lp:ubuntu/oneiric-updates/nss
- Get this branch:
- bzr branch lp:ubuntu/oneiric-updates/nss
Branch merges
Branch information
Recent revisions
- 35. By Jamie Strandboge
-
* SECURITY UPDATE: New upstream release to fix TLS timing side-channel
attacks
- CVE-2013-1620
* Remaining changes:
- 98_ckbi-1.93.patch: Dropped (included upstream)
- 01_dont_build_nspr. patch
- 38_kbsd.patch: refresh/update
- 80_security_build.patch
- 85_security_load.patch
- 97_SSL_RENEGOTIATE_ TRANSITIONAL. patch
* debian/libnss3. symbols: add NSS_3.14.3 symbols - 34. By Jamie Strandboge
-
* New upstream release. Dropped the following patches:
- debian/patches/ 25_entropy. patch (was bz51429 obsoleted by fix for
bz174993)
- debian/patches/ 38_mips64_ build.patch (we don't build on mips)
- debian/patches/ 90_realpath. patch (included upstream)
upstream)
- debian/patches/ diginotar. patch (included upstream)
- debian/patches/ CVE-2012- 0441.patch (included upstream)
* debian/patches/ 01_dont_ build_nspr. patch: refresh
* debian/patches/ 38_kbsd. patch: refresh/update based on Debian
* debian/patches/ 80_security_ build.patch: refresh
* debian/patches/ 85_security_ load.patch: refresh/update based on Debian
* debian/patches/ 97_SSL_ RENEGOTIATE_ TRANSITIONAL. patch: refresh/update based
on Debian
* SECURITY UPDATE: distrust improperly issued TURKTRUST intermediate CAs
- debian/patches/ 94_ckbi- 1.9.patch: update to CKBI 1.93 by using
mozilla/security/ nss/lib/ ckfw/builtins/ certdata. txt from upstream and
updating mozilla/security/ nss/lib/ ckfw/builtins/ nssckbi. h. Apply this
before 95_add_spi+cacert_ ca_certs. patch since it keeps this patch clean
and underscores that SPI and CACERT are not part of upstream Roots.
- CVE-2013-0743
* debian/libnss3. symbols: updated for *_3.12.10 through *_3.14.1 - 33. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service in QuickDER decoder
- debian/patches/ CVE-2012- 0441.patch: properly handle zero-length basic
constraints and zero-length fields in
nss/mozilla/ security/ nss/lib/ softoken/ legacydb/ keydb.c,
nss/mozilla/ security/ nss/lib/ softoken/ legacydb/ lgcreate. c,
nss/mozilla/ security/ nss/lib/ softoken/ legacydb/ lowkey. c,
nss/mozilla/ security/ nss/lib/ softoken/ legacydb/ lowkeyti. h,
nss/mozilla/ security/ nss/lib/ util/quickder. c.
- CVE-2012-0441
* debian/rules: added a better workaround to get package built on more
recent kernels. - 32. By Adam Conrad
-
No-change rebuild to force a version bump, forcing upgrades,
and restoring the deleted library that ca-certificates ate. - 31. By Micah Gersten
-
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
3.12.9 to remove the DigiNotar certificates and actively distrust them;
Thanks to Mike Hommey from Debian for the original patch (LP: #837557)
- mozilla/security/ nss/lib/ ckfw/builtins/ certdata. *:
Explicitely distrust various DigiNotar CAs:
- DigiNotar Root CA
- DigiNotar Services 1024 CA
- DigiNotar Cyber CA
- DigiNotar Cyber CA 2nd
- DigiNotar PKIoverheid
- DigiNotar PKIoverheid G2
- mozilla/security/ nss/lib/ ckfw/builtins/ certdata. *:
Remove DigiNotar Root CA.
* Add a symlink from Linux2.6.mk to Linux3.0.mk; This is a temporary hack to
let NSS build on a 3.0.x kernel
- update debian/rules - 28. By Michael Vogt
-
add explicit conflict to sunbird for systems that have this
package leftover from karmic days (LP: #760713) - 27. By Chris Coulson
-
New upstream release v3.12.9 with updated ckbi module
(NSS_3_12_9_WITH_ CKBI_1_ 82_RTM ) - 26. By Chris Coulson
-
* New upstream release v3.12.9beta2 (NSS_3_12_9_BETA2)
* Drop the link shuffeling now, as all upgraders to this version will be
using a fixed package anyway
- remove debian/libnss3- 1d.postinst
- remove debian/libnss3- 1d.postrm
- remove debian/libnss3- 1d.preinst
- remove debian/libnss3- 1d.prerm
* Ship the main SO files in an unversioned binary, as we don't have
versioned SO's in Ubuntu. Maintain a transitional versioned binary
package containing the versioned symlinks, to maintain compatibility with
Debian
- update debian/control
- mass rename debian/libnss3-1d* => debian/libnss3*
- update debian/rules
* Fix postinst-must-call- ldconfig - dh_makeshlibs doesn't seem to add
the maintainer script hooks with the unversioned SO files, so add them
manually
- add debian/libnss3. postinst
- add debian/libnss3. postrm
* Drop libnss3-0d now
- remove debian/libnss3- 0d.dirs
- remove debian/libnss3- 0d.links
- update debian/control
* Bump libnspr4-dev build-dependency to 4.8.7
- update debian/control
* Update symbols
- update debian/libnss3. symbols
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/quantal/nss