diff options
Diffstat (limited to '')
45 files changed, 3029 insertions, 0 deletions
diff --git a/security/nss/doc/rst/releases/index.rst b/security/nss/doc/rst/releases/index.rst new file mode 100644 index 0000000000..527778a996 --- /dev/null +++ b/security/nss/doc/rst/releases/index.rst @@ -0,0 +1,67 @@ +.. _mozilla_projects_nss_releases: + +Releases +======== + +.. toctree:: + :maxdepth: 0 + :glob: + :hidden: + + nss_3_90_1.rst + nss_3_90_0.rst + nss_3_89_1.rst + nss_3_89.rst + nss_3_88_1.rst + nss_3_88.rst + nss_3_87_1.rst + nss_3_87.rst + nss_3_86.rst + nss_3_85.rst + nss_3_84.rst + nss_3_83.rst + nss_3_82.rst + nss_3_81.rst + nss_3_80.rst + nss_3_79_4.rst + nss_3_79_3.rst + nss_3_79_2.rst + nss_3_79_1.rst + nss_3_79.rst + nss_3_78_1.rst + nss_3_78.rst + nss_3_77.rst + nss_3_76_1.rst + nss_3_76.rst + nss_3_75.rst + nss_3_74.rst + nss_3_73_1.rst + nss_3_73.rst + nss_3_72_1.rst + nss_3_72.rst + nss_3_71.rst + nss_3_70.rst + nss_3_69_1.rst + nss_3_69.rst + nss_3_68_4.rst + nss_3_68_3.rst + nss_3_68_2.rst + nss_3_68_1.rst + nss_3_68.rst + nss_3_67.rst + nss_3_66.rst + nss_3_65.rst + nss_3_64.rst + +.. note:: + + **NSS 3.90.1 (ESR)** is the latest version of NSS. + Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_91_0_release_notes` + + +.. container:: + + Changes in 3.90.1 included in this release: + + - Bug 1813401 - regenerate NameConstraints test certificates. + - Bug 1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
\ No newline at end of file diff --git a/security/nss/doc/rst/releases/nss_3_64.rst b/security/nss/doc/rst/releases/nss_3_64.rst new file mode 100644 index 0000000000..a3c605e4cc --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_64.rst @@ -0,0 +1,69 @@ +.. _mozilla_projects_nss_nss_3_64_release_notes: + +NSS 3.64 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.64 was released on **15 April 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_64_RTM. NSS 3.64 requires NSPR 4.30 or newer. + + NSS 3.64 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_64_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_nss_releases`. + +.. _bugs_fixed_in_nss_3.64: + +`Bugs fixed in NSS 3.64 <#bugs_fixed_in_nss_3.64>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1705286 - Properly detect mips64. + - Bug 1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. + - Bug 1698320 - replace \__builtin_cpu_supports("vsx") with ppc_crypto_support() for clang. + - Bug 1613235 - Add POWER ChaCha20 stream cipher vector acceleration. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.64 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.64 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + This version of NSS contains a number of contributions for "unsupported platforms". We would like + to thank the authors and the reviewers for their contributions to NSS. + + Discussions about moving the documentation are still ongoing. (See discussion in the 3.62 release + notes.)
\ No newline at end of file diff --git a/security/nss/doc/rst/releases/nss_3_65.rst b/security/nss/doc/rst/releases/nss_3_65.rst new file mode 100644 index 0000000000..93754b87b0 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_65.rst @@ -0,0 +1,77 @@ +.. _mozilla_projects_nss_nss_3_65_release_notes: + +NSS 3.65 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.65 was released on **13 May 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_65_RTM. NSS 3.65 requires NSPR 4.30 or newer. + + NSS 3.65 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_65_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.65: + +`Bugs fixed in NSS 3.65 <#bugs_fixed_in_nss_3.65>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1709654 - Update for NetBSD configuration. + - Bug 1709750 - Disable HPKE test when fuzzing. + - Bug 1566124 - Optimize AES-GCM for ppc64le. + - Bug 1699021 - Add AES-256-GCM to HPKE. + - Bug 1698419 - ECH -10 updates. + - Bug 1692930 - Update HPKE to final version. + - Bug 1707130 - NSS should use modern algorithms in PKCS#12 files by default. + - Bug 1703936 - New coverity/cpp scanner errors. + - Bug 1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. + - Bug 1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. + - Bug 1705119 - Deadlock when using GCM and non-thread safe tokens. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.65 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.65 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + Due to some changes in the Firefox release cycle, NSS 3.67 has yet to be added + to the NSS release schedule (3.66 is not affected). I will announce the date to + this list once defined. + + Best, + Benjamin diff --git a/security/nss/doc/rst/releases/nss_3_66.rst b/security/nss/doc/rst/releases/nss_3_66.rst new file mode 100644 index 0000000000..f4a93a7f30 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_66.rst @@ -0,0 +1,79 @@ +.. _mozilla_projects_nss_nss_3_66_release_notes: + +NSS 3.66 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.66 was released on **27 May 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_66_RTM. NSS 3.66 requires NSPR 4.30 or newer. + + NSS 3.66 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_66_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.66: + +`Bugs fixed in NSS 3.66 <#bugs_fixed_in_nss_3.66>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1710716 - Remove Expired Sonera Class2 CA from NSS. + - Bug 1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. + - Bug 1708307 - Remove Trustis FPS Root CA from NSS. + - Bug 1707097 - Add Certum Trusted Root CA to NSS. + - Bug 1707097 - Add Certum EC-384 CA to NSS. + - Bug 1703942 - Add ANF Secure Server Root CA to NSS. + - Bug 1697071 - Add GLOBALTRUST 2020 root cert to NSS. + - Bug 1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. + - Bug 1712230 - Don't build ppc-gcm.s with clang integrated assembler. + - Bug 1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. + - Bug 1710773 - NSS needs FIPS 180-3 FIPS indicators. + - Bug 1709291 - Add VerifyCodeSigningCertificateChain. + - Use GNU tar for the release helper script. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.66 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.66 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + To realign the NSS and Firefox release schedules, the next cycle for + NSS 3.67 will be very short and the release happen on June 10th. + https://wiki.mozilla.org/NSS:Release_Versions + + Bug 1712230 introduced a correctness issue for GCM on ppcle64, the fix will + be part of NSS 3.67. diff --git a/security/nss/doc/rst/releases/nss_3_67.rst b/security/nss/doc/rst/releases/nss_3_67.rst new file mode 100644 index 0000000000..65c63bb257 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_67.rst @@ -0,0 +1,70 @@ +.. _mozilla_projects_nss_nss_3_67_release_notes: + +NSS 3.67 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.67 was released on **10 June 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_67_RTM. NSS 3.67 requires NSPR 4.30 or newer. + + NSS 3.67 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_67_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.67: + +`Bugs fixed in NSS 3.67 <#bugs_fixed_in_nss_3.67>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1683710 - Add a means to disable ALPN. + - Bug 1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). + - Bug 1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. + - Bug 1566124 - Fix counter increase in ppc-gcm-wrap.c + - Bug 1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.67 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.67 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + This version of NSS contains a number of contributions for "unsupported platforms". We would like + to thank the authors and the reviewers for their contributions to NSS. + + Discussions about moving the documentation are still ongoing. (See discussion in the 3.62 release + notes.) diff --git a/security/nss/doc/rst/releases/nss_3_68.rst b/security/nss/doc/rst/releases/nss_3_68.rst new file mode 100644 index 0000000000..b98786b55e --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_68.rst @@ -0,0 +1,61 @@ +.. _mozilla_projects_nss_nss_3_68_release_notes: + +NSS 3.68 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.68 was released on **8 July 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_68_RTM. NSS 3.68 requires NSPR 4.32 or newer. + + NSS 3.68 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.68: + +`Bugs fixed in NSS 3.68 <#bugs_fixed_in_nss_3.68>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1713562 - Fix test leak. + - Bug 1717452 - NSS 3.68 should depend on NSPR 4.32. + - Bug 1693206 - Implement PKCS8 export of ECDSA keys. + - Bug 1712883 - DTLS 1.3 draft-43. + - Bug 1655493 - Support SHA2 HW acceleration using Intel SHA Extension. + - Bug 1713562 - Validate ECH public names. + - Bug 1717610 - Add function to get seconds from epoch from pkix::Time. