We are going to release an intermediate NSS version 3.15.3 that cherry picks a few patches, and stable Mozilla branches should get it.

What's the plan for b2g18?

Reason for this earlier release is: The false start and the OCSP GET feature work might need more time to stabilize, but we'd like to get out a few useful patches earlier.

I propose to land NSS_3_15_3_BETA3 into mozilla-aurora for testing. (This is waiting for approval to temporarily cleanup in bug 930811, in order to remove local patches.) All patches contained in that snapshot are currently being tested on mozilla-central as part of NSS_3_15_4_BETA1. Brian, can you please give your agreement to this proposal? (This patch was produced by applying the patch from bug 930811 and on top executing: python client.py update_nss NSS_3_15_3_BETA3.)

Comment on attachment 828646 [details] [diff] [review] land 3.15.3 beta3 into aurora Review of attachment 828646 [details] [diff] [review]: ----------------------------------------------------------------- Please don't land this on m-c, but m-a, etc. are OK.

(In reply to Brian Smith from comment #4) > Please don't land this on m-c, but m-a, etc. are OK. Yes, that's the intention, no m-c

Kai: half the patch for bug 925100 actually moved into bug 927687. You'd have to ask Wan Teh why, possibly because it was not necessary for the specific security bug but it still looks relevant.

(In reply to Daniel Veditz [:dveditz] from comment #6) > half the patch for bug 925100 actually moved into bug 927687. You'd > have to ask Wan Teh why Because that other code was NSPR code.

(In reply to Daniel Veditz [:dveditz] from comment #6) > half the patch for bug 925100 actually moved into bug 927687. Thanks for making me aware!

Comment on attachment 828646 [details] [diff] [review] land 3.15.3 beta3 into aurora Approving for Aurora based on email exchanges.

pushed the beta https://hg.mozilla.org/releases/mozilla-aurora/rev/f142a6919b5c

(In reply to Daniel Veditz [:dveditz] from comment #6) > Kai: half the patch for bug 925100 actually moved into bug 927687. Wan-Teh said this patch is optional. Removing the dependency, because it's NSPR. However, if you'd like to pick up the NSPR patch, please refer to bug 935568.

things look good, I'll have the patch for other branches ready soon (need to run some errants...)

We need to investigate if bug 936808 is related to landing this NSS update. So far it's a one time crash.

I've checked in an update to set the NSS version to NSS 3.15.3 RTM. https://hg.mozilla.org/releases/mozilla-aurora/rev/7c876e9d50cb I had created the release tag prior to learning about bug 936808. I'm not convinced that bug is caused by this upgrade, it looks like a one time erratic failure. Should it turn out that really another fix is required, we can handle that in a followup.

see bug 936951 for ESR17

Shouldn't status-firefox28 be unaffected?

(In reply to Ryan VanderMeulen [:RyanVM UTC-5] from comment #19) > Shouldn't status-firefox28 be unaffected? firefox28 received the fixes using a more recent dev version, 3.15.4 beta

Exactly my point. It seems that "affected" doesn't really fit very well for this bug. I could see any of unaffected, wontfix, or fixed depending on your perspective.

(In reply to Ryan VanderMeulen [:RyanVM UTC-5] from comment #21) > Exactly my point. It seems that "affected" doesn't really fit very well for > this bug. I could see any of unaffected, wontfix, or fixed depending on your > perspective. Talked it over with kaie. Will just go with fixed for fx28 since m-c already has the superseding fix on it.

https://hg.mozilla.org/releases/mozilla-release/rev/04f49c396140 https://hg.mozilla.org/releases/mozilla-esr24/rev/b37bc757a232

Also pushed to GECKO2410esr_2013102201_RELBRANCH. https://hg.mozilla.org/releases/mozilla-esr24/rev/0bbc7cd87aed

Flagging this for verification but please be advised that QA is just going to be doing some smoketesting of top-sites which utilize SSL. If there's something specific we need to test then please let us know.

Testing performed on Firefox 26 beta 4: https://etherpad.mozilla.org/firefox26b4-exploratory. No regressions were found with the tested sites.

I'm calling this verified for Firefox 25 as well based on the testing here: https://wiki.mozilla.org/Releases/Firefox_25/Test_Plan#Regression_Testing_12

Verified as fixed with latest Aurora 28.0a2 (build ID: 20131213004002) on: Win 8 64-bit, Ubuntu 12.04 32-bit and Mac OS X 10.8.5 by doing some exploratory testing on the following sites: https://play.google.com/ https://gmail.com https://news.google.com/ https://marketplace.firefox.com/ https://twitter.com/ https://drive.google.com https://mail.yahoo.com/ https://quality.mozilla.org/ http://www.amazon.com/ http://www.ebay.com/ https://login.live.com/ https://plus.google.com/ https://duckduckgo.com/ https://www.youtube.com/ https://www.facebook.com/

Verified as fixed with Firefox 27 beta 2, based on the exploratory testing mentioned here: https://etherpad.mozilla.org/Fx27b2-TLS-SSL