nss 3.12.3 SRU - testing needed - Alexander Sack (asac)'s software site

Friday, July 31. 2009

Posted by asac (Alexander Sack) in Ubuntu Mozillateam at 15:48 | Comments (4) | Trackbacks (0)

nss 3.12.3 SRU - testing needed

In order to not loose upstream support for nss/nspr, we are working on upgrading nss to the latest upstream release in hardy, intrepid and jaunty. The plan is to first get some pre-testing in a PPA and if that works well, go through -proposed to -updates and -security.

Although nss and nspr follow really strict ABI rules – otherwise we wouldn’t consider to do this – this kind of update needs extra care and testing; even more so, because this has special implications on distribution upgrades. For example, the version in hardy-security will be higher than the version in intrepid-release, which can lead to tricky situations.

To document the progress of our efforts, we set up a wiki page. It also gives information how to test the special implications mentioned above.

OK, so here the instructions on what needs to be done:

Prerequisites:

Hardy, intrepid and jaunty users need to upgrade nss and nspr to the latest versions in the nss3.12.3 ppa. Just enable the PPA and update your system to do that.

Testing:

Use firefox and friends and report any regression you find (comment or IRC).
There are also other applications you use that might be affected and you would want to test; to spot those, please check the output of “apt-cache rdepends libnss3-1d libnspr4-0d”. Please test those thoroughly as well.
Besides from upgrading real installs to latest nss/nspr from the ppa, we also need to do two extra tests with intrepid and jaunty installs – pure installs, that don’t have any security/stability updates yet. See the wiki pages “special testing” section for background on this. As usual, all tests can also be done in VMs; for most a chroot would be fine as well.

Let me know about your test results – either comment here or drop me a message in #ubuntu-mozillateam on irc.ubuntu.com.

Edit: doing this has some risks; so if you rely on a rock solid ubuntu experience, don’t do this.

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

What is nss?

#1 Vadim P. on 2009-07-31 18:20 (Reply)

apt-cache show libnss3-1d
-> Description: Network Security Service libraries

... so its the security lib used by mozilla and more software (e.g. ssl, certificates, etc.)

#1.1 asac on 2009-07-31 21:08 (Reply)

FWIW, I installed the new version on Friday and have been subjecting it to my usual workload (firefox, rhythmbox, totem-xine.) No problems except one crash on exit with firefox, which may or may not be related:

http://www.datafilehost.com/download-c99d36c3.html

(Let me know if you want the core file – it’s too big to upload to datafilehost.com.)

I haven’t gone out of my way to test the security stuff, but obviously I hit plenty of SSL sites during normal usage, and everything has seemed fine.

#2 Steve D on 2009-08-04 21:52 (Reply)

thanks so much for your testing and feedback; nss and nspr are now published everywhere.

#2.1 asac on 2009-08-05 11:00 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above: BBCode format allowed Enclosing asterisks marks text as bold (word), underscore are made via _word_. Textile-formatting allowed Standard emoticons like :-) and ;-) are converted to images.
	Remember Information? Subscribe to this entry