--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_114_BETA1
\ No newline at end of file
+NSS_3_114_RTM
\ No newline at end of file
--- a/security/nss/doc/rst/releases/index.rst
+++ b/security/nss/doc/rst/releases/index.rst
@@ -3,16 +3,17 @@
Release Notes
=============
.. toctree::
:maxdepth: 0
:glob:
:hidden:
+ nss_3_114.rst
nss_3_113.rst
nss_3_112.rst
nss_3_111.rst
nss_3_110.rst
nss_3_101_4.rst
nss_3_109.rst
nss_3_108.rst
nss_3_101_3.rst
@@ -82,29 +83,47 @@ Release Notes
nss_3_68.rst
nss_3_67.rst
nss_3_66.rst
nss_3_65.rst
nss_3_64.rst
.. note::
- **NSS 3.113** is the latest version of NSS.
- Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_113_release_notes`
+ **NSS 3.114** is the latest version of NSS.
+ Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_114_release_notes`
**NSS 3.101.4 (ESR)** is the latest ESR version of NSS.
Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_101_4_release_notes`
.. container::
- Changes in 3.113 included in this release:
+ Changes in 3.114 included in this release:
- - Bug 1963792 - Fix alias for mac workers on try.
- - Bug 198090 - Part 1: Use AES in the SDR (NSS) r=simonf,nss-reviewers,rrelyea
- - Bug 1968764 - Bump nssckbi version to 2.78.
- - Bug 1967548 - Turn off Websites Trust Bit for Chunghwa Telecom ePKI Root in FF 141.
- - Bug 1965556 - fix frame pointers in intel-gcm.s.
- - Bug 1971510 - Typo in release notes for NSS 101.4.
- - Bug 1968665 - Improve nss-release-helper.py.
- - Bug 1930800 - shlibsign is broken in System FIPS mode.
- - Bug 1954612 - Need up update NSS for PKCS 3.1: Move IPSEC to 3.1
- - Bug 1965327 - PKCS #11 v3.2 header files.
- - Bug 1954612 - Need up update NSS for PKCS 3.1: Move IPSEC to 3.1
+ - Bug 1977376 - NSS 3.114 source distribution should include NSPR 4.37.
+ - Bug 1970079 - Prevent leaks during pkcs12 decoding.
+ - Bug 1953731 - Remove redundant assert in p7local.c.
+ - Bug 1974515 - Bump nssckbi version to 2.80.
+ - Bug 1961848 - Remove expired Baltimore CyberTrust Root.
+ - Bug 1972391 - Add TrustAsia Dedicated Roots to NSS.
+ - Bug 1974511 - Add SwissSign 2022 Roots to NSS.
+ - Bug 1836559 - Add backwards compatibility for CK_PKCS5_PBKD2_PARAMS.
+ - Bug 1965328 - Implement PKCS #11 v3.2 trust objects in softoken.
+ - Bug 1965328 - Implement PKCS #11 v3.2 trust objects - nss proper.
+ - Bug 1974331 - remove dead code in ssl3con.c.
+ - Bug 1934867 - DTLS (excl DTLS1.3) Changing Holddown timer logic.
+ - Bug 1974299 - Bump nssckbi version to 2.79.
+ - Bug 1967826 - remove unneccessary assertion.
+ - Bug 1948485 - Update mechanisms for Softoken PCT.
+ - Bug 1974299 - convert Chunghwa Telecom ePKI Root removal to a distrust after.
+ - Bug 1973925 - Ensure ssl_HaveRecvBufLock and friends respect opt.noLocks.
+ - Bug 1973930 - use -O2 for asan build.
+ - Bug 1973187 - Fix leaking locks when toggling SSL_NO_LOCKS.
+ - Bug 1973105 - remove out-of-function semicolon.
+ - Bug 1963009 - Extend pkcs8 fuzz target.
+ - Bug 1963008 - Extend pkcs7 fuzz target.
+ - Bug 1908763 - Remove unused assignment to pageno.
+ - Bug 1908762 - Remove unused assignment to nextChunk.
+ - Bug 1973490 - don't run commands as part of shell `local` declarations.
+ - Bug 1973490 - fix sanitizer setup.
+ - Bug 1973187 - don't silence ssl_gtests output when running with code coverage.
