Closed Bug 1419760 Opened 2 years ago Closed 2 years ago

Pick up root CA changes for Firefox 58, released as NSS 3.34.1

Categories

(Core :: Security: PSM, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla59
Tracking Status
thunderbird_esr52 --- unaffected
firefox-esr52 --- unaffected
firefox57 --- unaffected
firefox58 + fixed
firefox59 --- fixed

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

Because of bug 1418678 we should update Firefox 58 (beta) to pick up the required change to the root CA list.

In order to minimize the number of separate CA list releases, we may combine that with the removal of obsolete/expired blacklist entries (bug 1409872).
See Also: → 1409872
Attached patch 1419760-v1.patchSplinter Review
Approval Request Comment

[Feature/Bug causing the regression]: bug 1400030

[User impact if declined]: Linux users have trouble with untrusted certificates

[Is this code covered by automated tests?]: n/a - not a code change

[Has the fix been verified in Nightly?]: n/a - not a code change

[Needs manual test from QE? If yes, steps to reproduce]: no

[List of other uplifts needed for the feature/fix]: none

[Is the change risky?]: no

[Why is the change risky/not risky?]: no code change, only trust flags

[String changes made/needed]: none
Attachment #8931455 - Flags: approval-mozilla-beta?
FYI, we haven't yet fixed mozilla-central, because we only take new snapshots of NSS, not individual fixes for m-c. And we need a bit more time before the latest NSS trunk snapshot builds with m-c. However, the changes have already landed into NSS trunk, and the NSS tests aren't showing any issues. m-c will get these fixes automatically with the next NSS uplift to m-c.

It's safe to uplift the attached patch to beta early, as there are no code changes.
Priority: -- → P1
Whiteboard: [psm-assigned]
Hello Julien, do you think this can get approved?
Flags: needinfo?(jcristau)
Comment on attachment 8931455 [details] [diff] [review]
1419760-v1.patch

Yes, let's get this in the next build.
Flags: needinfo?(jcristau)
Attachment #8931455 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Thanks for the approval, landed as
https://hg.mozilla.org/releases/mozilla-beta/rev/e3bb5759d9e4182c7566e3eef67477b7e830427b

BTW, in the meantime, m-c had received the change with an NSS trunk snapshot, too.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
You need to log in before you can comment on or make changes to this bug.