Bug 1733374 - land NSS NSS_3_72_RTM UPGRADE_NSS_RELEASE, r=djackson

Differential Revision: https://phabricator.services.mozilla.com/D129793

security/nss/TAG-INFO

@@ -1 +1 @@
-NSS_3_72_BETA1
+NSS_3_72_RTM

security/nss/coreconf/coreconf.dep

@@ -10,3 +10,4 @@
  */
 
 #error "Do not include this header file."
+

security/nss/doc/rst/releases/index.rst

@@ -8,6 +8,8 @@ Releases
    :glob:
    :hidden:
 
+   nss_3_72.rst
+   nss_3_71.rst
    nss_3_70.rst
    nss_3_69_1.rst
    nss_3_69.rst
@@ -19,24 +21,16 @@ Releases
 
 .. note::
 
-   **NSS 3.70** is the latest version of NSS.
+   **NSS 3.72** is the latest version of NSS.
 
-   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_70_release_notes`
+   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_72_release_notes`
 
 .. container::
 
    Changes included in this release:
 
-   - Documentation: release notes for NSS 3.70.
+   - Documentation: release notes for NSS 3.72
-   - Documentation: release notes for NSS 3.69.1.
+   - Documentation: release notes for NSS 3.71
-   - Bug 1726022 - Update test case to verify fix.
+   - Remove newline at the end of coreconf.dep
-   - Bug 1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
+   - Bug 1731911 - Fix nsinstall parallel failure.
-   - Bug 1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
+   - Bug 1729930 - Increase KDF cache size to mitigate perf regression in about:logins.
-   - Formatting for lib/util
-   - Bug 1681975 - Avoid using a lookup table in nssb64d.
-   - Bug 1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
-   - Bug 1714579 Change default value of enableHelloDowngradeCheck to true.
-   - Formatting for gtests/pk11_gtest/pk11_hpke_unittest.cc
-   - Bug 1726022 Cache additional PBE entries.
-   - Bug 1709750 - Read HPKE vectors from official JSON.
-   - Documentation: update for NSS 3.69 release.

security/nss/doc/rst/releases/nss_3_71.rst

@@ -0,0 +1,63 @@
+.. _mozilla_projects_nss_nss_3_71_release_notes:
+
+NSS 3.71 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.71 was released on **30 September 2021**.
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_71_RTM. NSS 3.71 requires NSPR 4.32 or newer.
+
+   NSS 3.71 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_71_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.71:
+
+`Changes in NSS 3.71 <#changes_in_nss_3.71>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1717716 - Set nssckbi version number to 2.52.
+   - Bug 1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
+   - Bug 1373716 - Import of PKCS#12 files with Camellia encryption is not supported
+   - Bug 1717707 - Add HARICA Client ECC Root CA 2021.
+   - Bug 1717707 - Add HARICA Client RSA Root CA 2021.
+   - Bug 1717707 - Add HARICA TLS ECC Root CA 2021.
+   - Bug 1717707 - Add HARICA TLS RSA Root CA 2021.
+   - Bug 1728394 - Add TunTrust Root CA certificate to NSS.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.71 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).

security/nss/doc/rst/releases/nss_3_72.rst

@@ -0,0 +1,60 @@
+.. _mozilla_projects_nss_nss_3_72_release_notes:
+
+NSS 3.72 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.72 was released on **28 October 2021**.
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_72_RTM. NSS 3.72 requires NSPR 4.32 or newer.
+
+   NSS 3.72 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_72_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.72:
+
+`Changes in NSS 3.72 <#changes_in_nss_3.72>`__
+----------------------------------------------------
+
+.. container::
+
+   - Documentation: release notes for NSS 3.72
+   - Documentation: release notes for NSS 3.71
+   - Remove newline at the end of coreconf.dep
+   - Bug 1731911 - Fix nsinstall parallel failure.
+   - Bug 1729930 - Increase KDF cache size to mitigate perf regression in about:logins.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.72 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).

security/nss/lib/nss/nss.h

@@ -22,12 +22,12 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION "3.72" _NSS_CUSTOMIZED " Beta"
+#define NSS_VERSION "3.72" _NSS_CUSTOMIZED
 #define NSS_VMAJOR 3
 #define NSS_VMINOR 72
 #define NSS_VPATCH 0
 #define NSS_VBUILD 0
-#define NSS_BETA PR_TRUE
+#define NSS_BETA PR_FALSE
 
 #ifndef RC_INVOKED
 

security/nss/lib/softoken/softkver.h

@@ -17,11 +17,11 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION "3.72" SOFTOKEN_ECC_STRING " Beta"
+#define SOFTOKEN_VERSION "3.72" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR 3
 #define SOFTOKEN_VMINOR 72
 #define SOFTOKEN_VPATCH 0
 #define SOFTOKEN_VBUILD 0
-#define SOFTOKEN_BETA PR_TRUE
+#define SOFTOKEN_BETA PR_FALSE
 
 #endif /* _SOFTKVER_H_ */

security/nss/lib/util/nssutil.h

@@ -19,12 +19,12 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION "3.72 Beta"
+#define NSSUTIL_VERSION "3.72"
 #define NSSUTIL_VMAJOR 3
 #define NSSUTIL_VMINOR 72
 #define NSSUTIL_VPATCH 0
 #define NSSUTIL_VBUILD 0
-#define NSSUTIL_BETA PR_TRUE
+#define NSSUTIL_BETA PR_FALSE
 
 SEC_BEGIN_PROTOS