[Touch-packages] [Bug 1971299] Re: Merge nss from Debian unstable for kinetic
This bug was fixed in the package nss - 2:3.77-1 Sponsored for Athos Ribeiro (athos-ribeiro) --- nss (2:3.77-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.77 symbol version. -- Mike Hommey Wed, 06 Apr 2022 09:18:22 +0900 nss (2:3.75-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Wed, 09 Feb 2022 08:46:51 +0900 nss (2:3.73.1-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Fri, 17 Dec 2021 06:16:55 +0900 nss (2:3.73-1) unstable; urgency=medium * New upstream release. * Fixes MFSA-2021-51, aka CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures. -- Mike Hommey Thu, 02 Dec 2021 06:04:31 +0900 nss (2:3.72-2) unstable; urgency=medium * debian/control: libnss3-dev breaks libxmlsec1-dev (<< 1.2.33-1). Closes: #998733. -- Mike Hommey Fri, 12 Nov 2021 06:21:05 +0900 nss (2:3.72-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols, nss/lib/ssl/sslinfo.c, nss/lib/ssl/sslt.h, nss/cmd/selfserv/selfserv.c, nss/cmd/strsclnt/strsclnt.c, nss/cmd/tstclnt/tstclnt.c: Bump dependency version for SSL_GetChannelInfo symbol and remove the previous workaround. Closes: #990058. * debian/libnss3.lintian-overrides.in, debian/rules, nss/cmd/shlibsign/shlibsign.c, nss/lib/pk11wrap/pk11load.c, nss/lib/util/secload.c, nss/cmd/shlibsign/Makefile, nss/cmd/shlibsign/manifest.mn: Stop putting freebl, softokn, etc. in a subdirectory. It's a deviation from upstream that is causing more problems than it's worth keeping. Closes: #737855, #846012, #979159. * debian/libnss3-dev.links.in: Remove xulrunner-nss.pc. * debian/rules: Stop forcing xz compression. * debian/copyright: Add dot for continuation. * debian/watch: Upgrade to version 4. * debian/control: Upgrade Standard-Version to 4.6.0: - debian/rules: Build with `make -s` when DEB_BUILD_OPTIONS contains terse. - debian/control: Add Rules-Requires-Root: no. * debian/control: Remove conflict with libnss3-1d. The last Debian version with libnss3-1d was jessie, and it had a newer version anyways. * debian/rules: Enable all hardening options. * debian/libnss3-symbols: Add Build-Depends-Package in symbols file. * debian/*.lintian-overrides*: Remove copyright-refers-to-versionless-license-file lintian overrides. * debian/libnss3.lintian-overrides.in: - s/shlib-without-versioned-soname/shared-library-lacks-version/. - Add lacks-unversioned-link-to-shared-library overrides. * debian/nss-config.in, debian/rules: Ship upstream nss-config instead of ours. Closes: #737855, #963136. * debian/rules, debian/control: Always set Multi-Arch: same. * debian/copyright: - Remove commas in `Files`. - Add missing license name for ifparser. - Add missing `Copyright`. - Remove copyright for mkdepend, which is not in the source tree anymore. * debian/upstream/metadata: Add upstream bug tracking metadata. [ Daniel Kahn Gillmor ] * debian/control: correct Homepage (old URL redirects to 404) [ Janitor ] * debian/changelog: Trim trailing whitespace. * debian/copyright: Use secure copyright file specification URI. * debian/compat, debian/control: - Bump debhelper from deprecated 9 to 13. - Set debhelper-compat version in Build-Depends. * debian/upstream/metadata: Set upstream metadata fields: Repository. * debian/rules: Drop transition for old debug package migration. -- Mike Hommey Tue, 02 Nov 2021 06:57:06 +0900 nss (2:3.70-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Wed, 08 Sep 2021 08:31:23 +0900 ** Changed in: nss (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1971299 Title: Merge nss from Debian unstable for kinetic Status in nss package in Ubuntu: Fix Released Bug description: Upstream: tbd Debian: 2:3.77-1 Ubuntu: 2:3.68.2-0ubuntu1 ### New Debian Changes ### nss (2:3.77-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.77 symbol version. -- Mike Hommey Wed, 06 Apr 2022 09:18:22 +0900 nss (2:3.75-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Wed, 09 Feb 2022 08:46:51 +0900 nss (2:3.73.1-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Fri, 17 Dec 2021 06:16:55 +0900 nss (2:3.73-1) unstable; urgency=medium * New upstream release. * Fixes MFSA-2021-51, aka CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures. -- Mike Hommey Thu, 02 Dec 2021 06:04:31 +0900 nss (2:3.72-2) unstable; urgency=medium * debian/control: libnss3-dev breaks libxmlsec1-dev (<< 1.2.33-1). Closes:
[Touch-packages] [Bug 1971299] Re: Merge nss from Debian unstable for kinetic
** Merge proposal linked: https://code.launchpad.net/~athos-ribeiro/ubuntu/+source/nss/+git/nss/+merge/423527 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1971299 Title: Merge nss from Debian unstable for kinetic Status in nss package in Ubuntu: In Progress Bug description: Upstream: tbd Debian: 2:3.77-1 Ubuntu: 2:3.68.2-0ubuntu1 ### New Debian Changes ### nss (2:3.77-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.77 symbol version. -- Mike Hommey Wed, 06 Apr 2022 09:18:22 +0900 nss (2:3.75-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Wed, 09 Feb 2022 08:46:51 +0900 nss (2:3.73.1-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Fri, 17 Dec 2021 06:16:55 +0900 nss (2:3.73-1) unstable; urgency=medium * New upstream release. * Fixes MFSA-2021-51, aka CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures. -- Mike Hommey Thu, 02 Dec 2021 06:04:31 +0900 nss (2:3.72-2) unstable; urgency=medium * debian/control: libnss3-dev breaks libxmlsec1-dev (<< 1.2.33-1). Closes: #998733. -- Mike Hommey Fri, 12 Nov 2021 06:21:05 +0900 nss (2:3.72-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols, nss/lib/ssl/sslinfo.c, nss/lib/ssl/sslt.h, nss/cmd/selfserv/selfserv.c, nss/cmd/strsclnt/strsclnt.c, nss/cmd/tstclnt/tstclnt.c: Bump dependency version for SSL_GetChannelInfo symbol and remove the previous workaround. Closes: #990058. * debian/libnss3.lintian-overrides.in, debian/rules, nss/cmd/shlibsign/shlibsign.c, nss/lib/pk11wrap/pk11load.c, nss/lib/util/secload.c, nss/cmd/shlibsign/Makefile, nss/cmd/shlibsign/manifest.mn: Stop putting freebl, softokn, etc. in a subdirectory. It's a deviation from upstream that is causing more problems than it's worth keeping. Closes: #737855, #846012, #979159. * debian/libnss3-dev.links.in: Remove xulrunner-nss.pc. * debian/rules: Stop forcing xz compression. * debian/copyright: Add dot for continuation. * debian/watch: Upgrade to version 4. * debian/control: Upgrade Standard-Version to 4.6.0: - debian/rules: Build with `make -s` when DEB_BUILD_OPTIONS contains terse. - debian/control: Add Rules-Requires-Root: no. * debian/control: Remove conflict with libnss3-1d. The last Debian version with libnss3-1d was jessie, and it had a newer version anyways. * debian/rules: Enable all hardening options. * debian/libnss3-symbols: Add Build-Depends-Package in symbols file. * debian/*.lintian-overrides*: Remove copyright-refers-to-versionless-license-file lintian overrides. * debian/libnss3.lintian-overrides.in: - s/shlib-without-versioned-soname/shared-library-lacks-version/. - Add lacks-unversioned-link-to-shared-library overrides. * debian/nss-config.in, debian/rules: Ship upstream nss-config instead of ours. Closes: #737855, #963136. * debian/rules, debian/control: Always set Multi-Arch: same. * debian/copyright: - Remove commas in `Files`. - Add missing license name for ifparser. - Add missing `Copyright`. - Remove copyright for mkdepend, which is not in the source tree anymore. * debian/upstream/metadata: Add upstream bug tracking metadata. [ Daniel Kahn