[ubuntu/groovy-proposed] nss 2:3.53.1-1ubuntu1 (Accepted)

Sergio Durigan Junior sergio.durigan at canonical.com
Tue Jul 21 13:37:20 UTC 2020 

nss (2:3.53.1-1ubuntu1) groovy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/libnss3.links: make freebl3 available as library (LP #1744328)
    - d/control: add dh-exec to Build-Depends
    - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
    - Disable reading fips_enabled flag in FIPS mode. libnss is
      not a FIPS certified library. (LP #1837734)
    - Set TLSv1.2 as minimum TLS version. LP #1856428
    - Symlink chk files to fix self-verification in FIPS mode (LP #1885562)
  * Dropped changes:
    - SECURITY UPDATE: Timing attack during DSA key generation
      + debian/patches/CVE-2020-12399.patch: force a fixed length for DSA
        exponentiation in nss/lib/freebl/dsa.c.
      [ Incorporated by upstream. ]
    - SECURITY UPDATE: Side channel vulnerabilities during RSA key generation
      + debian/patches/CVE-2020-12402.patch: use constant-time GCD and
        modular inversion in nss/lib/freebl/mpi/mpi.c,
        nss/lib/freebl/mpi/mpi.h, nss/lib/freebl/mpi/mplogic.c.
      [ Incorporated by upstream. ]

nss (2:3.53.1-1) unstable; urgency=medium

  * New upstream release.
  * Fixes CVE-2020-12402. Closes: #963152.

nss (2:3.53-1) unstable; urgency=medium

  * New upstream release.
  * Fixes CVE-2020-12399. Closes: #961752.
  * debian/libnss3.symbols: Add NSS_3_53 symbol version.
  * nss/lib/freebl/Makefile, nss/lib/freebl/manifest.mn: Move seed.o back
    into freeblpriv3. bz#1642146.
  * nss/cmd/shlibsign/Makefile: Avoid infinite recursion when CHECKLOC is
    not set. bz#1642153.

nss (2:3.52-1) unstable; urgency=medium

  * New upstream release.
  * debian/libnss3.symbols: Add NSS_3_52 symbol version.

nss (2:3.51-1) unstable; urgency=medium

  * New upstream release.

nss (2:3.50-1) unstable; urgency=medium

  * New upstream release.

Date: Fri, 17 Jul 2020 10:51:23 -0400
Changed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Rafael David Tinoco <rafaeldtinoco at ubuntu.com>
https://launchpad.net/ubuntu/+source/nss/2:3.53.1-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 17 Jul 2020 10:51:23 -0400
Source: nss
Built-For-Profiles: check nostrip nodoc noopt noudeb debug
Architecture: source
Version: 2:3.53.1-1ubuntu1
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
Closes: 961752 963152
Changes:
 nss (2:3.53.1-1ubuntu1) groovy; urgency=medium
 .
   * Merge with Debian unstable. Remaining changes:
     - d/libnss3.links: make freebl3 available as library (LP #1744328)
     - d/control: add dh-exec to Build-Depends
     - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
     - Disable reading fips_enabled flag in FIPS mode. libnss is
       not a FIPS certified library. (LP #1837734)
     - Set TLSv1.2 as minimum TLS version. LP #1856428
     - Symlink chk files to fix self-verification in FIPS mode (LP #1885562)
   * Dropped changes:
     - SECURITY UPDATE: Timing attack during DSA key generation
       + debian/patches/CVE-2020-12399.patch: force a fixed length for DSA
         exponentiation in nss/lib/freebl/dsa.c.
       [ Incorporated by upstream. ]
     - SECURITY UPDATE: Side channel vulnerabilities during RSA key generation
       + debian/patches/CVE-2020-12402.patch: use constant-time GCD and
         modular inversion in nss/lib/freebl/mpi/mpi.c,
         nss/lib/freebl/mpi/mpi.h, nss/lib/freebl/mpi/mplogic.c.
       [ Incorporated by upstream. ]
 .
 nss (2:3.53.1-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes CVE-2020-12402. Closes: #963152.
 .
 nss (2:3.53-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes CVE-2020-12399. Closes: #961752.
   * debian/libnss3.symbols: Add NSS_3_53 symbol version.
   * nss/lib/freebl/Makefile, nss/lib/freebl/manifest.mn: Move seed.o back
     into freeblpriv3. bz#1642146.
   * nss/cmd/shlibsign/Makefile: Avoid infinite recursion when CHECKLOC is
     not set. bz#1642153.
 .
 nss (2:3.52-1) unstable; urgency=medium
 .
   * New upstream release.
   * debian/libnss3.symbols: Add NSS_3_52 symbol version.
 .
 nss (2:3.51-1) unstable; urgency=medium
 .
   * New upstream release.
 .
 nss (2:3.50-1) unstable; urgency=medium
 .
   * New upstream release.
Checksums-Sha1:
 8cecdd840ed423488d58107af97ac2e727e4c456 2276 nss_3.53.1-1ubuntu1.dsc
 ee522d99ff582b849fe5190c1461f0633ffe1721 81297900 nss_3.53.1.orig.tar.gz
 ad95c812a8b532f1bbd6259b6d39ee938be3358f 23664 nss_3.53.1-1ubuntu1.debian.tar.xz
 ba535acdbf937ed235a5acc1c041010c17a2e10f 6588 nss_3.53.1-1ubuntu1_source.buildinfo
Checksums-Sha256:
 f2f4ea1021f9fa47ae9bbdd0e2c0ede01f007929db85bab4f5f18750cf0c82ca 2276 nss_3.53.1-1ubuntu1.dsc
 2dccde67079b25c4e95ac3121f11b2819c37cf8c48ca263a45d8f83f7a315316 81297900 nss_3.53.1.orig.tar.gz
 fb931ef9f57ba1beb8031244b67da400bab2f2b0c7589b4b0ffbde8c2c05ae3a 23664 nss_3.53.1-1ubuntu1.debian.tar.xz
 878dbb4f425161cf394d5469a14db7a0894cef0f77f9329d0351ae68e623aa4f 6588 nss_3.53.1-1ubuntu1_source.buildinfo
Files:
 051844b01c035cfdbcb0b1aa1921b6c7 2276 libs optional nss_3.53.1-1ubuntu1.dsc
 bf604feb9be0a89eeca241ce82a95186 81297900 libs optional nss_3.53.1.orig.tar.gz
 02add2e56fd8689b3f6cfb0a41dba61a 23664 libs optional nss_3.53.1-1ubuntu1.debian.tar.xz
 c3f24f0268765728b72b38a479ddabbb 6588 libs optional nss_3.53.1-1ubuntu1_source.buildinfo
Original-Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla at tracker.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE9/EO4QjRa7yS94ISqT4OCtg8DQ8FAl8W70gACgkQqT4OCtg8
DQ/Brg/+Nxstct15eogzByBrVo5cgj2nvFEvKNRlDwKPEg4qqmOXZ1JC5XaJT2fo
X6JwR16wp40kC+TkRNCRDPg4cMXqBtwctD2EnD3eaUitoI0LCI+ydI3lduNZogk8
bbB7hpcAU5W1FUc0liU9K+v53km8ADi7unj1zWn2hCDQtkLoB6s6y2PlcEB5G1g0
ItnVIQo2v/bao2fS8oAVigtK1WtXe5ROUwP/7yxBKkgUUxCnSDNJ4otibH82wV8G
diJdyUX+G9MekYFv/7pWJlgC2hASzPAl6sUCIwgi+FcljwxAjJdqogSI8WuUihY6
xynrAJtjcwWV8w01ZWBZ6ViRq76p7+W92DakMTyZeXrg3O0KYxCaXTZye/FbuMRF
cwBtHZtfhymtUzMj/agc6oN2xUE8YpIFOU9CqXVxrMA3PWNwA2Giwn3GtfnSRVXI
4j+l4/WaKSReYHCRsbhYMiZ0rJdXXKimvTyxFPLNu3pU9gjoAx5mxoQEp5R0tSOC
zB4j6J/XpkFfvYzkjk4xAQmYAZjsJCgwqR7DcQuSMh1m+HQq9G6KO1B7wQKPl1IC
pGswAa7BmSKyvr3qkRJCNdBfM+2VODQEyDNNyOle7nWvBkI12XTeNl7bd/598t97
h0yBwTdjmRAYfE8ZM5uTFrCgWcM+t48BC6+XA0BENmInpSeeu+I=
=y9+/
-----END PGP SIGNATURE-----

More information about the Groovy-changes mailing list