summaryrefslogtreecommitdiffstats
path: root/security/nss/doc/rst/legacy/nss_releases/nss_3.12.3_release_notes/index.rst
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/doc/rst/legacy/nss_releases/nss_3.12.3_release_notes/index.rst')
-rw-r--r--security/nss/doc/rst/legacy/nss_releases/nss_3.12.3_release_notes/index.rst432
1 files changed, 432 insertions, 0 deletions
diff --git a/security/nss/doc/rst/legacy/nss_releases/nss_3.12.3_release_notes/index.rst b/security/nss/doc/rst/legacy/nss_releases/nss_3.12.3_release_notes/index.rst
new file mode 100644
index 0000000000..8cb7d7a64b
--- /dev/null
+++ b/security/nss/doc/rst/legacy/nss_releases/nss_3.12.3_release_notes/index.rst
@@ -0,0 +1,432 @@
+.. _mozilla_projects_nss_nss_3_12_3_release_notes:
+
+NSS_3.12.3_release_notes.html
+=============================
+
+.. _nss_3.12.3_release_notes:
+
+`NSS 3.12.3 Release Notes <#nss_3.12.3_release_notes>`__
+--------------------------------------------------------
+
+.. _2009-04-01:
+
+`2009-04-01 <#2009-04-01>`__
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. container::
+
+ Newsgroup: `mozilla.dev.tech.crypto <news://news.mozilla.org/mozilla.dev.tech.crypto>`__
+
+`Contents <#contents>`__
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. container::
+
+ - `Introduction <#introduction>`__
+ - `Distribution Information <#distribution_information>`__
+ - `New in NSS 3.12.3 <#new_in_nss_3.12.3>`__
+ - `Bugs Fixed <#bugs_fixed>`__
+ - `Documentation <#documentation>`__
+ - `Compatibility <#compatibility>`__
+ - `Feedback <#feedback>`__
+
+ --------------
+
+`Introduction <#introduction>`__
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. container::
+
+ Network Security Services (NSS) 3.12.3 is a patch release for NSS 3.12. The bug fixes in NSS
+ 3.12.3 are described in the "`Bugs Fixed <#bugs_fixed>`__" section below.
+
+ NSS 3.12.3 is tri-licensed under the MPL 1.1/GPL 2.0/LGPL 2.1.
+
+ --------------
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. container::
+
+ | The CVS tag for the NSS 3.12.3 release is NSS_3_12_3_RTM. NSS 3.12.3 requires `NSPR
+ 4.7.4 <https://www.mozilla.org/projects/nspr/release-notes/nspr474.html>`__.
+ | See the `Documentation <#documentation>`__ section for the build instructions.
+
+ NSS 3.12.3 source and binary distributions are also available on ftp.mozilla.org for secure HTTPS
+ download:
+
+ - Source tarballs:
+ https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_3_RTM/src/.
+ - Binary distributions:
+ https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_3_RTM/. Both debug and
+ optimized builds are provided. Go to the subdirectory for your platform, DBG (debug) or OPT
+ (optimized), to get the tar.gz or zip file. The tar.gz or zip file expands to an nss-3.12.3
+ directory containing three subdirectories:
+
+ - include - NSS header files
+ - lib - NSS shared libraries
+ - bin - `NSS Tools <https://www.mozilla.org/projects/security/pki/nss/tools/>`__ and test
+ programs
+
+ You also need to download the NSPR 4.7.4 binary distributions to get the NSPR 4.7.4 header files
+ and shared libraries, which NSS 3.12.3 requires. NSPR 4.7.4 binary distributions are in
+ https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.7.4/.
+
+ --------------
+
+.. _new_in_nss_3.12.3:
+
+`New in NSS 3.12.3 <#new_in_nss_3.12.3>`__
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. container::
+
+ - Changes in behavior:
+ - In the development of NSS 3.12.3, it became necessary to change some old library behaviors due
+ to the discovery of certain vulnerabilities in the old behaviors, and to correct some errors
+ that had limited NSS's ability to interoperate with cryptographic hardware and software from
+ other sources.
+ Most of these changes should cause NO problems for NSS users, but in some cases, some
+ customers' software, hardware and/or certificates may be dependent on the old behaviors, and
+ may have difficulty with the new behaviors. In anticipation of that, the NSS team has provided
+ ways to easily cause NSS to revert to its previous behavior through the use of environment
+ variables.
