pool/apache2-mod_nss
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
abada88a70
apache2-mod_nss/apache2-mod_nss.changes

223 lines
9.1 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Fri Oct 2 14:35:41 UTC 2015 - pgajdos@suse.com
- test module with %apache_test_module_curl
-------------------------------------------------------------------
Mon Sep 7 08:25:03 UTC 2015 - vcizek@suse.com
- unified ciphers with SLE-12
* modified patches:
mod_nss-cipherlist_update_for_tls12-doc.diff
mod_nss-cipherlist_update_for_tls12.diff
update-ciphers.patch
-------------------------------------------------------------------
Mon Sep 7 08:03:31 UTC 2015 - vcizek@suse.com
- send TLS server name extension on proxy connections (bsc#933832)
* added mod_nss-reverse_proxy_send_SNI.patch
- updates to the SNI code (from Stanislav Tokos):
update update-ciphers.patch
(bsc#928039)
merge changes from the mod_nss-SNI_support.patch to:
0001-SNI-check-with-NameVirtualHosts.patch
(bnc#927402)
abstract hash for NSSNickname and ServerName, add ServerAliases and Wild
Cards for vhost
(bsc#927402, bsc#928039, bsc#930922)
replace SSL_SNI_SEND_ALERT by nss_die (cleaner solution for virtual hosts)
(bsc#930186)
add alert about permission on the certificate database
(bsc#933265)
-------------------------------------------------------------------
Thu Jul 16 07:22:02 UTC 2015 - pgajdos@suse.com
- Requries: %{apache_suse_maintenance_mmn}
This will pull this module to the update (in released distribution)
when apache maintainer thinks it is good (due api/abi changes).
-------------------------------------------------------------------
Mon May 18 10:32:12 UTC 2015 - hguo@suse.com
- The package does not carry any .conf files underneath /etc/apache2/mod_nss.d,
therefore use 'IncludeOptional' instead of 'Include' directory in mod_nss.conf.
-------------------------------------------------------------------
Thu May 7 12:27:40 UTC 2015 - kstreitova@suse.com
- change of url and source address
-------------------------------------------------------------------
Wed Apr 1 10:13:40 UTC 2015 - kstreitova@suse.com
- remove "ecdhe_rsa_aes_256_sha256" cipher from the mod_nss.conf.in
file as this cipher is not supported and it was listed here
incorrectly [bnc#921182]
-------------------------------------------------------------------
Tue Mar 3 10:25:27 UTC 2015 - kstreitova@suse.com
- add mod_nss-SNI_support.patch that brings Server Name Indication
support that allows to have multiple HTTPS websites with multiple
certificates on the same IP address and port.
[fate#318331], [bnc#897712]
-------------------------------------------------------------------
Tue Nov 4 14:13:46 UTC 2014 - kstreitova@suse.com
- bnc#902068: added mod_nss-add_support_for_enabling_TLS_v1.2.patch
that adding small fixes for support of TLS v1.2
-------------------------------------------------------------------
Wed Oct 29 14:59:06 UTC 2014 - kstreitova@suse.com
- bnc#897712: added mod_nss-compare_subject_CN_and_VS_hostname.patch
that compare CN and VS hostname (use NSS library). Removed
following patches:
* mod_nss-SNI-checks.patch
* mod_nss-SNI-callback.patch
-------------------------------------------------------------------
Thu Aug 21 07:50:57 UTC 2014 - meissner@suse.com
- mod_nss-cipherlist_update_for_tls12-doc.diff,
mod_nss-cipherlist_update_for_tls12.diff,
mod_nss.conf.in: Added more TLS 1.2 ciphers, the CBC with SHA256.
-------------------------------------------------------------------
Thu Jul 24 12:49:29 CEST 2014 - draht@suse.de
- mod_nss-bnc863518-reopen_dev_tty.diff: close(0) and
open("/dev/tty", ...) to make sure that stdin can be read from.
startproc may inherit wrongly opened file descriptors to httpd.
(Note: An analogous fix exists in startproc(8), too.)
[bnc#863518]
- VirtualHost part in /etc/apache2/conf.d/mod_nss.conf is now
externalized to /etc/apache2/conf.d/vhost-nss.template and not
activated/read by default. [bnc#878681]
- NSSCipherSuite update following additional ciphers of Feb 18
change. [bnc#878681]
-------------------------------------------------------------------
Fri Jun 27 16:13:01 CEST 2014 - draht@suse.de
- mod_nss-SNI-callback.patch, mod_nss-SNI-checks.patch:
server side SNI was not implemented when mod_nss was made;
patches implement SNI with checks if SNI provided hostname
equals Host: field in http request header.
-------------------------------------------------------------------
Tue Feb 18 16:31:45 CET 2014 - draht@suse.de
- mod_nss-cipherlist_update_for_tls12-doc.diff
mod_nss-cipherlist_update_for_tls12.diff
GCM mode and Camellia ciphers added to the supported ciphers list.
