On 08/31/2011 04:26 PM, NoOp wrote: > On 08/31/2011 03:07 PM, Justin Wood (Callek) wrote: >> On 8/31/2011 5:39 PM, NoOp wrote: >>> On 08/31/2011 12:10 PM, Justin Wood (Callek) wrote: >>>> On 8/31/2011 11:43 AM, Rostyslaw Lewyckyj wrote: >>> ... >>>>> After reading the other postings dealing with 2.3.2, I get the distinct >>>>> impression that the botched 2.3.2 release was a *panic* "Get it out the >>>>> door quick", reaction to the recent security breach event. >>>>> Will y'all fix 2.3.2 , and dot the ts and cross the is before >>>>> re releasing? >>>> >>>> 2.3.2 was a "panic" release, because it was an issue actively exploiting >>>> users in the wild, on that release day, and had been for a while :( . >>>> >>>> The only issue with SeaMonkey 2.3.2 that was not in Firefox 6.0.1 was >>>> our reported version string. Sadly, that had a few user facing "what, >>>> why, do I have the right version" feelings. >>>> >>>> Luckily (or unluckily depending on your POV) there is a new chemspill >>>> because they took the block slightly further than initially intended, >>>> that should be released within 48 hours, that will correct also our >>>> version number. >>>> >>>> I will be doing partial (small) updates for both 2.3.1 and 2.3.2 for >>>> that, so hopefully your impact is relatively small. >>>> >>>> Thank you for your patience. >>> >>> Linux versions are borked (both 32bit and 64bit). Both report 2.3.1. But >>> *worse* is that they reenstate DigiNotar Root CA. Tested both ways: >>> >>> 1. 32bit linux deleted DigiNotar Root CA and then did the update via >>> Help|Check for Updates. DigiNotar Root CA is now back. >>> Build identifier: Mozilla/5.0 (X11; Linux i686; rv:6.0.1) Gecko/20110830 >>> Firefox/6.0.1 SeaMonkey/2.3.1 >>> >>> 2. 64bit linux deleted DigiNotar Root CA and then did the update via >>> Help|Check for Updates. DigiNotar Root CA is now back. So I downloaded >>> the entire bz2, deleted the old, and extracted to a new folder; >>> DigiNotar Root CA is now back on that version as well. >>> Build identifier: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.1) >>> Gecko/20110830 Firefox/6.0.1 SeaMonkey/2.3.1 >>> >>> I've not tested any windows versions (yet). >> >> The root CA will still appear in the cert list, but it is blocked, >> please test with a website. >> >> But its a factor of how this code works. >> > > Reloaded 2.3.1 (the original) and DigiNotar Root CA shows with trust > settings: > - This certificate can identify web sites > - This certificate can identify software makers > https://zga-tag.zorggroep-almere.nl/ works > 2.16.528.1.1001.1.1.1.10.1: > Certification Practice Statement pointer: > http://www.diginotar.nl/cps > User Notice: > Conditions, as mentioned on our website (www.diginotar.nl), are > applicable to all our products and services. > > Reloaded 2.3.2 64bit (shows 2.3.1) and DigiNotar Root CA now is not > showing at all & https://zga-tag.zorggroep-almere.nl/ shows an invalid cert. > > Reloaded 2.3.2 (32bit) and DigiNotar Root CA shows with all trust > settings unchecked (similar to Windows). > https://zga-tag.zorggroep-almere.nl/ shows an invalid cert. > > Odd that the 32bit shows, but the 64bit has it removed completely. Not > sure why I have different results (regarding showing & not showing the > cert) so I'll test on a few more machines.
Just tested another 32bit: 2.3.1 (Gecko/20110820) shows DigiNotar Root CA with no trust settings ticked. https://zga-tag.zorggroep-almere.nl/ works. Now updating via Help|Check for Updates. Update complete & 'Restart SeaMonkey'... SeaMonkey restarted... https://zga-tag.zorggroep-almere.nl/ shows an invalid cert. DigiNotar Root CA shows with all trust settings unchecked. So I reckon that it's working, but odd. _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey