1715772 - Upgrade Firefox 91 to use NSS 3.68

Status: RESOLVED FIXED

(Core :: Security: PSM, enhancement, P1)

Description

[Julien Cristau [:jcristau] (back April 22)]

+++ This bug was initially created as a clone of Bug #1713766 +++

Comment 1

[Benjamin Beurdouche [:beurdouche]]

Attachment: Bug 1715772 - land NSS 0262a919f909 UPGRADE_NSS_RELEASE, r=beurdouche

Comment 2

[Pulsebot]

Pushed by bbeurdouche@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/cf821e5bb48f
land NSS 0262a919f909 UPGRADE_NSS_RELEASE, r=beurdouche

Comment 3

[Cristian Brindusan [:cbrindusan]]

https://hg.mozilla.org/mozilla-central/rev/cf821e5bb48f

Comment 4

[Benjamin Beurdouche [:beurdouche]]

Attachment: Bug 1715772 - land NSS NSS_3_68_BETA1 UPGRADE_NSS_RELEASE, r=beurdouche

2021-07-01 Benjamin Beurdouche <bbeurdouche@mozilla.com>

* automation/release/nspr-version.txt:
Bug 1717452 - NSS 3.68 should depend on NSPR 4.32. r=kaie

[352fca8a348e] [NSS_3_68_BETA1]

2021-06-30 Robert Relyea <rrelyea@redhat.com>

* gtests/pk11_gtest/pk11_aeskeywrappad_unittest.cc,
gtests/pk11_gtest/pk11_ecdsa_unittest.cc,
gtests/pk11_gtest/pk11_keygen.cc, gtests/pk11_gtest/pk11_keygen.h,
gtests/pk11_gtest/pk11_signature_test.cc,
gtests/pk11_gtest/pk11_signature_test.h,
gtests/ssl_gtest/libssl_internals.c, lib/pk11wrap/pk11pk12.c:
Bug 1693206 - Implement PKCS8 export of ECDSA keys patch by
Christoph Walcher r=rrelyea, bbeurdouche
[9343c18b4df7]

2021-06-25 Martin Thomson <mt@lowentropy.net>

* gtests/ssl_gtest/ssl_extension_unittest.cc, lib/ssl/ssl3prot.h,
lib/ssl/sslproto.h, lib/ssl/tls13con.c:
Bug 1712883 - DTLS 1.3 draft-43 r=bbeurdouche

[b2178fe9d27b]

2021-06-25 Makoto Kato <m_kato@ga2.so-net.ne.jp>

* automation/taskcluster/graph/src/extend.js, coreconf/WIN32.mk,
coreconf/config.gypi, lib/freebl/Makefile, lib/freebl/freebl.gyp,
lib/freebl/sha256-x86.c, lib/freebl/sha512.c:
Bug 1655493 - Support SHA2 HW acceleration using Intel SHA
Extension. r=bbeurdouche

Before applying (on Ryzen 9 3900X) ``` # mode in opreps cxreps
context op time(sec) thrgput sha256_e 1Gb 208Mb 23M 0 0.000
10000.000 10.000 123Mb 301Kb ```

After applying ``` # mode in opreps cxreps context op time(sec)
thrgput sha256_e 5Gb 797Mb 110M 0 0.000 10000.000 10.000 591Mb 769Kb
```

[65a7c7b3f182]

2021-05-31 Martin Thomson <mt@lowentropy.net>

* gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h,
gtests/ssl_gtest/tls_ech_unittest.cc, lib/ssl/manifest.mn,
lib/ssl/ssl.gyp, lib/ssl/tls13ech.c, lib/ssl/tls13ech.h,
lib/ssl/tls13echv.c, lib/util/seccomon.h:
Bug 1713562 - Validate ECH public names, r=bbeurdouche

This validates that they are LDH (with underscore because we don't
hate freedom), but that they are not IP addresses. This invokes the
horrible WhatWG IP parsing routines, so that it recognizes a vast
array of crazy address formats (thanks 1980s design).

[ac81f721cbbf]

Comment 5

[Pulsebot]

Pushed by bbeurdouche@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c72cd8a2d8d1
land NSS NSS_3_68_BETA1 UPGRADE_NSS_RELEASE, r=beurdouche

Comment 6

[Marian-Vasile Laza]

https://hg.mozilla.org/mozilla-central/rev/c72cd8a2d8d1

Comment 7

[Benjamin Beurdouche [:beurdouche]]

Attachment: Bug 1715772 - land NSS NSS_3_68_RTM UPGRADE_NSS_RELEASE, r=beurdouche

Comment 8

[Pulsebot]

Pushed by bbeurdouche@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/877be9f91d38
land NSS NSS_3_68_RTM UPGRADE_NSS_RELEASE, r=beurdouche

Comment 9

[Benjamin Beurdouche [:beurdouche]]

@julien, Releasing the package for NSS can be a bit late but I just uplifted RTM to avoid any issues since we didn't sync much for this release... : )

Comment 10

[Atila Butkovits]

https://hg.mozilla.org/mozilla-central/rev/877be9f91d38

Comment 11

[Landry Breuil (:gaston)]

Benjamin, is there an ETA for https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_RTM/src/nss-3.68.tar.gz to be available ? since mercurial repo was tagged some days ago.. as it is one cant build m-c using --with-system-nss :) thanks !

Comment 12

[Julien Cristau [:jcristau] (back April 22)]

(In reply to Landry Breuil (:gaston) from comment #11)

Benjamin, is there an ETA for https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_RTM/src/nss-3.68.tar.gz to be available ? since mercurial repo was tagged some days ago.. as it is one cant build m-c using --with-system-nss :) thanks !

It's available now.

Comment 13

[Landry Breuil (:gaston)]

thanks, building ! who's responsible for NSS releases nowadays ? https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases hasnt been updated since 3.65...

Comment 14

[Benjamin Beurdouche [:beurdouche]]

I am. We are moving towards sharing the release between the NSS team and Release Engineering (thanks a lot to them), so we might encounter a few issues at the beginning. There are PRs for new NSS releases on MDN but they haven't been merged yet because of changes in that team. We will be moving release notes from MDN to Fx-src-tree for 3.69 or 3.70, so I expect things will improve soon.