diff options
Diffstat (limited to 'security/nss/doc/rst/releases/nss_3_77.rst')
-rw-r--r-- | security/nss/doc/rst/releases/nss_3_77.rst | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/security/nss/doc/rst/releases/nss_3_77.rst b/security/nss/doc/rst/releases/nss_3_77.rst new file mode 100644 index 0000000000..46b37c4557 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_77.rst @@ -0,0 +1,92 @@ +.. _mozilla_projects_nss_nss_3_77_release_notes: + +NSS 3.77 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.77 was released on **31 March 2022**. + + + + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_77_RTM. NSS 3.77 requires NSPR 4.32 or newer. + + NSS 3.77 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_77_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.77: + +`Changes in NSS 3.77 <#changes_in_nss_3.77>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1762244 - resolve mpitests build failure on Windows. + - Bug 1761779 - Fix link to TLS page on wireshark wiki + - Bug 1754890 - Add two D-TRUST 2020 root certificates. + - Bug 1751298 - Add Telia Root CA v2 root certificate. + - Bug 1751305 - Remove expired explicitly distrusted certificates from certdata.txt. + - Bug 1005084 - support specific RSA-PSS parameters in mozilla::pkix + - Bug 1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. + - Bug 1756271 - Remove token member from NSSSlot struct. + - Bug 1602379 - Provide secure variants of mpp_pprime and mpp_make_prime. + - Bug 1757279 - Support UTF-8 library path in the module spec string. + - Bug 1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. + - Bug 1760827 - Add a CI Target for gcc-11. + - Bug 1760828 - Change to makefiles for gcc-4.8. + - Bug 1741688 - Update googletest to 1.11.0 + - Bug 1759525 - Add SetTls13GreaseEchSize to experimental API. + - Bug 1755264 - TLS 1.3 Illegal legacy_version handling/alerts. + - Bug 1755904 - Fix calculation of ECH HRR Transcript. + - Bug 1758741 - Allow ld path to be set as environment variable. + - Bug 1760653 - Ensure we don't read uninitialized memory in ssl gtests. + - Bug 1758478 - Fix DataBuffer Move Assignment. + - Bug 1552254 - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 + - Bug 1755092 - rework signature verification in mozilla::pkix + + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.77 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + For users upgrading from NSS < 3.76.1 or NSS < 3.68.3, this release improves + the stability of NSS when used in a multi-threaded environment. In + particular, it fixes memory safety violations that can occur when PKCS#11 + tokens are removed while in use (CVE-2022-1097). We presume that with enough + effort these memory safety violations are exploitable. + |