Adding upstream version 124.0.1.upstream/124.0.1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

55 files changed, 3666 insertions, 0 deletions

diff --git a/security/nss/doc/rst/releases/index.rst b/security/nss/doc/rst/releases/index.rst
new file mode 100644
index 0000000000..5ac6cb4bb0
--- /dev/null
+++ b/security/nss/doc/rst/releases/index.rst
@@ -0,0 +1,99 @@
+.. _mozilla_projects_nss_releases:
+
+Releases
+========
+
+.. toctree::
+   :maxdepth: 0
+   :glob:
+   :hidden:
+
+   nss_3_98.rst
+   nss_3_97.rst
+   nss_3_96_1.rst
+   nss_3_96.rst
+   nss_3_95.rst
+   nss_3_94.rst
+   nss_3_93.rst
+   nss_3_92.rst
+   nss_3_91_0.rst
+   nss_3_90_0.rst
+   nss_3_89_1.rst
+   nss_3_89.rst
+   nss_3_88_1.rst
+   nss_3_88.rst
+   nss_3_87_1.rst
+   nss_3_87.rst
+   nss_3_86.rst
+   nss_3_85.rst
+   nss_3_84.rst
+   nss_3_83.rst
+   nss_3_82.rst
+   nss_3_81.rst
+   nss_3_80.rst
+   nss_3_79_4.rst
+   nss_3_79_3.rst
+   nss_3_79_2.rst
+   nss_3_79_1.rst
+   nss_3_79.rst
+   nss_3_78_1.rst
+   nss_3_78.rst
+   nss_3_77.rst
+   nss_3_76_1.rst
+   nss_3_76.rst
+   nss_3_75.rst
+   nss_3_74.rst
+   nss_3_73_1.rst
+   nss_3_73.rst
+   nss_3_72_1.rst
+   nss_3_72.rst
+   nss_3_71.rst
+   nss_3_70.rst
+   nss_3_69_1.rst
+   nss_3_69.rst
+   nss_3_68_4.rst
+   nss_3_68_3.rst
+   nss_3_68_2.rst
+   nss_3_68_1.rst
+   nss_3_68.rst
+   nss_3_67.rst
+   nss_3_66.rst
+   nss_3_65.rst
+   nss_3_64.rst
+
+.. note::
+
+   **NSS 3.98** is the latest version of NSS.
+   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_98_release_notes`
+
+   **NSS 3.90.2 (ESR)** is the latest version of NSS.
+   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_90_2_release_notes`
+
+.. container::
+
+   Changes in 3.98 included in this release:
+
+  - Bug 1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS.
+  - Bug 1879513 - Certificate Compression: enabling the check that the compression was advertised.
+  - Bug 1831552 - Move Windows workers to nss-1/b-win2022-alpha.
+  - Bug 1879945 - Remove Email trust bit from OISTE WISeKey Global Root GC CA.
+  - Bug 1877344 - Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`.
+  - Bug 1548723 - Certificate Compression: Updating nss_bogo_shim to support Certificate compression.
+  - Bug 1548723 - TLS Certificate Compression (RFC 8879) Implementation.
+  - Bug 1875356 - Add valgrind annotations to freebl kyber operations for constant-time execution tests.
+  - Bug 1870673 - Set nssckbi version number to 2.66.
+  - Bug 1874017 - Add Telekom Security roots.
+  - Bug 1873095 - Add D-Trust 2022 S/MIME roots.
+  - Bug 1865450 - Remove expired Security Communication RootCA1 root.
+  - Bug 1876179 - move keys to a slot that supports concatenation in PK11_ConcatSymKeys.
+  - Bug 1876800 - remove unmaintained tls-interop tests.
+  - Bug 1874937 - bogo: add support for the -ipv6 and -shim-id shim flags.
+  - Bug 1874937 - bogo: add support for the -curves shim flag and update Kyber expectations.
+  - Bug 1874937 - bogo: adjust expectation for a key usage bit test.
+  - Bug 1757758 - mozpkix: add option to ignore invalid subject alternative names.
+  - Bug 1841029 - Fix selfserv not stripping `publicname:` from -X value.
+  - Bug 1876390 - take ownership of ecckilla shims.
+  - Bug 1874458 - add valgrind annotations to freebl/ec.c.
+  - Bug  864039 - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip.
+  - Bug 1875965 - Update zlib to 1.3.1.
+
diff --git a/security/nss/doc/rst/releases/nss_3_64.rst b/security/nss/doc/rst/releases/nss_3_64.rst
new file mode 100644
index 0000000000..ee5e36f08a
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_64.rst
@@ -0,0 +1,69 @@
+.. _mozilla_projects_nss_nss_3_64_release_notes:
+
+NSS 3.64 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.64 was released on **15 April 2021**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_64_RTM. NSS 3.64 requires NSPR 4.30 or newer.
+
+   NSS 3.64 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_64_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_nss_releases`.
+
+.. _bugs_fixed_in_nss_3.64:
+
+`Bugs fixed in NSS 3.64 <#bugs_fixed_in_nss_3.64>`__
+----------------------------------------------------
+
+.. container::
+
+   -  Bug 1705286 - Properly detect mips64.
+   -  Bug 1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx.
+   -  Bug 1698320 - replace \__builtin_cpu_supports("vsx") with ppc_crypto_support() for clang.
+   -  Bug 1613235 - Add POWER ChaCha20 stream cipher vector acceleration.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.64 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A
+   program linked with older NSS 3.x shared libraries will work with NSS 3.64 shared libraries
+   without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
+   to the functions listed in NSS Public Functions will remain compatible with future versions of
+   the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
+
+`Notes <#notes>`__
+------------------
+
+.. container::
+
+   This version of NSS contains a number of contributions for "unsupported platforms". We would like
+   to thank the authors and the reviewers for their contributions to NSS.
+
+   Discussions about moving the documentation are still ongoing. (See discussion in the 3.62 release
+   notes.)
\ No newline at end of file
diff --git a/security/nss/doc/rst/releases/nss_3_65.rst b/security/nss/doc/rst/releases/nss_3_65.rst
new file mode 100644
index 0000000000..7548aecc24
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_65.rst
@@ -0,0 +1,77 @@
+.. _mozilla_projects_nss_nss_3_65_release_notes:
+
+NSS 3.65 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.65 was released on **13 May 2021**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_65_RTM. NSS 3.65 requires NSPR 4.30 or newer.
+
+   NSS 3.65 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_65_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _bugs_fixed_in_nss_3.65:
+
+`Bugs fixed in NSS 3.65 <#bugs_fixed_in_nss_3.65>`__
+----------------------------------------------------
+
+.. container::
+
+   -  Bug 1709654 - Update for NetBSD configuration.
+   -  Bug 1709750 - Disable HPKE test when fuzzing.
+   -  Bug 1566124 - Optimize AES-GCM for ppc64le.
+   -  Bug 1699021 - Add AES-256-GCM to HPKE.
+   -  Bug 1698419 - ECH -10 updates.
+   -  Bug 1692930 - Update HPKE to final version.
+   -  Bug 1707130 - NSS should use modern algorithms in PKCS#12 files by default.
+   -  Bug 1703936 - New coverity/cpp scanner errors.
+   -  Bug 1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
+   -  Bug 1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
+   -  Bug 1705119 - Deadlock when using GCM and non-thread safe tokens.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.65 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A
+   program linked with older NSS 3.x shared libraries will work with NSS 3.65 shared libraries
+   without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
+   to the functions listed in NSS Public Functions will remain compatible with future versions of
+   the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
+
+`Notes <#notes>`__
+------------------
+
+.. container::
+
+   Due to some changes in the Firefox release cycle, NSS 3.67 has yet to be added
+   to the NSS release schedule (3.66 is not affected). I will announce the date to
+   this list once defined.
+
+   Best,
+   Benjamin
diff --git a/security/nss/doc/rst/releases/nss_3_66.rst b/security/nss/doc/rst/releases/nss_3_66.rst
new file mode 100644
index 0000000000..4198d0a623
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_66.rst
@@ -0,0 +1,79 @@
+.. _mozilla_projects_nss_nss_3_66_release_notes:
+
+NSS 3.66 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.66 was released on **27 May 2021**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_66_RTM. NSS 3.66 requires NSPR 4.30 or newer.
+
+   NSS 3.66 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_66_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _bugs_fixed_in_nss_3.66:
+
+`Bugs fixed in NSS 3.66 <#bugs_fixed_in_nss_3.66>`__
+----------------------------------------------------
+
+.. container::
+
+   -  Bug 1710716 - Remove Expired Sonera Class2 CA from NSS.
+   -  Bug 1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
+   -  Bug 1708307 - Remove Trustis FPS Root CA from NSS.
+   -  Bug 1707097 - Add Certum Trusted Root CA to NSS.
+   -  Bug 1707097 - Add Certum EC-384 CA to NSS.
+   -  Bug 1703942 - Add ANF Secure Server Root CA to NSS.
+   -  Bug 1697071 - Add GLOBALTRUST 2020 root cert to NSS.
+   -  Bug 1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
+   -  Bug 1712230 - Don't build ppc-gcm.s with clang integrated assembler.
+   -  Bug 1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
+   -  Bug 1710773 - NSS needs FIPS 180-3 FIPS indicators.
