[Bug 1971299] [NEW] Merge nss from Debian unstable for kinetic
Bryce Harrington
1971299 at bugs.launchpad.net
Tue May 3 07:03:15 UTC 2022
Public bug reported:
Upstream: tbd
Debian: 2:3.77-1
Ubuntu: 2:3.68.2-0ubuntu1
### New Debian Changes ###
nss (2:3.77-1) unstable; urgency=medium
* New upstream release.
* debian/libnss3.symbols: Add NSS_3.77 symbol version.
-- Mike Hommey <glandium at debian.org> Wed, 06 Apr 2022 09:18:22 +0900
nss (2:3.75-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium at debian.org> Wed, 09 Feb 2022 08:46:51 +0900
nss (2:3.73.1-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium at debian.org> Fri, 17 Dec 2021 06:16:55 +0900
nss (2:3.73-1) unstable; urgency=medium
* New upstream release.
* Fixes MFSA-2021-51, aka CVE-2021-43527: Memory corruption via DER-encoded
DSA and RSA-PSS signatures.
-- Mike Hommey <glandium at debian.org> Thu, 02 Dec 2021 06:04:31 +0900
nss (2:3.72-2) unstable; urgency=medium
* debian/control: libnss3-dev breaks libxmlsec1-dev (<< 1.2.33-1).
Closes: #998733.
-- Mike Hommey <glandium at debian.org> Fri, 12 Nov 2021 06:21:05 +0900
nss (2:3.72-1) unstable; urgency=medium
* New upstream release.
* debian/libnss3.symbols, nss/lib/ssl/sslinfo.c, nss/lib/ssl/sslt.h,
nss/cmd/selfserv/selfserv.c, nss/cmd/strsclnt/strsclnt.c,
nss/cmd/tstclnt/tstclnt.c: Bump dependency version for SSL_GetChannelInfo
symbol and remove the previous workaround. Closes: #990058.
* debian/libnss3.lintian-overrides.in, debian/rules,
nss/cmd/shlibsign/shlibsign.c, nss/lib/pk11wrap/pk11load.c,
nss/lib/util/secload.c, nss/cmd/shlibsign/Makefile,
nss/cmd/shlibsign/manifest.mn: Stop putting freebl, softokn, etc. in a
subdirectory. It's a deviation from upstream that is causing more problems
than it's worth keeping. Closes: #737855, #846012, #979159.
* debian/libnss3-dev.links.in: Remove xulrunner-nss.pc.
* debian/rules: Stop forcing xz compression.
* debian/copyright: Add dot for continuation.
* debian/watch: Upgrade to version 4.
* debian/control: Upgrade Standard-Version to 4.6.0:
- debian/rules: Build with `make -s` when DEB_BUILD_OPTIONS contains
terse.
- debian/control: Add Rules-Requires-Root: no.
* debian/control: Remove conflict with libnss3-1d. The last Debian version
with libnss3-1d was jessie, and it had a newer version anyways.
* debian/rules: Enable all hardening options.
* debian/libnss3-symbols: Add Build-Depends-Package in symbols file.
* debian/*.lintian-overrides*: Remove
copyright-refers-to-versionless-license-file lintian overrides.
* debian/libnss3.lintian-overrides.in:
- s/shlib-without-versioned-soname/shared-library-lacks-version/.
- Add lacks-unversioned-link-to-shared-library overrides.
* debian/nss-config.in, debian/rules: Ship upstream nss-config instead of
ours. Closes: #737855, #963136.
* debian/rules, debian/control: Always set Multi-Arch: same.
* debian/copyright:
- Remove commas in `Files`.
- Add missing license name for ifparser.
- Add missing `Copyright`.
- Remove copyright for mkdepend, which is not in the source tree anymore.
* debian/upstream/metadata: Add upstream bug tracking metadata.
[ Daniel Kahn Gillmor ]
* debian/control: correct Homepage (old URL redirects to 404)
[ Janitor ]
* debian/changelog: Trim trailing whitespace.
* debian/copyright: Use secure copyright file specification URI.
* debian/compat, debian/control:
- Bump debhelper from deprecated 9 to 13.
- Set debhelper-compat version in Build-Depends.
* debian/upstream/metadata: Set upstream metadata fields: Repository.
* debian/rules: Drop transition for old debug package migration.
-- Mike Hommey <glandium at debian.org> Tue, 02 Nov 2021 06:57:06 +0900
nss (2:3.70-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium at debian.org> Wed, 08 Sep 2021 08:31:23 +0900
nss (2:3.68-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium at debian.org> Mon, 19 Jul 2021 06:23:39 +0900
### Old Ubuntu Delta ###
nss (2:3.68.2-0ubuntu1) jammy; urgency=medium
* New upstream release. (LP: #1959126)
* d/p/CVE-2021-43527.patch: drop patch applied upstream.
[ Fixed in 3.68.1 ]
-- Athos Ribeiro <athos.ribeiro at canonical.com> Mon, 21 Feb 2022
14:55:42 -0300
nss (2:3.68-1ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: heap overflow when verifying DSA/RSA-PSS DER-encoded
signatures
- debian/patches/CVE-2021-43527.patch: check signature lengths in
nss/lib/cryptohi/secvfy.c.
- CVE-2021-43527
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Mon, 29 Nov 2021
07:12:54 -0500
nss (2:3.68-1ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/libnss3.links: Make freebl3 available as library. (LP #1744328)
- d/control: Add dh-exec to Build-Depends.
- d/rules: Make mkdir tolerate debian/tmp existing (due to dh-exec).
- d/p/disable_fips_enabled_read.patch: Disable reading fips_enabled flag
in FIPS mode as libnss is not a FIPS certified library. (LP #1837734)
- d/p/set-tls1.2-as-minimum.patch: Set TLSv1.2 as minimum TLS version.
(LP #1856428)
- d/libnss3.links.in: Symlink chk files to fix self-verification in
FIPS mode. (LP #1885562)
- d/p/fix-ftbfs-s390x.patch: Fix some uninitialized variable warnings
and format overflows for s390x.
- d/p/fix-ftbfs-glibc-invalid-oob-error.patch: Disable non-null error
checking on call to getcwd since this results in an erroneous warning
that causes the build to fail otherwise.
* New changes:
- d/rules: Disable LTO on s390x for now. (LP #1931104)
-- Paride Legovini <paride at ubuntu.com> Wed, 28 Jul 2021 15:27:12 +0200
** Affects: nss (Ubuntu)
Importance: Undecided
Status: New
** Tags: needs-merge upgrade-software-version
** Changed in: nss (Ubuntu)
Milestone: None => later
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1971299
Title:
Merge nss from Debian unstable for kinetic
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1971299/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list