Update nss to 3.12.3.1 in Ubuntu 8.04 and later

Bug #407549 reported by Wan-Teh Chang on 2009-08-01
22
This bug affects 2 people
Affects Status Importance Assigned to Milestone
nss (Ubuntu)
High
Alexander Sack
Hardy
Undecided
Alexander Sack
Intrepid
High
Alexander Sack
Jaunty
High
Alexander Sack
Karmic
High
Alexander Sack

Bug Description

Binary package hint: libnss3-1d

The libnss3-1d package in Ubuntu 8.04 LTS is NSS 3.12.0.3 (package version 3.12.0.3-0ubuntu0.8.04.5). This is an old NSS release now. The current NSS release is NSS 3.12.3.1.

To not loose upstream security/stability support we need to roll out latest nss release (3.12.3.1) to our stable ubuntu releases: hardy, intrepid, jaunty.

this requires nspr update to at least 4.7.4; the bug for that is bug 387745

----
Also:

The Chromium browser is affected by an NSS bug (one of the issues in https://bugzilla.mozilla.org/show_bug.cgi?id=444850) that has been fixed in NSS 3.12.1. See Chromium issue 15630 (http://crbug.com/15630). We can't work around this NSS bug. So I'd like to request that the libnss3-1d package in Ubuntu 8.04 LTS be upgraded to NSS 3.12.3.1, or the attached NSS patch be applied to libnss3-1d.

Wan-Teh Chang (wtc-google) wrote :
Wan-Teh Chang (wtc-google) wrote :

One more thing: if you upgrade to NSS 3.12.3.1, the dependent libnspr4-0d package should be upgraded to NSPR 4.7.5.

Alexander Sack (asac) wrote :

we are working on getting major version upgrade everywhere; see: http://www.asoftsite.org/s9y/archives/163-nss-3.12.3-SRU-testing-needed.html

we didnt prepare .1 yet, but i will do that now that its released.

Changed in nss (Ubuntu):
assignee: nobody → Alexander Sack (asac)
importance: Undecided → High
status: New → In Progress
Alexander Sack (asac) wrote :

importance high ... not because of chromium, but because for security support reasons.

summary: - Update libnss3-1d in Ubuntu 8.04 LTS
+ Update libnss3-1d in Ubuntu 8.04 and later
summary: - Update libnss3-1d in Ubuntu 8.04 and later
+ Update nss to 3.12.3.1 in Ubuntu 8.04 and later
Changed in nss (Ubuntu Jaunty):
assignee: nobody → Alexander Sack (asac)
importance: Undecided → High
status: New → In Progress
Changed in nss (Ubuntu Intrepid):
assignee: nobody → Alexander Sack (asac)
importance: Undecided → High
status: New → In Progress
Changed in nss (Ubuntu Hardy):
assignee: nobody → Alexander Sack (asac)
status: New → In Progress
Alexander Sack (asac) on 2009-08-01
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nss - 3.12.3.1-0ubuntu1

---------------
nss (3.12.3.1-0ubuntu1) karmic; urgency=low

  * new upstream release 3.12.3.1 RTM (NSS_3_12_3_1_RTM) (LP: #407549)
    - see USN-810-1

 -- Alexander Sack <email address hidden> Sat, 01 Aug 2009 17:05:48 +0200

Changed in nss (Ubuntu Karmic):
status: In Progress → Fix Released
Martin Pitt (pitti) wrote :

Accepted into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in nss (Ubuntu Jaunty):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in nss (Ubuntu Intrepid):
status: In Progress → Fix Committed
Martin Pitt (pitti) wrote :

Accepted into intrepid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Alexander Sack (asac) wrote :

jaunty verification done: (see https://wiki.ubuntu.com/MozillaTeam/SecurityNotes/Nss3.12.3)
 1. new intrepid nss/nspr works fine on current jaunty (without rebuild firefox/xulrunner)
 2. new jaunty nss/nspr works fine on current jaunty (without rebuild firefox/xulrunner)
 3. new jaunty nss/nspr works fine with NEW jaunty (with latest firefox/xulrunner security updates from https://edge.launchpad.net/~ubuntu-mozilla-security/+archive/ppa)

Alexander Sack (asac) wrote :

... more jaunty verification

jaunty verification for evolution:
 pre. setup account that uses imaps (SSL encryption) for gmail account
 1. new intrepid nss/nspr works fine on release jaunty with evolution
 2. new jaunty nss/nspr works on release jaunty with evolution

jaunty verification for thunderbird:
 pre. setup account that uses imaps (SSL encryption) for gmail account
 1. new intrepid nss/nspr works fine on release jaunty with thunderbird
 2. new jaunty nss/nspr works on release jaunty with thunderbird

