SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for mod_nss-1.0.10-9.el6.x86_64.rpm :
Mon Nov 7 13:00:00 2016 Matthew Harmsen - 1.0.10-9
- Backported patch from Rob Crittenden
- Bugzilla Bug #1390359 - foward port NSS OCSP cache settings (rcritten)

Thu Oct 20 14:00:00 2016 Matthew Harmsen - 1.0.10-8
- Resolves: rhbz #1379823 - mod_nss SNI serves incorrect certificate (rcritten)

Wed Aug 24 14:00:00 2016 Matthew Harmsen - 1.0.10-7
- Backported patch from Rob Crittenden
- Clean up semaphore in nss_pcache on shutdown (#1364561)
- Update clean semaphore patch to not close pipe twice and to
shutdown NSS database (#1364561)
- Update clean semaphore patch to not free the pinList twice.
(#1364561)

Thu Feb 25 13:00:00 2016 Matthew Harmsen - 1.0.10-6
- Resolves: rhbz #1312052 - NSSProtocol is ignored when NSSFIPS is enabled.

Tue Jan 19 13:00:00 2016 Rob Crittenden - 1.0.10-5
- Resolves: rhbz #1295490 - Add server-side Server Name Indication
(SNI) support
- Resolves: rhbz #1277613, #1295976 - Always shut down the SSL
session cache when killing the module. This was the source of a
rather large memory leak and potential crash in the case of
SIGHUP or service reload.

Fri Jan 15 13:00:00 2016 Matthew Harmsen - 1.0.10-4
- Resolves: rhbz #1280276 - Relocate and downgrade NSSProxyNickname error
message to a warning (removed error message)

Thu Jan 14 13:00:00 2016 Matthew Harmsen - 1.0.10-3
- Resolves: rhbz #1288477 - mod_nss: detect and fail for colons in
credentials with FakeBasicAuth
- Patch created by jkaluzaAATTredhat.com for \'mod_ssl\' in rhbz #1027442 -
mod_ssl: detect and fail for colons in credentials with FakeBasicAuth

Wed Oct 14 14:00:00 2015 Rob Crittenden - 1.0.10-2
- Resolves: rhbz #1214366 - ssl re-negotiation buffer size in mod_nss
is hard-coded at 128K

Thu Jan 22 13:00:00 2015 Matthew Harmsen - 1.0.10-1
- Resolves: rhbz #1166316 - Rebase mod_nss to 1.0.10 to support TLSv1.2

Thu Jun 5 14:00:00 2014 Matthew Harmsen - 1.0.8-21
- Bumped version build/runtime requirements for \'nspr\' and \'nss\'
- Added runtime dependency for \'nss-softokn\'
- Bugzilla Bug #1002733 - Apache core generated with sig 5
- Bugzilla Bug #1016628 - mod_nss httpd segfaulting regularly
- Bugzilla Bug #866703 - Memory error in mod_nss (eol_memmove.patch)

Wed Nov 27 13:00:00 2013 Rob Crittenden - 1.0.8-20
- Resolves: CVE-2013-4566
- Bugzilla Bug #1030267 - mod_nss: incorrect handling of NSSVerifyClient in
directory context [rhel-6.6]

Fri Nov 15 13:00:00 2013 Rob Crittenden - 1.0.8-19
- Resolves: CVE-2013-4566
- Bugzilla Bug #1030265 - mod_nss: incorrect handling of NSSVerifyClient in
directory context [rhel-6.5.z]

Tue Oct 23 14:00:00 2012 Matthew Harmsen - 1.0.8-18
- Fixes Bugzilla Bug #835071 - [RFE] Support ability to share mod_proxy with
other SSL providers (w/jorton, nkinder, & rcritten)

Tue Oct 16 14:00:00 2012 Matthew Harmsen - 1.0.8-17
- Fixes Bugzilla Bug #816394 - [RFE] Provide Apache 2.2 support for TLS v1.1
via NSS through mod_nss . . .
- Bumped version build/runtime requirements for NSPR and NSS

Wed Oct 3 14:00:00 2012 Matthew Harmsen - 1.0.8-16
- Fixes Bugzilla Bug #769906 - mod_nss insists on Required value
NSSCipherSuite not set. (mod_nss-proxyvariables.patch)

Wed Feb 29 13:00:00 2012 Rob Crittenden - 1.0.8-15
- Fixes Bugzilla Bug #749408 - PK11_ListCerts called to retrieve all user
certificates for every server (mod_nss-PK11_ListCerts.patch)
- Fixes Bugzilla Bug #749409 - Add \'--enable-ecc\' option to %configure
line under %build section of RHEL 6 spec file

Wed Feb 29 13:00:00 2012 Robert Relyea - 1.0.8-14
- Fix \'Bugzilla Bug #797358 - mod_nss fails debug assertion\' by removing
\'mod_nss-no_shutdown_if_not_init.patch\' and applying
\'mod_nss-no_shutdown_if_not_init_2.patch\' instead
- The \'mod_nss-no_shutdown_if_not_init_2.patch\' patch also fixes
Bugzilla Bug #797326 - File descriptor leak after \"service httpd reload\"
or httpd doesn\'t reload

Mon Aug 1 14:00:00 2011 Rob Crittenden - 1.0.8-13
- Fix array overrun when launching nss_pcache (#714154)
- For FakeBasicAuth retrieve the entire subject, not just CN. Prefix this
with \"/\" to be compatible with OpenSSL.
Always retrieve the client certificate, not just on the first request
it is needed. (#702437)
- Don\'t try to shut down NSS if it wasn\'t initialized. (#691502)

