Closed Bug 399590 Opened 17 years ago Closed 16 years ago

Update Mozilla trunk to use NSS tag NSS_3_12_BETA1

Categories

(Core :: Security: PSM, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla1.9beta3

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Attachments

(4 files, 1 obsolete file)

Sooner or later we'll have to deliver the next NSS snapshot into Mozilla trunk.
This bug is for tracking this task and other changes that must happen at the same time.
Depends on: 399589
This is what I had to do to make things link with latest NSS and new libnssutil3.so
Attachment #284633 - Flags: review?(rrelyea)
Comment on attachment 284633 [details] [diff] [review]
Patch v1 (remember to run autoconf-2.13)

This is a necessary but not sufficient change. We also need to add nssutil to the package files as well..

r+ (to be landed with next NSS landing).

The changes the the package files can happen before (it's currently not an error for a shared library to be missing IIRC).

bob
Attachment #284633 - Flags: review?(rrelyea) → review+
Bob, are you saying that you intend to land a newer tag than the one you
created last week?  The new nss util shared lib didn't happen until this 
week, after you created the tag...
Not immediately, but eventually I presume we will land a newer version;).
Depends on: 400085
A lot of fixes have gone on the NSS trunk in the last two months. Any chance we can get an updated snapshot to work with?
Note: there is a planned FF3.0beta3 for late January. It would be nice to land any NSS updates with time to settle before that beta3...
Blocks: 409880
This patch does not replace v1, it shall be used in addition.

This is a change that is required for EV to work correctly, but requires the most recent NSS, therefore landing must be delayed until the update NSS.

This patch will require a successful OCSP check when verifying a potential EV cert for a valid EV policy.
Attachment #296570 - Attachment is obsolete: true
Comment on attachment 296573 [details] [diff] [review]
Additional Patch v2, enable OCSP checking for EV  (corrected)

r+
Attachment #296573 - Flags: review?(rrelyea) → review+
Word from Bob Lord is that this new NSS version should be ready to land mid-to-late this week - do we have an ETA?

Shaver asked if there was a try-server build to play with, or whether this tag/rev had gone through valgrind/perf testing, and I didn't have a good answer for him up front, so I figured I'd ask that here too.
The next NSS tag will be NSS_3_12_BETA1, updating summary.
Summary: Update Mozilla trunk to use NSS tag {{next-after-alpha-2}} → Update Mozilla trunk to use NSS tag NSS_3_12_BETA1
Attachment #284633 - Attachment description: Patch v1 → Patch v1 (remember to run autoconf-2.13)
This patch combines the earlier v1 and v2.
It also changes client.mk
-NSS_CO_TAG           = NSS_3_12_ALPHA_2B
+NSS_CO_TAG           = NSS_3_12_BETA1

which is obviously what we want to do.

Carrying forward reviews.
Requesting approval.

I've done a Linux build with the above patch and SSL works fine for me.
(With the additional patch from regression bug 412455 I even get EV UI...)

I've started local verification builds on Windows and Mac.
Attachment #297618 - Flags: review+
Attachment #297618 - Flags: approval1.9?
builds on windows and mac universal completed and run fine
With patch from 412455 applied I get EV UI on all 3 platforms.

