index.rst (12028B)
1 .. _mozilla_projects_nss_nss_3_12_1_release_notes_html: 2 3 NSS_3.12.1_release_notes.html 4 ============================= 5 6 .. _nss_3.12.1_release_notes: 7 8 `NSS 3.12.1 Release Notes <#nss_3.12.1_release_notes>`__ 9 -------------------------------------------------------- 10 11 .. container:: 12 13 .. _2008-09-05: 14 15 `2008-09-05 <#2008-09-05>`__ 16 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 17 18 .. container:: 19 20 Newsgroup: `mozilla.dev.tech.crypto <news://news.mozilla.org/mozilla.dev.tech.crypto>`__ 21 22 `Contents <#contents>`__ 23 ~~~~~~~~~~~~~~~~~~~~~~~~ 24 25 .. container:: 26 27 - `Introduction <#introduction>`__ 28 - `Distribution Information <#distribution_information>`__ 29 - `New in NSS 3.12.1 <#new_in_nss_3.12.1>`__ 30 - `Bugs Fixed <#bugs_fixed>`__ 31 - `Documentation <#documentation>`__ 32 - `Compatibility <#compatibility>`__ 33 - `Feedback <#feedback>`__ 34 35 -------------- 36 37 `Introduction <#introduction>`__ 38 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 39 40 .. container:: 41 42 Network Security Services (NSS) 3.12.1 is a patch release for NSS 3.12. The bug fixes in NSS 43 3.12.1 are described in the "`Bugs Fixed <#bugsfixed>`__" section below. 44 NSS 3.12.1 is tri-licensed under the MPL 1.1/GPL 2.0/LGPL 2.1. 45 46 -------------- 47 48 49 50 `Distribution Information <#distribution_information>`__ 51 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 52 53 .. container:: 54 55 The CVS tag for the NSS 3.12.1 release is NSS_3_12_1_RTM. NSS 3.12.1 requires `NSPR 56 4.7.1 <https://www.mozilla.org/projects/nspr/release-notes/nspr471.html>`__. 57 See the `Documentation <#docs>`__ section for the build instructions. 58 NSS 3.12.1 source and binary distributions are also available on ftp.mozilla.org for secure HTTPS 59 download: 60 61 - Source tarballs: 62 https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_1_RTM/src/. 63 - Binary distributions: 64 https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_1_RTM/. Both debug and 65 optimized builds are provided. Go to the subdirectory for your platform, DBG (debug) or OPT 66 (optimized), to get the tar.gz or zip file. The tar.gz or zip file expands to an nss-3.12.1 67 directory containing three subdirectories: 68 69 - include - NSS header files 70 - lib - NSS shared libraries 71 - bin - `NSS Tools <https://www.mozilla.org/projects/security/pki/nss/tools/>`__ and test 72 programs 73 74 You also need to download the NSPR 4.7.1 binary distributions to get the NSPR 4.7.1 header files 75 and shared libraries, which NSS 3.12.1 requires. NSPR 4.7.1 binary distributions are in 76 https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.7.1/. 77 78 -------------- 79 80 .. _new_in_nss_3.12.1: 81 82 `New in NSS 3.12.1 <#new_in_nss_3.12.1>`__ 83 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 84 85 .. container:: 86 87 - New functions in the nss shared library: 88 89 CERT_NameToAsciiInvertible (see cert.h) 90 Convert an CERTName into its RFC1485 encoded equivalent. 91 Returns a string that must be freed with PORT_Free(). 92 Caller chooses encoding rules. 93 CERT_EncodeSubjectKeyID (see cert.h) 94 Encode Certificate SKID (Subject Key ID) extension. 95 PK11_GetAllSlotsForCert (see pk11pub.h) 96 PK11_GetAllSlotsForCert returns all the slots that a given certificate 97 exists on, since it's possible for a cert to exist on more than one 98 PKCS#11 token. 99 100 - Levels of standards conformance strictness for CERT_NameToAsciiInvertible (see certt.h) 101 102 CERT_N2A_READABLE 103 (maximum human readability) 104 CERT_N2A_STRICT 105 (strict RFC compliance) 106 CERT_N2A_INVERTIBLE 107 (maximum invertibility) 108 109 -------------- 110 111 .. _bugs_fixed: 112 113 `Bugs Fixed <#bugs_fixed>`__ 114 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 115 116 .. container:: 117 118 The following bugs have been fixed in NSS 3.12.1. 