diff --git a/download b/download
index 581554820ba621bb73ce8c12d3c83a3956c59380..e3714e6815b69645cecd40da9df0501ac6d04ac3 100644
--- a/download
+++ b/download
@@ -1 +1 @@
-e9bb98ad40e088d0707c732fd2748bed  nss-3.101.tar.gz
+64a1ec06f5ebd0e2dd74ed1fe36e38d0  nss-3.112.tar.gz
diff --git a/nss-3.101-enable-kyber-policy.patch b/nss-3.101-enable-kyber-policy.patch
new file mode 100644
index 0000000000000000000000000000000000000000..89fce1c944e97bce082886fa121e9eb3998bd173
--- /dev/null
+++ b/nss-3.101-enable-kyber-policy.patch
@@ -0,0 +1,13 @@
+diff -up ./lib/pk11wrap/pk11pars.c.enable_kyber_policy ./lib/pk11wrap/pk11pars.c
+--- ./lib/pk11wrap/pk11pars.c.enable_kyber_policy	2024-06-12 14:44:24.680338868 -0700
++++ ./lib/pk11wrap/pk11pars.c	2024-06-12 14:44:48.368609356 -0700
+@@ -245,7 +245,8 @@ static const oidValDef curveOptList[] =
+       NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+     { CIPHER_NAME("CURVE25519"), SEC_OID_CURVE25519,
+       NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+-    { CIPHER_NAME("XYBER768D00"), SEC_OID_XYBER768D00, 0 },
++    { CIPHER_NAME("XYBER768D00"), SEC_OID_XYBER768D00, 
++      NSS_USE_ALG_IN_SSL_KX },
+     { CIPHER_NAME("MLKEM768X25519"), SEC_OID_MLKEM768X25519, 0 },
+     /* ANSI X9.62 named elliptic curves (characteristic two field) */
+     { CIPHER_NAME("C2PNB163V1"), SEC_OID_ANSIX962_EC_C2PNB163V1,
diff --git a/nss-3.103-unused-cipherwrap2.patch b/nss-3.103-unused-cipherwrap2.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2c77239a079cf878ac648022ccc75baf535a08ea
--- /dev/null
+++ b/nss-3.103-unused-cipherwrap2.patch
@@ -0,0 +1,17 @@
+--- ./lib/softoken/pkcs11c.c.unused	2024-08-05 17:56:10.705414972 +0200
++++ ./lib/softoken/pkcs11c.c	2024-08-05 18:09:04.681015706 +0200
+@@ -165,10 +165,14 @@ SFTKCipherWrap(AESKeyWrapContext, AESKey
+         mmm##_DestroyContext(ctx, freeit);                                   \
+     }
+ 
++#ifndef NSS_DISABLE_DEPRECATED_RC2
+ SFTKCipherWrap2(RC2Context, RC2);
++#endif
+ SFTKCipherWrap2(RC4Context, RC4);
+ SFTKCipherWrap2(DESContext, DES);
++#ifndef NSS_DISABLE_DEPRECATED_SEED
+ SFTKCipherWrap2(SEEDContext, SEED);
++#endif
+ SFTKCipherWrap2(CamelliaContext, Camellia);
+ SFTKCipherWrap2(AESContext, AES);
+ SFTKCipherWrap2(AESKeyWrapContext, AESKeyWrap);
diff --git a/nss-3.110-dissable_test-ssl_policy_pkix_oscp.patch b/nss-3.110-dissable_test-ssl_policy_pkix_oscp.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a14d0d345483630872a738b3d81a66bcc93f4843
--- /dev/null
+++ b/nss-3.110-dissable_test-ssl_policy_pkix_oscp.patch
@@ -0,0 +1,12 @@
+diff -up nss/tests/ssl/ssl.sh.ignore_test nss/tests/ssl/ssl.sh
+--- nss/tests/ssl/ssl.sh.ignore_test	2025-04-22 10:30:10.569990667 +0200
++++ nss/tests/ssl/ssl.sh	2025-04-22 10:30:34.773327320 +0200
+@@ -1600,7 +1600,7 @@ ssl_run_tests()
+             if using_sql ; then
+                 ssl_policy_listsuites
+                 ssl_policy_selfserv
+-                ssl_policy_pkix_ocsp
++#               ssl_policy_pkix_ocsp
+                 ssl_policy
+             fi
+             ;;
diff --git a/nss.spec b/nss.spec
index bc3c0ed4e3186f0c4e07cd56f072f2aa13e7c0da..f5e54f6c01fc88ae4241c40e93170a04601a97c9 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,9 +1,9 @@
-%define anolis_release 3
-%global nspr_version 4.35
-%global nss_version 3.101
+%define anolis_release 1
+%global nspr_version 4.36
+%global nss_version 3.112
 %global baserelease 1
 %global nss_release %baserelease
-%global crypto_policies_version 20210118
+%global crypto_policies_version 20230614
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 %global saved_files_dir %{_libdir}/nss/saved
 %global dracutlibdir %{_prefix}/lib/dracut
@@ -83,7 +83,15 @@ BuildRequires:    %{name}-softokn sqlite-devel zlib-devel nspr-devel >= %{nss_ve
 Patch4: iquote.patch
 Patch12: %{name}-signtool-format.patch
 Patch40: %{name}-no-dbm-man-page.patch
-Patch41: %{name}-3.101-sw.patch
+# sw patch Unavailable , update later
+#Patch41: %{name}-3.101-sw.patch
+# allow crypto policies to enable kyber
+Patch41: nss-3.101-enable-kyber-policy.patch
+# fix unused variable warnings
+Patch42: nss-3.103-unused-cipherwrap2.patch
+# disable test
+Patch43: nss-3.110-dissable_test-ssl_policy_pkix_oscp.patch
+
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -753,6 +761,11 @@ update-crypto-policies &> /dev/null || :
 %doc %{name}/readme.md %{name}/trademarks.txt %{name}/help.txt %{name}/doc/README
 
 %changelog
+* Mon Sep 16 2025 mgb01105731 <mgb01105731@alibaba-inc.com> - 3.112-1
+- Update to 3.112 for new firefox
+- Remove patch as sw patch Unavailable
+- Add patch to fix build err
+
 * Wed Jun 04 2025 mgb01105731 <mgb01105731@alibaba-inc.com> - 3.101-3
 - Provide tar package using download file