Created by Ubuntu Package Importer on 2012-08-16 and last modified on 2013-03-13
Get this branch:
bzr branch lp:ubuntu/oneiric-security/nss
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

35. By Jamie Strandboge on 2013-03-13

* SECURITY UPDATE: New upstream release to fix TLS timing side-channel
  - CVE-2013-1620
* Remaining changes:
  - 98_ckbi-1.93.patch: Dropped (included upstream)
  - 01_dont_build_nspr.patch
  - 38_kbsd.patch: refresh/update
  - 80_security_build.patch
  - 85_security_load.patch
* debian/libnss3.symbols: add NSS_3.14.3 symbols

34. By Jamie Strandboge on 2013-01-11

* New upstream release. Dropped the following patches:
  - debian/patches/25_entropy.patch (was bz51429 obsoleted by fix for
  - debian/patches/38_mips64_build.patch (we don't build on mips)
  - debian/patches/90_realpath.patch (included upstream)
  - debian/patches/diginotar.patch (included upstream)
  - debian/patches/CVE-2012-0441.patch (included upstream)
* debian/patches/01_dont_build_nspr.patch: refresh
* debian/patches/38_kbsd.patch: refresh/update based on Debian
* debian/patches/80_security_build.patch: refresh
* debian/patches/85_security_load.patch: refresh/update based on Debian
* debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch: refresh/update based
  on Debian
* SECURITY UPDATE: distrust improperly issued TURKTRUST intermediate CAs
  - debian/patches/94_ckbi-1.9.patch: update to CKBI 1.93 by using
    mozilla/security/nss/lib/ckfw/builtins/certdata.txt from upstream and
    updating mozilla/security/nss/lib/ckfw/builtins/nssckbi.h. Apply this
    before 95_add_spi+cacert_ca_certs.patch since it keeps this patch clean
    and underscores that SPI and CACERT are not part of upstream Roots.
  - CVE-2013-0743
* debian/libnss3.symbols: updated for *_3.12.10 through *_3.14.1

33. By Marc Deslauriers on 2012-07-30

* SECURITY UPDATE: denial of service in QuickDER decoder
  - debian/patches/CVE-2012-0441.patch: properly handle zero-length basic
    constraints and zero-length fields in
  - CVE-2012-0441
* debian/rules: added a better workaround to get package built on more
  recent kernels.

32. By Adam Conrad on 2011-09-21

No-change rebuild to force a version bump, forcing upgrades,
and restoring the deleted library that ca-certificates ate.

31. By Micah Gersten on 2011-09-09

* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
  3.12.9 to remove the DigiNotar certificates and actively distrust them;
  Thanks to Mike Hommey from Debian for the original patch (LP: #837557)
  - mozilla/security/nss/lib/ckfw/builtins/certdata.*:
    Explicitely distrust various DigiNotar CAs:
    - DigiNotar Root CA
    - DigiNotar Services 1024 CA
    - DigiNotar Cyber CA
    - DigiNotar Cyber CA 2nd
    - DigiNotar PKIoverheid
    - DigiNotar PKIoverheid G2
  - mozilla/security/nss/lib/ckfw/builtins/certdata.*:
    Remove DigiNotar Root CA.
* Add a symlink from Linux2.6.mk to Linux3.0.mk; This is a temporary hack to
  let NSS build on a 3.0.x kernel
  - update debian/rules

30. By Matthias Klose on 2011-05-17

nss-config, nss.pc: Fix multiarch libdir location. LP: #778726.

29. By Steve Langasek on 2011-05-06

Multiarch support

28. By Michael Vogt on 2011-04-20

add explicit conflict to sunbird for systems that have this
package leftover from karmic days (LP: #760713)

27. By Chris Coulson on 2011-03-24

New upstream release v3.12.9 with updated ckbi module
(NSS_3_12_9_WITH_CKBI_1_82_RTM )

26. By Chris Coulson on 2011-01-11

* New upstream release v3.12.9beta2 (NSS_3_12_9_BETA2)
* Drop the link shuffeling now, as all upgraders to this version will be
  using a fixed package anyway
  - remove debian/libnss3-1d.postinst
  - remove debian/libnss3-1d.postrm
  - remove debian/libnss3-1d.preinst
  - remove debian/libnss3-1d.prerm
* Ship the main SO files in an unversioned binary, as we don't have
  versioned SO's in Ubuntu. Maintain a transitional versioned binary
  package containing the versioned symlinks, to maintain compatibility with
  - update debian/control
  - mass rename debian/libnss3-1d* => debian/libnss3*
  - update debian/rules
* Fix postinst-must-call-ldconfig - dh_makeshlibs doesn't seem to add
  the maintainer script hooks with the unversioned SO files, so add them
  - add debian/libnss3.postinst
  - add debian/libnss3.postrm
* Drop libnss3-0d now
  - remove debian/libnss3-0d.dirs
  - remove debian/libnss3-0d.links
  - update debian/control
* Bump libnspr4-dev build-dependency to 4.8.7
  - update debian/control
* Update symbols
  - update debian/libnss3.symbols

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.