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.68 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.68 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_68_1.rst b/security/nss/doc/rst/releases/nss_3_68_1.rst new file mode 100644 index 0000000000..c5bfc83a94 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_68_1.rst @@ -0,0 +1,62 @@ +.. _mozilla_projects_nss_nss_3_68_1_release_notes: + +NSS 3.68.1 release notes +======================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.68.1 (ESR) was released on **1 December 2021**. + + **This release contains an important security fix for CVE-2021-43527:** + + https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/ + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_68_1_RTM. NSS 3.68.1 requires NSPR 4.32 or newer. + + NSS 3.68.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_1_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.68.1: + +`Changes in NSS 3.68.1 <#changes_in_nss_3.68.1>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1735028 - Check for missing signedData field. + - Bug 1737470 - Ensure DER encoded signatures are within size limits. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.68.1 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_68_2.rst b/security/nss/doc/rst/releases/nss_3_68_2.rst new file mode 100644 index 0000000000..8916dd4076 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_68_2.rst @@ -0,0 +1,57 @@ +.. _mozilla_projects_nss_nss_3_68_2_release_notes: + +NSS 3.68.2 (ESR) release notes +============================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.68.2 (ESR) was released on **15 December 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_68_2_RTM. NSS 3.68.2 requires NSPR 4.32 or newer. + + NSS 3.68.2 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_2_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.68.2: + +`Changes in NSS 3.68.2 <#changes_in_nss_3.68.2>`__ +---------------------------------------------------- + +.. container:: + + - Bug 966856 - Add SHA-2 support to mozilla::pkix's OCSP implementation. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.68.2 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_68_3.rst b/security/nss/doc/rst/releases/nss_3_68_3.rst new file mode 100644 index 0000000000..f33f3b4951 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_68_3.rst @@ -0,0 +1,72 @@ +.. _mozilla_projects_nss_nss_3_68_3_release_notes: + +NSS 3.68.3 (ESR) release notes +============================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.68.3 (ESR) was released on **28 March 2022**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_68_3_RTM. NSS 3.68.3 requires NSPR 4.32 or newer. + + NSS 3.68.3 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_3_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.68.3: + +`Changes in NSS 3.68.3 <#changes_in_nss_3.68.3>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1756271 - Remove token member from NSSSlot struct. + - Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. + - Bug 1370866 - Check return value of PK11Slot_GetNSSToken. + + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.68.3 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). + + +`Notes <#notes>`__ +------------------ + +.. container:: + + This release improves the stability of NSS when used in a multi-threaded + environment. In particular, it fixes memory safety violations that can occur + when PKCS#11 tokens are removed while in use (CVE-2022-1097). We presume + that with enough effort these memory safety violations are exploitable. + diff --git a/security/nss/doc/rst/releases/nss_3_68_4.rst b/security/nss/doc/rst/releases/nss_3_68_4.rst new file mode 100644 index 0000000000..1d69bdd3f7 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_68_4.rst @@ -0,0 +1,59 @@ +.. _mozilla_projects_nss_nss_3_68_4_release_notes: + +NSS 3.68.4 (ESR) release notes +============================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.68.4 (ESR) was released on **31 May 2022**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_68_4_RTM. NSS 3.68.4 requires NSPR 4.32 or newer. + + NSS 3.68.4 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_4_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.68.4: + +`Changes in NSS 3.68.4 <#changes_in_nss_3.68.4>`__ +---------------------------------------------------- + +.. container:: + + - ug 1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.68.4 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). + + diff --git a/security/nss/doc/rst/releases/nss_3_69.rst b/security/nss/doc/rst/releases/nss_3_69.rst new file mode 100644 index 0000000000..cbaa8f05f9 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_69.rst @@ -0,0 +1,64 @@ +.. _mozilla_projects_nss_nss_3_69_release_notes: + +NSS 3.69 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.69 was released on **5 August 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_69_RTM. NSS 3.69 requires NSPR 4.32 or newer. + + NSS 3.69 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_69_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.69: + +`Bugs fixed in NSS 3.69 <#bugs_fixed_in_nss_3.69>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1722613 - Disable DTLS 1.0 and 1.1 by default + - Bug 1720226 - integrity checks in key4.db not happening on private components with AES_CBC + - Bug 1720235 - SSL handling of signature algorithms ignores environmental invalid algorithms. + - Bug 1721476 - sqlite 3.34 changed it's open semantics, causing nss failures. + - Bug 1720230 - Gtest update changed the gtest reports, losing gtest details in all.sh reports. + - Bug 1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode + - Bug 1720232 - SQLite calls could timeout in starvation situations. + - Bug 1720225 - Coverity/cpp scanner errors found in nss 3.67 + - Bug 1709817 - Import the NSS documentation from MDN in nss/doc. + - Bug 1720227 - NSS using a tempdir to measure sql performance not active + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.69 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.69 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_69_1.rst b/security/nss/doc/rst/releases/nss_3_69_1.rst new file mode 100644 index 0000000000..036b4a2975 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_69_1.rst @@ -0,0 +1,76 @@ +.. _mozilla_projects_nss_nss_3_69_1_release_notes: + +NSS 3.69.1 release notes +======================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.69.1 was released on **26 August 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_69_1_RTM. NSS 3.69.1 requires NSPR 4.32 or newer. + + NSS 3.69.