Changelog for
mod_nss-1.0.14-7.el7.x86_64.rpm :
Wed Sep 21 14:00:00 2016 Rob Crittenden
- 1.0.14-7
- Add the permission patch to the repository (#1312583)
Wed Sep 21 14:00:00 2016 Rob Crittenden - 1.0.14-6
- Check the NSS certificate database directory for read permissions
by the Apache user. (#1312583)
Wed Aug 10 14:00:00 2016 Rob Crittenden - 1.0.14-5
- Update clean semaphore patch to not free the pinList twice.
(#1364560)
Tue Aug 9 14:00:00 2016 Rob Crittenden - 1.0.14-4
- Update clean semaphore patch to not close pipe twice and to
shutdown NSS database (#1364560)
Mon Aug 8 14:00:00 2016 Rob Crittenden - 1.0.14-3
- Clean up semaphore in nss_pcache on shutdown (#1364560)
Tue Jun 28 14:00:00 2016 Matthew Harmsen - 1.0.14-2
- mod_nss sets r->user in fixup even if it was long ago changed
by other module (#1347298)
Mon May 23 14:00:00 2016 Rob Crittenden - 1.0.14-1
- Rebase to 1.0.14 (#1299063)
- Add support for Server Name Indication (SNI) (#1053327)
- Use upstream method to not execute live tests as root (#1256887)
- Always call SSL_ShutdownServerSessionIDCache() in ModuleKill
(#1263301, #1296685)
- Don\'t require NSSProxyNickname (#1280287)
- Make link to libnssckbi.so an absolute link (#1288471)
- Fail for colons in credentials with FakeBasicAuth (#1295970)
- Don\'t ignore NSSProtocol when NSSFIPS is enabled (#1312491)
- Check filesystem permissions on NSS database at startup (#1312583)
- OpenSSL ciphers stopped parsing at +, CVE-2016-3099 (#1323913)
- Patch to match available ciphers so tests pass (#1299063)
- Patch to fix tests in brew (#1299063)
Tue Sep 22 14:00:00 2015 Rob Crittenden - 1.0.11-6
- Add the supported NSS SHA384 ciphers (#1253570)
- Add kECDH, AECDH, ECDSA and aECDSA macros (#1253570)
- Bump the NSS BR and Requires so the new ciphers are available
- Bump the NSPR Requires to match NSS
Mon Sep 21 14:00:00 2015 Rob Crittenden - 1.0.11-5
- Don\'t enable NULL ciphers in DEFAULT macro (#1253570)
- Add OpenSSL cipher macro EECDH (#1160745)
- Disable the live server testing in make check because it
may run as root and fail horribly (#1160745)
Thu Aug 27 14:00:00 2015 Rob Crittenden - 1.0.11-4
- Handle permanently disabled ciphers in call to SSL_CipherPrefSet
(#1160745)
Mon Aug 17 14:00:00 2015 Rob Crittenden - 1.0.11-3
- Fix logical and support in cipher strings CVE-2015-3277
(#1253570)
- Add missing BuildRequires and small patch to use requests.urllib3
to fix make check (#1253570)
Wed Jul 29 14:00:00 2015 Matthew Harmsen - 1.0.11-2
- Resolves: rhbz #1066236
- Bugzilla Bug #1066236 - mod_nss: documentation formatting fixes
Thu Jun 11 14:00:00 2015 Rob Crittenden - 1.0.11-1
- Resolves: rhbz #1160745 - Rebase mod_nss to 1.0.11
Mon Jan 5 13:00:00 2015 Matthew Harmsen - 1.0.8-33
- Resolves: rhbz #1169871
- Bugzilla Bug #1169871 - Default configuration enables SSL3
Fri Jan 24 13:00:00 2014 Daniel Mach - 1.0.8-32
- Mass rebuild 2014-01-24
Mon Jan 13 13:00:00 2014 Matthew Harmsen - 1.0.8-31
- Resolves: rhbz #1029360
- Bugzilla Bug #1029360 - ambiguous/invalid ENVR in httpd-mmn Provides/Requires
- corrected typo on date
Mon Jan 13 13:00:00 2014 Matthew Harmsen - 1.0.8-30
- Resolves: rhbz #1029360
- Bugzilla Bug #1029360 - ambiguous/invalid ENVR in httpd-mmn Provides/Requires
Fri Dec 27 13:00:00 2013 Daniel Mach - 1.0.8-29
- Mass rebuild 2013-12-27
Wed Nov 27 13:00:00 2013 Matthew Harmsen - 1.0.8-28
- Resolves: rhbz #1030276
- [mod_nss-usecases.patch]
- Bugzilla Bug #1030276 - mod_nss not working in FIPS mode
Fri Nov 15 13:00:00 2013 Rob Crittenden - 1.0.8-27
- Resolves: CVE-2013-4566
- Bugzilla Bug #1024536 - mod_nss: incorrect handling of NSSVerifyClient in
directory context [rhel-7.0] (rcritten)
- Bugzilla Bug #1030845 - mod_nss: do not use %configure in %changelog
(mharmsen)
Tue Nov 12 13:00:00 2013 Joe Orton - 1.0.8-26
- [mod_nss-SSLEngine-off.patch]
- Bugzilla Bug #1029042 - Implicit SSLEngine for 443 port breaks mod_nss
configuration (jorton)
- [mod_nss-unused-filter_ctx.patch]
- Bugzilla Bug #1029665 - Remove unused variable \'filter_ctx\' (mharmsen)
Fri Nov 1 13:00:00 2013 Tomas Hoger - 1.0.8-25
- Bugzilla Bug #1025317 - mod_nss: documentation formatting fixes [rhel-7]
Thu Oct 24 14:00:00 2013 Matthew Harmsen - 1.0.8-24
- Add \'--enable-ecc\' option to %configure line under %build section of
this spec file (mharmsen)