+   -  Bug 1709291 - Add VerifyCodeSigningCertificateChain.
+   -  Use GNU tar for the release helper script.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.66 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A
+   program linked with older NSS 3.x shared libraries will work with NSS 3.66 shared libraries
+   without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
+   to the functions listed in NSS Public Functions will remain compatible with future versions of
+   the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
+
+`Notes <#notes>`__
+------------------
+
+.. container::
+
+   To realign the NSS and Firefox release schedules, the next cycle for
+   NSS 3.67 will be very short and the release happen on June 10th.
+   https://wiki.mozilla.org/NSS:Release_Versions
+
+   Bug 1712230 introduced a correctness issue for GCM on ppcle64, the fix will
+   be part of NSS 3.67.
diff --git a/security/nss/doc/rst/releases/nss_3_67.rst b/security/nss/doc/rst/releases/nss_3_67.rst
new file mode 100644
index 0000000000..3cc065e63c
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_67.rst
@@ -0,0 +1,70 @@
+.. _mozilla_projects_nss_nss_3_67_release_notes:
+
+NSS 3.67 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.67 was released on **10 June 2021**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_67_RTM. NSS 3.67 requires NSPR 4.30 or newer.
+
+   NSS 3.67 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_67_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _bugs_fixed_in_nss_3.67:
+
+`Bugs fixed in NSS 3.67 <#bugs_fixed_in_nss_3.67>`__
+----------------------------------------------------
+
+.. container::
+
+   -  Bug 1683710 - Add a means to disable ALPN.
+   -  Bug 1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
+   -  Bug 1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
+   -  Bug 1566124 - Fix counter increase in ppc-gcm-wrap.c
+   -  Bug 1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.67 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A
+   program linked with older NSS 3.x shared libraries will work with NSS 3.67 shared libraries
+   without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
+   to the functions listed in NSS Public Functions will remain compatible with future versions of
+   the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
+
+`Notes <#notes>`__
+------------------
+
+.. container::
+
+   This version of NSS contains a number of contributions for "unsupported platforms". We would like
+   to thank the authors and the reviewers for their contributions to NSS.
+
+   Discussions about moving the documentation are still ongoing. (See discussion in the 3.62 release
+   notes.)
diff --git a/security/nss/doc/rst/releases/nss_3_68.rst b/security/nss/doc/rst/releases/nss_3_68.rst
new file mode 100644
index 0000000000..ed719477e8
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_68.rst
@@ -0,0 +1,61 @@
+.. _mozilla_projects_nss_nss_3_68_release_notes:
+
+NSS 3.68 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.68 was released on **8 July 2021**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_68_RTM. NSS 3.68 requires NSPR 4.32 or newer.
+
+   NSS 3.68 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _bugs_fixed_in_nss_3.68:
+
+`Bugs fixed in NSS 3.68 <#bugs_fixed_in_nss_3.68>`__
+----------------------------------------------------
+
+.. container::
+
+   -  Bug 1713562 - Fix test leak.
+   -  Bug 1717452 - NSS 3.68 should depend on NSPR 4.32.
+   -  Bug 1693206 - Implement PKCS8 export of ECDSA keys.
+   -  Bug 1712883 - DTLS 1.3 draft-43.
+   -  Bug 1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
+   -  Bug 1713562 - Validate ECH public names.
+   -  Bug 1717610 - Add function to get seconds from epoch from pkix::Time.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.68 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A
+   program linked with older NSS 3.x shared libraries will work with NSS 3.68 shared libraries
+   without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
+   to the functions listed in NSS Public Functions will remain compatible with future versions of
+   the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_68_1.rst b/security/nss/doc/rst/releases/nss_3_68_1.rst
new file mode 100644
index 0000000000..8461b5b6ba
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_68_1.rst
@@ -0,0 +1,62 @@
+.. _mozilla_projects_nss_nss_3_68_1_release_notes:
+
+NSS 3.68.1 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.68.1 (ESR) was released on **1 December 2021**.
+
+   **This release contains an important security fix for CVE-2021-43527:**
+
+   https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_68_1_RTM. NSS 3.68.1 requires NSPR 4.32 or newer.
+
+   NSS 3.68.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.68.1:
+
+`Changes in NSS 3.68.1 <#changes_in_nss_3.68.1>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1735028 - Check for missing signedData field.
+   - Bug 1737470 - Ensure DER encoded signatures are within size limits.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.68.1 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_68_2.rst b/security/nss/doc/rst/releases/nss_3_68_2.rst
new file mode 100644
index 0000000000..967da2f349
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_68_2.rst
@@ -0,0 +1,57 @@
+.. _mozilla_projects_nss_nss_3_68_2_release_notes:
+
+NSS 3.68.2 (ESR) release notes
+==============================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.68.2 (ESR) was released on **15 December 2021**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_68_2_RTM. NSS 3.68.2 requires NSPR 4.32 or newer.
+
+   NSS 3.68.2 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_2_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.68.2:
+
+`Changes in NSS 3.68.2 <#changes_in_nss_3.68.2>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 966856 - Add SHA-2 support to mozilla::pkix's OCSP implementation.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.68.2 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_68_3.rst b/security/nss/doc/rst/releases/nss_3_68_3.rst
new file mode 100644
index 0000000000..857953c541
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_68_3.rst
@@ -0,0 +1,72 @@
+.. _mozilla_projects_nss_nss_3_68_3_release_notes:
+
+NSS 3.68.3 (ESR) release notes
+==============================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.68.3 (ESR) was released on **28 March 2022**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_68_3_RTM. NSS 3.68.3 requires NSPR 4.32 or newer.
+
+   NSS 3.68.3 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_3_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.68.3:
+
+`Changes in NSS 3.68.3 <#changes_in_nss_3.68.3>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1756271 - Remove token member from NSSSlot struct.
+   - Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots.
+   - Bug 1370866 - Check return value of PK11Slot_GetNSSToken.
+
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.68.3 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
+
+
+`Notes <#notes>`__
+------------------
+
+.. container::
+
+   This release improves the stability of NSS when used in a multi-threaded
+   environment. In particular, it fixes memory safety violations that can occur
+   when PKCS#11 tokens are removed while in use (CVE-2022-1097). We presume
+   that with enough effort these memory safety violations are exploitable.
+
diff --git a/security/nss/doc/rst/releases/nss_3_68_4.rst b/security/nss/doc/rst/releases/nss_3_68_4.rst
new file mode 100644
index 0000000000..670e221dd7
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_68_4.rst
@@ -0,0 +1,59 @@
+.. _mozilla_projects_nss_nss_3_68_4_release_notes:
+
+NSS 3.68.4 (ESR) release notes
+==============================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.68.4 (ESR) was released on **31 May 2022**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_68_4_RTM. NSS 3.68.4 requires NSPR 4.32 or newer.
+
+   NSS 3.68.4 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_4_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.68.4:
+
+`Changes in NSS 3.68.4 <#changes_in_nss_3.68.4>`__
+----------------------------------------------------
+
+.. container::
+
+   - ug 1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.68.4 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
+
+
diff --git a/security/nss/doc/rst/releases/nss_3_69.rst b/security/nss/doc/rst/releases/nss_3_69.rst
new file mode 100644
index 0000000000..e6e5b9f27e
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_69.rst
@@ -0,0 +1,64 @@
+.. _mozilla_projects_nss_nss_3_69_release_notes:
+
+NSS 3.69 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.69 was released on **5 August 2021**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_69_RTM. NSS 3.69 requires NSPR 4.32 or newer.
+
+   NSS 3.69 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_69_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _bugs_fixed_in_nss_3.69:
+
+`Bugs fixed in NSS 3.69 <#bugs_fixed_in_nss_3.69>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1722613 - Disable DTLS 1.0 and 1.1 by default
+   - Bug 1720226 - integrity checks in key4.db not happening on private components with AES_CBC
+   - Bug 1720235 - SSL handling of signature algorithms ignores environmental invalid algorithms.
+   - Bug 1721476 - sqlite 3.34 changed it's open semantics, causing nss failures.
+   - Bug 1720230 - Gtest update changed the gtest reports, losing gtest details in all.sh reports.
+   - Bug 1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
+   - Bug 1720232 - SQLite calls could timeout in starvation situations.
+   - Bug 1720225 - Coverity/cpp scanner errors found in nss 3.67
+   - Bug 1709817 - Import the NSS documentation from MDN in nss/doc.
+   - Bug 1720227 - NSS using a tempdir to measure sql performance not active
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.69 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A
+   program linked with older NSS 3.x shared libraries will work with NSS 3.69 shared libraries
+   without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
+   to the functions listed in NSS Public Functions will remain compatible with future versions of
+   the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_69_1.rst b/security/nss/doc/rst/releases/nss_3_69_1.rst
new file mode 100644
index 0000000000..75ed1b6f6e
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_69_1.rst
@@ -0,0 +1,76 @@
+.. _mozilla_projects_nss_nss_3_69_1_release_notes:
+
+NSS 3.69.1 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.69.1 was released on **26 August 2021**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_69_1_RTM. NSS 3.69.1 requires NSPR 4.32 or newer.
