apache2-mod_nss

pool/apache2-mod_nss

SHA256

Fork 1

Commit Graph

Author	SHA256	Message	Date
Cristian Rodríguez	d206ad095d	Accepting request 375069 from home:vitezslav_cizek:branches:Apache:Modules - use a whitelist approach for keeping directives in the migration script (bsc#961907) * modify mod_nss_migrate.pl - fix test: add NSSPassPhraseDialog, point it to plain file - update to 1.0.13 Update default ciphers to something more modern and secure Check for host and netstat commands in gencert before trying to use them Add server support for DHE ciphers Extract SAN from server/client certificates into env Fix memory leaks and other coding issues caught by clang analyzer Add support for Server Name Indication (SNI) (#1010751) Add support for SNI for reverse proxy connections Add RenegBufferSize? option Add support for TLS Session Tickets (RFC 5077) Fix logical AND support in OpenSSL cipher compatibility Correctly handle disabled ciphers (CVE-2015-5244) Implement a slew more OpenSSL cipher macros Fix a number of illegal memory accesses and memory leaks Support for SHA384 ciphers if they are available in NSS Add compatibility for mod_ssl-style cipher definitions (#862938) Add TLSv1.2-specific ciphers Completely remove support for SSLv2 Add support for sqlite NSS databases (#1057650) Compare subject CN and VS hostname during server start up Add support for enabling TLS v1.2 Don't enable SSL 3 by default (CVE-2014-3566) Fix CVE-2013-4566 Move nss_pcache to /usr/libexec OBS-URL: https://build.opensuse.org/request/show/375069 OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_nss?expand=0&rev=22	2016-03-30 14:57:58 +00:00
Wolfgang Rosenauer	ce9f02cd08	Accepting request 242385 from home:draht:branches:mozilla:Factory - mod_nss-bnc863518-reopen_dev_tty.diff: close(0) and open("/dev/tty", ...) to make sure that stdin can be read from. startproc may inherit wrongly opened file descriptors to httpd. (Note: An analogous fix exists in startproc(8), too.) [bnc#863518] - VirtualHost part in /etc/apache2/conf.d/mod_nss.conf is now externalized to /etc/apache2/conf.d/vhost-nss.template and not activated/read by default. [bnc#878681] - NSSCipherSuite update following additional ciphers of Feb 18 change. [bnc#878681] - mod_nss-SNI-callback.patch, mod_nss-SNI-checks.patch: server side SNI was not implemented when mod_nss was made; patches implement SNI with checks if SNI provided hostname equals Host: field in http request header. OBS-URL: https://build.opensuse.org/request/show/242385 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/apache2-mod_nss?expand=0&rev=10	2014-07-25 14:00:54 +00:00

Author

SHA256

Message

Date

Cristian Rodríguez

d206ad095d

Accepting request 375069 from home:vitezslav_cizek:branches:Apache:Modules

- use a whitelist approach for keeping directives in the migration
  script (bsc#961907)
  * modify mod_nss_migrate.pl

- fix test: add NSSPassPhraseDialog, point it to plain file

- update to 1.0.13
  Update default ciphers to something more modern and secure
  Check for host and netstat commands in gencert before trying to use them
  Add server support for DHE ciphers
  Extract SAN from server/client certificates into env
  Fix memory leaks and other coding issues caught by clang analyzer
  Add support for Server Name Indication (SNI) (#1010751)
  Add support for SNI for reverse proxy connections
  Add RenegBufferSize? option
  Add support for TLS Session Tickets (RFC 5077)
  Fix logical AND support in OpenSSL cipher compatibility
  Correctly handle disabled ciphers (CVE-2015-5244)
  Implement a slew more OpenSSL cipher macros
  Fix a number of illegal memory accesses and memory leaks
  Support for SHA384 ciphers if they are available in NSS
  Add compatibility for mod_ssl-style cipher definitions (#862938)
  Add TLSv1.2-specific ciphers
  Completely remove support for SSLv2
  Add support for sqlite NSS databases (#1057650)
  Compare subject CN and VS hostname during server start up
  Add support for enabling TLS v1.2
  Don't enable SSL 3 by default (CVE-2014-3566)
  Fix CVE-2013-4566
  Move nss_pcache to /usr/libexec

OBS-URL: https://build.opensuse.org/request/show/375069
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_nss?expand=0&rev=22

2016-03-30 14:57:58 +00:00

Wolfgang Rosenauer

ce9f02cd08

Accepting request 242385 from home:draht:branches:mozilla:Factory

- mod_nss-bnc863518-reopen_dev_tty.diff: close(0) and 
  open("/dev/tty", ...) to make sure that stdin can be read from.
  startproc may inherit wrongly opened file descriptors to httpd.
  (Note: An analogous fix exists in startproc(8), too.)
  [bnc#863518]
- VirtualHost part in /etc/apache2/conf.d/mod_nss.conf is now
  externalized to /etc/apache2/conf.d/vhost-nss.template and not
  activated/read by default. [bnc#878681]
- NSSCipherSuite update following additional ciphers of Feb 18
  change. [bnc#878681]

- mod_nss-SNI-callback.patch, mod_nss-SNI-checks.patch:
  server side SNI was not implemented when mod_nss was made;
  patches implement SNI with checks if SNI provided hostname
  equals Host: field in http request header.

OBS-URL: https://build.opensuse.org/request/show/242385
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/apache2-mod_nss?expand=0&rev=10

2014-07-25 14:00:54 +00:00

2 Commits