From 98f6cc35ad0810fe643c48e1c241798fb2c1709a Mon Sep 17 00:00:00 2001 From: Dennis Jackson Date: Thu, 3 Mar 2022 10:17:47 +0000 Subject: Release notes for NSS 3.76 --- doc/rst/releases/index.rst | 43 +++++++---------------------- doc/rst/releases/nss_3_76.rst | 63 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+), 33 deletions(-) create mode 100644 doc/rst/releases/nss_3_76.rst (limited to 'doc') diff --git a/doc/rst/releases/index.rst b/doc/rst/releases/index.rst index 022564df4..c405f07bd 100644 --- a/doc/rst/releases/index.rst +++ b/doc/rst/releases/index.rst @@ -8,6 +8,7 @@ Releases :glob: :hidden: + nns_3_76.rst nss_3_75.rst nss_3_74.rst nss_3_68_2.rst @@ -29,8 +30,8 @@ Releases .. note:: - **NSS 3.75** is the latest version of NSS. - Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_75_release_notes` + **NSS 3.76** is the latest version of NSS. + Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_76_release_notes` **NSS 3.68.2** is the latest LTS version of NSS. Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_68_2_release_notes` @@ -38,36 +39,12 @@ Releases .. container:: - Changes in 3.75 included in this release: + Changes in 3.76 included in this release: - - Bug 1749030 - This patch adds gcc-9 and gcc-10 to the CI. - - Bug 1749794 - Make DottedOIDToCode.py compatible with python3. - - Bug 1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing. - - Bug 1748386 - Remove redundant key type check. - - Bug 1749869 - Update ABI expectations to match ECH changes. - - Bug 1748386 - Enable CKM_CHACHA20. - - Bug 1747327 - check return on NSS_NoDB_Init and NSS_Shutdown. - - Bug 1747310 - real move assignment operator. - - Bug 1748245 - Run ECDSA test vectors from bltest as part of the CI tests. - - Bug 1743302 - Add ECDSA test vectors to the bltest command line tool. - - Bug 1747772 - Allow to build using clang's integrated assembler. - - Bug 1321398 - Allow to override python for the build. - - Bug 1747317 - test HKDF output rather than input. - - Bug 1747316 - Use ASSERT macros to end failed tests early. - - Bug 1747310 - move assignment operator for DataBuffer. - - Bug 1712879 - Add test cases for ECH compression and unexpected extensions in SH. - - Bug 1725938 - Update tests for ECH-13. - - Bug 1725938 - Tidy up error handling. - - Bug 1728281 - Add tests for ECH HRR Changes. - - Bug 1728281 - Server only sends GREASE HRR extension if enabled by preference. - - Bug 1725938 - Update generation of the Associated Data for ECH-13. - - Bug 1712879 - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - - Bug 1712879 - Allow for compressed, non-contiguous, extensions. - - Bug 1712879 - Scramble the PSK extension in CHOuter. - - Bug 1712647 - Split custom extension handling for ECH. - - Bug 1728281 - Add ECH-13 HRR Handling. - - Bug 1677181 - Client side ECH padding. - - Bug 1725938 - Stricter ClientHelloInner Decompression. - - Bug 1725938 - Remove ECH_inner extension, use new enum format. - - Bug 1725938 - Update the version number for ECH-13 and adjust the ECHConfig size. + - Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. r=rrelyea + - Bug 1370866 - Check return value of PK11Slot_GetNSSToken. r=djackson + - Bug 1747957 - Use Wycheproof JSON for RSASSA-PSS, r=nss-reviewers,bbeurdouche + - Bug 1679803 - Add SHA256 fingerprint comments to old certdata.txt entries. r=nss-reviewers,bbeurdouche + - Bug 1753505 - Avoid truncating files in nss-release-helper.py. r=bbeurdouche + - Bug 1751157 - Throw illegal_parameter alert for illegal extensions in handshake message. r=djackson diff --git a/doc/rst/releases/nss_3_76.rst b/doc/rst/releases/nss_3_76.rst new file mode 100644 index 000000000..4ada19ee7 --- /dev/null +++ b/doc/rst/releases/nss_3_76.rst @@ -0,0 +1,63 @@ +.. _mozilla_projects_nss_nss_3_76_release_notes: + +NSS 3.76 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.76 was released on **3 March 2022**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_76_RTM. NSS 3.76 requires NSPR 4.32 or newer. + + NSS 3.76 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_76_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.76: + +`Changes in NSS 3.76 <#changes_in_nss_3.76>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. r=rrelyea + - Bug 1370866 - Check return value of PK11Slot_GetNSSToken. r=djackson + - Bug 1747957 - Use Wycheproof JSON for RSASSA-PSS, r=nss-reviewers,bbeurdouche + - Bug 1679803 - Add SHA256 fingerprint comments to old certdata.txt entries. r=nss-reviewers,bbeurdouche + - Bug 1753505 - Avoid truncating files in nss-release-helper.py. r=bbeurdouche + - Bug 1751157 - Throw illegal_parameter alert for illegal extensions in handshake message. r=djackson + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.76 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). -- cgit v1.2.1