- Bumped version build/runtime requirements for NSPR and NSS (mharmsen)
- [mod_nss-PK11_ListCerts_2.patch]
- Bugzilla Bug #1022295 - PK11_ListCerts called to retrieve all user
certificates for every server (rcritten)
- [mod_nss-array_overrun.patch]
- Bugzilla Bug #1022298 - overrunning array when executing nss_pcache
(rcritten)
- [mod_nss-clientauth.patch]
- Bugzilla Bug #1022921 - mod_nss: FakeBasicAuth authentication bypass
[rhel-7.0] (rcritten)
- [mod_nss-no_shutdown_if_not_init_2.patch]
- Bugzilla Bug #1022303 - File descriptor leak after \"service httpd reload\"
or httpd doesn\'t reload (rrelyea)
- [mod_nss-proxyvariables.patch]
- Bugzilla Bug #1022309 - mod_nss insists on Required value NSSCipherSuite
not set. (mharmsen)
- [mod_nss-tlsv1_1.patch]
- Bugzilla Bug #1022310 - current nss support TLS 1.1 so mod_nss should pick
it up (mharmsen)
- [mod_nss-sslmultiproxy_2.patch]
- Fixes Bugzilla Bug #1021458 - [RFE] Support ability to share mod_proxy with
other SSL providers (jorton, mharmsen, nkinder, & rcritten)
Tue Jul 30 14:00:00 2013 Joe Orton - 1.0.8-23
- add dependency on httpd-mmn
Wed Jul 3 14:00:00 2013 Matthew Harmsen - 1.0.8-22
- Moved \'nss_pcache\' from %sbindir to %libexecdir
(provided compatibility link)
Tue Jul 2 14:00:00 2013 Matthew Harmsen - 1.0.8-21.1
- Add the following explanation to the \'Dangling symlinks\' textbox in rpmdiff:
Symlink \'etc/httpd/alias/libnssckbi.so\' is deliberate.
This test does not belong in rpmdiff. This test belongs in TPS.
Since the symlink points to a file in another package, e.g. a
dependency or a system file, rpmdiff cannot detect this. Remember,
rpmdiff does not install or even know about package dependencies.
That\'s TPS\'s job.
- Add the following explanation to the \'Brewtap results\' textbox in rpmdiff:
The \'/etc/httpd/conf.d/nss.conf\' file does not require a man page
because its parameters are sufficiently documented within the
configuration file itself.
The \'/etc/httpd/conf.modules.d/10-nss.conf\' file does not require
a man page because the file merely contains the line
\'LoadModule nss_module modules/libmodnss.so\' to support httpd
loading of Dynamic Shared Objects (\'/etc/httpd/conf/httpd.conf\').
Tue Jun 25 14:00:00 2013 Matthew Harmsen - 1.0.8-21
- Bugzilla Bug #884115 - Package mod_nss-1.0.8-18.1.el7 failed RHEL7 RPMdiff
testing
- Bugzilla Bug #906082 - mod_nss requires manpages for gencert and nss_pcache
- Bugzilla Bug #906089 - Fix dangling symlinks in mod_nss
- Bugzilla Bug #906097 - Correct RPM Parse Warning in mod_nss.spec
- Bugzilla Bug #948601 - Man page scan results for mod_nss
Thu Feb 14 13:00:00 2013 Fedora Release Engineering - 1.0.8-20.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
Fri Jul 20 14:00:00 2012 Fedora Release Engineering - 1.0.8-19.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
Mon Jun 18 14:00:00 2012 Joe Orton - 1.0.8-18.1
- fix build for RHEL7
Fri Jun 15 14:00:00 2012 Rob Crittenden - 1.0.8-18
- Actually apply the patch to use memmove in place of memcpy since the
buffers can overlap (#669118)
Tue Jun 12 14:00:00 2012 Nathan Kinder - 1.0.8-17
- Port mod_nss to work with httpd 2.4
Mon Apr 23 14:00:00 2012 Joe Orton - 1.0.8-16
- packaging fixes/updates (#803072)
Fri Jan 13 13:00:00 2012 Fedora Release Engineering - 1.0.8-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
Mon Mar 7 13:00:00 2011 Rob Crittenden - 1.0.8-14
- Add Requires(post) for nss-tools, gencert needs it (#652007)
Wed Mar 2 13:00:00 2011 Rob Crittenden - 1.0.8-13
- Lock around the pipe to nss_pcache for retrieving the token PIN
(#677701)
Tue Feb 8 13:00:00 2011 Fedora Release Engineering - 1.0.8-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
Wed Jan 12 13:00:00 2011 Rob Crittenden - 1.0.8-11
- Use memmove in place of memcpy since the buffers can overlap (#669118)
Wed Sep 29 14:00:00 2010 jkeating - 1.0.8-10
- Rebuilt for gcc bug 634757
Thu Sep 23 14:00:00 2010 Rob Crittenden - 1.0.8-9
- Revert mod_nss-wouldblock patch
- Reset NSPR error before calling PR_Read(). This should fix looping
in #620856
Fri Sep 17 14:00:00 2010 Rob Crittenden - 1.0.8-8
- Fix hang when handling large POST under some conditions (#620856)
Tue Jun 22 14:00:00 2010 Rob Crittenden - 1.0.8-7
- Remove file Requires on libnssckbi.so (#601939)
Fri May 14 14:00:00 2010 Rob Crittenden - 1.0.8-6
- Ignore SIGHUP in nss_pcache (#591889).
