Closed Bug 958916 Opened 10 years ago Closed 10 years ago

Update to NSS 3.15.5

Categories

(Core :: Security: PSM, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla30
Tracking Status
firefox28 + fixed
firefox29 + fixed
firefox30 --- fixed
b2g-v1.3 --- fixed
b2g-v1.3T --- fixed
b2g-v1.4 --- fixed

People

(Reporter: emk, Assigned: briansmith)

References

Details

(Whiteboard: [leave open][qa-])

Attachments

(1 file)

      No description provided.
Assignee: nobody → brian
Target Milestone: --- → mozilla29
Whiteboard: [leave open]
Summary: Update Mozilla to use NSS 3.15.5 beta to support VS 2013 → Update to NSS 3.15.5
This uplift request is for Firefox 28, not Firefox 27.

[Approval Request Comment]
Bug caused by (feature/regressing bug #): bug 964493 and bug 950129.
User impact if declined: 1. Confusing certificate verification error messages due to bug 964493. Slow performance and potentially greater risk of DoS due to bug 964493.

Testing completed (on m-c, etc.): There are automated tests in bug 964493 that I will land along with this uplift. There are automated tests for bug 950129 in bug 923304. I already rebased the tests and ran them against Mozilla-Aurora. In addition, the related areas of certificate verification have quite a few automated tests. Also, Nightly has been using the patch in bug 950129 for multiple weeks.

Risk to taking this patch (and alternatives if risky): Very low risk. Bug 950129 is about making Firefox do less work, so it's actually safer to have it than to not have it. Bug 964493 is a one-line fix to fix a regression.

String or IDL/UUID changes made by this patch: None.

If this gets approved before the aurora -> beta uplift then we won't need to uplift it to Mozilla-Beta. My goal is to get this update into Firefox 28.

Note that Linux distributors would like this to happen ASAP so they can prepare their NSS 3.15.5 packages for Firefox to depend on.
Attachment #8369721 - Flags: review-
Attachment #8369721 - Flags: approval-mozilla-beta?
Attachment #8369721 - Flags: approval-mozilla-aurora?
Attachment #8369721 - Flags: review- → review+
Target Milestone: mozilla29 → mozilla30
Comment on attachment 8369721 [details] [diff] [review]
update-to-NSS-3-15-5.patch

Landed in central yesterday. Approving the uplift now!
Attachment #8369721 - Flags: approval-mozilla-beta?
Attachment #8369721 - Flags: approval-mozilla-beta+
Attachment #8369721 - Flags: approval-mozilla-aurora?
Attachment #8369721 - Flags: approval-mozilla-aurora+
Superceded by NSS 3.16 for Gecko 29 and Gecko 30. See bug 967153.
so we just need this nominated for beta uplift then?  3.15.5 for FF28 and then 3.16 for 29 onwards?
Flags: needinfo?(brian)
Lukas, this already landed in Firefox 28 beta. However, we need one more patch to NSS to change the version information in the shared libraries to say "RTM" instead of "beta." I'm working on that patch now. It should be ready to land on Monday. Then there should be no more NSS updates to Firefox 28.

For Firefox 29 and Firefox 30, we will use NSS 3.16. Next week we'll be working on finalizing NSS 3.16 so that we can stop updating NSS in Mozila-Aurora. Still working on two NSS patches to land next week though.
Flags: needinfo?(brian)
(In reply to Brian Smith (:briansmith, was :bsmith; NEEDINFO? for response) from comment #13)
> Lukas, this already landed in Firefox 28 beta. However, we need one more
> patch to NSS to change the version information in the shared libraries to
> say "RTM" instead of "beta." I'm working on that patch now. It should be
> ready to land on Monday. Then there should be no more NSS updates to Firefox
> 28.

Ah, I see that in comment 8 now, thanks.  Let's leave status-firefox 28 'affected' then until the other patch is ready.
https://hg.mozilla.org/releases/mozilla-beta/rev/fb3a5c001368
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Brian, does this need QA testing before Firefox 28 is released?
Flags: needinfo?(brian)
(In reply to Anthony Hughes, QA Mentor (:ashughes) from comment #17)
> Brian, does this need QA testing before Firefox 28 is released?

No. The changes in NSS 3.15.5 that we depend on are already tested with automated tests.
Flags: needinfo?(brian)
Whiteboard: [leave open] → [leave open][qa-]
You need to log in before you can comment on or make changes to this bug.