+
+   NSS 3.69.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_69_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_3.69.1:
+
+`Changes in NSS 3.69.1 <#changes_3.69.1>`__
+-------------------------------------------
+
+.. container::
+
+   - Bug 1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default
+   - Bug 1720226 (Backout) - integrity checks in key4.db not happening on private components with AES_CBC
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.69.1 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A
+   program linked with older NSS 3.x shared libraries will work with NSS 3.69.1 shared libraries
+   without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
+   to the functions listed in NSS Public Functions will remain compatible with future versions of
+   the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
+
+`Notes <#notes>`__
+------------------
+
+.. container::
+
+   NSS 3.69.1 is a dot release based on the content of Firefox 92. Due to some issues with
+   the process for bringing NSS releases to Firefox, commits for 1722613 and 1720226 were absent
+   from the Firefox 92 branch which was associated to NSS 3.69. Due to time constraints a decision
+   was made to align the content of 3.69.1 with the Fx92 branch by backing out these changes instead
+   of restoring these commits.
+
+   Note that Bug 1720226 was also known to introduce a performance regression that has been fixed
+   in the main/default branch of NSS (Bug 1726022). Since the change has been backed out in this
+   release, 3.69.1 does not suffer from that performance regression.
+
+   This fix is not in 3.69 (which is affected) but will be in the 3.70 branch, which benefits from
+   both the change and the fix for the regression.
+
+   The NSS 3.70 release is on schedule and will happen on September 2nd.
diff --git a/security/nss/doc/rst/releases/nss_3_70.rst b/security/nss/doc/rst/releases/nss_3_70.rst
new file mode 100644
index 0000000000..3c0e453ff9
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_70.rst
@@ -0,0 +1,68 @@
+.. _mozilla_projects_nss_nss_3_70_release_notes:
+
+NSS 3.70 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.70 was released on **5 August 2021**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_70_RTM. NSS 3.70 requires NSPR 4.32 or newer.
+
+   NSS 3.70 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_70_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.70:
+
+`Changes in NSS 3.70 <#changes_in_nss_3.70>`__
+----------------------------------------------------
+
+.. container::
+
+   - Documentation: release notes for NSS 3.70.
+   - Documentation: release notes for NSS 3.69.1.
+   - Bug 1726022 - Update test case to verify fix.
+   - Bug 1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
+   - Bug 1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
+   - Formatting for lib/util
+   - Bug 1681975 - Avoid using a lookup table in nssb64d.
+   - Bug 1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
+   - Bug 1714579 Change default value of enableHelloDowngradeCheck to true.
+   - Formatting for gtests/pk11_gtest/pk11_hpke_unittest.cc
+   - Bug 1726022 Cache additional PBE entries.
+   - Bug 1709750 - Read HPKE vectors from official JSON.
+   - Documentation: update for NSS 3.69 release.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.70 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A
+   program linked with older NSS 3.x shared libraries will work with NSS 3.70 shared libraries
+   without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
+   to the functions listed in NSS Public Functions will remain compatible with future versions of
+   the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_71.rst b/security/nss/doc/rst/releases/nss_3_71.rst
new file mode 100644
index 0000000000..ef1d5dfb8a
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_71.rst
@@ -0,0 +1,63 @@
+.. _mozilla_projects_nss_nss_3_71_release_notes:
+
+NSS 3.71 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.71 was released on **30 September 2021**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_71_RTM. NSS 3.71 requires NSPR 4.32 or newer.
+
+   NSS 3.71 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_71_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.71:
+
+`Changes in NSS 3.71 <#changes_in_nss_3.71>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1717716 - Set nssckbi version number to 2.52.
+   - Bug 1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
+   - Bug 1373716 - Import of PKCS#12 files with Camellia encryption is not supported
+   - Bug 1717707 - Add HARICA Client ECC Root CA 2021.
+   - Bug 1717707 - Add HARICA Client RSA Root CA 2021.
+   - Bug 1717707 - Add HARICA TLS ECC Root CA 2021.
+   - Bug 1717707 - Add HARICA TLS RSA Root CA 2021.
+   - Bug 1728394 - Add TunTrust Root CA certificate to NSS.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.71 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_72.rst b/security/nss/doc/rst/releases/nss_3_72.rst
new file mode 100644
index 0000000000..56581dcfe2
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_72.rst
@@ -0,0 +1,60 @@
+.. _mozilla_projects_nss_nss_3_72_release_notes:
+
+NSS 3.72 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.72 was released on **28 October 2021**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_72_RTM. NSS 3.72 requires NSPR 4.32 or newer.
+
+   NSS 3.72 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_72_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.72:
+
+`Changes in NSS 3.72 <#changes_in_nss_3.72>`__
+----------------------------------------------------
+
+.. container::
+
+   - Documentation: release notes for NSS 3.72
+   - Documentation: release notes for NSS 3.71
+   - Remove newline at the end of coreconf.dep
+   - Bug 1731911 - Fix nsinstall parallel failure.
+   - Bug 1729930 - Increase KDF cache size to mitigate perf regression in about:logins.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.72 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_72_1.rst b/security/nss/doc/rst/releases/nss_3_72_1.rst
new file mode 100644
index 0000000000..2392b32bcd
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_72_1.rst
@@ -0,0 +1,57 @@
+.. _mozilla_projects_nss_nss_3_72_1_release_notes:
+
+NSS 3.72.1 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.72.1 was released on **15 December 2021**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_72_1_RTM. NSS 3.72.1 requires NSPR 4.32 or newer.
+
+   NSS 3.72.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_72_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.72.1:
+
+`Changes in NSS 3.72.1 <#changes_in_nss_3.72.1>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 966856 - Add SHA-2 support to mozilla::pkix's OCSP implementation.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.72.1 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_73.rst b/security/nss/doc/rst/releases/nss_3_73.rst
new file mode 100644
index 0000000000..411d381973
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_73.rst
@@ -0,0 +1,65 @@
+.. _mozilla_projects_nss_nss_3_73_release_notes:
+
+NSS 3.73 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.73 was released on **1 December 2021**.
+
+   **This release contains an important security fix for CVE-2021-43527:**
+
+   https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_73_RTM. NSS 3.73 requires NSPR 4.32 or newer.
+
+   NSS 3.73 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_73_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.73:
+
+`Changes in NSS 3.73 <#changes_in_nss_3.73>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1735028 - Check for missing signedData field.
+   - Bug 1737470 - Ensure DER encoded signatures are within size limits.
+   - Bug 1729550 - NSS needs FiPS 140-3 version indicators.
+   - Bug 1692132 - pkix_CacheCert_Lookup doesn't return cached certs.
+   - Bug 1738600 - Sunset Coverity from NSS.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.73 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_73_1.rst b/security/nss/doc/rst/releases/nss_3_73_1.rst
new file mode 100644
index 0000000000..72b9d8c133
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_73_1.rst
@@ -0,0 +1,57 @@
+.. _mozilla_projects_nss_nss_3_73_1_release_notes:
+
+NSS 3.73.1 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.73.1 was released on **15 December 2021**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_73_1_RTM. NSS 3.73.1 requires NSPR 4.32 or newer.
+
+   NSS 3.73.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_73_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.73.1:
+
+`Changes in NSS 3.73.1 <#changes_in_nss_3.73.1>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 966856 - Add SHA-2 support to mozilla::pkix's OCSP implementation.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.73.1 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_74.rst b/security/nss/doc/rst/releases/nss_3_74.rst
new file mode 100644
index 0000000000..40d8243eeb
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_74.rst
@@ -0,0 +1,77 @@
+.. _mozilla_projects_nss_nss_3_74_release_notes:
+
+NSS 3.74 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.74 was released on **6 January 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_74_RTM. NSS 3.74 requires NSPR 4.32 or newer.
+
+   NSS 3.74 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_74_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.74:
+
+`Changes in NSS 3.74 <#changes_in_nss_3.74>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses.
+   - Bug 1553612 - Ensure clients offer consistent ciphersuites after HRR.
+   - Bug 1721426 - NSS does not properly restrict server keys based on policy.
+   - Bug 1733003 - Set nssckbi version number to 2.54.
+   - Bug 1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate in NSS.
+   - Bug 1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate in NSS.
+   - Bug 1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate in NSS.
+   - Bug 1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate in NSS.
+   - Bug 1735407 - Replace GlobalSign ECC Root CA R4 in NSS.
+   - Bug 1733560 - Remove Expired Root Certificates from NSS - DST Root CA X3.
+   - Bug 1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates from NSS.
+   - Bug 1741930 - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate to NSS.
+   - Bug 1740095 - Add iTrusChina ECC root certificate to NSS.
+   - Bug 1740095 - Add iTrusChina RSA root certificate to NSS.
+   - Bug 1738805 - Add ISRG Root X2 root certificate to NSS.
+   - Bug 1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate to NSS.
+   - Bug 1738028 - Avoid a clang 13 unused variable warning in opt build.
+   - Bug 1735028 - Check for missing signedData field.
+   - Bug 1737470 - Ensure DER encoded signatures are within size limits.
+
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.74 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_75.rst b/security/nss/doc/rst/releases/nss_3_75.rst
new file mode 100644
index 0000000000..29d2c30fb8
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_75.rst
@@ -0,0 +1,89 @@
+.. _mozilla_projects_nss_nss_3_75_release_notes:
+
+NSS 3.75 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.75 was released on **3 February 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_75_RTM. NSS 3.75 requires NSPR 4.32 or newer.
