Closed
Bug 145836
Opened 22 years ago
Closed 22 years ago
NSS bug fixes for Mozilla
Categories
(SeaMonkey :: General, defect, P1)
SeaMonkey
General
Tracking
(Not tracked)
VERIFIED
FIXED
mozilla1.0.1
People
(Reporter: wtc, Assigned: wtc)
References
Details
(Keywords: topembed+)
We have several NSS bug fixes that missed the Mozilla 1.0 cut-off date but should be checked into Mozilla 1.0 branch as soon as possible. The bug fixes are listed below. Certificate Management - Bug 138626: Deleted certs delivered by PK11_ListCerts. Blocks PSM bug 129067. - Bug 142868: CA certificates are imported with NULL nicknames. - Bug 128586: Can't restore cert exported by IE. - Bug 133643: Unable to import P12 file. - Bug 135871: NSS 3.4 RC2 crashes when CERT_VerifyCertNow is called. - Bug 136279: NSS 3.4 RC2 cannot see CA certs on Builtin Object Token. - Bug 141936: Crash in NSS searching for certificates with zero length nicknames. - Bug 137645: Cached public certificate does not get its nickname updated after P12 import of matching user certificate. Leaks of NSS Object References - Bug 133584: SECMOD_DestroyModule fails during NSS_Shutdown. This blocks switching user profiles. See also: bug 135339, bug 135340, bug 135058, bug 135069, bug 135808, bug 135809, bug 135818, bug 135821, bug 135052. Smartcard - Bug 137172: have to explicitly log into smartcard to use its certs. - Bug 135429: redesign smart card cache. - Bug 135521: redesign token searching and object creation in Stan code. Robustness - Bug 140474: PK11_FindCertsFromNickname may cause an assertion failure in nssList_GetArray. - Bug 145128: a typo error in sec_pkcs5_rc4(), lib/softoken/lowpbe.c - Bug 133397: Bug in SECMOD_UpdateModule. - Bug 144309: STAN_GetCERTCertificate return value not checked. Performance - Bug 126087: Hot lock (PK11SymKey->refLock)
Assignee | ||
Updated•22 years ago
|
Status: NEW → ASSIGNED
QA Contact: imajes-qa → junruh
Target Milestone: --- → mozilla1.0.1
Comment 1•22 years ago
|
||
adding the nsbeta1+ and topembed keywords, and [adt2 RTM], as per conversations with the ADT team today.
Assignee | ||
Updated•22 years ago
|
Keywords: mozilla1.0.1
Priority: -- → P1
Assignee | ||
Comment 2•22 years ago
|
||
I missed one bug. Certificate Management - Bug 141355: Importing Certs which already exist in the database may cause acrash.
Assignee | ||
Comment 3•22 years ago
|
||
Kai produced two test builds for QA (John and Charles). The test builds are under /u/kaie: 20020522-linux-100-nss35.tar.gz 20020522-win32-100-nss35.zip The test builds consist of - 1.0.0 branch build - NSS_3_5_BRANCH - patches to PSM - bug 143532 - bug 129067 - bug 125561
Updated•22 years ago
|
Comment 4•22 years ago
|
||
Testing today and tomorrow. Should have results by the end of Friday, the 24th. Hopefully checkin can proceed on Monday or over the weekend.
Comment 5•22 years ago
|
||
Charles, John, can you report the results of testing the NSS3.5 branch build?
