Update mozilla-aurora to NSS 3.15.2 RTM (NSS_3_15_2_RTM)

RESOLVED FIXED in Firefox 26

Status

()

defect
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: briansmith, Assigned: briansmith)

Tracking

Trunk
mozilla27
Points:
---

Firefox Tracking Flags

(firefox24 unaffected, firefox25 unaffected, firefox26 fixed, firefox27+ fixed, firefox-esr17 unaffected, firefox-esr24 unaffected, b2g18 unaffected, b2g-v1.1hd unaffected, b2g-v1.2 unaffected)

Details

(Whiteboard: [qa-])

Attachments

(2 attachments)

Linux distributors would like us to use an RTM release for mozilla-beta and mozilla-release when possible. mozilla-aurora is currently using a beta release of NSS, with a private patch for the TLS False Start feature. We already disabled TLS False Start in mozilla-aurora, so we just need to remove the private patch to NSS and remove one function call (in nsNSSIOLayer.cpp) to a function that was added by that private patch. There is no functional change to the false start logic otherwise.

There are no string changes and this is a low-risk change.

Try run: https://tbpl.mozilla.org/?tree=Try&rev=d6ce6d4ab462
Attachment #822043 - Flags: review+
Attachment #822043 - Flags: approval-mozilla-aurora?
Attachment #822043 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
I recommend to apply this same change to mozilla aurora 27.

We are releasing an intermediate NSS release for several stable branches.
That particular snapshot should get testing, and the state of some branches is confusing.

I propose to temporarily clean up all branches from early testing code, such as this code with the false start patch.

To be clear, I propose to:
- apply this patch to aurora 27, which will change it to the stable NSS 3.15.2
- in a separate step (bug), we should update it to the "NEW" 3.15.3 version
  (which will have some security fixes)

If that other work (false start feature) gets completed in time, you could still land the newer 3.15.4 into aurora 27.

So, let's do this cleanup first.
Brian, can you please agree to this proposal?

If you do, I can take care of it, since the patch already has approval for aurora.
Flags: needinfo?(brian)
(In reply to Kai Engert (:kaie) from comment #2)
> - in a separate step (bug), we should update it to the "NEW" 3.15.3 version
>   (which will have some security fixes)

This separate work will be tracked in bug 935959
Comment on attachment 828645 [details] [diff] [review]
backout false start from aurora27 and go to 3.15.2 RTM in preparation for temporarily using a newer NSS release (that lacks false start)

Review of attachment 828645 [details] [diff] [review]:
-----------------------------------------------------------------

I assume that this patch is just updating NSS to NSS_3_15_2_RTM, removing the call to SSL_SetCanFalseStartCallback, and removing the private false start patch. I agree with all of that. If there are other changes please NEEDINFO? me after you've posted what else changed.
Attachment #828645 - Flags: review?(brian) → review+
clearing NEEDINFO.
(In reply to Brian Smith from comment #6)
> I assume that this patch is just updating NSS to NSS_3_15_2_RTM, removing
> the call to SSL_SetCanFalseStartCallback, and removing the private false
> start patch. I agree with all of that.

Correct, thanks Brian.
Flags: needinfo?(brian)
Attachment #828645 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
https://hg.mozilla.org/releases/mozilla-aurora/rev/571b5e7bf31f

All branches (other than mozilla-central) using experimental false start patches have been cleaned up, so we can close this for now.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.