Bug 1792135 - land NSS NSS_3_84_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,jschanck

Differential Revision: https://phabricator.services.mozilla.com/D159278

security/nss/TAG-INFO

@@ -1 +1 @@
-NSS_3_84_BETA1
+NSS_3_84_RTM

security/nss/coreconf/coreconf.dep

@@ -10,4 +10,3 @@
  */
 
 #error "Do not include this header file."
-

security/nss/doc/rst/nss_3_84.rst

@@ -0,0 +1,58 @@
+.. _mozilla_projects_nss_nss_3_84_release_notes:
+
+NSS 3.84 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.84 was released on **13 October 2022**.
+
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_84_RTM. NSS 3.84 requires NSPR 4.35 or newer.
+
+   NSS 3.84 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_84_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.84:
+
+`Changes in NSS 3.84 <#changes_in_nss_3.84>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1791699 - Bump minimum NSPR version to 4.35.
+   - Bug 1792103 - Add a flag to disable building libnssckbi.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.84 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).

security/nss/doc/rst/releases/index.rst

@@ -8,6 +8,7 @@ Releases
    :glob:
    :hidden:
 
+   nss_3_84.rst
    nss_3_83.rst
    nss_3_82.rst
    nss_3_81.rst
@@ -41,8 +42,8 @@ Releases
 
 .. note::
 
-   **NSS 3.83** is the latest version of NSS.
-   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_83_release_notes`
+   **NSS 3.84** is the latest version of NSS.
+   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_84_release_notes`
 
    **NSS 3.79.1** is the latest ESR version of NSS.
    Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_79_1_release_notes`
@@ -50,23 +51,7 @@ Releases
 
 .. container::
 
-   Changes in 3.83 included in this release:
+   Changes in 3.84 included in this release:
 
-   - Bug 1788875 - Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags
-   - Bug 1563221 - remove older oses that are unused part3/ BeOS
-   - Bug 1563221 - remove older unix support in NSS part 3 Irix
-   - Bug 1563221 - remove support for older unix in NSS part 2 DGUX
-   - Bug 1563221 - remove support for older unix in NSS part 1 OSF
-   - Bug 1778413 - Set nssckbi version number to 2.58
-   - Bug 1785297 - Add two SECOM root certificates to NSS
-   - Bug 1787075 - Add two DigitalSign root certificates to NSS
-   - Bug 1778412 - Remove Camerfirma Global Chambersign Root from NSS
-   - Bug 1771100 - Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test
-   - Bug 1779361 - Removed skipping of ECH on equality of private and public SNI server name
-   - Bug 1779357 - Added comment and bug reference to ECHRandomHRRExtension bogo test
-   - Bug 1779370 - Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR
-   - Bug 1779234 - Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing
-   - Bug 1771100 - Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo
-   - Bug 1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs
-   - Bug 1771100 - Update BoGo tests to recent BoringSSL version
-   - Bug 1785846 - Bump minimum NSPR version to 4.34.1
+   - Bug 1791699 - Bump minimum NSPR version to 4.35.
+   - Bug 1792103 - Add a flag to disable building libnssckbi.

security/nss/lib/nss/nss.h

@@ -22,12 +22,12 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION "3.84" _NSS_CUSTOMIZED " Beta"
+#define NSS_VERSION "3.84" _NSS_CUSTOMIZED
 #define NSS_VMAJOR 3
 #define NSS_VMINOR 84
 #define NSS_VPATCH 0
 #define NSS_VBUILD 0
-#define NSS_BETA PR_TRUE
+#define NSS_BETA PR_FALSE
 
 #ifndef RC_INVOKED
 

security/nss/lib/softoken/softkver.h

@@ -17,11 +17,11 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION "3.84" SOFTOKEN_ECC_STRING " Beta"
+#define SOFTOKEN_VERSION "3.84" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR 3
 #define SOFTOKEN_VMINOR 84
 #define SOFTOKEN_VPATCH 0
 #define SOFTOKEN_VBUILD 0
-#define SOFTOKEN_BETA PR_TRUE
+#define SOFTOKEN_BETA PR_FALSE
 
 #endif /* _SOFTKVER_H_ */

security/nss/lib/util/nssutil.h

@@ -19,12 +19,12 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION "3.84 Beta"
+#define NSSUTIL_VERSION "3.84"
 #define NSSUTIL_VMAJOR 3
 #define NSSUTIL_VMINOR 84
 #define NSSUTIL_VPATCH 0
 #define NSSUTIL_VBUILD 0
-#define NSSUTIL_BETA PR_TRUE
+#define NSSUTIL_BETA PR_FALSE
 
 SEC_BEGIN_PROTOS