Log Message:
Update to nss 3.16.4

This release consists primarily of CA certificate changes as listed
below, and includes a small number of bug fixes.

Notable Changes:
* The following 1024-bit root CA certificate was restored to allow more
  time to develop a better transition strategy for affected sites. It was
  removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy
  forum led to the decision to keep this root included longer in order to
  give website administrators more time to update their web servers.
  - CN = GTE CyberTrust Global Root
* In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification
  Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit
  intermediate CA certificate has been included, without explicit trust.
  The intention is to mitigate the effects of the previous removal of the
  1024-bit Entrust.net root certificate, because many public Internet
  sites still use the "USERTrust Legacy Secure Server CA" intermediate
  certificate that is signed by the 1024-bit Entrust.net root certificate.
  The inclusion of the intermediate certificate is a temporary measure to
  allow those sites to function, by allowing them to find a trust path to
  another 2048-bit root CA certificate. The temporarily included
  intermediate certificate expires November 1, 2015.