update central and 1.9.1 to pick up NSS 3.12.3 + new roots from bug 493660

RESOLVED FIXED

Status

()

Core
Security: PSM
RESOLVED FIXED
9 years ago
9 years ago

People

(Reporter: kaie, Assigned: johnath)

Tracking

({fixed1.9.1})

1.9.1 Branch
x86
Linux
fixed1.9.1
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 2 obsolete attachments)

(Reporter)

Description

9 years ago
update mozilla-1.9.1 to pick up NSS 3.12.3 + new roots from bug 493660

Today Nelson will create a new NSS tag.
We'll announce this tag here.

Once it's done, the tag needs to be added to hg / mozilla-1.9.1

Firefox drivers, would you like to state in this bug that you approve this action?
Thanks.

We usually don't produce a patch. We run a script to land it as explained at https://developer.mozilla.org/en/Updating_NSPR_or_NSS_in_mozilla-central (use the update_nss part)

Assigning to Johnath, as he'll probably drive the commit.
a191=beltzner after it's had a green cycle on mozilla-central
I've just created the CVS tag NSS_3_12_3_WITH_CKBI_1_75_RTM for the NSS module.
It is identical to the NSS_3_12_3_RTM tag (which is what is presently being
used in FF 3.5) with the exception of the built-in root CA certs, which is 
identical to the tag NSSCKBI_1_75_RTM (bug 493660).
(Assignee)

Comment 3

9 years ago
Created attachment 378960 [details] [diff] [review]
1.9.1 patch to move to NSS_3_12_3_WITH_CKBI_1_75_RTM

This is the result of running through the steps at:

https://developer.mozilla.org/en/Updating_NSPR_or_NSS_in_mozilla-central

Nelson, I don't need your actual review since this is just picking up code that's had review elsewhere and this looks to me like it has what it should and little else.  Nevertheless, I'd love to know if it looks the same to you.
Comment on attachment 378960 [details] [diff] [review]
1.9.1 patch to move to NSS_3_12_3_WITH_CKBI_1_75_RTM

Kai, 
Is the change in your patch to nss/lib/ckfw/Makefile accidental?
Given that NSS QA testing does not test the "capi" module, do 
we really want Firefox builds to build it?
(Assignee)

Comment 5

9 years ago
Created attachment 378965 [details] [diff] [review]
trunk patch to move to NSS_3_12_3_WITH_CKBI_1_75_RTM

Nelson and I are having a conversation in email with stakeholders/product drivers about whether we can move mozilla-central to this tag as well, given that mozilla-central is already running on a 3.12.4 release.  If we don't see any showstopper issues with the approach, this is the patch that results from running 

python client.py update_nss NSS_3_12_3_WITH_CKBI_1_75_RTM
(Assignee)

Comment 6

9 years ago
Created attachment 378977 [details] [diff] [review]
Updated 1.9.1 patch without the BUILD_CAPI change

Per Nelson's comment, this looks to be accidental.
Attachment #378960 - Attachment is obsolete: true
(Reporter)

Comment 7

9 years ago
(In reply to comment #4)
> (From update of attachment 378960 [details] [diff] [review])
> Kai, 
> Is the change in your patch to nss/lib/ckfw/Makefile accidental?
> Given that NSS QA testing does not test the "capi" module, do 
> we really want Firefox builds to build it?

No, not accidental.
Was necessary to get the tinderbox go green on all platforms, including wince.
We don't want to build it.
(Assignee)

Comment 8

9 years ago
Created attachment 379132 [details] [diff] [review]
Trunk patch to move to NSS_3_12_4_FIPS1_WITH_CKBI_1_75

Will get beltzner/shaver's opinion on using this 3_12_4-based tag instead of reverting trunk to 3_12_3 - discussion continuing in email.  This is here for posterity/sanity checking.  Kai confirms that these are the only files that should be changed.
Attachment #378965 - Attachment is obsolete: true
(Assignee)

Comment 9

9 years ago
Discussed this with drivers, agreed to use the NSS_3_12_4_FIPS1_WITH_CKBI_1_75

Landed on central along side bug 493709

http://hg.mozilla.org/mozilla-central/rev/7509164476e8

After a clean baking cycle, I will land the 1.9.1 versions.
Summary: update mozilla-1.9.1 to pick up NSS 3.12.3 + new roots from bug 493660 → update central and 1.9.1 to pick up NSS 3.12.3 + new roots from bug 493660
(Assignee)

Updated

9 years ago
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
(Assignee)

Comment 10

9 years ago
Baking was clean - landed on 1.9.1

http://hg.mozilla.org/releases/mozilla-1.9.1/rev/40faadef447e
Keywords: fixed1.9.1
You need to log in before you can comment on or make changes to this bug.