From 254ec49533431801078959c84bd3280c4a148173 Mon Sep 17 00:00:00 2001 From: Anna Weine Date: Thu, 26 Jan 2023 17:55:45 +0100 Subject: Documentation: Release notes for NSS 3.88 --- doc/rst/releases/index.rst | 36 ++++++++++++-------- doc/rst/releases/nss_3_88.rst | 77 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+), 13 deletions(-) create mode 100644 doc/rst/releases/nss_3_88.rst (limited to 'doc') diff --git a/doc/rst/releases/index.rst b/doc/rst/releases/index.rst index cdc04e626..df409423e 100644 --- a/doc/rst/releases/index.rst +++ b/doc/rst/releases/index.rst @@ -8,6 +8,7 @@ Releases :glob: :hidden: + nss_3_88.rst nss_3_87.rst nss_3_86.rst nss_3_85.rst @@ -46,8 +47,8 @@ Releases .. note:: - **NSS 3.87** is the latest version of NSS. - Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_87_release_notes` + **NSS 3.88** is the latest version of NSS. + Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_88_release_notes` **NSS 3.79.2** is the latest ESR version of NSS. Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_79_2_release_notes` @@ -55,15 +56,24 @@ Releases .. container:: - Changes in 3.87 included in this release: + Changes in 3.88 included in this release: - - Bug 1803226 - NULL password encoding incorrect. - - Bug 1804071 - Fix rng stub signature for fuzzing builds. - - Bug 1803595 - Updating the compiler parsing for build. - - Bug 1749030 - Modification of supported compilers. - - Bug 1774654 tstclnt crashes when accessing gnutls server without a user cert in the database. - - Bug 1751707 - Add configuration option to enable source-based coverage sanitizer. - - Bug 1751705 - Update ECCKiila generated files. - - Bug 1730353 - Add support for the LoongArch 64-bit architecture. - - Bug 1798823 - add checks for zero-length RSA modulus to avoid memory errors and failed assertions later. - - Bug 1798823 - Additional zero-length RSA modulus checks. \ No newline at end of file + - Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests + - Bug 1771100 - Added EarlyData ALPN test support to BoGo shim. + - Bug 1790357: ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup. + - Bug 1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm. + - Bug 1789410 - ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test. + - Bug 1771100 - Added Bogo ECH rejection test support. + - Bug 1771100 - Added ECH 0Rtt support to BoGo shim. + - Bug 1747957 - RSA OAEP Wycheproof JSON + - Bug 1747957 - RSA decrypt Wycheproof JSON + - Bug 1747957 - ECDSA Wycheproof JSON + - Bug 1747957 - ECDH Wycheproof JSON + - Bug 1747957 - PKCS#1v1.5 wycheproof json + - Bug 1747957 - Use X25519 wycheproof json + - Bug 1766767 - Move scripts to python3 + - Bug 1809627 - Properly link FuzzingEngine for oss-fuzz. + - Bug 1805907 - Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) + - Bug 1804091 NSS needs to move off of DSA for integrity checks + - Bug 1805815 - Add initial testing with ACVP vector sets using acvp-rust + - Bug 1806369 - Don't clone libFuzzer, rely on clang instead \ No newline at end of file diff --git a/doc/rst/releases/nss_3_88.rst b/doc/rst/releases/nss_3_88.rst new file mode 100644 index 000000000..a1cd06789 --- /dev/null +++ b/doc/rst/releases/nss_3_88.rst @@ -0,0 +1,77 @@ +.. _mozilla_projects_nss_nss_3_88_release_notes: + +NSS 3.88 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.88 was released on **26 January 2023**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_88_RTM. NSS 3.88 requires NSPR 4.35 or newer. + + NSS 3.88 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_88_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.88: + +`Changes in NSS 3.88 <#changes_in_nss_3.88>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests + - Bug 1771100 - Added EarlyData ALPN test support to BoGo shim. + - Bug 1790357: ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup. + - Bug 1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm. + - Bug 1789410 - ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test. + - Bug 1771100 - Added Bogo ECH rejection test support. + - Bug 1771100 - Added ECH 0Rtt support to BoGo shim. + - Bug 1747957 - RSA OAEP Wycheproof JSON + - Bug 1747957 - RSA decrypt Wycheproof JSON + - Bug 1747957 - ECDSA Wycheproof JSON + - Bug 1747957 - ECDH Wycheproof JSON + - Bug 1747957 - PKCS#1v1.5 wycheproof json + - Bug 1747957 - Use X25519 wycheproof json + - Bug 1766767 - Move scripts to python3 + - Bug 1809627 - Properly link FuzzingEngine for oss-fuzz. + - Bug 1805907 - Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) + - Bug 1804091 NSS needs to move off of DSA for integrity checks + - Bug 1805815 - Add initial testing with ACVP vector sets using acvp-rust + - Bug 1806369 - Don't clone libFuzzer, rely on clang instead + + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.88 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). -- cgit v1.2.1