db ]] fixed
a number of race conditions related to NSSSlot member accesses.
Unfortunately the locking order that was imposed by that patch has
been found to cause problems for at least one PKCS11 module,
libnsspem.

This patch drops nested locking in favor of unlocking/re-locking.
While this isn't perfect, the original problem in bug 1663661 was
that `slot->token` could become NULL, which we can easily check
after reacquiring.

[e8f82b2381bc] <NSS_3_59_BRANCH>

2020-11-13 J.C. Jones <jjones@mozilla.com>

* .hgtags:
Added tag NSS_3_59_RTM for changeset c5d760cbe8d0
[69d4b94977f1] <NSS_3_59_BRANCH>

Comment on attachment 9193648 [details]
Bug 1683004 - land NSS NSS_3_59_1_RTM UPGRADE_NSS_RELEASE, r=keeler

(below)

Comment on attachment 9193648 [details]
Bug 1683004 - land NSS NSS_3_59_1_RTM UPGRADE_NSS_RELEASE, r=keeler

Beta/Release Uplift Approval Request

Beta/Release Uplift Approval Request

  • User impact if declined: For users with certain third-party PKCS11 modules, the browser may become unresponsive and fail to load websites over HTTPS. (Bug 1682881)
  • Is this code covered by automated tests?: Yes, but using certain third-party PKCS11 modules is what triggers the deadlock. There is no test that reproduces this.
  • Has the fix been verified in Nightly?: Yes. The code landed in m-c in https://hg.mozilla.org/mozilla-central/rev/bc61343b5d68. Verified in Beta.
  • List of other uplifts needed: None.
  • Risk to taking this patch: Low-medium. The bugfix code has not been run in release yet, but it seems to have stopped these crash reports in 85.
  • Why is the change risky/not risky? (and alternatives if risky): The fix landed in Nightly 85 and is now in Beta. It has been verified with both Firefox and curl using NSS. It's a relatively simple relaxation of the previous patch, removing the nested locking that caused the deadlock.
  • String changes made/needed: None
Attachment #9193648 - Flags: approval-mozilla-release?

Comment on attachment 9193648 [details]
Bug 1683004 - land NSS NSS_3_59_1_RTM UPGRADE_NSS_RELEASE, r=keeler

Approved for 84.0.1.

Attachment #9193648 - Flags: approval-mozilla-release? → approval-mozilla-release+
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Flags: qe-verify+

Since this is linked to bug 1682881 I left a comment there for the reporter to verify it since my setup and unfortunately my knowledge are not enough to do so, thus removing qe-verify+.

Flags: qe-verify+
QA Whiteboard: [qa-triaged]

(In reply to Bogdan Maris [:bogdan_maris], Release Desktop QA from comment #7)

Since this is linked to bug 1682881 I left a comment there for the reporter to verify it since my setup and unfortunately my knowledge are not enough to do so, thus removing qe-verify+.

I actually managed to reproduce the crash in bug 1682881 thanks to J.K.Umeboshi, and verified that the crash does not occur for me on Windows 7 and Ubuntu 18.04 but still get Firefox freeze, same as J.K. reported, more details in bug 1682881.

Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: