Closed Bug 1753980 Opened 3 years ago Closed 3 years ago

Upgrade Firefox 99 to use NSS 3.76

Categories

(Core :: Security: PSM, task, P1)

Product:
Core
Component:
Security: PSM
Type:
task

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: beurdouche, Assigned: djackson)

References

(Blocks 1 open bug)

Details

(Whiteboard: [nss-fx])

Attachments

(4 files)

Bug 1753980 - land NSS ac0c37493099 UPGRADE_NSS_RELEASE, r=nkulatova
48 bytes, text/x-phabricator-request
Details | Review
Bug 1753980 - land NSS 4a8880ef UPGRADE_NSS_RELEASE, r=bbeurdouche
48 bytes, text/x-phabricator-request
Details | Review
Bug 1753980 - land NSS NSS_3_76_BETA1 UPGRADE_NSS_RELEASE, r=bbeurdouche,nkulatova
48 bytes, text/x-phabricator-request
Details | Review
Bug 1753980 - land NSS NSS_3_76_RTM UPGRADE_NSS_RELEASE, r=bbeurdouche,nkulatova
48 bytes, text/x-phabricator-request
Details | Review
No description provided.
Pushed by bbeurdouche@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d019e49646c2 land NSS ac0c37493099 UPGRADE_NSS_RELEASE, r=nkulatova

2022-02-14 Martin Thomson <mt@lowentropy.net>

* gtests/common/testvectors/rsa_pss_2048_sha1_mgf1_20-vectors.h,
gtests/common/testvectors/rsa_pss_2048_sha256_mgf1_0-vectors.h,
gtests/common/testvectors/rsa_pss_2048_sha256_mgf1_32-vectors.h,
gtests/common/testvectors/rsa_pss_3072_sha256_mgf1_32-vectors.h,
gtests/common/testvectors/rsa_pss_4096_sha256_mgf1_32-vectors.h,
gtests/common/testvectors/rsa_pss_4096_sha512_mgf1_32-vectors.h,
gtests/common/testvectors/rsa_pss_misc-vectors.h,
gtests/common/wycheproof/genTestVectors.py, gtests/common/wycheproof
/source_vectors/rsa_pss_2048_sha1_mgf1_20_test.json, gtests/common/w
ycheproof/source_vectors/rsa_pss_2048_sha256_mgf1_0_test.json, gtest
s/common/wycheproof/source_vectors/rsa_pss_2048_sha256_mgf1_32_test.
json, gtests/common/wycheproof/source_vectors/rsa_pss_3072_sha256_mg
f1_32_test.json, gtests/common/wycheproof/source_vectors/rsa_pss_409
6_sha256_mgf1_32_test.json, gtests/common/wycheproof/source_vectors/
rsa_pss_4096_sha512_mgf1_32_test.json,
gtests/common/wycheproof/source_vectors/rsa_pss_misc_test.json,
gtests/pk11_gtest/json.h, gtests/pk11_gtest/pk11_hpke_unittest.cc,
gtests/pk11_gtest/pk11_rsapss_unittest.cc:
Bug 1747957 - Use Wycheproof JSON for RSASSA-PSS, r=nss-
reviewers,bbeurdouche

[4a8880ef1adc] [tip]

2022-02-10 Leander Schwarz <lschwarz@mozilla.com>

* gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/tls_ech_unittest.cc, lib/ssl/ssl3ext.c:
Bug 1751157 - Throw illegal_parameter alert for illegal extensions
in handshake message. r=djackson

[8fd5ca0cf897]

2022-02-09 John M. Schanck <jschanck@mozilla.com>

* automation/release/nss-release-helper.py:
Bug 1753505 - Avoid truncating files in nss-release-helper.py.
r=bbeurdouche

[7876a7255030]

2022-02-08 John M. Schanck <jschanck@mozilla.com>

* lib/ckfw/builtins/certdata.txt:
Bug 1679803 - Add SHA256 fingerprint comments to old certdata.txt
entries. r=nss-reviewers,bbeurdouche

The new SHA256 hashes were calculated using the script below, which
reads certificates out of the builtin token and re-processing them
with the current version of addbuiltin. One of the "Autoridad de
Certificacion Firmaprofesional CIF A62634068" certificates had to be
handled manually because of Bug 456858.

``` #!/bin/bash

NSS_LIB=<path to dist/Debug/lib>

WORK=/tmp/nssdb/ LIST=${WORK}/list.txt OUT=${WORK}/certdata.txt

rm -rf ${WORK} mkdir -p ${WORK} modutil -force -dbdir "sql:${WORK}"
-create modutil -force -dbdir "sql:${WORK}" -add "nssckbi" -libfile
"${NSS_LIB}/libnssckbi.so"

certutil -d "sql:${WORK}" -L -h "Builtin Object Token" | grep
Builtin > ${LIST} sed -i 's/\s*\(C\?,C\?,C\?\)\s*$/;\1/' ${LIST}

while IFS=";" read -r name trust do certutil -d "sql:${WORK}" -L -n
"${name}" -r 1> "${WORK}/${name}.der" addbuiltin -t "${trust}" -n
"${name/Builtin Object Token:/}" -i "${WORK}/${name}.der" done <
${LIST} >> ${OUT} ```

[7a34cf74b659]
Pushed by djackson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/8e3a124602d0 land NSS 4a8880ef UPGRADE_NSS_RELEASE, r=bbeurdouche

2022-02-24 John M. Schanck <jschanck@mozilla.com>

* lib/pki/trustdomain.c:
Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in
nssTrustDomain_GetActiveSlots. r=rrelyea

[a36477f0ee50] [NSS_3_76_BETA1]

2022-02-23 John M. Schanck <jschanck@mozilla.com>

* lib/certdb/crl.c, lib/certdb/stanpcertdb.c, lib/dev/devtoken.c,
lib/dev/devutil.c, lib/pk11wrap/pk11auth.c, lib/pk11wrap/pk11cert.c,
lib/pk11wrap/pk11nobj.c, lib/pk11wrap/pk11slot.c,
lib/pk11wrap/pk11util.c, lib/pk11wrap/secmodti.h,
lib/pki/pki3hack.c, lib/pki/trustdomain.c:
Bug 1370866 - Check return value of PK11Slot_GetNSSToken. r=djackson

[d7e8c2df6bca]
Pushed by djackson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1ecdb4c33adf land NSS NSS_3_76_BETA1 UPGRADE_NSS_RELEASE, r=jschanck
Pushed by djackson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7ecdcfe5cb4a land NSS NSS_3_76_RTM UPGRADE_NSS_RELEASE, r=bbeurdouche DONTBUILD
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Blocks: nss-uplift
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: