-
nss (2:3.55-1ubuntu3.1) groovy; urgency=medium
* d/libnss3.links: Chmod +x d/libnss3.links, otherwise dh-exec can't do
the right job in substituting DEB_HOST_MULTIARCH (LP: #1908818)
-- Christian Ehrhardt <email address hidden> Tue, 06 Apr 2021 12:10:12 +0200
-
nss (2:3.55-1ubuntu3) groovy; urgency=medium
* Fix FTBFS due to erroneous glibc out-of-bounds checking with gcc 10
(LP: #1897666)
- debian/patches/fix-ftbfs-glibc-invalid-oob-error.patch: Disable
non-null error checking on call to getcwd since this results in an
erroneous warning that causes the build to fail otherwise
-- Alex Murray <email address hidden> Tue, 29 Sep 2020 10:39:29 +0930
-
nss (2:3.55-1ubuntu2) groovy; urgency=medium
* d/rules: set -Wno-nonnull to ignore a false-positve on the nsinstall
build fixing nss from being FTFBS with gcc-10 + glibc 2.32
-- Christian Ehrhardt <email address hidden> Tue, 29 Sep 2020 16:58:32 +0200
-
nss (2:3.55-1ubuntu1) groovy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/libnss3.links: make freebl3 available as library (LP #1744328)
- d/control: add dh-exec to Build-Depends
- d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
- Disable reading fips_enabled flag in FIPS mode. libnss is
not a FIPS certified library. (LP #1837734)
- Set TLSv1.2 as minimum TLS version. LP #1856428
- Symlink chk files to fix self-verification in FIPS mode (LP #1885562)
* Added changes:
- debian/patches/fix-ftbfs-s390x.patch: fix some uninitialized
variable warnings and format overflows for s390x.
nss (2:3.55-1) unstable; urgency=medium
* New upstream release.
* debian/libnss3.symbols: Add NSS_3_55 symbol version.
-- Eduardo Barretto <email address hidden> Mon, 17 Aug 2020 16:57:03 -0300
-
nss (2:3.53.1-1ubuntu1) groovy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/libnss3.links: make freebl3 available as library (LP #1744328)
- d/control: add dh-exec to Build-Depends
- d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
- Disable reading fips_enabled flag in FIPS mode. libnss is
not a FIPS certified library. (LP #1837734)
- Set TLSv1.2 as minimum TLS version. LP #1856428
- Symlink chk files to fix self-verification in FIPS mode (LP #1885562)
* Dropped changes:
- SECURITY UPDATE: Timing attack during DSA key generation
+ debian/patches/CVE-2020-12399.patch: force a fixed length for DSA
exponentiation in nss/lib/freebl/dsa.c.
[ Incorporated by upstream. ]
- SECURITY UPDATE: Side channel vulnerabilities during RSA key generation
+ debian/patches/CVE-2020-12402.patch: use constant-time GCD and
modular inversion in nss/lib/freebl/mpi/mpi.c,
nss/lib/freebl/mpi/mpi.h, nss/lib/freebl/mpi/mplogic.c.
[ Incorporated by upstream. ]
nss (2:3.53.1-1) unstable; urgency=medium
* New upstream release.
* Fixes CVE-2020-12402. Closes: #963152.
nss (2:3.53-1) unstable; urgency=medium
* New upstream release.
* Fixes CVE-2020-12399. Closes: #961752.
* debian/libnss3.symbols: Add NSS_3_53 symbol version.
* nss/lib/freebl/Makefile, nss/lib/freebl/manifest.mn: Move seed.o back
into freeblpriv3. bz#1642146.
* nss/cmd/shlibsign/Makefile: Avoid infinite recursion when CHECKLOC is
not set. bz#1642153.
nss (2:3.52-1) unstable; urgency=medium
* New upstream release.
* debian/libnss3.symbols: Add NSS_3_52 symbol version.
nss (2:3.51-1) unstable; urgency=medium
* New upstream release.
nss (2:3.50-1) unstable; urgency=medium
* New upstream release.
-- Sergio Durigan Junior <email address hidden> Fri, 17 Jul 2020 10:51:23 -0400
-
nss (2:3.49.1-1ubuntu4) groovy; urgency=medium
* Symlink chk files to fix self-verification in FIPS mode (LP: #1885562)
-- Dariusz Gadomski <email address hidden> Wed, 01 Jul 2020 14:48:13 +0200
-
nss (2:3.49.1-1ubuntu3) groovy; urgency=medium
* SECURITY UPDATE: Side channel vulnerabilities during RSA key generation
- debian/patches/CVE-2020-12402.patch: use constant-time GCD and
modular inversion in nss/lib/freebl/mpi/mpi.c,
nss/lib/freebl/mpi/mpi.h, nss/lib/freebl/mpi/mplogic.c.
- CVE-2020-12402
-- Marc Deslauriers <email address hidden> Tue, 30 Jun 2020 10:41:20 -0400
-
nss (2:3.49.1-1ubuntu2) groovy; urgency=medium
* SECURITY UPDATE: Timing attack during DSA key generation
- debian/patches/CVE-2020-12399.patch: force a fixed length for DSA
exponentiation in nss/lib/freebl/dsa.c.
- CVE-2020-12399
-- Marc Deslauriers <email address hidden> Wed, 10 Jun 2020 12:54:12 -0400
-
nss (2:3.49.1-1ubuntu1) focal; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/libnss3.links: make freebl3 available as library (LP #1744328)
- d/control: add dh-exec to Build-Depends
- d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
- Disable reading fips_enabled flag in FIPS mode. libnss is
not a FIPS certified library. (LP #1837734)
- Set TLSv1.2 as minimum TLS version. LP #1856428
nss (2:3.49.1-1) unstable; urgency=medium
* New upstream release.
* nss/lib/freebl/Makefile: Revert change from 2:3.48-1.
* nss/coreconf/config.gypi, nss/lib/freebl/Makefile,
nss/lib/freebl/aes-armv8.c, nss/lib/freebl/freebl.gyp,
nss/lib/freebl/gcm-arm32-neon.c, nss/lib/freebl/gcm.c,
nss/lib/freebl/rijndael.c: Fix freebl arm NEON code use, fixing FTBFS
on armhf, and enabling runtime detection of NEON on armel. bz#1608327
nss (2:3.49-1) unstable; urgency=medium
* New upstream release.
* Fixes CVE-2019-17023.
-- Lucas Kanashiro <email address hidden> Wed, 22 Jan 2020 16:24:44 -0300