+ - Bug 1967411 - Release docs and housekeeping.
+ - Bug 1972768 - migrate to new linux tester pool
new file mode 100644
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_114.rst
@@ -0,0 +1,62 @@
+.. _mozilla_projects_nss_nss_3_114_release_notes:
+
+NSS 3.114 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+ Network Security Services (NSS) 3.114 was released on *19 June 2025**.
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+ The HG tag is NSS_3_114_RTM. NSS 3.114 requires NSPR 4.36 or newer. The latest version of NSPR is 4.37.
+
+ NSS 3.114 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+ - Source tarballs:
+ https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_114_RTM/src/
+
+ Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.114:
+
+`Changes in NSS 3.114 <#changes_in_nss_3.114>`__
+------------------------------------------------------------------
+
+.. container::
+
+ - Bug 1977376 - NSS 3.114 source distribution should include NSPR 4.37.
+ - Bug 1970079 - Prevent leaks during pkcs12 decoding.
+ - Bug 1953731 - Remove redundant assert in p7local.c.
+ - Bug 1974515 - Bump nssckbi version to 2.80.
+ - Bug 1961848 - Remove expired Baltimore CyberTrust Root.
+ - Bug 1972391 - Add TrustAsia Dedicated Roots to NSS.
+ - Bug 1974511 - Add SwissSign 2022 Roots to NSS.
+ - Bug 1836559 - Add backwards compatibility for CK_PKCS5_PBKD2_PARAMS.
+ - Bug 1965328 - Implement PKCS #11 v3.2 trust objects in softoken.
+ - Bug 1965328 - Implement PKCS #11 v3.2 trust objects - nss proper.
+ - Bug 1974331 - remove dead code in ssl3con.c.
+ - Bug 1934867 - DTLS (excl DTLS1.3) Changing Holddown timer logic.
+ - Bug 1974299 - Bump nssckbi version to 2.79.
+ - Bug 1967826 - remove unneccessary assertion.
+ - Bug 1948485 - Update mechanisms for Softoken PCT.
+ - Bug 1974299 - convert Chunghwa Telecom ePKI Root removal to a distrust after.
+ - Bug 1973925 - Ensure ssl_HaveRecvBufLock and friends respect opt.noLocks.
+ - Bug 1973930 - use -O2 for asan build.
+ - Bug 1973187 - Fix leaking locks when toggling SSL_NO_LOCKS.
+ - Bug 1973105 - remove out-of-function semicolon.
+ - Bug 1963009 - Extend pkcs8 fuzz target.
+ - Bug 1963008 - Extend pkcs7 fuzz target.
+ - Bug 1908763 - Remove unused assignment to pageno.
+ - Bug 1908762 - Remove unused assignment to nextChunk.
+ - Bug 1973490 - don't run commands as part of shell `local` declarations.
+ - Bug 1973490 - fix sanitizer setup.
+ - Bug 1973187 - don't silence ssl_gtests output when running with code coverage.
+ - Bug 1967411 - Release docs and housekeeping.
+ - Bug 1972768 - migrate to new linux tester pool
--- a/security/nss/moz.yaml
+++ b/security/nss/moz.yaml
@@ -4,18 +4,18 @@ bugzilla:
product: Core
component: "Security: PSM"
origin:
name: NSS
description: nss
url: https://hg-edge.mozilla.org/projects/nss
- release: 0928fb4442848566088359cc76cc8ee5c452ef88 (2025-07-15T17:02:05Z).
- revision: 0928fb4442848566088359cc76cc8ee5c452ef88
+ release: 9b25114ee84b732c70e0915ff9bcd0fa6f1cb433 (2025-07-17T20:31:27Z).
+ revision: 9b25114ee84b732c70e0915ff9bcd0fa6f1cb433
license: MPL-2.0
license-file: COPYING
vendoring:
url: https://github.com/nss-dev/nss
source-hosting: github
vendor-directory: security/nss/
@@ -33,9 +33,9 @@ vendoring:
updatebot:
maintainer-phab: "#nss-reviewers"
maintainer-bz: jschanck@mozilla.com
tasks:
- type: vendoring
enabled: true
frequency: 1 week
- blocking: 1973049
+ blocking: 1978341