Change logs for nss source package in Bionic

  • nss (2:3.35-2ubuntu2.2) bionic-security; urgency=medium
    
      * SECURITY UPDATE: DoS in NULL pointer dereference in CMS functions
        - debian/patches/CVE-2018-18508-1.patch: add null checks in
          nss/lib/smime/cmscinfo.c, nss/lib/smime/cmsdigdata.c,
          nss/lib/smime/cmsencdata.c, nss/lib/smime/cmsenvdata.c,
          nss/lib/smime/cmsmessage.c, nss/lib/smime/cmsudf.c.
        - debian/patches/CVE-2018-18508-2.patch: add null checks in
          nss/lib/smime/cmsmessage.c.
        - CVE-2018-18508
    
     -- Marc Deslauriers <email address hidden>  Tue, 19 Feb 2019 13:38:25 +0100
  • nss (2:3.35-2ubuntu2.1) bionic-security; urgency=medium
    
      * SECURITY UPDATE: side-channel attack on ECDSA signatures
        - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in
          nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c.
        - CVE-2018-0495
      * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello
        - debian/patches/CVE-2018-12384-1.patch: fix random logic in
          nss/lib/ssl/ssl3con.c.
        - debian/patches/CVE-2018-12384-2.patch: add tests to
          nss/gtests/ssl_gtest/ssl_loopback_unittest.cc,
          nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
        - CVE-2018-12384
      * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack
        - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange
          handling in nss/lib/ssl/ssl3con.c.
        - debian/patches/CVE-2018-12404-2.patch: improve padding checks in
          RSA_DecryptBlock in nss/gtests/freebl_gtest/rsa_unittest.cc,
          nss/lib/freebl/rsapkcs.c.
        - debian/patches/CVE-2018-12404-3.patch: add constant time
          mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc,
          nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h.
        - CVE-2018-12404
    
     -- Marc Deslauriers <email address hidden>  Wed, 12 Dec 2018 14:51:11 -0500
  • nss (2:3.35-2ubuntu2) bionic; urgency=medium
    
      * d/p/lp1746947-revert-switch-default-to-sql.patch: the switch of the
        default is still causing too much issues in consumers of nss.
        So until resolved revert the switched default (LP: #1746947)
    
    nss (2:3.35-2ubuntu1) bionic; urgency=medium
    
      * Merge with Debian unstable. Remaining changes:
        - When building with -O3, build with -Wno-error=maybe-uninitialized.
      * Added Changes:
        - d/libnss3.links: make freebl3 available as library (LP: #1744328)
          + d/control: add dh-exec to Build-Depends
          + d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
    
    nss (2:3.35-2) unstable; urgency=medium
    
      * nss/lib/freebl/Makefile: Build Hacl_Poly1305_64.o on arm64.
    
    nss (2:3.35-1) unstable; urgency=medium
    
      * New upstream release.
    
    nss (2:3.34.1-1) unstable; urgency=medium
    
      * New upstream release.
    
     -- Christian Ehrhardt <email address hidden>  Mon, 05 Feb 2018 11:36:07 +0100
  • nss (2:3.35-2ubuntu1) bionic; urgency=medium
    
      * Merge with Debian unstable. Remaining changes:
        - When building with -O3, build with -Wno-error=maybe-uninitialized.
      * Added Changes:
        - d/libnss3.links: make freebl3 available as library (LP: #1744328)
          + d/control: add dh-exec to Build-Depends
          + d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
    
     -- Christian Ehrhardt <email address hidden>  Tue, 30 Jan 2018 14:04:20 +0100
  • nss (2:3.34-1ubuntu1) bionic; urgency=medium
    
      * Merge with Debian; remaining changes:
        - When building with -O3, build with -Wno-error=maybe-uninitialized.
    
    nss (2:3.34-1) unstable; urgency=medium
    
      * New upstream release:
        - Really build without -maes on i386. Closes: #875694.
      * debian/libnss3.symbols: Add NSS_3_34 symbol version.
    
    nss (2:3.33-1) unstable; urgency=medium
    
      * New upstream release.
      * debian/libnss3.symbols: Add NSS_3_33 and NSSUTIL_3.33 symbol versions.
    
    nss (2:3.32-2) unstable; urgency=medium
    
      * nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc: Fix possibly uninitialized
        value 'curve'. bz#1389263. Closes: #871691.
      * lib/freebl/Makefile: Only build gcm.c and rijndael.c with -maes.
        Closes: #871700.
    
     -- Marc Deslauriers <email address hidden>  Thu, 14 Dec 2017 09:18:47 -0500
  • nss (2:3.34-1) unstable; urgency=medium
    
      * New upstream release:
        - Really build without -maes on i386. Closes: #875694.
      * debian/libnss3.symbols: Add NSS_3_34 symbol version.
    
     -- Mike Hommey <email address hidden>  Sat, 18 Nov 2017 14:58:01 +0900
  • nss (2:3.32-1ubuntu3) artful; urgency=medium
    
      * SECURITY UPDATE: Use-after-free in TLS 1.2 generating handshake hashes
        - debian/patches/CVE-2017-7805.patch: Simplify handling of
          CertificateVerify in nss/lib/ssl/ssl3con.c, nss/lib/ssl/ssl3prot.h.
        - CVE-2017-7805
    
     -- Marc Deslauriers <email address hidden>  Fri, 29 Sep 2017 12:17:39 -0400