Merge nss from Debian unstable for kinetic

Our current delta has the following patches:

=== BEGIN DELTA ANALYSIS ===

  * New upstream release. (LP: #1959126) [2:3.68.2-0ubuntu1]

We went "ahead" of Debian here. We must drop this to get back to tracking the Debian history.

  * d/p/CVE-2021-43527.patch: drop patch applied upstream.
    [ Fixed in 3.68.1 ]
  * SECURITY UPDATE: heap overflow when verifying DSA/RSA-PSS DER-encoded
    signatures
    - debian/patches/CVE-2021-43527.patch: check signature lengths in
      nss/lib/cryptohi/secvfy.c.
    - CVE-2021-43527

When dropping the "New upstream release", this would be re-introduced, but since this was fixed in 3.68.1 already, it can be/remain dropped.

    - d/libnss3.links: Make freebl3 available as library. (LP #1744328)
    - d/libnss3.links.in: Symlink chk files to fix self-verification in
      FIPS mode. (LP #1885562)
    - d/control: Add dh-exec to Build-Depends.
    - d/rules: Make mkdir tolerate debian/tmp existing (due to dh-exec).

The packaging approach changed in Debian for 2:3.72-1 to stick to the upstream distribution approach. The libraries are now shipped in a single directory and therefore this patch is no longer needed.
dh-exec was only used for this links file and the related deltas are also no longer needed.

    - d/p/disable_fips_enabled_read.patch: Disable reading fips_enabled flag
      in FIPS mode as libnss is not a FIPS certified library. (LP #1837734)

LP: #1837734, which introduced this patch, has a comment from the patch author saying this was never needed in this package and was added to fix an issue with firefox, which had libnss embedded back when this was introduced. This can also be dropped.

    - d/p/set-tls1.2-as-minimum.patch: Set TLSv1.2 as minimum TLS version.
      (LP #1856428)

This was included in upstream version 3.69 and can be dropped.

    - d/p/fix-ftbfs-s390x.patch: Fix some uninitialized variable warnings
      and format overflows for s390x.
    - d/p/fix-ftbfs-glibc-invalid-oob-error.patch: Disable non-null error
      checking on call to getcwd since this results in an erroneous warning
      that causes the build to fail otherwise.

There are no FTBFS issues with the current Debian version. Hence, these are no longer needed. See https://launchpad.net/~athos-ribeiro/+archive/ubuntu/nss377-transition/+packages

    - d/rules: Disable LTO on s390x for now. (LP #1931104)

In the upstream issue linked in LP: #1931104, the Fedora packager re-enabled LTO since version 3.69 and reported no issues/regressions were observed. The same applies for our test builds at https://launchpad.net/~athos-ribeiro/+archive/ubuntu/nss377-transition/+packages. This can also be dropped.

=== END DELTA ANALYSIS ===

Based on the report above, we can safely drop all delta for nss.

This can be a sync.

A bileto ticket was created to ensure rdeps sanity before we proceed with sync'ing this package at https://bileto.ubuntu.com/#/ticket/4857

This bug was fixed in the package nss - 2:3.77-1
Sponsored for Athos Ribeiro (athos-ribeiro)

---------------
nss (2:3.77-1) unstable; urgency=medium

  * New upstream release.
  * debian/libnss3.symbols: Add NSS_3.77 symbol version.

 -- Mike Hommey <email address hidden> Wed, 06 Apr 2022 09:18:22 +0900

nss (2:3.75-1) unstable; urgency=medium

  * New upstream release.

 -- Mike Hommey <email address hidden> Wed, 09 Feb 2022 08:46:51 +0900

nss (2:3.73.1-1) unstable; urgency=medium

  * New upstream release.

 -- Mike Hommey <email address hidden> Fri, 17 Dec 2021 06:16:55 +0900

nss (2:3.73-1) unstable; urgency=medium

  * New upstream release.
  * Fixes MFSA-2021-51, aka CVE-2021-43527: Memory corruption via DER-encoded
    DSA and RSA-PSS signatures.

 -- Mike Hommey <email address hidden> Thu, 02 Dec 2021 06:04:31 +0900

nss (2:3.72-2) unstable; urgency=medium

  * debian/control: libnss3-dev breaks libxmlsec1-dev (<< 1.2.33-1).
    Closes: #998733.

 -- Mike Hommey <email address hidden> Fri, 12 Nov 2021 06:21:05 +0900

nss (2:3.72-1) unstable; urgency=medium

  * New upstream release.
  * debian/libnss3.symbols, nss/lib/ssl/sslinfo.c, nss/lib/ssl/sslt.h,
    nss/cmd/selfserv/selfserv.c, nss/cmd/strsclnt/strsclnt.c,
    nss/cmd/tstclnt/tstclnt.c: Bump dependency version for SSL_GetChannelInfo
    symbol and remove the previous workaround. Closes: #990058.
  * debian/libnss3.lintian-overrides.in, debian/rules,
    nss/cmd/shlibsign/shlibsign.c, nss/lib/pk11wrap/pk11load.c,
    nss/lib/util/secload.c, nss/cmd/shlibsign/Makefile,
    nss/cmd/shlibsign/manifest.mn: Stop putting freebl, softokn, etc. in a
    subdirectory. It's a deviation from upstream that is causing more problems
    than it's worth keeping. Closes: #737855, #846012, #979159.
  * debian/libnss3-dev.links.in: Remove xulrunner-nss.pc.
  * debian/rules: Stop forcing xz compression.
  * debian/copyright: Add dot for continuation.
  * debian/watch: Upgrade to version 4.
  * debian/control: Upgrade Standard-Version to 4.6.0:
    - debian/rules: Build with `make -s` when DEB_BUILD_OPTIONS contains
      terse.
    - debian/control: Add Rules-Requires-Root: no.
  * debian/control: Remove conflict with libnss3-1d. The last Debian version
    with libnss3-1d was jessie, and it had a newer version anyways.
  * debian/rules: Enable all hardening options.
  * debian/libnss3-symbols: Add Build-Depends-Package in symbols file.
  * debian/*.lintian-overrides*: Remove
    copyright-refers-to-versionless-license-file lintian overrides.
  * debian/libnss3.lintian-overrides.in:
    - s/shlib-without-versioned-soname/shared-library-lacks-version/.
    - Add lacks-unversioned-link-to-shared-library overrides.
  * debian/nss-config.in, debian/rules: Ship upstream nss-config instead of
    ours. Closes: #737855, #963136.
  * debian/rules, debian/control: Always set Multi-Arch: same.
  * debian/copyright:
    - Remove commas in `Files`.
    - Add missing license name for ifparser.
    - Add missing `Copyright`.
    - Remove copyright for mkdepend, which is not in the source tree anymore.
  * debian/upstream/metadata: Add upstream bug tracking metadata.

  [ Daniel Kahn Gillmor ]
  * debian/contr...