Log message:
nss: update to 3.91.

Bugfix release.

Log message:
devel/nss: Fix cross-build under TOOLBASE/LOCALBASE split.

Omit needless TOOL_DEPENDS on nspr; patch the problem away instead.

Log message:
nss: update to 3.89.1.

Changes:

   - Bug 1804505 - Update the technical constraints for KamuSM.
   - Bug 1822921 - Add BJCA Global Root CA1 and CA2 root certificates.

Log message:
revbump after textproc/icu update

Log message:
nss: update to 3.89.

Changes:

   - Bug 1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase.
   - Bug 1820175 - PR_STATIC_ASSERT is cursed.
   - Bug 1767883 - Need to add policy control to keys lengths for signatures.
   - Bug 1820175 - Fix unreachable code warning in fuzz builds.
   - Bug 1820175 - Fix various compiler warnings in NSS.
   - Bug 1820175 - Enable various compiler warnings for clang builds.
   - Bug 1815136 - set PORT error after sftk_HMACCmp failure.
   - Bug 1767883 - Need to add policy control to keys lengths for signatures.
   - Bug 1804662 - remove data length assertion in sec_PKCS7Decrypt.
   - Bug 1804660 - Make high tag number assertion failure an error.
   - Bug 1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key length from \ 
284 to 384.
   - Bug 1815167 - Tolerate certificate_authorities xtn in ClientHello.
   - Bug 1789436 - Fix build failure on Windows.
   - Bug 1811337 - migrate Win 2012 tasks to Azure.
   - Bug 1810702 - fix title length in doc.
   - Bug 1570615 - Add interop tests for HRR and PSK to GREASE suite.
   - Bug 1570615 - Add presence/absence tests for TLS GREASE.
   - Bug 1804688 - Correct addition of GREASE value to ALPN xtn.
   - Bug 1789436 - CH extension permutation.
   - Bug 1570615 - TLS GREASE (RFC8701).
   - Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
   - Bug 1815870 - use a different treeherder symbol for each docker image build \ 
task.
   - Bug 1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images.
   - Bug 1810702 - remove nested table in rst doc.
   - Bug 1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag.
   - Bug 1812671 - build failure while implicitly casting SECStatus to PRUInt32.

Log message:
nss: update to 3.88.1.

   - Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.

Log message:
nss: update to 3.88.

Changes:
   - Bug 1815870 - use a different treeherder symbol for each docker image
build task.
   - Bug 1815868 - pin an older version of the ubuntu:18.04 and 20.04
docker images
   - Bug 1810702 - remove nested table in rst doc
   - Bug 1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag.
   - Bug 1812671 - build failure while implicitly casting SECStatus to
PRUInt32. r=nss-reviewers,mt
   - Bug 1212915 - Add check for ClientHello SID max length. This is tested
by Bogo tests
   - Bug 1771100 - Added EarlyData ALPN test support to BoGo shim.
   - Bug 1790357 - ECH client - Discard resumption TLS < 1.3
Session(IDs|Tickets) if ECH configs are setup.
   - Bug 1714245 - On HRR skip PSK incompatible with negotiated
ciphersuites hash algorithm.
   - Bug 1789410 - ECH client: Send ech_required alert on server
negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo
test.
   - Bug 1771100 - Added Bogo ECH rejection test support.
   - Bug 1771100 - Added ECH 0Rtt support to BoGo shim.
   - Bug 1747957 - RSA OAEP Wycheproof JSON
   - Bug 1747957 - RSA decrypt Wycheproof JSON
   - Bug 1747957 - ECDSA Wycheproof JSON
   - Bug 1747957 - ECDH Wycheproof JSON
   - Bug 1747957 - PKCS#1v1.5 wycheproof json
   - Bug 1747957 - Use X25519 wycheproof json
   - Bug 1766767 - Move scripts to python3
   - Bug 1809627 - Properly link FuzzingEngine for oss-fuzz.
   - Bug 1805907 - Extending RSA-PSS bltest test coverage (Adding SHA-256
and SHA-384)
   - Bug 1804091 NSS needs to move off of DSA for integrity checks
   - Bug 1805815 - Add initial testing with ACVP vector sets using acvp-rust
   - Bug 1806369 - Don't clone libFuzzer, rely on clang instead

Log message:
nss: update to 3.87.

Changes:
   - Bug 1803226 - NULL password encoding incorrect.
   - Bug 1804071 - Fix rng stub signature for fuzzing builds.
   - Bug 1803595 - Updating the compiler parsing for build.
   - Bug 1749030 - Modification of supported compilers.
   - Bug 1774654 tstclnt crashes when accessing gnutls server
     without a user cert in the database.
   - Bug 1751707 - Add configuration option to enable source-based
     coverage sanitizer.
   - Bug 1751705 - Update ECCKiila generated files.
   - Bug 1730353 - Add support for the LoongArch 64-bit architecture.
   - Bug 1798823 - add checks for zero-length RSA modulus to avoid
     memory errors and failed assertions later.
   - Bug 1798823 - Additional zero-length RSA modulus checks.

Log message:
nss: update to 3.86.

Changes:
   - Bug 1803190 - conscious language removal in NSS.
   - Bug 1794506 - Set nssckbi version number to 2.60.
   - Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
     CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates.
   - Bug 1799038 - Remove Staat der Nederlanden EV Root CA from NSS.
   - Bug 1797559 - Remove EC-ACC root cert from NSS.
   - Bug 1794507 - Remove SwissSign Platinum CA - G2 from NSS.
   - Bug 1794495 - Remove Network Solutions Certificate Authority.
   - Bug 1802331 - compress docker image artifact with zstd.
   - Bug 1799315 - Migrate nss from AWS to GCP.
   - Bug 1800989 - Enable static builds in the CI.
   - Bug 1765759 - Removing SAW docker from the NSS build system.
   - Bug 1783231 - Initialising variables in the rsa blinding code.
   - Bug 320582 - Implementation of the double-signing of the message for ECDSA.
   - Bug 1783231 - Adding exponent blinding for RSA.

Log message:
massive revision bump after textproc/icu update