The additional ciphers are:
rsa_aes_128_gcm_sha == TLS_RSA_WITH_AES_128_GCM_SHA256
rsa_camellia_128_sha == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
rsa_camellia_256_sha == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
ecdh_ecdsa_aes_128_gcm_sha == TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
ecdhe_ecdsa_aes_128_gcm_sha == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ecdh_rsa_aes_128_gcm_sha == TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
ecdhe_rsa_aes_128_gcm_sha == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[bnc#863035]
-------------------------------------------------------------------
Fri Nov 29 16:30:07 CET 2013 - draht@suse.de
- mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566:
If 'NSSVerifyClient none' is set in the server / vhost context
(i.e. when server is configured to not request or require client
certificate authentication on the initial connection), and client
certificate authentication is expected to be required for a
specific directory via 'NSSVerifyClient require' setting,
mod_nss fails to properly require certificate authentication.
Remote attacker can use this to access content of the restricted
directories. [bnc#853039]
-------------------------------------------------------------------
Fri Nov 8 20:46:07 CET 2013 - draht@suse.de
- glue documentation added to /etc/apache2/conf.d/mod_nss.conf:
* simultaneaous usage of mod_ssl and mod_nss
* SNI concurrency
* SUSE framework for apache configuration, Listen directive
* module initialization
- mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in
or mod_nss.conf, respectively. This also leads to the removal of
nss.conf.in specific chunks in mod_nss-negotiate.patch and
mod_nss-tlsv1_1.patch .
- mod_nss_migrate.pl conversion script added; not patched from
source, but partially rewritten.
- README-SUSE.txt added with step-by-step instructions on how to
convert and manage certificates and keys, as well as a rationale
about why mod_nss was included in SLES.
- package ready for submission [bnc#847216]
-------------------------------------------------------------------
Tue Nov 5 15:45:08 CET 2013 - draht@suse.de
- generic cleanup of the package:
- explicit Requires: to mozilla-nss >= 3.15.1, as TLS-1.2 support
came with this version - this is the objective behind this
version update of apache2-mod_nss. Tracker bug [bnc#847216]
- change path /etc/apache2/alias to /etc/apache2/mod_nss.d to avoid
ambiguously interpreted name of directory.
- merge content of /etc/apache2/alias to /etc/apache2/mod_nss.d if
/etc/apache2/alias exists.
- set explicit filemodes 640 for %post generated *.db files in
/etc/apache2/mod_nss.d
-------------------------------------------------------------------
Fri Aug 2 08:29:35 UTC 2013 - meissner@suse.com
- mod_nss-tlsv1_1.patch: nss.conf.in missed for TLSv1.2 default.
- mod_nss-clientauth.patch: merged from RHEL6 pkg
- mod_nss-PK11_ListCerts_2.patch: merged from RHEL6 pkg
- mod_nss-no_shutdown_if_not_init_2.patch: merged from RHEL6 pkg
- mod_nss-sslmultiproxy.patch: merged from RHEL6 pkg
- make it build on both Apache2 2.4 and 2.2 systems
-------------------------------------------------------------------
Thu Aug 1 15:06:55 UTC 2013 - meissner@suse.com
- Add support for TLS v1.1 and TLS v1.2
(TLS v1.2 requires mozilla nss 3.15.1 or newer.)
- merged in mod_nss-proxyvariables.patch and mod_nss-tlsv1_1.patch
from redhat to allow tls v1.1 too.
- ported the tls v1.1 patch to be tls v1.2 aware
- added mod_nss-proxyvariables.patch (from RHEL6 package)
- added mod_nss-tlsv1_1.patch (from RHEL6 package, enhanced with TLS 1.2)
- mod_nss-array_overrun.patch: from RHEL6 package, fixed a array index overrun
-------------------------------------------------------------------
Fri Jul 12 10:42:06 UTC 2013 - aj@ajaissle.de
- Changed source to original tar.gz
-------------------------------------------------------------------
Thu Jul 11 14:50:42 UTC 2013 - aj@ajaissle.de
- Added mod_nns-httpd24.patch to support build with apache 2.4
-------------------------------------------------------------------
Tue Jan 22 09:35:41 UTC 2013 - aj@ajaissle.de
- Changed mod_nss-conf.patch to adjust mod_nss.conf to match SUSE
dir layout [bnc#799483]
- Cleaned up license tag
-------------------------------------------------------------------
Sun Apr 15 14:17:19 UTC 2012 - wr@rosenauer.org
- import some patches from Fedora
- removed autoreconf call
-------------------------------------------------------------------
Wed Feb 17 13:30:47 UTC 2010 - nix@opensuse.org
- Fix mod_nss-conf.patch to work on SUSE
- Rename package from mod_nss to apache2-mod_nss
Reference in New Issue View Git Blame Copy Permalink