Last Comment Bug 741135 - Update Mozilla to NSS 3.13.4
: Update Mozilla to NSS 3.13.4
Status: RESOLVED FIXED
[qa-]
:
Product: Core
Classification: Components
Component: Security: PSM (show other bugs)
: unspecified
: All All
: P2 normal (vote)
: mozilla14
Assigned To: Kai Engert (:kaie)
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-31 16:25 PDT by Wan-Teh Chang
Modified: 2012-07-10 11:56 PDT (History)
5 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
verified
13+
verified


Attachments
upgrade action (placeholder) (31 bytes, patch)
2012-04-05 14:42 PDT, Kai Engert (:kaie)
no flags Details | Diff | Splinter Review
approval placeholder (34 bytes, patch)
2012-04-05 14:42 PDT, Daniel Veditz [:dveditz]
akeybl: approval‑mozilla‑aurora+
akeybl: approval‑mozilla‑esr10+
Details | Diff | Splinter Review

Description Wan-Teh Chang 2012-03-31 16:25:16 PDT
I am preparing the NSS 3.13.4 release.  The first CVS tag I
will push to mozilla-central (via mozilla-inbound) is
NSS_3_13_4_BETA1, which has the following bug fixes:

Bug 577747: Memory leak in ECDSA code in secvfy.c
Bug 640625: export to PKCS #12 does not iterate hashing
Bug 644764: AES256 not recorded in SMIME capabilities
Bug 647364: CERT_PKIXVerifyCert doesn't check cert->trust of the leaf
            certificate
Bug 671069: signed/unsigned warnings in pk11wrap
Bug 671071: const/non-const warnings in lib/certdb/stanpcertdb.c
Bug 697420: crash in [@ CERT_DestroyOCSPResponse] 
Bug 715073: Insufficient length checking in QuickDER decoder
Bug 723740: CKM_DH_DERIVE does not respect VALUE_LEN if VALUE_LEN is
            greater than the unpadded generated key.
Bug 726134: Allow CERT_PKIXVerifyCert to return a NULL trust anchor cert
            (cert_po_trustAnchor)
Bug 727691: SSL_InvalidateSession crashes if session cache was disabled
Bug 728919: [patch] Fix clang warning in sslcon.c
Bug 729377: SEC_RegisterDefaultHttpClient and
            CERT_RegisterAlternateOCSPAIAInfoCallBack should set the
            SEC_ERROR_NOT_INITIALIZED error if they are called before
            NSS is initialized
Bug 729380: Declaring variables on the beginning of a line confuses
            cvs diff -p
Bug 729721: Miscellaneous code cleanups in libpkix for NSS 3.13.4
Bug 732258: ssl3_FinishHandshake cleanup
Bug 732630: Prefer SSL_RSA_WITH_RC4_128_SHA over SSL_RSA_WITH_RC4_128_MD5
Bug 734534: Fix a buffer length bug and nits in the next protocol
            negotiation (NPN) functions
Bug 737395: SECITEM_CompareItem() returns invalid result, found with
            memory analysis tool that uses its own copy of "memcmp"
Bug 737802: regression: SSL step-up EKU OID no longer treated as SSL
            Server type
Bug 738161: Fix "beause" spelling in /security/nss/lib/pk11wrap/pk11auth.c
Comment 1 Wan-Teh Chang 2012-03-31 16:52:09 PDT
Update NSS to NSS_3_13_4_BETA1.  mozilla-inbound changeset URL:
http://hg.mozilla.org/integration/mozilla-inbound/rev/9b278853a823
Comment 2 Matt Brubeck (:mbrubeck) 2012-04-02 11:01:57 PDT
https://hg.mozilla.org/mozilla-central/rev/9b278853a823
Comment 3 Daniel Veditz [:dveditz] 2012-04-02 16:10:57 PDT
Assuming we'll want to take this uplift on the ESR branch eventually, maybe for the Firefox-13-equivalent release in June?
Comment 4 Kai Engert (:kaie) 2012-04-05 14:42:48 PDT
Created attachment 612691 [details] [diff] [review]
upgrade action (placeholder)
Comment 5 Daniel Veditz [:dveditz] 2012-04-05 14:42:49 PDT
Created attachment 612692 [details] [diff] [review]
approval placeholder

This attachment is a placeholder for branch approvals for upgrading to NSS 3.13.4 in the Mozilla tree.

It's currently too close to the April 24 releases to take this on the beta or ESR branches. We should land on mozilla-central, and if that looks good land on Aurora. Make sure we land on Aurora before April 24 and this will be automatically set for shipping with Firefox 13 in June.

Sometime after April 24--when we've had sufficient beta feedback on the changes--we can land this on the ESR branch. Since we've pushed the MD5 changes out to 3.13.5 we're not expecting any compatibility problems, but better safe than sorry.
Comment 6 Kai Engert (:kaie) 2012-04-05 14:56:23 PDT
Comment on attachment 612692 [details] [diff] [review]
approval placeholder

Requesting approval for aurora
Comment 7 Kai Engert (:kaie) 2012-04-05 14:56:50 PDT
Comment on attachment 612692 [details] [diff] [review]
approval placeholder

Requesting approval for ESR 10.0.5
Comment 8 Wan-Teh Chang 2012-04-05 16:05:04 PDT
Update NSS to NSS_3_13_4_BETA2.  mozilla-inbound changeset URL:
https://hg.mozilla.org/integration/mozilla-inbound/rev/f6cb35021951
Comment 9 Alex Keybl [:akeybl] 2012-04-05 16:55:38 PDT
Comment on attachment 612692 [details] [diff] [review]
approval placeholder

[Triage Comment]
Approving for Aurora 13, and holding on approving for the ESR until after the version bump on that branch.
Comment 10 Kai Engert (:kaie) 2012-04-06 08:40:56 PDT
Landed RTM versions into inbound.
https://hg.mozilla.org/integration/mozilla-inbound/rev/11b6ea48df17

The bug can be marked fixed after this commit was merged into mozilla-central.
Comment 11 Kai Engert (:kaie) 2012-04-06 10:43:00 PDT
Aurora for Fx13:
https://hg.mozilla.org/releases/mozilla-aurora/rev/beef2cc3afb0
Comment 12 Matt Brubeck (:mbrubeck) 2012-04-09 10:08:48 PDT
https://hg.mozilla.org/mozilla-central/rev/11b6ea48df17
Comment 14 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-05-22 15:34:02 PDT
@wtc, can you please verify this is fixed with Firefox 13 and latest-mozilla-esr10?
Comment 15 Wan-Teh Chang 2012-07-10 11:22:43 PDT
Anthony: I'm sorry I forgot to reply.  I remember I verified this was
fixed in Firefox, but I didn't know how to verify it in latest-mozilla-esr10.
Comment 16 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-07-10 11:42:53 PDT
How did you verify it in Firefox? I assume ESR would be no different.
Comment 17 Wan-Teh Chang 2012-07-10 11:49:12 PDT
I must have verified it in Firefox 13 by inspecting the source file
security/nss/TAG-INFO in the Hg repository for Firefox 13.  I may
have also installed a Firefox 13 build.

I don't know the Hg repository for latest-mozilla-esr10.
Comment 18 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-07-10 11:56:13 PDT
http://hg.mozilla.org/releases/mozilla-esr10/file/tip/security/nss/TAG-INFO states "NSS_3_13_5_RTM". I suppose we can call this bug verified then.

Note You need to log in before you can comment on or make changes to this bug.