+
+   NSS 3.75 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_75_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.75:
+
+`Changes in NSS 3.75 <#changes_in_nss_3.75>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1749030 - This patch adds gcc-9 and gcc-10 to the CI.
+   - Bug 1749794 - Make DottedOIDToCode.py compatible with python3.
+   - Bug 1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
+   - Bug 1748386 - Remove redundant key type check.
+   - Bug 1749869 - Update ABI expectations to match ECH changes.
+   - Bug 1748386 - Enable CKM_CHACHA20.
+   - Bug 1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
+   - Bug 1747310 - real move assignment operator.
+   - Bug 1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
+   - Bug 1743302 - Add ECDSA test vectors to the bltest command line tool.
+   - Bug 1747772 - Allow to build using clang's integrated assembler.
+   - Bug 1321398 - Allow to override python for the build.
+   - Bug 1747317 - test HKDF output rather than input.
+   - Bug 1747316 - Use ASSERT macros to end failed tests early.
+   - Bug 1747310 - move assignment operator for DataBuffer.
+   - Bug 1712879 - Add test cases for ECH compression and unexpected extensions in SH.
+   - Bug 1725938 - Update tests for ECH-13.
+   - Bug 1725938 - Tidy up error handling.
+   - Bug 1728281 - Add tests for ECH HRR Changes.
+   - Bug 1728281 - Server only sends GREASE HRR extension if enabled by preference.
+   - Bug 1725938 - Update generation of the Associated Data for ECH-13.
+   - Bug 1712879 - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello.
+   - Bug 1712879 - Allow for compressed, non-contiguous, extensions.
+   - Bug 1712879 - Scramble the PSK extension in CHOuter.
+   - Bug 1712647 - Split custom extension handling for ECH.
+   - Bug 1728281 - Add ECH-13 HRR Handling.
+   - Bug 1677181 - Client side ECH padding.
+   - Bug 1725938 - Stricter ClientHelloInner Decompression.
+   - Bug 1725938 - Remove ECH_inner extension, use new enum format.
+   - Bug 1725938 - Update the version number for ECH-13 and adjust the ECHConfig size.
+
+
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.75 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_76.rst b/security/nss/doc/rst/releases/nss_3_76.rst
new file mode 100644
index 0000000000..866bbcb0de
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_76.rst
@@ -0,0 +1,63 @@
+.. _mozilla_projects_nss_nss_3_76_release_notes:
+
+NSS 3.76 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.76 was released on **3 March 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_76_RTM. NSS 3.76 requires NSPR 4.32 or newer.
+
+   NSS 3.76 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_76_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.76:
+
+`Changes in NSS 3.76 <#changes_in_nss_3.76>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. r=rrelyea
+   - Bug 1370866 - Check return value of PK11Slot_GetNSSToken. r=djackson
+   - Bug 1747957 - Use Wycheproof JSON for RSASSA-PSS, r=nss-reviewers,bbeurdouche
+   - Bug 1679803 - Add SHA256 fingerprint comments to old certdata.txt entries. r=nss-reviewers,bbeurdouche
+   - Bug 1753505 - Avoid truncating files in nss-release-helper.py. r=bbeurdouche
+   - Bug 1751157 - Throw illegal_parameter alert for illegal extensions in handshake message. r=djackson
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.76 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_76_1.rst b/security/nss/doc/rst/releases/nss_3_76_1.rst
new file mode 100644
index 0000000000..30ead57935
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_76_1.rst
@@ -0,0 +1,68 @@
+.. _mozilla_projects_nss_nss_3_76_1_release_notes:
+
+NSS 3.76.1 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.76.1 was released on **28 March 2022**.
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_76_1_RTM. NSS 3.76.1 requires NSPR 4.32 or newer.
+
+   NSS 3.76.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_76_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.76.1:
+
+`Changes in NSS 3.76.1 <#changes_in_nss_3.76.1>`__
+--------------------------------------------------
+
+.. container::
+
+   - Bug 1756271 - Remove token member from NSSSlot struct.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.76.1 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
+
+`Notes <#notes>`__
+------------------
+
+.. container::
+
+   This release improves the stability of NSS when used in a multi-threaded
+   environment. In particular, it fixes memory safety violations that can occur
+   when PKCS#11 tokens are removed while in use (CVE-2022-1097). We presume
+   that with enough effort these memory safety violations are exploitable.
+
diff --git a/security/nss/doc/rst/releases/nss_3_77.rst b/security/nss/doc/rst/releases/nss_3_77.rst
new file mode 100644
index 0000000000..46b37c4557
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_77.rst
@@ -0,0 +1,92 @@
+.. _mozilla_projects_nss_nss_3_77_release_notes:
+
+NSS 3.77 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.77 was released on **31 March 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_77_RTM. NSS 3.77 requires NSPR 4.32 or newer.
+
+   NSS 3.77 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_77_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.77:
+
+`Changes in NSS 3.77 <#changes_in_nss_3.77>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1762244 - resolve mpitests build failure on Windows.
+   - Bug 1761779 - Fix link to TLS page on wireshark wiki
+   - Bug 1754890 - Add two D-TRUST 2020 root certificates.
+   - Bug 1751298 - Add Telia Root CA v2 root certificate.
+   - Bug 1751305 - Remove expired explicitly distrusted certificates from certdata.txt.
+   - Bug 1005084 - support specific RSA-PSS parameters in mozilla::pkix
+   - Bug 1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
+   - Bug 1756271 - Remove token member from NSSSlot struct.
+   - Bug 1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
+   - Bug 1757279 - Support UTF-8 library path in the module spec string.
+   - Bug 1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
+   - Bug 1760827 - Add a CI Target for gcc-11.
+   - Bug 1760828 - Change to makefiles for gcc-4.8.
+   - Bug 1741688 - Update googletest to 1.11.0
+   - Bug 1759525 - Add SetTls13GreaseEchSize to experimental API.
+   - Bug 1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
+   - Bug 1755904 - Fix calculation of ECH HRR Transcript.
+   - Bug 1758741 - Allow ld path to be set as environment variable.
+   - Bug 1760653 - Ensure we don't read uninitialized memory in ssl gtests.
+   - Bug 1758478 - Fix DataBuffer Move Assignment.
+   - Bug 1552254 - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
+   - Bug 1755092 - rework signature verification in mozilla::pkix
+
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.77 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
+
+`Notes <#notes>`__
+------------------
+
+.. container::
+
+   For users upgrading from NSS < 3.76.1 or NSS < 3.68.3, this release improves
+   the stability of NSS when used in a multi-threaded environment. In
+   particular, it fixes memory safety violations that can occur when PKCS#11
+   tokens are removed while in use (CVE-2022-1097). We presume that with enough
+   effort these memory safety violations are exploitable.
+
diff --git a/security/nss/doc/rst/releases/nss_3_78.rst b/security/nss/doc/rst/releases/nss_3_78.rst
new file mode 100644
index 0000000000..f12224e793
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_78.rst
@@ -0,0 +1,64 @@
+.. _mozilla_projects_nss_nss_3_78_release_notes:
+
+NSS 3.78 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.78 was released on **28 April 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_78_RTM. NSS 3.78 requires NSPR 4.32 or newer.
+
+   NSS 3.78 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_78_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.78:
+
+`Changes in NSS 3.78 <#changes_in_nss_3.78>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
+   - Bug 1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries.
+   - Bug 1763120 - Add ECH Grease Support to tstclnt
+   - Bug 1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
+   - Bug 1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
+   - Bug 1760813 - Make SEC_PKCS12EnableCipher succeed
+   - Bug 1762489 - Update zlib in NSS to 1.2.12.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.78 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_78_1.rst b/security/nss/doc/rst/releases/nss_3_78_1.rst
new file mode 100644
index 0000000000..08e3a1b230
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_78_1.rst
@@ -0,0 +1,59 @@
+.. _mozilla_projects_nss_nss_3_78_release_notes:
+
+NSS 3.78 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.78.1 was released on **31 May 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_78_1_RTM. NSS 3.78.1 requires NSPR 4.32 or newer.
+
+   NSS 3.78.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_78_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.78.1:
+
+`Changes in NSS 3.78.1 <#changes_in_nss_3.78.1>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
+   - Bug 1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.78.1 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_79.rst b/security/nss/doc/rst/releases/nss_3_79.rst
new file mode 100644
index 0000000000..835fd36a92
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_79.rst
@@ -0,0 +1,70 @@
+.. _mozilla_projects_nss_nss_3_79_release_notes:
+
+NSS 3.79 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.79 was released on **31 May 2022**. NSS 3.79 is an ESR release.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_79_RTM. NSS 3.79 requires NSPR 4.34 or newer.
+
+   NSS 3.79 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_79_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.79:
+
+`Changes in NSS 3.79 <#changes_in_nss_3.79>`__
+----------------------------------------------
+
+.. container::
+
+   - Bug 205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
+   - Bug 1766907 - Update mercurial in clang-format docker image.
+   - Bug 1454072 - Use of uninitialized pointer in lg_init after alloc fail.
+   - Bug 1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
+   - Bug 1753315 - Add SECMOD_LockedModuleHasRemovableSlots.