(It's no longer necessary to set environment variables. With this new NSS snapshot we no longer use the "test-ev-hack", we now use pkix based verification for EV by default.)
Attachment #297618 - Flags: approval1.9? → approval1.9+
Checking in client.mk;
/cvsroot/mozilla/client.mk,v  <--  client.mk
new revision: 1.361; previous revision: 1.360
done
Checking in configure;
/cvsroot/mozilla/configure,v  <--  configure
new revision: 1.1944; previous revision: 1.1943
done
Checking in configure.in;
/cvsroot/mozilla/configure.in,v  <--  configure.in
new revision: 1.1914; previous revision: 1.1913
done
Checking in security/manager/Makefile.in;
/cvsroot/mozilla/security/manager/Makefile.in,v  <--  Makefile.in
new revision: 1.80; previous revision: 1.79
done
Checking in security/manager/ssl/src/nsIdentityChecking.cpp;
/cvsroot/mozilla/security/manager/ssl/src/nsIdentityChecking.cpp,v  <--  nsIdentityChecking.cpp
new revision: 1.6; previous revision: 1.5
done
Checking in mozilla/xpcom/stub/Makefile.in;
/cvsroot/mozilla/xpcom/stub/Makefile.in,v  <--  Makefile.in
new revision: 1.22; previous revision: 1.21
done
Checking in mozilla/suite/installer/unix/packages;
/cvsroot/mozilla/suite/installer/unix/packages,v  <--  packages
new revision: 1.9; previous revision: 1.8
done
Checking in mozilla/suite/installer/windows/packages;
/cvsroot/mozilla/suite/installer/windows/packages,v  <--  packages
new revision: 1.44; previous revision: 1.43
done
Checking in mozilla/calendar/installer/windows/packages-static;
/cvsroot/mozilla/calendar/installer/windows/packages-static,v  <--  packages-static
new revision: 1.60; previous revision: 1.59
done
Checking in mozilla/minimo/config/linux_package.sh;
/cvsroot/mozilla/minimo/config/linux_package.sh,v  <--  linux_package.sh
new revision: 1.9; previous revision: 1.8
done
Checking in mozilla/browser/installer/unix/config.it;
/cvsroot/mozilla/browser/installer/unix/config.it,v  <--  config.it
new revision: 1.22; previous revision: 1.21
done
Checking in mozilla/browser/installer/unix/packages-static;
/cvsroot/mozilla/browser/installer/unix/packages-static,v  <--  packages-static
new revision: 1.140; previous revision: 1.139
done
Checking in mozilla/browser/installer/windows/packages-static;
/cvsroot/mozilla/browser/installer/windows/packages-static,v  <--  packages-static
new revision: 1.145; previous revision: 1.144
done
Checking in mozilla/mail/installer/windows/packages-static;
/cvsroot/mozilla/mail/installer/windows/packages-static,v  <--  packages-static
new revision: 1.79; previous revision: 1.78
done
Checking in mozilla/xulrunner/installer/mozilla-nss.pc.in;
/cvsroot/mozilla/xulrunner/installer/mozilla-nss.pc.in,v  <--  mozilla-nss.pc.in
new revision: 1.2; previous revision: 1.1
done
Checking in mozilla/embedding/config/basebrowser-installer-win.pkg;
/cvsroot/mozilla/embedding/config/basebrowser-installer-win.pkg,v  <--  basebrowser-installer-win.pkg
new revision: 1.46; previous revision: 1.45
done
Checking in mozilla/embedding/config/basebrowser-mac-macho;
/cvsroot/mozilla/embedding/config/basebrowser-mac-macho,v  <--  basebrowser-mac-macho
new revision: 1.59; previous revision: 1.58
done
Checking in mozilla/embedding/config/basebrowser-qnx;
/cvsroot/mozilla/embedding/config/basebrowser-qnx,v  <--  basebrowser-qnx
new revision: 1.24; previous revision: 1.23
done
Checking in mozilla/embedding/config/basebrowser-unix;
/cvsroot/mozilla/embedding/config/basebrowser-unix,v  <--  basebrowser-unix
new revision: 1.95; previous revision: 1.94
done
Checking in mozilla/embedding/config/basebrowser-win;
/cvsroot/mozilla/embedding/config/basebrowser-win,v  <--  basebrowser-win
new revision: 1.112; previous revision: 1.111
done
Checking in mozilla/embedding/config/minimo-qnx;
/cvsroot/mozilla/embedding/config/minimo-qnx,v  <--  minimo-qnx
new revision: 1.15; previous revision: 1.14
done
Checking in mozilla/embedding/config/minimo-unix;
/cvsroot/mozilla/embedding/config/minimo-unix,v  <--  minimo-unix
new revision: 1.22; previous revision: 1.21
done
No longer depends on: 400085
tinderbox looks greenish, marking fixed
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Blocks: 412934
Z:14.18MB -> 14.09MB
Zdiff:-93222 (+148099/-241321)

mZ:2.385MB -> 2.343MB
mZdiff:-43814
Target Milestone: --- → mozilla1.9 M11
This breaks external nss, looks like -lnssutil3 is not added to linker when linking libxul.so
(In reply to comment #20)
> This breaks external nss, looks like -lnssutil3 is not added to linker when
> linking libxul.so

Can you please file a separate bug where you describe your problem in more detail? (please cc me) Thanks!
(In reply to comment #20)
same here

Created bug #412982 for external nss breakage.
Blocks: 412982
No longer blocks: 412982
You need to log in before you can comment on or make changes to this bug.