+ Here is a table of the new environment variables introduced in NSS 3.12.3 and information
+ about how they affect these new behaviors. The information in this table is excerpted from
+ :ref:`mozilla_projects_nss_reference_nss_environment_variables`
+
+ +--------------------------------+--------------------------------+--------------------------------+
+ | **Environment Variable** | **Value Type** | **Description** |
+ +--------------------------------+--------------------------------+--------------------------------+
+ | NSRANDCOUNT | Integer | Sets the maximum number of |
+ | | (byte count) | bytes to read from the file |
+ | | | named in the environment |
+ | | | variable NSRANDFILE (see |
+ | | | below). Makes NSRANDFILE |
+ | | | usable with /dev/urandom. |
+ +--------------------------------+--------------------------------+--------------------------------+
+ | NSS_ALLOW_WEAK_SIGNATURE_ALG | Boolean | Enables the use of MD2 and MD4 |
+ | | (any non-empty value to | hash algorithms inside |
+ | | enable) | signatures. This was allowed |
+ | | | by default before NSS 3.12.3. |
+ +--------------------------------+--------------------------------+--------------------------------+
+ | NSS_HASH_ALG_SUPPORT | String | Specifies algorithms allowed |
+ | | | to be used in certain |
+ | | | applications, such as in |
+ | | | signatures on certificates and |
+ | | | CRLs. See documentation at |
+ | | | `this |
+ | | | link |
+ | | | <https://bugzilla.mozilla.org/ |
+ | | | show_bug.cgi?id=483113#c0>`__. |
+ +--------------------------------+--------------------------------+--------------------------------+
+ | NSS_STRICT_NOFORK | String | It is an error to try to use a |
+ | | ("1", | PKCS#11 crypto module in a |
+ | | "DISABLED", | process before it has been |
+ | | or any other non-empty value) | initialized in that process, |
+ | | | even if the module was |
+ | | | initialized in the parent |
+ | | | process. Beginning in NSS |
+ | | | 3.12.3, Softoken will detect |
+ | | | this error. This environment |
+ | | | variable controls Softoken's |
+ | | | response to that error. |
+ | | | |
+ | | | - If set to "1" or unset, |
+ | | | Softoken will trigger an |
+ | | | assertion failure in debug |
+ | | | builds, and will report an |
+ | | | error in non-DEBUG builds. |
+ | | | - If set to "DISABLED", |
+ | | | Softoken will ignore forks, |
+ | | | and behave as it did in |
+ | | | older versions. |
+ | | | - If set to any other |
+ | | | non-empty value, Softoken |
+ | | | will report an error in |
+ | | | both DEBUG and non-DEBUG |
+ | | | builds. |
+ +--------------------------------+--------------------------------+--------------------------------+
+ | NSS_USE_DECODED_CKA_EC_POINT | Boolean | Tells NSS to send EC key |
+ | | (any non-empty value to | points across the PKCS#11 |
+ | | enable) | interface in the non-standard |
+ | | | unencoded format that was used |
+ | | | by default before NSS 3.12.3. |
+ | | | The new key point format is a |
+ | | | DER encoded ASN.1 OCTET |
+ | | | STRING. |