+   - Bug 1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
+   - Bug 1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
+   - Bug 1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
+   - Bug 1764788 - Correct invalid record inner and outer content type alerts.
+   - Bug 1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
+   - Bug 1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
+   - Bug 1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
+   - Bug 1769302 - NSS 3.79 should depend on NSPR 4.34
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.79 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_79_1.rst b/security/nss/doc/rst/releases/nss_3_79_1.rst
new file mode 100644
index 0000000000..5b47b0628d
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_79_1.rst
@@ -0,0 +1,62 @@
+.. _mozilla_projects_nss_nss_3_79_1_release_notes:
+
+NSS 3.79.1 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.79.1 was released on **18 August 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_79_1_RTM. NSS 3.79.1 requires NSPR 4.34 or newer.
+
+   NSS 3.79.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_79_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.79.1:
+
+`Changes in NSS 3.79.1 <#changes_in_nss_3.79.1>`__
+--------------------------------------------------
+
+.. container::
+
+   - Bug 1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier.
+   - Bug 1771498 - Uninitialized value in cert_ComputeCertType.
+   - Bug 1759794 - protect SFTKSlot needLogin with slotLock.
+   - Bug 1760998 - avoid data race on primary password change.
+   - Bug 1330271 - check for null template in sec_asn1{d,e}_push_state.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.79.1 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_79_2.rst b/security/nss/doc/rst/releases/nss_3_79_2.rst
new file mode 100644
index 0000000000..1cfe6ad77a
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_79_2.rst
@@ -0,0 +1,59 @@
+.. _mozilla_projects_nss_nss_3_79_2_release_notes:
+
+NSS 3.79.2 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.79.2 was released on **25 October 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_79_2_RTM. NSS 3.79.2 requires NSPR 4.34.1 or newer.
+
+   NSS 3.79.2 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_79_2_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.79.2:
+
+`Changes in NSS 3.79.2 <#changes_in_nss_3.79.2>`__
+--------------------------------------------------
+
+.. container::
+
+   - Bug 1785846 - Bump minimum NSPR version to 4.34.1.
+   - Bug 1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.79.2 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_79_3.rst b/security/nss/doc/rst/releases/nss_3_79_3.rst
new file mode 100644
index 0000000000..fc613b930c
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_79_3.rst
@@ -0,0 +1,58 @@
+.. _mozilla_projects_nss_nss_3_79_3_release_notes:
+
+NSS 3.79.3 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.79.3 was released on **10 January 2023**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_79_3_RTM. NSS 3.79.3 requires NSPR 4.34.1 or newer.
+
+   NSS 3.79.3 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_79_3_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.79.3:
+
+`Changes in NSS 3.79.3 <#changes_in_nss_3.79.3>`__
+--------------------------------------------------
+
+.. container::
+
+   - Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.79.3 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_79_4.rst b/security/nss/doc/rst/releases/nss_3_79_4.rst
new file mode 100644
index 0000000000..5cc99c5437
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_79_4.rst
@@ -0,0 +1,58 @@
+.. _mozilla_projects_nss_nss_3_79_4_release_notes:
+
+NSS 3.79.4 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.79.4 was released on **9 February 2023**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_79_4_RTM. NSS 3.79.4 requires NSPR 4.34.1 or newer.
+
+   NSS 3.79.4 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_79_4_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.79.4:
+
+`Changes in NSS 3.79.4 <#changes_in_nss_3.79.4>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.79.4 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_80.rst b/security/nss/doc/rst/releases/nss_3_80.rst
new file mode 100644
index 0000000000..e283c4b57c
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_80.rst
@@ -0,0 +1,75 @@
+.. _mozilla_projects_nss_nss_3_80_release_notes:
+
+NSS 3.80 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.80 was released on **23 June 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_80_RTM. NSS 3.80 requires NSPR 4.34 or newer.
+
+   NSS 3.80 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_80_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.80:
+
+`Changes in NSS 3.80 <#changes_in_nss_3.80>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h.
+   - Bug 1617956 - Add support for asynchronous client auth hooks.
+   - Bug 1497537 - nss-policy-check: make unknown keyword check optional.
+   - Bug 1765383 - GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record.
+   - Bug 1773022 - Mark 3.79 as an ESR release.
+   - Bug 1764206 - Bump nssckbi version number for June.
+   - Bug 1759815 - Remove Hellenic Academic 2011 Root.
+   - Bug 1770267 - Add E-Tugra Roots.
+   - Bug 1768970 - Add Certainly Roots.
+   - Bug 1764392 - Add DigitCert Roots.
+   - Bug 1759794 - Protect SFTKSlot needLogin with slotLock.
+   - Bug 1366464 - Compare signature and signatureAlgorithm fields in legacy certificate verifier.
+   - Bug 1771497 - Uninitialized value in cert_VerifyCertChainOld.
+   - Bug 1771495 - Unchecked return code in sec_DecodeSigAlg.
+   - Bug 1771498 - Uninitialized value in cert_ComputeCertType.
+   - Bug 1760998 - Avoid data race on primary password change.
+   - Bug 1769063 - Replace ppc64 dcbzl intrinisic.
+   - Bug 1771036 - Allow LDFLAGS override in makefile builds.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.80 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_81.rst b/security/nss/doc/rst/releases/nss_3_81.rst
new file mode 100644
index 0000000000..91053fc348
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_81.rst
@@ -0,0 +1,60 @@
+.. _mozilla_projects_nss_nss_3_81_release_notes:
+
+NSS 3.81 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.81 was released on **21 July 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_81_RTM. NSS 3.81 requires NSPR 4.34 or newer.
+
+   NSS 3.81 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_81_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.81:
+
+`Changes in NSS 3.81 <#changes_in_nss_3.81>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1762831: Enable aarch64 hardware crypto support on OpenBSD.
+   - Bug 1775359 - make NSS_SecureMemcmp 0/1 valued.
+   - Bug 1779285: Add no_application_protocol alert handler and test client error code is set.
+   - Bug 1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.81 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_82.rst b/security/nss/doc/rst/releases/nss_3_82.rst
new file mode 100644
index 0000000000..da18519de4
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_82.rst
@@ -0,0 +1,61 @@
+.. _mozilla_projects_nss_nss_3_82_release_notes:
+
+NSS 3.82 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.82 was released on **18 August 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_82_RTM. NSS 3.82 requires NSPR 4.34 or newer.
+
+   NSS 3.82 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_82_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.82:
+
+`Changes in NSS 3.82 <#changes_in_nss_3.82>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1330271 - check for null template in sec_asn1{d,e}_push_state
+   - Bug 1735925 - QuickDER: Forbid NULL tags with non-zero length
+   - Bug 1784724 - Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite
+   - Bug 1784191 - Cast the result of GetProcAddress
+   - Bug 1681099 - pk11wrap: Tighten certificate lookup based on PKCS #11 URI
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.82 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_83.rst b/security/nss/doc/rst/releases/nss_3_83.rst
new file mode 100644
index 0000000000..d8a7b01827
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_83.rst
@@ -0,0 +1,74 @@
+.. _mozilla_projects_nss_nss_3_83_release_notes:
+
+NSS 3.83 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.83 was released on **15 September 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_83_RTM. NSS 3.83 requires NSPR 4.34.1 or newer.
+
+   NSS 3.83 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_83_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.83:
+
+`Changes in NSS 3.83 <#changes_in_nss_3.83>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1788875 - Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags
+   - Bug 1563221 - remove older oses that are unused part3/ BeOS
+   - Bug 1563221 - remove older unix support in NSS part 3 Irix
+   - Bug 1563221 - remove support for older unix in NSS part 2 DGUX
+   - Bug 1563221 - remove support for older unix in NSS part 1 OSF
+   - Bug 1778413 - Set nssckbi version number to 2.58
+   - Bug 1785297 - Add two SECOM root certificates to NSS
+   - Bug 1787075 - Add two DigitalSign root certificates to NSS
+   - Bug 1778412 - Remove Camerfirma Global Chambersign Root from NSS
+   - Bug 1771100 - Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test
+   - Bug 1779361 - Removed skipping of ECH on equality of private and public SNI server name
+   - Bug 1779357 - Added comment and bug reference to ECHRandomHRRExtension bogo test
+   - Bug 1779370 - Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR
+   - Bug 1779234 - Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing
+   - Bug 1771100 - Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo
+   - Bug 1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs
+   - Bug 1771100 - Update BoGo tests to recent BoringSSL version
+   - Bug 1785846 - Bump minimum NSPR version to 4.34.1
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.83 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_84.rst b/security/nss/doc/rst/releases/nss_3_84.rst
new file mode 100644
index 0000000000..72ac886c0b
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_84.rst
@@ -0,0 +1,58 @@
+.. _mozilla_projects_nss_nss_3_84_release_notes:
+
+NSS 3.84 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.84 was released on **13 October 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_84_RTM. NSS 3.84 requires NSPR 4.35 or newer.
+
+   NSS 3.84 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_84_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.84:
+
+`Changes in NSS 3.84 <#changes_in_nss_3.84>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1791699 - Bump minimum NSPR version to 4.35.
