RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2211937 - Rebase NSS to 3.90 for Firefox 115 ESR [rhel-9.2.0.z]
Summary: Rebase NSS to 3.90 for Firefox 115 ESR [rhel-9.2.0.z]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: nss
Version: 9.2
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Bob Relyea
QA Contact: Alexander Sosedkin
URL:
Whiteboard:
: 2122724 (view as bug list)
Depends On: 2211855
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-06-02 16:08 UTC by RHEL Program Management Team
Modified: 2023-09-12 10:13 UTC (History)
4 users (show)

Fixed In Version: nss-3.90.0-1.el9_2
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Rebase package(s) to version: NSS 3.90 Highlights, important fixes, or notable enhancements: Fixes that may have customer impact since the last rebase: Mozilla Bug 1820175 - PR_STATIC_ASSERT is cursed. Mozilla Bug 1767883 - Need to add policy control to keys lengths for signatures. Mozilla Bug 1820175 - Fix unreachable code warning in fuzz builds. Mozilla Bug 1820175 - Fix various compiler warnings in NSS. Mozilla Bug 1815136 - set PORT error after sftk_HMACCmp failure. Mozilla Bug 1804662 - remove data length assertion in sec_PKCS7Decrypt. Mozilla Bug 1804660 - Make high tag number assertion failure an error. Mozilla Bug 1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384. Mozilla Bug 1815167 - Tolerate certificate_authorities xtn in ClientHello. Mozilla Bug 1804640 - improve handling of unknown PKCS#12 safe bag types. Mozilla Bug 1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag. Mozilla Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests Mozilla Bug 1771100 - Added EarlyData ALPN test support to BoGo shim. Mozilla Bug 1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm. Mozilla Bug 1804091 NSS needs to move off of DSA for integrity checks Mozilla Bug 1803226 - NULL password encoding incorrect. Mozilla Bug 1804071 - Fix rng stub signature for fuzzing builds. Mozilla Bug 1774654 tstclnt crashes when accessing gnutls server without a user cert in the database. Mozilla Bug 1751705 - Update ECCKiila generated files. Mozilla Bug 1798823 - add checks for zero-length RSA modulus to avoid memory errors and failed assertions later. Mozilla Bug 1798823 - Additional zero-length RSA modulus checks. Mozilla Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates. Mozilla Bug 1799315 - Migrate nss from AWS to GCP. Mozilla Bug 1783231 - Initialising variables in the rsa blinding code. Mozilla Bug 320582 - Implementation of the double-signing of the message for ECDSA. Mozilla Bug 1783231 - Adding exponent blinding for RSA. Mozilla Bug 1735028 - Check for missing signedData field. Mozilla Bug 1737470 - Ensure DER encoded signatures are within size limits. Mozilla Bug 1792821 - Modification of the primes.c and dhe-params.c in order to have better looking tables. Mozilla Bug 1796407 - Fix -Wunused-but-set-variable warning from clang 15. Mozilla Bug 1796308 - Fix -Wtautological-constant-out-of-range-compare and -Wtype-limits warnings. Mozilla Bug 1796281 - Fix -Wint-to-void-pointer-cast warnings. Mozilla Bug 1796280 - Fix -Wunused-{function,variable,but-set-variable} warnings on Windows. Mozilla Bug 1796079 - Fix -Wstring-conversion warnings. Mozilla Bug 1796075 - Fix -Wempty-body warnings. Mozilla Bug 1795242 - Fix unused-but-set-parameter warning. Mozilla Bug 1795241 - Fix unreachable-code warnings. Mozilla Bug 1795668 - Remove redundant variable definitions in lowhashtest. Mozilla Bug 1788875 - Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags Mozilla Bug 1779370 - Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR Mozilla Bug 1771100 - Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo Mozilla Bug 1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmationMozilla Bugs Mozilla Bug 1330271 - check for null template in sec_asn1{d,e}_push_state Mozilla Bug 1735925 - QuickDER: Forbid NULL tags with non-zero length Mozilla Bug 1784724 - Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite Mozilla Bug 1681099 - pk11wrap: Tighten certificate lookup based on PKCS #11 URI Mozilla Bug 1775359 - make NSS_SecureMemcmp 0/1 valued. Mozilla Bug 1779285: Add no_application_protocol alert handler and test client error code is set. Mozilla Bug 1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. Mozilla Bug 1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. Mozilla Bug 1617956 - Add support for asynchronous client auth hooks. Mozilla Bug 1497537 - nss-policy-check: make unknown keyword check optional. Mozilla Bug 1765383 - GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. Mozilla Bug 1759794 - Protect SFTKSlot needLogin with slotLock. Mozilla Bug 1366464 - Compare signature and signatureAlgorithm fields in legacy certificate verifier. Mozilla Bug 1771497 - Uninitialized value in cert_VerifyCertChainOld. Mozilla Bug 1771495 - Unchecked return code in sec_DecodeSigAlg. Mozilla Bug 1771498 - Uninitialized value in cert_ComputeCertType. Mozilla Bug 1760998 - Avoid data race on primary password change. Mozilla Bug 1769063 - Replace ppc64 dcbzl intrinisic. Mozilla Bug 1735028 - Check for missing signedData field. Mozilla Bug 1737470 - Ensure DER encoded signatures are within size limits. Mozilla Bug 1729550 - NSS needs FiPS 140-3 version indicators. Mozilla Bug 1692132 - pkix_CacheCert_Lookup doesn’t return cached certs. Mozilla Bug 1729930 - Increase KDF cache size to mitigate perf regression in about:logins.
Clone Of: 2211855
Environment:
Last Closed: 2023-09-12 10:13:17 UTC
Type: ---
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker CRYPTO-10819 0 None None None 2023-06-02 16:18:32 UTC
Red Hat Issue Tracker RHELPLAN-158877 0 None None None 2023-06-02 16:18:40 UTC
Red Hat Product Errata RHEA-2023:5072 0 None None None 2023-09-12 10:13:20 UTC

Comment 4 Alexander Sosedkin 2023-08-10 14:17:00 UTC
*** Bug 2122724 has been marked as a duplicate of this bug. ***

Comment 8 errata-xmlrpc 2023-09-12 10:13:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (nss bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:5072


Note You need to log in before you can comment on or make changes to this bug.