From 29991df32d3a79237303cb3919e4f2c58c32da89 Mon Sep 17 00:00:00 2001 From: Dennis Jackson Date: Thu, 29 Jun 2023 15:41:21 +0000 Subject: [PATCH] Bug 1840365 - land NSS NSS_3_91_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,nkulatova Differential Revision: https://phabricator.services.mozilla.com/D182477 --- security/nss/TAG-INFO | 2 +- security/nss/coreconf/coreconf.dep | 1 - security/nss/doc/rst/releases/index.rst | 31 +++++--- security/nss/doc/rst/releases/nss_3_90.rst | 89 ++++++++++++++++++++++ security/nss/doc/rst/releases/nss_3_91.rst | 70 +++++++++++++++++ security/nss/lib/nss/nss.h | 4 +- security/nss/lib/softoken/softkver.h | 4 +- security/nss/lib/util/nssutil.h | 4 +- 8 files changed, 187 insertions(+), 18 deletions(-) create mode 100644 security/nss/doc/rst/releases/nss_3_90.rst create mode 100644 security/nss/doc/rst/releases/nss_3_91.rst diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO index 2695f8db52fd..cd68ff270d55 100644 --- a/security/nss/TAG-INFO +++ b/security/nss/TAG-INFO @@ -1 +1 @@ -NSS_3_91_BETA1 \ No newline at end of file +NSS_3_91_RTM \ No newline at end of file diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep index 590d1bfaeee3..5182f75552c8 100644 --- a/security/nss/coreconf/coreconf.dep +++ b/security/nss/coreconf/coreconf.dep @@ -10,4 +10,3 @@ */ #error "Do not include this header file." - diff --git a/security/nss/doc/rst/releases/index.rst b/security/nss/doc/rst/releases/index.rst index 398ca7b58b8c..27c9fdcfcf1e 100644 --- a/security/nss/doc/rst/releases/index.rst +++ b/security/nss/doc/rst/releases/index.rst @@ -8,6 +8,8 @@ Releases :glob: :hidden: + nss_3_91_0.rst + nss_3_90_0.rst nss_3_89_1.rst nss_3_89.rst nss_3_88_1.rst @@ -53,18 +55,27 @@ Releases .. note:: - **NSS 3.89.1** is the latest version of NSS. - Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_89_1_release_notes` - - **NSS 3.79.4** is the latest ESR version of NSS. - Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_79_4_release_notes` + **NSS 3.91.0** is the latest version of NSS. + Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_91_0_release_notes` + **NSS 3.90.0 (ESR)** is the latest version of NSS. + Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_90_0_release_notes` .. container:: - Changes in 3.89.1 included in this release: - - - Bug 1804505 - Update the technical constraints for KamuSM. - - Bug 1822921 - Add BJCA Global Root CA1 and CA2 root certificates. - + Changes in 3.91 included in this release: + - Bug 1837431 - Implementation of the HW support check for ADX instruction + - Bug 1836925 - Removing the support of Curve25519 + - Bug 1839795 - Fix comment about the addition of ticketSupportsEarlyData. + - Bug 1839327 - Adding args to enable-legacy-db build + - Bug 1835357 dbtests.sh failure in "certutil dump keys with explicit default trust flags" + - Bug 1837617: Initialize flags in slot structures + - Bug 1835425: Improve the length check of RSA input to avoid heap overflow + - Bug 1829112 - Followup Fixes + - Bug 1784253: avoid processing unexpected inputs by checking for m_exptmod base sign + - Bug 1826652: add a limit check on order_k to avoid infinite loop + - Bug 1834851 - Update HACL* to commit 5f6051d2. + - Bug 1753026 - add SHA3 to cryptohi and softoken. + - Bug 1753026: HACL SHA3 + - Bug 1836781 - Disabling ASM C25519 for A but X86_64 diff --git a/security/nss/doc/rst/releases/nss_3_90.rst b/security/nss/doc/rst/releases/nss_3_90.rst new file mode 100644 index 000000000000..b2b242becf82 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_90.rst @@ -0,0 +1,89 @@ +.. _mozilla_projects_nss_nss_3_90_release_notes: + +NSS 3.90 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.90 was released on *4 June 2023**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_90_RTM. NSS 3.90 requires NSPR 4.35 or newer. + + NSS 3.90 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_90_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.90: + +`Changes in NSS 3.90 <#changes_in_nss_3.90>`__ +---------------------------------------------------- + +.. container:: + + +- Bug 1623338 - ride along: remove a duplicated doc page +- Bug 1623338 - remove a reference to IRC +- Bug 1831983 - clang-format lib/freebl/stubs.c +- Bug 1831983 - Add a constant time select function +- Bug 1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. +- Bug 1830973 - output early build errors by default +- Bug 1804505 - Update the technical constraints for KamuSM +- Bug 1822921 - Add BJCA Global Root CA1 and CA2 root certificates +- Bug 1790763 - Enable default UBSan Checks +- Bug 1786018 - Add explicit handling of zero length records +- Bug 1829391 - Tidy up DTLS ACK Error Handling Path +- Bug 1786018 - Refactor zero length record tests +- Bug 1829112 - Fix compiler warning via correct assert +- Bug 1755267 - run linux tests on nss-t/t-linux-xlarge-gcp +- Bug 1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator +- Bug 1784163 - Fix reading raw negative numbers +- Bug 1748237 - Repairing unreachable code in clang built with gyp +- Bug 1783647 - Integrate Vale Curve25519 +- Bug 1799468 - Removing unused flags for Hacl* +- Bug 1748237 - Adding a better error message +- Bug 1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 +- Bug 1782980 - Fall back to the softokn when writing certificate trust +- Bug 1806010 - FIPS-104-3 requires we restart post programmatically +- Bug 1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13 +- Bug 1818766 - Update ACVP dockerfile for compatibility with debian package changes +- Bug 1815796 - Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files +- Bug 1819958 - Removed deprecated sprintf function and replaced with snprintf +- Bug 1822076 - fix rst warnings in nss doc +- Bug 1821997 - Fix incorrect pygment style +- Bug 1821292 - Change GYP directive to apply across platforms +- Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag + + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.90 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). diff --git a/security/nss/doc/rst/releases/nss_3_91.rst b/security/nss/doc/rst/releases/nss_3_91.rst new file mode 100644 index 000000000000..66bd40147ae8 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_91.rst @@ -0,0 +1,70 @@ +.. _mozilla_projects_nss_nss_3_91_release_notes: + +NSS 3.91 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.91 was released on *9 March 2023**. + + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_91_RTM. NSS 3.91 requires NSPR 4.35 or newer. + + NSS 3.91 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_91_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _changes_in_nss_3.91: + +`Changes in NSS 3.91 <#changes_in_nss_3.91>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1837431 - Implementation of the HW support check for ADX instruction + - Bug 1836925 - Removing the support of Curve25519 + - Bug 1839795 - Fix comment about the addition of ticketSupportsEarlyData. + - Bug 1839327 - Adding args to enable-legacy-db build + - Bug 1835357 dbtests.sh failure in "certutil dump keys with explicit default trust flags" + - Bug 1837617: Initialize flags in slot structures + - Bug 1835425: Improve the length check of RSA input to avoid heap overflow + - Bug 1829112 - Followup Fixes + - Bug 1784253: avoid processing unexpected inputs by checking for m_exptmod base sign + - Bug 1826652: add a limit check on order_k to avoid infinite loop + - Bug 1834851 - Update HACL* to commit 5f6051d2. + - Bug 1753026 - add SHA3 to cryptohi and softoken. + - Bug 1753026: HACL SHA3 + - Bug 1836781 - Disabling ASM C25519 for A but X86_64 + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.91 shared libraries are backwards-compatible with all older NSS 3.x shared + libraries. A program linked with older NSS 3.x shared libraries will work with + this new version of the shared libraries without recompiling or + relinking. Furthermore, applications that restrict their use of NSS APIs to the + functions listed in NSS Public Functions will remain compatible with future + versions of the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index d279a0dcfc4c..1202e4af40a9 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -22,12 +22,12 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.91" _NSS_CUSTOMIZED " Beta" +#define NSS_VERSION "3.91" _NSS_CUSTOMIZED #define NSS_VMAJOR 3 #define NSS_VMINOR 91 #define NSS_VPATCH 0 #define NSS_VBUILD 0 -#define NSS_BETA PR_TRUE +#define NSS_BETA PR_FALSE #ifndef RC_INVOKED diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index b56ebe5e7e11..8575c29a7493 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -17,11 +17,11 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.91" SOFTOKEN_ECC_STRING " Beta" +#define SOFTOKEN_VERSION "3.91" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 #define SOFTOKEN_VMINOR 91 #define SOFTOKEN_VPATCH 0 #define SOFTOKEN_VBUILD 0 -#define SOFTOKEN_BETA PR_TRUE +#define SOFTOKEN_BETA PR_FALSE #endif /* _SOFTKVER_H_ */ diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index 6ec753104faf..ee1f39fa12ea 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,12 +19,12 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.91 Beta" +#define NSSUTIL_VERSION "3.91" #define NSSUTIL_VMAJOR 3 #define NSSUTIL_VMINOR 91 #define NSSUTIL_VPATCH 0 #define NSSUTIL_VBUILD 0 -#define NSSUTIL_BETA PR_TRUE +#define NSSUTIL_BETA PR_FALSE SEC_BEGIN_PROTOS