[ANNOUNCE] NSS 3.44 Release

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[ANNOUNCE] NSS 3.44 Release

JC Jones
The NSS team has released Network Security Services (NSS) 3.44 on 10 May 2019, which is a minor release.

The NSS team would like to recognize first-time contributors: Kevin Jacobs, David Carlier, Alexander Scheel, and Edouard Oger.

The HG tag is NSS_3_44_RTM. NSS 3.44 requires NSPR 4.21 or newer.

NSS 3.44 source distributions are available on ftp.mozilla.org for secure HTTPS download:

    https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_44_RTM/src/

New Functions:

    in lib/certdb/cert.h
        CERT_GetCertificateDer - Access the DER-encoded form of a CERTCertificate.

Notable Changes in NSS 3.44:

   * It is now possible to build NSS as a static library (Bug 1543545)
   * Initial support for building for iOS.

Bugs fixed in NSS 3.44:

   * 1501542 - Implement CheckARMSupport for Android
   * 1531244 - Use __builtin_bswap64 in crypto_primitives.h
   * 1533216 - CERT_DecodeCertPackage() crash with Netscape Certificate Sequences
   * 1533616 - sdb_GetAttributeValueNoLock should make at most one sql query, rather than one for each attribute
   * 1531236 - Provide accessor for CERTCertificate.derCert
   * 1536734 - lib/freebl/crypto_primitives.c assumes a big endian machine
   * 1532384 - In NSS test certificates, use @example.com (not @bogus.com)
   * 1538479 - Post-Handshake messages after async server authentication break when using record layer separation
   * 1521578 - x25519 support in pk11pars.c
   * 1540205 - freebl build fails with -DNSS_DISABLE_CHACHAPOLY
   * 1532312 - post-handshake auth doesn't interoperate with OpenSSL
   * 1542741 - certutil -F crashes with segmentation fault
   * 1546925 - Allow preceding text in try comment
   * 1534468 - Expose ChaCha20 primitive
   * 1418944 - Quote CC/CXX variables passed to nspr
   * 1543545 - Allow to build NSS as a static library
   * 1487597 - Early data that arrives before the handshake completes can be read afterwards
   * 1548398 - freebl_gtest not building on Linux/Mac
   * 1548722 - Fix some Coverity warnings
   * 1540652 - softoken/sdb.c: Logically dead code
   * 1549413 - Android log lib is not included in build
   * 1537927 - IPsec usage is too restrictive for existing deployments
   * 1549608 - Signature fails with dbm disabled
   * 1549848 - Allow building NSS for iOS using gyp
   * 1549847 - NSS's SQLite compilation warnings make the build fail on iOS
   * 1550041 - freebl not building on iOS simulator
   * 1542950 - MacOS cipher test timeouts

This Bugzilla query returns all the bugs fixed in NSS 3.44:

https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.44

Please refer to the release notes for the complete list of changes:
  https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: [ANNOUNCE] NSS 3.44 Release

Miklos Vajna
Hi,

On Wed, May 15, 2019 at 07:52:51AM -0700, JC Jones <[hidden email]> wrote:
>    * It is now possible to build NSS as a static library (Bug 1543545)

Is it possible to use this static mode when building via the provided
Makefile?

Thanks,

Miklos

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [ANNOUNCE] NSS 3.44 Release

Martin Thomson
On Thu, May 16, 2019 at 2:03 PM Miklos Vajna <[hidden email]> wrote:

> Is it possible to use this static mode when building via the provided
> Makefile?
>

No.  We're gradually phasing out support for Makefiles.  They are very hard
to maintain.
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: [ANNOUNCE] NSS 3.44 Release

Paul Wouters
On Thu, 16 May 2019, Martin Thomson wrote:

> On Thu, May 16, 2019 at 2:03 PM Miklos Vajna <[hidden email]> wrote:
>
>> Is it possible to use this static mode when building via the provided
>> Makefile?
>>
>
> No.  We're gradually phasing out support for Makefiles.  They are very hard
> to maintain.

Wait, what?

They need work to make them simpler and better support cross compiling
for sure, but getting rid of them would really hamper our use of NSS
on different platforms. How would you support that without Makefiles?

Paul
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: [ANNOUNCE] NSS 3.44 Release

JC Jones
On Thursday, May 16, 2019 at 9:28:39 AM UTC-7, Paul Wouters wrote:

> Wait, what?
>
> They need work to make them simpler and better support cross compiling
> for sure, but getting rid of them would really hamper our use of NSS
> on different platforms. How would you support that without Makefiles?
>
> Paul

'build.sh' uses ninja-build and gyp rather than the Makefiles. I know those tools don't have total platform coverage yet, but it's getting close.

What platforms are you using that aren't covered? It's almost certainly easier to improve those tools than it is to revamp the Makefiles.

J.C.
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: [ANNOUNCE] NSS 3.44 Release

Robert Relyea
On 05/17/2019 08:54 AM, JC Jones wrote:

> On Thursday, May 16, 2019 at 9:28:39 AM UTC-7, Paul Wouters wrote:
>
>> Wait, what?
>>
>> They need work to make them simpler and better support cross compiling
>> for sure, but getting rid of them would really hamper our use of NSS
>> on different platforms. How would you support that without Makefiles?
>>
>> Paul
> 'build.sh' uses ninja-build and gyp rather than the Makefiles. I know those tools don't have total platform coverage yet, but it's getting close.
>
> What platforms are you using that aren't covered? It's almost certainly easier to improve those tools than it is to revamp the Makefiles.

Except Makefiles still work and are how RH builds NSS. I'm sympathetic
to how gyp files makes mozilla's life easier, but we get zero benefit
from them, so we need a nice long discussion before we 'start to phase
out' makefiles.

Please don't make these kinds of decisions and announcements without
some concurrence from us.


bob
>
> J.C.


--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto