nss (3.12.3.1-0ubuntu0.8.04.2) hardy-security; urgency=low * Add 91_nonexec_stack.patch: fix regression in stack memory protectons caused by unmarked assembly (LP: #409864). -- Kees Cook Mon, 24 Aug 2009 15:03:19 -0700 nss (3.12.3.1-0ubuntu0.8.04.1) hardy-security; urgency=low * new upstream release 3.12.3.1 RTM (NSS_3_12_3_1_RTM) (LP: #407549) - see USN-810-1 * requires nspr >= 4.7.4 - update debian/control * drop (ubuntu-)useless kbsd patch - delete debian/patches/38_kbsd.patch * drop obsolete patches fixed upstream - delete debian/patches/80_security_tools.patch - delete debian/patches/bz471715_attachment_357235-backport.patch * adjust patches to new upstream codebase - update debian/patches/38_mips64_build.patch - update debian/patches/81_sonames.patch * LP: #388350 - nss 3.12.3-0ubuntu2 ftbfs in karmic - shlibsign crashes; we add debian/libnss3-1d/usr/lib/nss to LD_LIBRARY_PATH for the shlibsign invocation used to sign libs in debian/rules - update debian/rules * update .symbols files for new upstream api - update debian/libnss3-1d.symbols * bump shlibs version to >= 3.12.3 - update debian/rules -- Alexander Sack Sat, 01 Aug 2009 16:57:40 +0200 nss (3.12.0.3-0ubuntu0.8.04.5) hardy-security; urgency=low * from CVE-2004-2761: blacklist rogue PoC md5 collision certificate. Note: this only blacklists the PoC cert referred to by CVE-2004-2761 and does not fix the CVE ifself; see: https://bugzilla.mozilla.org/show_bug.cgi?id=471715 - add debian/patches/bz471715_attachment_357235-backport.patch - update debian/patches/series -- Alexander Sack Mon, 09 Mar 2009 16:03:35 +0100 nss (3.12.0.3-0ubuntu0.8.04.4) hardy-proposed; urgency=low * RELEASE 3.12.0.3-0ubuntu0.8.04.4 to ubuntu/hardy-proposed * follow up for LP: #245122 - drop Conflicts: on libnss3 from libnss3-1d package in order to allow non-dist upgrade for hardy-proposed - update debian/control -- Alexander Sack Mon, 04 Aug 2008 10:09:54 +0200 nss (3.12.0.3-0ubuntu0.8.04.3) hardy-proposed; urgency=low ( from 3.12.0.3-0ubuntu4 in ubuntu/intrepid) * fix LP: #245122 - add Replaces/Conflicts on libnss3 packages - update debian/control * fix LP: #215062 - update Replaces/Conflicts for libnss3-1d on gutsy version of libnss3-0d (<< 3.12.0~) -- Alexander Sack Tue, 15 Jul 2008 15:46:47 +0200 nss (3.12.0.3-0ubuntu0.8.04.2) hardy-proposed; urgency=low ( from 3.12.0.3-0ubuntu1 to ubuntu/intrepid ) * new upstream release 3.12.0.3 fixes certID issue; downloaded from http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_RTM/src/nss-3.12.tar.gz (LP: #242379) ( from 3.12.0.3-0ubuntu2 to ubuntu/intrepid) * move non-versioned .so-links from libnss3-dev package to unbreak binary compatibility to native extensions built against upstream xulrunner; in turn we add versioned Conflicts: Replaces: on libnss3-dev for the libnss3-1d package to provide a smooth upgrade path. (LP: #244439) - add debian/libnss3-1d.links - update debian/libnss3-dev.links - update debian/control ( from 3.12.0.3-0ubuntu3 in ubuntu/intrepid) * fix LP: #245122 - add Replaces/Conflicts on libnss3 ( << 3) packages - update debian/control -- Alexander Sack Thu, 10 Jul 2008 10:42:46 +0200 nss (3.12.0.2+1.9-0ubuntu0.8.04.1) hardy-proposed; urgency=low [ Fabien