Persona is no longer an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 311402 - Land NSS 3.10.2 Beta 1 on MOZILLA_1_8_BRANCH
: Land NSS 3.10.2 Beta 1 on MOZILLA_1_8_BRANCH
: fixed1.8
Product: Core
Classification: Components
Component: Security: PSM (show other bugs)
: Trunk
: All All
: -- normal (vote)
: mozilla1.8rc1
Assigned To: Wan-Teh Chang
: David Keeler [:keeler] (use needinfo?)
Depends on:
  Show dependency treegraph
Reported: 2005-10-06 13:52 PDT by Wan-Teh Chang
Modified: 2006-03-12 18:58 PST (History)
2 users (show)
mscott: blocking1.8b5-
mscott: blocking1.8rc1+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Proposed patch (58.40 KB, patch)
2005-10-06 14:18 PDT, Wan-Teh Chang
no flags Details | Diff | Splinter Review
Proposed patch v2 (78.62 KB, patch)
2005-10-10 14:59 PDT, Wan-Teh Chang
asa: approval1.8rc1+
Details | Diff | Splinter Review

Description Wan-Teh Chang 2005-10-06 13:52:13 PDT
MOZILLA_1_8_BRANCH is using NSS 3.10 now.  We want to land
NSS 3.10.2 Beta 1 on MOZILLA_1_8_BRANCH with the goal of
landing NSS 3.10.2 final in Firefox and Thunderbird 1.5 final.

We missed the Firefox and Thunderbird 1.8 Beta 2 deadline.
It seems that the next milestone will be Release Candidate 1.
Comment 1 Wan-Teh Chang 2005-10-06 14:18:37 PDT
Created attachment 198729 [details] [diff] [review]
Proposed patch

This patch upgrades the NSS on MOZILLA_1_8_BRANCH
from NSS 3.10 final to NSS 3.10.2 Beta 1.  Our goal
is for Firefox/Thunderbird 1.5 final to use NSS 3.10.2

All the changes in this patch have received two code
reviews by NSS developers and the bugs they fixed
were all reported by NSS customers as crashes or major
loss of functionality.	(The exceptions are two minor
build system enhancements.)

The risk of this patch is low.
This patch has been tested on the Mozilla trunk since
Sept. 15 with no report of regressions.  The bulk of
the patch is the addition of two new functions.  They
were written in a way to not touch any existing function.

I am requesting 1.8b5 approval.  If it is too late for
1.8b5 (I wasn't paying attention to the Firefox 1.5
end game, sorry), please consider it for 1.8rc1.  Thank
Comment 2 Reed Loden [:reed] (use needinfo?) 2005-10-06 14:44:10 PDT
In order to have this patch considered for 1.8b5/1.8rc1, you need to request
blocking1.8b5 and blocking1.8rc1. Just set each of those flags to '?' so it
shows up on some people's boards. Doing that should speed up the process.
Comment 3 Scott MacGregor 2005-10-06 16:32:10 PDT
1.8b5 is done, this needs to be considered for rc1. leaving that nomination flag
alone, minusing for 1.8b5.
Comment 4 Asa Dotzler [:asa] 2005-10-06 22:00:36 PDT
Comment on attachment 198729 [details] [diff] [review]
Proposed patch

moving request to 1.8rc1 since 1.8b5 has shipped.
Comment 5 Asa Dotzler [:asa] 2005-10-10 14:36:47 PDT
Wan-teh, what's new in 3.10.2 that would impact Firefox and Thunderbird users?
We're not going to have any more releases to test this. RC1 could be our final
release so there won't be an opportunity to get any release feedback and to
update to 3.10.2 final. 
Comment 6 Wan-Teh Chang 2005-10-10 14:59:30 PDT
Created attachment 199104 [details] [diff] [review]
Proposed patch v2

Skip NSS 3.10.2 Beta 1 and upgrade to NSS 3.10.2 final.
We will release NSS 3.10.2 final this week.

I will list the bug fixes that are of interest to Firefox
and Thunderbird users in the next comment.
Comment 7 Wan-Teh Chang 2005-10-10 15:25:43 PDT
Asa: some of the bug fixes in NSS 3.10.2 are of interest
to Firefox and Thunderbird users who use smartcards or
who use PKI a lot.  Some bug fixes do not affect Firefox
and Thunderbird users, but they are coded in a way to make
it obvious that their risk to Firefox/Thunderbird is zero.

The bug fixes that affect Firefox and Thunderbird users
1. Bug 296410: fixed a crash when verifying RSA-with-SHA-512
   signatures.  Signatures using SHA-256 and SHA-512 are
   increasingly useful because researchers have announced
   faster ways to produce collisions for SHA-1.
2. Bug 301554: a smartcard fix.  Do not let an unrecognized
   smartcard disrupt the operation of other smartcards under
3. Bug 274984: enable the root user on Solaris 10 to run an
   NSS-based application.
4. Bug 119500: support security tokens that have its own
   input pad for entering passwords securely.
5. Bug 308727: fixed a crash for some smartcards.  This crash
   is a regression introduced in NSS 3.10.
6. Bug 303494: fixed a crash for CRL users.
7. Bug 295754: fixed a crash for smartcards that contain a
   cert with an unsupported critical extension.
8. Bug 298538: fixed signature verification in S/MIME messages
   with only signing certs.
9. Bug 244922: fixed a CRMF message (used for cert enrollment)
   encoding bug.  This is a regression introduced in NSS 3.10.

Please let me know if you have any questions.  Thanks.
Comment 8 Asa Dotzler [:asa] 2005-10-10 15:47:14 PDT
Comment on attachment 199104 [details] [diff] [review]
Proposed patch v2

Thanks for the additional information, wtc. Please land this as soon as
Comment 9 Wan-Teh Chang 2005-10-10 16:35:36 PDT
I landed the patch on the MOZILLA_1_8_BRANCH, with
the NSS version string set to "3.10.2 Beta 2".  I will
change the NSS version string to "3.10.2" when NSS
3.10.2 final is released later this week.  But for
practical purposes this bug is fixed.

Note You need to log in before you can comment on or make changes to this bug.