nss-3.18.1

[Fernando de Oliveira]

​https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_18_1_RTM/src/nss-3.18.1.tar.gz

​https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_18_1_RTM/src/SHA256SUMS

10d005ca1b143a8b77032a169c595d06cf42d16d54809558ea30f1ffe73fef70

​https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.18.1_release_notes

New in NSS 3.18.1

No new functionality is introduced in this release. This is a patch
release to update the list of root CA certificates.
Notable Changes in NSS 3.18.1

    The following CA certificate had the Websites and Code Signing trust
    bits restored to their original state to allow more time to develop a
    better transition strategy for affected sites. The Websites and Code
    Signing trust bits were turned off in NSS 3.18, but when Firefox 38
    went into Beta there was a huge spike in the number of certificate
    verification errors that were attributed to this change, so we
    reverted the trust bits back to being enabled in order to give
    website administrators more time to update their web servers.
        OU = Equifax Secure Certificate Authority
            SHA1 Fingerprint:
            D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
    The following CA certificate was removed after discussion about it in
    the mozilla.dev.security.policy forum.
        CN = e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
            SHA1 Fingerprint:
            DD:E1:D2:A9:01:80:2E:1D:87:5E:84:B3:80:7E:4B:B1:FD:99:41:34
    The following intermediate CA certificate has been added as actively
    distrusted because it was mis-used to issue certificates for domain
    names the holder did not own or control.
        CN=MCSHOLDING TEST, O=MCSHOLDING, C=EG
            SHA1 Fingerprint:
            E1:F3:59:1E:76:98:65:C4:E4:47:AC:C3:7E:AF:C9:E2:BF:E4:C5:76
    The version number of the updated root CA list has been set to 2.4

[Fernando de Oliveira]

Fixed at r15866.