pool/apache2-mod_nss
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1d3e419a19
apache2-mod_nss/apache2-mod_nss.changes
Wolfgang Rosenauer 1d3e419a19 Accepting request 222758 from home:draht:branches:mozilla:Factory 
- mod_nss-cipherlist_update_for_tls12-doc.diff
  mod_nss-cipherlist_update_for_tls12.diff
  GCM mode and Camellia ciphers added to the supported ciphers list.
  The additional ciphers are: 
  rsa_aes_128_gcm_sha == TLS_RSA_WITH_AES_128_GCM_SHA256
  rsa_camellia_128_sha == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
  rsa_camellia_256_sha == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
  ecdh_ecdsa_aes_128_gcm_sha == TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
  ecdhe_ecdsa_aes_128_gcm_sha == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  ecdh_rsa_aes_128_gcm_sha == TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
  ecdhe_rsa_aes_128_gcm_sha == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  [bnc#863035]

- mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566:
  If 'NSSVerifyClient none' is set in the server / vhost context
  (i.e. when server is configured to not request or require client
  certificate authentication on the initial connection), and client
  certificate authentication is expected to be required for a 
  specific directory via 'NSSVerifyClient require' setting, 
  mod_nss fails to properly require certificate authentication.
  Remote attacker can use this to access content of the restricted
  directories. [bnc#853039]

- glue documentation added to /etc/apache2/conf.d/mod_nss.conf:
  * simultaneaous usage of mod_ssl and mod_nss
  * SNI concurrency
  * SUSE framework for apache configuration, Listen directive
  * module initialization
- mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in
  or mod_nss.conf, respectively. This also leads to the removal of

OBS-URL: https://build.opensuse.org/request/show/222758
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/apache2-mod_nss?expand=0&rev=8
2014-02-20 21:12:44 +00:00

113 lines
4.8 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Tue Feb 18 16:31:45 CET 2014 - draht@suse.de
- mod_nss-cipherlist_update_for_tls12-doc.diff
mod_nss-cipherlist_update_for_tls12.diff
GCM mode and Camellia ciphers added to the supported ciphers list.
The additional ciphers are:
rsa_aes_128_gcm_sha == TLS_RSA_WITH_AES_128_GCM_SHA256
rsa_camellia_128_sha == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
rsa_camellia_256_sha == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
ecdh_ecdsa_aes_128_gcm_sha == TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
ecdhe_ecdsa_aes_128_gcm_sha == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ecdh_rsa_aes_128_gcm_sha == TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
ecdhe_rsa_aes_128_gcm_sha == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[bnc#863035]
-------------------------------------------------------------------
Fri Nov 29 16:30:07 CET 2013 - draht@suse.de
- mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566:
If 'NSSVerifyClient none' is set in the server / vhost context
(i.e. when server is configured to not request or require client
certificate authentication on the initial connection), and client
certificate authentication is expected to be required for a
specific directory via 'NSSVerifyClient require' setting,
mod_nss fails to properly require certificate authentication.
Remote attacker can use this to access content of the restricted
directories. [bnc#853039]
-------------------------------------------------------------------
Fri Nov 8 20:46:07 CET 2013 - draht@suse.de
- glue documentation added to /etc/apache2/conf.d/mod_nss.conf:
* simultaneaous usage of mod_ssl and mod_nss
* SNI concurrency
* SUSE framework for apache configuration, Listen directive
* module initialization
- mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in
or mod_nss.conf, respectively. This also leads to the removal of
nss.conf.in specific chunks in mod_nss-negotiate.patch and
mod_nss-tlsv1_1.patch .
- mod_nss_migrate.pl conversion script added; not patched from
source, but partially rewritten.
- README-SUSE.txt added with step-by-step instructions on how to
convert and manage certificates and keys, as well as a rationale
about why mod_nss was included in SLES.
- package ready for submission [bnc#847216]
-------------------------------------------------------------------
Tue Nov 5 15:45:08 CET 2013 - draht@suse.de
- generic cleanup of the package:
- explicit Requires: to mozilla-nss >= 3.15.1, as TLS-1.2 support
came with this version - this is the objective behind this
version update of apache2-mod_nss. Tracker bug [bnc#847216]
- change path /etc/apache2/alias to /etc/apache2/mod_nss.d to avoid
ambiguously interpreted name of directory.
- merge content of /etc/apache2/alias to /etc/apache2/mod_nss.d if
/etc/apache2/alias exists.
- set explicit filemodes 640 for %post generated *.db files in
/etc/apache2/mod_nss.d
-------------------------------------------------------------------
Fri Aug 2 08:29:35 UTC 2013 - meissner@suse.com
- mod_nss-tlsv1_1.patch: nss.conf.in missed for TLSv1.2 default.
- mod_nss-clientauth.patch: merged from RHEL6 pkg
- mod_nss-PK11_ListCerts_2.patch: merged from RHEL6 pkg
- mod_nss-no_shutdown_if_not_init_2.patch: merged from RHEL6 pkg
- mod_nss-sslmultiproxy.patch: merged from RHEL6 pkg
- make it build on both Apache2 2.4 and 2.2 systems
-------------------------------------------------------------------
Thu Aug 1 15:06:55 UTC 2013 - meissner@suse.com
- Add support for TLS v1.1 and TLS v1.2
(TLS v1.2 requires mozilla nss 3.15.1 or newer.)
- merged in mod_nss-proxyvariables.patch and mod_nss-tlsv1_1.patch
from redhat to allow tls v1.1 too.
- ported the tls v1.1 patch to be tls v1.2 aware
- added mod_nss-proxyvariables.patch (from RHEL6 package)
- added mod_nss-tlsv1_1.patch (from RHEL6 package, enhanced with TLS 1.2)
- mod_nss-array_overrun.patch: from RHEL6 package, fixed a array index overrun
-------------------------------------------------------------------
Fri Jul 12 10:42:06 UTC 2013 - aj@ajaissle.de
- Changed source to original tar.gz
-------------------------------------------------------------------
Thu Jul 11 14:50:42 UTC 2013 - aj@ajaissle.de
- Added mod_nns-httpd24.patch to support build with apache 2.4
-------------------------------------------------------------------
Tue Jan 22 09:35:41 UTC 2013 - aj@ajaissle.de
- Changed mod_nss-conf.patch to adjust mod_nss.conf to match SUSE
dir layout [bnc#799483]
- Cleaned up license tag
-------------------------------------------------------------------
Sun Apr 15 14:17:19 UTC 2012 - wr@rosenauer.org
- import some patches from Fedora
- removed autoreconf call
-------------------------------------------------------------------
Wed Feb 17 13:30:47 UTC 2010 - nix@opensuse.org
- Fix mod_nss-conf.patch to work on SUSE
- Rename package from mod_nss to apache2-mod_nss
Reference in New Issue View Git Blame Copy Permalink