NSS 3.11.8 Release Notes
08 November 2007
Contents
- Introduction
- Distribution Information
- New in NSS 3.11.8
- Bugs Fixed
- Documentation
- Compatibility
- Feedback
Introduction
Network Security Services (NSS) 3.11.8 is a patch release for NSS 3.11. The bug fixes in NSS 3.11.8 are described in the "Bugs Fixed" section below.Distribution Information
The CVS tag for the NSS 3.11.8 release is NSS_3_11_8_RTM. NSS 3.11.8 requires NSPR 4.6.8.See the Documentation section for the build instructions.
NSS 3.11.8 source and binary distributions are also available on ftp.mozilla.org for secure HTTPS download:
- Source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_8_RTM/src/.
- Binary distributions: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_8_RTM/. Both debug and optimized builds are provided. Go to the subdirectory for your platform, DBG (debug) or OPT (optimized), to get the tar.gz or zip file. The tar.gz or zip file expands to an nss-3.11.8 directory containing three subdirectories:
- include - NSS header files
- lib - NSS shared libraries
- bin - NSS Tools and test programs
New in NSS 3.11.8
- libssl had the following function added to allow to do automatic bypass:
-
SSL_CanBypass (see ssl.h)
Bugs Fixed
The following bugs have been fixed in NSS 3.11.8.- Bug 51429: RNG_SystemInfoForRNG possible netstat zombie process
- Bug 233932: certutil -T crashes if -h <token> specifies a nonexistant token
- Bug 289979: Three root CA certs don't have explicit CKA_TRUST_STEP_UP_APPROVED flags
- Bug 294555: unexported api calls in p12plcy.h
- Bug 294557: unexported api calls in pkcs12.h
- Bug 301528: RSA certificate request succeeds even when underlying pkcs11 module returns error
- Bug 308275: Leaks related to nssCKFWInstance_CreateMutex
- Bug 325672: NSS needs a function to indicate usability of the bypass feature
- Bug 338688: NSS allocation functions don't always set SEC_ERROR_NO_MEMORY
- Bug 351769: pk12util leaks password strings
- Bug 352929: Remove unused function DER_Decode
- Bug 366553: libSSL leaks global array of trusted client auth CA names
- Bug 376748: Infinite loop in CERT_CertChainFromCert
- Bug 376894: Make DEBUG_PKCS11 work for optimized builds
- Bug 378489: Add multiple new roots to NSS
- Bug 381718: Bug in PK11_ListPrivKeysInSlot
- Bug 387052: OOM crash in softoken
- Bug 388824: Misaligned structures in pkcs11 result in crash on 64-bit Windows
- Bug 390187: PK11_FindCertFromNickname sets no error code when token not found
- Bug 392208: PK11_FindCertByIssuerAndSN must validate input arguments (Tbird crashes with bug 379190 testcase)
- Bug 392846: Do not send hello extensions when using SSL v3.0
- Bug 394040: Tstclnt crashed in NISCC testing.
- Bug 394202: ssl_GetPrivate can corrupt non-SSL private structures
- Bug 394271: two public SSL functions require PRFD* to point to SSL layer
- Bug 396653: Get rid of lib/asn1
- Bug 400119: Fix UMRs in getLibName()
- Bug 400711: SSL_CanBypass leaks memory
- Bug 401057: crmftest crashes in crmf_copy_bitstring
- Bug 401071: pk11mode crashes on Win64