119 120 - `Bug 67890 <https://bugzilla.mozilla.org/show_bug.cgi?id=67890>`__: create self-signed cert 121 with existing key that signed CSR 122 - `Bug 129303 <https://bugzilla.mozilla.org/show_bug.cgi?id=129303>`__: NSS needs to expose 123 interfaces to deal with multiple token sources of certs. 124 - `Bug 311432 <https://bugzilla.mozilla.org/show_bug.cgi?id=311432>`__: ECC's ECL_USE_FP code 125 (for Linux x86) fails pairwise consistency test 126 - `Bug 330622 <https://bugzilla.mozilla.org/show_bug.cgi?id=330622>`__: certutil's usage 127 messages incorrectly document certain options 128 - `Bug 330628 <https://bugzilla.mozilla.org/show_bug.cgi?id=330628>`__: coreconf/Linux.mk should 129 \_not\_ default to x86 but result in an error if host is not recognized 130 - `Bug 359302 <https://bugzilla.mozilla.org/show_bug.cgi?id=359302>`__: Remove the sslsample 131 code from NSS source tree 132 - `Bug 372241 <https://bugzilla.mozilla.org/show_bug.cgi?id=372241>`__: Need more versatile form 133 of CERT_NameToAscii 134 - `Bug 390296 <https://bugzilla.mozilla.org/show_bug.cgi?id=390296>`__: NSS ignores subject CN 135 even when SAN contains no dNSName 136 - `Bug 401928 <https://bugzilla.mozilla.org/show_bug.cgi?id=401928>`__: Support generalized 137 PKCS#5 v2 PBEs 138 - `Bug 403543 <https://bugzilla.mozilla.org/show_bug.cgi?id=403543>`__: pkix: need a way to 139 enable/disable AIA cert fetching 140 - `Bug 408847 <https://bugzilla.mozilla.org/show_bug.cgi?id=408847>`__: pkix_OcspChecker_Check 141 does not support specified responder (and given signercert) 142 - `Bug 414003 <https://bugzilla.mozilla.org/show_bug.cgi?id=414003>`__: Crash [[@ 143 CERT_DecodeCertPackage] sometimes with this testcase 144 - `Bug 415167 <https://bugzilla.mozilla.org/show_bug.cgi?id=415167>`__: Memory leak in certutil 145 - `Bug 417399 <https://bugzilla.mozilla.org/show_bug.cgi?id=417399>`__: Arena Allocation results 146 are not checked in pkix_pl_InfoAccess_ParseLocation 147 - `Bug 420644 <https://bugzilla.mozilla.org/show_bug.cgi?id=420644>`__: Improve SSL tracing of 148 key derivation 149 - `Bug 426886 <https://bugzilla.mozilla.org/show_bug.cgi?id=426886>`__: Use const char\* in 150 PK11_ImportCertForKey 151 - `Bug 428103 <https://bugzilla.mozilla.org/show_bug.cgi?id=428103>`__: CERT_EncodeSubjectKeyID 152 is not defined in any public header file 153 - `Bug 429716 <https://bugzilla.mozilla.org/show_bug.cgi?id=429716>`__: debug builds of libPKIX 154 unconditionally dump socket traffic to stdout 155 - `Bug 430368 <https://bugzilla.mozilla.org/show_bug.cgi?id=430368>`__: vfychain -t option is 156 undocumented 157 - `Bug 430369 <https://bugzilla.mozilla.org/show_bug.cgi?id=430369>`__: vfychain -o succeeds 158 even if -pp is not specified 159 - `Bug 430399 <https://bugzilla.mozilla.org/show_bug.cgi?id=430399>`__: vfychain -pp crashes 160 - `Bug 430405 <https://bugzilla.mozilla.org/show_bug.cgi?id=430405>`__: Error log is not 161 produced by CERT_PKIXVerifyCert 162 - `Bug 430743 <https://bugzilla.mozilla.org/show_bug.cgi?id=430743>`__: Update ssltap to 163 understand the TLS session ticket extension 164 - `Bug 430859 <https://bugzilla.mozilla.org/show_bug.cgi?id=430859>`__: PKIX: Policy mapping 165 fails verification with error invalid arguments 166 - `Bug 430875 <https://bugzilla.mozilla.org/show_bug.cgi?id=430875>`__: Document the policy for 167 the order of cipher suites in SSL_ImplementedCiphers. 168 - `Bug 430916 <https://bugzilla.mozilla.org/show_bug.cgi?id=430916>`__: add sustaining asserts 169 - `Bug 431805 <https://bugzilla.mozilla.org/show_bug.cgi?id=431805>`__: leak in 170 NSSArena_Destroy() 171 - `Bug 431929 <https://bugzilla.mozilla.org/show_bug.cgi?id=431929>`__: Memory leaks on error 172 paths in devutil.c 173 - `Bug 432303 <https://bugzilla.mozilla.org/show_bug.cgi?id=432303>`__: Replace PKIX_PL_Memcpy 174 with memcpy 175 - `Bug 433177 <https://bugzilla.mozilla.org/show_bug.cgi?id=433177>`__: Fix the GCC compiler 176 warnings in lib/util and lib/freebl 177 - `Bug 433437 <https://bugzilla.mozilla.org/show_bug.cgi?id=433437>`__: vfychain ignores the -a 178 option 179 - `Bug 433594 <https://bugzilla.mozilla.org/show_bug.cgi?id=433594>`__: