diff options
author | John M. Schanck <jschanck@mozilla.com> | 2022-03-31 08:53:36 -0700 |
---|---|---|
committer | John M. Schanck <jschanck@mozilla.com> | 2022-03-31 08:53:36 -0700 |
commit | ee539bca472b67003175bd0cb45f2e5e3f4d1685 (patch) | |
tree | f7c0f4aefe7fcbeefd592970adf29104c6fae2e1 | |
parent | 13d784b350420ea207e6ccbe712e9f45183da896 (diff) | |
download | nss-hg-ee539bca472b67003175bd0cb45f2e5e3f4d1685.tar.gz |
Release notes for NSS 3.77
-rw-r--r-- | doc/rst/releases/index.rst | 42 | ||||
-rw-r--r-- | doc/rst/releases/nss_3_77.rst | 92 |
2 files changed, 122 insertions, 12 deletions
diff --git a/doc/rst/releases/index.rst b/doc/rst/releases/index.rst index c405f07bd..5a23443ab 100644 --- a/doc/rst/releases/index.rst +++ b/doc/rst/releases/index.rst @@ -8,10 +8,11 @@ Releases :glob: :hidden: + nns_3_77.rst + nns_3_76_1.rst nns_3_76.rst nss_3_75.rst nss_3_74.rst - nss_3_68_2.rst nss_3_73_1.rst nss_3_73.rst nss_3_72_1.rst @@ -20,6 +21,7 @@ Releases nss_3_70.rst nss_3_69_1.rst nss_3_69.rst + nss_3_68_3.rst nss_3_68_2.rst nss_3_68_1.rst nss_3_68.rst @@ -30,21 +32,37 @@ Releases .. note:: - **NSS 3.76** is the latest version of NSS. - Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_76_release_notes` + **NSS 3.77** is the latest version of NSS. + Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_77_release_notes` - **NSS 3.68.2** is the latest LTS version of NSS. - Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_68_2_release_notes` + **NSS 3.68.3** is the latest LTS version of NSS. + Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_68_3_release_notes` .. container:: - Changes in 3.76 included in this release: + Changes in 3.77 included in this release: - - Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. r=rrelyea - - Bug 1370866 - Check return value of PK11Slot_GetNSSToken. r=djackson - - Bug 1747957 - Use Wycheproof JSON for RSASSA-PSS, r=nss-reviewers,bbeurdouche - - Bug 1679803 - Add SHA256 fingerprint comments to old certdata.txt entries. r=nss-reviewers,bbeurdouche - - Bug 1753505 - Avoid truncating files in nss-release-helper.py. r=bbeurdouche - - Bug 1751157 - Throw illegal_parameter alert for illegal extensions in handshake message. r=djackson + - Bug 1762244 - resolve mpitests build failure on Windows. + - Bug 1761779 - Fix link to TLS page on wireshark wiki + - Bug 1754890 - Add two D-TRUST 2020 root certificates. + - Bug 1751298 - Add Telia Root CA v2 root certificate. + - Bug 1751305 - Remove expired explicitly distrusted certificates from certdata.txt. + - Bug 1005084 - support specific RSA-PSS parameters in mozilla::pkix + - Bug 1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. + - Bug 1756271 - Remove token member from NSSSlot struct. + - Bug 1602379 - Provide secure variants of mpp_pprime and mpp_make_prime. + - Bug 1757279 - Support UTF-8 library path in the module spec string. + - Bug 1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. + - Bug 1760827 - Add a CI Target for gcc-11. + - Bug 1760828 - Change to makefiles for gcc-4.8. + - Bug 1741688 - Update googletest to 1.11.0 + - Bug 1759525 - Add SetTls13GreaseEchSize to experimental API. + - Bug 1755264 - TLS 1.3 Illegal legacy_version handling/alerts. + - Bug 1755904 - Fix calculation of ECH HRR Transcript. + - Bug 1758741 - Allow ld path to be set as environment variable. + - Bug 1760653 - Ensure we don't read uninitialized memory in ssl gtests. + - Bug 1758478 - Fix DataBuffer Move Assignment. + - Bug 1552254 - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 + - Bug 1755092 - rework signature verification in mozilla::pkix diff --git a/doc/rst/releases/nss_3_77.rst b/doc/rst/releases/nss_3_77.rst new file mode 100644 index 000000000..1e8513468 --- /dev/null +++ b/doc/rst/releases/nss_3_77.rst @@ -0,0 +1,92 @@ +.. _mozilla_projects_nss_nss_3_77_release_notes: + +NSS 3.77 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.77 was released on **31 March 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_77_RTM. NSS 3.77 requires NSPR 4.32 or newer. + + NSS 3.77 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_77_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.77: + +`Changes in NSS 3.77 <#changes_in_nss_3.77>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1762244 - resolve mpitests build failure on Windows. + - Bug 1761779 - Fix link to TLS page on wireshark wiki + - Bug 1754890 - Add two D-TRUST 2020 root certificates. + - Bug 1751298 - Add Telia Root CA v2 root certificate. + - Bug 1751305 - Remove expired explicitly distrusted certificates from certdata.txt. + - Bug 1005084 - support specific RSA-PSS parameters in mozilla::pkix + - Bug 1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. + - Bug 1756271 - Remove token member from NSSSlot struct. + - Bug 1602379 - Provide secure variants of mpp_pprime and mpp_make_prime. + - Bug 1757279 - Support UTF-8 library path in the module spec string. + - Bug 1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. + - Bug 1760827 - Add a CI Target for gcc-11. + - Bug 1760828 - Change to makefiles for gcc-4.8. + - Bug 1741688 - Update googletest to 1.11.0 + - Bug 1759525 - Add SetTls13GreaseEchSize to experimental API. + - Bug 1755264 - TLS 1.3 Illegal legacy_version handling/alerts. + - Bug 1755904 - Fix calculation of ECH HRR Transcript. + - Bug 1758741 - Allow ld path to be set as environment variable. + - Bug 1760653 - Ensure we don't read uninitialized memory in ssl gtests. + - Bug 1758478 - Fix DataBuffer Move Assignment. + - Bug 1552254 - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 + - Bug 1755092 - rework signature verification in mozilla::pkix + + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.77 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + For users upgrading from NSS < 3.76.1 or NSS < 3.68.3, this release improves + the stability of NSS when used in a multi-threaded environment. In + particular, it fixes memory safety violations that can occur when PKCS#11 + tokens are removed while in use (CVE-2022-1097). We presume that with enough + effort these memory safety violations are exploitable. + |