Gillmor ] * debian/control: correct Homepage (old URL redirects to 404) [ Janitor ] * debian/changelog: Trim trailing whitespace. * debian/copyright: Use secure copyright file specification URI. * debian/compat, debian/control: - Bump debhelper from deprecated 9 to 13. - Set debhelper-compat version in Build-Depends. * debian/upstream/metadata: Set upstream metadata fields: Repository. * debian/rules: Drop transition for old debug package migration. -- Mike Hommey Tue, 02 Nov 2021 06:57:06 +0900 nss (2:3.70-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Wed, 08 Sep 2021 08:31:23 +0900 nss (2:3.68-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Mon, 19 Jul 2021 06:23:39 +0900 ### Old Ubuntu Delta ### nss (2:3.68.2-0ubuntu1) jammy; urgency=medium * New upstream release. (LP: #1959126) * d/p/CVE-2021-43527.patch: drop patch applied upstream. [ Fixed in 3.68.1 ] -- Athos Ribeiro Mon, 21 Feb 2022 14:55:42 -0300 nss (2:3.68-1ubuntu2) jammy; urgency=medium * SECURITY UPDATE: heap overflow when verifying DSA/RSA-PSS DER-encoded signatures - debian/patches/CVE-2021-43527.patch: check signature lengths in nss/lib/cryptohi/secvfy.c. - CVE-2021-43527 -- Marc Deslauriers Mon, 29 Nov 2021 07:12:54 -0500 nss
[Touch-packages] [Bug 1971299] Re: Merge nss from Debian unstable for kinetic
Our current delta has the following patches: === BEGIN DELTA ANALYSIS === * New upstream release. (LP: #1959126) [2:3.68.2-0ubuntu1] We went "ahead" of Debian here. We must drop this to get back to tracking the Debian history. * d/p/CVE-2021-43527.patch: drop patch applied upstream. [ Fixed in 3.68.1 ] * SECURITY UPDATE: heap overflow when verifying DSA/RSA-PSS DER-encoded signatures - debian/patches/CVE-2021-43527.patch: check signature lengths in nss/lib/cryptohi/secvfy.c. - CVE-2021-43527 When dropping the "New upstream release", this would be re-introduced, but since this was fixed in 3.68.1 already, it can be/remain dropped. - d/libnss3.links: Make freebl3 available as library. (LP #1744328) - d/libnss3.links.in: Symlink chk files to fix self-verification in FIPS mode. (LP #1885562) - d/control: Add dh-exec to Build-Depends. - d/rules: Make mkdir tolerate debian/tmp existing (due to dh-exec). The packaging approach changed in Debian for 2:3.72-1 to stick to the upstream distribution approach. The libraries are now shipped in a single directory and therefore this patch is no longer needed. dh-exec was only used for this links file and the related deltas are also no longer needed. - d/p/disable_fips_enabled_read.patch: Disable reading fips_enabled flag in FIPS mode as libnss is not a FIPS certified library. (LP #1837734) LP: #1837734, which introduced this patch, has a comment from the patch author saying this was never needed in this package and was added to fix an issue with firefox, which had libnss embedded back when this was introduced. This can also be dropped. - d/p/set-tls1.2-as-minimum.patch: Set TLSv1.2 as minimum TLS version. (LP #1856428) This was included in upstream version 3.69 and can be dropped. - d/p/fix-ftbfs-s390x.patch: Fix some uninitialized variable warnings and format overflows for s390x. - d/p/fix-ftbfs-glibc-invalid-oob-error.patch: Disable non-null error checking on call to getcwd since this results in an erroneous warning that causes the build to fail otherwise. There are no FTBFS issues with the current Debian version. Hence, these are no longer needed. See https://launchpad.net/~athos- ribeiro/+archive/ubuntu/nss377-transition/+packages - d/rules: Disable LTO on s390x for now. (LP #1931104) In the upstream issue linked in LP: #1931104, the Fedora packager re- enabled LTO since version 3.69 and reported no issues/regressions were observed. The same applies for our test builds at