[dev-tech-crypto] NSS 3.101 Release
14 views
Skip to first unread message
Anna Weine
Jun 10, 2024, 8:47:55 AMJun 10
to dev-tec...@mozilla.org
Dear all,
Network Security Services (NSS) 3.101 was tagged and released on
7th June 2024.
The HG tag is NSS_3_101_RTM. This version of NSS requires NSPR
4.35 or newer.
NSS 3.101 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
<https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_101_RTM/src/>
Changes:
- Bug 1900413 - add diagnostic assertions for SFTKObject refcount.
- Bug 1899759 - freeing the slot in DeleteCertAndKey if authentication failed
- Bug 1899883 - fix formatting issues.
- Bug 1889671 - Add Firmaprofesional CA Root-A Web to NSS.
- Bug 1899593 - remove invalid acvp fuzz test vectors.
- Bug 1898830 - pad short P-384 and P-521 signatures gtests.
- Bug 1898627 - remove unused FreeBL ECC code.
- Bug 1898830 - pad short P-384 and P-521 signatures.
- Bug 1898825 - be less strict about ECDSA private key length.
- Bug 1854439 - Integrate HACL* P-521.
- Bug 1854438 - Integrate HACL* P-384.
- Bug 1898074 - memory leak in create_objects_from_handles.
- Bug 1898858 - ensure all input is consumed in a few places in mozilla::pkix
- Bug 1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
- Bug 1748105 - clean up escape handling
- Bug 1896353 - Use lib::pkix as default validator instead of the old-one
- Bug 1827444 - Need to add high level support for PQ signing.
- Bug 1548723 - Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
- Bug 1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
- Bug 1893404 - Allow for non-full length ecdsa signature when using softoken
- Bug 1830415 - Modification of .taskcluster.yml due to mozlint indent defects
- Bug 1793811 - Implement support for PBMAC1 in PKCS#12
- Bug 1897487 - disable VLA warnings for fuzz builds.
- Bug 1895032 - remove redundant AllocItem implementation.
- Bug 1893334 - add PK11_ReadDistrustAfterAttribute.
- Bug 215997 - Clang-formatting of SEC_GetMgfTypeByOidTag update
- Bug 1895012 - Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
- Bug 1894572 - sftk_getParameters(): Fix fallback to default variable after error with configfile.
- Bug 1830415 - Switch to the mozillareleases/image_builder image
NSS 3.101 shared libraries are backwards-compatible with all
older NSS 3.x shared libraries. A program linked with older NSS
3.x shared libraries will work with this new version of the
shared libraries without recompiling or relinking. Furthermore,
applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible
with future versions of the NSS shared libraries.
Bugs discovered should be reported by filing a bug report at
<https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>
Release notes are available (after a short delay) at
<https://firefox-source-docs.mozilla.org/security/nss/releases/index.html>.
Best,
AnnaNetwork Security Services (NSS) 3.101 was tagged and released on
7th June 2024.
The HG tag is NSS_3_101_RTM. This version of NSS requires NSPR
4.35 or newer.
NSS 3.101 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
<https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_101_RTM/src/>
Changes:
- Bug 1900413 - add diagnostic assertions for SFTKObject refcount.
- Bug 1899759 - freeing the slot in DeleteCertAndKey if authentication failed
- Bug 1899883 - fix formatting issues.
- Bug 1889671 - Add Firmaprofesional CA Root-A Web to NSS.
- Bug 1899593 - remove invalid acvp fuzz test vectors.
- Bug 1898830 - pad short P-384 and P-521 signatures gtests.
- Bug 1898627 - remove unused FreeBL ECC code.
- Bug 1898830 - pad short P-384 and P-521 signatures.
- Bug 1898825 - be less strict about ECDSA private key length.
- Bug 1854439 - Integrate HACL* P-521.
- Bug 1854438 - Integrate HACL* P-384.
- Bug 1898074 - memory leak in create_objects_from_handles.
- Bug 1898858 - ensure all input is consumed in a few places in mozilla::pkix
- Bug 1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
- Bug 1748105 - clean up escape handling
- Bug 1896353 - Use lib::pkix as default validator instead of the old-one
- Bug 1827444 - Need to add high level support for PQ signing.
- Bug 1548723 - Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
- Bug 1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
- Bug 1893404 - Allow for non-full length ecdsa signature when using softoken
- Bug 1830415 - Modification of .taskcluster.yml due to mozlint indent defects
- Bug 1793811 - Implement support for PBMAC1 in PKCS#12
- Bug 1897487 - disable VLA warnings for fuzz builds.
- Bug 1895032 - remove redundant AllocItem implementation.
- Bug 1893334 - add PK11_ReadDistrustAfterAttribute.
- Bug 215997 - Clang-formatting of SEC_GetMgfTypeByOidTag update
- Bug 1895012 - Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
- Bug 1894572 - sftk_getParameters(): Fix fallback to default variable after error with configfile.
- Bug 1830415 - Switch to the mozillareleases/image_builder image
NSS 3.101 shared libraries are backwards-compatible with all
older NSS 3.x shared libraries. A program linked with older NSS
3.x shared libraries will work with this new version of the
shared libraries without recompiling or relinking. Furthermore,
applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible
with future versions of the NSS shared libraries.
Bugs discovered should be reported by filing a bug report at
<https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>
Release notes are available (after a short delay) at
<https://firefox-source-docs.mozilla.org/security/nss/releases/index.html>.
Best,
Reply all
Reply to author
Forward
0 new messages