apache2-mod_nss

pool/apache2-mod_nss

SHA256

Fork 1

Commit Graph

Author	SHA256	Message	Date
Petr Gajdos	39ebee229b	Accepting request 584463 from home:vitezslav_cizek:branches:Apache:Modules - Since the update to NSS 3.35, the default NSS certificate database format changed from Berkley DB to SQLite - use %license tag - Update to 1.0.15 * Try to auto-detect the NSS database format if not specified * Update nss_pcache.8 man page to drop directory and prefix * When a token is configured in password file only authenticate once * Return an error when NSSPassPhraseDialog is invalid * Move 3DES ciphers down from HIGH to MEDIUM to match OpenSSL 1.0.2k+ * Add -Werror=implicit-function-declaration to CFLAGS * Handle group membership when testing for file permissions * NSS system-wide policy now disables SSLv3, don't use it in tests * Add missing error messages for libssl errors * Fix doc typo in SSL_[SERVER\|CLIENT]_SAN_IPaddr env variable name * When including additional test config use specific extension * Fix the TLS Session ID cache * Make an invalid protocol setting fatal * Don't use same NSS db in nss_pcache as mod_nss, use NSS_NoDB_Init() * Add info log message when FIPS is enabled * Add AES-256 and drop DES, CAST128, SKIPJACK as wrapping key types * Fix removal of CR from PEM certificates * Add OCSP caching and timeout tuning knobs * Check the NSS database directory permissions as well as the files inside it for read access on startup. * Add in simple aliases for ciphers to fix those that don't follow the pattern (dhe_rsa_aes_128_sha256, dhe_rsa_aes_256_sha256) and those with typos (camelia_128_sha, camelia_256_sha) * Fix semaphore leak OBS-URL: https://build.opensuse.org/request/show/584463 OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_nss?expand=0&rev=40	2018-03-09 16:02:16 +00:00
Wolfgang Rosenauer	ce9f02cd08	Accepting request 242385 from home:draht:branches:mozilla:Factory - mod_nss-bnc863518-reopen_dev_tty.diff: close(0) and open("/dev/tty", ...) to make sure that stdin can be read from. startproc may inherit wrongly opened file descriptors to httpd. (Note: An analogous fix exists in startproc(8), too.) [bnc#863518] - VirtualHost part in /etc/apache2/conf.d/mod_nss.conf is now externalized to /etc/apache2/conf.d/vhost-nss.template and not activated/read by default. [bnc#878681] - NSSCipherSuite update following additional ciphers of Feb 18 change. [bnc#878681] - mod_nss-SNI-callback.patch, mod_nss-SNI-checks.patch: server side SNI was not implemented when mod_nss was made; patches implement SNI with checks if SNI provided hostname equals Host: field in http request header. OBS-URL: https://build.opensuse.org/request/show/242385 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/apache2-mod_nss?expand=0&rev=10	2014-07-25 14:00:54 +00:00

Author

SHA256

Message

Date

Petr Gajdos

39ebee229b

Accepting request 584463 from home:vitezslav_cizek:branches:Apache:Modules

- Since the update to NSS 3.35, the default NSS certificate
  database format changed from Berkley DB to SQLite
- use %license tag

- Update to 1.0.15
  * Try to auto-detect the NSS database format if not specified
  * Update nss_pcache.8 man page to drop directory and prefix
  * When a token is configured in password file only authenticate once
  * Return an error when NSSPassPhraseDialog is invalid
  * Move 3DES ciphers down from HIGH to MEDIUM to match OpenSSL 1.0.2k+
  * Add -Werror=implicit-function-declaration to CFLAGS
  * Handle group membership when testing for file permissions
  * NSS system-wide policy now disables SSLv3, don't use it in tests
  * Add missing error messages for libssl errors
  * Fix doc typo in SSL_[SERVER|CLIENT]_SAN_IPaddr env variable name
  * When including additional test config use specific extension
  * Fix the TLS Session ID cache
  * Make an invalid protocol setting fatal
  * Don't use same NSS db in nss_pcache as mod_nss, use NSS_NoDB_Init()
  * Add info log message when FIPS is enabled
      * Add AES-256 and drop DES, CAST128, SKIPJACK as wrapping key types
  * Fix removal of CR from PEM certificates
  * Add OCSP caching and timeout tuning knobs
  * Check the NSS database directory permissions as well as the files
    inside it for read access on startup.
  * Add in simple aliases for ciphers to fix those that
    don't follow the pattern (dhe_rsa_aes_128_sha256,
    dhe_rsa_aes_256_sha256) and those with typos
    (camelia_128_sha, camelia_256_sha)
  * Fix semaphore leak

OBS-URL: https://build.opensuse.org/request/show/584463
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_nss?expand=0&rev=40

2018-03-09 16:02:16 +00:00

Wolfgang Rosenauer

ce9f02cd08

Accepting request 242385 from home:draht:branches:mozilla:Factory

- mod_nss-bnc863518-reopen_dev_tty.diff: close(0) and 
  open("/dev/tty", ...) to make sure that stdin can be read from.
  startproc may inherit wrongly opened file descriptors to httpd.
  (Note: An analogous fix exists in startproc(8), too.)
  [bnc#863518]
- VirtualHost part in /etc/apache2/conf.d/mod_nss.conf is now
  externalized to /etc/apache2/conf.d/vhost-nss.template and not
  activated/read by default. [bnc#878681]
- NSSCipherSuite update following additional ciphers of Feb 18
  change. [bnc#878681]

- mod_nss-SNI-callback.patch, mod_nss-SNI-checks.patch:
  server side SNI was not implemented when mod_nss was made;
  patches implement SNI with checks if SNI provided hostname
  equals Host: field in http request header.

OBS-URL: https://build.opensuse.org/request/show/242385
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/apache2-mod_nss?expand=0&rev=10

2014-07-25 14:00:54 +00:00

2 Commits