Closed Bug 494236 Opened 11 years ago Closed 11 years ago

update central and 1.9.1 to pick up NSS 3.12.3 + new roots from bug 493660

Categories

(Core :: Security: PSM, defect)

1.9.1 Branch
x86
Linux
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: KaiE, Assigned: johnath)

References

Details

(Keywords: fixed1.9.1)

Attachments

(2 files, 2 obsolete files)

update mozilla-1.9.1 to pick up NSS 3.12.3 + new roots from bug 493660

Today Nelson will create a new NSS tag.
We'll announce this tag here.

Once it's done, the tag needs to be added to hg / mozilla-1.9.1

Firefox drivers, would you like to state in this bug that you approve this action?
Thanks.

We usually don't produce a patch. We run a script to land it as explained at https://developer.mozilla.org/en/Updating_NSPR_or_NSS_in_mozilla-central (use the update_nss part)

Assigning to Johnath, as he'll probably drive the commit.
a191=beltzner after it's had a green cycle on mozilla-central
I've just created the CVS tag NSS_3_12_3_WITH_CKBI_1_75_RTM for the NSS module.
It is identical to the NSS_3_12_3_RTM tag (which is what is presently being
used in FF 3.5) with the exception of the built-in root CA certs, which is 
identical to the tag NSSCKBI_1_75_RTM (bug 493660).
This is the result of running through the steps at:

https://developer.mozilla.org/en/Updating_NSPR_or_NSS_in_mozilla-central

Nelson, I don't need your actual review since this is just picking up code that's had review elsewhere and this looks to me like it has what it should and little else.  Nevertheless, I'd love to know if it looks the same to you.
Comment on attachment 378960 [details] [diff] [review]
1.9.1 patch to move to NSS_3_12_3_WITH_CKBI_1_75_RTM

Kai, 
Is the change in your patch to nss/lib/ckfw/Makefile accidental?
Given that NSS QA testing does not test the "capi" module, do 
we really want Firefox builds to build it?
Nelson and I are having a conversation in email with stakeholders/product drivers about whether we can move mozilla-central to this tag as well, given that mozilla-central is already running on a 3.12.4 release.  If we don't see any showstopper issues with the approach, this is the patch that results from running 

python client.py update_nss NSS_3_12_3_WITH_CKBI_1_75_RTM
Per Nelson's comment, this looks to be accidental.
Attachment #378960 - Attachment is obsolete: true
(In reply to comment #4)
> (From update of attachment 378960 [details] [diff] [review])
> Kai, 
> Is the change in your patch to nss/lib/ckfw/Makefile accidental?
> Given that NSS QA testing does not test the "capi" module, do 
> we really want Firefox builds to build it?

No, not accidental.
Was necessary to get the tinderbox go green on all platforms, including wince.
We don't want to build it.
Will get beltzner/shaver's opinion on using this 3_12_4-based tag instead of reverting trunk to 3_12_3 - discussion continuing in email.  This is here for posterity/sanity checking.  Kai confirms that these are the only files that should be changed.
Attachment #378965 - Attachment is obsolete: true
Discussed this with drivers, agreed to use the NSS_3_12_4_FIPS1_WITH_CKBI_1_75

Landed on central along side bug 493709

http://hg.mozilla.org/mozilla-central/rev/7509164476e8

After a clean baking cycle, I will land the 1.9.1 versions.
Summary: update mozilla-1.9.1 to pick up NSS 3.12.3 + new roots from bug 493660 → update central and 1.9.1 to pick up NSS 3.12.3 + new roots from bug 493660
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.