tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

nss_3_108.rst (4301B)

      1 .. _mozilla_projects_nss_nss_3_108_release_notes:
      2 
      3 NSS 3.108 release notes
      4 ========================
      5 
      6 `Introduction <#introduction>`__
      7 --------------------------------
      8 
      9 .. container::
     10 
     11   Network Security Services (NSS) 3.108 was released on *4 February 2024**.
     12 
     13 `Distribution Information <#distribution_information>`__
     14 --------------------------------------------------------
     15 
     16 .. container::
     17 
     18   The HG tag is NSS_3_108_RTM. NSS 3.108 requires NSPR 4.35 or newer. The latest version of NSPR is 4.36.
     19 
     20   NSS 3.108 source distributions are available on ftp.mozilla.org for secure HTTPS download:
     21 
     22   -  Source tarballs:
     23      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_108_RTM/src/
     24 
     25   Other releases are available :ref:`mozilla_projects_nss_releases`.
     26 
     27 .. _changes_in_nss_3.108:
     28 
     29 `Changes in NSS 3.108 <#changes_in_nss_3.108>`__
     30 ------------------------------------------------------------------
     31 
     32 .. container::
     33 
     34   - Bug 1923285 - libclang-16 -> libclang-19
     35   - Bug 1939086 - Turn off Secure Email Trust Bit for Security Communication ECC RootCA1.
     36   - Bug 1937332 - Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2.
     37   - Bug 1915902 - Remove SwissSign Silver CA – G2.
     38   - Bug 1938245 - Add D-Trust 2023 TLS Roots to NSS
     39   - Bug 1942301 - fix fips test failure on windows.
     40   - Bug 1935925 - change default sensitivity of KEM keys.
     41   - Bug 1936001 - Part 1: Introduce frida hooks and script,
     42   - Bug 1942350 - add missing arm_neon.h include to gcm.c.
     43   - Bug 1831552 - ci: update windows workers to win2022 r=nss-reviewers,nkulatova NSS_3_108_BETA2
     44   - Bug 1831552 - strip trailing carriage returns in tools tests r=nss-reviewers,nkulatova
     45   - Bug 1880256 - work around unix/windows path translation issues in cert test script r=nss-reviewers,nkulatova
     46   - Bug 1831552 - ci: let the windows setup script work without $m r=nss-reviewers,nkulatova
     47   - Bug 1880255 - detect msys r=nss-reviewers,nkulatova
     48   - Bug 1936680 - add a specialized CTR_Update variant for AES-GCM. r=nss-reviewers,keeler
     49   - Bug 1930807 NSS policy updates - cavs NSS_3_108_BETA1
     50   - Bug 1930806 FIPS changes need to be upstreamed: FIPS 140-3 RNG
     51   - Bug 1930806 FIPS changes need to be upstreamed: Add SafeZero
     52   - Bug 1930806 FIPS changes need to be upstreamed - updated POST
     53   - Bug 1933031 Segmentation fault in SECITEM_Hash during pkcs12 processing
     54   - Bug 1929922 - Extending NSS with LoadModuleFromFunction functionality r=keeler,nss-reviewers
     55   - Bug 1935984 - Ensure zero-initialization of collectArgs.cert, r=djackson,nss-reviewers
     56   - Bug 1934526 - pkcs7 fuzz target use CERT_DestroyCertificate, r=djackson,nss-reviewers
     57   - Bug 1915898 - Fix actual underlying ODR violations issue, r=djackson,nss-reviewers
     58   - Bug 1184059 - mozilla::pkix: allow reference ID labels to begin and/or end with hyphens r=jschanck
     59   - Bug 1927953 - don't look for secmod.db in nssutil_ReadSecmodDB if NSS_DISABLE_DBM is set r=jschanck
     60   - Bug 1934526 - Fix memory leak in pkcs7 fuzz target, r=djackson,nss-reviewers
     61   - Bug 1934529 - Set -O2 for ASan builds in CI, r=djackson,nss-reviewers
     62   - Bug 1934543 - Change branch of tlsfuzzer dependency, r=djackson,nss-reviewers
     63   - Bug 1915898 - Run tests in CI for ASan builds with detect_odr_violation=1, r=djackson,nss-reviewers
     64   - Bug 1934241 - Fix coverage failure in CI, r=djackson,nss-reviewers
     65   - Bug 1934213 - Add fuzzing for delegated credentials, DTLS short header and Tls13BackendEch, r=djackson,nss-reviewers
     66   - Bug 1927142 - Add fuzzing for SSL_EnableTls13GreaseEch and SSL_SetDtls13VersionWorkaround, r=djackson,nss-reviewers
     67   - Bug 1913677 - Part 3: Restructure fuzz/, r=djackson,nss-reviewers
     68   - Bug 1931925 - Extract testcases from ssl gtests for fuzzing, r=djackson,nss-reviewers
     69   - Bug 1923037 - Force Cryptofuzz to use NSS in CI, r=nss-reviewers,nkulatova
     70   - Bug 1923037 - Fix Cryptofuzz on 32 bit in CI, r=nss-reviewers,nkulatova
     71   - Bug 1933154 - Update Cryptofuzz repository link, r=nss-reviewers,nkulatova
     72   - Bug 1926256 - fix build error from 9505f79d r=jschanck
     73   - Bug 1926256 - simplify error handling in get_token_objects_for_cache. r=rrelyea
     74   - Bug 1931973 - nss doc: fix a warning r=bbeurdouche
     75   - Bug 1930797 pkcs12 fixes from RHEL need to be picked up.