** Merge proposal linked: https://code.launchpad.net/~athos-ribeiro/ubuntu/+source/nss/+git/nss/+merge/423527
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1971299 Title: Merge nss from Debian unstable for kinetic Status in nss package in Ubuntu: In Progress Bug description: Upstream: tbd Debian: 2:3.77-1 Ubuntu: 2:3.68.2-0ubuntu1 ### New Debian Changes ### nss (2:3.77-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.77 symbol version. -- Mike Hommey <gland...@debian.org> Wed, 06 Apr 2022 09:18:22 +0900 nss (2:3.75-1) unstable; urgency=medium * New upstream release. -- Mike Hommey <gland...@debian.org> Wed, 09 Feb 2022 08:46:51 +0900 nss (2:3.73.1-1) unstable; urgency=medium * New upstream release. -- Mike Hommey <gland...@debian.org> Fri, 17 Dec 2021 06:16:55 +0900 nss (2:3.73-1) unstable; urgency=medium * New upstream release. * Fixes MFSA-2021-51, aka CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures. -- Mike Hommey <gland...@debian.org> Thu, 02 Dec 2021 06:04:31 +0900 nss (2:3.72-2) unstable; urgency=medium * debian/control: libnss3-dev breaks libxmlsec1-dev (<< 1.2.33-1). Closes: #998733. -- Mike Hommey <gland...@debian.org> Fri, 12 Nov 2021 06:21:05 +0900 nss (2:3.72-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols, nss/lib/ssl/sslinfo.c, nss/lib/ssl/sslt.h, nss/cmd/selfserv/selfserv.c, nss/cmd/strsclnt/strsclnt.c, nss/cmd/tstclnt/tstclnt.c: Bump dependency version for SSL_GetChannelInfo symbol and remove the previous workaround. Closes: #990058. * debian/libnss3.lintian-overrides.in, debian/rules, nss/cmd/shlibsign/shlibsign.c, nss/lib/pk11wrap/pk11load.c, nss/lib/util/secload.c, nss/cmd/shlibsign/Makefile, nss/cmd/shlibsign/manifest.mn: Stop putting freebl, softokn, etc. in a subdirectory. It's a deviation from upstream that is causing more problems than it's worth keeping. Closes: #737855, #846012, #979159. * debian/libnss3-dev.links.in: Remove xulrunner-nss.pc. * debian/rules: Stop forcing xz compression. * debian/copyright: Add dot for continuation. * debian/watch: Upgrade to version 4. * debian/control: Upgrade Standard-Version to 4.6.0: - debian/rules: Build with `make -s` when DEB_BUILD_OPTIONS contains terse. - debian/control: Add Rules-Requires-Root: no. * debian/control: Remove conflict with libnss3-1d. The last Debian version with libnss3-1d was jessie, and it had a newer version anyways. * debian/rules: Enable all hardening options. * debian/libnss3-symbols: Add Build-Depends-Package in symbols file. * debian/*.lintian-overrides*: Remove copyright-refers-to-versionless-license-file lintian overrides. * debian/libnss3.lintian-overrides.in: - s/shlib-without-versioned-soname/shared-library-lacks-version/. - Add lacks-unversioned-link-to-shared-library overrides. * debian/nss-config.in, debian/rules: Ship upstream nss-config instead of ours. Closes: #737855, #963136. * debian/rules, debian/control: Always set Multi-Arch: same. * debian/copyright: - Remove commas in `Files`. - Add missing license name for ifparser. - Add missing `Copyright`. - Remove copyright for mkdepend, which is not in the source tree anymore. * debian/upstream/metadata: Add upstream bug tracking metadata. [ Daniel Kahn Gillmor ] * debian/control: correct Homepage (old URL redirects to 404) [ Janitor ] * debian/changelog: Trim trailing whitespace. * debian/copyright: Use secure copyright file specification URI. * debian/compat, debian/control: - Bump debhelper from deprecated 9 to 13. - Set debhelper-compat version in Build-Depends. * debian/upstream/metadata: Set upstream metadata fields: Repository. * debian/rules: Drop transition for old debug package migration. -- Mike Hommey <gland...@debian.org> Tue, 02 Nov 2021 06:57:06 +0900 nss (2:3.70-1) unstable; urgency=medium * New upstream release. -- Mike Hommey <gland...@debian.org> Wed, 08 Sep 2021 08:31:23 +0900 nss (2:3.68-1) unstable; urgency=medium * New upstream release. -- Mike Hommey <gland...@debian.org> Mon, 19 Jul 2021 06:23:39 +0900 ### Old Ubuntu Delta ### nss (2:3.68.2-0ubuntu1) jammy; urgency=medium * New upstream release. (LP: #1959126) * d/p/CVE-2021-43527.patch: drop patch applied upstream. [ Fixed in 3.68.1 ] -- Athos Ribeiro <athos.ribe...@canonical.com> Mon, 21 Feb 2022 14:55:42 -0300 nss (2:3.68-1ubuntu2) jammy; urgency=medium * SECURITY UPDATE: heap overflow when verifying DSA/RSA-PSS DER-encoded signatures - debian/patches/CVE-2021-43527.patch: check signature lengths in nss/lib/cryptohi/secvfy.c. - CVE-2021-43527 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Mon, 29 Nov 2021 07:12:54 -0500 nss (2:3.68-1ubuntu1) impish; urgency=medium * Merge with Debian unstable. Remaining changes: - d/libnss3.links: Make freebl3 available as library. (LP #1744328) - d/control: Add dh-exec to Build-Depends. - d/rules: Make mkdir tolerate debian/tmp existing (due to dh-exec). - d/p/disable_fips_enabled_read.patch: Disable reading fips_enabled flag in FIPS mode as libnss is not a FIPS certified library. (LP #1837734) - d/p/set-tls1.2-as-minimum.patch: Set TLSv1.2 as minimum TLS version. (LP #1856428) - d/libnss3.links.in: Symlink chk files to fix self-verification in FIPS mode. (LP #1885562) - d/p/fix-ftbfs-s390x.patch: Fix some uninitialized variable warnings and format overflows for s390x. - d/p/fix-ftbfs-glibc-invalid-oob-error.patch: Disable non-null error checking on call to getcwd since this results in an erroneous warning that causes the build to fail otherwise. * New changes: - d/rules: Disable LTO on s390x for now. (LP #1931104) -- Paride Legovini <par...@ubuntu.com> Wed, 28 Jul 2021 15:27:12 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1971299/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
