From 646fc4773254cc3c3bb29c2c168165bcc4a13d6c Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Thu, 3 Feb 2022 10:42:30 -0800 Subject: Release notes for NSS 3.75 --- doc/rst/releases/index.rst | 61 +++++++++++++++++++++++++++------------------- 1 file changed, 36 insertions(+), 25 deletions(-) diff --git a/doc/rst/releases/index.rst b/doc/rst/releases/index.rst index 2151ce557..022564df4 100644 --- a/doc/rst/releases/index.rst +++ b/doc/rst/releases/index.rst @@ -8,6 +8,7 @@ Releases :glob: :hidden: + nss_3_75.rst nss_3_74.rst nss_3_68_2.rst nss_3_73_1.rst @@ -28,10 +29,8 @@ Releases .. note:: - **NSS 3.74** is the latest version of NSS. - Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_72_release_notes` - - A new version of the Certificate Authorities Root Store is available in this release. + **NSS 3.75** is the latest version of NSS. + Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_75_release_notes` **NSS 3.68.2** is the latest LTS version of NSS. Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_68_2_release_notes` @@ -39,24 +38,36 @@ Releases .. container:: - Changes in 3.74 included in this release: - - - Bug 966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses. - - Bug 1553612 - Ensure clients offer consistent ciphersuites after HRR. - - Bug 1721426 - NSS does not properly restrict server keys based on policy. - - Bug 1733003 - Set nssckbi version number to 2.54. - - Bug 1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate in NSS. - - Bug 1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate in NSS. - - Bug 1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate in NSS. - - Bug 1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate in NSS. - - Bug 1735407 - Replace GlobalSign ECC Root CA R4 in NSS. - - Bug 1733560 - Remove Expired Root Certificates from NSS - DST Root CA X3. - - Bug 1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates from NSS. - - Bug 1741930 - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate to NSS. - - Bug 1740095 - Add iTrusChina ECC root certificate to NSS. - - Bug 1740095 - Add iTrusChina RSA root certificate to NSS. - - Bug 1738805 - Add ISRG Root X2 root certificate to NSS. - - Bug 1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate to NSS. - - Bug 1738028 - Avoid a clang 13 unused variable warning in opt build. - - Bug 1735028 - Check for missing signedData field. - - Bug 1737470 - Ensure DER encoded signatures are within size limits. + Changes in 3.75 included in this release: + + - Bug 1749030 - This patch adds gcc-9 and gcc-10 to the CI. + - Bug 1749794 - Make DottedOIDToCode.py compatible with python3. + - Bug 1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing. + - Bug 1748386 - Remove redundant key type check. + - Bug 1749869 - Update ABI expectations to match ECH changes. + - Bug 1748386 - Enable CKM_CHACHA20. + - Bug 1747327 - check return on NSS_NoDB_Init and NSS_Shutdown. + - Bug 1747310 - real move assignment operator. + - Bug 1748245 - Run ECDSA test vectors from bltest as part of the CI tests. + - Bug 1743302 - Add ECDSA test vectors to the bltest command line tool. + - Bug 1747772 - Allow to build using clang's integrated assembler. + - Bug 1321398 - Allow to override python for the build. + - Bug 1747317 - test HKDF output rather than input. + - Bug 1747316 - Use ASSERT macros to end failed tests early. + - Bug 1747310 - move assignment operator for DataBuffer. + - Bug 1712879 - Add test cases for ECH compression and unexpected extensions in SH. + - Bug 1725938 - Update tests for ECH-13. + - Bug 1725938 - Tidy up error handling. + - Bug 1728281 - Add tests for ECH HRR Changes. + - Bug 1728281 - Server only sends GREASE HRR extension if enabled by preference. + - Bug 1725938 - Update generation of the Associated Data for ECH-13. + - Bug 1712879 - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. + - Bug 1712879 - Allow for compressed, non-contiguous, extensions. + - Bug 1712879 - Scramble the PSK extension in CHOuter. + - Bug 1712647 - Split custom extension handling for ECH. + - Bug 1728281 - Add ECH-13 HRR Handling. + - Bug 1677181 - Client side ECH padding. + - Bug 1725938 - Stricter ClientHelloInner Decompression. + - Bug 1725938 - Remove ECH_inner extension, use new enum format. + - Bug 1725938 - Update the version number for ECH-13 and adjust the ECHConfig size. + -- cgit v1.2.1