Closed Bug 1549010 Opened 1 year ago Closed 1 year ago

prepare patches to verify add-ons at a specific time and ensure that signatures are re-verified

Categories

(Core :: Security: PSM, defect, P1)

defect

Tracking

()

RESOLVED FIXED
Tracking Status
firefox-esr60 --- fixed
firefox66 --- fixed
firefox67 --- fixed
firefox68 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

Details

(Whiteboard: [psm-assigned])

Attachments

(3 files, 1 obsolete file)

No description provided.
Summary: prepare a patch to verify add-ons at a specific time → prepare patches to verify add-ons at a specific time and ensure that signatures are re-verified

Users who are affected by the intermediate add-on signing certificate expiry
need their add-on signatures re-verified as soon as possible after updating to
a version containging the fix. A database rebuild includes signature
reverifications, so a schema version achieves this.

Users who are affected by the intermediate add-on signing certificate expiry
need their add-on signatures re-verified as soon as possible after updating to
a version containging the fix. A database rebuild includes signature
reverifications, so a schema version achieves this.

Users who are affected by the intermediate add-on signing certificate expiry
need their add-on signatures re-verified as soon as possible after updating to
a version containging the fix. A database rebuild includes signature
reverifications, so a schema version achieves this.

Schema bump patches are, in order of submission, for nightly/beta, release, and esr60 respectively.

Pushed by maglione.k@gmail.com:
https://hg.mozilla.org/mozilla-central/rev/fa013d593d02
verify add-on signing certificates at 2019-04-27T02:43:20.000Z r=jcj a=lizzard
https://hg.mozilla.org/mozilla-central/rev/e9bfe907b847
Part 2 - Bump DB schema version to force certificate reverification. r=zombie a=lizzard CLOSED TREE
Depends on: 1549022
Backout by emilio@crisal.io:
https://hg.mozilla.org/mozilla-central/rev/9419be649eff
Back out changeset fa013d593d02e29d9062900f89a14fd40a9ba687 . a=sylvestre
Attachment #9062674 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.