Source code

Revision control

Copy as Markdown

Other Tools

.. _mozilla_projects_nss_nss_3_59_release_notes:
NSS 3.59 release notes
======================
`Introduction <#introduction>`__
--------------------------------
.. container::
The NSS team has released Network Security Services (NSS) 3.59 on **13 November 2020**, which is
a minor release.
`Distribution Information <#distribution_information>`__
--------------------------------------------------------
.. container::
The HG tag is NSS_3_59_RTM. NSS 3.59 requires NSPR 4.29 or newer.
NSS 3.59 source distributions are available on ftp.mozilla.org for secure HTTPS download:
- Source tarballs:
Other releases are available :ref:`mozilla_projects_nss_nss_releases`.
.. _notable_changes_in_nss_3.59:
`Notable Changes in NSS 3.59 <#notable_changes_in_nss_3.59>`__
--------------------------------------------------------------
.. container::
- Exported two existing functions from libnss, CERT_AddCertToListHeadWithData and
CERT_AddCertToListTailWithData
.. _build_requirements:
`Build Requirements <#build_requirements>`__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
- NSS will soon require GCC 4.8 or newer. Gyp-based builds will stop supporting older GCC
versions in the next release, NSS 3.60 planned for December, followed later by the make-based
builds. Users of older GCC versions can continue to use the make-based build system while they
upgrade to newer versions of GCC.
.. _bugs_fixed_in_nss_3.59:
`Bugs fixed in NSS 3.59 <#bugs_fixed_in_nss_3.59>`__
----------------------------------------------------
.. container::
cert->nssCertificate to prevent a potential data race
cases for HMAC, HKDF, and DSA
token in nssSlot_IsTokenPresent
disabling signatures via Crypto Policy
failures on SHA1 self-signed root certs when SHA1 signatures are disabled.
SelectedCipherSuiteReplacer filter to solve some test intermittents
CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord
wrap/unwrap with RSA-OAEP
Solaris
CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss
CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys
when using NSS debug builds
extension for AES, SHA1 and SHA2 on MacOS.
This Bugzilla query returns all the bugs fixed in NSS 3.59:
`Compatibility <#compatibility>`__
----------------------------------
.. container::
NSS 3.59 shared libraries are backward compatible with all older NSS 3.x shared libraries. A
program linked with older NSS 3.x shared libraries will work with NSS 3.59 shared libraries
without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
to the functions listed in NSS Public Functions will remain compatible with future versions of
the NSS shared libraries.
`Feedback <#feedback>`__
------------------------
.. container::
Bugs discovered should be reported by filing a bug report with
`bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).