Last Comment Bug 575620 - upgrade to NSPR 4.8.6 + NSS 3.12.7 and link against mozsqlite3
: upgrade to NSPR 4.8.6 + NSS 3.12.7 and link against mozsqlite3
: verified1.9.2
Product: Core
Classification: Components
Component: Security: PSM (show other bugs)
: Trunk
: All All
-- normal (vote)
: mozilla2.0b3
Assigned To: Kai Engert (:kaie)
: David Keeler [:keeler] (use needinfo?)
Depends on: 415563 CVE-2010-3173 556497 gcc4.5 583337 587407
Blocks: 451187 567134
  Show dependency treegraph
Reported: 2010-06-29 07:59 PDT by Kai Engert (:kaie)
Modified: 2010-09-29 18:21 PDT (History)
18 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

makefile patch (539 bytes, patch)
2010-06-29 08:02 PDT, Kai Engert (:kaie)
wtc: review+
Details | Diff | Splinter Review
makefile patch v2 (1.12 KB, patch)
2010-07-15 13:18 PDT, Kai Engert (:kaie)
kaie: review+
dveditz: approval1.9.2.9+
christian: approval1.9.1.14+
Details | Diff | Splinter Review

Description User image Kai Engert (:kaie) 2010-06-29 07:59:49 PDT
We would like to upgrade Mozilla and pick up:
- NSPR 4.8.5
- NSS 3.12.7

Because of bug 519550, this will require a small Makefile modification on trunk (only) to instruct NSS to link against mozsqlite3
Comment 1 User image Kai Engert (:kaie) 2010-06-29 08:02:50 PDT
Created attachment 454864 [details] [diff] [review]
makefile patch
Comment 2 User image Kai Engert (:kaie) 2010-06-30 05:06:33 PDT
I did a tryserver build, and saw the error messages described in bug 415563 comment 12:
../../../dist/bin/ undefined reference to `__sync_sub_and_fetch_4'
../../../dist/bin/ undefined reference to `__sync_add_and_fetch_4'

I conclude this is blocked by bug 559964.
Comment 3 User image Ted Mielczarek [:ted.mielczarek] 2010-06-30 07:39:10 PDT
We had other problems with updating to GCC 4.5 that caused us to revert to GCC 4.3.3. This is why I backed out bug 415563 on NSPR trunk.

I've created a NSPR_4_8_5_RTM tag which is after the backout, so should be safe to update to.
Comment 4 User image (dormant account) 2010-06-30 09:35:53 PDT
Btw as mentioned in -march=i486 fixes this bug in 4.3.
Comment 5 User image Kai Engert (:kaie) 2010-07-01 11:27:41 PDT
Ted, we've deleted the NSPR 4.8.5 RTM tag from CVS. We need to coordinate a new release tag and make sure we follow the release procedures.

We'll use 4.8.6 as the next official release version.
Comment 6 User image Kai Engert (:kaie) 2010-07-01 11:32:45 PDT
We would like to wait for a fix for bug 556497 prior to releasing NSS 3.12.7, adding bug to dependency list.
Comment 7 User image Kai Engert (:kaie) 2010-07-01 11:35:09 PDT
Does this bug depend on bug 415563 and/or bug 559964?
Awaiting clarification after bug 415563 comment 21.
Comment 8 User image Wan-Teh Chang 2010-07-07 13:50:07 PDT
Comment on attachment 454864 [details] [diff] [review]
makefile patch

Comment 9 User image Wan-Teh Chang 2010-07-07 15:54:34 PDT
ted,taras: can I log in to the tinderbox to take a look and try the -march=i486 fix?
Comment 10 User image Ted Mielczarek [:ted.mielczarek] 2010-07-07 16:42:53 PDT
You'd need to ask someone from Release Engineering, you can find them in #build (although we're all at the summit this week, so it may be tough to get a hold of people).

