Last Comment Bug 451305 - (ev303) Enable additional EV roots for FF 3.0.4
(ev303)
: Enable additional EV roots for FF 3.0.4
Status: RESOLVED FIXED
: fixed1.9.0.4
Product: Core
Classification: Components
Component: Security: PSM (show other bugs)
: 1.9.0 Branch
: All All
: -- normal (vote)
: ---
Assigned To: Kai Engert (:kaie)
:
Mentors:
Depends on: 450429
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-19 19:01 PDT by Kai Engert (:kaie)
Modified: 2008-10-23 12:40 PDT (History)
5 users (show)
samuel.sidler+old: wanted1.9.0.x+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Patch, part 1 (103 bytes, patch)
2008-10-20 21:16 PDT, Kai Engert (:kaie)
wtc: superreview+
Details | Diff | Review
Patch, Update Mozilla 1.9.0 to NSS_3_12_1_WITH_CKBI_1_72_RTM (588 bytes, patch)
2008-10-22 15:46 PDT, Kai Engert (:kaie)
samuel.sidler+old: approval1.9.0.4+
Details | Diff | Review

Description Kai Engert (:kaie) 2008-08-19 19:01:51 PDT
There are some EV roots queued up that should get enabled in the next round of updates.
Comment 1 Kai Engert (:kaie) 2008-10-20 21:16:43 PDT
Created attachment 344023 [details] [diff] [review]
Patch, part 1

In order to fix this bug, two steps are necessary.

First, we must deliver a new snapshot of NSS into Mozilla 1.9.0, a snapshot which includes the new root from bug 450427 (only a single new root for this round).

After talking to Samuel, we had agreed to use the minimal approach, do not add new NSS code at this point of time, but only the new root(s).

I've complied with this plan, and we produced a new NSS snapshot accordingly.

Please approve the attached file.
The NSS import action described is equivalent to accepting the patch from bug 450427.

Thanks.


Once done, the second part will be the Mozilla application code level patch from bug 450429, review pending.
Comment 2 Kai Engert (:kaie) 2008-10-20 21:17:20 PDT
Comment on attachment 344023 [details] [diff] [review]
Patch, part 1

Samuel, this is what we had agreed to do, IIUC.
Comment 3 Kai Engert (:kaie) 2008-10-21 19:42:06 PDT
Comment on attachment 344023 [details] [diff] [review]
Patch, part 1

Nelson or Wan-Teh, can you please r+ delivering this updated tag to Mozilla (for Firefox 3.0.x stable branch)?

Note to release-drivers, this has already been agreed on earlier in email, I'm only requesting this review to follow procedures, should you be waiting for the r+.
Comment 4 Nelson Bolyard (seldom reads bugmail) 2008-10-21 21:39:24 PDT
I don't understand the difference between this bug and bug 461082.
What is one of these intended to do that the other is not intended to do?
Comment 5 Kai Engert (:kaie) 2008-10-21 22:03:13 PDT
(In reply to comment #4)
> I don't understand the difference between this bug and bug 461082.
> What is one of these intended to do that the other is not intended to do?

Nelson, bug 461082 is about NSS 3.12.2, but delivering of this updated NSS version has been denied by Samuel Sidler, as we're too late for Firefox 3.0.4

This is why I have produced the NSS 3.12.1 + new root snapshot, which is tagged as NSS_3_12_1_WITH_CBKI_1_72_RTM.

NSS_3_12_1_WITH_CBKI_1_72_RTM for Firefox 3.0.4

NSS 3.12.2 for Firefox 3.0.5
Comment 6 Wan-Teh Chang 2008-10-22 10:14:42 PDT
Comment on attachment 344023 [details] [diff] [review]
Patch, part 1

r=wtc.

>Update NSS used in Mozilla 1.9.0 branch
>from current NSS_3_12_1_RTM to
>NSS_3_12_1_WITH_CBKI_1_72_RTM.

"CBKI" should be "CKBI".
Comment 7 Kai Engert (:kaie) 2008-10-22 14:58:14 PDT
Comment on attachment 344023 [details] [diff] [review]
Patch, part 1

(In reply to comment #6)
> r=wtc.
> 
> "CBKI" should be "CKBI".

Yes, this was a typo, thanks Wan-Teh!

This patch is named "part 1".

Part 2 is attachment 343489 [details] [diff] [review] from bug 450429.
Comment 8 Daniel Veditz [:dveditz] 2008-10-22 15:36:48 PDT
Comment on attachment 344023 [details] [diff] [review]
Patch, part 1

I don't get this, don't we need an actual patch to change the tag in client.mk?
Comment 9 Kai Engert (:kaie) 2008-10-22 15:44:14 PDT
(In reply to comment #8)
> (From update of attachment 344023 [details] [diff] [review])
> I don't get this, don't we need an actual patch to change the tag in client.mk?

Sorry, my thinking was too hg centric already.

I'll attach the patch in two minutes.
Comment 10 Kai Engert (:kaie) 2008-10-22 15:46:59 PDT
Created attachment 344387 [details] [diff] [review]
Patch, Update Mozilla 1.9.0 to NSS_3_12_1_WITH_CKBI_1_72_RTM
Comment 11 Samuel Sidler (old account; do not CC) 2008-10-22 15:49:15 PDT
Comment on attachment 344387 [details] [diff] [review]
Patch, Update Mozilla 1.9.0 to NSS_3_12_1_WITH_CKBI_1_72_RTM

Approved for 1.9.0.4. a=ss for release-drivers.
Comment 12 Kai Engert (:kaie) 2008-10-22 16:03:19 PDT
Comment on attachment 344387 [details] [diff] [review]
Patch, Update Mozilla 1.9.0 to NSS_3_12_1_WITH_CKBI_1_72_RTM

Checked in to cvs trunk for 1.9.0.4

Checking in client.mk;
/cvsroot/mozilla/client.mk,v  <--  client.mk
new revision: 1.385; previous revision: 1.384
done

Note You need to log in before you can comment on or make changes to this bug.