+   - Bug 1792103 - Add a flag to disable building libnssckbi.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.84 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_85.rst b/security/nss/doc/rst/releases/nss_3_85.rst
new file mode 100644
index 0000000000..0ad6398956
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_85.rst
@@ -0,0 +1,72 @@
+.. _mozilla_projects_nss_nss_3_85_release_notes:
+
+NSS 3.85 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.85 was released on **10 November 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_85_RTM. NSS 3.85 requires NSPR 4.35 or newer.
+
+   NSS 3.85 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_85_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.85:
+
+`Changes in NSS 3.85 <#changes_in_nss_3.85>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1792821 - Modification of the primes.c and dhe-params.c in order to have better looking tables.
+   - Bug 1796815 - Update zlib in NSS to 1.2.13.
+   - Bug 1796504 - Skip building modutil and shlibsign when building in Firefox.
+   - Bug 1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard.
+   - Bug 1796407 - Fix -Wunused-but-set-variable warning from clang 15.
+   - Bug 1796308 - Fix -Wtautological-constant-out-of-range-compare and -Wtype-limits warnings.
+   - Bug 1796281 - Followup: add missing stdint.h include.
+   - Bug 1796281 - Fix -Wint-to-void-pointer-cast warnings.
+   - Bug 1796280 - Fix -Wunused-{function,variable,but-set-variable} warnings on Windows.
+   - Bug 1796079 - Fix -Wstring-conversion warnings.
+   - Bug 1796075 - Fix -Wempty-body warnings.
+   - Bug 1795242 - Fix unused-but-set-parameter warning.
+   - Bug 1795241 - Fix unreachable-code warnings.
+   - Bug 1795222 - Mark _nss_version_c unused on clang-cl.
+   - Bug 1795668 - Remove redundant variable definitions in lowhashtest.
+   - No bug - Add note about python executable to build instructions.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.85 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_86.rst b/security/nss/doc/rst/releases/nss_3_86.rst
new file mode 100644
index 0000000000..3b02b19fa3
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_86.rst
@@ -0,0 +1,72 @@
+.. _mozilla_projects_nss_nss_3_86_release_notes:
+
+NSS 3.86 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.86 was released on **8 December 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_86_RTM. NSS 3.86 requires NSPR 4.35 or newer.
+
+   NSS 3.86 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_86_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.86:
+
+`Changes in NSS 3.86 <#changes_in_nss_3.86>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1803190 - conscious language removal in NSS.
+   - Bug 1794506 - Set nssckbi version number to 2.60.
+   - Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates.
+   - Bug 1799038 - Remove Staat der Nederlanden EV Root CA from NSS.
+   - Bug 1797559 - Remove EC-ACC root cert from NSS.
+   - Bug 1794507 - Remove SwissSign Platinum CA - G2 from NSS.
+   - Bug 1794495 - Remove Network Solutions Certificate Authority.
+   - Bug 1802331 - compress docker image artifact with zstd.
+   - Bug 1799315 - Migrate nss from AWS to GCP.
+   - Bug 1800989 - Enable static builds in the CI.
+   - Bug 1765759 - Removing SAW docker from the NSS build system.
+   - Bug 1783231 - Initialising variables in the rsa blinding code.
+   - Bug 320582 - Implementation of the double-signing of the message for ECDSA.
+   - Bug 1783231 - Adding exponent blinding for RSA.
+
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.86 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_87.rst b/security/nss/doc/rst/releases/nss_3_87.rst
new file mode 100644
index 0000000000..7cb6690c5d
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_87.rst
@@ -0,0 +1,68 @@
+.. _mozilla_projects_nss_nss_3_87_release_notes:
+
+NSS 3.87 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.87 was released on **5 January 2023**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_87_RTM. NSS 3.87 requires NSPR 4.35 or newer.
+
+   NSS 3.87 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_87_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.87:
+
+`Changes in NSS 3.87 <#changes_in_nss_3.87>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1803226 - NULL password encoding incorrect.
+   - Bug 1804071 - Fix rng stub signature for fuzzing builds.
+   - Bug 1803595 - Updating the compiler parsing for build.
+   - Bug 1749030 - Modification of supported compilers.
+   - Bug 1774654 tstclnt crashes when accessing gnutls server without a user cert in the database.
+   - Bug 1751707 - Add configuration option to enable source-based coverage sanitizer.
+   - Bug 1751705 - Update ECCKiila generated files.
+   - Bug 1730353 - Add support for the LoongArch 64-bit architecture.
+   - Bug 1798823 - add checks for zero-length RSA modulus to avoid memory errors and failed assertions later.
+   - Bug 1798823 - Additional zero-length RSA modulus checks.
+
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.87 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_87_1.rst b/security/nss/doc/rst/releases/nss_3_87_1.rst
new file mode 100644
index 0000000000..342d89aec7
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_87_1.rst
@@ -0,0 +1,57 @@
+.. _mozilla_projects_nss_nss_3_87_1_release_notes:
+
+NSS 3.87.1 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.87.1 was released on **9 February 2022**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_87_RTM. NSS 3.87 requires NSPR 4.35 or newer.
+
+   NSS 3.87.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_87_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.87.1:
+
+`Changes in NSS 3.87.1 <#changes_in_nss_3.87.1>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.87.1 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_88.rst b/security/nss/doc/rst/releases/nss_3_88.rst
new file mode 100644
index 0000000000..15ed04931e
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_88.rst
@@ -0,0 +1,82 @@
+.. _mozilla_projects_nss_nss_3_88_release_notes:
+
+NSS 3.88 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.88 was released on *9 February 2023**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_88_RTM. NSS 3.88 requires NSPR 4.35 or newer.
+
+   NSS 3.88 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_88_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.88:
+
+`Changes in NSS 3.88 <#changes_in_nss_3.88>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1815870 - use a different treeherder symbol for each docker image build task.
+   - Bug 1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images
+   - Bug 1810702 - remove nested table in rst doc
+   - Bug 1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag.
+   - Bug 1812671 - build failure while implicitly casting SECStatus to PRUInt32. r=nss-reviewers,mt
+   - Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests
+   - Bug 1771100 - Added EarlyData ALPN test support to BoGo shim.
+   - Bug 1790357 - ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup.
+   - Bug 1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm.
+   - Bug 1789410 - ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test.
+   - Bug 1771100 - Added Bogo ECH rejection test support.
+   - Bug 1771100 - Added ECH 0Rtt support to BoGo shim.
+   - Bug 1747957 - RSA OAEP Wycheproof JSON
+   - Bug 1747957 - RSA decrypt Wycheproof JSON
+   - Bug 1747957 - ECDSA Wycheproof JSON
+   - Bug 1747957 - ECDH Wycheproof JSON
+   - Bug 1747957 - PKCS#1v1.5 wycheproof json
+   - Bug 1747957 - Use X25519 wycheproof json
+   - Bug 1766767 - Move scripts to python3
+   - Bug 1809627 - Properly link FuzzingEngine for oss-fuzz.
+   - Bug 1805907 - Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384)
+   - Bug 1804091 NSS needs to move off of DSA for integrity checks
+   - Bug 1805815 - Add initial testing with ACVP vector sets using acvp-rust
+   - Bug 1806369 - Don't clone libFuzzer, rely on clang instead
+
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.88 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_88_1.rst b/security/nss/doc/rst/releases/nss_3_88_1.rst
new file mode 100644
index 0000000000..63d5bb12e1
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_88_1.rst
@@ -0,0 +1,58 @@
+.. _mozilla_projects_nss_nss_3_88_1_release_notes:
+
+NSS 3.88.1 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.88.1 was released on *9 February 2023**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_88_1_RTM. NSS 3.88.1 requires NSPR 4.35 or newer.
+
+   NSS 3.88.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_88_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.88.1:
+
+`Changes in NSS 3.88.1 <#changes_in_nss_3.88.1>`__
+--------------------------------------------------
+
+.. container::
+
+   - Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.88.1 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_89.rst b/security/nss/doc/rst/releases/nss_3_89.rst
new file mode 100644
index 0000000000..b523dd8b2f
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_89.rst
@@ -0,0 +1,83 @@
+.. _mozilla_projects_nss_nss_3_89_release_notes:
+
+NSS 3.89 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.89 was released on *9 March 2023**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_89_RTM. NSS 3.89 requires NSPR 4.35 or newer.
+
+   NSS 3.89 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_89_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.89:
+
+`Changes in NSS 3.89 <#changes_in_nss_3.89>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase.
+   - Bug 1820175 - PR_STATIC_ASSERT is cursed.
+   - Bug 1767883 - Need to add policy control to keys lengths for signatures.
+   - Bug 1820175 - Fix unreachable code warning in fuzz builds.
+   - Bug 1820175 - Fix various compiler warnings in NSS.
+   - Bug 1820175 - Enable various compiler warnings for clang builds.
+   - Bug 1815136 - set PORT error after sftk_HMACCmp failure.
+   - Bug 1767883 - Need to add policy control to keys lengths for signatures.
+   - Bug 1804662 - remove data length assertion in sec_PKCS7Decrypt.
+   - Bug 1804660 - Make high tag number assertion failure an error.
+   - Bug 1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384.
+   - Bug 1815167 - Tolerate certificate_authorities xtn in ClientHello.
+   - Bug 1789436 - Fix build failure on Windows.
+   - Bug 1811337 - migrate Win 2012 tasks to Azure.
+   - Bug 1810702 - fix title length in doc.
+   - Bug 1570615 - Add interop tests for HRR and PSK to GREASE suite.
