-
nss (3.12.9+ckbi-1.82-0ubuntu0.8.04.1) hardy-security; urgency=low
* New upstream release v3.12.9 with updated ckbi module
(NSS_3_12_9_WITH_CKBI_1_82_RTM)
- SECURITY UPDATE: Update "builtin certificates" module (ckbi) to
explicitly mark the recently issued and revoked fraudulent certificates
as explicitly not trusted; NSS will report SEC_ERROR_UNTRUSTED_CERT when
attempting to verify one of these fraudulent certificates (LP: #741729)
* Add new symbols
- update debian/libnss3-1d.symbols
-- Micah Gersten <email address hidden> Mon, 28 Mar 2011 03:30:20 -0500
-
nss (3.12.8-0ubuntu0.8.04.1) hardy-security; urgency=low
* New upstream release v3.12.8 (NSS_3_12_8_RTM)
- Fix browser wildcard certificate validation issue
- Update root certs
- Fix SSL deadlocks
* Refresh patches:
- update debian/patches/81_sonames.patch
- update debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch
* Bump minimum nspr version to 4.8.6
- update debian/control
* Add new API to symbols file
- update debian/libnss3-1d.symbols
-- Chris Coulson <email address hidden> Mon, 04 Oct 2010 23:45:29 +0100
-
nss (3.12.6-0ubuntu0.8.04.1) hardy-security; urgency=low
* New upstream release 3.12.6 RTM (NSS_3_12_6_RTM)
- fixes CVE-2009-3555 aka US-CERT VU#120541
* Adjust patches to changed upstream code base
- update debian/patches/38_mips64_build.patch
- update debian/patches/81_sonames.patch
- update debian/patches/85_security_load.patch
* Remove patches that are merged upstream
- delete debian/patches/91_nonexec_stack.patch
- update debian/patches/series
* Bump nspr dependency to 4.8
- update debian/control
* Add new symbols for 3.12.6
- update debian/libnss3-1d.symbols
* Enable transitional scheme for SSL renegotiation
- add 97_SSL_RENEGOTIATE_TRANSITIONAL.patch
- update debian/patches/series
* Generate missing checksum for libnssdbm3.so to make FIPS mode
work properly
- update debian/rules
-- Chris Coulson <email address hidden> Tue, 18 May 2010 14:50:36 +0100
-
nss (3.12.3.1-0ubuntu0.8.04.2) hardy-security; urgency=low
* Add 91_nonexec_stack.patch: fix regression in stack memory
protectons caused by unmarked assembly (LP: #409864).
-- Kees Cook <email address hidden> Mon, 24 Aug 2009 15:03:19 -0700
-
nss (3.12.3.1-0ubuntu0.8.04.1) hardy-security; urgency=low
* new upstream release 3.12.3.1 RTM (NSS_3_12_3_1_RTM) (LP: #407549)
- see USN-810-1
* requires nspr >= 4.7.4
- update debian/control
* drop (ubuntu-)useless kbsd patch
- delete debian/patches/38_kbsd.patch
* drop obsolete patches fixed upstream
- delete debian/patches/80_security_tools.patch
- delete debian/patches/bz471715_attachment_357235-backport.patch
* adjust patches to new upstream codebase
- update debian/patches/38_mips64_build.patch
- update debian/patches/81_sonames.patch
* LP: #388350 - nss 3.12.3-0ubuntu2 ftbfs in karmic - shlibsign crashes; we add
debian/libnss3-1d/usr/lib/nss to LD_LIBRARY_PATH for the shlibsign invocation
used to sign libs in debian/rules
- update debian/rules
* update .symbols files for new upstream api
- update debian/libnss3-1d.symbols
* bump shlibs version to >= 3.12.3
- update debian/rules
-- Alexander Sack <email address hidden> Sat, 01 Aug 2009 16:57:40 +0200
-
nss (3.12.0.3-0ubuntu0.8.04.5) hardy-security; urgency=low
* from CVE-2004-2761: blacklist rogue PoC md5 collision certificate. Note:
this only blacklists the PoC cert referred to by CVE-2004-2761 and does
not fix the CVE ifself; see: https://bugzilla.mozilla.org/show_bug.cgi?id=471715
- add debian/patches/bz471715_attachment_357235-backport.patch
- update debian/patches/series
-- Alexander Sack <email address hidden> Mon, 09 Mar 2009 16:03:35 +0100
-
nss (3.12.0.3-0ubuntu0.8.04.4) hardy-proposed; urgency=low
* RELEASE 3.12.0.3-0ubuntu0.8.04.4 to ubuntu/hardy-proposed
* follow up for LP: #245122 - drop Conflicts: on libnss3 from libnss3-1d
package in order to allow non-dist upgrade for hardy-proposed
- update debian/control
nss (3.12.0.3-0ubuntu0.8.04.3) hardy-proposed; urgency=low
( from 3.12.0.3-0ubuntu4 in ubuntu/intrepid)
* fix LP: #245122 - add Replaces/Conflicts on libnss3 packages
- update debian/control
* fix LP: #215062 - update Replaces/Conflicts for libnss3-1d on gutsy
version of libnss3-0d (<< 3.12.0~)
nss (3.12.0.3-0ubuntu0.8.04.2) hardy-proposed; urgency=low
( from 3.12.0.3-0ubuntu1 to ubuntu/intrepid )
* new upstream release 3.12.0.3 fixes certID issue; downloaded from
http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_RTM/src/nss-3.12.tar.gz
(LP: #242379)
( from 3.12.0.3-0ubuntu2 to ubuntu/intrepid)
