NSS 3.11.7 Release Notes
28 May 2007
Contents
Introduction
Network Security Services (NSS) 3.11.7 is a patch release for NSS 3.11. The bug fixes in NSS 3.11.7 are described in the "Bugs Fixed" section below.Distribution Information
The CVS tag for the NSS 3.11.7 release is NSS_3_11_7_RTM. NSS 3.11.7 requires NSPR 4.6.7.See the Documentation section for the build instructions.
NSS 3.11.7 source and binary distributions are also available on ftp.mozilla.org for secure HTTPS download:
- Source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_7_RTM/src/.
- Binary distributions: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_7_RTM/. Both debug and optimized builds are provided. Go to the subdirectory for your platform, DBG (debug) or OPT (optimized), to get the tar.gz or zip file. The tar.gz or zip file expands to an nss-3.11.7 directory containing three subdirectories:
- include - NSS header files
- lib - NSS shared libraries
- bin - NSS Tools and test programs
Bugs Fixed
The following bugs have been fixed in NSS 3.11.7.- Bug 82268: builds use the wrong version of perl
- Bug 129218: memory leaks in tstclnt and strsclnt
- Bug 162748: Signtool fails to sign without using -p option
- Bug 205406: Need a local OCSP cache
- Bug 316925: Key export does not work on tokens with non-sensitive keys that can't wrap.
- Bug 324305: tstclnt unable to resolve hostnames to IP addresses on HPUX 11i
- Bug 331404: NSS may crash in initialization when windows file system contains REALLY OLD files
- Bug 338986: Unauthorized OCSP response error from user's default OCSP responder
- Bug 341121: Coverity 408 sec_PKCS7CreateEncryptObject leaks param & result
- Bug 351767: pk12util cmd with -o and -W options crashes if exportfile is a directory
- Bug 361089: memory leak in mp_bdivmod
- Bug 366557: Small memory leaks in selfserv.
- Bug 367037: Strsclnt doesn't inform user when incorrect cipher set
- Bug 369444: Invalid sidCacheEntry size assertion is failing
- Bug 370062: nss changes for OpenBSD
- Bug 370957: strsclnt doesn't support TLS_RSA_WITH_NULL_SHA
- Bug 371024: Typos in NSS' error strings
- Bug 371160: bogus PKCS12_KEY_USAGE in secoid table
- Bug 371685: allow unsupported critical extensions in special builds
- Bug 373276: Enhance SSL's Bypass feature to withstand failures
- Bug 377362: Export DER_Generalized* and DER_TimeChoice* functions
- Bug 377542: Eliminate duplicate implementation of cert validity time checking
- Bug 378104: certutil crashes creating certs with very long validity
- Bug 378815: DER_TimeToGeneralizedTimeArena and DER_TimeToUTCTime don't check for valid range and may leak
- Bug 379625: Accept SMIME preferences even when they contain NULL parameters
- Bug 380334: CERT_HTMLCertInfo is dead code
- Bug 381317: Unauthorized OCSP response error