lp:ubuntu/natty-security/nss
- Get this branch:
- bzr branch lp:ubuntu/natty-security/nss
Branch merges
Related bugs
Bug #837557: fraudulent DigiNotar certificate issuance | Undecided | Confirmed |
Related blueprints
Branch information
Recent revisions
- 30. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service in QuickDER decoder
- debian/patches/ CVE-2012- 0441.patch: properly handle zero-length basic
constraints and zero-length fields in
nss/mozilla/ security/ nss/lib/ softoken/ legacydb/ keydb.c,
nss/mozilla/ security/ nss/lib/ softoken/ legacydb/ lgcreate. c,
nss/mozilla/ security/ nss/lib/ softoken/ legacydb/ lowkey. c,
nss/mozilla/ security/ nss/lib/ softoken/ legacydb/ lowkeyti. h,
nss/mozilla/ security/ nss/lib/ util/quickder. c.
- CVE-2012-0441
* debian/rules: added a workaround to get package built on more recent
kernels. - 29. By Micah Gersten
-
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
3.12.9 to remove the DigiNotar certificates and actively distrust them;
Thanks to Mike Hommey from Debian for the original patch (LP: #837557)
- mozilla/security/ nss/lib/ ckfw/builtins/ certdata. *:
Explicitely distrust various DigiNotar CAs:
- DigiNotar Root CA
- DigiNotar Services 1024 CA
- DigiNotar Cyber CA
- DigiNotar Cyber CA 2nd
- DigiNotar PKIoverheid
- DigiNotar PKIoverheid G2
- mozilla/security/ nss/lib/ ckfw/builtins/ certdata. *:
Remove DigiNotar Root CA. - 28. By Michael Vogt
-
add explicit conflict to sunbird for systems that have this
package leftover from karmic days (LP: #760713) - 27. By Chris Coulson
-
New upstream release v3.12.9 with updated ckbi module
(NSS_3_12_9_WITH_ CKBI_1_ 82_RTM ) - 26. By Chris Coulson
-
* New upstream release v3.12.9beta2 (NSS_3_12_9_BETA2)
* Drop the link shuffeling now, as all upgraders to this version will be
using a fixed package anyway
- remove debian/libnss3- 1d.postinst
- remove debian/libnss3- 1d.postrm
- remove debian/libnss3- 1d.preinst
- remove debian/libnss3- 1d.prerm
* Ship the main SO files in an unversioned binary, as we don't have
versioned SO's in Ubuntu. Maintain a transitional versioned binary
package containing the versioned symlinks, to maintain compatibility with
Debian
- update debian/control
- mass rename debian/libnss3-1d* => debian/libnss3*
- update debian/rules
* Fix postinst-must-call- ldconfig - dh_makeshlibs doesn't seem to add
the maintainer script hooks with the unversioned SO files, so add them
manually
- add debian/libnss3. postinst
- add debian/libnss3. postrm
* Drop libnss3-0d now
- remove debian/libnss3- 0d.dirs
- remove debian/libnss3- 0d.links
- update debian/control
* Bump libnspr4-dev build-dependency to 4.8.7
- update debian/control
* Update symbols
- update debian/libnss3. symbols - 25. By Chris Coulson
-
* New upstream release v3.12.8 (NSS_3_12_8_RTM)
- Fix browser wildcard certificate validation issue
- Update root certs
- Fix SSL deadlocks
* Refresh patches:
- update debian/patches/ 38_kbsd. patch
- update debian/patches/ 97_SSL_ RENEGOTIATE_ TRANSITIONAL. patch - 24. By Chris Coulson
-
* New upstream release v3.12.7 (NSS_3_12_7_RTM)
* Fix some lintian warnings
- update debian/rules
- update debian/control
- udpate debian/copyright
- update debian/libnss3- 1d.postinst
- update debian/libnss3- 1d.postrm
- update debian/libnss3- 1d.preinst
- update debian/libnss3- 1d.prerm
* Bump minimum nspr version to 4.8.6
- update debian/control
* Add new API to symbols file
- update debian/libnss3- 1d.symbols - 23. By Chris Coulson
-
* Generate missing checksum for libnssdbm3.so to make FIPS mode
work again (LP: #559881)
- update debian/rules - 22. By Chris Coulson
-
* Enable transitional scheme for SSL renegotiation (LP: #553251)
- add 97_SSL_RENEGOTIATE_ TRANSITIONAL. patch
- update debian/patches/ series - 21. By Chris Coulson
-
* New upstream release 3.12.6 RTM (NSS_3_12_6_RTM)
- fixes CVE-2009-3555 aka US-CERT VU#120541
* Adjust patches to changed upstream code base
- update debian/patches/ 38_kbsd. patch
- update debian/patches/ 38_mips64_ build.patch
- update debian/patches/ 85_security_ load.patch
* Remove patches that are merged upstream
- delete debian/patches/ 91_nonexec_ stack.patch
- update debian/patches/ series
* Bump nspr dependency to 4.8
- update debian/control
* Add new symbols for 3.12.6
- update debian/libnss3- 1d.symbols
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/oneiric/nss