450646 - Firefox 3.0.2 should use NSS 3.12.1

Status: VERIFIED FIXED

(Core :: Security: PSM, defect)

Description

[Kai Engert (:KaiE:)]

Firefox 3.0.x should pick up an updated snapshot of NSS, because it wants to include new root CA certs.

The NSS team proposed to pick up NSS 3.12.1

We have tagged a release candidate and are ready to deliver it today.

We want to land it into both Firefox trunk and Firefox 3.0.x

Comment 1

[Kai Engert (:KaiE:)]

Attachment: Action for mozilla-central

As there is no longer a check-out script in mozilla-central, I'll attach the action that executes the import of the desired tag.

This is according to http://developer.mozilla.org/en/docs/Updating_NSPR_or_NSS_in_mozilla-central

Comment 2

[Kai Engert (:KaiE:)]

Attachment: Patch for Firefox 3.0 branch (1.9.0)

Comment 3

[Kai Engert (:KaiE:)]

Both attachments are equivalent and use NSS_3_12_1_RC1

Comment 4

[Robert Relyea]

Comment on attachment 333808 [details] [diff] [review]
Patch for Firefox 3.0 branch (1.9.0)

r+

Comment 5

[Robert Relyea]

Comment on attachment 333805 [details] [diff] [review]
Action for mozilla-central

r+

Comment 6

[Kai Engert (:KaiE:)]

landed in mozilla-central

http://hg.mozilla.org/index.cgi/mozilla-central/rev/2e5f07e2b75b

Comment 7

[Kai Engert (:KaiE:)]

Comment on attachment 333808 [details] [diff] [review]
Patch for Firefox 3.0 branch (1.9.0)

This update contains additional root certs that Frank Hecker would prefer to see in Firefox 3.0.2

This NSS update has landed on mozilla trunk Thursday evening.

Comment 8

[Samuel Sidler (old account; do not CC)]

Kai, what else does NSS 3.12.1 include beyond the additional root certs?

Comment 9

[Kai Engert (:KaiE:)]

There have been many bugfixes.
You could run
$ cvs rdiff -u -r NSS_3_12_RC4 -r NSS_3_12_1_RC1 mozilla/dbm mozilla/security/dbm mozilla/security/coreconf mozilla/security/nss

This bonsai query should give the same set of changes:
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=mozilla%2Fdbm+mozilla%2Fsecurity%2Fdbm+mozilla%2Fsecurity%2Fcoreconf+mozilla%2Fsecurity%2Fnss&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2008-04-17&maxdate=2008-08-15&cvsroot=%2Fcvsroot

Comment 10

[Samuel Sidler (old account; do not CC)]

I kind of think it's too late to take this for Firefox 3.0.2. Given that freeze is tonight (PDT), it will only have the weekend to bake before we start builds and there's a lot of changes that have gone in. But I'll defer to dveditz.

Comment 11

[Robert Relyea]

Hi sam,

The code in question includes several bug fixes that were requested by mozilla developers, including one crasher marked blocking (433594). NSS Drops are continuously built and tested nightly as well as reviewed. The NSS team also refused several patches to this drop because we did not feel comfortable giving them to Mozilla.

We personally do not want to break mozilla builds and would not present code that we don't have the upmost confidence in.

bob

Comment 12

[Samuel Sidler (old account; do not CC)]

We're moving the code freeze out. I'll talk with Dan and see if we can get this in asap so we have a week and a half of baking time on 1.9.0.x.

Comment 14

[Samuel Sidler (old account; do not CC)]

Comment on attachment 333808 [details] [diff] [review]
Patch for Firefox 3.0 branch (1.9.0)

Approved for 1.9.0.2. Please land in CVS. a=ss

Kai, if you can get this landed asap, that'd help us a lot. We want as much baking as possible.

Comment 15

[Kai Engert (:KaiE:)]

Landed for 1.9.0

Checking in client.mk;
/cvsroot/mozilla/client.mk,v  <--  client.mk
new revision: 1.383; previous revision: 1.382
done

Comment 16

[Carsten Book [:Tomcat]]

verified fixed using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.2) Gecko/2008090213 Firefox/3.0.2

--> Verified fixed