https://launchpad.net/~athos- ribeiro/+archive/ubuntu/nss377-transition/+packages. This can also be dropped. === END DELTA ANALYSIS === Based on the report above, we can safely drop all delta for nss. This can be a sync. A bileto ticket was created to ensure rdeps sanity before we proceed with sync'ing this package at https://bileto.ubuntu.com/#/ticket/4857 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-43527 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1971299 Title: Merge nss from Debian unstable for kinetic Status in nss package in Ubuntu: In Progress Bug description: Upstream: tbd Debian: 2:3.77-1 Ubuntu: 2:3.68.2-0ubuntu1 ### New Debian Changes ### nss (2:3.77-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.77 symbol version. -- Mike Hommey Wed, 06 Apr 2022 09:18:22 +0900 nss (2:3.75-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Wed, 09 Feb 2022 08:46:51 +0900 nss (2:3.73.1-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Fri, 17 Dec 2021 06:16:55 +0900 nss (2:3.73-1) unstable; urgency=medium * New upstream release. * Fixes MFSA-2021-51, aka CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures. -- Mike Hommey Thu, 02 Dec 2021 06:04:31 +0900 nss (2:3.72-2) unstable; urgency=medium * debian/control: libnss3-dev breaks libxmlsec1-dev (<< 1.2.33-1). Closes: #998733. -- Mike Hommey Fri, 12 Nov 2021 06:21:05 +0900 nss (2:3.72-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols, nss/lib/ssl/sslinfo.c, nss/lib/ssl/sslt.h, nss/cmd/selfserv/selfserv.c, nss/cmd/strsclnt/strsclnt.c, nss/cmd/tstclnt/tstclnt.c: Bump dependency version for SSL_GetChannelInfo symbol and remove the previous workaround. Closes: #990058. * debian/libnss3.lintian-overrides.in, debian/rules, nss/cmd/shlibsign/shlibsign.c, nss/lib/pk11wrap/pk11load.c, nss/lib/util/secload.c, nss/cmd/shlibsign/Makefile, nss/cmd/shlibsign/manifest.mn: Stop putting freebl, softokn, etc. in a subdirectory. It's a deviation from upstream that is causing more problems than it's worth
[Touch-packages] [Bug 1971299] Re: Merge nss from Debian unstable for kinetic
** Changed in: nss (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1971299 Title: Merge nss from Debian unstable for kinetic Status in nss package in Ubuntu: In Progress Bug description: Upstream: tbd Debian: 2:3.77-1 Ubuntu: 2:3.68.2-0ubuntu1 ### New Debian Changes ### nss (2:3.77-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.77 symbol version. -- Mike Hommey Wed, 06 Apr 2022 09:18:22 +0900 nss (2:3.75-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Wed, 09 Feb 2022 08:46:51 +0900 nss (2:3.73.1-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Fri, 17 Dec 2021 06:16:55 +0900 nss (2:3.73-1) unstable; urgency=medium * New upstream release. * Fixes MFSA-2021-51, aka CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures. -- Mike Hommey Thu, 02 Dec 2021 06:04:31 +0900 nss (2:3.72-2) unstable; urgency=medium * debian/control: libnss3-dev breaks libxmlsec1-dev (<< 1.2.33-1). Closes: #998733. -- Mike Hommey Fri, 12 Nov 2021 06:21:05 +0900 nss (2:3.72-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols, nss/lib/ssl/sslinfo.c, nss/lib/ssl/sslt.h, nss/cmd/selfserv/selfserv.c, nss/cmd/strsclnt/strsclnt.c, nss/cmd/tstclnt/tstclnt.c: Bump dependency version for SSL_GetChannelInfo symbol and remove the previous workaround. Closes: #990058. * debian/libnss3.lintian-overrides.in, debian/rules, nss/cmd/shlibsign/shlibsign.c, nss/lib/pk11wrap/pk11load.c, nss/lib/util/secload.c, nss/cmd/shlibsign/Makefile, nss/cmd/shlibsign/manifest.mn: Stop putting freebl, softokn, etc. in a subdirectory. It's a deviation from upstream that is causing more problems than it's worth keeping. Closes: #737855, #846012, #979159. * debian/libnss3-dev.links.in: Remove xulrunner-nss.pc. * debian/rules: Stop forcing xz compression. * debian/copyright: Add dot for continuation. * debian/watch: Upgrade to version 4. * debian/control: Upgrade Standard-Version to 4.6.0: - debian/rules: Build with `make -s` when DEB_BUILD_OPTIONS contains terse. - debian/control: Add Rules-Requires-Root: no. * debian/control: Remove conflict with libnss3-1d. The last Debian version with libnss3-1d was jessie, and it had a newer version anyways. * debian/rules: Enable all hardening options. * debian/libnss3-symbols: Add Build-Depends-Package in symbols file. * debian/*.lintian-overrides*: Remove copyright-refers-to-versionless-license-file lintian overrides. * debian/libnss3.lintian-overrides.in: - s/shlib-without-versioned-soname/shared-library-lacks-version/. - Add lacks-unversioned-link-to-shared-library overrides. * debian/nss-config.in, debian/rules: Ship upstream nss-config instead of ours. Closes: #737855, #963136. * debian/rules, debian/control: Always set Multi-Arch: same. * debian/copyright: - Remove commas in `Files`. - Add missing license name for ifparser. - Add missing `Copyright`. - Remove copyright for mkdepend, which is not in the source tree anymore. * debian/upstream/metadata: Add upstream bug tracking metadata. [ Daniel Kahn Gillmor ] * debian/control: correct Homepage (old URL redirects to 404) [ Janitor ] * debian/changelog: Trim trailing whitespace. * debian/copyright: Use secure copyright file specification URI. * debian/compat, debian/control: - Bump debhelper from deprecated 9 to 13. - Set debhelper-compat version in Build-Depends. * debian/upstream/metadata: Set upstream metadata fields: Repository. * debian/rules: Drop transition for old debug package migration. -- Mike Hommey Tue, 02 Nov 2021 06:57:06 +0900 nss (2:3.70-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Wed, 08 Sep 2021 08:31:23 +0900 nss (2:3.68-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Mon, 19 Jul 2021 06:23:39 +0900 ### Old Ubuntu Delta ### nss (2:3.68.2-0ubuntu1) jammy; urgency=medium * New upstream release. (LP: #1959126) * d/p/CVE-2021-43527.patch: drop patch applied upstream. [ Fixed in 3.68.1 ] -- Athos Ribeiro Mon, 21 Feb 2022 14:55:42 -0300 nss (2:3.68-1ubuntu2) jammy; urgency=medium * SECURITY UPDATE: heap overflow when verifying DSA/RSA-PSS DER-encoded signatures - debian/patches/CVE-2021-43527.patch: check signature lengths in nss/lib/cryptohi/secvfy.c. - CVE-2021-43527 -- Marc Deslauriers Mon, 29 Nov 2021 07:12:54 -0500 nss (2:3.68-1ubuntu1) impish; urgency=medium * Merge
[Touch-packages] [Bug 1971299] Re: Merge nss from Debian unstable for kinetic
** Changed in: nss (Ubuntu) Assignee: (unassigned) => Athos Ribeiro (athos-ribeiro) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1971299 Title: Merge nss from Debian unstable for kinetic Status in nss package in Ubuntu: New Bug description: Upstream: tbd Debian: 2:3.77-1 Ubuntu: 2:3.68.2-0ubuntu1 ### New Debian Changes ### nss (2:3.77-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.77 symbol version. -- Mike Hommey Wed, 06 Apr 2022 09:18:22 +0900 nss (2:3.75-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Wed, 09 Feb 2022 08:46:51 +0900 nss (2:3.73.1-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Fri, 17 Dec 2021 06:16:55 +0900 nss (2:3.73-1) unstable; urgency=medium * New upstream release. * Fixes MFSA-2021-51, aka CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures. -- Mike Hommey Thu, 02 Dec 2021 06:04:31 +0900 nss (2:3.72-2) unstable; urgency=medium * debian/control: libnss3-dev breaks libxmlsec1-dev (<< 1.2.33-1). Closes: #998733. -- Mike Hommey Fri, 12 Nov 2021 06:21:05 +0900 nss (2:3.72-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols, nss/lib/ssl/sslinfo.c, nss/lib/ssl/sslt.h, nss/cmd/selfserv/selfserv.c, nss/cmd/strsclnt/strsclnt.c, nss/cmd/tstclnt/tstclnt.c: Bump dependency version for SSL_GetChannelInfo symbol and remove the previous workaround. Closes: #990058. * debian/libnss3.lintian-overrides.in, debian/rules, nss/cmd/shlibsign/shlibsign.c, nss/lib/pk11wrap/pk11load.c, nss/lib/util/secload.c, nss/cmd/shlibsign/Makefile, nss/cmd/shlibsign/manifest.mn: Stop putting freebl, softokn, etc. in a subdirectory. It's a deviation from upstream that is causing more problems than it's worth keeping. Closes: #737855, #846012, #979159. * debian/libnss3-dev.links.in: Remove xulrunner-nss.pc. * debian/rules: Stop forcing xz compression. * debian/copyright: Add dot for continuation. * debian/watch: Upgrade to version 4. * debian/control: Upgrade Standard-Version to 4.6.0: - debian/rules: Build with `make -s` when DEB_BUILD_OPTIONS contains terse. - debian/control: Add Rules-Requires-Root: no. * debian/control: Remove conflict with libnss3-1d. The last Debian version with libnss3-1d was jessie, and it had a newer version anyways. * debian/rules: Enable all hardening options. * debian/libnss3-symbols: Add Build-Depends-Package in symbols file. * debian/*.lintian-overrides*: Remove copyright-refers-to-versionless-license-file lintian overrides. * debian/libnss3.lintian-overrides.in: - s/shlib-without-versioned-soname/shared-library-lacks-version/. - Add lacks-unversioned-link-to-shared-library overrides. * debian/nss-config.in, debian/rules: Ship upstream nss-config instead of ours. Closes: #737855, #963136. * debian/rules, debian/control: Always set Multi-Arch: same. * debian/copyright: - Remove commas in `Files`. - Add missing license name for ifparser. - Add missing `Copyright`. - Remove copyright for mkdepend, which is not in the source tree anymore. * debian/upstream/metadata: Add upstream bug tracking metadata. [ Daniel Kahn Gillmor ] * debian/control: correct Homepage (old URL redirects to 404) [ Janitor ] * debian/changelog: Trim trailing whitespace. * debian/copyright: Use secure copyright file specification URI. * debian/compat, debian/control: - Bump debhelper from deprecated 9 to 13. - Set debhelper-compat version in Build-Depends. * debian/upstream/metadata: Set upstream metadata fields: Repository. * debian/rules: Drop transition for old debug package migration. -- Mike Hommey Tue, 02 Nov 2021 06:57:06 +0900 nss (2:3.70-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Wed, 08 Sep 2021 08:31:23 +0900 nss (2:3.68-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Mon, 19 Jul 2021 06:23:39 +0900 ### Old Ubuntu Delta ### nss (2:3.68.2-0ubuntu1) jammy; urgency=medium * New upstream release. (LP: #1959126) * d/p/CVE-2021-43527.patch: drop patch applied upstream. [ Fixed in 3.68.1 ] -- Athos Ribeiro Mon, 21 Feb 2022 14:55:42 -0300 nss (2:3.68-1ubuntu2) jammy; urgency=medium * SECURITY UPDATE: heap overflow when verifying DSA/RSA-PSS DER-encoded signatures - debian/patches/CVE-2021-43527.patch: check signature lengths in nss/lib/cryptohi/secvfy.c. - CVE-2021-43527 -- Marc Deslauriers Mon, 29 Nov 2021 07:12:54 -0500 nss (2:3.68-1ubuntu1) impish;
[Touch-packages] [Bug 1971299] Re: Merge nss from Debian unstable for kinetic