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_69_1_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_3.69.1: + +`Changes in NSS 3.69.1 <#changes_3.69.1>`__ +------------------------------------------- + +.. container:: + + - Bug 1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default + - Bug 1720226 (Backout) - integrity checks in key4.db not happening on private components with AES_CBC + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.69.1 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.69.1 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + NSS 3.69.1 is a dot release based on the content of Firefox 92. Due to some issues with + the process for bringing NSS releases to Firefox, commits for 1722613 and 1720226 were absent + from the Firefox 92 branch which was associated to NSS 3.69. Due to time constraints a decision + was made to align the content of 3.69.1 with the Fx92 branch by backing out these changes instead + of restoring these commits. + + Note that Bug 1720226 was also known to introduce a performance regression that has been fixed + in the main/default branch of NSS (Bug 1726022). Since the change has been backed out in this + release, 3.69.1 does not suffer from that performance regression. + + This fix is not in 3.69 (which is affected) but will be in the 3.70 branch, which benefits from + both the change and the fix for the regression. + + The NSS 3.70 release is on schedule and will happen on September 2nd. diff --git a/security/nss/doc/rst/releases/nss_3_70.rst b/security/nss/doc/rst/releases/nss_3_70.rst new file mode 100644 index 0000000000..99c6c29741 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_70.rst @@ -0,0 +1,68 @@ +.. _mozilla_projects_nss_nss_3_70_release_notes: + +NSS 3.70 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.70 was released on **5 August 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_70_RTM. NSS 3.70 requires NSPR 4.32 or newer. + + NSS 3.70 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_70_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.70: + +`Changes in NSS 3.70 <#changes_in_nss_3.70>`__ +---------------------------------------------------- + +.. container:: + + - Documentation: release notes for NSS 3.70. + - Documentation: release notes for NSS 3.69.1. + - Bug 1726022 - Update test case to verify fix. + - Bug 1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max + - Bug 1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback + - Formatting for lib/util + - Bug 1681975 - Avoid using a lookup table in nssb64d. + - Bug 1724629 - Use HW accelerated SHA2 on AArch64 Big Endian. + - Bug 1714579 Change default value of enableHelloDowngradeCheck to true. + - Formatting for gtests/pk11_gtest/pk11_hpke_unittest.cc + - Bug 1726022 Cache additional PBE entries. + - Bug 1709750 - Read HPKE vectors from official JSON. + - Documentation: update for NSS 3.69 release. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.70 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.70 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_71.rst b/security/nss/doc/rst/releases/nss_3_71.rst new file mode 100644 index 0000000000..bdcfa51d12 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_71.rst @@ -0,0 +1,63 @@ +.. _mozilla_projects_nss_nss_3_71_release_notes: + +NSS 3.71 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.71 was released on **30 September 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_71_RTM. NSS 3.71 requires NSPR 4.32 or newer. + + NSS 3.71 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_71_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.71: + +`Changes in NSS 3.71 <#changes_in_nss_3.71>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1717716 - Set nssckbi version number to 2.52. + - Bug 1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py + - Bug 1373716 - Import of PKCS#12 files with Camellia encryption is not supported + - Bug 1717707 - Add HARICA Client ECC Root CA 2021. + - Bug 1717707 - Add HARICA Client RSA Root CA 2021. + - Bug 1717707 - Add HARICA TLS ECC Root CA 2021. + - Bug 1717707 - Add HARICA TLS RSA Root CA 2021. + - Bug 1728394 - Add TunTrust Root CA certificate to NSS. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.71 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_72.rst b/security/nss/doc/rst/releases/nss_3_72.rst new file mode 100644 index 0000000000..6534835109 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_72.rst @@ -0,0 +1,60 @@ +.. _mozilla_projects_nss_nss_3_72_release_notes: + +NSS 3.72 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.72 was released on **28 October 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_72_RTM. NSS 3.72 requires NSPR 4.32 or newer. + + NSS 3.72 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_72_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.72: + +`Changes in NSS 3.72 <#changes_in_nss_3.72>`__ +---------------------------------------------------- + +.. container:: + + - Documentation: release notes for NSS 3.72 + - Documentation: release notes for NSS 3.71 + - Remove newline at the end of coreconf.dep + - Bug 1731911 - Fix nsinstall parallel failure. + - Bug 1729930 - Increase KDF cache size to mitigate perf regression in about:logins. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.72 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_72_1.rst b/security/nss/doc/rst/releases/nss_3_72_1.rst new file mode 100644 index 0000000000..3859505b15 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_72_1.rst @@ -0,0 +1,57 @@ +.. _mozilla_projects_nss_nss_3_72_1_release_notes: + +NSS 3.72.1 release notes +======================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.72.1 was released on **15 December 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_72_1_RTM. NSS 3.72.1 requires NSPR 4.32 or newer. + + NSS 3.72.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_72_1_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.72.1: + +`Changes in NSS 3.72.1 <#changes_in_nss_3.72.1>`__ +---------------------------------------------------- + +.. container:: + + - Bug 966856 - Add SHA-2 support to mozilla::pkix's OCSP implementation. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.72.1 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_73.rst b/security/nss/doc/rst/releases/nss_3_73.rst new file mode 100644 index 0000000000..3d138dadc8 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_73.rst @@ -0,0 +1,65 @@ +.. _mozilla_projects_nss_nss_3_73_release_notes: + +NSS 3.73 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.73 was released on **1 December 2021**. + + **This release contains an important security fix for CVE-2021-43527:** + + https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/ + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_73_RTM. NSS 3.73 requires NSPR 4.32 or newer. + + NSS 3.73 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_73_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.73: + +`Changes in NSS 3.73 <#changes_in_nss_3.73>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1735028 - Check for missing signedData field. + - Bug 1737470 - Ensure DER encoded signatures are within size limits. + - Bug 1729550 - NSS needs FiPS 140-3 version indicators. + - Bug 1692132 - pkix_CacheCert_Lookup doesn't return cached certs. + - Bug 1738600 - Sunset Coverity from NSS. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.73 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_73_1.rst b/security/nss/doc/rst/releases/nss_3_73_1.rst new file mode 100644 index 0000000000..f81810e5d1 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_73_1.rst @@ -0,0 +1,57 @@ +.. _mozilla_projects_nss_nss_3_73_1_release_notes: + +NSS 3.73.1 release notes +======================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.73.1 was released on **15 December 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_73_1_RTM. NSS 3.73.1 requires NSPR 4.32 or newer. + + NSS 3.73.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_73_1_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.73.1: + +`Changes in NSS 3.73.1 <#changes_in_nss_3.73.1>`__ +---------------------------------------------------- + +.. container:: + + - Bug 966856 - Add SHA-2 support to mozilla::pkix's OCSP implementation. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.73.1 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_74.rst b/security/nss/doc/rst/releases/nss_3_74.rst new file mode 100644 index 0000000000..773e6c3471 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_74.rst @@ -0,0 +1,77 @@ +.. _mozilla_projects_nss_nss_3_74_release_notes: + +NSS 3.74 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.74 was released on **6 January 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_74_RTM. NSS 3.74 requires NSPR 4.32 or newer. + + NSS 3.74 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_74_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.74: + +`Changes in NSS 3.74 <#changes_in_nss_3.74>`__ +---------------------------------------------------- + +.. container:: + + - Bug 966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses. + - Bug 1553612 - Ensure clients offer consistent ciphersuites after HRR. + - Bug 1721426 - NSS does not properly restrict server keys based on policy. + - Bug 1733003 - Set nssckbi version number to 2.54. + - Bug 1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate in NSS. + - Bug 1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate in NSS. + - Bug 1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate in NSS. + - Bug 1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate in NSS. + - Bug 1735407 - Replace GlobalSign ECC Root CA R4 in NSS. + - Bug 1733560 - Remove Expired Root Certificates from NSS - DST Root CA X3. + - Bug 1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates from NSS. + - Bug 1741930 - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate to NSS. + - Bug 1740095 - Add iTrusChina ECC root certificate to NSS. + - Bug 1740095 - Add iTrusChina RSA root certificate to NSS. + - Bug 1738805 - Add ISRG Root X2 root certificate to NSS. + - Bug 1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate to NSS. + - Bug 1738028 - Avoid a clang 13 unused variable warning in opt build. + - Bug 1735028 - Check for missing signedData field. + - Bug 1737470 - Ensure DER encoded signatures are within size limits. + + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.74 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_75.rst b/security/nss/doc/rst/releases/nss_3_75.rst new file mode 100644 index 0000000000..d7fb1d3fa0 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_75.rst @@ -0,0 +1,89 @@ +.. _mozilla_projects_nss_nss_3_75_release_notes: + +NSS 3.75 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.75 was released on **3 February 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_75_RTM. NSS 3.75 requires NSPR 4.32 or newer. + + NSS 3.75 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_75_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.75: + +`Changes in NSS 3.75 <#changes_in_nss_3.75>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1749030 - This patch adds gcc-9 and gcc-10 to the CI. + - Bug 1749794 - Make DottedOIDToCode.py compatible with python3. + - Bug 1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing. + - Bug 1748386 - Remove redundant key type check. + - Bug 1749869 - Update ABI expectations to match ECH changes. + - Bug 1748386 - Enable CKM_CHACHA20. + - Bug 1747327 - check return on NSS_NoDB_Init and NSS_Shutdown. + - Bug 1747310 - real move assignment operator. + - Bug 1748245 - Run ECDSA test vectors from bltest as part of the CI tests. + - Bug 1743302 - Add ECDSA test vectors to the bltest command line tool. + - Bug 1747772 - Allow to build using clang's integrated assembler. + - Bug 1321398 - Allow to override python for the build. + - Bug 1747317 - test HKDF output rather than input. + - Bug 1747316 - Use ASSERT macros to end failed tests early. + - Bug 1747310 - move assignment operator for DataBuffer. + - Bug 1712879 - Add test cases for ECH compression and unexpected extensions in SH. + - Bug 1725938 - Update tests for ECH-13. + - Bug 1725938 - Tidy up error handling. + - Bug 1728281 - Add tests for ECH HRR Changes. + - Bug 1728281 - Server only sends GREASE HRR extension if enabled by preference. + - Bug 1725938 - Update generation of the Associated Data for ECH-13. + - Bug 1712879 - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. + - Bug 1712879 - Allow for compressed, non-contiguous, extensions. + - Bug 1712879 - Scramble the PSK extension in CHOuter. + - Bug 1712647 - Split custom extension handling for ECH. + - Bug 1728281 - Add ECH-13 HRR Handling. + - Bug 1677181 - Client side ECH padding. + - Bug 1725938 - Stricter ClientHelloInner Decompression. + - Bug 1725938 - Remove ECH_inner extension, use new enum format. + - Bug 1725938 - Update the version number for ECH-13 and adjust the ECHConfig size. + + + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.75 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_76.rst b/security/nss/doc/rst/releases/nss_3_76.rst new file mode 100644 index 0000000000..373efdc080 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_76.rst @@ -0,0 +1,63 @@ +.. _mozilla_projects_nss_nss_3_76_release_notes: + +NSS 3.76 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.76 was released on **3 March 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_76_RTM. NSS 3.76 requires NSPR 4.32 or newer. + + NSS 3.76 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_76_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.76: + +`Changes in NSS 3.76 <#changes_in_nss_3.76>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. r=rrelyea + - Bug 1370866 - Check return value of PK11Slot_GetNSSToken. r=djackson + - Bug 1747957 - Use Wycheproof JSON for RSASSA-PSS, r=nss-reviewers,bbeurdouche + - Bug 1679803 - Add SHA256 fingerprint comments to old certdata.txt entries. r=nss-reviewers,bbeurdouche + - Bug 1753505 - Avoid truncating files in nss-release-helper.py. r=bbeurdouche + - Bug 1751157 - Throw illegal_parameter alert for illegal extensions in handshake message. r=djackson + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.76 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_76_1.rst b/security/nss/doc/rst/releases/nss_3_76_1.rst new file mode 100644 index 0000000000..245a72b1a4 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_76_1.rst @@ -0,0 +1,68 @@ +.. _mozilla_projects_nss_nss_3_76_1_release_notes: + +NSS 3.76.1 release notes +======================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.76.1 was released on **28 March 2022**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_76_1_RTM. NSS 3.76.1 requires NSPR 4.32 or newer. + + NSS 3.76.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_76_1_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.76.1: + +`Changes in NSS 3.76.1 <#changes_in_nss_3.76.1>`__ +-------------------------------------------------- + +.. container:: + + - Bug 1756271 - Remove token member from NSSSlot struct. