Bug 805640

Summary: Enhance PSM's key generation strategy with tokens/escrow
Product: Red Hat Enterprise Linux 5 Reporter: Andrew Wnuk <awnuk>
Component: xulrunnerAssignee: Martin Stransky <stransky>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: urgent    
Version: 5.8CC: cfu, dpal, jpallich, jrieden, kchamart, kengert, nkinder, rrelyea, shaines, tpelka, vbenes
Target Milestone: rcKeywords: OtherQA, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: OtherQA=cfu@redhat.com
Fixed In Version: RHSA-2012:0515 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 805642 (view as bug list) Environment:
Last Closed: 2012-05-04 10:22:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 805642, 811205    
Attachments:
Description Flags
Patch v4 from upstream (smaller context version) none

Description Andrew Wnuk 2012-03-21 17:50:57 UTC 
RHCS requires the following bug to be fixed in RHEL 5.8:
https://bugzilla.mozilla.org/show_bug.cgi?id=681937

This fix is critical for RHCS ECC functionality to work.
Comment 1 Kai Engert (:kaie) (inactive account) 2012-03-21 18:58:34 UTC 
This bug requests that "patch v4" (r=rrelyea) from upstream bug
  https://bugzilla.mozilla.org/show_bug.cgi?id=681937

gets added to Firefox
(but I believe the relevant code lives in our xulrunner RPM package).

The full link to the patch is
https://bugzilla.mozilla.org/attachment.cgi?id=588982&action=edit

This patch applies fine on the latest Firefox 10.x branch.
Comment 2 Kai Engert (:kaie) (inactive account) 2012-03-21 22:46:48 UTC 
We propose that this patch gets added together with the next scheduled FF update (10.0.4) (sharing a single errata).
Comment 3 Kai Engert (:kaie) (inactive account) 2012-03-22 15:11:03 UTC 
Created attachment 572018 [details]
Patch v4 from upstream (smaller context version)

This is the same patch as upstream, however, with less context (5 lines, not 50 lines, shortens the patch, increases likelyhood that patch will continue to apply).
Comment 4 Kai Engert (:kaie) (inactive account) 2012-03-22 15:14:32 UTC 
If you need a risk assessment:

The patch is limited to changing code related to certificate key pair generation (which is only called when a user visits a CA's web page to apply for a certificate).
Comment 22 Nathan Kinder 2012-04-09 18:05:51 UTC 
*** Bug 672316 has been marked as a duplicate of this bug. ***
Comment 28 Martin Stransky 2012-05-04 10:22:30 UTC 
Fixed in RHSA-2012:0515.