NSS 3.11.2 Release Notes
25 June 2006
Contents
Introduction
Network Security Services (NSS) 3.11.2 is a patch release for NSS 3.11. The bug fixes in NSS 3.11.2 are described in the "Bugs Fixed" section below.Distribution Information
The CVS tag for the NSS 3.11.2 release is NSS_3_11_2_RTM. NSS 3.11.2 requires NSPR 4.6.2.See the Documentation section for the build instructions.
NSS 3.11.2 source and binary distributions are also available on ftp.mozilla.org for secure HTTPS download:
- Source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_2_RTM/src/.
- Binary distributions: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_2_RTM/. Both debug and optimized builds are provided. Go to the subdirectory for your platform, DBG (debug) or OPT (optimized), to get the tar.gz or zip file. The tar.gz or zip file expands to an nss-3.11.2 directory containing three subdirectories:
- include - NSS header files
- lib - NSS shared libraries
- bin - NSS Tools and test programs
Bugs Fixed
The following bugs have been fixed in NSS 3.11.2.- Bug 298506: Implement logging for auditable events required by FIPS 140-2
- Bug 298522: Implement more power-up self tests
- Bug 326637: Unnecessary request of PKCS11 device password while verifying certificates
- Bug 333555: Coverity Crash if item is null [[@ sec_asn1d_prepare_for_contents]
- Bug 333917: The non-x86 code in desblapi.c seems to violate ANSI C strict aliasing rules
- Bug 333925: NSS Solaris build compiled with Forte 6 update 2 fails the AES ECB Decrypt and AES CBC Decrypt tests in cipher.sh; and may not run on Ultrasparc I and II
- Bug 334274: double free in CRMF_EncryptedKeyGetEncryptedValue
- Bug 334448: oom Crash in crmf_copy_cert_req_msg
- Bug 334679: Duplicate line in ec_GF2m_validate_point
- Bug 335021: incorrect smime_encryptionkeypref_template leads to QuickDER decoding failure
- Bug 335036: NSS_Shutdown() does not check that NSS is initialized
- Bug 335748: ECC support for mozilla.
- Bug 336198: Leak in NSResOpenTable & NSResCreateTable (dbm/src/nsres.c)
- Bug 336466: Coverity oom crash [[@ CERT_DecodeAuthKeyID]
- Bug 336475: Coverity NSC_VerifyInit error paths don't free info
- Bug 336477: Coverity CERT_UncacheCRL variable named returned is not freed if !removed
- Bug 336481: Coverity oom crash [[@ crmf_copy_cert_req_msg]
- Bug 336482: Coverity crash or hopefully deadcode [[@ crmf_copy_poposigningkey] because Pointer destPopoSignKey dereferenced before NULL check
- Bug 336483: Coverity crash or hopefully deadcode [[@ crmf_copy_popoprivkey] because Pointer destPrivKey dereferenced before NULL check
- Bug 336485: coverity thinks that nssPKIObject_GetInstances could return null which would lead to a crash [[@ listCertsCallback]
- Bug 336932: Coverity 163
- Bug 336934: Coverity 173
- Bug 336935: Coverity 172
- Bug 336937: Coverity 171
- Bug 336938: Coverity 170
- Bug 336971: Coverity crash [[@ SEC_PKCS12DecoderGetCerts] p12dcx Pointer dereferenced before NULL check
- Bug 336972: Coverity OOM crash [[@ PK11_ImportDERPrivateKeyInfoAndReturnKey] pki Pointer allocated by PORT_NewArena dereferenced without NULL check
- Bug 336981: Coverity crash [[@ PORT_Strlen - nss_FindExternalRootPaths] secmodprefix Pointer dereferenced before NULL check
- Bug 336982: Useless null check of ss in ssl3_config_match_init
- Bug 336992: crash [[@ pk11_DoKeys] arg Pointer dereferenced before NULL check
- Bug 336995: Coverity crash [[@ header_length - der_encode - DER_encode] dtemplate->sub Pointer dereferenced before NULL check
- Bug 337008: Coverity OOM crash [[@ nssList_Add - STAN_InitTokenForSlotInfo - STAN_LoadDefaultNSS3TrustDomain][[@ nssList_Clone - nssList_CreateIterator - STAN_LoadDefaultNSS3TrustDomain] Dereferencing possibly NULL (td)->tokenList
- Bug 337009: Coverity OOM crash [[@ nssList_Count - nssTrustDomain_GetCertsFromCache] Dereferencing possibly NULL certList
- Bug 337011: Coverity OOM crash [[@ sftk_handleKeyObject][[@ sftk_handleKeyParameterObject] Dereferencing possibly NULL attribute
- Bug 337014: Coverity OOM crash [[@ PORT_ArenaAlloc - PK11_PQG_ParamGenSeedLen][[@ PORT_ArenaAlloc - PK11_PQG_ParamGenSeedLen] Dereferencing possibly NULL varena
- Bug 337025: Coverity 411
- Bug 337027: Coverity 506
- Bug 337080: Coverity 681
- Bug 337083: Coverity 508
- Bug 337085: Coverity 447
- Bug 337086: Coverity 446
- Bug 337098: Coverity crash [[@ PK11_FreeSymKey - pk11_KeyExchange] confused logic
- Bug 337099: Coverity Crash [[@ PK11_ParamFromIV] Variable iv tracked as NULL was dereferenced.
