Network Security Services
c9c633332d
Rebase to NSS 3.71: (changes since NSS 3.67) Network Security Services (NSS) 3.71 was released on 30 September 2021. The HG tag is NSS_3_71_RTM. This version of NSS requires NSPR 4.32 or newer. NSS 3.71 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_71_RTM/src/> Changes: - Bug 1717716 - Set nssckbi version number to 2.52. - Bug 1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Bug 1373716 - Import of PKCS#12 files with Camellia encryption is not supported - Bug 1717707 - Add HARICA Client ECC Root CA 2021. - Bug 1717707 - Add HARICA Client RSA Root CA 2021. - Bug 1717707 - Add HARICA TLS ECC Root CA 2021. - Bug 1717707 - Add HARICA TLS RSA Root CA 2021. - Bug 1728394 - Add TunTrust Root CA certificate to NSS. ------------------------------------- Network Security Services (NSS) 3.70 was released on 4 September 2021. The HG tag is NSS_3_70_RTM. This version of NSS requires NSPR 4.32 or newer. NSS 3.70 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_70_RTM/src/> Changes: - Documentation: release notes for NSS 3.70. - Documentation: release notes for NSS 3.69.1. - Bug 1726022 - Update test case to verify fix. - Bug 1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Bug 1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Formatting for lib/util - Bug 1681975 - Avoid using a lookup table in nssb64d. - Bug 1724629 - Use HW accelerated SHA2 on AArch64 Big Endian. - Bug 1714579 - Change default value of enableHelloDowngradeCheck to true. - Formatting for gtests/pk11_gtest/pk11_hpke_unittest.cc - Bug 1726022 - Cache additional PBE entries. - Bug 1709750 - Read HPKE vectors from official JSON. - Documentation: update for NSS 3.69 release. Network Security Services (NSS) 3.69 was released on 5 August 2021. The HG tag is NSS_3_69_RTM. NSS 3.69 requires NSPR 4.32 or newer. NSS 3.69 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_69_RTM/src/> Bugs fixed: - Bug 1722613 - Disable DTLS 1.0 and 1.1 by default - Bug 1720226 - integrity checks in key4.db not happening on private components with AES_CBC - Bug 1720235 - SSL handling of signature algorithms ignores environmental invalid algorithms. - Bug 1721476 - sqlite 3.34 changed it's open semantics, causing nss failures. - Bug 1720230 - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - Bug 1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - Bug 1720232 - SQLite calls could timeout in starvation situations. - Bug 1720225 - Coverity/cpp scanner errors found in nss 3.67 - Bug 1709817 - Import the NSS documentation from MDN in nss/doc. - Bug 1720227 - NSS using a tempdir to measure sql performance not active Network Security Services (NSS) 3.68 ESR was released on 8 July 2021. The HG tag is NSS_3_68_RTM. NSS 3.68 requires NSPR 4.32 or newer. NSS 3.68 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_RTM/src/> Bugs fixed: - Bug 1713562 - Fix test leak. - Bug 1717452 - NSS 3.68 should depend on NSPR 4.32. - Bug 1693206 - Implement PKCS8 export of ECDSA keys. - Bug 1712883 - DTLS 1.3 draft-43. - Bug 1655493 - Support SHA2 HW acceleration using Intel SHA Extension. - Bug 1713562 - Validate ECH public names. - Bug 1717610 - Add function to get seconds from epoch from pkix::Time. |
||
---|---|---|
tests | ||
.gitignore | ||
cert8.db.xml | ||
cert9.db.xml | ||
gating.yaml | ||
iquote.patch | ||
key3.db.xml | ||
key4.db.xml | ||
nspr-config-pc.patch | ||
nspr-config.xml | ||
nspr-gcc-atomics.patch | ||
nss-3.44-kbkdf-coverity.patch | ||
nss-3.53.1-measure-fix.patch | ||
nss-3.53.1-revert_rhel8_unsafe_policy_change.patch | ||
nss-3.66-fix-gtest-parsing.patch | ||
nss-3.66-no-small-primes.patch | ||
nss-3.67-fix-coverity-issues.patch | ||
nss-3.67-fix-private-key-mac.patch | ||
nss-3.67-fix-ssl-alerts.patch | ||
nss-3.71-fips-module-name.patch | ||
nss-3.71-ipv6-fix.patch | ||
nss-config.in | ||
nss-config.xml | ||
nss-disable-md5.patch | ||
nss-dso-ldflags.patch | ||
nss-fedora-btrf-sql-hack.patch | ||
nss-no-dbm-man-page.patch | ||
nss-p11-kit.config | ||
nss-signtool-format.patch | ||
nss-softokn-config.in | ||
nss-softokn-dracut-module-setup.sh | ||
nss-softokn-dracut.conf | ||
nss-softokn.pc.in | ||
nss-turn-off-expired-ocsp-cert.patch | ||
nss-util-config.in | ||
nss-util.pc.in | ||
nss.pc.in | ||
nss.spec | ||
pkcs11.txt.xml | ||
secmod.db.xml | ||
setup-nsssysinit.sh | ||
setup-nsssysinit.xml | ||
sources | ||
STAGE2-nss | ||
system-pkcs11.txt |