Crash destroying OCSP 180 Cert ID [[@ CERT_DestroyOCSPCertID ] 181 - `Bug 434099 <https://bugzilla.mozilla.org/show_bug.cgi?id=434099>`__: NSS relies on unchecked 182 PKCS#11 object attribute values 183 - `Bug 434187 <https://bugzilla.mozilla.org/show_bug.cgi?id=434187>`__: Fix the GCC compiler 184 warnings in nss/lib 185 - `Bug 434398 <https://bugzilla.mozilla.org/show_bug.cgi?id=434398>`__: libPKIX cannot find 186 issuer cert immediately after checking it with OCSP 187 - `Bug 434808 <https://bugzilla.mozilla.org/show_bug.cgi?id=434808>`__: certutil -B deadlock 188 when importing two or more roots 189 - `Bug 434860 <https://bugzilla.mozilla.org/show_bug.cgi?id=434860>`__: Coverity 1150 - dead 190 code in ocsp_CreateCertID 191 - `Bug 436428 <https://bugzilla.mozilla.org/show_bug.cgi?id=436428>`__: remove unneeded assert 192 from sec_PKCS7EncryptLength 193 - `Bug 436430 <https://bugzilla.mozilla.org/show_bug.cgi?id=436430>`__: Make NSS public headers 194 compilable with NO_NSPR_10_SUPPORT defined 195 - `Bug 436577 <https://bugzilla.mozilla.org/show_bug.cgi?id=436577>`__: uninitialized variable 196 in sec_pkcs5CreateAlgorithmID 197 - `Bug 438685 <https://bugzilla.mozilla.org/show_bug.cgi?id=438685>`__: libpkix doesn't try all 198 the issuers in a bridge with multiple certs 199 - `Bug 438876 <https://bugzilla.mozilla.org/show_bug.cgi?id=438876>`__: signtool is still using 200 static libraries. 201 - `Bug 439123 <https://bugzilla.mozilla.org/show_bug.cgi?id=439123>`__: Assertion failure in 202 libpkix at shutdown 203 - `Bug 440062 <https://bugzilla.mozilla.org/show_bug.cgi?id=440062>`__: incorrect list element 204 count in PKIX_List_AppendItem function 205 - `Bug 442618 <https://bugzilla.mozilla.org/show_bug.cgi?id=442618>`__: Eliminate dead function 206 CERT_CertPackageType 207 - `Bug 443755 <https://bugzilla.mozilla.org/show_bug.cgi?id=443755>`__: Extra semicolon in 208 PKM_TLSKeyAndMacDerive makes conditional code unconditional 209 - `Bug 443760 <https://bugzilla.mozilla.org/show_bug.cgi?id=443760>`__: Extra semicolon in 210 SeqDatabase makes static analysis tool suspicious 211 - `Bug 448323 <https://bugzilla.mozilla.org/show_bug.cgi?id=448323>`__: certutil -K doesn't 212 report the token and slot names for found keys 213 - `Bug 448324 <https://bugzilla.mozilla.org/show_bug.cgi?id=448324>`__: ocsp checker returns 214 incorrect error code on request with invalid signing cert 215 - `Bug 449146 <https://bugzilla.mozilla.org/show_bug.cgi?id=449146>`__: Remove dead libsec 216 function declarations 217 - `Bug 453227 <https://bugzilla.mozilla.org/show_bug.cgi?id=453227>`__: installation of 218 PEM-encoded certificate without trailing newline fails 219 220 -------------- 221 222 `Documentation <#documentation>`__ 223 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 224 225 .. container:: 226 227 For a list of the primary NSS documentation pages on mozilla.org, see `NSS 228 Documentation <../index.html#Documentation>`__. New and revised documents available since the 229 release of NSS 3.11 include the following: 230 231 - `Build Instructions for NSS 3.11.4 and above <../nss-3.11.4/nss-3.11.4-build.html>`__ 232 - `NSS Shared DB <http://wiki.mozilla.org/NSS_Shared_DB>`__ 233 234 -------------- 235 236 `Compatibility <#compatibility>`__ 237 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 238 239 .. container:: 240 241 NSS 3.12.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A 242 program linked with older NSS 3.x shared libraries will work with NSS 3.12.1 shared libraries 243 without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs 244 to the functions listed in `NSS Public Functions <../ref/nssfunctions.html>`__ will remain 245 compatible with future versions of the NSS shared libraries. 246 247 -------------- 248 249 `Feedback <#feedback>`__ 250 ~~~~~~~~~~~~~~~~~~~~~~~~ 251 252 .. container:: 253 254 Bugs discovered should be reported by filing a bug report with `mozilla.org 255 Bugzilla <https://bugzilla.mozilla.org/>`__ (product NSS).