+   - Bug 1570615 - Add presence/absence tests for TLS GREASE.
+   - Bug 1804688 - Correct addition of GREASE value to ALPN xtn.
+   - Bug 1789436 - CH extension permutation.
+   - Bug 1570615 - TLS GREASE (RFC8701).
+   - Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
+   - Bug 1815870 - use a different treeherder symbol for each docker image build task.
+   - Bug 1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images.
+   - Bug 1810702 - remove nested table in rst doc.
+   - Bug 1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag.
+   - Bug 1812671 - build failure while implicitly casting SECStatus to PRUInt32.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.89 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_89_1.rst b/security/nss/doc/rst/releases/nss_3_89_1.rst
new file mode 100644
index 0000000000..b168b30ec0
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_89_1.rst
@@ -0,0 +1,59 @@
+.. _mozilla_projects_nss_nss_3_89_1_release_notes:
+
+NSS 3.89.1 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.89.1 was released on *5th May 2023**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_89_1_RTM. NSS 3.89.1 requires NSPR 4.35 or newer.
+
+   NSS 3.89.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_89_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.89.1:
+
+`Changes in NSS 3.89.1 <#changes_in_nss_3.89.1>`__
+--------------------------------------------------
+
+.. container::
+
+   - Bug 1804505 - Update the technical constraints for KamuSM.
+   - Bug 1822921 - Add BJCA Global Root CA1 and CA2 root certificates.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.89.1 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_90.rst b/security/nss/doc/rst/releases/nss_3_90.rst
new file mode 100644
index 0000000000..5b3623a8f9
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_90.rst
@@ -0,0 +1,89 @@
+.. _mozilla_projects_nss_nss_3_90_release_notes:
+
+NSS 3.90 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.90 was released on *4 June 2023**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_90_RTM. NSS 3.90 requires NSPR 4.35 or newer.
+
+   NSS 3.90 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_90_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.90:
+
+`Changes in NSS 3.90 <#changes_in_nss_3.90>`__
+----------------------------------------------------
+
+.. container::
+
+
+- Bug 1623338 - ride along: remove a duplicated doc page
+- Bug 1623338 - remove a reference to IRC
+- Bug 1831983 - clang-format lib/freebl/stubs.c
+- Bug 1831983 - Add a constant time select function
+- Bug 1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access.
+- Bug 1830973 - output early build errors by default
+- Bug 1804505 - Update the technical constraints for KamuSM
+- Bug 1822921 - Add BJCA Global Root CA1 and CA2 root certificates
+- Bug 1790763 - Enable default UBSan Checks
+- Bug 1786018 - Add explicit handling of zero length records
+- Bug 1829391 - Tidy up DTLS ACK Error Handling Path
+- Bug 1786018 - Refactor zero length record tests
+- Bug 1829112 - Fix compiler warning via correct assert
+- Bug 1755267 - run linux tests on nss-t/t-linux-xlarge-gcp
+- Bug 1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator
+- Bug 1784163 - Fix reading raw negative numbers
+- Bug 1748237 - Repairing unreachable code in clang built with gyp
+- Bug 1783647 - Integrate Vale Curve25519
+- Bug 1799468 - Removing unused flags for Hacl*
+- Bug 1748237 - Adding a better error message
+- Bug 1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
+- Bug 1782980 - Fall back to the softokn when writing certificate trust
+- Bug 1806010 - FIPS-104-3 requires we restart post programmatically
+- Bug 1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13
+- Bug 1818766 - Update ACVP dockerfile for compatibility with debian package changes
+- Bug 1815796 - Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files
+- Bug 1819958 - Removed deprecated sprintf function and replaced with snprintf
+- Bug 1822076 - fix rst warnings in nss doc
+- Bug 1821997 - Fix incorrect pygment style
+- Bug 1821292 - Change GYP directive to apply across platforms
+- Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.90 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_90_1.rst b/security/nss/doc/rst/releases/nss_3_90_1.rst
new file mode 100644
index 0000000000..807020f243
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_90_1.rst
@@ -0,0 +1,59 @@
+.. _mozilla_projects_nss_nss_3_90_1_release_notes:
+
+NSS 3.90.1 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.90.1 was released on *10th November 2023**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_90_1_RTM. NSS 3.90.1 requires NSPR 4.35 or newer.
+
+   NSS 3.90.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_90_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.90.1:
+
+`Changes in NSS 3.90.1 <#changes_in_nss_3.90.1>`__
+--------------------------------------------------
+
+.. container::
+
+   - Bug 1813401 - regenerate NameConstraints test certificates.
+   - Bug 1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.90.1 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_90_2.rst b/security/nss/doc/rst/releases/nss_3_90_2.rst
new file mode 100644
index 0000000000..6210183540
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_90_2.rst
@@ -0,0 +1,56 @@
+.. _mozilla_projects_nss_nss_3_90_2_release_notes:
+
+NSS 3.90.2 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.90.2 was released on *15th February 2024**.
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_90_2_RTM. NSS 3.90.2 requires NSPR 4.35 or newer.
+
+   NSS 3.90.2 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_90_2_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.90.2:
+
+`Changes in NSS 3.90.2 <#changes_in_nss_3.90.2>`__
+--------------------------------------------------
+
+.. container::
+
+   - Bug 1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS.
+   - Bug 1867408 - add a defensive check for large ssl_DefSend return values.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.90.2 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_91.rst b/security/nss/doc/rst/releases/nss_3_91.rst
new file mode 100644
index 0000000000..8c13ae1736
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_91.rst
@@ -0,0 +1,70 @@
+.. _mozilla_projects_nss_nss_3_91_release_notes:
+
+NSS 3.91 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.91 was released on *9 March 2023**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_91_RTM. NSS 3.91 requires NSPR 4.35 or newer.
+
+   NSS 3.91 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_91_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.91:
+
+`Changes in NSS 3.91 <#changes_in_nss_3.91>`__
+----------------------------------------------------
+
+.. container::
+
+ - Bug 1837431 - Implementation of the HW support check for ADX instruction
+ - Bug 1836925 - Removing the support of Curve25519
+ - Bug 1839795 - Fix comment about the addition of ticketSupportsEarlyData.
+ - Bug 1839327 - Adding args to enable-legacy-db build
+ - Bug 1835357 dbtests.sh failure in "certutil dump keys with explicit default trust flags"
+ - Bug 1837617: Initialize flags in slot structures
+ - Bug 1835425: Improve the length check of RSA input to avoid heap overflow
+ - Bug 1829112 - Followup Fixes
+ - Bug 1784253: avoid processing unexpected inputs by checking for m_exptmod base sign
+ - Bug 1826652: add a limit check on order_k to avoid infinite loop
+ - Bug 1834851 - Update HACL* to commit 5f6051d2.
+ - Bug 1753026 - add SHA3 to cryptohi and softoken.
+ - Bug 1753026: HACL SHA3
+ - Bug 1836781 - Disabling ASM C25519 for A but X86_64
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.91 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_92.rst b/security/nss/doc/rst/releases/nss_3_92.rst
new file mode 100644
index 0000000000..e49a6a8660
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_92.rst
@@ -0,0 +1,66 @@
+.. _mozilla_projects_nss_nss_3_92_release_notes:
+
+NSS 3.92 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.92 was released on *27 July 2023**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_92_RTM. NSS 3.92 requires NSPR 4.35 or newer.
+
+   NSS 3.92 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_92_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.92:
+
+`Changes in NSS 3.92 <#changes_in_nss_3.92>`__
+----------------------------------------------------
+
+.. container::
+
+ - Bug 1822935 - Set nssckbi version number to 2.62.
+ - Bug 1833270 - Add 4 Atos TrustedRoot Root CA certificates to NSS.
+ - Bug 1839992 - Add 4 SSL.com Root CA certificates.
+ - Bug 1840429 - Add Sectigo E46 and R46 Root CA certificates.
+ - Bug 1840437 - Add LAWtrust Root CA2 (4096).
+ - Bug 1822936 - Remove E-Tugra Certification Authority root.
+ - Bug 1827224 - Remove Camerfirma Chambers of Commerce Root.
+ - Bug 1840505 - Remove Hongkong Post Root CA 1.
+ - Bug 1842928 - Remove E-Tugra Global Root CA ECC v3 and RSA v3.
+ - Bug 1842937 - Avoid redefining BYTE_ORDER on hppa Linux.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.92 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_93.rst b/security/nss/doc/rst/releases/nss_3_93.rst
new file mode 100644
index 0000000000..fedd5eb006
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_93.rst
@@ -0,0 +1,59 @@
+.. _mozilla_projects_nss_nss_3_93_release_notes:
+
+NSS 3.93 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.93 was released on *25 August 2023**.
+
+
+
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_93_RTM. NSS 3.93 requires NSPR 4.35 or newer.
+
+   NSS 3.93 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_93_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.93:
+
+`Changes in NSS 3.93 <#changes_in_nss_3.93>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1849471 - Update zlib in NSS to 1.3.
+   - Bug 1848183 - softoken: iterate hashUpdate calls for long inputs.
