diff options
Diffstat (limited to 'doc/rst/legacy/nss_releases/nss_3.46_release_notes/index.rst')
-rw-r--r-- | doc/rst/legacy/nss_releases/nss_3.46_release_notes/index.rst | 219 |
1 files changed, 219 insertions, 0 deletions
diff --git a/doc/rst/legacy/nss_releases/nss_3.46_release_notes/index.rst b/doc/rst/legacy/nss_releases/nss_3.46_release_notes/index.rst new file mode 100644 index 000000000..c66f8fe6b --- /dev/null +++ b/doc/rst/legacy/nss_releases/nss_3.46_release_notes/index.rst @@ -0,0 +1,219 @@ +.. _mozilla_projects_nss_nss_3_46_release_notes: + +NSS 3.46 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + The NSS team has released Network Security Services (NSS) 3.46 on **30 August 2019**, which is a + minor release. + + The NSS team would like to recognize first-time contributors: + + - Giulio Benetti + - Louis Dassy + - Mike Kaganski + - xhimanshuz + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_46_RTM. NSS 3.46 requires NSPR 4.22 or newer. + + NSS 3.46 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_46_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_nss_releases`. + +.. _new_in_nss_3.46: + +`New in NSS 3.46 <#new_in_nss_3.46>`__ +-------------------------------------- + +.. container:: + + This release contains no significant new functionality, but concentrates on providing improved + performance, stability, and security. Of particular note are significant improvements to AES-GCM + performance on ARM. + +.. _notable_changes_in_nss_3.46: + +`Notable Changes in NSS 3.46 <#notable_changes_in_nss_3.46>`__ +-------------------------------------------------------------- + +.. container:: + +.. _certificate_authority_changes: + +`Certificate Authority Changes <#certificate_authority_changes>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + - The following CA certificates were **Removed**: + + - `Bug 1574670 <https://bugzilla.mozilla.org/show_bug.cgi?id=1574670>`__ - Remove expired + Class 2 Primary root certificate + + - SHA-256 Fingerprint: 0F993C8AEF97BAAF5687140ED59AD1821BB4AFACF0AA9A58B5D57A338A3AFBCB + + - `Bug 1574670 <https://bugzilla.mozilla.org/show_bug.cgi?id=1574670>`__ - Remove expired + UTN-USERFirst-Client root certificate + + - SHA-256 Fingerprint: 43F257412D440D627476974F877DA8F1FC2444565A367AE60EDDC27A412531AE + + - `Bug 1574670 <https://bugzilla.mozilla.org/show_bug.cgi?id=1574670>`__ - Remove expired + Deutsche Telekom Root CA 2 root certificate + + - SHA-256 Fingerprint: B6191A50D0C3977F7DA99BCDAAC86A227DAEB9679EC70BA3B0C9D92271C170D3 + + - `Bug 1566569 <https://bugzilla.mozilla.org/show_bug.cgi?id=1566569>`__ - Remove Swisscom + Root CA 2 root certificate + + - SHA-256 Fingerprint: F09B122C7114F4A09BD4EA4F4A99D558B46E4C25CD81140D29C05613914C3841 + +.. _upcoming_changes_to_default_tls_configuration: + +`Upcoming changes to default TLS configuration <#upcoming_changes_to_default_tls_configuration>`__ +-------------------------------------------------------------------------------------------------- + +.. container:: + + The next NSS team plans to make two changes to the default TLS configuration in NSS 3.47, which + will be released in October: + + - `TLS 1.3 <https://datatracker.ietf.org/doc/html/rfc8446>`__ will be the default maximum TLS + version. See `Bug 1573118 <https://bugzilla.mozilla.org/show_bug.cgi?id=1573118>`__ for + details. + - `TLS extended master