-
nss (2:3.15.3.1-0ubuntu0.13.04.1) raring-security; urgency=low
* SECURITY UPDATE: New upstream release (LP: #1263135)
- Distrusts AC DG Tresor SSL CA
-- Marc Deslauriers <email address hidden> Fri, 20 Dec 2013 10:39:43 -0500
-
nss (2:3.15.3-0ubuntu0.13.04.1) raring-security; urgency=low
* SECURITY UPDATE: New upstream release to fix multiple security issues
and add TLSv1.2 support.
- CVE-2013-1739
- CVE-2013-1741
- CVE-2013-5605
- CVE-2013-5606
* Adjusted packaging for 3.15.3:
- debian/patches/*: refreshed.
- debian/patches/lower-dhe-priority.patch: removed, no longer needed,
was a workaround for an old version of firefox.
- debian/libnss3.symbols: added new symbols.
- debian/rules: updated for new source layout.
-- Marc Deslauriers <email address hidden> Thu, 14 Nov 2013 14:22:44 -0500
-
nss (2:3.14.3-0ubuntu1) raring-proposed; urgency=low
* New upstream release with merged changes from Debian unstable for
2:3.14.2-1. Remaining changes:
- control: Change Vcs-* to XS-Debian-Vcs-*.
- rules: Include libnssb.a and libnssckfw.a in the -dev package.
* debian/libnss3.symbols: add NSS_3.14.3 symbols
nss (2:3.14.2-1) unstable; urgency=low
* New upstream release.
* debian/control: Bump sqlite3 build dependency.
* debian/rules: Avoid installing freebl, softokn, nssckbi and nssdbm in two
places.
* debian/libnss3-1d.lintian-overrides.in: Stop preprocessing, it has nothing
to preprocess anymore.
* debian/libnss3.lintian-overrides.in: Fix not to contain a reference to the
libnss3-1d package.
-- Jamie Strandboge <email address hidden> Wed, 13 Mar 2013 13:37:33 -0500
-
nss (2:3.14.1.with.ckbi.1.93-1ubuntu1) raring-proposed; urgency=low
* Merge from Debian unstable. Remaining changes:
- control: Change Vcs-* to XS-Debian-Vcs-*.
- rules: Include libnssb.a and libnssckfw.a in the -dev package.
nss (2:3.14.1.with.ckbi.1.93-1) unstable; urgency=low
* New upstream release.
- Explicitly distrust two intermediate CA certificates mis-issued by
TURKTRUST.
* debian/patches/95_add_spi+cacert_ca_certs.patch: Refreshed.
nss (2:3.14.1-1) unstable; urgency=low
* New upstream release.
* debian/patches: Removed patches applied upstream, and refreshed
the others.
* debian/libnss3.symbols: Updated for new symbols.
nss (2:3.14-2) unstable; urgency=low
* debian/nss-config.in: Fix nss-config when version is in the x.y form
instead of x.y.z.
-- Jamie Strandboge <email address hidden> Mon, 14 Jan 2013 15:35:48 -0600
-
nss (2:3.14-1ubuntu1) raring; urgency=low
* Merge from Debian unstable. Remaining changes:
- control: Change Vcs-* to XS-Debian-Vcs-*.
- rules: Include libnssb.a and libnssckfw.a in the -dev package.
nss (2:3.14-1) unstable; urgency=low
* New upstream release.
* debian/patches: Removed patches applied upstream, and refreshed
the others.
* debian/libnss3.symbols: Updated for new symbols.
nss (2:3.13.6-1) unstable; urgency=low
* New upstream release.
* debian/rules: Use xz compression for binary packages.
Thanks Ansgar Burchardt. Closes: #683835.
nss (2:3.13.5-1) unstable; urgency=low
* New upstream release.
nss (2:3.13.4-3) unstable; urgency=low
* debian/rules: Skip epoch when getting upstream version number.
nss (2:3.13.4-2) unstable; urgency=low
* debian/control, debian/libnss3*, debian/rules,
mozilla/security/coreconf/*, mozilla/security/nss/lib/*/manifest.mn:
Move to unversioned library. ABI compatibility is ensured upstream, and
the SO version, if it needed a change at any time, would be a change in
the library name. There is no reason to keep making compatibility more
difficult with other distros and upstream binary releases. While previous
versions were one-way compatible (binaries built against other distros or
upstream nspr could work on Debian), this approach works both ways.
* debian/control:
- Bump Standards-Version to 3.9.3.0. No changes required.
- Force to build against libnspr4-dev >= 2:4.9
* Removed unapplied patches.
* Adding an epoch to match the old libnss3 package that used to be in
the Debian archive.
nss (3.13.4-1) unstable; urgency=low
* New upstream release.
- Changed __GNUC_MINOR__ use in pkcs11n.h. Closes: #650319.
* mozilla/security/nss/cmd/certcgi/certcgi.c,
mozilla/security/nss/cmd/digest/digest.c,
mozilla/security/nss/cmd/signver/pk7print.c: Import patch from Moritz
Muehlenhoff for hardened format strings.
* debian/make.mk, debian/rules, debian/control: Enable hardening.
Closes: #657325.
* debian/libnss3-1d.lintian-overrides.in, debian/rules: Use wildcards in
lintian override. Closes: #670013.
* debian/compat, debian/control: Bump debian/compat to 9. This has the
effect of using build-id for debug files, thus Closes: #670015.
* debian/libnss3-1d.symbols: Add symbols for /usr/lib/nss/ libraries.
nss (3.13.3-1) unstable; urgency=low
* New upstream release.
* debian/libnss3-1d.symbols: Updated to fit new upstream.
nss (3.13.2~beta1-3) experimental; urgency=low
* debian/libnss3-1d.symbols: Fix symbol version for the symbol added in
-2.
nss (3.13.2~beta1-2) experimental; urgency=low
* mozilla/security/nss/lib/ssl/*,
mozilla/security/nss/cmd/tstclnt/tstclnt.c,
mozilla/security/nss/tests/ssl/ssl.sh: Apply patches from bz#542832,
required for Iceweasel 11.
* debian/libnss3-1d.symbols: Add corresponding symbol.
nss (3.13.2~beta1-1) experimental; urgency=low
* New upstream snapshot, picked from NSS_3_13_2_BETA1 cvs tag.
* debian/libnss3-1d.symbols: Add NSS 3.13.2 symbols.
-- Timo Aaltonen <email address hidden> Tue, 27 Nov 2012 18:19:23 +0200
-
nss (3.13.1.with.ckbi.1.88-1ubuntu7) quantal-proposed; urgency=low
* SECURITY UPDATE: denial of service in QuickDER decoder
- debian/patches/CVE-2012-0441.patch: properly handle zero-length basic
constraints and zero-length fields in
nss/mozilla/security/nss/lib/softoken/legacydb/keydb.c,
nss/mozilla/security/nss/lib/softoken/legacydb/lgcreate.c,
nss/mozilla/security/nss/lib/softoken/legacydb/lowkey.c,
nss/mozilla/security/nss/lib/softoken/legacydb/lowkeyti.h,
nss/mozilla/security/nss/lib/util/quickder.c.
- CVE-2012-0441
-- Marc Deslauriers <email address hidden> Thu, 16 Aug 2012 10:57:28 -0400
