Closed Bug 1815435 Opened 1 year ago Closed 1 year ago

Upgrade Firefox 112 to use NSS 3.89

Categories

(Core :: Security: PSM, task, P1)

task

Tracking

()

RESOLVED FIXED
112 Branch
Tracking Status
firefox112 --- fixed

People

(Reporter: KaiE, Assigned: jschanck)

References

(Blocks 1 open bug)

Details

Attachments

(2 files, 3 obsolete files)

Upgrade Firefox 112 to use NSS 3.89

Type: enhancement → task
Blocks: 1531735

NSS 3.88 has branched, so it seems time to set NSS default branch to version 3.89 beta

Hi Kai,

We have our own internal rotation and schedule for NSS Releases. We're currently in the freeze period between tagging NSS 3.88 and releasing it on Thursday, after which the default branch will change. FWIW, we would have been happy to take your ABI patch in 3.88.

Assignee: nkulatova → jschanck
Keywords: leave-open
Priority: -- → P1
Blocks: nss-uplift

Hello, are you ready to uplift an NSS pre-3.89 snapshot into mozilla-central?

Perhaps revision 056fbe59c60555d6ca93d7d40c675955f1a9aa2c from 4 days ago could be a candidate for early testing of recent NSS changes in mozilla-central?
(This would avoid the changes around liboqs that Bob has started yesterday.)

I'm asking because I'm waiting for the changes from bug 1815246.

We're scheduled to uplift a beta on Thursday. Do you need it sooner?

that's fine, thanks!

FYI, Kai, I didn't add NSS_CMSSignerInfo_GetDigestAlgTag to security/nss.symbols. You can do that when you add the new code that uses it.

Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/692727a38d4d
land NSS NSS_3_89_BETA1 UPGRADE_NSS_RELEASE, r=keeler

Looks like a problem with the fixup patch for Bug 1789436. Can you take a look, Dennis?

Flags: needinfo?(jschanck) → needinfo?(djackson)
Depends on: 1820175

This seems like a very noisy heuristic. See previous bug 1796308 where the chosen fix was to work around the issue by erasing the size information for the constant. I'll get this fixed today in 1820175.

Flags: needinfo?(djackson)
Attachment #9320897 - Attachment is obsolete: true
Attachment #9321127 - Attachment is obsolete: true

(In reply to John Schanck [:jschanck] from comment #8)

FYI, Kai, I didn't add NSS_CMSSignerInfo_GetDigestAlgTag to security/nss.symbols. You can do that when you add the new code that uses it.

Thanks, not adding is the right thing to do, because Firefox doesn't need the symbol.
I will add the symbol to Thunderbird's file of the additional NSS symbols it needs.
https://searchfox.org/comm-central/source/mailnews/nss-extra.symbols

Will an updated NSS 3.89 beta snapshot get landed into mozilla-central today?

Yes, we'll land a beta today.

Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/48c77e0f9262
land NSS NSS_3_89_BETA3 UPGRADE_NSS_RELEASE, r=djackson

Backed out for causing xpcshell failures in test_cert_overrides.js

Flags: needinfo?(jschanck)
Depends on: 1820834
Attachment #9321441 - Attachment is obsolete: true
Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/10e0999ede50
land NSS NSS_3_89_BETA4 UPGRADE_NSS_RELEASE, r=keeler
Flags: needinfo?(jschanck)
Keywords: leave-open
Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f7927075967f
land NSS NSS_3_89_RTM UPGRADE_NSS_RELEASE, r=keeler
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 112 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: