Closed Bug 599324 Opened 10 years ago Closed 10 years ago

Tracker: Mozilla upgrade to NSS 3.12.9

Categories

(Core :: Security: PSM, defect)

defect
Not set
normal

Tracking

()

VERIFIED FIXED
Tracking Status
blocking2.0 --- beta8+
fennec 2.0b3+ ---

People

(Reporter: KaiE, Unassigned)

References

Details

Attachments

(1 file, 1 obsolete file)

upgrade Mozilla to NSS 3.12.9 when it's available

This blocks landing of bug 337430, because NSS 3.12.9 comes with a new API.
Blocks: 614852
Duplicate of this bug: 616730
This blocks bug 601645, so it should block Firefox 4.0b8 / Fennec 4.0b3.
blocking2.0: --- → ?
tracking-fennec: --- → ?
blocking based on comment above.
blocking2.0: ? → beta8+
tracking-fennec: ? → 2.0b3+
I am working on the code that couples Sync to the new NSS functionality that is driving this release to verify that the NSS 3.12.9 BETA1 release is good enough for B8.
Who owns this?
Kai is the one that usually (always?) checks in the new NSS into mozilla-central. I'd rather have him do it since it's time-critical and he's very familiar with the process.
Kai, can you please confirm that this is top priority for you and give an estimate of when you will have this completed?  This is one of the last two things we need to get done for beta 8.  If we don't see movement here in the next several hours we'll unblock on these items entirely and do without them.
there is no 3.12.9.release yet

are you asking me to land a beta?
Brian, people are pushing me to get this landed, although I haven't seen a "go" yet.

If I understand correctly, based on emails you sent 20 minutes ago, you need one more patch, and you want to tag a beta2.

If I understand correctly, there's no need to push beta1, because you'll need your newer beta2.

Brian, once you are ready and would like to have something pushed into mozilla-central, then please make a comment in this bug and say "please push beta tag NSS_ABC123" into mozilla-central.
if you need me to create a new nss tag for you, i can do that, too.
including updating version numbers.
just let me know
(In reply to comment #9)
> Brian, once you are ready and would like to have something pushed into
> mozilla-central, then please make a comment in this bug and say "please push
> beta tag NSS_ABC123" into mozilla-central.

Kai, I still need to land my patch for bug 617492 but I don't want to do it in the middle of the night because I will be sleeping. Any help you can give me with getting this checked in overnight would be greatly appreciated. Otherwise, I will do so in the morning and I will likely need some assistance from you in case I run into any problems with checking it in, creating the NSS_3_12_9_BETA2_CANDIDATE tag, and importing into mozilla-central.
cd 312/mozilla
cvs tag NSS_3_12_9_BETA2 security/nss security/coreconf security/dbm dbm

(tag created)

NSS 3.12.9 wants newer NSPR 4.8.7

I'm going to land NSPR_4_8_7_BETA1 and NSS_3_12_9_BETA2 into mozilla-central.
> I'm going to land NSPR_4_8_7_BETA1 and NSS_3_12_9_BETA2 into mozilla-central.

http://hg.mozilla.org/mozilla-central/rev/0f28e112a6b6

Keeping bug open, because we'll eventually land the final release version.
You may want to bump the required versions in configure.in, too.
(In reply to comment #14)
> You may want to bump the required versions in configure.in, too.

Shall I go ahead without patch?

Or go the formal path, anyone wants to attach the patch?
The new NSPR version introduced new warnings, and the risk is not well understood. Example warning:
e:\builds\moz2_slave\mozilla-central-win32\build\obj-firefox\dist\include\pratom.h(117) : warning C4164: '_InterlockedIncrement' : intrinsic function not declared

(e.g. mozilla-central tinderbox build machine "WINNT 5.2 mozilla-central build", example full log:
http://tinderbox.mozilla.org/showlog.cgi?log=Firefox/1291908091.1291918857.5079.gz&fulltext=1 )

Wan-Teh has provided a patch that fixes the warning (bug 594738), and also build bustage with older compiler versions (bug 617903).

I intend to declare this a bustage, and land the minor bustage patch on top of mozilla-central.

(The patch will be included in the next NSPR tag, too, so there is no need to track this exceptional patch landing.)
Depends on: 617903
(In reply to comment #14)
> You may want to bump the required versions in configure.in, too.

nss 3.12.9 introduces a new function related to j-pake, and the mozilla-central code depends on it, so it's mandatory to update the build requirements in configure

Here's the patch.
Attachment #496566 - Attachment is obsolete: true
this is the correct patch.
Comment on attachment 496568 [details] [diff] [review]
configure.in - bump nspr/nss version requirements

who could r+ it?
thanks
Attachment #496568 - Flags: review?
Comment on attachment 496568 [details] [diff] [review]
configure.in - bump nspr/nss version requirements

seeking r+ or a rs (rubberstamp) thanks!

minimal patch that bumps configure.in version requirements for nspr/nss
Attachment #496568 - Flags: superreview?
Attachment #496568 - Flags: review?(wtc)
Attachment #496568 - Flags: review?(ted.mielczarek)
Attachment #496568 - Flags: review?
I didn't do what I proposed in comment 16.
Instead, I just landed NSPR_4_8_7_BETA2 which includes the fix.

http://hg.mozilla.org/mozilla-central/rev/eeb76ce515d9
Comment on attachment 496568 [details] [diff] [review]
configure.in - bump nspr/nss version requirements

r=wtc.  I know NSS 3.12.9 is required because of the
new functions bsmith added.  But is NSPR 4.8.7 required?
Attachment #496568 - Flags: review?(wtc) → review+
Comment on attachment 496568 [details] [diff] [review]
configure.in - bump nspr/nss version requirements

This is a formality since it has landed, but the patch is fine, assuming the NSPR bump is necessary.
Attachment #496568 - Flags: superreview?
Attachment #496568 - Flags: review?(ted.mielczarek)
Attachment #496568 - Flags: review+
http://hg.mozilla.org/mozilla-central/rev/881610857801

I checked in the patch as-is because NSPR 4.8.7 was already checked in and I think it would be problematic in the future to be building against 4.8.7 but only saying we require 4.8.6.

dbaron is watching the tree for me in case this breaks anything. Thank you dbaron.
Can this be marked fixed now?
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
(In reply to comment #25)
> http://hg.mozilla.org/mozilla-central/rev/881610857801
> 
> I checked in the patch as-is because NSPR 4.8.7 was already checked in and I
> think it would be problematic in the future to be building against 4.8.7 but
> only saying we require 4.8.6.

We generally don't bump our NSS/NSPR version requirements unless we're actively using new features. Yes, we could wind up misrepresenting our actual requirements, but that's why we have a bug tracker. It's trivial to update it at a later date, but making it higher than necessary will cause pain for Linux distros and others.
I agree in general that we shouldn't require distributions to update unnecessarily.

But given that we require a NSS update anyway, it should be OK to have them upgrade the closely related NSPR package at the same time.
(In reply to comment #26)
> Can this be marked fixed now?

This bug asks about upgrading to NSS 3.12.9 final release.
This final release doesn't exist yet.

We had delivered a beta of NSS, because the Firefox beta schedule urgently asked for an NSS beta with new features.

In my opinion, this bug should be kept open until we have landed the final release of 3.12.9 into mozilla-central, to make it obvious to everyone that the landing of final 3.12.9 is still approved.

Alternatively, if you prefer to keep this bug closed, we could file another bug that asks for "upgrade to NSS 3.12.9 final" and if you did, I'd like to ask for blocking2.0+
> (In reply to comment #26)
> Alternatively, if you prefer to keep this bug closed, we could file another bug
> that asks for "upgrade to NSS 3.12.9 final" and if you did, I'd like to ask for
> blocking2.0+

Let's keep this bug closed so we can see the work needed for B8 is done. I filed bug 618368 and nominated it for blocking 2.0.
Status: RESOLVED → VERIFIED
(In reply to comment #12)
> NSS 3.12.9 wants newer NSPR 4.8.7

FWIW, I see no evidence of that. I actually built nss 3.12.9 beta 2 with nspr 4.8.6 just fine.
You need to log in before you can comment on or make changes to this bug.