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.76.1 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + This release improves the stability of NSS when used in a multi-threaded + environment. In particular, it fixes memory safety violations that can occur + when PKCS#11 tokens are removed while in use (CVE-2022-1097). We presume + that with enough effort these memory safety violations are exploitable. + diff --git a/security/nss/doc/rst/releases/nss_3_77.rst b/security/nss/doc/rst/releases/nss_3_77.rst new file mode 100644 index 0000000000..1e8513468e --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_77.rst @@ -0,0 +1,92 @@ +.. _mozilla_projects_nss_nss_3_77_release_notes: + +NSS 3.77 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.77 was released on **31 March 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_77_RTM. NSS 3.77 requires NSPR 4.32 or newer. + + NSS 3.77 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_77_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.77: + +`Changes in NSS 3.77 <#changes_in_nss_3.77>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1762244 - resolve mpitests build failure on Windows. + - Bug 1761779 - Fix link to TLS page on wireshark wiki + - Bug 1754890 - Add two D-TRUST 2020 root certificates. + - Bug 1751298 - Add Telia Root CA v2 root certificate. + - Bug 1751305 - Remove expired explicitly distrusted certificates from certdata.txt. + - Bug 1005084 - support specific RSA-PSS parameters in mozilla::pkix + - Bug 1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. + - Bug 1756271 - Remove token member from NSSSlot struct. + - Bug 1602379 - Provide secure variants of mpp_pprime and mpp_make_prime. + - Bug 1757279 - Support UTF-8 library path in the module spec string. + - Bug 1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. + - Bug 1760827 - Add a CI Target for gcc-11. + - Bug 1760828 - Change to makefiles for gcc-4.8. + - Bug 1741688 - Update googletest to 1.11.0 + - Bug 1759525 - Add SetTls13GreaseEchSize to experimental API. + - Bug 1755264 - TLS 1.3 Illegal legacy_version handling/alerts. + - Bug 1755904 - Fix calculation of ECH HRR Transcript. + - Bug 1758741 - Allow ld path to be set as environment variable. + - Bug 1760653 - Ensure we don't read uninitialized memory in ssl gtests. + - Bug 1758478 - Fix DataBuffer Move Assignment. + - Bug 1552254 - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 + - Bug 1755092 - rework signature verification in mozilla::pkix + + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.77 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + For users upgrading from NSS < 3.76.1 or NSS < 3.68.3, this release improves + the stability of NSS when used in a multi-threaded environment. In + particular, it fixes memory safety violations that can occur when PKCS#11 + tokens are removed while in use (CVE-2022-1097). We presume that with enough + effort these memory safety violations are exploitable. + diff --git a/security/nss/doc/rst/releases/nss_3_78.rst b/security/nss/doc/rst/releases/nss_3_78.rst new file mode 100644 index 0000000000..076fc37852 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_78.rst @@ -0,0 +1,64 @@ +.. _mozilla_projects_nss_nss_3_78_release_notes: + +NSS 3.78 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.78 was released on **28 April 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_78_RTM. NSS 3.78 requires NSPR 4.32 or newer. + + NSS 3.78 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_78_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.78: + +`Changes in NSS 3.78 <#changes_in_nss_3.78>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. + - Bug 1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries. + - Bug 1763120 - Add ECH Grease Support to tstclnt + - Bug 1765003 - Add a strict variant of moz::pkix::CheckCertHostname. + - Bug 1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. + - Bug 1760813 - Make SEC_PKCS12EnableCipher succeed + - Bug 1762489 - Update zlib in NSS to 1.2.12. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.78 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_78_1.rst b/security/nss/doc/rst/releases/nss_3_78_1.rst new file mode 100644 index 0000000000..e563840c57 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_78_1.rst @@ -0,0 +1,59 @@ +.. _mozilla_projects_nss_nss_3_78_release_notes: + +NSS 3.78 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.78.1 was released on **31 May 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_78_1_RTM. NSS 3.78.1 requires NSPR 4.32 or newer. + + NSS 3.78.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_78_1_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.78.1: + +`Changes in NSS 3.78.1 <#changes_in_nss_3.78.1>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. + - Bug 1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.78.1 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_79.rst b/security/nss/doc/rst/releases/nss_3_79.rst new file mode 100644 index 0000000000..10b89adb9f --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_79.rst @@ -0,0 +1,70 @@ +.. _mozilla_projects_nss_nss_3_79_release_notes: + +NSS 3.79 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.79 was released on **31 May 2022**. NSS 3.79 is an ESR release. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_79_RTM. NSS 3.79 requires NSPR 4.34 or newer. + + NSS 3.79 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_79_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.79: + +`Changes in NSS 3.79 <#changes_in_nss_3.79>`__ +---------------------------------------------- + +.. container:: + + - Bug 205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. + - Bug 1766907 - Update mercurial in clang-format docker image. + - Bug 1454072 - Use of uninitialized pointer in lg_init after alloc fail. + - Bug 1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. + - Bug 1753315 - Add SECMOD_LockedModuleHasRemovableSlots. + - Bug 1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. + - Bug 1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. + - Bug 1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. + - Bug 1764788 - Correct invalid record inner and outer content type alerts. + - Bug 1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. + - Bug 1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle. + - Bug 1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. + - Bug 1769302 - NSS 3.79 should depend on NSPR 4.34 + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.79 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_79_1.rst b/security/nss/doc/rst/releases/nss_3_79_1.rst new file mode 100644 index 0000000000..a126de1ba4 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_79_1.rst @@ -0,0 +1,62 @@ +.. _mozilla_projects_nss_nss_3_79_1_release_notes: + +NSS 3.79.1 release notes +======================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.79.1 was released on **18 August 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_79_1_RTM. NSS 3.79.1 requires NSPR 4.34 or newer. + + NSS 3.79.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_79_1_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.79.1: + +`Changes in NSS 3.79.1 <#changes_in_nss_3.79.1>`__ +-------------------------------------------------- + +.. container:: + + - Bug 1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier. + - Bug 1771498 - Uninitialized value in cert_ComputeCertType. + - Bug 1759794 - protect SFTKSlot needLogin with slotLock. + - Bug 1760998 - avoid data race on primary password change. + - Bug 1330271 - check for null template in sec_asn1{d,e}_push_state. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.79.1 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_79_2.rst b/security/nss/doc/rst/releases/nss_3_79_2.rst new file mode 100644 index 0000000000..36b369e792 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_79_2.rst @@ -0,0 +1,59 @@ +.. _mozilla_projects_nss_nss_3_79_2_release_notes: + +NSS 3.79.2 release notes +======================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.79.2 was released on **25 October 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_79_2_RTM. NSS 3.79.2 requires NSPR 4.34.1 or newer. + + NSS 3.79.2 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_79_2_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.79.2: + +`Changes in NSS 3.79.2 <#changes_in_nss_3.79.2>`__ +-------------------------------------------------- + +.. container:: + + - Bug 1785846 - Bump minimum NSPR version to 4.34.1. + - Bug 1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.79.2 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_79_3.rst b/security/nss/doc/rst/releases/nss_3_79_3.rst new file mode 100644 index 0000000000..e9517002f4 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_79_3.rst @@ -0,0 +1,58 @@ +.. _mozilla_projects_nss_nss_3_79_3_release_notes: + +NSS 3.79.3 release notes +======================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.79.3 was released on **10 January 2023**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_79_3_RTM. NSS 3.79.3 requires NSPR 4.34.1 or newer. + + NSS 3.79.3 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_79_3_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.79.3: + +`Changes in NSS 3.79.3 <#changes_in_nss_3.79.3>`__ +-------------------------------------------------- + +.. container:: + + - Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.79.3 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_79_4.rst b/security/nss/doc/rst/releases/nss_3_79_4.rst new file mode 100644 index 0000000000..c439219a6e --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_79_4.rst @@ -0,0 +1,58 @@ +.. _mozilla_projects_nss_nss_3_79_4_release_notes: + +NSS 3.79.4 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.79.4 was released on **9 February 2023**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_79_4_RTM. NSS 3.79.4 requires NSPR 4.34.1 or newer. + + NSS 3.79.4 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_79_4_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.79.4: + +`Changes in NSS 3.79.4 <#changes_in_nss_3.79.4>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1804640 - improve handling of unknown PKCS#12 safe bag types. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.79.4 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_80.rst b/security/nss/doc/rst/releases/nss_3_80.rst new file mode 100644 index 0000000000..028393a9f4 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_80.rst @@ -0,0 +1,75 @@ +.. _mozilla_projects_nss_nss_3_80_release_notes: + +NSS 3.80 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.80 was released on **23 June 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_80_RTM. NSS 3.80 requires NSPR 4.34 or newer. + + NSS 3.80 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_80_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.80: + +`Changes in NSS 3.80 <#changes_in_nss_3.80>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. + - Bug 1617956 - Add support for asynchronous client auth hooks. + - Bug 1497537 - nss-policy-check: make unknown keyword check optional. + - Bug 1765383 - GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. + - Bug 1773022 - Mark 3.79 as an ESR release. + - Bug 1764206 - Bump nssckbi version number for June. + - Bug 1759815 - Remove Hellenic Academic 2011 Root. + - Bug 1770267 - Add E-Tugra Roots. + - Bug 1768970 - Add Certainly Roots. + - Bug 1764392 - Add DigitCert Roots. + - Bug 1759794 - Protect SFTKSlot needLogin with slotLock. + - Bug 1366464 - Compare signature and signatureAlgorithm fields in legacy certificate verifier. + - Bug 1771497 - Uninitialized value in cert_VerifyCertChainOld. + - Bug 1771495 - Unchecked return code in sec_DecodeSigAlg. + - Bug 1771498 - Uninitialized value in cert_ComputeCertType. + - Bug 1760998 - Avoid data race on primary password change. + - Bug 1769063 - Replace ppc64 dcbzl intrinisic. + - Bug 1771036 - Allow LDFLAGS override in makefile builds. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.80 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_81.rst b/security/nss/doc/rst/releases/nss_3_81.rst new file mode 100644 index 0000000000..f7c736224f --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_81.rst @@ -0,0 +1,60 @@ +.. _mozilla_projects_nss_nss_3_81_release_notes: + +NSS 3.81 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.81 was released on **21 July 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_81_RTM. NSS 3.81 requires NSPR 4.34 or newer. + + NSS 3.81 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_81_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.81: + +`Changes in NSS 3.81 <#changes_in_nss_3.81>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1762831: Enable aarch64 hardware crypto support on OpenBSD. + - Bug 1775359 - make NSS_SecureMemcmp 0/1 valued. + - Bug 1779285: Add no_application_protocol alert handler and test client error code is set. + - Bug 1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.81 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_82.rst b/security/nss/doc/rst/releases/nss_3_82.rst new file mode 100644 index 0000000000..eba08b4468 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_82.rst @@ -0,0 +1,61 @@ +.. _mozilla_projects_nss_nss_3_82_release_notes: + +NSS 3.82 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.82 was released on **18 August 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_82_RTM. NSS 3.82 requires NSPR 4.34 or newer. + + NSS 3.82 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_82_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.82: + +`Changes in NSS 3.82 <#changes_in_nss_3.82>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1330271 - check for null template in sec_asn1{d,e}_push_state + - Bug 1735925 - QuickDER: Forbid NULL tags with non-zero length + - Bug 1784724 - Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite + - Bug 1784191 - Cast the result of GetProcAddress + - Bug 1681099 - pk11wrap: Tighten certificate lookup based on PKCS #11 URI + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.82 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_83.rst b/security/nss/doc/rst/releases/nss_3_83.rst new file mode 100644 index 0000000000..18b99f33ff --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_83.rst @@ -0,0 +1,74 @@ +.. _mozilla_projects_nss_nss_3_83_release_notes: + +NSS 3.83 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.83 was released on **15 September 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_83_RTM. NSS 3.83 requires NSPR 4.34.1 or newer. + + NSS 3.83 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_83_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.83: + +`Changes in NSS 3.83 <#changes_in_nss_3.83>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1788875 - Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags + - Bug 1563221 - remove older oses that are unused part3/ BeOS + - Bug 1563221 - remove older unix support in NSS part 3 Irix + - Bug 1563221 - remove support for older unix in NSS part 2 DGUX + - Bug 1563221 - remove support for older unix in NSS part 1 OSF + - Bug 1778413 - Set nssckbi version number to 2.58 + - Bug 1785297 - Add two SECOM root certificates to NSS + - Bug 1787075 - Add two DigitalSign root certificates to NSS + - Bug 1778412 - Remove Camerfirma Global Chambersign Root from NSS + - Bug 1771100 - Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test + - Bug 1779361 - Removed skipping of ECH on equality of private and public SNI server name + - Bug 1779357 - Added comment and bug reference to ECHRandomHRRExtension bogo test + - Bug 1779370 - Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR + - Bug 1779234 - Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing + - Bug 1771100 - Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo + - Bug 1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs + - Bug 1771100 - Update BoGo tests to recent BoringSSL version + - Bug 1785846 - Bump minimum NSPR version to 4.34.1 + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.83 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_84.rst b/security/nss/doc/rst/releases/nss_3_84.rst new file mode 100644 index 0000000000..5c6d79314c --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_84.rst @@ -0,0 +1,58 @@ +.. _mozilla_projects_nss_nss_3_84_release_notes: + +NSS 3.84 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.84 was released on **13 October 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_84_RTM. NSS 3.84 requires NSPR 4.35 or newer. + + NSS 3.84 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_84_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.84: + +`Changes in NSS 3.84 <#changes_in_nss_3.84>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1791699 - Bump minimum NSPR version to 4.35. + - Bug 1792103 - Add a flag to disable building libnssckbi. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.84 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_85.rst b/security/nss/doc/rst/releases/nss_3_85.rst new file mode 100644 index 0000000000..aaad87ec53 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_85.rst @@ -0,0 +1,72 @@ +.. _mozilla_projects_nss_nss_3_85_release_notes: + +NSS 3.85 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.85 was released on **10 November 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_85_RTM. NSS 3.85 requires NSPR 4.35 or newer. + + NSS 3.85 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_85_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.85: + +`Changes in NSS 3.85 <#changes_in_nss_3.85>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1792821 - Modification of the primes.c and dhe-params.c in order to have better looking tables. + - Bug 1796815 - Update zlib in NSS to 1.2.13. + - Bug 1796504 - Skip building modutil and shlibsign when building in Firefox. + - Bug 1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard. + - Bug 1796407 - Fix -Wunused-but-set-variable warning from clang 15. + - Bug 1796308 - Fix -Wtautological-constant-out-of-range-compare and -Wtype-limits warnings. + - Bug 1796281 - Followup: add missing stdint.h include. + - Bug 1796281 - Fix -Wint-to-void-pointer-cast warnings. + - Bug 1796280 - Fix -Wunused-{function,variable,but-set-variable} warnings on Windows. + - Bug 1796079 - Fix -Wstring-conversion warnings. + - Bug 1796075 - Fix -Wempty-body warnings. + - Bug 1795242 - Fix unused-but-set-parameter warning. + - Bug 1795241 - Fix unreachable-code warnings. + - Bug 1795222 - Mark _nss_version_c unused on clang-cl. + - Bug 1795668 - Remove redundant variable definitions in lowhashtest. + - No bug - Add note about python executable to build instructions. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.85 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_86.rst b/security/nss/doc/rst/releases/nss_3_86.rst new file mode 100644 index 0000000000..00721f12db --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_86.rst @@ -0,0 +1,72 @@ +.. _mozilla_projects_nss_nss_3_86_release_notes: + +NSS 3.86 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.86 was released on **8 December 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_86_RTM. NSS 3.86 requires NSPR 4.35 or newer. + + NSS 3.86 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_86_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.86: + +`Changes in NSS 3.86 <#changes_in_nss_3.86>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1803190 - conscious language removal in NSS. + - Bug 1794506 - Set nssckbi version number to 2.60. + - Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates. + - Bug 1799038 - Remove Staat der Nederlanden EV Root CA from NSS. + - Bug 1797559 - Remove EC-ACC root cert from NSS. + - Bug 1794507 - Remove SwissSign Platinum CA - G2 from NSS. + - Bug 1794495 - Remove Network Solutions Certificate Authority. + - Bug 1802331 - compress docker image artifact with zstd. + - Bug 1799315 - Migrate nss from AWS to GCP. + - Bug 1800989 - Enable static builds in the CI. + - Bug 1765759 - Removing SAW docker from the NSS build system. + - Bug 1783231 - Initialising variables in the rsa blinding code. + - Bug 320582 - Implementation of the double-signing of the message for ECDSA. + - Bug 1783231 - Adding exponent blinding for RSA. + + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.86 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_87.rst b/security/nss/doc/rst/releases/nss_3_87.rst new file mode 100644 index 0000000000..a36041fad5 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_87.rst @@ -0,0 +1,68 @@ +.. _mozilla_projects_nss_nss_3_87_release_notes: + +NSS 3.87 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.87 was released on **5 January 2023**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_87_RTM. NSS 3.87 requires NSPR 4.35 or newer. + + NSS 3.87 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_87_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.87: + +`Changes in NSS 3.87 <#changes_in_nss_3.87>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1803226 - NULL password encoding incorrect. + - Bug 1804071 - Fix rng stub signature for fuzzing builds. + - Bug 1803595 - Updating the compiler parsing for build. + - Bug 1749030 - Modification of supported compilers. + - Bug 1774654 tstclnt crashes when accessing gnutls server without a user cert in the database. + - Bug 1751707 - Add configuration option to enable source-based coverage sanitizer. + - Bug 1751705 - Update ECCKiila generated files. + - Bug 1730353 - Add support for the LoongArch 64-bit architecture. + - Bug 1798823 - add checks for zero-length RSA modulus to avoid memory errors and failed assertions later. + - Bug 1798823 - Additional zero-length RSA modulus checks. + + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.87 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_87_1.rst b/security/nss/doc/rst/releases/nss_3_87_1.rst new file mode 100644 index 0000000000..9d572cf55c --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_87_1.rst @@ -0,0 +1,57 @@ +.. _mozilla_projects_nss_nss_3_87_1_release_notes: + +NSS 3.87.1 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.87.1 was released on **9 February 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_87_RTM. NSS 3.87 requires NSPR 4.35 or newer. + + NSS 3.87.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_87_1_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.87.1: + +`Changes in NSS 3.87.1 <#changes_in_nss_3.87.1>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1804640 - improve handling of unknown PKCS#12 safe bag types. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.87.1 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_88.rst b/security/nss/doc/rst/releases/nss_3_88.rst new file mode 100644 index 0000000000..188bbfbf3d --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_88.rst @@ -0,0 +1,82 @@ +.. _mozilla_projects_nss_nss_3_88_release_notes: + +NSS 3.88 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.88 was released on *9 February 2023**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_88_RTM. NSS 3.88 requires NSPR 4.35 or newer. + + NSS 3.88 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_88_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.88: + +`Changes in NSS 3.88 <#changes_in_nss_3.88>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1815870 - use a different treeherder symbol for each docker image build task. + - Bug 1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images + - Bug 1810702 - remove nested table in rst doc + - Bug 1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag. + - Bug 1812671 - build failure while implicitly casting SECStatus to PRUInt32. r=nss-reviewers,mt + - Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests + - Bug 1771100 - Added EarlyData ALPN test support to BoGo shim. + - Bug 1790357 - ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup. + - Bug 1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm. + - Bug 1789410 - ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test. + - Bug 1771100 - Added Bogo ECH rejection test support. + - Bug 1771100 - Added ECH 0Rtt support to BoGo shim. + - Bug 1747957 - RSA OAEP Wycheproof JSON + - Bug 1747957 - RSA decrypt Wycheproof JSON + - Bug 1747957 - ECDSA Wycheproof JSON + - Bug 1747957 - ECDH Wycheproof JSON + - Bug 1747957 - PKCS#1v1.5 wycheproof json + - Bug 1747957 - Use X25519 wycheproof json + - Bug 1766767 - Move scripts to python3 + - Bug 1809627 - Properly link FuzzingEngine for oss-fuzz. + - Bug 1805907 - Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) + - Bug 1804091 NSS needs to move off of DSA for integrity checks + - Bug 1805815 - Add initial testing with ACVP vector sets using acvp-rust + - Bug 1806369 - Don't clone libFuzzer, rely on clang instead + + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.88 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_88_1.rst b/security/nss/doc/rst/releases/nss_3_88_1.rst new file mode 100644 index 0000000000..77d79f216a --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_88_1.rst @@ -0,0 +1,58 @@ +.. _mozilla_projects_nss_nss_3_88_1_release_notes: + +NSS 3.88.1 release notes +======================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.88.1 was released on *9 February 2023**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_88_1_RTM. NSS 3.88.1 requires NSPR 4.35 or newer. + + NSS 3.88.