Thu May 13 14:00:00 2010 Rob Crittenden - 1.0.8-5
- Use remote hostname set by mod_proxy to compare to CN in peer cert (#591224)
Thu Mar 18 13:00:00 2010 Rob Crittenden - 1.0.8-4
- Patch to add configuration options for new NSS negotiation API (#574187)
- Add (pre) for Requires on httpd so we can be sure the user and group are
already available
- Add file Requires on libnssckbi.so so symlink can\'t fail
- Use _sysconfdir macro instead of /etc
- Set minimum level of NSS to 3.12.6
Mon Jan 25 13:00:00 2010 Rob Crittenden - 1.0.8-3
- The location of libnssckbi moved from /lib[64] to /usr/lib[64] (556744)
Sat Jul 25 14:00:00 2009 Fedora Release Engineering - 1.0.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
Mon Mar 2 13:00:00 2009 Rob Crittenden - 1.0.8-1
- Update to 1.0.8
- Add patch that fixes NSPR layer bug
Wed Feb 25 13:00:00 2009 Fedora Release Engineering - 1.0.7-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
Mon Aug 11 14:00:00 2008 Tom \"spot\" Callaway - 1.0.7-10
- fix license tag
Mon Jul 28 14:00:00 2008 Rob Crittenden - 1.0.7-9
- rebuild to bump NVR
Mon Jul 14 14:00:00 2008 Rob Crittenden - 1.0.7-8
- Don\'t force module de-init during the configuration stage (453508)
Thu Jul 10 14:00:00 2008 Rob Crittenden - 1.0.7-7
- Don\'t inherit the MP cache in multi-threaded mode (454701)
- Don\'t initialize NSS in each child if SSL isn\'t configured
Wed Jul 2 14:00:00 2008 Rob Crittenden - 1.0.7-6
- Update the patch for FIPS to include fixes for nss_pcache, enforce
the security policy and properly initialize the FIPS token.
Mon Jun 30 14:00:00 2008 Rob Crittenden - 1.0.7-5
- Include patch to fix NSSFIPS (446851)
Mon Apr 28 14:00:00 2008 Rob Crittenden - 1.0.7-4
- Apply patch so that mod_nss calls NSS_Init() after Apache forks a child
and not before. This is in response to a change in the NSS softtokn code
and should have always been done this way. (444348)
- The location of libnssckbi moved from /usr/lib[64] to /lib[64]
- The NSS database needs to be readable by apache since we need to use it
after the root priviledges are dropped.
Tue Feb 19 13:00:00 2008 Fedora Release Engineering - 1.0.7-3
- Autorebuild for GCC 4.3
Thu Oct 18 14:00:00 2007 Rob Crittenden 1.0.7-2
- Register functions needed by mod_proxy if mod_ssl is not loaded.
Fri Jun 1 14:00:00 2007 Rob Crittenden 1.0.7-1
- Update to 1.0.7
- Remove Requires for nss and nspr since those are handled automatically
by versioned libraries
- Updated URL and Source to reference directory.fedoraproject.org
Mon Apr 9 14:00:00 2007 Rob Crittenden 1.0.6-2
- Patch to properly detect the Apache model and set up NSS appropriately
- Patch to punt if a bad password is encountered
- Patch to fix crash when password.conf is malformatted
- Don\'t enable ECC support as NSS doesn\'t have it enabled (3.11.4-0.7)
Mon Oct 23 14:00:00 2006 Rob Crittenden 1.0.6-1
- Update to 1.0.6
Fri Aug 4 14:00:00 2006 Rob Crittenden 1.0.3-4
- Include LogLevel warn in nss.conf and use separate log files
Fri Aug 4 14:00:00 2006 Rob Crittenden 1.0.3-3
- Need to initialize ECC certificate and key variables
Fri Aug 4 14:00:00 2006 Jarod Wilson 1.0.3-2
- Use %ghost for db files and install.log
Tue Jun 20 14:00:00 2006 Rob Crittenden 1.0.3-1
- Initial build