Last Comment Bug 575620 - upgrade to NSPR 4.8.6 + NSS 3.12.7 and link against mozsqlite3
: upgrade to NSPR 4.8.6 + NSS 3.12.7 and link against mozsqlite3
Status: RESOLVED FIXED
: verified1.9.2
Product: Core
Classification: Components
Component: Security: PSM (show other bugs)
: Trunk
: All All
: -- normal (vote)
: mozilla2.0b3
Assigned To: Kai Engert (:kaie)
:
Mentors:
Depends on: 415563 CVE-2010-3173 556497 gcc4.5 583337 587407
Blocks: 451187 567134
  Show dependency treegraph
 
Reported: 2010-06-29 07:59 PDT by Kai Engert (:kaie)
Modified: 2010-09-29 18:21 PDT (History)
18 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
.9+
.9-fixed
.14+
.14-fixed


Attachments
makefile patch (539 bytes, patch)
2010-06-29 08:02 PDT, Kai Engert (:kaie)
wtc: review+
Details | Diff | Review
makefile patch v2 (1.12 KB, patch)
2010-07-15 13:18 PDT, Kai Engert (:kaie)
kaie: review+
dveditz: approval1.9.2.9+
christian: approval1.9.1.14+
Details | Diff | Review

Description Kai Engert (:kaie) 2010-06-29 07:59:49 PDT
We would like to upgrade Mozilla and pick up:
- NSPR 4.8.5
- NSS 3.12.7

Because of bug 519550, this will require a small Makefile modification on trunk (only) to instruct NSS to link against mozsqlite3
Comment 1 Kai Engert (:kaie) 2010-06-29 08:02:50 PDT
Created attachment 454864 [details] [diff] [review]
makefile patch
Comment 2 Kai Engert (:kaie) 2010-06-30 05:06:33 PDT
I did a tryserver build, and saw the error messages described in bug 415563 comment 12:
../../../dist/bin/libnspr4.so: undefined reference to `__sync_sub_and_fetch_4'
../../../dist/bin/libnspr4.so: undefined reference to `__sync_add_and_fetch_4'

I conclude this is blocked by bug 559964.
Comment 3 Ted Mielczarek [:ted.mielczarek] 2010-06-30 07:39:10 PDT
We had other problems with updating to GCC 4.5 that caused us to revert to GCC 4.3.3. This is why I backed out bug 415563 on NSPR trunk.

I've created a NSPR_4_8_5_RTM tag which is after the backout, so should be safe to update to.
Comment 4 (dormant account) 2010-06-30 09:35:53 PDT
Btw as mentioned in http://stackoverflow.com/questions/130740/link-error-when-compiling-gcc-atomic-operation-in-32-bit-mode -march=i486 fixes this bug in 4.3.
Comment 5 Kai Engert (:kaie) 2010-07-01 11:27:41 PDT
Ted, we've deleted the NSPR 4.8.5 RTM tag from CVS. We need to coordinate a new release tag and make sure we follow the release procedures.

We'll use 4.8.6 as the next official release version.
Comment 6 Kai Engert (:kaie) 2010-07-01 11:32:45 PDT
We would like to wait for a fix for bug 556497 prior to releasing NSS 3.12.7, adding bug to dependency list.
Comment 7 Kai Engert (:kaie) 2010-07-01 11:35:09 PDT
Does this bug depend on bug 415563 and/or bug 559964?
Awaiting clarification after bug 415563 comment 21.
Comment 8 Wan-Teh Chang 2010-07-07 13:50:07 PDT
Comment on attachment 454864 [details] [diff] [review]
makefile patch

r=wtc.
Comment 9 Wan-Teh Chang 2010-07-07 15:54:34 PDT
ted,taras: can I log in to the tinderbox to take a look and try the -march=i486 fix?
Comment 10 Ted Mielczarek [:ted.mielczarek] 2010-07-07 16:42:53 PDT
You'd need to ask someone from Release Engineering, you can find them in #build (although we're all at the summit this week, so it may be tough to get a hold of people).

There's also a VMWare VM of the Linux build machines if you want to try that. It's a little bit out of date, but it has GCC 4.3.3:
https://wiki.mozilla.org/ReferencePlatforms/Linux-Public
Comment 11 (dormant account) 2010-07-07 16:44:16 PDT
(In reply to comment #10)

> There's also a VMWare VM of the Linux build machines if you want to try that.
> It's a little bit out of date, but it has GCC 4.3.3:
> https://wiki.mozilla.org/ReferencePlatforms/Linux-Public

