From fbaf0bb26397aa498eb9156f06d5a6fe34dd7dd8 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 03:14:29 +0200 Subject: Merging upstream version 125.0.1. Signed-off-by: Daniel Baumann --- security/nss/doc/rst/releases/index.rst | 39 +++++++------------ security/nss/doc/rst/releases/nss_3_99.rst | 62 ++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 26 deletions(-) create mode 100644 security/nss/doc/rst/releases/nss_3_99.rst (limited to 'security/nss/doc/rst') diff --git a/security/nss/doc/rst/releases/index.rst b/security/nss/doc/rst/releases/index.rst index 5ac6cb4bb0..865aad277a 100644 --- a/security/nss/doc/rst/releases/index.rst +++ b/security/nss/doc/rst/releases/index.rst @@ -8,6 +8,7 @@ Releases :glob: :hidden: + nss_3_99.rst nss_3_98.rst nss_3_97.rst nss_3_96_1.rst @@ -63,37 +64,23 @@ Releases .. note:: - **NSS 3.98** is the latest version of NSS. - Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_98_release_notes` + **NSS 3.99** is the latest version of NSS. + Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_99_release_notes` **NSS 3.90.2 (ESR)** is the latest version of NSS. Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_90_2_release_notes` .. container:: - Changes in 3.98 included in this release: + Changes in 3.99 included in this release: - - Bug 1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS. - - Bug 1879513 - Certificate Compression: enabling the check that the compression was advertised. - - Bug 1831552 - Move Windows workers to nss-1/b-win2022-alpha. - - Bug 1879945 - Remove Email trust bit from OISTE WISeKey Global Root GC CA. - - Bug 1877344 - Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`. - - Bug 1548723 - Certificate Compression: Updating nss_bogo_shim to support Certificate compression. - - Bug 1548723 - TLS Certificate Compression (RFC 8879) Implementation. - - Bug 1875356 - Add valgrind annotations to freebl kyber operations for constant-time execution tests. - - Bug 1870673 - Set nssckbi version number to 2.66. - - Bug 1874017 - Add Telekom Security roots. - - Bug 1873095 - Add D-Trust 2022 S/MIME roots. - - Bug 1865450 - Remove expired Security Communication RootCA1 root. - - Bug 1876179 - move keys to a slot that supports concatenation in PK11_ConcatSymKeys. - - Bug 1876800 - remove unmaintained tls-interop tests. - - Bug 1874937 - bogo: add support for the -ipv6 and -shim-id shim flags. - - Bug 1874937 - bogo: add support for the -curves shim flag and update Kyber expectations. - - Bug 1874937 - bogo: adjust expectation for a key usage bit test. - - Bug 1757758 - mozpkix: add option to ignore invalid subject alternative names. - - Bug 1841029 - Fix selfserv not stripping `publicname:` from -X value. - - Bug 1876390 - take ownership of ecckilla shims. - - Bug 1874458 - add valgrind annotations to freebl/ec.c. - - Bug 864039 - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip. - - Bug 1875965 - Update zlib to 1.3.1. + - Bug 1325335 - Removing check for message len in ed25519 + - Bug 1884276 - add ed25519 to SECU_ecName2params. + - Bug 1325335 - add EdDSA wycheproof tests. + - Bug 1325335 - nss/lib layer code for EDDSA. + - Bug 1325335 - Adding EdDSA implementation. + - Bug 1881027 - Exporting Certificate Compression types + - Bug 1880857 - Updating ACVP docker to rust 1.74 + - Bug 1325335 - Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 + - Bug 1877730 - Add NSS_CMSRecipient_IsSupported. diff --git a/security/nss/doc/rst/releases/nss_3_99.rst b/security/nss/doc/rst/releases/nss_3_99.rst new file mode 100644 index 0000000000..e4107700cf --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_99.rst @@ -0,0 +1,62 @@ +.. _mozilla_projects_nss_nss_3_99_release_notes: + +NSS 3.99 release notes +======================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.99 was released on *15th March 2024**. + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_99_RTM. NSS 3.99 requires NSPR 4.35 or newer. + + NSS 3.99 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_99_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.99: + +`Changes in NSS 3.99 <#changes_in_nss_3.99>`__ +------------------------------------------------------------------ + +.. container:: + + - Bug 1325335 - Removing check for message len in ed25519 + - Bug 1884276 - add ed25519 to SECU_ecName2params. + - Bug 1325335 - add EdDSA wycheproof tests. + - Bug 1325335 - nss/lib layer code for EDDSA. + - Bug 1325335 - Adding EdDSA implementation. + - Bug 1881027 - Exporting Certificate Compression types + - Bug 1880857 - Updating ACVP docker to rust 1.74 + - Bug 1325335 - Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 + - Bug 1877730 - Add NSS_CMSRecipient_IsSupported. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.99 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). -- cgit v1.2.3