nss: fix CVE-2021-43527

nss is vulnerable to a heap overflow when handling DER-encoded
DSA or RSA-PSS signatures.  We update nss packages and nspr to
the latest centos7 versions.

*** Testing ***
To be sure we will work with existing databases, before updating,
create a database.

$ mkdir arf
$ echo "Pword22*" > arf/pass.
$ certutil -N -d arf -f arf/pass
$ certutil -G -d arf -f arf/pass   # put a key pair in the database

Save the arf directory.  Install an iso with the updated nss packages.
Import arf.  Then...

$ certutil -K -d arf -f arf/pass   # display the keyID
$ certutil -G -d arf -f arf/pass   # add a key
$ certutil -K -d arf -f arf/pass   # display both keyID's
***

Closes-bug: 1957929
Change-Id: I960e42d1e361dace4443d6a052fe06206c6675dd
Signed-off-by: Joe Slater <joe.slater@windriver.com>

centos-mirror-tools/config/centos/flock/rpms_centos3rdparties.lst

@@ -43,10 +43,10 @@ libtevent-0.9.39-1.el7.x86_64.rpm
 libwbclient-4.10.16-5.el7.x86_64.rpm
 lvm2-2.02.177-4.el7.x86_64.rpm
 lvm2-libs-2.02.177-4.el7.x86_64.rpm
-# nss-softokn-3.53.1-6.el7_9.x86_64.rpm provided by mock
-nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm
-# nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm provided by mock
-nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm
+# nss-softokn-3.67.0-3.el7_9.x86_64.rpm provided by mock
+nss-softokn-devel-3.67.0-3.el7_9.x86_64.rpm
+# nss-softokn-freebl-3.67.0-3.el7_9.x86_64.rpm provided by mock
+nss-softokn-freebl-devel-3.67.0-3.el7_9.x86_64.rpm
 ntfs-3g-2017.3.23-11.el7.x86_64.rpm
 ntfs-3g-devel-2017.3.23-11.el7.x86_64.rpm
 ntfsprogs-2017.3.23-11.el7.x86_64.rpm