- Bug 337101: Coverity Crash [[@ nssPKIObject_Destroy - nssSMIMEProfile_Create] Variable object tracked as NULL was passed to a function that dereferences it.
- Bug 337104: Coverity OOM Crash [[@ ssl2_QualifyCypherSpecs][[@ ssl2_ChooseSessionCypher] Variable ms tracked as NULL was dereferenced.
- Bug 337105: Coverity Crash [[@ ssl2_ChooseSessionCypher] Variable (ss)->preferredCipher tracked as NULL was dereferenced.
- Bug 337110: Coverity OOM Crash and memory leak [[@ PK11_CreatePBEParams]
- Bug 337154: Coverity 321
- Bug 337326: Coverity Leak in nsslowcert_UpdateSubjectEmailAddr (security/nss/lib/softoken/pcertdb.c)
- Bug 337332: Coverity Leak in OpenNewDB (security/nss/lib/softoken/keydb.c)
- Bug 337495: Coverity Double free in CRMF_CertReqMsgSetSignaturePOP (security/nss/lib/crmf/crmfpop.c)
- Bug 337789: PK11_ functions that find objects fail when user not logged in and softoken is in FIPS140 mode
- Bug 337887: mingw build failure in sslsock.c
- Bug 338201: Coverity Leak in DPCache_Create (security/nss/lib/certdb/crl.c)
- Bug 338214: Reference leak in selfserv in FIPS140-2 mode
- Bug 338325: Fix for 80092 uncovered latent SSL writev non-blocking socket bug
- Bug 338352: Coverity Leak and OOM crash in PK11_PubDeriveWithKDF (security/nss/lib/pk11wrap/pk11skey.c)
- Bug 338356: Coverity Leak in PK11_TokenKeyGenWithFlags (security/nss/lib/pk11wrap/pk11skey.c)
- Bug 338552: Add StartCom CA certificate to NSS
- Bug 338599: NSS ECDSA signature length incompatible with other implementations for some curves
- Bug 338798: selfserv reports error -12272 SSL_ERROR_BAD_MAC_ALERT in QA stress tests
- Bug 339886: Coverity param leaked at NSS_CMSCipherContext_StartEncrypt(nss/lib/smime/cmscipher.c)
- Bug 339908: Coverity 3 NULL ptr crashes when PK11_GetBestSlot returns NULL
- Bug 339913: Coverity OOM leak in sec_asn1d_add_to_subitems
- Bug 339914: Coverity leak in NSS_CMSEncoder_Start error paths
- Bug 339916: Coverity 464
- Bug 339919: Coverity 905
- Bug 340018: Coverity 222 & 223
- Bug 340183: Add the Netlock Class QA root certificate
- Bug 340909: certutil batch mode is not in usage and should be command rather than option
- Bug 341111: NSS 3.11.1 libnssckbi.so built with Forte 6 update 2 doesn't have version strings.
- Bug 341455: Crash in pk12util on Windows; pk12util and certutil test failures on other platforms
- Bug 341573: ECDHE SSL tests fail on UltraSparc with Studio 11 and -fsimple=2 option
- Bug 341590: In FIPS mode