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_88_1_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.88.1: + +`Changes in NSS 3.88.1 <#changes_in_nss_3.88.1>`__ +-------------------------------------------------- + +.. container:: + + - Bug 1804640 - improve handling of unknown PKCS#12 safe bag types. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.88.1 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_89.rst b/security/nss/doc/rst/releases/nss_3_89.rst new file mode 100644 index 0000000000..f729b9b898 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_89.rst @@ -0,0 +1,83 @@ +.. _mozilla_projects_nss_nss_3_89_release_notes: + +NSS 3.89 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.89 was released on *9 March 2023**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_89_RTM. NSS 3.89 requires NSPR 4.35 or newer. + + NSS 3.89 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_89_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.89: + +`Changes in NSS 3.89 <#changes_in_nss_3.89>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase. + - Bug 1820175 - PR_STATIC_ASSERT is cursed. + - Bug 1767883 - Need to add policy control to keys lengths for signatures. + - Bug 1820175 - Fix unreachable code warning in fuzz builds. + - Bug 1820175 - Fix various compiler warnings in NSS. + - Bug 1820175 - Enable various compiler warnings for clang builds. + - Bug 1815136 - set PORT error after sftk_HMACCmp failure. + - Bug 1767883 - Need to add policy control to keys lengths for signatures. + - Bug 1804662 - remove data length assertion in sec_PKCS7Decrypt. + - Bug 1804660 - Make high tag number assertion failure an error. + - Bug 1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384. + - Bug 1815167 - Tolerate certificate_authorities xtn in ClientHello. + - Bug 1789436 - Fix build failure on Windows. + - Bug 1811337 - migrate Win 2012 tasks to Azure. + - Bug 1810702 - fix title length in doc. + - Bug 1570615 - Add interop tests for HRR and PSK to GREASE suite. + - Bug 1570615 - Add presence/absence tests for TLS GREASE. + - Bug 1804688 - Correct addition of GREASE value to ALPN xtn. + - Bug 1789436 - CH extension permutation. + - Bug 1570615 - TLS GREASE (RFC8701). + - Bug 1804640 - improve handling of unknown PKCS#12 safe bag types. + - Bug 1815870 - use a different treeherder symbol for each docker image build task. + - Bug 1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images. + - Bug 1810702 - remove nested table in rst doc. + - Bug 1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag. + - Bug 1812671 - build failure while implicitly casting SECStatus to PRUInt32. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.89 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_89_1.rst b/security/nss/doc/rst/releases/nss_3_89_1.rst new file mode 100644 index 0000000000..963aded8b6 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_89_1.rst @@ -0,0 +1,59 @@ +.. _mozilla_projects_nss_nss_3_89_1_release_notes: + +NSS 3.89.1 release notes +======================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.89.1 was released on *5th May 2023**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_89_1_RTM. NSS 3.89.1 requires NSPR 4.35 or newer. + + NSS 3.89.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_89_1_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.89.1: + +`Changes in NSS 3.89.1 <#changes_in_nss_3.89.1>`__ +-------------------------------------------------- + +.. container:: + + - Bug 1804505 - Update the technical constraints for KamuSM. + - Bug 1822921 - Add BJCA Global Root CA1 and CA2 root certificates. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.89.1 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_90.rst b/security/nss/doc/rst/releases/nss_3_90.rst new file mode 100644 index 0000000000..b2b242becf --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_90.rst @@ -0,0 +1,89 @@ +.. _mozilla_projects_nss_nss_3_90_release_notes: + +NSS 3.90 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.90 was released on *4 June 2023**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_90_RTM. NSS 3.90 requires NSPR 4.35 or newer. + + NSS 3.90 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_90_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.90: + +`Changes in NSS 3.90 <#changes_in_nss_3.90>`__ +---------------------------------------------------- + +.. container:: + + +- Bug 1623338 - ride along: remove a duplicated doc page +- Bug 1623338 - remove a reference to IRC +- Bug 1831983 - clang-format lib/freebl/stubs.c +- Bug 1831983 - Add a constant time select function +- Bug 1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. +- Bug 1830973 - output early build errors by default +- Bug 1804505 - Update the technical constraints for KamuSM +- Bug 1822921 - Add BJCA Global Root CA1 and CA2 root certificates +- Bug 1790763 - Enable default UBSan Checks +- Bug 1786018 - Add explicit handling of zero length records +- Bug 1829391 - Tidy up DTLS ACK Error Handling Path +- Bug 1786018 - Refactor zero length record tests +- Bug 1829112 - Fix compiler warning via correct assert +- Bug 1755267 - run linux tests on nss-t/t-linux-xlarge-gcp +- Bug 1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator +- Bug 1784163 - Fix reading raw negative numbers +- Bug 1748237 - Repairing unreachable code in clang built with gyp +- Bug 1783647 - Integrate Vale Curve25519 +- Bug 1799468 - Removing unused flags for Hacl* +- Bug 1748237 - Adding a better error message +- Bug 1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 +- Bug 1782980 - Fall back to the softokn when writing certificate trust +- Bug 1806010 - FIPS-104-3 requires we restart post programmatically +- Bug 1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13 +- Bug 1818766 - Update ACVP dockerfile for compatibility with debian package changes +- Bug 1815796 - Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files +- Bug 1819958 - Removed deprecated sprintf function and replaced with snprintf +- Bug 1822076 - fix rst warnings in nss doc +- Bug 1821997 - Fix incorrect pygment style +- Bug 1821292 - Change GYP directive to apply across platforms +- Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.90 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_90_1.rst b/security/nss/doc/rst/releases/nss_3_90_1.rst new file mode 100644 index 0000000000..875e24b11d --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_90_1.rst @@ -0,0 +1,59 @@ +.. _mozilla_projects_nss_nss_3_90_1_release_notes: + +NSS 3.90.1 release notes +======================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.90.1 was released on *10th November 2023**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_90_1_RTM. NSS 3.90.1 requires NSPR 4.35 or newer. + + NSS 3.90.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_90_1_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.90.1: + +`Changes in NSS 3.90.1 <#changes_in_nss_3.90.1>`__ +-------------------------------------------------- + +.. container:: + + - Bug 1813401 - regenerate NameConstraints test certificates. + - Bug 1854795 - add OSXSAVE and XCR0 tests to AVX2 detection. + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.90.1 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). |