Change logs for nss source package in Oneiric

  • nss (3.14.3-0ubuntu0.11.10.1) oneiric-security; urgency=low
    
      * SECURITY UPDATE: New upstream release to fix TLS timing side-channel
        attacks
        - CVE-2013-1620
      * Remaining changes:
        - 98_ckbi-1.93.patch: Dropped (included upstream)
        - 01_dont_build_nspr.patch
        - 38_kbsd.patch: refresh/update
        - 80_security_build.patch
        - 85_security_load.patch
        - 97_SSL_RENEGOTIATE_TRANSITIONAL.patch
      * debian/libnss3.symbols: add NSS_3.14.3 symbols
     -- Jamie Strandboge <email address hidden>   Wed, 13 Mar 2013 13:12:05 -0500
  • nss (3.14.1-0ckbi1.93ubuntu.0.11.10.1) oneiric-security; urgency=low
    
      * New upstream release. Dropped the following patches:
        - debian/patches/25_entropy.patch (was bz51429 obsoleted by fix for
          bz174993)
        - debian/patches/38_mips64_build.patch (we don't build on mips)
        - debian/patches/90_realpath.patch (included upstream)
          upstream)
        - debian/patches/diginotar.patch (included upstream)
        - debian/patches/CVE-2012-0441.patch (included upstream)
      * debian/patches/01_dont_build_nspr.patch: refresh
      * debian/patches/38_kbsd.patch: refresh/update based on Debian
      * debian/patches/80_security_build.patch: refresh
      * debian/patches/85_security_load.patch: refresh/update based on Debian
      * debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch: refresh/update based
        on Debian
      * SECURITY UPDATE: distrust improperly issued TURKTRUST intermediate CAs
        - debian/patches/94_ckbi-1.9.patch: update to CKBI 1.93 by using
          mozilla/security/nss/lib/ckfw/builtins/certdata.txt from upstream and
          updating mozilla/security/nss/lib/ckfw/builtins/nssckbi.h. Apply this
          before 95_add_spi+cacert_ca_certs.patch since it keeps this patch clean
          and underscores that SPI and CACERT are not part of upstream Roots.
        - CVE-2013-0743
      * debian/libnss3.symbols: updated for *_3.12.10 through *_3.14.1
     -- Jamie Strandboge <email address hidden>   Fri, 11 Jan 2013 12:30:30 -0600
  • nss (3.12.9+ckbi-1.82-0ubuntu6.1) oneiric-security; urgency=low
    
      * SECURITY UPDATE: denial of service in QuickDER decoder
        - debian/patches/CVE-2012-0441.patch: properly handle zero-length basic
          constraints and zero-length fields in
          nss/mozilla/security/nss/lib/softoken/legacydb/keydb.c,
          nss/mozilla/security/nss/lib/softoken/legacydb/lgcreate.c,
          nss/mozilla/security/nss/lib/softoken/legacydb/lowkey.c,
          nss/mozilla/security/nss/lib/softoken/legacydb/lowkeyti.h,
          nss/mozilla/security/nss/lib/util/quickder.c.
        - CVE-2012-0441
      * debian/rules: added a better workaround to get package built on more
        recent kernels.
     -- Marc Deslauriers <email address hidden>   Mon, 30 Jul 2012 13:59:34 -0400
  • nss (3.12.9+ckbi-1.82-0ubuntu6) oneiric; urgency=low
    
      * No-change rebuild to force a version bump, forcing upgrades,
        and restoring the deleted library that ca-certificates ate.
     -- Adam Conrad <email address hidden>   Wed, 21 Sep 2011 14:42:05 -0600
  • nss (3.12.9+ckbi-1.82-0ubuntu5) oneiric; urgency=low
    
      * SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
        3.12.9 to remove the DigiNotar certificates and actively distrust them;
        Thanks to Mike Hommey from Debian for the original patch (LP: #837557)
        - mozilla/security/nss/lib/ckfw/builtins/certdata.*:
          Explicitely distrust various DigiNotar CAs:
          - DigiNotar Root CA
          - DigiNotar Services 1024 CA
          - DigiNotar Cyber CA
          - DigiNotar Cyber CA 2nd
          - DigiNotar PKIoverheid
          - DigiNotar PKIoverheid G2
        - mozilla/security/nss/lib/ckfw/builtins/certdata.*:
          Remove DigiNotar Root CA.
      * Add a symlink from Linux2.6.mk to Linux3.0.mk; This is a temporary hack to
        let NSS build on a 3.0.x kernel
        - update debian/rules
     -- Micah Gersten <email address hidden>   Fri, 09 Sep 2011 11:57:13 -0500
  • nss (3.12.9+ckbi-1.82-0ubuntu4) oneiric; urgency=low
    
      * nss-config, nss.pc: Fix multiarch libdir location. LP: #778726.
     -- Matthias Klose <email address hidden>   Tue, 17 May 2011 16:33:57 +0200
  • nss (3.12.9+ckbi-1.82-0ubuntu3) oneiric; urgency=low
    
      * Build for multiarch.
     -- Steve Langasek <email address hidden>   Fri, 22 Apr 2011 11:00:14 -0700
  • nss (3.12.9+ckbi-1.82-0ubuntu2) natty; urgency=low
    
      * add explicit conflict to sunbird for systems that have this
        package leftover from karmic days (LP: #760713)
     -- Michael Vogt <email address hidden>   Wed, 20 Apr 2011 13:45:50 +0200