Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/quantal-updates/nss
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

45. By Marc Deslauriers

* SECURITY UPDATE: incorrect IDNA wildcard handling
  - debian/patches/CVE-2014-1492.patch: conform to RFC 6125 in
  - CVE-2014-1492
* No longer ship cacert.org certificates. (LP: #1258286)
  - removed debian/patches/95_add_spi+cacert_ca_certs.patch
  - added debian/patches/95_add_spi_certs.patch

44. By Marc Deslauriers

* SECURITY UPDATE: MITM attack via TLS False Start
  - CVE-2013-1740
* Adjusted packaging for new upstream release 3.15.4:
  - debian/patches/*: refreshed.
  - debian/libnss3.symbols: added new symbols.

43. By Marc Deslauriers

* SECURITY UPDATE: New upstream release (LP: #1263135)
  - Distrusts AC DG Tresor SSL CA

42. By Marc Deslauriers

* SECURITY UPDATE: New upstream release to fix multiple security issues
  and add TLSv1.2 support.
  - CVE-2013-1739
  - CVE-2013-1741
  - CVE-2013-5605
  - CVE-2013-5606
* Adjusted packaging for 3.15.3:
  - debian/patches/*: refreshed.
  - debian/patches/lower-dhe-priority.patch: removed, no longer needed,
    was a workaround for an old version of firefox.
  - debian/libnss3.symbols: added new symbols.
  - debian/rules: updated for new source layout.

41. By Jamie Strandboge

* SECURITY UPDATE: New upstream release to fix TLS timing side-channel
  - CVE-2013-1620
* Remaining changes:
  - 94_ckbi-1.93.patch: Dropped (included upstream)
  - 38_hurd.patch: refresh
  - 38_kbsd.patch: refresh/update
  - 80_security_tools.patch
  - 85_security_load.patch
  - 95_add_spi+cacert_ca_certs.patch
  - lower-dhe-priority.patch
* debian/libnss3.symbols: add NSS_3.14.3 symbols

40. By Jamie Strandboge

* New upstream release. Dropped the following patches:
  - debian/patches/90_realpath.patch (included upstream)
  - debian/patches/91_build_pwdecrypt.patch (included upstream)
  - debian/patches/96_NSS_VersionCheck.patch (included upstream)
  - debian/patches/98_fix_header_error.patch (included upstream)
  - debian/patches/protect-against-calls-before-nss_init.patch (included
  - debian/patches/CVE-2012-0441.patch (included upstream)
* debian/patches/38_hurd.patch: refresh
* debian/patches/38_kbsd.patch: refresh/update based on Debian
* debian/patches/80_security_tools.patch: refresh
* debian/patches/85_security_load.patch: refresh
* debian/patches/95_add_spi+cacert_ca_certs.patch: updated
* debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch: refresh
* debian/patches/lower-dhe-priority.patch: refresh/update based on Debian
* SECURITY UPDATE: distrust improperly issued TURKTRUST intermediate CAs
  - debian/patches/94_ckbi-1.9.patch: update to CKBI 1.93 by using
    mozilla/security/nss/lib/ckfw/builtins/certdata.txt from upstream and
    updating mozilla/security/nss/lib/ckfw/builtins/nssckbi.h. Apply this
    before 95_add_spi+cacert_ca_certs.patch since it keeps this patch clean
    and underscores that SPI and CACERT are not part of upstream Roots.
  - CVE-2013-0743
* debian/libnss3.symbols: add NSS_3.13.2, NSS_3.14, NSS_3.14.1, and
  NSSUTIL_3.14 symbols

39. By Marc Deslauriers

* SECURITY UPDATE: denial of service in QuickDER decoder
  - debian/patches/CVE-2012-0441.patch: properly handle zero-length basic
    constraints and zero-length fields in
  - CVE-2012-0441

38. By Timo Aaltonen

Add protect-against-calls-before-nss_init.patch (RHBZ #784672).

37. By Timo Aaltonen

Include libnssckfw.a in the -dev package, also needed by

36. By Timo Aaltonen

Include libnssb.a in the -dev package, needed by mod_revocator.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.