blob: 6246fc59366ed597a0943221eb83ee702445c2ea (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
.. _mozilla_projects_nss_nss_3_59_release_notes:
NSS 3.59 release notes
======================
`Introduction <#introduction>`__
--------------------------------
.. container::
The NSS team has released Network Security Services (NSS) 3.59 on **13 November 2020**, which is
a minor release.
.. _distribution_information:
`Distribution Information <#distribution_information>`__
--------------------------------------------------------
.. container::
The HG tag is NSS_3_59_RTM. NSS 3.59 requires NSPR 4.29 or newer.
NSS 3.59 source distributions are available on ftp.mozilla.org for secure HTTPS download:
- Source tarballs:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_59_RTM/src/
Other releases are available :ref:`mozilla_projects_nss_nss_releases`.
.. _notable_changes_in_nss_3.59:
`Notable Changes in NSS 3.59 <#notable_changes_in_nss_3.59>`__
--------------------------------------------------------------
.. container::
- Exported two existing functions from libnss, CERT_AddCertToListHeadWithData and
CERT_AddCertToListTailWithData
.. _build_requirements:
`Build Requirements <#build_requirements>`__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
- NSS will soon require GCC 4.8 or newer. Gyp-based builds will stop supporting older GCC
versions in the next release, NSS 3.60 planned for December, followed later by the make-based
builds. Users of older GCC versions can continue to use the make-based build system while they
upgrade to newer versions of GCC.
.. _bugs_fixed_in_nss_3.59:
`Bugs fixed in NSS 3.59 <#bugs_fixed_in_nss_3.59>`__
----------------------------------------------------
.. container::
- `Bug 1607449 <https://bugzilla.mozilla.org/show_bug.cgi?id=1607449>`__ - Lock
cert->nssCertificate to prevent a potential data race
- `Bug 1672823 <https://bugzilla.mozilla.org/show_bug.cgi?id=1672823>`__ - Add Wycheproof test
cases for HMAC, HKDF, and DSA
- `Bug 1663661 <https://bugzilla.mozilla.org/show_bug.cgi?id=1663661>`__ - Guard against NULL
token in nssSlot_IsTokenPresent
- `Bug 1670835 <https://bugzilla.mozilla.org/show_bug.cgi?id=1670835>`__ - Support enabling and
disabling signatures via Crypto Policy
- `Bug 1672291 <https://bugzilla.mozilla.org/show_bug.cgi?id=1672291>`__ - Resolve libpkix OCSP
failures on SHA1 self-signed root certs when SHA1 signatures are disabled.
- `Bug 1644209 <https://bugzilla.mozilla.org/show_bug.cgi?id=1644209>`__ - Fix broken
SelectedCipherSuiteReplacer filter to solve some test intermittents
- `Bug 1672703 <https://bugzilla.mozilla.org/show_bug.cgi?id=1672703>`__ - Tolerate the first
CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord
- `Bug 1666891 <https://bugzilla.mozilla.org/show_bug.cgi?id=1666891>`__ - Support key
wrap/unwrap with RSA-OAEP
- `Bug 1667989 <https://bugzilla.mozilla.org/show_bug.cgi?id=1667989>`__ - Fix gyp linking on
Solaris
- `Bug 1668123 <https://bugzilla.mozilla.org/show_bug.cgi?id=1668123>`__ - Export
CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss
- `Bug 1634584 <https://bugzilla.mozilla.org/show_bug.cgi?id=1634584>`__ - Set
CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
- `Bug 1663091 <https://bugzilla.mozilla.org/show_bug.cgi?id=1663091>`__ - Remove unnecessary
assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys
when using NSS debug builds
- `Bug 1670839 <https://bugzilla.mozilla.org/show_bug.cgi?id=1670839>`__ - Use ARM crypto
extension for AES, SHA1 and SHA2 on MacOS.
This Bugzilla query returns all the bugs fixed in NSS 3.59:
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.59
`Compatibility <#compatibility>`__
----------------------------------
.. container::
NSS 3.59 shared libraries are backward compatible with all older NSS 3.x shared libraries. A
program linked with older NSS 3.x shared libraries will work with NSS 3.59 shared libraries
without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
to the functions listed in NSS Public Functions will remain compatible with future versions of
the NSS shared libraries.
`Feedback <#feedback>`__
------------------------
.. container::
Bugs discovered should be reported by filing a bug report with
`bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
|
