As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact bugzilla-admin@mozilla.org
Last Comment Bug 451305 - (ev303) Enable additional EV roots for FF 3.0.4
(ev303)
: Enable additional EV roots for FF 3.0.4
Status: RESOLVED FIXED
: fixed1.9.0.4
Product: Core
Classification: Components
Component: Security: PSM (show other bugs)
: 1.9.0 Branch
: All All
: -- normal (vote)
: ---
Assigned To: Kai Engert (:kaie)
:
: David Keeler [:keeler] (use needinfo?)
Mentors:
Depends on: 450429
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-19 19:01 PDT by Kai Engert (:kaie)
Modified: 2008-10-23 12:40 PDT (History)
5 users (show)
samuel.sidler+old: wanted1.9.0.x+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Patch, part 1 (103 bytes, patch)
2008-10-20 21:16 PDT, Kai Engert (:kaie)
wtc: superreview+
Details | Diff | Splinter Review
Patch, Update Mozilla 1.9.0 to NSS_3_12_1_WITH_CKBI_1_72_RTM (588 bytes, patch)
2008-10-22 15:46 PDT, Kai Engert (:kaie)
samuel.sidler+old: approval1.9.0.4+
Details | Diff | Splinter Review

Description User image Kai Engert (:kaie) 2008-08-19 19:01:51 PDT
There are some EV roots queued up that should get enabled in the next round of updates.
Comment 1 User image Kai Engert (:kaie) 2008-10-20 21:16:43 PDT
Created attachment 344023 [details] [diff] [review]
Patch, part 1

In order to fix this bug, two steps are necessary.

First, we must deliver a new snapshot of NSS into Mozilla 1.9.0, a snapshot which includes the new root from bug 450427 (only a single new root for this round).

After talking to Samuel, we had agreed to use the minimal approach, do not add new NSS code at this point of time, but only the new root(s).

I've complied with this plan, and we produced a new NSS snapshot accordingly.

Please approve the attached file.
The NSS import action described is equivalent to accepting the patch from bug 450427.

Thanks.


Once done, the second part will be the Mozilla application code level patch from bug 450429, review pending.
Comment 2 User image Kai Engert (:kaie) 2008-10-20 21:17:20 PDT
Comment on attachment 344023 [details] [diff] [review]
Patch, part 1

Samuel, this is what we had agreed to do, IIUC.
Comment 3 User image Kai Engert (:kaie) 2008-10-21 19:42:06 PDT
Comment on attachment 344023 [details] [diff] [review]
Patch, part 1

Nelson or Wan-Teh, can you please r+ delivering this updated tag to Mozilla (for Firefox 3.0.x stable branch)?

Note to release-drivers, this has already been agreed on earlier in email, I'm only requesting this review to follow procedures, should you be waiting for the r+.
Comment 4 User image Nelson Bolyard (seldom reads bugmail) 2008-10-21 21:39:24 PDT
I don't understand the difference between this bug and bug 461082.
What is one of these intended to do that the other is not intended to do?
Comment 5 User image Kai Engert (:kaie) 2008-10-21 22:03:13 PDT
(In reply to comment #4)
> I don't understand the difference between this bug and bug 461082.
> What is one of these intended to do that the other is not intended to do?

Nelson, bug 461082 is about NSS 3.12.2, but delivering of this updated NSS version has been denied by Samuel Sidler, as we're too late for Firefox 3.0.4

This is why I have produced the NSS 3.12.1 + new root snapshot, which is tagged as NSS_3_12_1_WITH_CBKI_1_72_RTM.

NSS_3_12_1_WITH_CBKI_1_72_RTM for Firefox 3.0.4

NSS 3.12.2 for Firefox 3.0.5
Comment 6 User image Wan-Teh Chang 2008-10-22 10:14:42 PDT
Comment on attachment 344023 [details] [diff] [review]
Patch, part 1

r=wtc.

>Update NSS used in Mozilla 1.9.0 branch
>from current NSS_3_12_1_RTM to
>NSS_3_12_1_WITH_CBKI_1_72_RTM.

"CBKI" should be "CKBI".
Comment 7 User image Kai Engert (:kaie) 2008-10-22 14:58:14 PDT
Comment on attachment 344023 [details] [diff] [review]
Patch, part 1

(In reply to comment #6)
> r=wtc.
> 
> "CBKI" should be "CKBI".

Yes, this was a typo, thanks Wan-Teh!

This patch is named "part 1".

Part 2 is attachment 343489 [details] [diff] [review] from bug 450429.
Comment 8 User image Daniel Veditz [:dveditz] 2008-10-22 15:36:48 PDT
Comment on attachment 344023 [details] [diff] [review]
Patch, part 1

I don't get this, don't we need an actual patch to change the tag in client.mk?
Comment 9 User image Kai Engert (:kaie) 2008-10-22 15:44:14 PDT
(In reply to comment #8)
> (From update of attachment 344023 [details] [diff] [review])
> I don't get this, don't we need an actual patch to change the tag in client.mk?

Sorry, my thinking was too hg centric already.

I'll attach the patch in two minutes.
Comment 10 User image Kai Engert (:kaie) 2008-10-22 15:46:59 PDT
Created attachment 344387 [details] [diff] [review]
Patch, Update Mozilla 1.9.0 to NSS_3_12_1_WITH_CKBI_1_72_RTM
Comment 11 User image Samuel Sidler (old account; do not CC) 2008-10-22 15:49:15 PDT
Comment on attachment 344387 [details] [diff] [review]
Patch, Update Mozilla 1.9.0 to NSS_3_12_1_WITH_CKBI_1_72_RTM

Approved for 1.9.0.4. a=ss for release-drivers.
Comment 12 User image Kai Engert (:kaie) 2008-10-22 16:03:19 PDT
Comment on attachment 344387 [details] [diff] [review]
Patch, Update Mozilla 1.9.0 to NSS_3_12_1_WITH_CKBI_1_72_RTM

Checked in to cvs trunk for 1.9.0.4

Checking in client.mk;
/cvsroot/mozilla/client.mk,v  <--  client.mk
new revision: 1.385; previous revision: 1.384
done

Note You need to log in before you can comment on or make changes to this bug.