From ca8068169a3ecede482d37712b1ce1ae35cd140d Mon Sep 17 00:00:00 2001
From: "John M. Schanck" <jschanck@mozilla.com>
Date: Fri, 25 Mar 2022 12:55:55 -0700
Subject: Release notes for NSS 3.68.3

---
 doc/rst/releases/nss_3_68_3.rst | 72 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 doc/rst/releases/nss_3_68_3.rst

(limited to 'doc')

diff --git a/doc/rst/releases/nss_3_68_3.rst b/doc/rst/releases/nss_3_68_3.rst
new file mode 100644
index 000000000..f33f3b495
--- /dev/null
+++ b/doc/rst/releases/nss_3_68_3.rst
@@ -0,0 +1,72 @@
+.. _mozilla_projects_nss_nss_3_68_3_release_notes:
+
+NSS 3.68.3 (ESR) release notes
+==============================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.68.3 (ESR) was released on **28 March 2022**.
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_68_3_RTM. NSS 3.68.3 requires NSPR 4.32 or newer.
+
+   NSS 3.68.3 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_3_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.68.3:
+
+`Changes in NSS 3.68.3 <#changes_in_nss_3.68.3>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1756271 - Remove token member from NSSSlot struct.
+   - Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots.
+   - Bug 1370866 - Check return value of PK11Slot_GetNSSToken.
+
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.68.3 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
+
+
+`Notes <#notes>`__
+------------------
+
+.. container::
+
+   This release improves the stability of NSS when used in a multi-threaded
+   environment. In particular, it fixes memory safety violations that can occur
+   when PKCS#11 tokens are removed while in use (CVE-2022-1097). We presume
+   that with enough effort these memory safety violations are exploitable.
+
-- 
cgit v1.2.1