Release notes for NSS 3.77

2 files changed, 122 insertions, 12 deletions

diff --git a/doc/rst/releases/index.rst b/doc/rst/releases/index.rst
index c405f07bd..5a23443ab 100644
--- a/doc/rst/releases/index.rst
+++ b/doc/rst/releases/index.rst
@@ -8,10 +8,11 @@ Releases
    :glob:
    :hidden:
 
+   nns_3_77.rst
+   nns_3_76_1.rst
    nns_3_76.rst
    nss_3_75.rst
    nss_3_74.rst
-   nss_3_68_2.rst
    nss_3_73_1.rst
    nss_3_73.rst
    nss_3_72_1.rst
@@ -20,6 +21,7 @@ Releases
    nss_3_70.rst
    nss_3_69_1.rst
    nss_3_69.rst
+   nss_3_68_3.rst
    nss_3_68_2.rst
    nss_3_68_1.rst
    nss_3_68.rst
@@ -30,21 +32,37 @@ Releases
 
 .. note::
 
-   **NSS 3.76** is the latest version of NSS.
-   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_76_release_notes`
+   **NSS 3.77** is the latest version of NSS.
+   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_77_release_notes`
 
-   **NSS 3.68.2** is the latest LTS version of NSS.
-   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_68_2_release_notes`
+   **NSS 3.68.3** is the latest LTS version of NSS.
+   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_68_3_release_notes`
 
 
 .. container::
 
-   Changes in 3.76 included in this release:
+   Changes in 3.77 included in this release:
 
-   - Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. r=rrelyea 
-   - Bug 1370866 - Check return value of PK11Slot_GetNSSToken. r=djackson 
-   - Bug 1747957 - Use Wycheproof JSON for RSASSA-PSS, r=nss-reviewers,bbeurdouche 
-   - Bug 1679803 - Add SHA256 fingerprint comments to old certdata.txt entries. r=nss-reviewers,bbeurdouche
-   - Bug 1753505 - Avoid truncating files in nss-release-helper.py. r=bbeurdouche
-   - Bug 1751157 - Throw illegal_parameter alert for illegal extensions in handshake message. r=djackson
+   - Bug 1762244 - resolve mpitests build failure on Windows.
+   - Bug 1761779 - Fix link to TLS page on wireshark wiki
+   - Bug 1754890 - Add two D-TRUST 2020 root certificates.
+   - Bug 1751298 - Add Telia Root CA v2 root certificate.
+   - Bug 1751305 - Remove expired explicitly distrusted certificates from certdata.txt.
+   - Bug 1005084 - support specific RSA-PSS parameters in mozilla::pkix
+   - Bug 1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
+   - Bug 1756271 - Remove token member from NSSSlot struct.
+   - Bug 1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
+   - Bug 1757279 - Support UTF-8 library path in the module spec string.
+   - Bug 1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
+   - Bug 1760827 - Add a CI Target for gcc-11.
+   - Bug 1760828 - Change to makefiles for gcc-4.8.
+   - Bug 1741688 - Update googletest to 1.11.0
+   - Bug 1759525 - Add SetTls13GreaseEchSize to experimental API.
+   - Bug 1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
+   - Bug 1755904 - Fix calculation of ECH HRR Transcript.
+   - Bug 1758741 - Allow ld path to be set as environment variable.
+   - Bug 1760653 - Ensure we don't read uninitialized memory in ssl gtests.
+   - Bug 1758478 - Fix DataBuffer Move Assignment.
+   - Bug 1552254 - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
+   - Bug 1755092 - rework signature verification in mozilla::pkix
 
diff --git a/doc/rst/releases/nss_3_77.rst b/doc/rst/releases/nss_3_77.rst
new file mode 100644
index 000000000..1e8513468
--- /dev/null
+++ b/doc/rst/releases/nss_3_77.rst
@@ -0,0 +1,92 @@
+.. _mozilla_projects_nss_nss_3_77_release_notes:
+
+NSS 3.77 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.77 was released on **31 March 2022**.
+
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_77_RTM. NSS 3.77 requires NSPR 4.32 or newer.
+
+   NSS 3.77 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_77_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.77:
+
+`Changes in NSS 3.77 <#changes_in_nss_3.77>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1762244 - resolve mpitests build failure on Windows.
+   - Bug 1761779 - Fix link to TLS page on wireshark wiki
+   - Bug 1754890 - Add two D-TRUST 2020 root certificates.
+   - Bug 1751298 - Add Telia Root CA v2 root certificate.
+   - Bug 1751305 - Remove expired explicitly distrusted certificates from certdata.txt.
+   - Bug 1005084 - support specific RSA-PSS parameters in mozilla::pkix
+   - Bug 1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
+   - Bug 1756271 - Remove token member from NSSSlot struct.
+   - Bug 1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
+   - Bug 1757279 - Support UTF-8 library path in the module spec string.
+   - Bug 1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
+   - Bug 1760827 - Add a CI Target for gcc-11.
+   - Bug 1760828 - Change to makefiles for gcc-4.8.
+   - Bug 1741688 - Update googletest to 1.11.0
+   - Bug 1759525 - Add SetTls13GreaseEchSize to experimental API.
+   - Bug 1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
+   - Bug 1755904 - Fix calculation of ECH HRR Transcript.
+   - Bug 1758741 - Allow ld path to be set as environment variable.
+   - Bug 1760653 - Ensure we don't read uninitialized memory in ssl gtests.
+   - Bug 1758478 - Fix DataBuffer Move Assignment.
+   - Bug 1552254 - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
+   - Bug 1755092 - rework signature verification in mozilla::pkix
+
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.77 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
+
+`Notes <#notes>`__
+------------------
+
+.. container::
+
+   For users upgrading from NSS < 3.76.1 or NSS < 3.68.3, this release improves
+   the stability of NSS when used in a multi-threaded environment. In
+   particular, it fixes memory safety violations that can occur when PKCS#11
+   tokens are removed while in use (CVE-2022-1097). We presume that with enough
+   effort these memory safety violations are exploitable.
+