Open Bug 2016318 Opened 1 day ago Updated 5 hours ago

Update NSS to new version 7dbff6ce7aace164b95676e48b91ec27ee415f73 from 2026-02-11 17:21:49

Categories

(Core :: Security: PSM, enhancement)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Tracking Flags:
Tracking Status
firefox149 --- affected

People

(Reporter: update-bot, Assigned: jschanck)

References

(Blocks 1 open bug)

Details

(Whiteboard: [3pl-filed][task_id: cfqEgbBeSnewFC1hIVORBA])

Attachments

(1 file)

Bug 2016318 - Update NSS to 7dbff6ce7aace164b95676e48b91ec27ee415f73
48 bytes, text/x-phabricator-request
Details | Review

This update covers 4 commits, including 2 new upstream commits I've never filed a bug on before. (They're the top 2.). Here are the overall diff statistics, and then the commit information.

security/nss/lib/ckfw/builtins/certdata.txt | 8 ++++----
security/nss/lib/freebl/freebl.gyp | 1 +
security/nss/lib/freebl/gcm.c | 2 +-
security/nss/lib/freebl/genload.c | 2 +-
security/nss/moz.yaml | 4 ++--
5 files changed, 9 insertions(+), 8 deletions(-)

7dbff6ce7aace164b95676e48b91ec27ee415f73 by John Schanck <jschanck@mozilla.com>

https://github.com/nss-dev/nss/commit/7dbff6ce7aace164b95676e48b91ec27ee415f73
Authored: 2026-02-11 17:21:49 +0000
Committed: 2026-02-11 17:21:49 +0000

Bug 2009552 - avoid integer overflow in platform-independent ghash. r=nss-reviewers,nkulatova

Differential Revision: https://phabricator.services.mozilla.com/D278681

Files Modified:

  • lib/freebl/gcm.c

24ffdb17f470c11d3c20509aa5e2028a0a911494 by Dennis Jackson <djackson@mozilla.com>

https://github.com/nss-dev/nss/commit/24ffdb17f470c11d3c20509aa5e2028a0a911494
Authored: 2026-02-06 10:55:49 +0000
Committed: 2026-02-06 10:55:49 +0000

Bug 2003189 - Fix errant whitespace in OISTE Server Root RSA G1 nickname. r=nss-reviewers,nkulatova

Differential Revision: https://phabricator.services.mozilla.com/D282133

Files Modified:

  • lib/ckfw/builtins/certdata.txt

5c4ef88cc30ec1a171bc207dfb8e03c8dd6471bc by Rudi Heitbaum <rudi@heitbaum.com>

https://github.com/nss-dev/nss/commit/5c4ef88cc30ec1a171bc207dfb8e03c8dd6471bc
Authored: 2026-02-02 19:11:03 +0000
Committed: 2026-02-02 19:11:03 +0000

Bug 2012313 - fix build with glibc-2.43 assignment discards 'const' qualifier from pointer. r=nss-reviewers,keeler

Fixes:
In file included from lowhash_vector.c:65:
genload.c: In function 'loader_LoadLibInReferenceDir':
genload.c:92:7: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
92 | c = strrchr(referencePath, PR_GetDirectorySeparator());
| ^

Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com>

Differential Revision: https://phabricator.services.mozilla.com/D281507

Files Modified:

  • lib/freebl/genload.c

e5c4f5c929d71a680caf822805282d57767e00be by John Schanck <jschanck@mozilla.com>

https://github.com/nss-dev/nss/commit/e5c4f5c929d71a680caf822805282d57767e00be
Authored: 2026-02-02 19:10:42 +0000
Committed: 2026-02-02 19:10:42 +0000

Bug 2013188 - add gcm.gyp dependency for Solaris SPARC builds. r=nss-reviewers,keeler

Differential Revision: https://phabricator.services.mozilla.com/D281510

Files Modified:

  • lib/freebl/freebl.gyp
Duplicate of this bug: 2014649

I've submitted a try run for this commit: https://treeherder.mozilla.org/jobs?repo=try&revision=89db134b9b4082999d49f92d7016bbcb66088568

All jobs completed, we found the following issues.

Known Issues:

  • test-macosx1015-64-qr/opt-mochitest-browser-chrome-1 - 1 of 4 failed on the same (retriggered) task (failed: RykYeUuSRb-gUXFtfuxZKg)
  • test-windows11-32-24h2/debug-xpcshell-1 - 1 of 4 failed on the same (retriggered) task (failed: PMWCUdL_RBisz_Ekh9g-bw)
  • test-windows11-64-24h2/debug-xpcshell-1 - 2 of 4 failed on the same (retriggered) task (failed: bNQwXs_FR0CT0DMH8Yhg7Q, b81Sn61ETqGBJo9vpIYbKA)
  • test-windows11-64-24h2/debug-xpcshell-msix-1 - 1 of 4 failed on the same (retriggered) task (failed: CtJ3Ar98S_uDf_Ka9SnzAw)

These failures may mean that the library update succeeded; you'll need to review
them yourself and decide. If there are lint failures, you will need to fix them in
a follow-up patch. (Or ignore the patch I made, and recreate it yourself with
./mach vendor security/nss/moz.yaml.)

In either event, I have done all I can, so you will need to take it from here.
When reviewing, please note that this is external code, which needs a full and
careful inspection - not a rubberstamp.

Assignee: nobody → jschanck
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: