Release notes for NSS 3.76

2 files changed, 73 insertions, 33 deletions

diff --git a/doc/rst/releases/index.rst b/doc/rst/releases/index.rst
index 022564df4..c405f07bd 100644
--- a/doc/rst/releases/index.rst
+++ b/doc/rst/releases/index.rst
@@ -8,6 +8,7 @@ Releases
    :glob:
    :hidden:
 
+   nns_3_76.rst
    nss_3_75.rst
    nss_3_74.rst
    nss_3_68_2.rst
@@ -29,8 +30,8 @@ Releases
 
 .. note::
 
-   **NSS 3.75** is the latest version of NSS.
-   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_75_release_notes`
+   **NSS 3.76** is the latest version of NSS.
+   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_76_release_notes`
 
    **NSS 3.68.2** is the latest LTS version of NSS.
    Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_68_2_release_notes`
@@ -38,36 +39,12 @@ Releases
 
 .. container::
 
-   Changes in 3.75 included in this release:
+   Changes in 3.76 included in this release:
 
-   - Bug 1749030 - This patch adds gcc-9 and gcc-10 to the CI.
-   - Bug 1749794 - Make DottedOIDToCode.py compatible with python3.
-   - Bug 1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
-   - Bug 1748386 - Remove redundant key type check.
-   - Bug 1749869 - Update ABI expectations to match ECH changes.
-   - Bug 1748386 - Enable CKM_CHACHA20.
-   - Bug 1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
-   - Bug 1747310 - real move assignment operator.
-   - Bug 1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
-   - Bug 1743302 - Add ECDSA test vectors to the bltest command line tool.
-   - Bug 1747772 - Allow to build using clang's integrated assembler.
-   - Bug 1321398 - Allow to override python for the build.
-   - Bug 1747317 - test HKDF output rather than input.
-   - Bug 1747316 - Use ASSERT macros to end failed tests early.
-   - Bug 1747310 - move assignment operator for DataBuffer.
-   - Bug 1712879 - Add test cases for ECH compression and unexpected extensions in SH.
-   - Bug 1725938 - Update tests for ECH-13.
-   - Bug 1725938 - Tidy up error handling.
-   - Bug 1728281 - Add tests for ECH HRR Changes.
-   - Bug 1728281 - Server only sends GREASE HRR extension if enabled by preference.
-   - Bug 1725938 - Update generation of the Associated Data for ECH-13.
-   - Bug 1712879 - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello.
-   - Bug 1712879 - Allow for compressed, non-contiguous, extensions.
-   - Bug 1712879 - Scramble the PSK extension in CHOuter.
-   - Bug 1712647 - Split custom extension handling for ECH.
-   - Bug 1728281 - Add ECH-13 HRR Handling.
-   - Bug 1677181 - Client side ECH padding.
-   - Bug 1725938 - Stricter ClientHelloInner Decompression.
-   - Bug 1725938 - Remove ECH_inner extension, use new enum format.
-   - Bug 1725938 - Update the version number for ECH-13 and adjust the ECHConfig size.
+   - Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. r=rrelyea 
+   - Bug 1370866 - Check return value of PK11Slot_GetNSSToken. r=djackson 
+   - Bug 1747957 - Use Wycheproof JSON for RSASSA-PSS, r=nss-reviewers,bbeurdouche 
+   - Bug 1679803 - Add SHA256 fingerprint comments to old certdata.txt entries. r=nss-reviewers,bbeurdouche
+   - Bug 1753505 - Avoid truncating files in nss-release-helper.py. r=bbeurdouche
+   - Bug 1751157 - Throw illegal_parameter alert for illegal extensions in handshake message. r=djackson
 
diff --git a/doc/rst/releases/nss_3_76.rst b/doc/rst/releases/nss_3_76.rst
new file mode 100644
index 000000000..4ada19ee7
--- /dev/null
+++ b/doc/rst/releases/nss_3_76.rst
@@ -0,0 +1,63 @@
+.. _mozilla_projects_nss_nss_3_76_release_notes:
+
+NSS 3.76 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.76 was released on **3 March 2022**.
+
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_76_RTM. NSS 3.76 requires NSPR 4.32 or newer.
+
+   NSS 3.76 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_76_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.76:
+
+`Changes in NSS 3.76 <#changes_in_nss_3.76>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. r=rrelyea 
+   - Bug 1370866 - Check return value of PK11Slot_GetNSSToken. r=djackson 
+   - Bug 1747957 - Use Wycheproof JSON for RSASSA-PSS, r=nss-reviewers,bbeurdouche 
+   - Bug 1679803 - Add SHA256 fingerprint comments to old certdata.txt entries. r=nss-reviewers,bbeurdouche
+   - Bug 1753505 - Avoid truncating files in nss-release-helper.py. r=bbeurdouche
+   - Bug 1751157 - Throw illegal_parameter alert for illegal extensions in handshake message. r=djackson
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.76 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).