Closed
Bug 930811
Opened 12 years ago
Closed 12 years ago
Update mozilla-aurora to NSS 3.15.2 RTM (NSS_3_15_2_RTM)
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla27
| Tracking | Status | |
|---|---|---|
| firefox24 | --- | unaffected |
| firefox25 | --- | unaffected |
| firefox26 | --- | fixed |
| firefox27 | + | fixed |
| firefox-esr17 | --- | unaffected |
| firefox-esr24 | --- | unaffected |
| b2g18 | --- | unaffected |
| b2g-v1.1hd | --- | unaffected |
| b2g-v1.2 | --- | unaffected |
People
(Reporter: briansmith, Assigned: briansmith)
Details
(Whiteboard: [qa-])
Attachments
(2 files)
|
98.28 KB,
patch
|
briansmith
:
review+
lsblakk
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
|
65.31 KB,
patch
|
briansmith
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
Linux distributors would like us to use an RTM release for mozilla-beta and mozilla-release when possible. mozilla-aurora is currently using a beta release of NSS, with a private patch for the TLS False Start feature. We already disabled TLS False Start in mozilla-aurora, so we just need to remove the private patch to NSS and remove one function call (in nsNSSIOLayer.cpp) to a function that was added by that private patch. There is no functional change to the false start logic otherwise.
There are no string changes and this is a low-risk change.
Try run: https://tbpl.mozilla.org/?tree=Try&rev=d6ce6d4ab462
Attachment #822043 -
Flags: review+
Attachment #822043 -
Flags: approval-mozilla-aurora?
|
Assignee | |
Updated•12 years ago
|
status-b2g18:
--- → unaffected
status-b2g-v1.1hd:
--- → unaffected
status-b2g-v1.2:
--- → unaffected
status-firefox24:
--- → unaffected
status-firefox25:
--- → unaffected
status-firefox26:
--- → affected
status-firefox27:
--- → unaffected
status-firefox-esr17:
--- → unaffected
status-firefox-esr24:
--- → unaffected
|
||
Updated•12 years ago
|
Attachment #822043 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
||
Comment 1•12 years ago
|
||
|
||
Comment 2•12 years ago
|
||
I recommend to apply this same change to mozilla aurora 27.
We are releasing an intermediate NSS release for several stable branches.
That particular snapshot should get testing, and the state of some branches is confusing.
I propose to temporarily clean up all branches from early testing code, such as this code with the false start patch.
To be clear, I propose to:
- apply this patch to aurora 27, which will change it to the stable NSS 3.15.2
- in a separate step (bug), we should update it to the "NEW" 3.15.3 version
(which will have some security fixes)
If that other work (false start feature) gets completed in time, you could still land the newer 3.15.4 into aurora 27.
So, let's do this cleanup first.
tracking-firefox27:
--- → ?
|
|
||
Comment 3•12 years ago
|
||
Brian, can you please agree to this proposal?
If you do, I can take care of it, since the patch already has approval for aurora.
Flags: needinfo?(brian)
|
|
||
Comment 4•12 years ago
|
||
(In reply to Kai Engert (:kaie) from comment #2)
> - in a separate step (bug), we should update it to the "NEW" 3.15.3 version
> (which will have some security fixes)
This separate work will be tracked in bug 935959
|
|
||
Comment 5•12 years ago
|
||
Attachment #828645 -
Flags: review?(brian)
Attachment #828645 -
Flags: approval-mozilla-aurora?
|
|
Assignee | |
Comment 6•12 years ago
|
||
Comment on attachment 828645 [details] [diff] [review]
backout false start from aurora27 and go to 3.15.2 RTM in preparation for temporarily using a newer NSS release (that lacks false start)
Review of attachment 828645 [details] [diff] [review]:
-----------------------------------------------------------------
I assume that this patch is just updating NSS to NSS_3_15_2_RTM, removing the call to SSL_SetCanFalseStartCallback, and removing the private false start patch. I agree with all of that. If there are other changes please NEEDINFO? me after you've posted what else changed.
Attachment #828645 -
Flags: review?(brian) → review+
|
|
Assignee | |
Comment 7•12 years ago
|
||
clearing NEEDINFO.
|
|
||
Comment 8•12 years ago
|
||
(In reply to Brian Smith from comment #6)
> I assume that this patch is just updating NSS to NSS_3_15_2_RTM, removing
> the call to SSL_SetCanFalseStartCallback, and removing the private false
> start patch. I agree with all of that.
Correct, thanks Brian.
Flags: needinfo?(brian)
|
||
Updated•12 years ago
|
Attachment #828645 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Comment 9•12 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/571b5e7bf31f
All branches (other than mozilla-central) using experimental false start patches have been cleaned up, so we can close this for now.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
|
||
Updated•12 years ago
|
|
||
Updated•11 years ago
|
Whiteboard: [qa-]
You need to log in
before you can comment on or make changes to this bug.
Description
•