Bug 1973049 - upgrade NSS to NSS_3_114_RTM. a=diannaS UPGRADE_NSS_RELEASE default tip
authorJohn M. Schanck <jschanck@mozilla.com>
Tue, 22 Jul 2025 17:28:56 +0000 (3 hours ago)
changeset 877510 f2faaf8f8f8ad5a7e3cb1c1b378b1a1f33c446df
parent 877509 3ffda748dbeff88addb3cfcfd06e48e071d79b32
push id22604
push userdsmith@mozilla.com
push dateTue, 22 Jul 2025 17:32:51 +0000 (3 hours ago)
treeherdermozilla-beta@f2faaf8f8f8a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
git commit5405d5c3a6b460420d1f66dcfde3c6a6802a2aa1
reviewersdiannaS
bugs1973049
milestone142.0
Bug 1973049 - upgrade NSS to NSS_3_114_RTM. a=diannaS UPGRADE_NSS_RELEASE Original Revision: https://phabricator.services.mozilla.com/D258017 Differential Revision: https://phabricator.services.mozilla.com/D258020
security/nss/TAG-INFO
security/nss/doc/rst/releases/index.rst
security/nss/doc/rst/releases/nss_3_114.rst
security/nss/moz.yaml
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_114_BETA1
\ No newline at end of file
+NSS_3_114_RTM
\ No newline at end of file
--- a/security/nss/doc/rst/releases/index.rst
+++ b/security/nss/doc/rst/releases/index.rst
@@ -3,16 +3,17 @@
 Release Notes
 =============
 
 .. toctree::
    :maxdepth: 0
    :glob:
    :hidden:
 
+   nss_3_114.rst
    nss_3_113.rst
    nss_3_112.rst
    nss_3_111.rst
    nss_3_110.rst
    nss_3_101_4.rst
    nss_3_109.rst
    nss_3_108.rst
    nss_3_101_3.rst
@@ -82,29 +83,47 @@ Release Notes
    nss_3_68.rst
    nss_3_67.rst
    nss_3_66.rst
    nss_3_65.rst
    nss_3_64.rst
 
 .. note::
 
-   **NSS 3.113** is the latest version of NSS.
-   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_113_release_notes`
+   **NSS 3.114** is the latest version of NSS.
+   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_114_release_notes`
 
    **NSS 3.101.4 (ESR)** is the latest ESR version of NSS.
    Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_101_4_release_notes`
 
 .. container::
 
-   Changes in 3.113 included in this release:
+   Changes in 3.114 included in this release:
 
