Closed Bug 575620 Opened 14 years ago Closed 14 years ago

upgrade to NSPR 4.8.6 + NSS 3.12.7 and link against mozsqlite3

Categories

(Core :: Security: PSM, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla2.0b3
Tracking Status
blocking1.9.2 --- .9+
status1.9.2 --- .9-fixed
blocking1.9.1 --- .14+
status1.9.1 --- .14-fixed

People

(Reporter: KaiE, Assigned: KaiE)

References

(Blocks 1 open bug)

Details

(Keywords: verified1.9.2)

Attachments

(1 file, 1 obsolete file)

We would like to upgrade Mozilla and pick up: - NSPR 4.8.5 - NSS 3.12.7 Because of bug 519550, this will require a small Makefile modification on trunk (only) to instruct NSS to link against mozsqlite3
Attached patch makefile patch (obsolete) — Splinter Review
Attachment #454864 - Flags: review?(wtc)
Summary: upgrade to NSPR 4.8.5 to NSS 3.12.7 and link against mozsqlite3 → upgrade to NSPR 4.8.5 + NSS 3.12.7 and link against mozsqlite3
I did a tryserver build, and saw the error messages described in bug 415563 comment 12: ../../../dist/bin/libnspr4.so: undefined reference to `__sync_sub_and_fetch_4' ../../../dist/bin/libnspr4.so: undefined reference to `__sync_add_and_fetch_4' I conclude this is blocked by bug 559964.
Depends on: gcc4.5, 415563
We had other problems with updating to GCC 4.5 that caused us to revert to GCC 4.3.3. This is why I backed out bug 415563 on NSPR trunk. I've created a NSPR_4_8_5_RTM tag which is after the backout, so should be safe to update to.
Ted, we've deleted the NSPR 4.8.5 RTM tag from CVS. We need to coordinate a new release tag and make sure we follow the release procedures. We'll use 4.8.6 as the next official release version.
Summary: upgrade to NSPR 4.8.5 + NSS 3.12.7 and link against mozsqlite3 → upgrade to NSPR 4.8.6 + NSS 3.12.7 and link against mozsqlite3
We would like to wait for a fix for bug 556497 prior to releasing NSS 3.12.7, adding bug to dependency list.
Depends on: 556497
Does this bug depend on bug 415563 and/or bug 559964? Awaiting clarification after bug 415563 comment 21.
Comment on attachment 454864 [details] [diff] [review] makefile patch r=wtc.
Attachment #454864 - Flags: review?(wtc) → review+
ted,taras: can I log in to the tinderbox to take a look and try the -march=i486 fix?
You'd need to ask someone from Release Engineering, you can find them in #build (although we're all at the summit this week, so it may be tough to get a hold of people). There's also a VMWare VM of the Linux build machines if you want to try that. It's a little bit out of date, but it has GCC 4.3.3: https://wiki.mozilla.org/ReferencePlatforms/Linux-Public
(In reply to comment #10) > There's also a VMWare VM of the Linux build machines if you want to try that. > It's a little bit out of date, but it has GCC 4.3.3: > https://wiki.mozilla.org/ReferencePlatforms/Linux-Public Ted is right, you can reproduce this bug on that VM.
I pushed NSPR_4_8_6_BETA1 to mozilla-central in changeset c1c64067eeb8: http://hg.mozilla.org/mozilla-central/rev/c1c64067eeb8
I pushed NSPR_4_8_6_BETA2 to mozilla-central in changeset 500d1bd6e71b: http://hg.mozilla.org/mozilla-central/rev/500d1bd6e71b
I pushed NSPR_4_8_6_BETA3 to mozilla-central in changeset da2b4fad0ad1: http://hg.mozilla.org/mozilla-central/rev/da2b4fad0ad1 Kai, you can push NSS_3_12_7_BETA2 to mozilla-central now.
second revision of makefile changes for PSM Wan-Teh proposed that we can also stop setting the freebl variable, because NSS 3.12.7 does that by default now. r=kaie
