MOZILLA_1_8_BRANCH is using NSS 3.10 now. We want to land
NSS 3.10.2 Beta 1 on MOZILLA_1_8_BRANCH with the goal of
landing NSS 3.10.2 final in Firefox and Thunderbird 1.5 final.
We missed the Firefox and Thunderbird 1.8 Beta 2 deadline.
It seems that the next milestone will be Release Candidate 1.
Created attachment 198729 [details] [diff] [review]
This patch upgrades the NSS on MOZILLA_1_8_BRANCH
from NSS 3.10 final to NSS 3.10.2 Beta 1. Our goal
is for Firefox/Thunderbird 1.5 final to use NSS 3.10.2
All the changes in this patch have received two code
reviews by NSS developers and the bugs they fixed
were all reported by NSS customers as crashes or major
loss of functionality. (The exceptions are two minor
build system enhancements.)
The risk of this patch is low.
This patch has been tested on the Mozilla trunk since
Sept. 15 with no report of regressions. The bulk of
the patch is the addition of two new functions. They
were written in a way to not touch any existing function.
I am requesting 1.8b5 approval. If it is too late for
1.8b5 (I wasn't paying attention to the Firefox 1.5
end game, sorry), please consider it for 1.8rc1. Thank
In order to have this patch considered for 1.8b5/1.8rc1, you need to request
blocking1.8b5 and blocking1.8rc1. Just set each of those flags to '?' so it
shows up on some people's boards. Doing that should speed up the process.
1.8b5 is done, this needs to be considered for rc1. leaving that nomination flag
alone, minusing for 1.8b5.
Comment on attachment 198729 [details] [diff] [review]
moving request to 1.8rc1 since 1.8b5 has shipped.
Wan-teh, what's new in 3.10.2 that would impact Firefox and Thunderbird users?
We're not going to have any more releases to test this. RC1 could be our final
release so there won't be an opportunity to get any release feedback and to
update to 3.10.2 final.
Created attachment 199104 [details] [diff] [review]
Proposed patch v2
Skip NSS 3.10.2 Beta 1 and upgrade to NSS 3.10.2 final.
We will release NSS 3.10.2 final this week.
I will list the bug fixes that are of interest to Firefox
and Thunderbird users in the next comment.
Asa: some of the bug fixes in NSS 3.10.2 are of interest
to Firefox and Thunderbird users who use smartcards or
who use PKI a lot. Some bug fixes do not affect Firefox
and Thunderbird users, but they are coded in a way to make
it obvious that their risk to Firefox/Thunderbird is zero.
The bug fixes that affect Firefox and Thunderbird users
1. Bug 296410: fixed a crash when verifying RSA-with-SHA-512
signatures. Signatures using SHA-256 and SHA-512 are
increasingly useful because researchers have announced
faster ways to produce collisions for SHA-1.
2. Bug 301554: a smartcard fix. Do not let an unrecognized
smartcard disrupt the operation of other smartcards under
3. Bug 274984: enable the root user on Solaris 10 to run an
4. Bug 119500: support security tokens that have its own
input pad for entering passwords securely.
5. Bug 308727: fixed a crash for some smartcards. This crash
is a regression introduced in NSS 3.10.
6. Bug 303494: fixed a crash for CRL users.
7. Bug 295754: fixed a crash for smartcards that contain a
cert with an unsupported critical extension.
8. Bug 298538: fixed signature verification in S/MIME messages
with only signing certs.
9. Bug 244922: fixed a CRMF message (used for cert enrollment)
encoding bug. This is a regression introduced in NSS 3.10.
Please let me know if you have any questions. Thanks.
Comment on attachment 199104 [details] [diff] [review]
Proposed patch v2
Thanks for the additional information, wtc. Please land this as soon as
I landed the patch on the MOZILLA_1_8_BRANCH, with
the NSS version string set to "3.10.2 Beta 2". I will
change the NSS version string to "3.10.2" when NSS
3.10.2 final is released later this week. But for
practical purposes this bug is fixed.