group.of.nepali.translators team mailing list archive

[Dariusz Gadomski <dariusz.gadomski@xxxxxxxxxxxxx>]

Public bug reported:

[Impact]

 * Thunderbird may become useless after booting into FIPS mode - it
refuses to connect to server displaying the following message:

Unexpected response from the server

This document cannot be displayed unless you install the Personal
Security Manager (PSM). Download and install PSM and try again, or
contact your system administrator.

This seems to be a result of the fact that despite Thunderbird for
Ubuntu being with FIPS support disabled there's a piece of code that
ignores the build flag and checks for `/proc/sys/crypto/fips_enabled`
status anyway.

Looks like upstream fix [1] needs to be applied to Thunderbird source
under security/nss.

[Test Case]

 * Configure an email account in Thunderbird. I was able to reproduce it with a gmail account.
 * Install FIPS modules as described in [2].
 * Boot into FIPS mode.
 * Open Thunderbird.

[Regression Potential]

 * I can't identify regression potential - this is clearly a bug fixed
upstream by a simple fix.

[Other Info]
 
 * Related Firefox bug: https://bugs.launchpad.net/bugs/1843044
 * I was able to backport this fix and test it - the problem was gone. Xenial build is available in ppa:dgadomski/thunderbird.


[1] https://hg.mozilla.org/projects/nss/raw-rev/55ba54adfcaea2f984a999a511eec5047462eb57
[2] https://docs.ubuntu.com/security-certs/en/fips

** Affects: thunderbird (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: thunderbird (Ubuntu Xenial)
     Importance: Undecided
         Status: New

** Affects: thunderbird (Ubuntu Bionic)
     Importance: Undecided
         Status: New

** Also affects: thunderbird (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: thunderbird (Ubuntu Bionic)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1878155

Title:
  Thunderbird fails to connect to server in FIPS mode

Status in thunderbird package in Ubuntu:
  New
Status in thunderbird source package in Xenial:
  New
Status in thunderbird source package in Bionic:
  New

Bug description:
  [Impact]

   * Thunderbird may become useless after booting into FIPS mode - it
  refuses to connect to server displaying the following message:

  Unexpected response from the server

  This document cannot be displayed unless you install the Personal
  Security Manager (PSM). Download and install PSM and try again, or
  contact your system administrator.

  This seems to be a result of the fact that despite Thunderbird for
  Ubuntu being with FIPS support disabled there's a piece of code that
  ignores the build flag and checks for `/proc/sys/crypto/fips_enabled`
  status anyway.

  Looks like upstream fix [1] needs to be applied to Thunderbird source
  under security/nss.

  [Test Case]

   * Configure an email account in Thunderbird. I was able to reproduce it with a gmail account.
   * Install FIPS modules as described in [2].
   * Boot into FIPS mode.
   * Open Thunderbird.

  [Regression Potential]

   * I can't identify regression potential - this is clearly a bug fixed
  upstream by a simple fix.

  [Other Info]
   
   * Related Firefox bug: https://bugs.launchpad.net/bugs/1843044
   * I was able to backport this fix and test it - the problem was gone. Xenial build is available in ppa:dgadomski/thunderbird.

  
  [1] https://hg.mozilla.org/projects/nss/raw-rev/55ba54adfcaea2f984a999a511eec5047462eb57
  [2] https://docs.ubuntu.com/security-certs/en/fips

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1878155/+subscriptions