Land NSS 3.10.2 Beta 1 on MOZILLA_1_8_BRANCH

RESOLVED FIXED in mozilla1.8rc1



Security: PSM
12 years ago
12 years ago


(Reporter: Wan-Teh Chang, Assigned: Wan-Teh Chang)



Bug Flags:
blocking1.8b5 -
blocking1.8rc1 +

Firefox Tracking Flags

(Not tracked)



(1 attachment, 1 obsolete attachment)



12 years ago
MOZILLA_1_8_BRANCH is using NSS 3.10 now.  We want to land
NSS 3.10.2 Beta 1 on MOZILLA_1_8_BRANCH with the goal of
landing NSS 3.10.2 final in Firefox and Thunderbird 1.5 final.

We missed the Firefox and Thunderbird 1.8 Beta 2 deadline.
It seems that the next milestone will be Release Candidate 1.

Comment 1

12 years ago
Created attachment 198729 [details] [diff] [review]
Proposed patch

This patch upgrades the NSS on MOZILLA_1_8_BRANCH
from NSS 3.10 final to NSS 3.10.2 Beta 1.  Our goal
is for Firefox/Thunderbird 1.5 final to use NSS 3.10.2

All the changes in this patch have received two code
reviews by NSS developers and the bugs they fixed
were all reported by NSS customers as crashes or major
loss of functionality.	(The exceptions are two minor
build system enhancements.)

The risk of this patch is low.
This patch has been tested on the Mozilla trunk since
Sept. 15 with no report of regressions.  The bulk of
the patch is the addition of two new functions.  They
were written in a way to not touch any existing function.

I am requesting 1.8b5 approval.  If it is too late for
1.8b5 (I wasn't paying attention to the Firefox 1.5
end game, sorry), please consider it for 1.8rc1.  Thank
Attachment #198729 - Flags: approval1.8rc1?
Attachment #198729 - Flags: approval1.8b5?
In order to have this patch considered for 1.8b5/1.8rc1, you need to request
blocking1.8b5 and blocking1.8rc1. Just set each of those flags to '?' so it
shows up on some people's boards. Doing that should speed up the process.


12 years ago
Flags: blocking1.8rc1?
Flags: blocking1.8b5?

Comment 3

12 years ago
1.8b5 is done, this needs to be considered for rc1. leaving that nomination flag
alone, minusing for 1.8b5.
Flags: blocking1.8b5? → blocking1.8b5-

Comment 4

12 years ago
Comment on attachment 198729 [details] [diff] [review]
Proposed patch

moving request to 1.8rc1 since 1.8b5 has shipped.
Attachment #198729 - Flags: approval1.8b5?

Comment 5

12 years ago
Wan-teh, what's new in 3.10.2 that would impact Firefox and Thunderbird users?
We're not going to have any more releases to test this. RC1 could be our final
release so there won't be an opportunity to get any release feedback and to
update to 3.10.2 final. 

Comment 6

12 years ago
Created attachment 199104 [details] [diff] [review]
Proposed patch v2

Skip NSS 3.10.2 Beta 1 and upgrade to NSS 3.10.2 final.
We will release NSS 3.10.2 final this week.

I will list the bug fixes that are of interest to Firefox
and Thunderbird users in the next comment.
Attachment #198729 - Attachment is obsolete: true
Attachment #199104 - Flags: approval1.8rc1?


12 years ago
Attachment #198729 - Flags: approval1.8rc1?

Comment 7

12 years ago
Asa: some of the bug fixes in NSS 3.10.2 are of interest
to Firefox and Thunderbird users who use smartcards or
who use PKI a lot.  Some bug fixes do not affect Firefox
and Thunderbird users, but they are coded in a way to make
it obvious that their risk to Firefox/Thunderbird is zero.

The bug fixes that affect Firefox and Thunderbird users
1. Bug 296410: fixed a crash when verifying RSA-with-SHA-512
   signatures.  Signatures using SHA-256 and SHA-512 are
   increasingly useful because researchers have announced
   faster ways to produce collisions for SHA-1.
2. Bug 301554: a smartcard fix.  Do not let an unrecognized
   smartcard disrupt the operation of other smartcards under
3. Bug 274984: enable the root user on Solaris 10 to run an
   NSS-based application.
4. Bug 119500: support security tokens that have its own
   input pad for entering passwords securely.
5. Bug 308727: fixed a crash for some smartcards.  This crash
   is a regression introduced in NSS 3.10.
6. Bug 303494: fixed a crash for CRL users.
7. Bug 295754: fixed a crash for smartcards that contain a
   cert with an unsupported critical extension.
8. Bug 298538: fixed signature verification in S/MIME messages
   with only signing certs.
9. Bug 244922: fixed a CRMF message (used for cert enrollment)
   encoding bug.  This is a regression introduced in NSS 3.10.

Please let me know if you have any questions.  Thanks.

Comment 8

12 years ago
Comment on attachment 199104 [details] [diff] [review]
Proposed patch v2

Thanks for the additional information, wtc. Please land this as soon as
Attachment #199104 - Flags: approval1.8rc1? → approval1.8rc1+


12 years ago
Flags: blocking1.8rc1? → blocking1.8rc1+

Comment 9

12 years ago
I landed the patch on the MOZILLA_1_8_BRANCH, with
the NSS version string set to "3.10.2 Beta 2".  I will
change the NSS version string to "3.10.2" when NSS
3.10.2 final is released later this week.  But for
practical purposes this bug is fixed.
Last Resolved: 12 years ago
Keywords: fixed1.8
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.8rc1
You need to log in before you can comment on or make changes to this bug.