Change logs for nss source package in Wily

  • nss (2:3.23-0ubuntu0.15.10.1) wily-security; urgency=medium
    
      * Updated to upstream 3.23 to fix a security issue and get a new CA
        certificate bundle.
      * SECURITY UPDATE: multiple memory safety issues
        - CVE-2016-2834
      * debian/control: bump libnspr4-dev Build-Depends to 2:4.12.
      * debian/libnss3.symbols: updated for new version.
      * debian/patches/CVE-2016-1950.patch: dropped, upstream.
      * debian/patches/ftbfs_ppc64el.patch: dropped, no longer needed.
      * debian/patches/relax_dh_size.patch: removed, now require a minimum DH
        size of 1023 bits.
      * debian/patches/*.patch: refreshed for new version.
    
     -- Marc Deslauriers <email address hidden>  Thu, 07 Jul 2016 13:14:23 -0400
  • nss (2:3.21-0ubuntu0.15.10.2) wily-security; urgency=medium
    
      * SECURITY UPDATE: buffer overflow during ASN.1 decoding
        - debian/patches/CVE-2016-1950.patch: check lengths in
          nss/lib/util/secasn1d.c.
        - CVE-2016-1950
    
     -- Marc Deslauriers <email address hidden>  Wed, 09 Mar 2016 07:37:48 -0500
  • nss (2:3.21-0ubuntu0.15.10.1) wily-security; urgency=medium
    
      * Updated to upstream 3.21 to fix a security issue and get a new CA
        certificate bundle.
      * SECURITY UPDATE: improper division in mp_div and mp_exptmod
        - CVE-2016-1938
      * debian/libnss3.symbols: updated for new version.
      * debian/patches/95_add_spi+cacert_ca_certs.patch: dropped, no longer
        want the SPI cert
      * debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch: dropped, no
        longer needed
      * debian/patches/99_reproducible: dropped, no longer needed
      * debian/patches/CVE-2015-7575.patch: dropped, upstream
      * debian/patches/ftbfs_ppc64el.patch: don't enable -Werror on ppc64el,
        there are too many uninitialized variable false positives.
    
     -- Marc Deslauriers <email address hidden>  Thu, 04 Feb 2016 09:38:27 -0500
  • nss (2:3.19.2.1-0ubuntu0.15.10.2) wily-security; urgency=medium
    
      * SECURITY UPDATE: incorrect MD5 support with TLS 1.2
        - debian/patches/CVE-2015-7575.patch: remove MD5 in
          nss/lib/ssl/ssl3con.c.
        - CVE-2015-7575
    
     -- Marc Deslauriers <email address hidden>  Thu, 07 Jan 2016 13:21:10 -0500
  • nss (2:3.19.2.1-0ubuntu0.15.10.1) wily-security; urgency=medium
    
      * Updated to upstream 3.19.2.1 to fix two security issues.
      * SECURITY UPDATE: use-after-poison in sec_asn1d_parse_leaf
        - CVE-2015-7181
      * SECURITY UPDATE: ASN.1 decoder heap overflow
        - CVE-2015-7182
    
     -- Marc Deslauriers <email address hidden>  Wed, 04 Nov 2015 10:33:01 -0600
  • nss (2:3.19.2-1ubuntu1) wily; urgency=medium
    
      * Merge from Debian unstable. Remaining changes:
        - debian/rules:
          + Add x32 support.
          + Also ship blapi.h and alghmac.h in libnss3-dev.
        - debian/control, debian/libnss3-nssdb.*, debian/libnss3.symbols,
          debian/pkcs11.txt, debian/rules:
          + Add back support for shared cert and key databases.
      * debian/patches/relax_dh_size.patch: relax minimum DH size to 768 bits
        for compatibility reasons. This patch will get reverted in the future
        once servers have upgraded to longer DH sizes.
      * debian/control: remove cross Build Profile from Build-Depends, as it
        doesn't seem to be supported by launchpad yet.
    
    nss (2:3.19.2-1) unstable; urgency=medium
    
      * New upstream release.
      * debian/rules: Force set OS_TEST to DEB_HOST_GNU_CPU to avoid it defaulting
        to `uname -m`. Thanks Helmut Grohne. Closes: #788452
    
    nss (2:3.19.1-2) unstable; urgency=medium
    
      * debian/control: Fix Vcs-Git url.
      * nss/cmd/shlibsign/manifest.mn: Fix missing LIBRARY_VERSION.
      * nss/cmd/shlibsign/shlibsign.c: Fix shlibsign on arm64.
    
