Revert "nss_latest: 3.76.1 -> 3.77"

This reverts commit eb9c616c79596c9ff43ec9e7ced46c4739a16047.

Breaks the Firefox build and needs further investigation.

In file included from Unified_cpp_certverifier0.cpp:47:
/build/firefox-99.0/security/certverifier/OCSPVerificationTrustDomain.cpp:63:11: error: unknown type name 'SignedDigest'
    const SignedDigest& aSignedDigest, Input aSubjectPublicKeyInfo) {
          ^
/build/firefox-99.0/security/certverifier/OCSPVerificationTrustDomain.cpp:74:11: error: unknown type name 'SignedDigest'
    const SignedDigest& aSignedDigest, Input aSubjectPublicKeyInfo) {
          ^

https://github.com/NixOS/nixpkgs/pull/164511#issuecomment-1089496003

3 files changed, 3 insertions, 83 deletions

diff --git a/pkgs/development/libraries/nss/85_security_load_3.77+.patch b/pkgs/development/libraries/nss/85_security_load_3.77+.patch
deleted file mode 100644
index bae86c9d26ade..0000000000000
--- a/pkgs/development/libraries/nss/85_security_load_3.77+.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-diff --git nss/cmd/shlibsign/shlibsign.c nss/cmd/shlibsign/shlibsign.c
-index ad8f3b84e..74676d039 100644
---- nss/cmd/shlibsign/shlibsign.c
-+++ nss/cmd/shlibsign/shlibsign.c
-@@ -875,6 +875,8 @@ main(int argc, char **argv)
-         goto cleanup;
-     }
-     lib = PR_LoadLibrary(libname);
-+    if (!lib)
-+        lib = PR_LoadLibrary(NIX_NSS_LIBDIR"libsoftokn3.so");
-     assert(lib != NULL);
-     if (!lib) {
-         PR_fprintf(PR_STDERR, "loading softokn3 failed");
-diff --git nss/lib/pk11wrap/pk11load.c nss/lib/pk11wrap/pk11load.c
-index 119c8c512..720d39ccc 100644
---- nss/lib/pk11wrap/pk11load.c
-+++ nss/lib/pk11wrap/pk11load.c
-@@ -486,6 +486,15 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule)
- #else
-         library = PR_LoadLibrary(mod->dllName);
- #endif // defined(_WIN32)
-+#ifndef NSS_STATIC_SOFTOKEN
-+        if ((library == NULL) &&
-+            !rindex(mod->dllName, PR_GetDirectorySeparator())) {
-+            library = PORT_LoadLibraryFromOrigin(my_shlib_name,
-+                (PRFuncPtr) &softoken_LoadDSO,
-+                mod->dllName);
-+        }
-+#endif
-+
-         mod->library = (void *)library;
- 
-         if (library == NULL) {
-diff --git nss/lib/util/secload.c nss/lib/util/secload.c
-index 12efd2f75..8b74478f6 100644
---- nss/lib/util/secload.c
-+++ nss/lib/util/secload.c
-@@ -70,9 +70,14 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
- 
-     /* Remove the trailing filename from referencePath and add the new one */
-     c = strrchr(referencePath, PR_GetDirectorySeparator());
-+    if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0]
-+               * and program was called from $PATH. Hack to get libs from NIX_NSS_LIBDIR */
-+        referencePath = NIX_NSS_LIBDIR;
-+        c = (char*) &referencePath[sizeof(NIX_NSS_LIBDIR) - 1]; /* last / */
-+    }
-     if (c) {
-         size_t referencePathSize = 1 + c - referencePath;
--        fullName = (char*)PORT_Alloc(strlen(name) + referencePathSize + 1);
-+        fullName = (char*) PORT_Alloc(strlen(name) + referencePathSize + 5);
-         if (fullName) {
-             memcpy(fullName, referencePath, referencePathSize);
-             strcpy(fullName + referencePathSize, name);
-@@ -82,6 +87,11 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
- #endif
-             libSpec.type = PR_LibSpec_Pathname;
-             libSpec.value.pathname = fullName;
-+            if ((referencePathSize >= 4) &&
-+                (strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) {
-+                memcpy(fullName + referencePathSize -4, "lib", 3);
-+            }
-+            strcpy(fullName + referencePathSize, name);
-             dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL
- #ifdef PR_LD_ALT_SEARCH_PATH
-                                                        /* allow library's dependencies to be found in the same directory
-@@ -89,6 +99,10 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
-                                                        | PR_LD_ALT_SEARCH_PATH
- #endif
-                                           );
-+            if (! dlh) {
-+                strcpy(fullName + referencePathSize, name);
-+                dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
-+            }
-             PORT_Free(fullName);
-         }
-     }
diff --git a/pkgs/development/libraries/nss/generic.nix b/pkgs/development/libraries/nss/generic.nix
index 39683503a5be5..3d109b9679053 100644
--- a/pkgs/development/libraries/nss/generic.nix
+++ b/pkgs/development/libraries/nss/generic.nix
@@ -62,13 +62,9 @@ stdenv.mkDerivation rec {
 
   patches = [
     # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch
+    ./85_security_load.patch
     ./ckpem.patch
     ./fix-cross-compilation.patch
-    (if (lib.versionOlder version "3.77") then
-      ./85_security_load.patch
-    else
-      ./85_security_load_3.77+.patch
-    )
   ];
 
   patchFlags = [ "-p0" ];
diff --git a/pkgs/development/libraries/nss/latest.nix b/pkgs/development/libraries/nss/latest.nix
index 7d57e6d3680f4..db8d0179add5f 100644
--- a/pkgs/development/libraries/nss/latest.nix
+++ b/pkgs/development/libraries/nss/latest.nix
@@ -5,6 +5,6 @@
 #       Example: nix-shell ./maintainers/scripts/update.nix --argstr package cacert
 
 import ./generic.nix {
-  version = "3.77";
-  sha256 = "1pfy33b51914sivqyaxdwfd930hzb77gm07z4f57hnyk5xddypl2";
+  version = "3.76.1";
+  sha256 = "0ai37ncg50n4s5243bfvsip8isqq1y6w2swg1n4xgqg2fk1h8cg1";
 }