#13599 closed enhancement (fixed)
nss-3.53
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | normal | Milestone: | 10.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New minor version.
Change History (9)
comment:1 by , 5 years ago
comment:2 by , 5 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 5 years ago
After encountering a problem that was mostly my doing (and also inspired the /etc/hosts change in LFS), I think I've figured out the tests. We'll use HOST=localhost DOMSUF=localdomain as our values for ./all.sh.
It's worth noting that if you interrupt the tests with Ctrl+C, it'll leave an extra process around (selfserv) that doesn't get killed and causes the tests to crash next time they are run.
comment:5 by , 5 years ago
I've implemented the test suite in the book, and dropped some notes into comments in the XML file.
comment:6 by , 5 years ago
Notable Changes in NSS 3.53
When using the Makefiles, NSS can be built in parallel, speeding up those builds to more similar performance as the build.sh/ninja/gyp system. (Bug 290526)
SEED is now moved into a new freebl directory freebl/deprecated (Bug 1636389).
SEED will be disabled by default in a future release of NSS. At that time, users will need to set the compile-time flag (Bug 1622033) to disable that deprecation in order to use the algorithm.
Algorithms marked as deprecated will ultimately be removed.
Several root certificates in the Mozilla program now set the CKA_NSS_SERVER_DISTRUST_AFTER attribute, which NSS consumers can query to further refine trust decisions. (Bug 1618404, Bug 1621159) If a builtin certificate has a CKA_NSS_SERVER_DISTRUST_AFTER timestamp before the SCT or NotBefore date of a certificate that builtin issued, then clients can elect not to trust it.
This attribute provides a more graceful phase-out for certificate authorities than complete removal from the root certificate builtin store.
Bugs fixed in NSS 3.53
Bug 1640260 - Initialize PBE params (ASAN fix)
Bug 1618404 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Symantec root certs
Bug 1621159 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Consorci AOC, GRCA, and SK ID root certs
Bug 1629414 - PPC64: Correct compilation error between VMX vs. VSX vector instructions
Bug 1639033 - Fix various compile warnings in NSS
Bug 1640041 - Fix a null pointer in security/nss/lib/ssl/sslencode.c:67
Bug 1640042 - Fix a null pointer in security/nss/lib/ssl/sslsock.c:4460
Bug 1638289 - Avoid multiple definitions of SHA{256,384,512}_* symbols when linking libfreeblpriv3.so in Firefox on ppc64le
Bug 1636389 - Relocate deprecated SEED algorithm
Bug 1637083 - lib/ckfw: No such file or directory. Stop.
Bug 1561331 - Additional modular inverse test
Bug 1629553 - Rework and cleanup gmake builds
Bug 1438431 - Remove mkdepend and "depend" make target
Bug 290526 - Support parallel building of NSS when using the Makefiles
Bug 1636206 - HACL* update after changes in libintvector.h
Bug 1636058 - Fix building NSS on Debian s390x, mips64el, and riscv64
Bug 1622033 - Add option to build without SEED
comment:7 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
The nss-standalone patch is broken for this version. I'll make a rebased one.
And there has been a mistake in nss page: the testsuite isn't run during build. The test executables are built but not run. To run it:
The value of
HOSTandDOMSUFshould be replaced with the FQDN we set up in LFS.