* move non-versioned .so-links from libnss3-dev package to unbreak
binary compatibility to native extensions built against upstream
xulrunner; in turn we add versioned Conflicts: Replaces: on libnss3-dev
for the libnss3-1d package to provide a smooth upgrade path. (LP: #244439)
- add debian/libnss3-1d.links
- update debian/libnss3-dev.links
- update debian/control
( from 3.12.0.3-0ubuntu3 in ubuntu/intrepid)
* fix LP: #245122 - add Replaces/Conflicts on libnss3 ( << 3) packages
- update debian/control
-- Alexander Sack <email address hidden> Mon, 04 Aug 2008 10:09:54 +0200
-
nss (3.12.0.3-0ubuntu0.8.04.3) hardy-proposed; urgency=low
( from 3.12.0.3-0ubuntu4 in ubuntu/intrepid)
* fix LP: #245122 - add Replaces/Conflicts on libnss3 packages
- update debian/control
* fix LP: #215062 - update Replaces/Conflicts for libnss3-1d on gutsy
version of libnss3-0d (<< 3.12.0~)
nss (3.12.0.3-0ubuntu0.8.04.2) hardy-proposed; urgency=low
( from 3.12.0.3-0ubuntu1 to ubuntu/intrepid )
* new upstream release 3.12.0.3 fixes certID issue; downloaded from
http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_RTM/src/nss-3.12.tar.gz
(LP: #242379)
( from 3.12.0.3-0ubuntu2 to ubuntu/intrepid)
* move non-versioned .so-links from libnss3-dev package to unbreak
binary compatibility to native extensions built against upstream
xulrunner; in turn we add versioned Conflicts: Replaces: on libnss3-dev
for the libnss3-1d package to provide a smooth upgrade path. (LP: #244439)
- add debian/libnss3-1d.links
- update debian/libnss3-dev.links
- update debian/control
( from 3.12.0.3-0ubuntu3 in ubuntu/intrepid)
* fix LP: #245122 - add Replaces/Conflicts on libnss3 ( << 3) packages
- update debian/control
-- Alexander Sack <email address hidden> Tue, 15 Jul 2008 15:46:47 +0200
-
nss (3.12.0.3-0ubuntu0.8.04.2) hardy-proposed; urgency=low
( from 3.12.0.3-0ubuntu1 to ubuntu/intrepid )
* new upstream release 3.12.0.3 fixes certID issue; downloaded from
http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_RTM/src/nss-3.12.tar.gz
(LP: #242379)
( from 3.12.0.3-0ubuntu2 to ubuntu/intrepid)
* move non-versioned .so-links from libnss3-dev package to unbreak
binary compatibility to native extensions built against upstream
xulrunner; in turn we add versioned Conflicts: Replaces: on libnss3-dev
for the libnss3-1d package to provide a smooth upgrade path. (LP: #244439)
- add debian/libnss3-1d.links
- update debian/libnss3-dev.links
- update debian/control
( from 3.12.0.3-0ubuntu3 in ubuntu/intrepid)
* fix LP: #245122 - add Replaces/Conflicts on libnss3 ( << 3) packages
- update debian/control
-- Alexander Sack <email address hidden> Thu, 10 Jul 2008 10:42:46 +0200
-
nss (3.12.0.3-0ubuntu0.8.04.1) hardy-proposed; urgency=low
( from 3.12.0.3-0ubuntu1 to ubuntu/intrepid )
* new upstream release 3.12.0.3 fixes certID issue; downloaded from
http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_RTM/src/nss-3.12.tar.gz
(LP: #242379)
( from 3.12.0.3-0ubuntu2 to ubuntu/intrepid)
* move non-versioned .so-links from libnss3-dev package to unbreak
binary compatibility to native extensions built against upstream
xulrunner; in turn we add versioned Conflicts: Replaces: on libnss3-dev
for the libnss3-1d package to provide a smooth upgrade path. (LP: #244439)
- add debian/libnss3-1d.links
- update debian/libnss3-dev.links
- update debian/control
-- Alexander Sack <email address hidden> Tue, 01 Jul 2008 13:26:24 +0200
-
nss (3.12.0.2+1.9-0ubuntu0.8.04.1) hardy-proposed; urgency=low
[ Fabien Tassin ]
* new upstream version, picked from FIREFOX_3_0rc1_RELEASE cvs tag
(LP: #233922)
-- Alexander Sack <email address hidden> Fri, 23 May 2008 09:34:32 +0200
-
nss (3.12.0~beta3-0ubuntu1) hardy; urgency=low
* new upstream version, picked from NSS_3_12_BETA3 cvs tag
* update symbols file:
- add CERT_NewTempCertificate@NSS_3.12
- add NSS_InitWithMerge@NSS_3.12
- add PK11_CreateMergeLog@NSS_3.12
- add PK11_DestroyMergeLog@NSS_3.12
- add PK11_IsRemovable@NSS_3.12
- add PK11_MergeTokens@NSS_3.12
- add CERT_GetUsePKIXForValidation@NSS_3.12
- add CERT_SetUsePKIXForValidation@NSS_3.12
- add CERT_GetClassicOCSPDisabledPolicy@NSS_3.12
- add CERT_GetClassicOCSPEnabledHardFailurePolicy@NSS_3.12
- CERT_GetClassicOCSPEnabledSoftFailurePolicy@NSS_3.12
- update debian/libnss3-1d.symbols
* bump shlibs requirement to >= 3.12.0~beta3
- update debian/rules
-- Fabien Tassin <email address hidden> Fri, 04 Apr 2008 16:14:45 +0200
-
nss (3.12.0~1.9b4-0ubuntu1) hardy; urgency=low
* new upstream version, picked from FIREFOX_3_0b4_RELEASE cvs tag.
