Closed
Bug 1684262
Opened 3 years ago
Closed 3 years ago
Upgrade Firefox 85 to use NSS 3.60.1
Categories
(Core :: Security: PSM, enhancement, P1)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox85 | --- | fixed |
People
(Reporter: kjacobs, Assigned: kjacobs)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta+
|
Details | Review |
Tracking NSS 3.60.1 for Firefox 85. Ultimate tag will be NSS_3_60_1_RTM.
|
Assignee | |
Comment 1•3 years ago
|
||
2020-12-26 Kevin Jacobs <kjacobs@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.60.1 final
[83173cdd72f6] [NSS_3_60_1_RTM] <NSS_3_60_BRANCH>
2020-12-22 Kevin Jacobs <kjacobs@mozilla.com>
* lib/dev/devslot.c:
Bug 1682863 - Revert nssSlot_IsTokenPresent to 3.58 after ongoing Fx
hangs with slow PKCS11 devices. r=bbeurdouche
This patch reverts the `nssSlot_IsTokenPresent` changes made in bug
1663661 and bug 1679290, restoring the version used in NSS 3.58 and
earlier. It's not an actual `hg backout` because the comment in
lib/dev/devt.h is worth keeping. While removing the nested locking
did resolve the hang for some (most?) third-party modules, problems
remain with some slower tokens after an even further relaxation of
the locking, which defeats the purpose of addressing the races in
the first place.
The crash addressed by these patches was caused by the Intermediate
Preloading Healer in Firefox, which has been disabled. We clearly
have insufficient test coverage for third-party modules, and now
that osclientcerts is enabled in Fx Nightly, any problems caused by
these and similar changes is unlikely to be reported until Fx Beta,
well after NSS RTM. I think the best option at this point is to
simply revert NSS.
[b47465be3b6f] <NSS_3_60_BRANCH>
2020-12-11 Kevin Jacobs <kjacobs@mozilla.com>
* .hgtags:
Added tag NSS_3_60_RTM for changeset 2015cf6ca323
[aefe79ebf8c8] <NSS_3_60_BRANCH>
|
|
Assignee | |
Comment 2•3 years ago
•
|
||
Comment on attachment 9194753 [details]
Bug 1684262 - land NSS NSS_3_60_1_RTM UPGRADE_NSS_RELEASE, r=bbeurdouche
Beta/Release Uplift Approval Request
- User impact if declined: Users with certain third-party PKCS11 tokens (two affected models are known) may experience hangs during connections and/or client authentication.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): The change is to a single function, reverting the code back to what was used in (approximately Fx60) to Fx83.
- String changes made/needed:
Attachment #9194753 -
Flags: approval-mozilla-beta?
|
||
Comment 3•3 years ago
|
||
Comment on attachment 9194753 [details]
Bug 1684262 - land NSS NSS_3_60_1_RTM UPGRADE_NSS_RELEASE, r=bbeurdouche
approved for 85.0b5
Attachment #9194753 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 4•3 years ago
|
||
| bugherder uplift | ||
status-firefox85:
--- → fixed
|
|
||
Updated•3 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
|
||
Updated•5 months ago
|
Blocks: nss-uplift
You need to log in
before you can comment on or make changes to this bug.
Description
•