Bug 1724869 - land NSS NSS_3_70_RTM UPGRADE_NSS_RELEASE, r=beurdouche…

… DONTBUILD

```
2021-09-04  Benjamin Beurdouche  <[email protected]>

	* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
	Set version numbers to 3.70 final
	[c4e7630cbfec] [NSS_3_70_RTM] <NSS_3_70_BRANCH>

	* doc/rst/releases/index.rst, doc/rst/releases/nss_3_70.rst:
	Documentation: release notes for NSS 3.70
	[a86217c0ce0d] <NSS_3_70_BRANCH>

2021-08-31  Benjamin Beurdouche  <[email protected]>

	* doc/rst/releases/nss_3_69_1.rst:
	Release notes for NSS 3.69.1
	[3160cfcbec3b] <NSS_3_70_BRANCH>

2021-08-26  Benjamin Beurdouche  <[email protected]>

	* .hgtags:
	Added tag NSS_3_70_BETA1 for changeset e55700ee052e
	[8a2ba28dd68a] <NSS_3_70_BRANCH>
```

Differential Revision: https://phabricator.services.mozilla.com/D124539

security/nss/TAG-INFO

@@ -1 +1 @@
-NSS_3_70_BETA1
+NSS_3_70_RTM

security/nss/coreconf/coreconf.dep

@@ -10,4 +10,3 @@
  */
 
 #error "Do not include this header file."
-

security/nss/doc/rst/releases/index.rst

@@ -8,6 +8,8 @@ Releases
    :glob:
    :hidden:
 
+   nss_3_70.rst
+   nss_3_69_1.rst
    nss_3_69.rst
    nss_3_68.rst
    nss_3_67.rst
@@ -17,21 +19,24 @@ Releases
 
 .. note::
 
-   **NSS 3.69** is the latest version of NSS.
+   **NSS 3.70** is the latest version of NSS.
 
-   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_69_release_notes`
+   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_70_release_notes`
 
 .. container::
 
    Changes included in this release:
 
-   - Bug 1722613 - Disable DTLS 1.0 and 1.1 by default
-   - Bug 1720226 - integrity checks in key4.db not happening on private components with AES_CBC
-   - Bug 1720235 - SSL handling of signature algorithms ignores environmental invalid algorithms.
-   - Bug 1721476 - sqlite 3.34 changed it's open semantics, causing nss failures.
-   - Bug 1720230 - Gtest update changed the gtest reports, losing gtest details in all.sh reports.
-   - Bug 1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
-   - Bug 1720232 - SQLite calls could timeout in starvation situations.
-   - Bug 1720225 - Coverity/cpp scanner errors found in nss 3.67
-   - Bug 1709817 - Import the NSS documentation from MDN in nss/doc.
-   - Bug 1720227 - NSS using a tempdir to measure sql performance not active
+   - Documentation: release notes for NSS 3.70.
+   - Documentation: release notes for NSS 3.69.1.
+   - Bug 1726022 - Update test case to verify fix.
+   - Bug 1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
+   - Bug 1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
+   - Formatting for lib/util
+   - Bug 1681975 - Avoid using a lookup table in nssb64d.
+   - Bug 1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
+   - Bug 1714579 Change default value of enableHelloDowngradeCheck to true.
+   - Formatting for gtests/pk11_gtest/pk11_hpke_unittest.cc
+   - Bug 1726022 Cache additional PBE entries.
+   - Bug 1709750 - Read HPKE vectors from official JSON.
+   - Documentation: update for NSS 3.69 release.

security/nss/doc/rst/releases/nss_3_69_1.rst

@@ -0,0 +1,76 @@
+.. _mozilla_projects_nss_nss_3_69_1_release_notes:
+
+NSS 3.69.1 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.69.1 was released on **26 August 2021**.
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_69_1_RTM. NSS 3.69.1 requires NSPR 4.32 or newer.
+
+   NSS 3.69.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_69_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_3.69.1:
+
+`Changes in NSS 3.69.1 <#changes_3.69.1>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default
+   - Bug 1720226 (Backout) - integrity checks in key4.db not happening on private components with AES_CBC
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.69.1 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A
+   program linked with older NSS 3.x shared libraries will work with NSS 3.69.1 shared libraries
+   without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
+   to the functions listed in NSS Public Functions will remain compatible with future versions of
+   the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
+
+`Notes <#notes>`__
+------------------
+
+.. container::
+
+   NSS 3.69.1 is a dot release based on the content of Firefox 92. Due to some issues with
+   the process for bringing NSS releases to Firefox, commits for 1722613 and 1720226 were absent
+   from the Firefox 92 branch which was associated to NSS 3.69. Due to time constraints a decision
+   was made to align the content of 3.69.1 with the Fx92 branch by backing out these changes instead
+   of restoring these commits.
+
+   Note that Bug 1720226 was also known to introduce a performance regression that has been fixed
+   in the main/default branch of NSS (Bug 1726022). Since the change has been backed out in this
+   release, 3.69.1 does not suffer from that performance regression.
+
+   This fix is not in 3.69 (which is affected) but will be in the 3.70 branch, which benefits from
+   both the change and the fix for the regression.
+
+   The NSS 3.70 release is on schedule and will happen on September 2nd.

security/nss/doc/rst/releases/nss_3_70.rst

@@ -0,0 +1,68 @@
+.. _mozilla_projects_nss_nss_3_70_release_notes:
+
+NSS 3.70 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.70 was released on **5 August 2021**.
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_70_RTM. NSS 3.70 requires NSPR 4.32 or newer.
+
+   NSS 3.70 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_70_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.70:
+
+`Changes in NSS 3.70 <#changes_in_nss_3.70>`__
+----------------------------------------------------
+
+.. container::
+
+   - Documentation: release notes for NSS 3.70.
+   - Documentation: release notes for NSS 3.69.1.
+   - Bug 1726022 - Update test case to verify fix.
+   - Bug 1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
+   - Bug 1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
+   - Formatting for lib/util
+   - Bug 1681975 - Avoid using a lookup table in nssb64d.
+   - Bug 1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
+   - Bug 1714579 Change default value of enableHelloDowngradeCheck to true.
+   - Formatting for gtests/pk11_gtest/pk11_hpke_unittest.cc
+   - Bug 1726022 Cache additional PBE entries.
+   - Bug 1709750 - Read HPKE vectors from official JSON.
+   - Documentation: update for NSS 3.69 release.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.70 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A
+   program linked with older NSS 3.x shared libraries will work with NSS 3.70 shared libraries
+   without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
+   to the functions listed in NSS Public Functions will remain compatible with future versions of
+   the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).

security/nss/lib/nss/nss.h

@@ -22,12 +22,12 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION "3.70" _NSS_CUSTOMIZED " Beta"
+#define NSS_VERSION "3.70" _NSS_CUSTOMIZED
 #define NSS_VMAJOR 3
 #define NSS_VMINOR 70
 #define NSS_VPATCH 0
 #define NSS_VBUILD 0
-#define NSS_BETA PR_TRUE
+#define NSS_BETA PR_FALSE
 
 #ifndef RC_INVOKED
 

security/nss/lib/softoken/softkver.h

@@ -17,11 +17,11 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION "3.70" SOFTOKEN_ECC_STRING " Beta"
+#define SOFTOKEN_VERSION "3.70" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR 3
 #define SOFTOKEN_VMINOR 70
 #define SOFTOKEN_VPATCH 0
 #define SOFTOKEN_VBUILD 0
-#define SOFTOKEN_BETA PR_TRUE
+#define SOFTOKEN_BETA PR_FALSE
 
 #endif /* _SOFTKVER_H_ */

security/nss/lib/util/nssutil.h

@@ -19,12 +19,12 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION "3.70 Beta"
+#define NSSUTIL_VERSION "3.70"
 #define NSSUTIL_VMAJOR 3
 #define NSSUTIL_VMINOR 70
 #define NSSUTIL_VPATCH 0
 #define NSSUTIL_VBUILD 0
-#define NSSUTIL_BETA PR_TRUE
+#define NSSUTIL_BETA PR_FALSE
 
 SEC_BEGIN_PROTOS