* New upstream release. Dropped the following patches: - debian/patches/25_entropy.patch (was bz51429 obsoleted by fix for bz174993) - debian/patches/38_mips64_build.patch (we don't build on mips) - debian/patches/90_realpath.patch (included upstream) upstream) - debian/patches/diginotar.patch (included upstream) - debian/patches/CVE-2012-0441.patch (included upstream) * debian/patches/01_dont_build_nspr.patch: refresh * debian/patches/38_kbsd.patch: refresh/update based on Debian * debian/patches/80_security_build.patch: refresh * debian/patches/85_security_load.patch: refresh/update based on Debian * debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch: refresh/update based on Debian * SECURITY UPDATE: distrust improperly issued TURKTRUST intermediate CAs - debian/patches/94_ckbi-1.9.patch: update to CKBI 1.93 by using mozilla/security/nss/lib/ckfw/builtins/certdata.txt from upstream and updating mozilla/security/nss/lib/ckfw/builtins/nssckbi.h. Apply this before 95_add_spi+cacert_ca_certs.patch since it keeps this patch clean and underscores that SPI and CACERT are not part of upstream Roots. - CVE-2013-0743 * debian/libnss3.symbols: updated for *_3.12.10 through *_3.14.1