Attachment #454864 - Attachment is obsolete: true
Attachment #457659 - Flags: review+
Blocks: 451187
blocking1.9.2: --- → ?
Comment on attachment 457659 [details] [diff] [review] makefile patch v2 let's use this patch to represent the task of landing onto 1.9.2...
Attachment #457659 - Flags: approval1.9.2.8?
Blocks: 567134
If this lands on 1.9.2 we need to be sure not to regress Bug 567134, since we've taken a temporary patch for that on 1.9.2.
I've landed nss 3.12.7 beta 2 and the makefile v2 patch into mozilla-central. http://hg.mozilla.org/mozilla-central/rev/1eca03018726 http://hg.mozilla.org/mozilla-central/rev/e15f9edaa78f Based on my earlier try-server build things are expected to go well. Once we are certain to make final releases of nspr 4.8.6 and 3.12.7 we'll land the diffs (probably only the version number changes) and close this bug.
I've also cleaned up directory mozilla/security/patches, since patch for bug 519550 is no longer necessary with 3.12.7
(In reply to comment #17) khuey: good point. Two things. 1) We should create the mozilla/security/patches directory in mozilla-1.9.2 to keep track of the patches you've applied on top of an NSS CVS tag. Here is what that directory looks like in mozilla-central: http://mxr.mozilla.org/mozilla-central/source/security/patches/ 2) The patch for bug 567134 should also be applied to mozilla-central.
blocking1.9.2: ? → .8+
Comment on attachment 457659 [details] [diff] [review] makefile patch v2 Approved for 1.9.2.9, a=dveditz for release-drivers
Attachment #457659 - Flags: approval1.9.2.8? → approval1.9.2.8+
Assignee: nobody → kaie
This has been fixed in mozilla-central.
Status: NEW → RESOLVED
Closed: 14 years ago
OS: Linux → All
Hardware: x86 → All
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0b3
Depends on: 585061
No longer depends on: 585061
I've landed this into mozilla-1.9.2 Using the nice hg mq extension it's easy to partition patches, so I ended up landing this as 4 separate commits...: http://hg.mozilla.org/releases/mozilla-1.9.2/rev/aa01d8aeacdc http://hg.mozilla.org/releases/mozilla-1.9.2/rev/8c356dd0a14a http://hg.mozilla.org/releases/mozilla-1.9.2/rev/4a5951bdc65f http://hg.mozilla.org/releases/mozilla-1.9.2/rev/521c209771fd I've also added the security/patches directory + contents. Tinderbox tells me there was some orange reporting some leaks, but in my understanding, based on the history of this test machine (OSX moth), that's an intermittent random failure.
(Note I omitted the mozsqlite3 portion of the makefile patch, because it's doesn't apply to mozilla-1.9.2 - that branch still uses library name sqlite3)
Ehsan starred the orange with bug 505650.
Verified for 1.9.2 by checking the binaries in nightly builds.
Keywords: verified1.9.2
Depends on: 567620
No longer depends on: 567620
NSS 3.12.8 requires NSPR 4.8.6, so I'm requesting approval to update to NSPR 4.8.6 in mozilla-1.9.1 at the same time or before I update to NSS 3.12.8.
blocking1.9.1: --- → ?
blocking1.9.1: ? → .14+
Is it the same patch? If so I can approve the patch as well. Marked as blocking.
Attachment #457659 - Flags: approval1.9.1.14+
Pushed NSPR 4.8.6 to mozilla-1.9.1 in changeset 5920f776e030: http://hg.mozilla.org/releases/mozilla-1.9.1/rev/5920f776e030 Pushed the second "hunk" of makefile patch v2 (attachment 457659 [details] [diff] [review]) to mozilla-1.9.1 in changeset 387e34496d69: http://hg.mozilla.org/releases/mozilla-1.9.1/rev/387e34496d69
Depends on: CVE-2010-3173
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: