update mozilla-1.9.1 to pick up NSS 3.12.3 + new roots from bug 493660 Today Nelson will create a new NSS tag. We'll announce this tag here. Once it's done, the tag needs to be added to hg / mozilla-1.9.1 Firefox drivers, would you like to state in this bug that you approve this action? Thanks. We usually don't produce a patch. We run a script to land it as explained at https://developer.mozilla.org/en/Updating_NSPR_or_NSS_in_mozilla-central (use the update_nss part) Assigning to Johnath, as he'll probably drive the commit.
a191=beltzner after it's had a green cycle on mozilla-central
I've just created the CVS tag NSS_3_12_3_WITH_CKBI_1_75_RTM for the NSS module. It is identical to the NSS_3_12_3_RTM tag (which is what is presently being used in FF 3.5) with the exception of the built-in root CA certs, which is identical to the tag NSSCKBI_1_75_RTM (bug 493660).
Created attachment 378960 [details] [diff] [review] 1.9.1 patch to move to NSS_3_12_3_WITH_CKBI_1_75_RTM This is the result of running through the steps at: https://developer.mozilla.org/en/Updating_NSPR_or_NSS_in_mozilla-central Nelson, I don't need your actual review since this is just picking up code that's had review elsewhere and this looks to me like it has what it should and little else. Nevertheless, I'd love to know if it looks the same to you.
Comment on attachment 378960 [details] [diff] [review] 1.9.1 patch to move to NSS_3_12_3_WITH_CKBI_1_75_RTM Kai, Is the change in your patch to nss/lib/ckfw/Makefile accidental? Given that NSS QA testing does not test the "capi" module, do we really want Firefox builds to build it?
Created attachment 378965 [details] [diff] [review] trunk patch to move to NSS_3_12_3_WITH_CKBI_1_75_RTM Nelson and I are having a conversation in email with stakeholders/product drivers about whether we can move mozilla-central to this tag as well, given that mozilla-central is already running on a 3.12.4 release. If we don't see any showstopper issues with the approach, this is the patch that results from running python client.py update_nss NSS_3_12_3_WITH_CKBI_1_75_RTM
Created attachment 378977 [details] [diff] [review] Updated 1.9.1 patch without the BUILD_CAPI change Per Nelson's comment, this looks to be accidental.
(In reply to comment #4) > (From update of attachment 378960 [details] [diff] [review]) > Kai, > Is the change in your patch to nss/lib/ckfw/Makefile accidental? > Given that NSS QA testing does not test the "capi" module, do > we really want Firefox builds to build it? No, not accidental. Was necessary to get the tinderbox go green on all platforms, including wince. We don't want to build it.
Created attachment 379132 [details] [diff] [review] Trunk patch to move to NSS_3_12_4_FIPS1_WITH_CKBI_1_75 Will get beltzner/shaver's opinion on using this 3_12_4-based tag instead of reverting trunk to 3_12_3 - discussion continuing in email. This is here for posterity/sanity checking. Kai confirms that these are the only files that should be changed.
Discussed this with drivers, agreed to use the NSS_3_12_4_FIPS1_WITH_CKBI_1_75 Landed on central along side bug 493709 http://hg.mozilla.org/mozilla-central/rev/7509164476e8 After a clean baking cycle, I will land the 1.9.1 versions.
Baking was clean - landed on 1.9.1 http://hg.mozilla.org/releases/mozilla-1.9.1/rev/40faadef447e