Jamie Strandboge (jdstrand) wrote :

intrepid verification done: (see https://wiki.ubuntu.com/MozillaTeam/SecurityNotes/Nss3.12.3)
 1. new hardy nss/nspr works fine on current intrepid (without rebuild firefox/xulrunner)
 2. new intrepid nss/nspr works fine on current intrepid (without rebuild firefox/xulrunner)
 3. new intrepid nss/nspr works fine with NEW intrepid (with latest firefox/xulrunner security

intrepid verification for evolution:
 pre. setup account that uses pop3s (SSL encryption) for dovecot account
 1. new hardy nss/nspr works fine on release intrepid with evolution
 2. new intrepid nss/nspr works on release intrepid with evolution

intrepid verification for thunderbird:
 pre. setup account that uses pop3s (SSL encryption) for dovecot account
 1. new hardy nss/nspr works fine on release intrepid with thunderbird
 2. new intrepid nss/nspr works on release intrepid with thunderbird

Jamie Strandboge (jdstrand) wrote :

hardy verification done: (see https://wiki.ubuntu.com/MozillaTeam/SecurityNotes/Nss3.12.3)
 1. new hardy nss/nspr works fine on current hardy (without rebuild firefox/xulrunner)
 2. new hardy nss/nspr works fine with NEW hardy (with latest firefox/xulrunner security

hardy verification for evolution:
 pre. setup account that uses pop3s (SSL encryption) for dovecot account
 1. new hardy nss/nspr works fine on release intrepid with evolution

hardy verification for thunderbird:
 pre. setup account that uses pop3s (SSL encryption) for dovecot account
 1. new hardy nss/nspr works fine on release intrepid with thunderbird

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nss - 3.12.3.1-0ubuntu0.8.04.1

---------------
nss (3.12.3.1-0ubuntu0.8.04.1) hardy-security; urgency=low

  * new upstream release 3.12.3.1 RTM (NSS_3_12_3_1_RTM) (LP: #407549)
    - see USN-810-1
  * requires nspr >= 4.7.4
    - update debian/control
  * drop (ubuntu-)useless kbsd patch
    - delete debian/patches/38_kbsd.patch
  * drop obsolete patches fixed upstream
    - delete debian/patches/80_security_tools.patch
    - delete debian/patches/bz471715_attachment_357235-backport.patch
  * adjust patches to new upstream codebase
    - update debian/patches/38_mips64_build.patch
    - update debian/patches/81_sonames.patch
  * LP: #388350 - nss 3.12.3-0ubuntu2 ftbfs in karmic - shlibsign crashes; we add
    debian/libnss3-1d/usr/lib/nss to LD_LIBRARY_PATH for the shlibsign invocation
    used to sign libs in debian/rules
    - update debian/rules
  * update .symbols files for new upstream api
    - update debian/libnss3-1d.symbols
  * bump shlibs version to >= 3.12.3
    - update debian/rules

 -- Alexander Sack <email address hidden> Sat, 01 Aug 2009 16:57:40 +0200

Changed in nss (Ubuntu Hardy):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nss - 3.12.3.1-0ubuntu0.8.10.1

---------------
nss (3.12.3.1-0ubuntu0.8.10.1) intrepid-security; urgency=low

  * new upstream release 3.12.3.1 RTM (NSS_3_12_3_1_RTM) (LP: #407549)
    - see USN-810-1
  * requires nspr >= 4.7.4
    - update debian/control
  * drop (ubuntu-)useless kbsd patch
    - delete debian/patches/38_kbsd.patch
  * drop obsolete patches fixed upstream
    - delete debian/patches/80_security_tools.patch
    - delete debian/patches/bz471715_attachment_357235-backport.patch
  * adjust patches to new upstream codebase
    - update debian/patches/38_mips64_build.patch
    - update debian/patches/81_sonames.patch
  * LP: #388350 - nss 3.12.3-0ubuntu2 ftbfs in karmic - shlibsign crashes; we add
    debian/libnss3-1d/usr/lib/nss to LD_LIBRARY_PATH for the shlibsign invocation
    used to sign libs in debian/rules
    - update debian/rules
  * update .symbols files for new upstream api
    - update debian/libnss3-1d.symbols
  * bump shlibs version to >= 3.12.3
    - update debian/rules

 -- Alexander Sack <email address hidden> Sat, 01 Aug 2009 16:54:10 +0200

Changed in nss (Ubuntu Intrepid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nss - 3.12.3.1-0ubuntu0.9.04.1

---------------
nss (3.12.3.1-0ubuntu0.9.04.1) jaunty-security; urgency=low

  * new upstream release 3.12.3.1 RTM (NSS_3_12_3_1_RTM) (LP: #407549)
    - see USN-810-1
  * adjust patches to changed upstream code base
    - update debian/patches/38_kbsd.patch
  * needs nspr >= 4.7.4
    - update debian/control
  * update 85_security_load.patch to latest debian version
    - update debian/patches/85_security_load.patch
  * add new symbols for 3.12.3
    - update debian/libnss3-1d.symbols
  * LP: #388350 - nss 3.12.3-0ubuntu2 ftbfs in karmic - shlibsign crashes; we add
    debian/libnss3-1d/usr/lib/nss to LD_LIBRARY_PATH for the shlibsign invocation
    used to sign libs in debian/rules
    - update debian/rules
  * append LD_LIBRARY_PATH to shlibsign invocation to make fakeroot builds happy
    - update debian/rules

 -- Alexander Sack <email address hidden> Wed, 29 Jul 2009 22:38:28 +0200

Changed in nss (Ubuntu Jaunty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers