Log message:
nss: update to 3.107.

   - Bug 1923038 - Remove MPI fuzz targets.
   - Bug 1925512 - Remove globals `lockStatus` and `locksEverDisabled`.
   - Bug 1919015 - Enable PKCS8 fuzz target.
   - Bug 1923037 - Integrate Cryptofuzz in CI.
   - Bug 1913677 - Part 2: Set tls server target socket options in config class.
   - Bug 1913677 - Part 1: Set tls client target socket options in config class.
   - Bug 1913680 - Support building with thread sanitizer.
   - Bug 1922392 - set nssckbi version number to 2.72.
   - Bug 1919913 - remove Websites Trust Bit from Entrust Root Certification \ 
Authority - G4.
   - Bug 1920641 - remove Security Communication RootCA3 root cert.
   - Bug 1918559 - remove SecureSign RootCA11 root cert.
   - Bug 1922387 - Add distrust-after for TLS to Entrust Roots.
   - Bug 1927096 - update expected error code in pk12util pbmac1 tests.
   - Bug 1929041 - Use random tstclnt args with handshake collection script.
   - Bug 1920466 - Remove extraneous assert in ssl3gthr.c.
   - Bug 1928402 - Adding missing release notes for NSS_3_105.
   - Bug 1874451 - Enable the disabled mlkem tests for dtls.
   - Bug 1874451 - NSS gtests filter cleans up the constucted buffer before the use.
   - Bug 1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe.
   - Bug 1925503 - Remove short circuit test from ssl_Init.

Log message:
*: recursive bump for icu 76 shlib major version bump

Log message:
*: revbump for icu downgrade

Log message:
*: recursive bump for icu 76.1 shlib bump

Log message:
nss: update to 3.106.

Changes:

   - Bug 1925975 - NSS 3.106 should be distributed with NSPR 4.36.
   - Bug 1923767 - pk12util: improve error handling in p12U_ReadPKCS12File.
   - Bug 1899402 - Correctly destroy bulkkey in error scenario.
   - Bug 1919997 - PKCS7 fuzz target, r=djackson,nss-reviewers.
   - Bug 1923002 - Extract certificates with handshake collection script.
   - Bug 1923006 - Specify len_control for fuzz targets.
   - Bug 1923280 - Fix memory leak in dumpCertificatePEM.
   - Bug 1102981 - Fix UBSan errors for SECU_PrintCertificate and
     SECU_PrintCertificateBasicInfo.
   - Bug 1921528 - add new error codes to mozilla::pkix for Firefox to use.
   - Bug 1921768 - allow null phKey in NSC_DeriveKey.
   - Bug 1921801 - Only create seed corpus zip from existing corpus.
   - Bug 1826035 - Use explicit allowlist for for KDF PRFS.
   - Bug 1920138 - Increase optimization level for fuzz builds.
   - Bug 1920470 - Remove incorrect assert.
   - Bug 1914870 - Use libFuzzer options from fuzz/options/\*.options in CI.
   - Bug 1920945 - Polish corpus collection for automation.
   - Bug 1917572 - Detect new and unfuzzed SSL options.
   - Bug 1804646 - PKCS12 fuzzing target.

Log message:
nss: update to 3.105.

Bug 1915792 - Allow importing PKCS#8 private EC keys missing public key
Bug 1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c
Bug 1919577 - set KRML_MUSTINLINE=inline in makefile builds
Bug 1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys
Bug 1918767 - override default definition of KRML_MUSTINLINE
Bug 1916525 - libssl support for mlkem768x25519
Bug 1916524 - support for ML-KEM-768 in softoken and pk11wrap
Bug 1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL
Bug 1911912 - Avoid misuse of ctype(3) functions
Bug 1917311 - part 2: run clang-format
Bug 1917311 - part 1: upgrade to clang-format 13
Bug 1916953 - clang-format fuzz
Bug 1910370 - DTLS client message buffer may not empty be on retransmit
Bug 1916413 - Optionally print config for TLS client and server fuzz target
Bug 1916059 - Fix some simple documentation issues in NSS.
Bug 1915439 - improve performance of NSC_FindObjectsInit when template has \ 
CKA_TOKEN attr
Bug 1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN

Log message:
devel/nss: Update to 3.104

Changelog:
3.104:
Changes:

   - Bug 1910071 - Copy original corpus to heap-allocated buffer
   - Bug 1910079 - Fix min ssl version for DTLS client fuzzer
   - Bug 1908990 - Remove OS2 support just like we did on NSPR
   - Bug 1910605 - clang-format NSS improvements
   - Bug 1902078 - Adding basicutil.h to use HexString2SECItem function
   - Bug 1908990 - removing dirent.c from build
   - Bug 1902078 - Allow handing in keymaterial to shlibsign to make the output \ 
reproducible (
   - Bug 1908990 - remove nec4.3, sunos4, riscos and SNI references
   - Bug 1908990 - remove other old OS (BSDI, old HP UX, NCR, openunix, sco, \ 
unixware or reliantUnix
   - Bug 1908990 - remove mentions of WIN95
   - Bug 1908990 - remove mentions of WIN16
   - Bug 1913750 - More explicit directory naming
   - Bug 1913755 - Add more options to TLS server fuzz target
   - Bug 1913675 - Add more options to TLS client fuzz target
   - Bug 1835240 - Use OSS-Fuzz corpus in NSS CI
   - Bug 1908012 - set nssckbi version number to 2.70.
   - Bug 1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert.
   - Bug 1908009 - Remove Email Trust bit from certSIGN ROOT CA.
   - Bug 1908006 - Add Cybertrust Japan Roots to NSS.
   - Bug 1908004 - Add Taiwan CA Roots to NSS.
   - Bug 1911354 - remove search by decoded serial in \ 
nssToken_FindCertificateByIssuerAndSerialNumber.
   - Bug 1913132 - Fix tstclnt CI build failure
   - Bug 1913047 - vfyserv: ensure peer cert chain is in db for \ 
CERT_VerifyCertificateNow.
   - Bug 1912427 - Enable all supported protocol versions for UDP
   - Bug 1910361 - Actually use random PSK hash type
   - Bug 1911576: Initialize NSS DB once
   - Bug 1910361 - Additional ECH cipher suites and PSK hash types
   - Bug 1903604: Automate corpus file generation for TLS client Fuzzer
   - Bug 1910364 - Fix crash with UNSAFE_FUZZER_MODE
   - Bug 1910605 - clang-format shlibsign.c

NSS 3.104 shared libraries are backwards-compatible with all older NSS
3.x shared libraries. A program linked with older NSS 3.x shared
libraries will work with this new version of the shared libraries
without recompiling or relinking. Furthermore, applications that
restrict their use of NSS APIs to the functions listed in NSS Public
Functions will remain compatible with future versions of the NSS
shared libraries.

Log message:
nss: update to 3.103.

Changes:
- Bug 1908623 - move list size check after lock acquisition in
  sftk_PutObjectToList.
- Bug 1899542 - Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH.
- Bug 1909638 - Follow-up to fix test for presence of file nspr.patch.
- Bug 1903783 - Adjust libFuzzer size limits.
- Bug 1899542 - Add fuzzing support for
  SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs,
  SSL_VersionRangeSet and SSL_AddExternalPsk.
- Bug 1899542 - Add fuzzing support for SSL_ENABLE_GREASE and
  SSL_ENABLE_CH_EXTENSION_PERMUTATION.
- Bug 1909638 - NSS automation should always cleanup the NSPR tree.
- Bug 590806 - Freeing symKey in pk11_PubDeriveECKeyWithKDF when
  a key_size is 0 and wrong kd.
- Bug 1908831 - Don't link zlib where it's not needed.
- Bug 1908597 - Removing dead code from X25519 seckey.
- Bug 1905691 - ChaChaXor to return after the functio.
- Bug 1900416 - NSS Support of X25519 import/export functionalit.
- Bug 1890618 - add PeerCertificateChainDER function to libssl.
- Bug 1908190 - fix definitions of freeblCipher_native_aes_*_worker on arm.
- Bug 1907743 - pk11mode: avoid passing null phKey to C_DeriveKey.
- Bug 1902119 - reuse X25519 share when offering both X25519 and Xyber768d00.
- Set nssckbi version number to 2.69.
- Bug 1904404 - add NSS_DISABLE_NSPR_TESTS option to makefile.
- Bug 1905746 - avoid calling functions through pointers of incompatible type.
- Bug 1905783 - merge docker-fuzz32 and docker-fuzz images.
- Bug 1903373 - fix several scan-build warnings.