Ted is right, you can reproduce this bug on that VM.
Comment 12 Wan-Teh Chang 2010-07-08 19:04:32 PDT
I pushed NSPR_4_8_6_BETA1 to mozilla-central in changeset c1c64067eeb8:
http://hg.mozilla.org/mozilla-central/rev/c1c64067eeb8
Comment 13 Wan-Teh Chang 2010-07-09 09:16:10 PDT
I pushed NSPR_4_8_6_BETA2 to mozilla-central in changeset 500d1bd6e71b:
http://hg.mozilla.org/mozilla-central/rev/500d1bd6e71b
Comment 14 Wan-Teh Chang 2010-07-12 21:07:29 PDT
I pushed NSPR_4_8_6_BETA3 to mozilla-central in changeset da2b4fad0ad1:
http://hg.mozilla.org/mozilla-central/rev/da2b4fad0ad1

Kai, you can push NSS_3_12_7_BETA2 to mozilla-central now.
Comment 15 Kai Engert (:kaie) 2010-07-15 13:18:10 PDT
Created attachment 457659 [details] [diff] [review]
makefile patch v2

second revision of makefile changes for PSM

Wan-Teh proposed that we can also stop setting the freebl variable, because NSS 3.12.7 does that by default now.

r=kaie
Comment 16 timeless 2010-07-18 13:00:07 PDT
Comment on attachment 457659 [details] [diff] [review]
makefile patch v2

let's use this patch to represent the task of landing onto 1.9.2...
Comment 17 Kyle Huey [:khuey] (khuey@mozilla.com) (Away until 6/13) 2010-07-18 23:00:31 PDT
If this lands on 1.9.2 we need to be sure not to regress Bug 567134, since we've taken a temporary patch for that on 1.9.2.
Comment 18 Kai Engert (:kaie) 2010-07-18 23:05:22 PDT
I've landed nss 3.12.7 beta 2 and the makefile v2 patch into mozilla-central.

http://hg.mozilla.org/mozilla-central/rev/1eca03018726
http://hg.mozilla.org/mozilla-central/rev/e15f9edaa78f

Based on my earlier try-server build things are expected to go well.

Once we are certain to make final releases of nspr 4.8.6 and 3.12.7 we'll land the diffs (probably only the version number changes) and close this bug.
Comment 19 Kai Engert (:kaie) 2010-07-18 23:20:48 PDT
I've also cleaned up directory mozilla/security/patches, since patch for bug 519550 is no longer necessary with 3.12.7
Comment 20 Wan-Teh Chang 2010-07-20 13:38:18 PDT
(In reply to comment #17)

khuey: good point.  Two things.
1) We should create the mozilla/security/patches directory in
mozilla-1.9.2 to keep track of the patches you've applied on
top of an NSS CVS tag. Here is what that directory looks like in
mozilla-central:
http://mxr.mozilla.org/mozilla-central/source/security/patches/
2) The patch for bug 567134 should also be applied to
mozilla-central.
Comment 21 Daniel Veditz [:dveditz] 2010-07-23 11:08:41 PDT
Comment on attachment 457659 [details] [diff] [review]
makefile patch v2

Approved for 1.9.2.9, a=dveditz for release-drivers
Comment 22 Wan-Teh Chang 2010-08-04 15:58:23 PDT
This has been fixed in mozilla-central.
Comment 23 Kai Engert (:kaie) 2010-08-06 10:29:37 PDT
I've landed this into mozilla-1.9.2

Using the nice hg mq extension it's easy to partition patches, so I ended up landing this as 4 separate commits...:

http://hg.mozilla.org/releases/mozilla-1.9.2/rev/aa01d8aeacdc
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/8c356dd0a14a
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/4a5951bdc65f
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/521c209771fd

I've also added the security/patches directory + contents.


Tinderbox tells me there was some orange reporting some leaks, but in my understanding, based on the history of this test machine (OSX moth), that's an intermittent random failure.
Comment 24 Kai Engert (:kaie) 2010-08-06 10:30:25 PDT
(Note I omitted the mozsqlite3 portion of the makefile patch, because it's doesn't apply to mozilla-1.9.2 - that branch still uses library name sqlite3)
Comment 25 Axel Hecht [:Pike] 2010-08-06 10:57:53 PDT
Ehsan starred the orange with bug 505650.
Comment 26 Al Billings [:abillings] 2010-08-12 18:18:09 PDT
Verified for 1.9.2 by checking the binaries in nightly builds.
Comment 27 Wan-Teh Chang 2010-09-28 16:04:50 PDT
NSS 3.12.8 requires NSPR 4.8.6, so I'm requesting approval to
update to NSPR 4.8.6 in mozilla-1.9.1 at the same time or
before I update to NSS 3.12.8.
Comment 28 christian 2010-09-28 16:14:09 PDT
Is it the same patch? If so I can approve the patch as well. Marked as blocking.
Comment 29 Wan-Teh Chang 2010-09-28 18:21:08 PDT
Pushed NSPR 4.8.6 to mozilla-1.9.1 in changeset 5920f776e030:
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/5920f776e030

Pushed the second "hunk" of makefile patch v2 (attachment 457659 [details] [diff] [review])
to mozilla-1.9.1 in changeset 387e34496d69:
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/387e34496d69

Note You need to log in before you can comment on or make changes to this bug.