SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for apache2-mod_nss-1.0.8-34.1.x86_64.rpm :
Tue Nov 4 13:00:00 2014 kstreitovaAATTsuse.com
- bnc#902068: added mod_nss-add_support_for_enabling_TLS_v1.2.patch
that adding small fixes for support of TLS v1.2

Wed Oct 29 13:00:00 2014 kstreitovaAATTsuse.com
- bnc#897712: added mod_nss-compare_subject_CN_and_VS_hostname.patch
that compare CN and VS hostname (use NSS library). Removed
following patches:

* mod_nss-SNI-checks.patch

* mod_nss-SNI-callback.patch

Thu Aug 21 14:00:00 2014 meissnerAATTsuse.com
- mod_nss-cipherlist_update_for_tls12-doc.diff,
mod_nss-cipherlist_update_for_tls12.diff,
mod_nss.conf.in: Added more TLS 1.2 ciphers, the CBC with SHA256.

Thu Jul 24 14:00:00 2014 drahtAATTsuse.de
- mod_nss-bnc863518-reopen_dev_tty.diff: close(0) and
open(\"/dev/tty\", ...) to make sure that stdin can be read from.
startproc may inherit wrongly opened file descriptors to httpd.
(Note: An analogous fix exists in startproc(8), too.)
[bnc#863518]
- VirtualHost part in /etc/apache2/conf.d/mod_nss.conf is now
externalized to /etc/apache2/conf.d/vhost-nss.template and not
activated/read by default. [bnc#878681]
- NSSCipherSuite update following additional ciphers of Feb 18
change. [bnc#878681]

Fri Jun 27 14:00:00 2014 drahtAATTsuse.de
- mod_nss-SNI-callback.patch, mod_nss-SNI-checks.patch:
server side SNI was not implemented when mod_nss was made;
patches implement SNI with checks if SNI provided hostname
equals Host: field in http request header.

Tue Feb 18 13:00:00 2014 drahtAATTsuse.de
- mod_nss-cipherlist_update_for_tls12-doc.diff
mod_nss-cipherlist_update_for_tls12.diff
GCM mode and Camellia ciphers added to the supported ciphers list.
The additional ciphers are:
rsa_aes_128_gcm_sha == TLS_RSA_WITH_AES_128_GCM_SHA256
rsa_camellia_128_sha == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
rsa_camellia_256_sha == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
ecdh_ecdsa_aes_128_gcm_sha == TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
ecdhe_ecdsa_aes_128_gcm_sha == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ecdh_rsa_aes_128_gcm_sha == TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
ecdhe_rsa_aes_128_gcm_sha == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[bnc#863035]

Fri Nov 29 13:00:00 2013 drahtAATTsuse.de
- mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566:
If \'NSSVerifyClient none\' is set in the server / vhost context
(i.e. when server is configured to not request or require client
certificate authentication on the initial connection), and client
certificate authentication is expected to be required for a
specific directory via \'NSSVerifyClient require\' setting,
mod_nss fails to properly require certificate authentication.
Remote attacker can use this to access content of the restricted
directories. [bnc#853039]

Fri Nov 8 13:00:00 2013 drahtAATTsuse.de
- glue documentation added to /etc/apache2/conf.d/mod_nss.conf:

* simultaneaous usage of mod_ssl and mod_nss

* SNI concurrency

* SUSE framework for apache configuration, Listen directive

* module initialization
- mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in
or mod_nss.conf, respectively. This also leads to the removal of
nss.conf.in specific chunks in mod_nss-negotiate.patch and
mod_nss-tlsv1_1.patch .
- mod_nss_migrate.pl conversion script added; not patched from
source, but partially rewritten.
- README-SUSE.txt added with step-by-step instructions on how to
convert and manage certificates and keys, as well as a rationale
about why mod_nss was included in SLES.
- package ready for submission [bnc#847216]

Tue Nov 5 13:00:00 2013 drahtAATTsuse.de
- generic cleanup of the package:
- explicit Requires: to mozilla-nss >= 3.15.1, as TLS-1.2 support
came with this version - this is the objective behind this
version update of apache2-mod_nss. Tracker bug [bnc#847216]
- change path /etc/apache2/alias to /etc/apache2/mod_nss.d to avoid
ambiguously interpreted name of directory.
- merge content of /etc/apache2/alias to /etc/apache2/mod_nss.d if
/etc/apache2/alias exists.
- set explicit filemodes 640 for %post generated
*.db files in
/etc/apache2/mod_nss.d

Fri Aug 2 14:00:00 2013 meissnerAATTsuse.com
- mod_nss-tlsv1_1.patch: nss.conf.in missed for TLSv1.2 default.
- mod_nss-clientauth.patch: merged from RHEL6 pkg
- mod_nss-PK11_ListCerts_2.patch: merged from RHEL6 pkg
- mod_nss-no_shutdown_if_not_init_2.patch: merged from RHEL6 pkg
- mod_nss-sslmultiproxy.patch: merged from RHEL6 pkg
- make it build on both Apache2 2.4 and 2.2 systems

Thu Aug 1 14:00:00 2013 meissnerAATTsuse.com
- Add support for TLS v1.1 and TLS v1.2
(TLS v1.2 requires mozilla nss 3.15.1 or newer.)
- merged in mod_nss-proxyvariables.patch and mod_nss-tlsv1_1.patch
from redhat to allow tls v1.1 too.
- ported the tls v1.1 patch to be tls v1.2 aware
- added mod_nss-proxyvariables.patch (from RHEL6 package)
- added mod_nss-tlsv1_1.patch (from RHEL6 package, enhanced with TLS 1.2)
- mod_nss-array_overrun.patch: from RHEL6 package, fixed a array index overrun

Fri Jul 12 14:00:00 2013 ajAATTajaissle.de
- Changed source to original tar.gz

Thu Jul 11 14:00:00 2013 ajAATTajaissle.de
- Added mod_nns-httpd24.patch to support build with apache 2.4

Tue Jan 22 13:00:00 2013 ajAATTajaissle.de
- Changed mod_nss-conf.patch to adjust mod_nss.conf to match SUSE
dir layout [bnc#799483]
- Cleaned up license tag

Sun Apr 15 14:00:00 2012 wrAATTrosenauer.org
- import some patches from Fedora
- removed autoreconf call

Wed Feb 17 13:00:00 2010 nixAATTopensuse.org
- Fix mod_nss-conf.patch to work on SUSE
- Rename package from mod_nss to apache2-mod_nss


  
ICM