Comment 6•22 years ago
|
||
The test build underwent three days of testing on Mac, Win2k, and Linux7.3. All said, there are no regressions that are noteworthy, and the overall build is much more stable than before. Original status specific to this bug below: --------- Bugs Verified fixed in test build: 138626 128586 - Still get bogus error if wrong password entered ('unknown reasons'). But if correct passwords entered, .p12,.pfx files (with and without chains) are imported successfully. Which leads to a strange situation when importing a cert signed by verisign without the CA chain. The chain is not rebuilt even though it could be so the cert shows up as unverifiable and there is no way to edit the trust settings on the cert directly. 133643 - same as above, except once I did see an error message about corruption,incorrect passwords. From then on it was for unknown reasons whenever I tested a negative condition. 135871 - Slightly impaired from the CA side due to 137874 needing to move to branch, but users, other people, and servers (see doublecheck) all work without problems, so I would assume the CA import will work as well. 137645 - Import works. Delete has a caveat (correct behavior) After importing the user cert, the cert still remains in the 'other peoples' tab. Deleting the cert from either tab (dual key - encryption cert or dual use cert) removes it from the other. Kind of disconcerting when I removed the cert from 'other peoples' tab and found it missing from the user cert tab. perhaps the delete code should remove the peer attribute instead of yanking the cert? 133584 - I verified that the certificate/key databases indeed switch while quick launch is running and I swap between four different user profiles. 137172 - If not logged in, there is now a login prompt. Note I used a fresh load of the activcard module. 133397 - checked my code tree 145128 - checked my code tree 144309 - Xref'd LXR and spot checked files 141355 143532 - It disables, but it never reenables(?) until after client restart 129067 - deletes refresh. 125561 - related to 133584. Verified client auth, ssl, and s/mime all function while quick launch is running. 142868 Not Applicable to client: 136279 Not verified: 141936 - client code has error handling to avoid this. looked at the patches - look correct anyway. 135429 - Partially verified. 135521 126087
Comment 7•22 years ago
|
||
We now need to land this on the branch so that we can open the gate to migrate corresponding PSM fixes that have some dependencies on NSS3.5.
Comment 8•22 years ago
|
||
After one day of testing I have not found any regressions using kaie's test build on Win2000, Mac OSX or Linux.
Comment 9•22 years ago
|
||
Can you verify that all these bugs are fixed in the test build?
Comment 10•22 years ago
|
||
or rather, on the trunk?
Comment 11•22 years ago
|
||
Peter, because the trunk also changes often, we decided that we wanted to test our changes as good as possible. The best test of our intended changes is using a special test build, that uses the changes we are intending to land on the branch, in combination with what is currently on the branch. Because of that, we have done the extra work of producing such special test builds. By using that special builds instead of the trunk, we can be sure that our test results can not be influenced by other regressions that might or might have not occurred on the trunk.
Assignee | ||
Comment 12•22 years ago
|
||
Marked the bug fixed because all the bugs listed in this tracking bug have been fixed on the Mozilla trunk (NSS_CLIENT_TAG). Removed the target Mozilla version (1.0.1) from the bug's summary to avoid confusion.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Summary: NSS bug fixes for Mozilla 1.0.1 → NSS bug fixes for Mozilla
Comment 13•22 years ago
|
||
We actually already verified these on the trunk. We went through the additional QA on the test build to ensure that it did not regress the branch.
Assignee | ||
Updated•22 years ago
|
Assignee | ||
Updated•22 years ago
|
Comment 14•22 years ago
|
||
Removing nsbeta1+/[adt2 RTM] as this is a meta tracking bug.
Whiteboard: [adt2 RTM]
Assignee | ||
Comment 15•22 years ago
|
||
I made a mistake. Bug 128586 is already fixed in mozilla1.0.0. It should be removed from this list of bugs that need 1.0.1 approvals.
No longer depends on: 128586
Updated•22 years ago
|
Comment 17•22 years ago
|
||
please land in the mozilla1.0.1 branch. once there, remove the "mozilla1.0.1+" keyword and add the "fixed1.0.1" keyword.
Keywords: mozilla1.0.1 → mozilla1.0.1+
Assignee | ||
Comment 18•22 years ago
|
||
I checked in these NSS bug fixes on the MOZILLA_1_0_BRANCH today.
Keywords: mozilla1.0.1+ → fixed1.0.1
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•