Closed Bug 473835 Opened 12 years ago Closed 12 years ago

NSS_3_12_2_WITH_CKBI_1_73_RTM for Firefox 3.0.6 and 3.1 beta

Categories

(Core :: Security: PSM, defect, P1)

1.9.0 Branch
x86
Linux
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

(Keywords: verified1.9.0.6, verified1.9.1)

Attachments

(2 files)

Firefox 3.0.6 wants to pick up the NSS fix for bug 471715.

NSS_3_12_2_WITH_CKBI_1_73_RTM is what you want, 
it's the currently used 3.12.2 plus the single bugfix.
Depends on: 471715
Attached patch Patch v1Splinter Review
Attachment #357243 - Flags: review?(dveditz)
Attachment #357243 - Flags: approval1.9.0.6?
Comment on attachment 357243 [details] [diff] [review]
Patch v1

r=me

Approved for 1.9.0.7. a=samuel.sidler
Attachment #357243 - Flags: review?(dveditz)
Attachment #357243 - Flags: review+
Attachment #357243 - Flags: approval1.9.0.6?
Attachment #357243 - Flags: approval1.9.0.6+
Flags: blocking1.9.0.6+
checked in, marking fixed

I'm sure Samuel meant to say "approved for 1.9.0.6"
Keywords: fixed1.9.0.6
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Er, yeah. 1.9.0.6. :) Thanks Kai!
Verified for 1.9.0.6 by verifying bug 471715.
The same should be done for the next Firefox 3.1 beta.
Flags: blocking1.9.1?
Summary: NSS_3_12_2_WITH_CKBI_1_73_RTM for Firefox 3.0.6 → NSS_3_12_2_WITH_CKBI_1_73_RTM for Firefox 3.0.6 and 3.1 beta
Mike, FYI, in mercurial (hg) we use imported snapshots of NSPR and NSS.

Currently mozilla-1.9.1 uses NSS 3.12.2.

This set of commands is the necessary action to bring mozilla-1.9.1 to a newer snapshot which has only that collision attack protection cert in addition.
Attachment #358295 - Flags: review?(beltzner)
Attachment #358295 - Flags: approval1.9.1?
Attachment #358295 - Flags: review?(beltzner)
Attachment #358295 - Flags: review+
Attachment #358295 - Flags: approval1.9.1?
Attachment #358295 - Flags: approval1.9.1+
Comment on attachment 358295 [details] [diff] [review]
upgrade action for mozilla-1.9.1 (ff 3.1)

r+a191=beltzner
Flags: blocking1.9.1? → blocking1.9.1+
Priority: -- → P1
Is there a manual test case that can be performed to mark this VERIFIED?
I'm surprised that anyone still wants CKBI 1.73.  
I would have thought that any new builds of any browser, old or new, would 
want CKBI 1.75 with all the latest new roots.  No?

In reply to comment 10:
> Is there a manual test case that can be performed to mark this VERIFIED?

Yes.  It involves setting your system clock back to August 1, 2004 and 
visiting 
https://i.broke.the.internet.and.all.i.got.was.this.t-shirt.phreedom.org/
See bug 471715 comment 0 for details.
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1pre) Gecko/20090527 Shiretoko/3.5pre

Using https://i.broke.the.internet.and.all.i.got.was.this.t-shirt.phreedom.org/ I see the following error:

Peer's certificate has an invalid signature.
(Error code: sec_error_bad_signature)

I get this error whether my date is current, Aug 1 2004, or Apr 1 2004.  Marking VERIFIED.
Status: RESOLVED → VERIFIED
(In reply to comment #11)
> I'm surprised that anyone still wants CKBI 1.73.  
> I would have thought that any new builds of any browser, old or new, would 
> want CKBI 1.75 with all the latest new roots.  No?

Nelson, he was simply trying to verify this old bug.
You need to log in before you can comment on or make changes to this bug.