    nss (2:3.19.1-1) unstable; urgency=medium
    
      * New upstream release.
      * debian/libnss3.symbols:
        - Add NSS_3.19.1 symbol versions.
        - Reorder and replace *@ with (symver).
      * debian/rules:
        - Pass multi-arch dir for NSPR_LIB_DIR. Closes: #722811.
        - Set umask when calling shlibsign, and rearrange how it's being called.
        - Build nsinstall separately and set things up for cross-compilations.
        - Use native shlibsign when cross-compiling.
        - Do not run FIPS check on cross-builds.
      * debian/control: Build depend on native libnss3-tools for cross builds.
        Closes: #682926.
      * debian/libnss3-tools.manpages, debian/rules: Install the manpages that
        are now provided upstream. Closes: #505382.
      * debian/control: Update Vcs-* urls.
      * debian/control: Bump Standards-Version to 3.9.6.0. No changes required.
      * nss/lib/ckfw/builtins/binst.c, nss/lib/ckfw/builtins/ckbiver.c,
        nss/lib/ckfw/builtins/manifest.mn, nss/lib/ckfw/capi/ckcapiver.c,
        nss/lib/ckfw/capi/manifest.mn, nss/lib/ckfw/nssmkey/ckmkver.c,
        nss/lib/ckfw/nssmkey/manifest.mn, nss/lib/freebl/freeblver.c,
        nss/lib/freebl/ldvector.c, nss/lib/freebl/manifest.mn,
        nss/lib/nss/manifest.mn, nss/lib/nss/nssinit.c, nss/lib/nss/nssver.c,
        nss/lib/smime/manifest.mn, nss/lib/smime/smimeutil.c,
        nss/lib/smime/smimever.c, nss/lib/softoken/legacydb/lginit.c,
        nss/lib/softoken/manifest.mn, nss/lib/softoken/pkcs11.c,
        nss/lib/softoken/softkver.c, nss/lib/ssl/manifest.mn,
        nss/lib/ssl/sslcon.c, nss/lib/ssl/sslver.c, nss/lib/util/secoid.c: Remove
        __DATE__ and __TIME__ references.
      * nss/cmd/shlibsign/Makefile, nss/cmd/shlibsign/manifest.mn,
        nss/cmd/shlibsign/shlibsign.c: Fix shlibsign to properly load the sotfoken
        module.
      * debian/rules: Remove debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss from
        LD_LIBRARY_PATH when executing shlibsign, which can be done now with the
        fix above.
    
     -- Marc Deslauriers <email address hidden>  Wed, 08 Jul 2015 09:29:03 -0400
  • nss (2:3.19-1ubuntu1) wily; urgency=medium
    
      * Merge from Debian unstable. Remaining changes:
        - debian/rules:
          + Add x32 support.
          + Also ship blapi.h and alghmac.h in libnss3-dev.
        - debian/control, debian/libnss3-nssdb.*, debian/libnss3.symbols,
          debian/pkcs11.txt, debian/rules:
          + Add back support for shared cert and key databases.
    
    nss (2:3.19-1) unstable; urgency=medium
    
      * New upstream release.
      * debian/libnss3.symbols: Add NSS_3.19 symbol versions.
    
    nss (2:3.18-1) experimental; urgency=medium
    
      * New upstream release. Closes: #782874.
      * debian/libnss3.symbols: Add NSS_3.18 symbol versions.
    
    nss (2:3.17.4-1) experimental; urgency=medium
    
      * New upstream release.
      * Acknowledge NMU.
    
     -- Marc Deslauriers <email address hidden>  Thu, 21 May 2015 09:51:47 -0400
  • nss (2:3.17.4-0ubuntu1) vivid; urgency=medium
    
      * SECURITY UPDATE: update to upstream 3.17.4 to get new CA certificate
        bundle, and to fix incorrect SHA-1 behaviour. (LP: #1423031)
      * Removed unneeded patches:
        - debian/patches/98_CVE-2014-1569.patch: included upstream.
     -- Marc Deslauriers <email address hidden>   Thu, 19 Feb 2015 07:32:50 -0500