SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for apache2-mod_nss-1.0.8-lp150.8.3.x86_64.rpm :

* Thu Aug 21 2014 drahtAATTsuse.de- mod_nss-cipherlist_update_for_tls12.diff mod_nss-cipherlist_update_for_tls12-doc.diff mod_nss.conf.in: ciphers rsa_aes_128_sha256, rsa_aes_256_sha256, ecdhe_ecdsa_aes_128_sha256 and ecdhe_rsa_aes_128_sha256 (sha2 variants) were added. [bnc#863035]- additional note to changelog of Fri Jun 27 16:13:01 CEST 2014 - drahtAATTsuse.de: The bugzilla reference is [bnc#864929]
* Thu Jul 24 2014 drahtAATTsuse.de- mod_nss-bnc863518-reopen_dev_tty.diff: close(0) and open(\"/dev/tty\", ...) to make sure that stdin can be read from. startproc may inherit wrongly opened file descriptors to httpd. (Note: An analogous fix exists in startproc(8), too.) [bnc#863518]- VirtualHost part in /etc/apache2/conf.d/mod_nss.conf is now externalized to /etc/apache2/conf.d/vhost-nss.template and not activated/read by default. [bnc#878681]- NSSCipherSuite update following additional ciphers of Feb 18 change. [bnc#878681]
* Fri Jun 27 2014 drahtAATTsuse.de- mod_nss-SNI-callback.patch, mod_nss-SNI-checks.patch: server side SNI was not implemented when mod_nss was made; patches implement SNI with checks if SNI provided hostname equals Host: field in http request header.
* Tue Feb 18 2014 drahtAATTsuse.de- mod_nss-cipherlist_update_for_tls12-doc.diff mod_nss-cipherlist_update_for_tls12.diff GCM mode and Camellia ciphers added to the supported ciphers list. The additional ciphers are: rsa_aes_128_gcm_sha == TLS_RSA_WITH_AES_128_GCM_SHA256 rsa_camellia_128_sha == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA rsa_camellia_256_sha == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA ecdh_ecdsa_aes_128_gcm_sha == TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ecdhe_ecdsa_aes_128_gcm_sha == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ecdh_rsa_aes_128_gcm_sha == TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ecdhe_rsa_aes_128_gcm_sha == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [bnc#863035]
* Fri Nov 29 2013 drahtAATTsuse.de- mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566: If \'NSSVerifyClient none\' is set in the server / vhost context (i.e. when server is configured to not request or require client certificate authentication on the initial connection), and client certificate authentication is expected to be required for a specific directory via \'NSSVerifyClient require\' setting, mod_nss fails to properly require certificate authentication. Remote attacker can use this to access content of the restricted directories. [bnc#853039]
* Fri Nov 08 2013 drahtAATTsuse.de- glue documentation added to /etc/apache2/conf.d/mod_nss.conf:
* simultaneaous usage of mod_ssl and mod_nss
* SNI concurrency
* SUSE framework for apache configuration, Listen directive
* module initialization- mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in or mod_nss.conf, respectively. This also leads to the removal of nss.conf.in specific chunks in mod_nss-negotiate.patch and mod_nss-tlsv1_1.patch .- mod_nss_migrate.pl conversion script added; not patched from source, but partially rewritten.- README-SUSE.txt added with step-by-step instructions on how to convert and manage certificates and keys, as well as a rationale about why mod_nss was included in SLES.- package ready for submission [bnc#847216]
* Tue Nov 05 2013 drahtAATTsuse.de- generic cleanup of the package:- explicit Requires: to mozilla-nss >= 3.15.1, as TLS-1.2 support came with this version - this is the objective behind this version update of apache2-mod_nss. Tracker bug [bnc#847216]- change path /etc/apache2/alias to /etc/apache2/mod_nss.d to avoid ambiguously interpreted name of directory.- merge content of /etc/apache2/alias to /etc/apache2/mod_nss.d if /etc/apache2/alias exists.- set explicit filemodes 640 for %post generated
*.db files in /etc/apache2/mod_nss.d
* Fri Aug 02 2013 meissnerAATTsuse.com- mod_nss-tlsv1_1.patch: nss.conf.in missed for TLSv1.2 default.- mod_nss-clientauth.patch: merged from RHEL6 pkg- mod_nss-PK11_ListCerts_2.patch: merged from RHEL6 pkg- mod_nss-no_shutdown_if_not_init_2.patch: merged from RHEL6 pkg- mod_nss-sslmultiproxy.patch: merged from RHEL6 pkg- make it build on both Apache2 2.4 and 2.2 systems
* Thu Aug 01 2013 meissnerAATTsuse.com- Add support for TLS v1.1 and TLS v1.2 (TLS v1.2 requires mozilla nss 3.15.1 or newer.) - merged in mod_nss-proxyvariables.patch and mod_nss-tlsv1_1.patch from redhat to allow tls v1.1 too. - ported the tls v1.1 patch to be tls v1.2 aware - added mod_nss-proxyvariables.patch (from RHEL6 package) - added mod_nss-tlsv1_1.patch (from RHEL6 package, enhanced with TLS 1.2)- mod_nss-array_overrun.patch: from RHEL6 package, fixed a array index overrun
* Fri Jul 12 2013 ajAATTajaissle.de- Changed source to original tar.gz
* Thu Jul 11 2013 ajAATTajaissle.de- Added mod_nns-httpd24.patch to support build with apache 2.4
* Tue Jan 22 2013 ajAATTajaissle.de- Changed mod_nss-conf.patch to adjust mod_nss.conf to match SUSE dir layout [bnc#799483]- Cleaned up license tag
* Sun Apr 15 2012 wrAATTrosenauer.org- import some patches from Fedora- removed autoreconf call
* Wed Feb 17 2010 nixAATTopensuse.org- Fix mod_nss-conf.patch to work on SUSE- Rename package from mod_nss to apache2-mod_nss
  
ICM