Tassin ] * new upstream version, picked from FIREFOX_3_0rc1_RELEASE cvs tag (LP: #233922) -- Alexander Sack Fri, 23 May 2008 09:34:32 +0200 nss (3.12.0~beta3-0ubuntu1) hardy; urgency=low * new upstream version, picked from NSS_3_12_BETA3 cvs tag * update symbols file: - add CERT_NewTempCertificate@NSS_3.12 - add NSS_InitWithMerge@NSS_3.12 - add PK11_CreateMergeLog@NSS_3.12 - add PK11_DestroyMergeLog@NSS_3.12 - add PK11_IsRemovable@NSS_3.12 - add PK11_MergeTokens@NSS_3.12 - add CERT_GetUsePKIXForValidation@NSS_3.12 - add CERT_SetUsePKIXForValidation@NSS_3.12 - add CERT_GetClassicOCSPDisabledPolicy@NSS_3.12 - add CERT_GetClassicOCSPEnabledHardFailurePolicy@NSS_3.12 - CERT_GetClassicOCSPEnabledSoftFailurePolicy@NSS_3.12 - update debian/libnss3-1d.symbols * bump shlibs requirement to >= 3.12.0~beta3 - update debian/rules -- Fabien Tassin Fri, 04 Apr 2008 16:14:45 +0200 nss (3.12.0~1.9b4-0ubuntu1) hardy; urgency=low * new upstream version, picked from FIREFOX_3_0b4_RELEASE cvs tag. * update symbols file - update debian/libnss3-1d.symbols * bump shlibs requirement to >= 3.12.0~1.9b4 -- Alexander Sack Tue, 11 Mar 2008 01:52:02 +0100 nss (3.12.0~1.9b3-0ubuntu1) hardy; urgency=low * New upstream snapshot, picked from FIREFOX_3_0b3_RELEASE cvs tag. * install libnssutil3.so.1d, update symbols file accordingly, add nssutil to pkgconfig file and config script - update debian/libnss3-dev.links - update debian/nss.pc.in - update debian/nss-config.in * fix UPSTREAM_VERSION to drop ~cvs as it is used by nss-config which is causing troubles in xulrunner's configure - update debian/rules * add support for mozilla-devscripts - update debian/rules * update symbols file for new symbols: + CERT_SetOCSPTimeout@NSS_3.12 + NSS_3.11.9@NSS_3.11.9 + PK11_CreateGenericObject@NSS_3.12 + PK11_UnconfigurePKCS11@NSS_3.11.9 + PK11_WriteRawAttribute@NSS_3.12 + CERT_GetValidDNSPatternsFromCert@NSS_3.12 + PK11_CreatePBEV2AlgorithmID@NSS_3.12 + PK11_GetPBECryptoMechanism@NSS_3.12 + SEC_PKCS5IsAlgorithmPBEAlgTag@NSS_3.12 ~ SEC_StringToOID@NSS_3.12 (moved from libnss3 to libnssutils3) - update debian/libnss3-1d.symbols - update debian/rules * Bump shlibs requirement to >= 3.12.0~1.9b3 - update debian/rules * Bump Standards-Version to 3.7.3 and add Homepage field where needed - update debian/control -- Fabien Tassin Fri, 08 Feb 2008 20:13:42 +0100 nss (3.12.0~1.9b2+nobinonly-0ubuntu1) hardy; urgency=low * New upstream snapshot, picked from FIREFOX_3_0b2_RELEASE cvs tag. * ubuntify maintainer field - update debian/control -- Alexander Sack Sun, 16 Dec 2007 11:06:03 +0100 nss (3.12.0~1.9b1-2) unstable; urgency=low * debian/control: libnss3-1-dbg needs to conflict with older libnss3-0d-dbg, as it overwrites so of its files. Closes: #455875. * debian/patches/90_realpath.dpatch: Use realpath() in loader_GetOriginalPathname, so that symlinks are properly followed when determining where the current library lives. * debian/patches/00list: Updated accordingly. * debian/patches/85_security_load.dpatch: When the module given by the caller contains a directory name, remove it so that the module can be properly loaded. Closes: #456296. -- Mike Hommey Sun, 16 Dec 2007 11:06:03 +0100 nss (3.12.0~1.9b1-1) unstable; urgency=low * New upstream snapshot, picked from FIREFOX_3_0b1_RELEASE cvs tag. * debian/copyright: Add licensing information about the recently added sqlite copy in the source tree. * debian/control: + Build depend on libsqlite3-dev. + Rename all -0d packages to -1d, but keep a transitional -0d package, since all libraries are compatible (except for the removed one). + Make libnss3-1d conflict with older libnss3-0d. * debian/patches/38_kbsd.dpatch, debian/patches/81_sonames.dpatch: Adapted to upstream changes. * debian/patches/81_sonames.dpatch: + Remove SO version from libsoftokn3, now it is not linked against anymore, but dlloaded. + Remove the hacks to have shlibsign and the signature verification code handle the SO version in the file name. + Bump SO version to 1d. * debian/rules: + Add NSS_USE_SYSTEM_SQLITE=1 to the make options. + Install libsoftokn3 and the new libnssdbm3 in /usr/lib/nss. + Run shlibsign on libsoftokn3 in /usr/lib/nss, without a SO version. + For some reason, build-stamp was missing in install-stamp dependencies. + Bumped shlibs because of new symbols, and pass -c4 to dpkg-gensymbols, so that it fails in all cases where the symbols file is not up to date. + Adapt upstream version pattern matching so that the ~1.9b1 part is removed. + Install .1d libraries in -1d packages. + Create a dummy libsoftokn3.so.0d library, installed in the libnss3-0d package. * debian/libnss3-0d.links: + Remove links in /usr/lib/xulrunner. The workaround they were implementing is going to be done another way. + Add .0d links to .1d libraries. * debian/libnss3-dev.links: + Don't put a symlink for libsoftokn3. + .so files now link to .1d libraries. * debian/patches/80_security_build.dpatch: Remove the hack to load libfreebl from /usr/lib/nss. * debian/patches/85_security_load.dpatch: Load modules from $ORIGIN/nss. * debian/patches/10_3.11.7_symbol_fix.dpatch: Fix a symbol version. Stolen from bz#325672. * debian/patches/00list: Updated accordingly. * debian/libnss3-0d.dirs: Renamed to libnss3-1d.dirs. -- Mike Hommey Sat, 08 Dec 2007 10:53:02 +0100 nss (3.11.7-1) unstable; urgency=low * New upstream release, picked from NSS_3_11_7_RTM cvs tag. * debian/patches/38_kbsd.dpatch: Also add support for the Hurd. Closes: #419529. * debian/rules: + Don't fail on clean with unpatched ruleset. Closes: #421542. + Bumped shlibs because of new symbols. * debian/patches/81_sonames.dpatch: Adapted to upstream changes. -- Mike Hommey Sun, 01 Jul 2007 11:29:06 +0200 nss (3.11.5-3) unstable; urgency=low * Upload to unstable. -- Mike Hommey Mon, 09 Apr 2007 20:37:25 +0200 nss (3.11.5-2) experimental; urgency=low * debian/rules: + Cleaner way to set the NSPR location. + Install libcrmf.a files in libnss3-dev. + binary-indep now does nothing. * debian/control: Make libnss3-dev an Arch: any package. * debian/nss.pc.in: + Remove libsoftokn3 from ld libraries. + Improvement in directories setting. * debian/libnss3-dev.dirs: Create /usr/bin. * debian/nss-config.in, debian/rules: Install a nss-config script into libnss3-dev. -- Mike Hommey Tue, 27 Mar 2007 20:41:11 +0200 nss (3.11.5-1) experimental; urgency=low * Initial release. (Closes: #416151) -- Mike Hommey Sun, 25 Mar 2007 23:56:17 +0200