Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#13599 closed enhancement (fixed)

nss-3.53

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: normal Milestone: 10.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (9)

comment:1 by Xi Ruoyao, 4 years ago

The nss-standalone patch is broken for this version. I'll make a rebased one.

And there has been a mistake in nss page: the testsuite isn't run during build. The test executables are built but not run. To run it:

cd tests &&
HOST=example DOMSUF=org ./all.sh

The value of HOST and DOMSUF should be replaced with the FQDN we set up in LFS.

comment:2 by Douglas R. Reno, 4 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:3 by Douglas R. Reno, 4 years ago

Thank you Xi for the rebased patch

comment:4 by Douglas R. Reno, 4 years ago

After encountering a problem that was mostly my doing (and also inspired the /etc/hosts change in LFS), I think I've figured out the tests. We'll use HOST=localhost DOMSUF=localdomain as our values for ./all.sh.

It's worth noting that if you interrupt the tests with Ctrl+C, it'll leave an extra process around (selfserv) that doesn't get killed and causes the tests to crash next time they are run.

comment:5 by Douglas R. Reno, 4 years ago

I've implemented the test suite in the book, and dropped some notes into comments in the XML file.

comment:6 by Douglas R. Reno, 4 years ago

Notable Changes in NSS 3.53

    When using the Makefiles, NSS can be built in parallel, speeding up those builds to more similar performance as the build.sh/ninja/gyp system. (Bug 290526)
    SEED is now moved into a new freebl directory freebl/deprecated (Bug 1636389).
        SEED will be disabled by default in a future release of NSS. At that time, users will need to set the compile-time flag (Bug 1622033) to disable that deprecation in order to use the algorithm.
        Algorithms marked as deprecated will ultimately be removed.
    Several root certificates in the Mozilla program now set the CKA_NSS_SERVER_DISTRUST_AFTER attribute, which NSS consumers can query to further refine trust decisions. (Bug 1618404, Bug 1621159) If a builtin certificate has a CKA_NSS_SERVER_DISTRUST_AFTER timestamp before the  SCT or NotBefore date of a certificate that builtin issued, then clients can elect not to trust it.
        This attribute provides a more graceful phase-out for certificate authorities than complete removal from the root certificate builtin store.

Bugs fixed in NSS 3.53

    Bug 1640260 - Initialize PBE params (ASAN fix)
    Bug 1618404 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Symantec root certs
    Bug 1621159 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Consorci AOC, GRCA, and SK ID root certs
    Bug 1629414 - PPC64: Correct compilation error between VMX vs. VSX vector instructions
    Bug 1639033 - Fix various compile warnings in NSS
    Bug 1640041 - Fix a null pointer in security/nss/lib/ssl/sslencode.c:67
    Bug 1640042 - Fix a null pointer in security/nss/lib/ssl/sslsock.c:4460
    Bug 1638289 - Avoid multiple definitions of SHA{256,384,512}_* symbols when linking libfreeblpriv3.so in Firefox on ppc64le
    Bug 1636389 - Relocate deprecated SEED algorithm
    Bug 1637083 - lib/ckfw: No such file or directory. Stop.
    Bug 1561331 - Additional modular inverse test
    Bug 1629553 - Rework and cleanup gmake builds
    Bug 1438431 - Remove mkdepend and "depend" make target
    Bug 290526 - Support parallel building of NSS when using the Makefiles
    Bug 1636206 - HACL* update after changes in libintvector.h
    Bug 1636058 - Fix building NSS on Debian s390x, mips64el, and riscv64
    Bug 1622033 - Add option to build without SEED

comment:7 by Douglas R. Reno, 4 years ago

Resolution: fixed
Status: assignedclosed

comment:8 by Bruce Dubbs, 4 years ago

Milestone: 9.210,0

Milestone renamed

comment:9 by Bruce Dubbs, 4 years ago

Milestone: 10,010.0

Milestone renamed

Note: See TracTickets for help on using tickets.