There's also a VMWare VM of the Linux build machines if you want to try that. It's a little bit out of date, but it has GCC 4.3.3:
Comment 11 User image (dormant account) 2010-07-07 16:44:16 PDT
(In reply to comment #10)

> There's also a VMWare VM of the Linux build machines if you want to try that.
> It's a little bit out of date, but it has GCC 4.3.3:

Ted is right, you can reproduce this bug on that VM.
Comment 12 User image Wan-Teh Chang 2010-07-08 19:04:32 PDT
I pushed NSPR_4_8_6_BETA1 to mozilla-central in changeset c1c64067eeb8:
Comment 13 User image Wan-Teh Chang 2010-07-09 09:16:10 PDT
I pushed NSPR_4_8_6_BETA2 to mozilla-central in changeset 500d1bd6e71b:
Comment 14 User image Wan-Teh Chang 2010-07-12 21:07:29 PDT
I pushed NSPR_4_8_6_BETA3 to mozilla-central in changeset da2b4fad0ad1:

Kai, you can push NSS_3_12_7_BETA2 to mozilla-central now.
Comment 15 User image Kai Engert (:kaie) 2010-07-15 13:18:10 PDT
Created attachment 457659 [details] [diff] [review]
makefile patch v2

second revision of makefile changes for PSM

Wan-Teh proposed that we can also stop setting the freebl variable, because NSS 3.12.7 does that by default now.

Comment 16 User image timeless 2010-07-18 13:00:07 PDT
Comment on attachment 457659 [details] [diff] [review]
makefile patch v2

let's use this patch to represent the task of landing onto 1.9.2...
Comment 17 User image Kyle Huey [:khuey] (Exited; not receiving bugmail, email if necessary) 2010-07-18 23:00:31 PDT
If this lands on 1.9.2 we need to be sure not to regress Bug 567134, since we've taken a temporary patch for that on 1.9.2.
Comment 18 User image Kai Engert (:kaie) 2010-07-18 23:05:22 PDT
I've landed nss 3.12.7 beta 2 and the makefile v2 patch into mozilla-central.

Based on my earlier try-server build things are expected to go well.

Once we are certain to make final releases of nspr 4.8.6 and 3.12.7 we'll land the diffs (probably only the version number changes) and close this bug.
Comment 19 User image Kai Engert (:kaie) 2010-07-18 23:20:48 PDT
I've also cleaned up directory mozilla/security/patches, since patch for bug 519550 is no longer necessary with 3.12.7
Comment 20 User image Wan-Teh Chang 2010-07-20 13:38:18 PDT
(In reply to comment #17)

khuey: good point.  Two things.
1) We should create the mozilla/security/patches directory in
mozilla-1.9.2 to keep track of the patches you've applied on
top of an NSS CVS tag. Here is what that directory looks like in
2) The patch for bug 567134 should also be applied to
Comment 21 User image Daniel Veditz [:dveditz] 2010-07-23 11:08:41 PDT
Comment on attachment 457659 [details] [diff] [review]
makefile patch v2

Approved for, a=dveditz for release-drivers
Comment 22 User image Wan-Teh Chang 2010-08-04 15:58:23 PDT
This has been fixed in mozilla-central.
Comment 23 User image Kai Engert (:kaie) 2010-08-06 10:29:37 PDT
I've landed this into mozilla-1.9.2

Using the nice hg mq extension it's easy to partition patches, so I ended up landing this as 4 separate commits...:

I've also added the security/patches directory + contents.

Tinderbox tells me there was some orange reporting some leaks, but in my understanding, based on the history of this test machine (OSX moth), that's an intermittent random failure.
Comment 24 User image Kai Engert (:kaie) 2010-08-06 10:30:25 PDT
(Note I omitted the mozsqlite3 portion of the makefile patch, because it's doesn't apply to mozilla-1.9.2 - that branch still uses library name sqlite3)
Comment 25 User image Axel Hecht [:Pike] 2010-08-06 10:57:53 PDT
Ehsan starred the orange with bug 505650.
Comment 26 User image Al Billings [:abillings] 2010-08-12 18:18:09 PDT
Verified for 1.9.2 by checking the binaries in nightly builds.
Comment 27 User image Wan-Teh Chang 2010-09-28 16:04:50 PDT
NSS 3.12.8 requires NSPR 4.8.6, so I'm requesting approval to
update to NSPR 4.8.6 in mozilla-1.9.1 at the same time or
before I update to NSS 3.12.8.
Comment 28 User image christian 2010-09-28 16:14:09 PDT
Is it the same patch? If so I can approve the patch as well. Marked as blocking.
Comment 29 User image Wan-Teh Chang 2010-09-28 18:21:08 PDT
Pushed NSPR 4.8.6 to mozilla-1.9.1 in changeset 5920f776e030:

Pushed the second "hunk" of makefile patch v2 (attachment 457659 [details] [diff] [review])
to mozilla-1.9.1 in changeset 387e34496d69:

Note You need to log in before you can comment on or make changes to this bug.