+   - Bug 1813401 - regenerate NameConstraints test certificates.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.93 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_94.rst b/security/nss/doc/rst/releases/nss_3_94.rst
new file mode 100644
index 0000000000..4c44a4a2ae
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_94.rst
@@ -0,0 +1,65 @@
+.. _mozilla_projects_nss_nss_3_94_release_notes:
+
+NSS 3.94 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.94 was released on *2nd October 2023**.
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_94_RTM. NSS 3.94 requires NSPR 4.35 or newer.
+
+   NSS 3.94 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_94_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.94:
+
+`Changes in NSS 3.94 <#changes_in_nss_3.94>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1853737 - Updated code and commit ID for HACL*.
+   - Bug 1840510 - update ACVP fuzzed test vector: refuzzed with current NSS
+   - Bug 1827303 - Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants.
+   - Bug 1774659 - NSS needs a database tool that can dump the low level representation of the database.
+   - Bug 1852179 - declare string literals using char in pkixnames_tests.cpp.
+   - Bug 1852179 - avoid implicit conversion for ByteString.
+   - Bug 1818766 - update rust version for acvp docker.
+   - Bug 1852011 - Moving the init function of the mpi_ints before clean-up in ec.c
+   - Bug 1615555 - P-256 ECDH and ECDSA from HACL*.
+   - Bug 1840510 - Add ACVP test vectors to the repository
+   - Bug 1849077 - Stop relying on std::basic_string<uint8_t>.
+   - Bug 1847845 - Transpose the PPC_ABI check from Makefile to gyp.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.94 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_95.rst b/security/nss/doc/rst/releases/nss_3_95.rst
new file mode 100644
index 0000000000..85fec9c208
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_95.rst
@@ -0,0 +1,70 @@
+.. _mozilla_projects_nss_nss_3_95_release_notes:
+
+NSS 3.95 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.95 was released on *16th November 2023**.
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_95_RTM. NSS 3.95 requires NSPR 4.35 or newer.
+
+   NSS 3.95 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_95_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.95:
+
+`Changes in NSS 3.95 <#changes_in_nss_3.95>`__
+----------------------------------------------------
+
+.. container::
+
+  - Bug 1842932 - Bump builtins version number.
+  - Bug 1851044: Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert.
+  - Bug 1855318: Remove 4 DigiCert (Symantec/Verisign) Root Certificates from NSS.
+  - Bug 1851049: Remove 3 TrustCor Root Certificates from NSS.
+  - Bug 1850982 - Remove Camerfirma root certificates from NSS.
+  - Bug 1842935 - Remove old Autoridad de Certificacion Firmaprofesional Certificate.
+  - Bug 1860670 - Add four Commscope root certificates to NSS.
+  - Bug 1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates.
+  - Bug 1863605 - Include P-384 and P-521 Scalar Validation from HACL*
+  - Bug 1861728 - Include P-256 Scalar Validation from HACL*.
+  - Bug 1861265 After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level
+  - Bug 1837987:Add means to provide library parameters to C_Initialize
+  - Bug 1573097 - clang format
+  - Bug 1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
+  - Bug 1858241 - Typo in ssl3_AppendHandshakeNumber
+  - Bug 1858241 - Introducing input check of ssl3_AppendHandshakeNumber
+  - Bug 1573097 - Fix Invalid casts in instance.c
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.95 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_96.rst b/security/nss/doc/rst/releases/nss_3_96.rst
new file mode 100644
index 0000000000..b58db91e98
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_96.rst
@@ -0,0 +1,17 @@
+.. _mozilla_projects_nss_nss_3_96_release_notes:
+
+NSS 3.96 release notes
+======================
+
+Unfortunately due to issues with the release process we have inconsistent
+source code between the 3.96.0 tag in the NSS repo and the code that is on the FTP.
+The code for 3.96.0 available on the FTP contains some changes planned for the
+next release (namely DTLS 1.3).
+
+As we cannot change what has been published on the FTP easily, and to avoid further
+confusion, we published a dot release...
+
+As part of our roadmap to improve release automation, we will design things to be
+resilient against this divergence in the future.
+
+NSS 3.96.1 is available consistently in the FTP, the repo and Firefox as expected.
diff --git a/security/nss/doc/rst/releases/nss_3_96_1.rst b/security/nss/doc/rst/releases/nss_3_96_1.rst
new file mode 100644
index 0000000000..45aa2607cc
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_96_1.rst
@@ -0,0 +1,58 @@
+.. _mozilla_projects_nss_nss_3_96_1_release_notes:
+
+NSS 3.96.1 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.96.1 was released on *18th December 2023**.
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_96_1_RTM. NSS 3.96.1 requires NSPR 4.35 or newer.
+
+   NSS 3.96.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_96_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.96.1:
+
+`Changes in NSS 3.96.1 (from NSS 3.95) <#changes_in_nss_3.96.1>`__
+------------------------------------------------------------------
+
+.. container::
+
+  - Bug 1869408 - Use pypi dependencies for MacOS worker in ./build_gyp.sh
+  - Bug 1830978 - p7sign: add -a hash and -u certusage (also p7verify cleanups).
+  - Bug 1867408 - add a defensive check for large ssl_DefSend return values.
+  - Bug 1869378 - Add dependency to the taskcluster script for Darwin
+  - Bug 1869378 - Upgrade version of the MacOS worker for the CI
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.96.1 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_97.rst b/security/nss/doc/rst/releases/nss_3_97.rst
new file mode 100644
index 0000000000..ee0320ed9d
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_97.rst
@@ -0,0 +1,68 @@
+.. _mozilla_projects_nss_nss_3_97_release_notes:
+
+NSS 3.97 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.97 was released on *22nd January 2024**.
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_97_RTM. NSS 3.97 requires NSPR 4.35 or newer.
+
+   NSS 3.97 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_97_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.97:
+
+`Changes in NSS 3.97 <#changes_in_nss_3.97>`__
+------------------------------------------------------------------
+
+.. container::
+
+  - Bug 1875506 - make Xyber768d00 opt-in by policy.
+  - Bug 1871631 - add libssl support for xyber768d00.
+  - Bug 1871630 - add PK11_ConcatSymKeys.
+  - Bug 1775046 - add Kyber and a PKCS#11 KEM interface to softoken.
+  - Bug 1871152 - add a FreeBL API for Kyber.
+  - Bug 1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff.
+  - Bug 1826451 - part 1: add a script for vendoring kyber from pq-crystals repo.
+  - Bug 1835828 - Removing the calls to RSA Blind from loader.*
+  - Bug 1874111 - fix worker type for level3 mac tasks.
+  - Bug 1835828 - RSA Blind implementation.
+  - Bug 1869642 - Remove DSA selftests.
+  - Bug 1873296 - read KWP testvectors from JSON.
+  - Bug 1822450 - Backed out changeset dcb174139e4f
+  - Bug 1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation.
+  - Bug 1871219 - Wrap CC shell commands in gyp expansions.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.97 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
diff --git a/security/nss/doc/rst/releases/nss_3_98.rst b/security/nss/doc/rst/releases/nss_3_98.rst
new file mode 100644
index 0000000000..4a4a415a12
--- /dev/null
+++ b/security/nss/doc/rst/releases/nss_3_98.rst
@@ -0,0 +1,76 @@
+.. _mozilla_projects_nss_nss_3_98_release_notes:
+
+NSS 3.98 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.98 was released on *15th February 2024**.
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_98_RTM. NSS 3.98 requires NSPR 4.35 or newer.
+
+   NSS 3.98 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_98_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.98:
+
+`Changes in NSS 3.98 <#changes_in_nss_3.98>`__
+------------------------------------------------------------------
+
+.. container::
+
+  - Bug 1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS.
+  - Bug 1879513 - Certificate Compression: enabling the check that the compression was advertised.
+  - Bug 1831552 - Move Windows workers to nss-1/b-win2022-alpha.
+  - Bug 1879945 - Remove Email trust bit from OISTE WISeKey Global Root GC CA.
+  - Bug 1877344 - Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`.
+  - Bug 1548723 - Certificate Compression: Updating nss_bogo_shim to support Certificate compression.
+  - Bug 1548723 - TLS Certificate Compression (RFC 8879) Implementation.
+  - Bug 1875356 - Add valgrind annotations to freebl kyber operations for constant-time execution tests.
+  - Bug 1870673 - Set nssckbi version number to 2.66.
+  - Bug 1874017 - Add Telekom Security roots.
+  - Bug 1873095 - Add D-Trust 2022 S/MIME roots.
+  - Bug 1865450 - Remove expired Security Communication RootCA1 root.
+  - Bug 1876179 - move keys to a slot that supports concatenation in PK11_ConcatSymKeys.
+  - Bug 1876800 - remove unmaintained tls-interop tests.
+  - Bug 1874937 - bogo: add support for the -ipv6 and -shim-id shim flags.
+  - Bug 1874937 - bogo: add support for the -curves shim flag and update Kyber expectations.
+  - Bug 1874937 - bogo: adjust expectation for a key usage bit test.
+  - Bug 1757758 - mozpkix: add option to ignore invalid subject alternative names.
+  - Bug 1841029 - Fix selfserv not stripping `publicname:` from -X value.
+  - Bug 1876390 - take ownership of ecckilla shims.
+  - Bug 1874458 - add valgrind annotations to freebl/ec.c.
+  - Bug  864039 - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip.
+  - Bug 1875965 - Update zlib to 1.3.1.
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.98 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).