Ubuntu
nss package

Change logs for nss source package in Groovy

  1. Groovy (20.10)
  2. Change log 
  • nss (2:3.55-1ubuntu3.1) groovy; urgency=medium

  * d/libnss3.links: Chmod +x d/libnss3.links, otherwise dh-exec can't do
    the right job in substituting DEB_HOST_MULTIARCH (LP: #1908818)

 -- Christian Ehrhardt <email address hidden>  Tue, 06 Apr 2021 12:10:12 +0200
  • nss (2:3.55-1ubuntu3) groovy; urgency=medium

  * Fix FTBFS due to erroneous glibc out-of-bounds checking with gcc 10
    (LP: #1897666)
    - debian/patches/fix-ftbfs-glibc-invalid-oob-error.patch: Disable
      non-null error checking on call to getcwd since this results in an
      erroneous warning that causes the build to fail otherwise

 -- Alex Murray <email address hidden>  Tue, 29 Sep 2020 10:39:29 +0930
  • nss (2:3.55-1ubuntu2) groovy; urgency=medium

  * d/rules: set -Wno-nonnull to ignore a false-positve on the nsinstall
    build fixing nss from being FTFBS with gcc-10 + glibc 2.32

 -- Christian Ehrhardt <email address hidden>  Tue, 29 Sep 2020 16:58:32 +0200
  • nss (2:3.55-1ubuntu1) groovy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/libnss3.links: make freebl3 available as library (LP #1744328)
    - d/control: add dh-exec to Build-Depends
    - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
    - Disable reading fips_enabled flag in FIPS mode. libnss is
      not a FIPS certified library. (LP #1837734)
    - Set TLSv1.2 as minimum TLS version. LP #1856428
    - Symlink chk files to fix self-verification in FIPS mode (LP #1885562)
  * Added changes:
    - debian/patches/fix-ftbfs-s390x.patch: fix some uninitialized
      variable warnings and format overflows for s390x.

nss (2:3.55-1) unstable; urgency=medium

  * New upstream release.
  * debian/libnss3.symbols: Add NSS_3_55 symbol version.

 -- Eduardo Barretto <email address hidden>  Mon, 17 Aug 2020 16:57:03 -0300
  • nss (2:3.53.1-1ubuntu1) groovy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/libnss3.links: make freebl3 available as library (LP #1744328)
    - d/control: add dh-exec to Build-Depends
    - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
    - Disable reading fips_enabled flag in FIPS mode. libnss is
      not a FIPS certified library. (LP #1837734)
    - Set TLSv1.2 as minimum TLS version. LP #1856428
    - Symlink chk files to fix self-verification in FIPS mode (LP #1885562)
  * Dropped changes:
    - SECURITY UPDATE: Timing attack during DSA key generation
      + debian/patches/CVE-2020-12399.patch: force a fixed length for DSA
        exponentiation in nss/lib/freebl/dsa.c.
      [ Incorporated by upstream. ]
    - SECURITY UPDATE: Side channel vulnerabilities during RSA key generation
      + debian/patches/CVE-2020-12402.patch: use constant-time GCD and
        modular inversion in nss/lib/freebl/mpi/mpi.c,
        nss/lib/freebl/mpi/mpi.h, nss/lib/freebl/mpi/mplogic.c.
      [ Incorporated by upstream. ]

nss (2:3.53.1-1) unstable; urgency=medium

  * New upstream release.
  * Fixes CVE-2020-12402. Closes: #963152.

nss (2:3.53-1) unstable; urgency=medium

  * New upstream release.
  * Fixes CVE-2020-12399. Closes: #961752.
  * debian/libnss3.symbols: Add NSS_3_53 symbol version.
  * nss/lib/freebl/Makefile, nss/lib/freebl/manifest.mn: Move seed.o back
    into freeblpriv3. bz#1642146.
  * nss/cmd/shlibsign/Makefile: Avoid infinite recursion when CHECKLOC is
    not set. bz#1642153.

nss (2:3.52-1) unstable; urgency=medium

  * New upstream release.
  * debian/libnss3.symbols: Add NSS_3_52 symbol version.

nss (2:3.51-1) unstable; urgency=medium

  * New upstream release.

nss (2:3.50-1) unstable; urgency=medium

  * New upstream release.

 -- Sergio Durigan Junior <email address hidden>  Fri, 17 Jul 2020 10:51:23 -0400
  • nss (2:3.49.1-1ubuntu4) groovy; urgency=medium

  * Symlink chk files to fix self-verification in FIPS mode (LP: #1885562)

 -- Dariusz Gadomski <email address hidden>  Wed, 01 Jul 2020 14:48:13 +0200
  • nss (2:3.49.1-1ubuntu3) groovy; urgency=medium

  * SECURITY UPDATE: Side channel vulnerabilities during RSA key generation
    - debian/patches/CVE-2020-12402.patch: use constant-time GCD and
      modular inversion in nss/lib/freebl/mpi/mpi.c,
      nss/lib/freebl/mpi/mpi.h, nss/lib/freebl/mpi/mplogic.c.
    - CVE-2020-12402

 -- Marc Deslauriers <email address hidden>  Tue, 30 Jun 2020 10:41:20 -0400
  • nss (2:3.49.1-1ubuntu2) groovy; urgency=medium

  * SECURITY UPDATE: Timing attack during DSA key generation
    - debian/patches/CVE-2020-12399.patch: force a fixed length for DSA
      exponentiation in nss/lib/freebl/dsa.c.
    - CVE-2020-12399

 -- Marc Deslauriers <email address hidden>  Wed, 10 Jun 2020 12:54:12 -0400
  • nss (2:3.49.1-1ubuntu1) focal; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/libnss3.links: make freebl3 available as library (LP #1744328)
    - d/control: add dh-exec to Build-Depends
    - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
    - Disable reading fips_enabled flag in FIPS mode. libnss is
      not a FIPS certified library. (LP #1837734)
    - Set TLSv1.2 as minimum TLS version. LP #1856428

nss (2:3.49.1-1) unstable; urgency=medium

  * New upstream release.
  * nss/lib/freebl/Makefile: Revert change from 2:3.48-1.
  * nss/coreconf/config.gypi, nss/lib/freebl/Makefile,
    nss/lib/freebl/aes-armv8.c, nss/lib/freebl/freebl.gyp,
    nss/lib/freebl/gcm-arm32-neon.c, nss/lib/freebl/gcm.c,
    nss/lib/freebl/rijndael.c: Fix freebl arm NEON code use, fixing FTBFS
    on armhf, and enabling runtime detection of NEON on armel. bz#1608327

nss (2:3.49-1) unstable; urgency=medium

  * New upstream release.
  * Fixes CVE-2019-17023.

 -- Lucas Kanashiro <email address hidden>  Wed, 22 Jan 2020 16:24:44 -0300