From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- .../nss_releases/nss_3.48_release_notes/index.rst | 178 +++++++++++++++++++++ 1 file changed, 178 insertions(+) create mode 100644 security/nss/doc/rst/legacy/nss_releases/nss_3.48_release_notes/index.rst (limited to 'security/nss/doc/rst/legacy/nss_releases/nss_3.48_release_notes/index.rst') diff --git a/security/nss/doc/rst/legacy/nss_releases/nss_3.48_release_notes/index.rst b/security/nss/doc/rst/legacy/nss_releases/nss_3.48_release_notes/index.rst new file mode 100644 index 0000000000..fb1b02370e --- /dev/null +++ b/security/nss/doc/rst/legacy/nss_releases/nss_3.48_release_notes/index.rst @@ -0,0 +1,178 @@ +.. _mozilla_projects_nss_nss_3_48_release_notes: + +NSS 3.48 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + The NSS team has released Network Security Services (NSS) 3.48 on **5 December 2019**, which is a + minor release. + + The NSS team would like to recognize first-time contributors: + + - Craig Disselkoen + - Giulio Benetti + - Lauri Kasanen + - Tom Prince + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_48_RTM. NSS 3.48 requires NSPR 4.24 or newer. + + NSS 3.48 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_48_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_nss_releases`. + +.. _notable_changes_in_nss_3.48: + +`Notable Changes in NSS 3.48 <#notable_changes_in_nss_3.48>`__ +-------------------------------------------------------------- + +.. container:: + + - `TLS 1.3 `__ is the default maximum TLS + version. See `Bug 1573118 `__ for + details. + - `TLS extended master secret `__ is enabled by + default, where possible. See `Bug + 1575411 `__ for details. + - The master password PBE now uses 10,000 iterations by default when using the default sql + (key4.db) storage. Because using an iteration count higher than 1 with the legacy dbm + (key3.db) storage creates files that are incompatible with previous versions of NSS, + applications that wish to enable it for key3.db are required to set environment variable + NSS_ALLOW_LEGACY_DBM_ITERATION_COUNT=1. Applications may set environment variable + NSS_MIN_MP_PBE_ITERATION_COUNT to request a higher iteration count than the library's default, + or NSS_MAX_MP_PBE_ITERATION_COUNT to request a lower iteration count for test environments. + See `Bug 1562671 `__ for details. + +.. _certificate_authority_changes: + +`Certificate Authority Changes <#certificate_authority_changes>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + - The following CA certificates were Added: + + - `Bug 1591178 `__ - Entrust Root + Certification Authority - G4 Cert + + - SHA-256 Fingerprint: DB3517D1F6732A2D5AB97C533EC70779EE3270A62FB4AC4238372460E6F01E88 + +.. _upcoming_changes_in_nss_3.49: + +`Upcoming Changes in NSS 3.49 <#upcoming_changes_in_nss_3.49>`__ +---------------------------------------------------------------- + +.. container:: + + - The legacy DBM database, **libnssdbm**, will no longer be built by default. See `Bug + 1594933 `__ for details. + +.. _bugs_fixed_in_nss_3.48: + +`Bugs fixed in NSS 3.48 <#bugs_fixed_in_nss_3.48>`__ +---------------------------------------------------- + +.. container:: + + - `Bug 1600775 `__ - Require NSPR 4.24 for + NSS 3.48 + - `Bug 1593401 `__ - Fix race condition in + self-encrypt functions + - `Bug 1599545 `__ - Fix assertion and add + test for early Key Update + - `Bug 1597799 `__ - Fix a crash in + nssCKFWObject_GetAttributeSize + - `Bug 1591178 `__ - Add Entrust Root + Certification Authority - G4 certificate to NSS + - `Bug 1590001 `__ - Prevent negotiation + of versions lower than 1.3 after HelloRetryRequest + - `Bug 1596450 `__ - Added a simplified + and unified MAC implementation for HMAC and CMAC behind PKCS#11 + - `Bug 1522203 `__ - Remove an old Pentium + Pro performance workaround + - `Bug 1592557 `__ - Fix PRNG + known-answer-test scripts + - `Bug 1586176 `__ - EncryptUpdate should + use maxout not block size (CVE-2019-11745) + - `Bug 1593141 `__ - add \`notBefore\` or + similar "beginning-of-validity-period" parameter to + mozilla::pkix::TrustDomain::CheckRevocation + - `Bug 1591363 `__ - Fix a PBKDF2 memory + leak in NSC_GenerateKey if key length > MAX_KEY_LEN (256) + - `Bug 1592869 `__ - Use ARM NEON for + ctr_xor + - `Bug 1566131 `__ - Ensure SHA-1 fallback + disabled in TLS 1.2 + - `Bug 1577803 `__ - Mark PKCS#11 token as + friendly if it implements CKP_PUBLIC_CERTIFICATES_TOKEN + - `Bug 1566126 `__ - POWER GHASH Vector + Acceleration + - `Bug 1589073 `__ - Use of new + PR_ASSERT_ARG in certdb.c + - `Bug 1590495 `__ - Fix a crash in + PK11_MakeCertFromHandle + - `Bug 1591742 `__ - Ensure DES IV length + is valid before usage from PKCS#11 + - `Bug 1588567 `__ - Enable mozilla::pkix + gtests in NSS CI + - `Bug 1591315 `__ - Update NSC_Decrypt + length in constant time + - `Bug 1562671 `__ - Increase NSS MP KDF + default iteration count, by default for modern key4 storage, optionally for legacy key3.db + storage + - `Bug 1590972 `__ - Use -std=c99 rather + than -std=gnu99 + - `Bug 1590676 `__ - Fix build if ARM + doesn't support NEON + - `Bug 1575411 `__ - Enable TLS extended + master secret by default + - `Bug 1590970 `__ - SSL_SetTimeFunc has + incomplete coverage + - `Bug 1590678 `__ - Remove + -Wmaybe-uninitialized warning in tls13esni.c + - `Bug 1588244 `__ - NSS changes for + Delegated Credential key strength checks + - `Bug 1459141 `__ - Add more CBC padding + tests that missed NSS 3.47 + - `Bug 1590339 `__ - Fix a memory leak in + btoa.c + - `Bug 1589810 `__ - fix uninitialized + variable warnings from certdata.perl + - `Bug 1573118 `__ - Enable TLS 1.3 by + default in NSS + + This Bugzilla query returns all the bugs fixed in NSS 3.48: + + https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.48 + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.48 shared libraries are backward compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.48 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report with + `bugzilla.mozilla.org `__ (product NSS). \ No newline at end of file -- cgit v1.2.3