Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/natty-security/nss
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

30. By Marc Deslauriers

* SECURITY UPDATE: denial of service in QuickDER decoder
  - debian/patches/CVE-2012-0441.patch: properly handle zero-length basic
    constraints and zero-length fields in
  - CVE-2012-0441
* debian/rules: added a workaround to get package built on more recent

29. By Micah Gersten

* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
  3.12.9 to remove the DigiNotar certificates and actively distrust them;
  Thanks to Mike Hommey from Debian for the original patch (LP: #837557)
  - mozilla/security/nss/lib/ckfw/builtins/certdata.*:
    Explicitely distrust various DigiNotar CAs:
    - DigiNotar Root CA
    - DigiNotar Services 1024 CA
    - DigiNotar Cyber CA
    - DigiNotar Cyber CA 2nd
    - DigiNotar PKIoverheid
    - DigiNotar PKIoverheid G2
  - mozilla/security/nss/lib/ckfw/builtins/certdata.*:
    Remove DigiNotar Root CA.

28. By Michael Vogt

add explicit conflict to sunbird for systems that have this
package leftover from karmic days (LP: #760713)

27. By Chris Coulson

New upstream release v3.12.9 with updated ckbi module
(NSS_3_12_9_WITH_CKBI_1_82_RTM )

26. By Chris Coulson

* New upstream release v3.12.9beta2 (NSS_3_12_9_BETA2)
* Drop the link shuffeling now, as all upgraders to this version will be
  using a fixed package anyway
  - remove debian/libnss3-1d.postinst
  - remove debian/libnss3-1d.postrm
  - remove debian/libnss3-1d.preinst
  - remove debian/libnss3-1d.prerm
* Ship the main SO files in an unversioned binary, as we don't have
  versioned SO's in Ubuntu. Maintain a transitional versioned binary
  package containing the versioned symlinks, to maintain compatibility with
  - update debian/control
  - mass rename debian/libnss3-1d* => debian/libnss3*
  - update debian/rules
* Fix postinst-must-call-ldconfig - dh_makeshlibs doesn't seem to add
  the maintainer script hooks with the unversioned SO files, so add them
  - add debian/libnss3.postinst
  - add debian/libnss3.postrm
* Drop libnss3-0d now
  - remove debian/libnss3-0d.dirs
  - remove debian/libnss3-0d.links
  - update debian/control
* Bump libnspr4-dev build-dependency to 4.8.7
  - update debian/control
* Update symbols
  - update debian/libnss3.symbols

25. By Chris Coulson

* New upstream release v3.12.8 (NSS_3_12_8_RTM)
  - Fix browser wildcard certificate validation issue
  - Update root certs
  - Fix SSL deadlocks
* Refresh patches:
  - update debian/patches/38_kbsd.patch
  - update debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch

24. By Chris Coulson

* New upstream release v3.12.7 (NSS_3_12_7_RTM)
* Fix some lintian warnings
  - update debian/rules
  - update debian/control
  - udpate debian/copyright
  - update debian/libnss3-1d.postinst
  - update debian/libnss3-1d.postrm
  - update debian/libnss3-1d.preinst
  - update debian/libnss3-1d.prerm
* Bump minimum nspr version to 4.8.6
  - update debian/control
* Add new API to symbols file
  - update debian/libnss3-1d.symbols

23. By Chris Coulson

* Generate missing checksum for libnssdbm3.so to make FIPS mode
  work again (LP: #559881)
  - update debian/rules

22. By Chris Coulson

* Enable transitional scheme for SSL renegotiation (LP: #553251)
  - update debian/patches/series

21. By Chris Coulson

* New upstream release 3.12.6 RTM (NSS_3_12_6_RTM)
  - fixes CVE-2009-3555 aka US-CERT VU#120541
* Adjust patches to changed upstream code base
  - update debian/patches/38_kbsd.patch
  - update debian/patches/38_mips64_build.patch
  - update debian/patches/85_security_load.patch
* Remove patches that are merged upstream
  - delete debian/patches/91_nonexec_stack.patch
  - update debian/patches/series
* Bump nspr dependency to 4.8
  - update debian/control
* Add new symbols for 3.12.6
  - update debian/libnss3-1d.symbols

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.