Closed
Bug 1388155
Opened 7 years ago
Closed 7 years ago
Make sure HPKP preload expiration date is accurate for 56
Categories
(Core :: Security: PSM, defect, P2)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox56 | blocking | fixed |
firefox57 | --- | unaffected |
People
(Reporter: RyanVM, Assigned: jcristau)
References
Details
(Whiteboard: [psm-blocked] )
Attachments
(1 file)
2.24 KB,
patch
|
keeler
:
review+
lizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
[Tracking Requested - why for this release]: +++ This bug was initially created as a clone of Bug #1365791 +++ Confirm and patch security/manager/ssl/StaticHPKPins.h and security/manager/ssl/nsSTSPreloadList.inc in 56 to have sufficient lifetime on the preloaded HPKP and STS pins. Right now, they're set to expire on or around 2017-10-30, which isn't going to be long enough given that Fx57 is due for release on 2017-11-14 (and that's when we've got Fx55 set to expire). As we found out the hard way during the last cycle, we *do* need to wait a bit before landing the bump, however, since there are sanity check tests that'll fail if the expiration date is too far in the future.
Assignee | ||
Updated•7 years ago
|
Version: 55 Branch → 56 Branch
Reporter | ||
Comment 1•7 years ago
|
||
We can probably move forward with this now.
Flags: needinfo?(dkeeler)
Assignee | ||
Comment 2•7 years ago
|
||
Comment on attachment 8904193 [details] [diff] [review] hpkp-56.patch Review of attachment 8904193 [details] [diff] [review]: ----------------------------------------------------------------- Great - thanks! (note that comment 0 is a bit misleading since it's from the "do this for 55" bug - if https://wiki.mozilla.org/RapidRelease/Calendar is correct, we want the date to be ~16 January 2018, which is what this patch does)
Attachment #8904193 -
Flags: review?(dkeeler) → review+
Flags: needinfo?(dkeeler)
Assignee | ||
Updated•7 years ago
|
Whiteboard: [psm-blocked] → [psm-blocked] [checkin-needed-beta]
Assignee | ||
Comment 4•7 years ago
|
||
Comment on attachment 8904193 [details] [diff] [review] hpkp-56.patch Approval Request Comment [Feature/Bug causing the regression]: n/a [User impact if declined]: builtin https pins will expire on October 30, while 56 is still the current release [Is this code covered by automated tests?]: no [Has the fix been verified in Nightly?]: n/a [Needs manual test from QE? If yes, steps to reproduce]: n/a [List of other uplifts needed for the feature/fix]: none [Is the change risky?]: no [Why is the change risky/not risky?]: just bumping two expiration dates from October 30, 2017 to January 16, 2018 [String changes made/needed]: none
Attachment #8904193 -
Flags: approval-mozilla-beta?
Assignee | ||
Comment 5•7 years ago
|
||
Cutting it fine with the 19 weeks, though. $ date -d 'now + 19 weeks' Tue Jan 16 17:29:44 CET 2018
Assignee | ||
Updated•7 years ago
|
Whiteboard: [psm-blocked] [checkin-needed-beta] → [psm-blocked]
Comment 6•7 years ago
|
||
Comment on attachment 8904193 [details] [diff] [review] hpkp-56.patch Re-set for HPKP expiration for 56, please uplift to beta.
Attachment #8904193 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Reporter | ||
Comment 7•7 years ago
|
||
uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/4a3debc85f08
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•