+ +--------------------------------+--------------------------------+--------------------------------+
+ | NSS_USE_SHEXP_IN_CERT_NAME | Boolean | Tells NSS to allow shell-style |
+ | | (any non-empty value to | wildcard patterns in |
+ | | enable) | certificates to match SSL |
+ | | | server host names. This |
+ | | | behavior was the default |
+ | | | before NSS 3.12.3. The new |
+ | | | behavior conforms to RFC 2818. |
+ +--------------------------------+--------------------------------+--------------------------------+
+
+ - New Korean SEED cipher:
+
+ - New macros for SEED support:
+
+ - *in blapit.h:*
+ NSS_SEED
+ NSS_SEED_CBC
+ SEED_BLOCK_SIZE
+ SEED_KEY_LENGTH
+ *in pkcs11t.h:*
+ CKK_SEED
+ CKM_SEED_KEY_GEN
+ CKM_SEED_ECB
+ CKM_SEED_CBC
+ CKM_SEED_MAC
+ CKM_SEED_MAC_GENERAL
+ CKM_SEED_CBC_PAD
+ CKM_SEED_ECB_ENCRYPT_DATA
+ CKM_SEED_CBC_ENCRYPT_DATA
+ *in secmod.h:*
+ PUBLIC_MECH_SEED_FLAG
+ *in secmodt.h:*
+ SECMOD_SEED_FLAG
+ *in secoidt.h:*
+ SEC_OID_SEED_CBC
+ *in sslproto.h:*
+ TLS_RSA_WITH_SEED_CBC_SHA
+ *in sslt.h:*
+ ssl_calg_seed
+
+ - New structure for SEED support:
+
+ - (see blapit.h)
+ SEEDContextStr
+ SEEDContext
+
+ - New functions in the nss shared library:
+
+ - CERT_RFC1485_EscapeAndQuote (see cert.h)
+ CERT_CompareCerts (see cert.h)
+ CERT_RegisterAlternateOCSPAIAInfoCallBack (see ocsp.h)
+ PK11_GetSymKeyHandle (see pk11pqg.h)
+ UTIL_SetForkState (see secoid.h)
+ NSS_GetAlgorithmPolicy (see secoid.h)
+ NSS_SetAlgorithmPolicy (see secoid.h)
+
+ - For the 2 functions above see also (in secoidt.h):
+ NSS_USE_ALG_IN_CERT_SIGNATURE
+ NSS_USE_ALG_IN_CMS_SIGNATURE
+ NSS_USE_ALG_RESERVED
+
+ - Support for the Watcom C compiler is removed
+
+ - The file watcomfx.h is removed.
+
+ --------------
+
+.. _bugs_fixed:
+
+`Bugs Fixed <#bugs_fixed>`__
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. container::
+
+ The following bugs have been fixed in NSS 3.12.3.
+
+ - `Bug 159483 <https://bugzilla.mozilla.org/show_bug.cgi?id=159483>`__: cert name matching: RFC
+ 2818 vs. backwards compatibility (wildcards)
+ - `Bug 334678 <https://bugzilla.mozilla.org/show_bug.cgi?id=334678>`__: prng_fips1861.c
+ redefines the macro BSIZE on HP-UX
+ - `Bug 335016 <https://bugzilla.mozilla.org/show_bug.cgi?id=335016>`__: mpp_pprime (Miller-Rabin
+ probabilistic primality test) may choose 0 or 1 as the random integer
+ - `Bug 347037 <https://bugzilla.mozilla.org/show_bug.cgi?id=347037>`__: Make shlibsign depend on
+ the softoken only
+ - `Bug 371522 <https://bugzilla.mozilla.org/show_bug.cgi?id=371522>`__: Auto-Update of CRLs
+ stops after first update
+ - `Bug 380784 <https://bugzilla.mozilla.org/show_bug.cgi?id=380784>`__: PK11MODE in non FIPS
+ mode failed.
+ - `Bug 394077 <https://bugzilla.mozilla.org/show_bug.cgi?id=394077>`__: libpkix need to return
+ revocation status of a cert
+ - `Bug 412468 <https://bugzilla.mozilla.org/show_bug.cgi?id=412468>`__: modify certutil
+ - `Bug 417092 <https://bugzilla.mozilla.org/show_bug.cgi?id=417092>`__: Modify pkix_CertSelector
+ API to return an error if cert was rejected.
