MOZILLA_1_8_BRANCH is using NSS 3.10 now. We want to land NSS 3.10.2 Beta 1 on MOZILLA_1_8_BRANCH with the goal of landing NSS 3.10.2 final in Firefox and Thunderbird 1.5 final. We missed the Firefox and Thunderbird 1.8 Beta 2 deadline. It seems that the next milestone will be Release Candidate 1.
Created attachment 198729 [details] [diff] [review] Proposed patch This patch upgrades the NSS on MOZILLA_1_8_BRANCH from NSS 3.10 final to NSS 3.10.2 Beta 1. Our goal is for Firefox/Thunderbird 1.5 final to use NSS 3.10.2 final. All the changes in this patch have received two code reviews by NSS developers and the bugs they fixed were all reported by NSS customers as crashes or major loss of functionality. (The exceptions are two minor build system enhancements.) The risk of this patch is low. This patch has been tested on the Mozilla trunk since Sept. 15 with no report of regressions. The bulk of the patch is the addition of two new functions. They were written in a way to not touch any existing function. I am requesting 1.8b5 approval. If it is too late for 1.8b5 (I wasn't paying attention to the Firefox 1.5 end game, sorry), please consider it for 1.8rc1. Thank you.
In order to have this patch considered for 1.8b5/1.8rc1, you need to request blocking1.8b5 and blocking1.8rc1. Just set each of those flags to '?' so it shows up on some people's boards. Doing that should speed up the process.
1.8b5 is done, this needs to be considered for rc1. leaving that nomination flag alone, minusing for 1.8b5.
Comment on attachment 198729 [details] [diff] [review] Proposed patch moving request to 1.8rc1 since 1.8b5 has shipped.
Wan-teh, what's new in 3.10.2 that would impact Firefox and Thunderbird users? We're not going to have any more releases to test this. RC1 could be our final release so there won't be an opportunity to get any release feedback and to update to 3.10.2 final.
Created attachment 199104 [details] [diff] [review] Proposed patch v2 Skip NSS 3.10.2 Beta 1 and upgrade to NSS 3.10.2 final. We will release NSS 3.10.2 final this week. I will list the bug fixes that are of interest to Firefox and Thunderbird users in the next comment.
Asa: some of the bug fixes in NSS 3.10.2 are of interest to Firefox and Thunderbird users who use smartcards or who use PKI a lot. Some bug fixes do not affect Firefox and Thunderbird users, but they are coded in a way to make it obvious that their risk to Firefox/Thunderbird is zero. The bug fixes that affect Firefox and Thunderbird users are: 1. Bug 296410: fixed a crash when verifying RSA-with-SHA-512 signatures. Signatures using SHA-256 and SHA-512 are increasingly useful because researchers have announced faster ways to produce collisions for SHA-1. 2. Bug 301554: a smartcard fix. Do not let an unrecognized smartcard disrupt the operation of other smartcards under NSS. 3. Bug 274984: enable the root user on Solaris 10 to run an NSS-based application. 4. Bug 119500: support security tokens that have its own input pad for entering passwords securely. 5. Bug 308727: fixed a crash for some smartcards. This crash is a regression introduced in NSS 3.10. 6. Bug 303494: fixed a crash for CRL users. 7. Bug 295754: fixed a crash for smartcards that contain a cert with an unsupported critical extension. 8. Bug 298538: fixed signature verification in S/MIME messages with only signing certs. 9. Bug 244922: fixed a CRMF message (used for cert enrollment) encoding bug. This is a regression introduced in NSS 3.10. Please let me know if you have any questions. Thanks.
Comment on attachment 199104 [details] [diff] [review] Proposed patch v2 Thanks for the additional information, wtc. Please land this as soon as possible.
I landed the patch on the MOZILLA_1_8_BRANCH, with the NSS version string set to "3.10.2 Beta 2". I will change the NSS version string to "3.10.2" when NSS 3.10.2 final is released later this week. But for practical purposes this bug is fixed.