** Changed in: nss (Ubuntu) Milestone: later => ubuntu-22.05 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1971299 Title: Merge nss from Debian unstable for kinetic Status in nss package in Ubuntu: New Bug description: Upstream: tbd Debian: 2:3.77-1 Ubuntu: 2:3.68.2-0ubuntu1 ### New Debian Changes ### nss (2:3.77-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.77 symbol version. -- Mike Hommey Wed, 06 Apr 2022 09:18:22 +0900 nss (2:3.75-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Wed, 09 Feb 2022 08:46:51 +0900 nss (2:3.73.1-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Fri, 17 Dec 2021 06:16:55 +0900 nss (2:3.73-1) unstable; urgency=medium * New upstream release. * Fixes MFSA-2021-51, aka CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures. -- Mike Hommey Thu, 02 Dec 2021 06:04:31 +0900 nss (2:3.72-2) unstable; urgency=medium * debian/control: libnss3-dev breaks libxmlsec1-dev (<< 1.2.33-1). Closes: #998733. -- Mike Hommey Fri, 12 Nov 2021 06:21:05 +0900 nss (2:3.72-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols, nss/lib/ssl/sslinfo.c, nss/lib/ssl/sslt.h, nss/cmd/selfserv/selfserv.c, nss/cmd/strsclnt/strsclnt.c, nss/cmd/tstclnt/tstclnt.c: Bump dependency version for SSL_GetChannelInfo symbol and remove the previous workaround. Closes: #990058. * debian/libnss3.lintian-overrides.in, debian/rules, nss/cmd/shlibsign/shlibsign.c, nss/lib/pk11wrap/pk11load.c, nss/lib/util/secload.c, nss/cmd/shlibsign/Makefile, nss/cmd/shlibsign/manifest.mn: Stop putting freebl, softokn, etc. in a subdirectory. It's a deviation from upstream that is causing more problems than it's worth keeping. Closes: #737855, #846012, #979159. * debian/libnss3-dev.links.in: Remove xulrunner-nss.pc. * debian/rules: Stop forcing xz compression. * debian/copyright: Add dot for continuation. * debian/watch: Upgrade to version 4. * debian/control: Upgrade Standard-Version to 4.6.0: - debian/rules: Build with `make -s` when DEB_BUILD_OPTIONS contains terse. - debian/control: Add Rules-Requires-Root: no. * debian/control: Remove conflict with libnss3-1d. The last Debian version with libnss3-1d was jessie, and it had a newer version anyways. * debian/rules: Enable all hardening options. * debian/libnss3-symbols: Add Build-Depends-Package in symbols file. * debian/*.lintian-overrides*: Remove copyright-refers-to-versionless-license-file lintian overrides. * debian/libnss3.lintian-overrides.in: - s/shlib-without-versioned-soname/shared-library-lacks-version/. - Add lacks-unversioned-link-to-shared-library overrides. * debian/nss-config.in, debian/rules: Ship upstream nss-config instead of ours. Closes: #737855, #963136. * debian/rules, debian/control: Always set Multi-Arch: same. * debian/copyright: - Remove commas in `Files`. - Add missing license name for ifparser. - Add missing `Copyright`. - Remove copyright for mkdepend, which is not in the source tree anymore. * debian/upstream/metadata: Add upstream bug tracking metadata. [ Daniel Kahn Gillmor ] * debian/control: correct Homepage (old URL redirects to 404) [ Janitor ] * debian/changelog: Trim trailing whitespace. * debian/copyright: Use secure copyright file specification URI. * debian/compat, debian/control: - Bump debhelper from deprecated 9 to 13. - Set debhelper-compat version in Build-Depends. * debian/upstream/metadata: Set upstream metadata fields: Repository. * debian/rules: Drop transition for old debug package migration. -- Mike Hommey Tue, 02 Nov 2021 06:57:06 +0900 nss (2:3.70-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Wed, 08 Sep 2021 08:31:23 +0900 nss (2:3.68-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Mon, 19 Jul 2021 06:23:39 +0900 ### Old Ubuntu Delta ### nss (2:3.68.2-0ubuntu1) jammy; urgency=medium * New upstream release. (LP: #1959126) * d/p/CVE-2021-43527.patch: drop patch applied upstream. [ Fixed in 3.68.1 ] -- Athos Ribeiro Mon, 21 Feb 2022 14:55:42 -0300 nss (2:3.68-1ubuntu2) jammy; urgency=medium * SECURITY UPDATE: heap overflow when verifying DSA/RSA-PSS DER-encoded signatures - debian/patches/CVE-2021-43527.patch: check signature lengths in nss/lib/cryptohi/secvfy.c. - CVE-2021-43527 -- Marc Deslauriers Mon, 29 Nov 2021 07:12:54 -0500 nss (2:3.68-1ubuntu1) impish; urgency=medium * Merge with