+ - `Bug 426413 <https://bugzilla.mozilla.org/show_bug.cgi?id=426413>`__: Audit messages need
+ distinct types
+ - `Bug 438870 <https://bugzilla.mozilla.org/show_bug.cgi?id=438870>`__: Free Freebl hashing code
+ of dependencies on NSPR and libUtil
+ - `Bug 439115 <https://bugzilla.mozilla.org/show_bug.cgi?id=439115>`__: DB merge allows nickname
+ conflicts in merged DB
+ - `Bug 439199 <https://bugzilla.mozilla.org/show_bug.cgi?id=439199>`__: SSE2 instructions for
+ bignum are not implemented on Windows 32-bit
+ - `Bug 441321 <https://bugzilla.mozilla.org/show_bug.cgi?id=441321>`__: Tolerate incorrect
+ encoding of DSA signatures in SSL 3.0 handshakes
+ - `Bug 444404 <https://bugzilla.mozilla.org/show_bug.cgi?id=444404>`__: libpkix reports unknown
+ issuer for nearly all certificate errors
+ - `Bug 452391 <https://bugzilla.mozilla.org/show_bug.cgi?id=452391>`__: certutil -K incorrectly
+ reports ec private key as an orphan
+ - `Bug 453234 <https://bugzilla.mozilla.org/show_bug.cgi?id=453234>`__: Support for SEED Cipher
+ Suites to TLS RFC4010
+ - `Bug 453364 <https://bugzilla.mozilla.org/show_bug.cgi?id=453364>`__: Improve PK11_CipherOp
+ error reporting (was: PK11_CreateContextBySymKey returns NULL
+ - `Bug 456406 <https://bugzilla.mozilla.org/show_bug.cgi?id=456406>`__: Slot list leaks in
+ symkeyutil
+ - `Bug 461085 <https://bugzilla.mozilla.org/show_bug.cgi?id=461085>`__: RFE: export function
+ CERT_CompareCerts
+ - `Bug 462293 <https://bugzilla.mozilla.org/show_bug.cgi?id=462293>`__: Crash on fork after
+ Softoken is dlClose'd on some Unix platforms in NSS 3.12
+ - `Bug 463342 <https://bugzilla.mozilla.org/show_bug.cgi?id=463342>`__: move some headers to
+ freebl/softoken
+ - `Bug 463452 <https://bugzilla.mozilla.org/show_bug.cgi?id=463452>`__: SQL DB creation does not
+ set files protections to 0600
+ - `Bug 463678 <https://bugzilla.mozilla.org/show_bug.cgi?id=463678>`__: Need to add RPATH to
+ 64-bit libraries on HP-UX
+ - `Bug 464088 <https://bugzilla.mozilla.org/show_bug.cgi?id=464088>`__: Option to build NSS
+ without dbm (handy for WinCE)
+ - `Bug 464223 <https://bugzilla.mozilla.org/show_bug.cgi?id=464223>`__: Certutil didn't accept
+ certificate request to sign.
+ - `Bug 464406 <https://bugzilla.mozilla.org/show_bug.cgi?id=464406>`__: Fix signtool regressions
+ - `Bug 465270 <https://bugzilla.mozilla.org/show_bug.cgi?id=465270>`__: uninitialised value in
+ devutil.c::create_object()
+ - `Bug 465273 <https://bugzilla.mozilla.org/show_bug.cgi?id=465273>`__: dead assignment in
+ devutil.c::nssSlotArray_Clone()
+ - `Bug 465926 <https://bugzilla.mozilla.org/show_bug.cgi?id=465926>`__: During import of PKCS
+ #12 files
+ - `Bug 466180 <https://bugzilla.mozilla.org/show_bug.cgi?id=466180>`__:
+ SSL_ConfigMPServerSIDCache with default parameters fails on {Net
+ - `Bug 466194 <https://bugzilla.mozilla.org/show_bug.cgi?id=466194>`__: CERT_DecodeTrustString
+ should take a const char \* input trusts string.
+ - `Bug 466736 <https://bugzilla.mozilla.org/show_bug.cgi?id=466736>`__: Incorrect use of
+ NSS_USE_64 in lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
+ - `Bug 466745 <https://bugzilla.mozilla.org/show_bug.cgi?id=466745>`__: random number generator
+ fails on windows ce
+ - `Bug 467298 <https://bugzilla.mozilla.org/show_bug.cgi?id=467298>`__: SQL DB code uses local
+ cache on local file system
+ - `Bug 468279 <https://bugzilla.mozilla.org/show_bug.cgi?id=468279>`__: softoken crash importing
+ email cert into newly upgraded DB
+ - `Bug 468532 <https://bugzilla.mozilla.org/show_bug.cgi?id=468532>`__: Trusted CA trust flags
+ not being honored in CERT_VerifyCert
+ - `Bug 469583 <https://bugzilla.mozilla.org/show_bug.cgi?id=469583>`__: Coverity: uninitialized
+ variable used in sec_pkcs5CreateAlgorithmID
+ - `Bug 469944 <https://bugzilla.mozilla.org/show_bug.cgi?id=469944>`__: when built with
+ Microsoft compilers
+ - `Bug 470351 <https://bugzilla.mozilla.org/show_bug.cgi?id=470351>`__: crlutil build fails on
+ Windows because it calls undeclared isatty
+ - `Bug 471539 <https://bugzilla.mozilla.org/show_bug.cgi?id=471539>`__: Stop honoring digital
+ signatures in certificates and CRLs based on weak hashes
+ - `Bug 471665 <https://bugzilla.mozilla.org/show_bug.cgi?id=471665>`__: NSS reports incorrect
+ sizes for (AES) symmetric keys
+ - `Bug 471715 <https://bugzilla.mozilla.org/show_bug.cgi?id=471715>`__: Add cert to nssckbi to
+ override rogue md5-collision CA cert
+ - `Bug 472291 <https://bugzilla.mozilla.org/show_bug.cgi?id=472291>`__: crash in libpkix object
+ leak tests due to null pointer dereferencing in pkix_build.c:3218.
