tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

nss_3_112_2.rst (3409B)

      1 .. _mozilla_projects_nss_nss_3_112_2_release_notes:
      2 
      3 NSS 3.112.2 release notes
      4 =========================
      5 
      6 `Introduction <#introduction>`__
      7 --------------------------------
      8 
      9 .. container::
     10 
     11   Network Security Services (NSS) 3.112.2 was released on *3 October 2025**.
     12 
     13 `Distribution Information <#distribution_information>`__
     14 --------------------------------------------------------
     15 
     16 .. container::
     17 
     18   The HG tag is NSS_3_112_2_RTM. NSS 3.112.2 requires NSPR 4.36 or newer.
     19 
     20   NSS 3.112.2 source distributions are available on ftp.mozilla.org for secure HTTPS download:
     21 
     22   -  Source tarballs:
     23      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_112_2_RTM/src/
     24 
     25   Other releases are available :ref:`mozilla_projects_nss_releases`.
     26 
     27 .. _changes_in_nss_3.112.2:
     28 
     29 `Changes in NSS 3.112.2 <#changes_in_nss_3.112.2>`__
     30 ------------------------------------------------------------------
     31 
     32 .. container::
     33 
     34   - Bug 1970079 - Prevent leaks during pkcs12 decoding.
     35   - Bug 1988046 - SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates.
     36   - Bug 1992218 - fix memory leak in secasn1decode_unittest.cc.
     37   - Bug 1988913 - Add OISTE roots.
     38   - Bug 1976051 - Add runbook for certdata.txt changes.
     39   - Bug 1991666 - dbtool: close databases before shutdown.
     40   - Bug 1956754 - don't flush base64 when buffer is null.
     41   - Bug 1989541 - Set `use_pkcs5_pbkd2_params2_only=1` for fuzzing builds.
     42   - Bug 1989480 - mozilla::pkix: recognize the qcStatements extension for QWACs.
     43   - Bug 1980465 - Fix a big-endian-problematic cast in zlib calls.
     44   - Bug 1962321 - Revert removing out/ directory after ossfuzz build.
     45   - Bug 1988524 - Add Cryptofuzz to OSS-Fuzz build.
     46   - Bug 1984704 - Add PKCS#11 trust tests.
     47   - Bug 1983308 - final disable dsa patch cert.sh.
     48   - Bug 1983320 - ml-dsa: move tls 1.3 to use streaming signatures.
     49   - Bug 1983320 - ml-dsa: Prep Create a FindOidTagByString function.
     50   - Bug 1983320 - ml-dsa: softoken changes.
     51   - Bug 1983320 - ml-dsa: der key decode.
     52   - Bug 1983320 - ml-dsa: Prep colapse the overuse of keyType outside of pk11wrap and cryptohi.
     53   - Bug 1983320 - ml-dsa: Prep Create a CreateSignatureAlgorithmID function.
     54   - Bug 1983308 - disable DSA in NSS script tests.
     55   - Bug 1983308 - Disabling of some algorithms: generic cert.sh.
     56   - Bug 1981046 - Need to update to new mechanisms.
     57   - Bug 1983320 - Add ML-DSA public key printing support in NSS command-line utilities.
     58   - Bug 1986802 - note embedded scts before revocation checks are performed.
     59   - Bug 1983320 - Add support for ML-DSA keys and mechanisms in PKCS#11 interface.
     60   - Bug 1983320 - Add support for ML-DSA key type and public key structure.
     61   - Bug 1983320 - Enable ML-DSA integration via OIDs support and SECMOD flag.
     62   - Bug 1983308 - disable kyber.
     63   - Bug 1965329 - Implement PKCS #11 v3.2 PQ functions (use verify signature).
     64   - Bug 1983308 - Disable dsa - gtests.
     65   - Bug 1983313 - make group and scheme support in test tools generic.
     66   - Bug 1983770 - Create GH workflow to automatically close PRs.
     67   - Bug 1983308 - Disable dsa - base code.
     68   - Bug 1983308 - Disabling of some algorithms: remove dsa from pk11_mode.
     69   - Bug 1983308 - Disable seed and RC2 bug fixes.
     70   - Bug 1982742 - restore support for finding certificates by decoded serial number.
     71   - Bug 1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups.