lp:ubuntu/hardy-security/nss

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #741729: Blacklist fraudulent UTN-USERFirst-Hardware certificates

Undecided

New

Link a bug report

Related blueprints

17. By Micah Gersten on 2011-03-28

* New upstream release v3.12.9 with updated ckbi module
  (NSS_3_12_9_WITH_CKBI_1_82_RTM)
  - SECURITY UPDATE: Update "builtin certificates" module (ckbi) to
    explicitly mark the recently issued and revoked fraudulent certificates
    as explicitly not trusted; NSS will report SEC_ERROR_UNTRUSTED_CERT when
    attempting to verify one of these fraudulent certificates (LP: #741729)
* Add new symbols
  - update debian/libnss3-1d.symbols

16. By Chris Coulson on 2010-10-04

* New upstream release v3.12.8 (NSS_3_12_8_RTM)
  - Fix browser wildcard certificate validation issue
  - Update root certs
  - Fix SSL deadlocks
* Refresh patches:
  - update debian/patches/81_sonames.patch
  - update debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch
* Bump minimum nspr version to 4.8.6
  - update debian/control
* Add new API to symbols file
  - update debian/libnss3-1d.symbols

15. By Chris Coulson on 2010-05-18

* New upstream release 3.12.6 RTM (NSS_3_12_6_RTM)
  - fixes CVE-2009-3555 aka US-CERT VU#120541
* Adjust patches to changed upstream code base
  - update debian/patches/38_mips64_build.patch
  - update debian/patches/81_sonames.patch
  - update debian/patches/85_security_load.patch
* Remove patches that are merged upstream
  - delete debian/patches/91_nonexec_stack.patch
  - update debian/patches/series
* Bump nspr dependency to 4.8
  - update debian/control
* Add new symbols for 3.12.6
  - update debian/libnss3-1d.symbols
* Enable transitional scheme for SSL renegotiation
  - add 97_SSL_RENEGOTIATE_TRANSITIONAL.patch
  - update debian/patches/series
* Generate missing checksum for libnssdbm3.so to make FIPS mode
  work properly
  - update debian/rules

14. By Kees Cook on 2009-08-24

Add 91_nonexec_stack.patch: fix regression in stack memory
protectons caused by unmarked assembly (LP: #409864).

13. By Alexander Sack on 2009-08-01

* new upstream release 3.12.3.1 RTM (NSS_3_12_3_1_RTM) (LP: #407549)
  - see USN-810-1
* requires nspr >= 4.7.4
  - update debian/control
* drop (ubuntu-)useless kbsd patch
  - delete debian/patches/38_kbsd.patch
* drop obsolete patches fixed upstream
  - delete debian/patches/80_security_tools.patch
  - delete debian/patches/bz471715_attachment_357235-backport.patch
* adjust patches to new upstream codebase
  - update debian/patches/38_mips64_build.patch
  - update debian/patches/81_sonames.patch
* LP: #388350 - nss 3.12.3-0ubuntu2 ftbfs in karmic - shlibsign crashes; we add
  debian/libnss3-1d/usr/lib/nss to LD_LIBRARY_PATH for the shlibsign invocation
  used to sign libs in debian/rules
  - update debian/rules
* update .symbols files for new upstream api
  - update debian/libnss3-1d.symbols
* bump shlibs version to >= 3.12.3
  - update debian/rules

12. By Alexander Sack on 2008-08-04

* RELEASE 3.12.0.3-0ubuntu0.8.04.4 to ubuntu/hardy-proposed
* follow up for LP: #245122 - drop Conflicts: on libnss3 from libnss3-1d
  package in order to allow non-dist upgrade for hardy-proposed
  - update debian/control

11. By Alexander Sack on 2008-07-15

( from 3.12.0.3-0ubuntu4 in ubuntu/intrepid)
* fix LP: #245122 - add Replaces/Conflicts on libnss3 packages
  - update debian/control
* fix LP: #215062 - update Replaces/Conflicts for libnss3-1d on gutsy
  version of libnss3-0d (<< 3.12.0~)

10. By Alexander Sack on 2008-07-10

( from 3.12.0.3-0ubuntu1 to ubuntu/intrepid )
* new upstream release 3.12.0.3 fixes certID issue; downloaded from
  http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_RTM/src/nss-3.12.tar.gz
  (LP: #242379)

( from 3.12.0.3-0ubuntu2 to ubuntu/intrepid)
* move non-versioned .so-links from libnss3-dev package to unbreak
  binary compatibility to native extensions built against upstream
  xulrunner; in turn we add versioned Conflicts: Replaces: on libnss3-dev
  for the libnss3-1d package to provide a smooth upgrade path. (LP: #244439)
  - add debian/libnss3-1d.links
  - update debian/libnss3-dev.links
  - update debian/control

( from 3.12.0.3-0ubuntu3 in ubuntu/intrepid)
* fix LP: #245122 - add Replaces/Conflicts on libnss3 ( << 3) packages
  - update debian/control

9. By Alexander Sack on 2008-07-01

( from 3.12.0.3-0ubuntu1 to ubuntu/intrepid )
* new upstream release 3.12.0.3 fixes certID issue; downloaded from
  http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_RTM/src/nss-3.12.tar.gz
  (LP: #242379)

( from 3.12.0.3-0ubuntu2 to ubuntu/intrepid)
* move non-versioned .so-links from libnss3-dev package to unbreak
  binary compatibility to native extensions built against upstream
  xulrunner; in turn we add versioned Conflicts: Replaces: on libnss3-dev
  for the libnss3-1d package to provide a smooth upgrade path. (LP: #244439)
  - add debian/libnss3-1d.links
  - update debian/libnss3-dev.links
  - update debian/control

8. By Alexander Sack on 2008-05-23

[ Fabien Tassin ]
new upstream version, picked from FIREFOX_3_0rc1_RELEASE cvs tag
(LP: #233922)