+ - `Bug 472319 <https://bugzilla.mozilla.org/show_bug.cgi?id=472319>`__: Vfychain validates chain
+ even if revoked certificate.
+ - `Bug 472749 <https://bugzilla.mozilla.org/show_bug.cgi?id=472749>`__: Softoken permits AES
+ keys of ANY LENGTH to be created
+ - `Bug 473147 <https://bugzilla.mozilla.org/show_bug.cgi?id=473147>`__: pk11mode tests fails on
+ AIX when using shareable DBs.
+ - `Bug 473357 <https://bugzilla.mozilla.org/show_bug.cgi?id=473357>`__: ssltap incorrectly
+ parses handshake messages that span record boundaries
+ - `Bug 473365 <https://bugzilla.mozilla.org/show_bug.cgi?id=473365>`__: Incompatible argument in
+ pkix_validate.c.
+ - `Bug 473505 <https://bugzilla.mozilla.org/show_bug.cgi?id=473505>`__: softoken's C_Initialize
+ and C_Finalize should succeed after a fork in a child process
+ - `Bug 473944 <https://bugzilla.mozilla.org/show_bug.cgi?id=473944>`__: Trust anchor is not
+ trusted when requireFreshInfo flag is set.
+ - `Bug 474532 <https://bugzilla.mozilla.org/show_bug.cgi?id=474532>`__: Softoken cannot import
+ certs with empty subjects and non-empty nicknames
+ - `Bug 474777 <https://bugzilla.mozilla.org/show_bug.cgi?id=474777>`__: Wrong deallocation when
+ modifying CRL.
+ - `Bug 476126 <https://bugzilla.mozilla.org/show_bug.cgi?id=476126>`__: CERT_AsciiToName fails
+ when AVAs in an RDN are separated by '+'
+ - `Bug 477186 <https://bugzilla.mozilla.org/show_bug.cgi?id=477186>`__: Infinite loop in
+ CERT_GetCertChainFromCert
+ - `Bug 477777 <https://bugzilla.mozilla.org/show_bug.cgi?id=477777>`__: Selfserv crashed in
+ client/server tests.
+ - `Bug 478171 <https://bugzilla.mozilla.org/show_bug.cgi?id=478171>`__: Consolidate the
+ coreconf/XXX.mk files for Windows
+ - `Bug 478563 <https://bugzilla.mozilla.org/show_bug.cgi?id=478563>`__: Add \_MSC_VER (the cl
+ version) to coreconf.
+ - `Bug 478724 <https://bugzilla.mozilla.org/show_bug.cgi?id=478724>`__: NSS build fails on
+ Windows since 20090213.1 nightly build.