secret <https://datatracker.ietf.org/doc/html/rfc7627>`__ will be enabled + by default, where possible. See `Bug + 1575411 <https://bugzilla.mozilla.org/show_bug.cgi?id=1575411>`__ for details. + +.. _bugs_fixed_in_nss_3.46: + +`Bugs fixed in NSS 3.46 <#bugs_fixed_in_nss_3.46>`__ +---------------------------------------------------- + +.. container:: + + - `Bug 1572164 <https://bugzilla.mozilla.org/show_bug.cgi?id=1572164>`__ - Don't unnecessarily + free session in NSC_WrapKey + - `Bug 1574220 <https://bugzilla.mozilla.org/show_bug.cgi?id=1574220>`__ - Improve controls + after errors in tstcln, selfserv and vfyserv cmds + - `Bug 1550636 <https://bugzilla.mozilla.org/show_bug.cgi?id=1550636>`__ - Upgrade SQLite in NSS + to a 2019 version + - `Bug 1572593 <https://bugzilla.mozilla.org/show_bug.cgi?id=1572593>`__ - Reset advertised + extensions in ssl_ConstructExtensions + - `Bug 1415118 <https://bugzilla.mozilla.org/show_bug.cgi?id=1415118>`__ - NSS build with + ./build.sh --enable-libpkix fails + - `Bug 1539788 <https://bugzilla.mozilla.org/show_bug.cgi?id=1539788>`__ - Add length checks for + cryptographic primitives + (`CVE-2019-17006 <https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2019-17006>`__) + - `Bug 1542077 <https://bugzilla.mozilla.org/show_bug.cgi?id=1542077>`__ - mp_set_ulong and + mp_set_int should return errors on bad values + - `Bug 1572791 <https://bugzilla.mozilla.org/show_bug.cgi?id=1572791>`__ - Read out-of-bounds in + DER_DecodeTimeChoice_Util from SSLExp_DelegateCredential + - `Bug 1560593 <https://bugzilla.mozilla.org/show_bug.cgi?id=1560593>`__ - Cleanup.sh script + does not set error exit code for tests that "Failed with core" + - `Bug 1566601 <https://bugzilla.mozilla.org/show_bug.cgi?id=1566601>`__ - Add Wycheproof test + vectors for AES-KW + - `Bug 1571316 <https://bugzilla.mozilla.org/show_bug.cgi?id=1571316>`__ - curve25519_32.c:280: + undefined reference to \`PR_Assert' when building NSS 3.45 on armhf-linux + - `Bug 1516593 <https://bugzilla.mozilla.org/show_bug.cgi?id=1516593>`__ - Client to generate + new random during renegotiation + - `Bug 1563258 <https://bugzilla.mozilla.org/show_bug.cgi?id=1563258>`__ - fips.sh fails due to + non-existent "resp" directories + - `Bug 1561598 <https://bugzilla.mozilla.org/show_bug.cgi?id=1561598>`__ - Remove + -Wmaybe-uninitialized warning in pqg.c + - `Bug 1560806 <https://bugzilla.mozilla.org/show_bug.cgi?id=1560806>`__ - Increase softoken + password max size to 500 characters + - `Bug 1568776 <https://bugzilla.mozilla.org/show_bug.cgi?id=1568776>`__ - Output paths relative + to repository in NSS coverity + - `Bug 1453408 <https://bugzilla.mozilla.org/show_bug.cgi?id=1453408>`__ - modutil -changepw + fails in FIPS mode if password is an empty string + - `Bug 1564727 <https://bugzilla.mozilla.org/show_bug.cgi?id=1564727>`__ - Use a PSS SPKI when + possible for delegated credentials + - `Bug 1493916 <https://bugzilla.mozilla.org/show_bug.cgi?id=1493916>`__ - fix ppc64 inline + assembler for clang + - `Bug 1561588 <https://bugzilla.mozilla.org/show_bug.cgi?id=1561588>`__ - Remove + -Wmaybe-uninitialized warning in p7env.c + - `Bug 1561548 <https://bugzilla.mozilla.org/show_bug.cgi?id=1561548>`__ - Remove + -Wmaybe-uninitialized warning in pkix_pl_ldapdefaultclient.c + - `Bug 1512605 <https://bugzilla.mozilla.org/show_bug.cgi?id=1512605>`__ - Incorrect alert + description after unencrypted Finished msg + - `Bug 1564715 <https://bugzilla.mozilla.org/show_bug.cgi?id=1564715>`__ - Read /proc/cpuinfo + when AT_HWCAP2 returns 0 + - `Bug 1532194 <https://bugzilla.mozilla.org/show_bug.cgi?id=1532194>`__ - Remove or fix + -DDEBUG_$USER from make builds + - `Bug 1565577 <https://bugzilla.mozilla.org/show_bug.cgi?id=1565577>`__ - Visual Studio's + cl.exe -? hangs on Windows x64 when building nss since changeset + 9162c654d06915f0f15948fbf67d4103a229226f + - `Bug 1564875 <https://bugzilla.mozilla.org/show_bug.cgi?id=1564875>`__ - Improve rebuilding + with build.sh + - `Bug 1565243 <https://bugzilla.mozilla.org/show_bug.cgi?id=1565243>`__ - Support TC_OWNER + without email address in nss taskgraph + - `Bug 1563778 <https://bugzilla.mozilla.org/show_bug.cgi?id=1563778>`__ - Increase maxRunTime + on Mac taskcluster Tools, SSL tests + - `Bug 1561591 <https://bugzilla.mozilla.org/show_bug.cgi?id=1561591>`__ - Remove + -Wmaybe-uninitialized warning in tstclnt.c + - `Bug 1561587 <https://bugzilla.mozilla.org/show_bug.cgi?id=1561587>`__ - Remove + -Wmaybe-uninitialized warning in lgattr.c + - `Bug 1561558 <https://bugzilla.mozilla.org/show_bug.cgi?id=1561558>`__ - Remove + -Wmaybe-uninitialized warning in httpserv.c + - `Bug 1561556 <https://bugzilla.mozilla.org/show_bug.cgi?id=1561556>`__ - Remove + -Wmaybe-uninitialized warning in tls13esni.c + - `Bug 1561332 <https://bugzilla.mozilla.org/show_bug.cgi?id=1561332>`__ - ec.c:28 warning: + comparison of integers of different signs: 'int' and 'unsigned long' + - `Bug 1564714 <https://bugzilla.mozilla.org/show_bug.cgi?id=1564714>`__ - Print certutil + commands during setup + - `Bug 1565013 <https://bugzilla.mozilla.org/show_bug.cgi?id=1565013>`__ - HACL image builder + times out while fetching gpg key + - `Bug 1563786 <https://bugzilla.mozilla.org/show_bug.cgi?id=1563786>`__ - Update hacl-star + docker image to pull specific commit + - `Bug 1559012 <https://bugzilla.mozilla.org/show_bug.cgi?id=1559012>`__ - Improve GCM + perfomance using PMULL2 + - `Bug 1528666 <https://bugzilla.mozilla.org/show_bug.cgi?id=1528666>`__ - Correct resumption + validation checks + - `Bug 1568803 <https://bugzilla.mozilla.org/show_bug.cgi?id=1568803>`__ - More tests for client + certificate authentication + - `Bug 1564284 <https://bugzilla.mozilla.org/show_bug.cgi?id=1564284>`__ - Support profile + mobility across Windows and Linux + - `Bug 1573942 <https://bugzilla.mozilla.org/show_bug.cgi?id=1573942>`__ - Gtest for pkcs11.txt + with different breaking line formats + - `Bug 1575968 <https://bugzilla.mozilla.org/show_bug.cgi?id=1575968>`__ - Add strsclnt option + to enforce the use of either IPv4 or IPv6 + - `Bug 1549847 <https://bugzilla.mozilla.org/show_bug.cgi?id=1549847>`__ - Fix NSS builds on iOS + - `Bug 1485533 <https://bugzilla.mozilla.org/show_bug.cgi?id=1485533>`__ - Enable NSS_SSL_TESTS + on taskcluster + + This Bugzilla query returns all the bugs fixed in NSS 3.46: + + https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.46 + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.46 shared libraries are backward compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.46 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report with + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
\ No newline at end of file |