* update symbols file
- update debian/libnss3-1d.symbols
* bump shlibs requirement to >= 3.12.0~1.9b4
-- Alexander Sack <email address hidden> Tue, 11 Mar 2008 01:52:02 +0100
-
nss (3.12.0~1.9b3-0ubuntu1) hardy; urgency=low
* New upstream snapshot, picked from FIREFOX_3_0b3_RELEASE cvs tag.
* install libnssutil3.so.1d, update symbols file accordingly,
add nssutil to pkgconfig file and config script
- update debian/libnss3-dev.links
- update debian/nss.pc.in
- update debian/nss-config.in
* fix UPSTREAM_VERSION to drop ~cvs as it is used by nss-config
which is causing troubles in xulrunner's configure
- update debian/rules
* add support for mozilla-devscripts
- update debian/rules
* update symbols file for new symbols:
+ CERT_SetOCSPTimeout@NSS_3.12
+ NSS_3.11.9@NSS_3.11.9
+ PK11_CreateGenericObject@NSS_3.12
+ PK11_UnconfigurePKCS11@NSS_3.11.9
+ PK11_WriteRawAttribute@NSS_3.12
+ CERT_GetValidDNSPatternsFromCert@NSS_3.12
+ PK11_CreatePBEV2AlgorithmID@NSS_3.12
+ PK11_GetPBECryptoMechanism@NSS_3.12
+ SEC_PKCS5IsAlgorithmPBEAlgTag@NSS_3.12
~ SEC_StringToOID@NSS_3.12 (moved from libnss3 to libnssutils3)
- update debian/libnss3-1d.symbols
- update debian/rules
* Bump shlibs requirement to >= 3.12.0~1.9b3
- update debian/rules
* Bump Standards-Version to 3.7.3 and add Homepage field where needed
- update debian/control
-- Fabien Tassin <email address hidden> Fri, 08 Feb 2008 20:13:42 +0100
-
nss (3.12.0~1.9b2+nobinonly-0ubuntu1) hardy; urgency=low
* New upstream snapshot, picked from FIREFOX_3_0b2_RELEASE cvs tag.
* ubuntify maintainer field
- update debian/control
-- Alexander Sack <email address hidden> Sun, 16 Dec 2007 11:06:03 +0100
-
nss (3.11.7-1) unstable; urgency=low
* New upstream release, picked from NSS_3_11_7_RTM cvs tag.
* debian/patches/38_kbsd.dpatch: Also add support for the Hurd.
Closes: #419529.
* debian/rules:
+ Don't fail on clean with unpatched ruleset. Closes: #421542.
+ Bumped shlibs because of new symbols.
* debian/patches/81_sonames.dpatch: Adapted to upstream changes.
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 23 Oct 2007 17:59:44 +0100
-
nss (3.11.5-3) unstable; urgency=low
* Upload to unstable.
nss (3.11.5-2) experimental; urgency=low
* debian/rules:
+ Cleaner way to set the NSPR location.
+ Install libcrmf.a files in libnss3-dev.
+ binary-indep now does nothing.
* debian/control: Make libnss3-dev an Arch: any package.
* debian/nss.pc.in:
+ Remove libsoftokn3 from ld libraries.
+ Improvement in directories setting.
* debian/libnss3-dev.dirs: Create /usr/bin.
* debian/nss-config.in, debian/rules: Install a nss-config script into
libnss3-dev.
nss (3.11.5-1) experimental; urgency=low
* Initial release. (Closes: #416151)
-- Alexander Sack <email address hidden> Wed, 02 May 2007 19:44:29 +0100