Wed Mar 9 13:00:00 2011 Rob Crittenden - 1.0.8-12
- Use memmove in place of memcpy since the buffers can overlap (#682326)

Wed Mar 2 13:00:00 2011 Rob Crittenden - 1.0.8-11
- Lock around the pipe to nss_pcache for retrieving the token PIN
(#677700)

Wed Feb 2 13:00:00 2011 Rob Crittenden - 1.0.8-10
- Apply the patch for #634687

Wed Feb 2 13:00:00 2011 Rob Crittenden - 1.0.8-9
- Add man page for gencert (#605376)
- Fix hang when handling large POST under some conditions (#634687)

Mon Jun 14 14:00:00 2010 Rob Crittenden - 1.0.8-8
- Add Requires on nss-tools for default db creation (#603172)

Thu May 20 14:00:00 2010 Rob Crittenden - 1.0.8-7
- Use remote hostname set by mod_proxy to compare to CN in peer cert (#591901)

Thu Mar 18 13:00:00 2010 Rob Crittenden - 1.0.8-6
- Patch to add configuration options for new NSS negotiation API (#574187)
- Set minimum version of nss to 3.12.6 to pick up renegotiation fix

Wed Feb 24 13:00:00 2010 Rob Crittenden - 1.0.8-5
- Add (pre) for Requires on httpd so we can be sure the user and group are
already available
- Add file Requires on libnssckbi.so so symlink can\'t fail
- Use _sysconfdir macro instead of /etc

Tue Feb 23 13:00:00 2010 Rob Crittenden - 1.0.8-4
- Remove unused variable and perl substitution for gencert. gencert used to
have separate variables for NSS & NSPR libraries, that is gone now so this
variable and substitution aren\'t needed.
- Added comments to patch to identify what they do

Wed Jan 27 13:00:00 2010 Rob Crittenden - 1.0.8-3
- The location of libnssckbi.so moved from /lib[64] to /usr/lib[64] (#558545)
- Don\'t generate output when the default NSS database is generated (#538859)

Mon Nov 30 13:00:00 2009 Dennis Gregorovic - 1.0.8-2.1
- Rebuilt for RHEL 6

Sat Jul 25 14:00:00 2009 Fedora Release Engineering - 1.0.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

Mon Mar 2 13:00:00 2009 Rob Crittenden - 1.0.8-1
- Update to 1.0.8
- Add patch that fixes NSPR layer bug

Wed Feb 25 13:00:00 2009 Fedora Release Engineering - 1.0.7-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

Mon Aug 11 14:00:00 2008 Tom \"spot\" Callaway - 1.0.7-10
- fix license tag

Mon Jul 28 14:00:00 2008 Rob Crittenden - 1.0.7-9
- rebuild to bump NVR

Mon Jul 14 14:00:00 2008 Rob Crittenden - 1.0.7-8
- Don\'t force module de-init during the configuration stage (453508)

Thu Jul 10 14:00:00 2008 Rob Crittenden - 1.0.7-7
- Don\'t inherit the MP cache in multi-threaded mode (454701)
- Don\'t initialize NSS in each child if SSL isn\'t configured

Wed Jul 2 14:00:00 2008 Rob Crittenden - 1.0.7-6
- Update the patch for FIPS to include fixes for nss_pcache, enforce
the security policy and properly initialize the FIPS token.

Mon Jun 30 14:00:00 2008 Rob Crittenden - 1.0.7-5
- Include patch to fix NSSFIPS (446851)

Mon Apr 28 14:00:00 2008 Rob Crittenden - 1.0.7-4
- Apply patch so that mod_nss calls NSS_Init() after Apache forks a child
and not before. This is in response to a change in the NSS softtokn code
and should have always been done this way. (444348)
- The location of libnssckbi moved from /usr/lib[64] to /lib[64]
- The NSS database needs to be readable by apache since we need to use it
after the root priviledges are dropped.

Tue Feb 19 13:00:00 2008 Fedora Release Engineering - 1.0.7-3
- Autorebuild for GCC 4.3

Thu Oct 18 14:00:00 2007 Rob Crittenden 1.0.7-2
- Register functions needed by mod_proxy if mod_ssl is not loaded.

Fri Jun 1 14:00:00 2007 Rob Crittenden 1.0.7-1
- Update to 1.0.7
- Remove Requires for nss and nspr since those are handled automatically
by versioned libraries
- Updated URL and Source to reference directory.fedoraproject.org

Mon Apr 9 14:00:00 2007 Rob Crittenden 1.0.6-2
- Patch to properly detect the Apache model and set up NSS appropriately
- Patch to punt if a bad password is encountered
- Patch to fix crash when password.conf is malformatted
- Don\'t enable ECC support as NSS doesn\'t have it enabled (3.11.4-0.7)

Mon Oct 23 14:00:00 2006 Rob Crittenden 1.0.6-1
- Update to 1.0.6

Fri Aug 4 14:00:00 2006 Rob Crittenden 1.0.3-4
- Include LogLevel warn in nss.conf and use separate log files

Fri Aug 4 14:00:00 2006 Rob Crittenden 1.0.3-3
- Need to initialize ECC certificate and key variables

Fri Aug 4 14:00:00 2006 Jarod Wilson 1.0.3-2
- Use %ghost for db files and install.log

Tue Jun 20 14:00:00 2006 Rob Crittenden 1.0.3-1
- Initial build


  
ICM