-   - Bug 1963792 - Fix alias for mac workers on try.
-   - Bug 198090  - Part 1: Use AES in the SDR (NSS) r=simonf,nss-reviewers,rrelyea
-   - Bug 1968764 - Bump nssckbi version to 2.78. 
-   - Bug 1967548 - Turn off Websites Trust Bit for Chunghwa Telecom ePKI Root in FF 141.
-   - Bug 1965556 - fix frame pointers in intel-gcm.s.
-   - Bug 1971510 - Typo in release notes for NSS 101.4.
-   - Bug 1968665 - Improve nss-release-helper.py.
-   - Bug 1930800 - shlibsign is broken in System FIPS mode.
-   - Bug 1954612 - Need up update NSS for PKCS 3.1: Move IPSEC to 3.1
-   - Bug 1965327 - PKCS #11 v3.2 header files.
-   - Bug 1954612 - Need up update NSS for PKCS 3.1: Move IPSEC to 3.1
+   - Bug 1977376 - NSS 3.114 source distribution should include NSPR 4.37.
+   - Bug 1970079 - Prevent leaks during pkcs12 decoding.
+   - Bug 1953731 - Remove redundant assert in p7local.c.
+   - Bug 1974515 - Bump nssckbi version to 2.80.
+   - Bug 1961848 - Remove expired Baltimore CyberTrust Root.
+   - Bug 1972391 - Add TrustAsia Dedicated Roots to NSS.
+   - Bug 1974511 - Add SwissSign 2022 Roots to NSS.
+   - Bug 1836559 - Add backwards compatibility for CK_PKCS5_PBKD2_PARAMS.
+   - Bug 1965328 - Implement PKCS #11 v3.2 trust objects in softoken.
+   - Bug 1965328 - Implement PKCS #11 v3.2 trust objects - nss proper.
+   - Bug 1974331 - remove dead code in ssl3con.c.
+   - Bug 1934867 - DTLS (excl DTLS1.3) Changing Holddown timer logic.
+   - Bug 1974299 - Bump nssckbi version to 2.79.
+   - Bug 1967826 - remove unneccessary assertion.
+   - Bug 1948485 - Update mechanisms for Softoken PCT.
+   - Bug 1974299 - convert Chunghwa Telecom ePKI Root removal to a distrust after.
+   - Bug 1973925 - Ensure ssl_HaveRecvBufLock and friends respect opt.noLocks.
+   - Bug 1973930 - use -O2 for asan build.
+   - Bug 1973187 - Fix leaking locks when toggling SSL_NO_LOCKS.
+   - Bug 1973105 - remove out-of-function semicolon.
+   - Bug 1963009 - Extend pkcs8 fuzz target.
+   - Bug 1963008 - Extend pkcs7 fuzz target.
+   - Bug 1908763 - Remove unused assignment to pageno.
+   - Bug 1908762 - Remove unused assignment to nextChunk.
+   - Bug 1973490 - don't run commands as part of shell `local` declarations.
+   - Bug 1973490 - fix sanitizer setup.
+   - Bug 1973187 - don't silence ssl_gtests output when running with code coverage.
+   - Bug 1967411 - Release docs and housekeeping.
+   - Bug 1972768 - migrate to new linux tester pool
new file mode 100644
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_114.rst
@@ -0,0 +1,62 @@
+.. _mozilla_projects_nss_nss_3_114_release_notes:
+
+NSS 3.114 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.114 was released on *19 June 2025**.
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_114_RTM. NSS 3.114 requires NSPR 4.36 or newer. The latest version of NSPR is 4.37.
+
+   NSS 3.114 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_114_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.114:
+
+`Changes in NSS 3.114 <#changes_in_nss_3.114>`__
+------------------------------------------------------------------
+
+.. container::
+
+   - Bug 1977376 - NSS 3.114 source distribution should include NSPR 4.37.
+   - Bug 1970079 - Prevent leaks during pkcs12 decoding.
+   - Bug 1953731 - Remove redundant assert in p7local.c.
+   - Bug 1974515 - Bump nssckbi version to 2.80.
+   - Bug 1961848 - Remove expired Baltimore CyberTrust Root.
+   - Bug 1972391 - Add TrustAsia Dedicated Roots to NSS.
+   - Bug 1974511 - Add SwissSign 2022 Roots to NSS.
+   - Bug 1836559 - Add backwards compatibility for CK_PKCS5_PBKD2_PARAMS.
+   - Bug 1965328 - Implement PKCS #11 v3.2 trust objects in softoken.
+   - Bug 1965328 - Implement PKCS #11 v3.2 trust objects - nss proper.
+   - Bug 1974331 - remove dead code in ssl3con.c.
+   - Bug 1934867 - DTLS (excl DTLS1.3) Changing Holddown timer logic.
+   - Bug 1974299 - Bump nssckbi version to 2.79.
+   - Bug 1967826 - remove unneccessary assertion.
+   - Bug 1948485 - Update mechanisms for Softoken PCT.
+   - Bug 1974299 - convert Chunghwa Telecom ePKI Root removal to a distrust after.
+   - Bug 1973925 - Ensure ssl_HaveRecvBufLock and friends respect opt.noLocks.
+   - Bug 1973930 - use -O2 for asan build.
+   - Bug 1973187 - Fix leaking locks when toggling SSL_NO_LOCKS.
+   - Bug 1973105 - remove out-of-function semicolon.
+   - Bug 1963009 - Extend pkcs8 fuzz target.
+   - Bug 1963008 - Extend pkcs7 fuzz target.
+   - Bug 1908763 - Remove unused assignment to pageno.
+   - Bug 1908762 - Remove unused assignment to nextChunk.
+   - Bug 1973490 - don't run commands as part of shell `local` declarations.
+   - Bug 1973490 - fix sanitizer setup.
+   - Bug 1973187 - don't silence ssl_gtests output when running with code coverage.
+   - Bug 1967411 - Release docs and housekeeping.
+   - Bug 1972768 - migrate to new linux tester pool
--- a/security/nss/moz.yaml
+++ b/security/nss/moz.yaml
@@ -4,18 +4,18 @@ bugzilla:
   product: Core
   component: "Security: PSM"
 
 origin:
   name: NSS
   description: nss
   url: https://hg-edge.mozilla.org/projects/nss
 
-  release: 0928fb4442848566088359cc76cc8ee5c452ef88 (2025-07-15T17:02:05Z).
-  revision: 0928fb4442848566088359cc76cc8ee5c452ef88
+  release: 9b25114ee84b732c70e0915ff9bcd0fa6f1cb433 (2025-07-17T20:31:27Z).
+  revision: 9b25114ee84b732c70e0915ff9bcd0fa6f1cb433
 
   license: MPL-2.0
   license-file: COPYING
 
 vendoring:
   url: https://github.com/nss-dev/nss
   source-hosting: github
   vendor-directory: security/nss/
@@ -33,9 +33,9 @@ vendoring:
 
 updatebot:
   maintainer-phab: "#nss-reviewers"
   maintainer-bz: jschanck@mozilla.com
   tasks:
     - type: vendoring
       enabled: true
       frequency: 1 week
-      blocking: 1973049
+      blocking: 1978341