lp:ubuntu/maverick-security/nss
- Get this branch:
- bzr branch lp:ubuntu/maverick-security/nss
Branch merges
Related source package recipes
Related bugs
| Bug #741729: Blacklist fraudulent UTN-USERFirst-Hardware certificates | Undecided | New |
|
| Bug #837557: fraudulent DigiNotar certificate issuance | Undecided | Confirmed |
|
Related blueprints
Branch information
Recent revisions
- 27. By Micah Gersten
-
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
3.12.9 to remove the DigiNotar certificates and actively distrust them;
Thanks to Mike Hommey from Debian for the original patch (LP: #837557)
- mozilla/security/ nss/lib/ ckfw/builtins/ certdata. *:
Explicitely distrust various DigiNotar CAs:
- DigiNotar Root CA
- DigiNotar Services 1024 CA
- DigiNotar Cyber CA
- DigiNotar Cyber CA 2nd
- DigiNotar PKIoverheid
- DigiNotar PKIoverheid G2
- mozilla/security/ nss/lib/ ckfw/builtins/ certdata. *:
Remove DigiNotar Root CA. - 26. By Micah Gersten
-
* New upstream release v3.12.9 with updated ckbi module
(NSS_3_12_9_ WITH_CKBI_ 1_82_RTM)
- SECURITY UPDATE: Update "builtin certificates" module (ckbi) to
explicitly mark the recently issued and revoked fraudulent certificates
as explicitly not trusted; NSS will report SEC_ERROR_UNTRUSTED_ CERT when
attempting to verify one of these fraudulent certificates (LP: #741729)
* Add new symbols
- update debian/libnss3- 1d.symbols - 25. By Chris Coulson
-
* New upstream release v3.12.8 (NSS_3_12_8_RTM)
- Fix browser wildcard certificate validation issue
- Update root certs
- Fix SSL deadlocks
* Refresh patches:
- update debian/patches/ 38_kbsd. patch
- update debian/patches/ 97_SSL_ RENEGOTIATE_ TRANSITIONAL. patch - 24. By Chris Coulson
-
* New upstream release v3.12.7 (NSS_3_12_7_RTM)
* Fix some lintian warnings
- update debian/rules
- update debian/control
- udpate debian/copyright
- update debian/libnss3- 1d.postinst
- update debian/libnss3- 1d.postrm
- update debian/libnss3- 1d.preinst
- update debian/libnss3- 1d.prerm
* Bump minimum nspr version to 4.8.6
- update debian/control
* Add new API to symbols file
- update debian/libnss3- 1d.symbols - 23. By Chris Coulson
-
* Generate missing checksum for libnssdbm3.so to make FIPS mode
work again (LP: #559881)
- update debian/rules - 22. By Chris Coulson
-
* Enable transitional scheme for SSL renegotiation (LP: #553251)
- add 97_SSL_RENEGOTIATE_ TRANSITIONAL. patch
- update debian/patches/ series - 21. By Chris Coulson
-
* New upstream release 3.12.6 RTM (NSS_3_12_6_RTM)
- fixes CVE-2009-3555 aka US-CERT VU#120541
* Adjust patches to changed upstream code base
- update debian/patches/ 38_kbsd. patch
- update debian/patches/ 38_mips64_ build.patch
- update debian/patches/ 85_security_ load.patch
* Remove patches that are merged upstream
- delete debian/patches/ 91_nonexec_ stack.patch
- update debian/patches/ series
* Bump nspr dependency to 4.8
- update debian/control
* Add new symbols for 3.12.6
- update debian/libnss3- 1d.symbols - 20. By Alexander Sack
-
rebuild rest of main for armel armv7/thumb2 optimization;
UbuntuSpec:mobile- lucid-arm- gcc-v7- thumb2 - 19. By Kees Cook
-
Add 91_nonexec_
stack.patch: fix regression in stack memory
protectons caused by unmarked assembly (LP: #409864). - 18. By Alexander Sack
-
* new upstream release 3.12.3.1 RTM (NSS_3_12_3_1_RTM) (LP: #407549)
- see USN-810-1
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/nss