+ - `Bug 478931 <https://bugzilla.mozilla.org/show_bug.cgi?id=478931>`__: object leak in
+ pkix_List_MergeLists function
+ - `Bug 478994 <https://bugzilla.mozilla.org/show_bug.cgi?id=478994>`__: Allow Softoken's fork
+ check to be disabled
+ - `Bug 479029 <https://bugzilla.mozilla.org/show_bug.cgi?id=479029>`__: OCSP Response signature
+ cert found invalid if issuer is trusted only for SSL
+ - `Bug 479601 <https://bugzilla.mozilla.org/show_bug.cgi?id=479601>`__: Wrong type (UTF8 String)
+ for email addresses in subject by CERT_AsciiToName
+ - `Bug 480142 <https://bugzilla.mozilla.org/show_bug.cgi?id=480142>`__: Use sizeof on the
+ correct type of ckc_x509 in lib/ckfw
+ - `Bug 480257 <https://bugzilla.mozilla.org/show_bug.cgi?id=480257>`__: OCSP fails when response
+ > 1K Byte
+ - `Bug 480280 <https://bugzilla.mozilla.org/show_bug.cgi?id=480280>`__: The CKA_EC_POINT PKCS#11
+ attribute is encoded in the wrong way: missing encapsulating octet string
+ - `Bug 480442 <https://bugzilla.mozilla.org/show_bug.cgi?id=480442>`__: Remove (empty)
+ watcomfx.h from nss
+ - `Bug 481216 <https://bugzilla.mozilla.org/show_bug.cgi?id=481216>`__: Fix specific spelling
+ errors in NSS
+ - `Bug 482702 <https://bugzilla.mozilla.org/show_bug.cgi?id=482702>`__: OCSP test with revoked
+ CA cert validated as good.
+ - `Bug 483113 <https://bugzilla.mozilla.org/show_bug.cgi?id=483113>`__: add environment variable
+ to disable/enable hash algorithms in cert/CRL signatures
+ - `Bug 483168 <https://bugzilla.mozilla.org/show_bug.cgi?id=483168>`__: NSS Callback API for
+ looking up a default OCSP Responder URL
+ - `Bug 483963 <https://bugzilla.mozilla.org/show_bug.cgi?id=483963>`__: Assertion failure in
+ OCSP tests.
+ - `Bug 484425 <https://bugzilla.mozilla.org/show_bug.cgi?id=484425>`__: Need accessor function
+ to retrieve SymKey handle
+ - `Bug 484466 <https://bugzilla.mozilla.org/show_bug.cgi?id=484466>`__: sec_error_invalid_args
+ with NSS_ENABLE_PKIX_VERIFY=1
+ - `Bug 485127 <https://bugzilla.mozilla.org/show_bug.cgi?id=485127>`__: bltest crashes when
+ attempting rc5_cbc or rc5_ecb
+ - `Bug 485140 <https://bugzilla.mozilla.org/show_bug.cgi?id=485140>`__: Wrong command line flags
+ used to build intel-aes.s with Solaris gas for x86_64
+ - `Bug 485370 <https://bugzilla.mozilla.org/show_bug.cgi?id=485370>`__: crash
+ - `Bug 485713 <https://bugzilla.mozilla.org/show_bug.cgi?id=485713>`__: Files added by Red Hat
+ recently have missing texts in license headers.
+ - `Bug 485729 <https://bugzilla.mozilla.org/show_bug.cgi?id=485729>`__: Remove
+ lib/freebl/mapfile.Solaris
+ - `Bug 485837 <https://bugzilla.mozilla.org/show_bug.cgi?id=485837>`__: vc90.pdb files are
+ output in source directory instead of OBJDIR
+ - `Bug 486060 <https://bugzilla.mozilla.org/show_bug.cgi?id=486060>`__: sec_asn1d_parse_leaf
+ uses argument uninitialized by caller pbe_PK11AlgidToParam
+
+ --------------
+
+`Documentation <#documentation>`__
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. container::
+
+ For a list of the primary NSS documentation pages on mozilla.org, see `NSS
+ Documentation <../index.html#Documentation>`__. New and revised documents available since the
+ release of NSS 3.11 include the following:
+
+ - `Build Instructions for NSS 3.11.4 and above <../nss-3.11.4/nss-3.11.4-build.html>`__
+ - `NSS Shared DB <http://wiki.mozilla.org/NSS_Shared_DB>`__
+
+ --------------
+
+`Compatibility <#compatibility>`__
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. container::
+
+ NSS 3.12.3 shared libraries are backward compatible with all older NSS 3.x shared libraries. A
+ program linked with older NSS 3.x shared libraries will work with NSS 3.12.3 shared libraries
+ without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
+ to the functions listed in `NSS Public Functions <../ref/nssfunctions.html>`__ will remain
+ compatible with future versions of the NSS shared libraries.
+
+ --------------
+
+`Feedback <#feedback>`__
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. container::
+
+ | Bugs discovered should be reported by filing a bug report with `mozilla.org
+ Bugzilla <https://bugzilla.mozilla.org/>`__ (product NSS). \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-09 01:42:04 +0000