From 16cc08ad06ef9c4d7ddb30dadf90a88ee0651a74 Mon Sep 17 00:00:00 2001
From: Martin Thomson <mt@lowentropy.net>
Date: Mon, 9 Aug 2021 11:02:49 +1000
Subject: Documentation: update for NSS 3.69 release

---
 doc/rst/releases/index.rst    | 26 +++++++++---------
 doc/rst/releases/nss_3_69.rst | 64 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 77 insertions(+), 13 deletions(-)
 create mode 100644 doc/rst/releases/nss_3_69.rst

(limited to 'doc/rst')

diff --git a/doc/rst/releases/index.rst b/doc/rst/releases/index.rst
index 03b849ed4..ed666a86a 100644
--- a/doc/rst/releases/index.rst
+++ b/doc/rst/releases/index.rst
@@ -8,6 +8,7 @@ Releases
    :glob:
    :hidden:
 
+   nss_3_69.rst
    nss_3_68.rst
    nss_3_67.rst
    nss_3_66.rst
@@ -16,22 +17,21 @@ Releases
 
 .. note::
 
-   **NSS 3.68** is the latest version of NSS.
+   **NSS 3.69** is the latest version of NSS.
 
-   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_68_release_notes`
+   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_69_release_notes`
 
 .. container::
 
    Changes included in this release:
 
-   -  Bug 1709654 - Update for NetBSD configuration.
-   -  Bug 1709750 - Disable HPKE test when fuzzing.
-   -  Bug 1566124 - Optimize AES-GCM for ppc64le.
-   -  Bug 1699021 - Add AES-256-GCM to HPKE.
-   -  Bug 1698419 - ECH -10 updates.
-   -  Bug 1692930 - Update HPKE to final version.
-   -  Bug 1707130 - NSS should use modern algorithms in PKCS#12 files by default.
-   -  Bug 1703936 - New coverity/cpp scanner errors.
-   -  Bug 1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
-   -  Bug 1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
-   -  Bug 1705119 - Deadlock when using GCM and non-thread safe tokens.
+   - Bug 1722613 - Disable DTLS 1.0 and 1.1 by default
+   - Bug 1720226 - integrity checks in key4.db not happening on private components with AES_CBC
+   - Bug 1720235 - SSL handling of signature algorithms ignores environmental invalid algorithms.
+   - Bug 1721476 - sqlite 3.34 changed it's open semantics, causing nss failures.
+   - Bug 1720230 - Gtest update changed the gtest reports, losing gtest details in all.sh reports.
+   - Bug 1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
+   - Bug 1720232 - SQLite calls could timeout in starvation situations.
+   - Bug 1720225 - Coverity/cpp scanner errors found in nss 3.67
+   - Bug 1709817 - Import the NSS documentation from MDN in nss/doc.
+   - Bug 1720227 - NSS using a tempdir to measure sql performance not active
diff --git a/doc/rst/releases/nss_3_69.rst b/doc/rst/releases/nss_3_69.rst
new file mode 100644
index 000000000..cbaa8f05f
--- /dev/null
+++ b/doc/rst/releases/nss_3_69.rst
@@ -0,0 +1,64 @@
+.. _mozilla_projects_nss_nss_3_69_release_notes:
+
+NSS 3.69 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.69 was released on **5 August 2021**.
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_69_RTM. NSS 3.69 requires NSPR 4.32 or newer.
+
+   NSS 3.69 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_69_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _bugs_fixed_in_nss_3.69:
+
+`Bugs fixed in NSS 3.69 <#bugs_fixed_in_nss_3.69>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1722613 - Disable DTLS 1.0 and 1.1 by default
+   - Bug 1720226 - integrity checks in key4.db not happening on private components with AES_CBC
+   - Bug 1720235 - SSL handling of signature algorithms ignores environmental invalid algorithms.
+   - Bug 1721476 - sqlite 3.34 changed it's open semantics, causing nss failures.
+   - Bug 1720230 - Gtest update changed the gtest reports, losing gtest details in all.sh reports.
+   - Bug 1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
+   - Bug 1720232 - SQLite calls could timeout in starvation situations.
+   - Bug 1720225 - Coverity/cpp scanner errors found in nss 3.67
+   - Bug 1709817 - Import the NSS documentation from MDN in nss/doc.
+   - Bug 1720227 - NSS using a tempdir to measure sql performance not active
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.69 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A
+   program linked with older NSS 3.x shared libraries will work with NSS 3.69 shared libraries
+   without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
+   to the functions listed in NSS Public Functions will remain compatible with future versions of
+   the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
-- 
cgit v1.2.1