Revisions of apache2-mod_nss
buildservice-autocommit
accepted
request 259735
from
Wolfgang Rosenauer (wrosenauer)
(revision 17)
Wolfgang Rosenauer (wrosenauer)
(revision 17)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 259693
from
Kristyna Streitova (kstreitova)
(revision 16)
- bnc#902068: added mod_nss-add_support_for_enabling_TLS_v1.2.patch that adding small fixes for support of TLS v1.2
buildservice-autocommit
accepted
request 258960
from
Wolfgang Rosenauer (wrosenauer)
(revision 15)
Wolfgang Rosenauer (wrosenauer)
(revision 15)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 258819
from
Kristyna Streitova (kstreitova)
(revision 14)
- bnc#897712: added mod_nss-compare_subject_CN_and_VS_hostname.patch that compare CN and VS hostname (use NSS library). Removed following patches: * mod_nss-SNI-checks.patch * mod_nss-SNI-callback.patch
buildservice-autocommit
accepted
request 245714
from
Wolfgang Rosenauer (wrosenauer)
(revision 13)
Wolfgang Rosenauer (wrosenauer)
(revision 13)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 245545
from
Marcus Meissner (msmeissn)
(revision 12)
- mod_nss-cipherlist_update_for_tls12-doc.diff, mod_nss-cipherlist_update_for_tls12.diff, mod_nss.conf.in: Added more TLS 1.2 ciphers, the CBC with SHA256.
buildservice-autocommit
accepted
request 242392
from
Wolfgang Rosenauer (wrosenauer)
(revision 11)
Wolfgang Rosenauer (wrosenauer)
(revision 11)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 242385
from
Roman Drahtmueller (draht)
(revision 10)
- mod_nss-bnc863518-reopen_dev_tty.diff: close(0) and
open("/dev/tty", ...) to make sure that stdin can be read from.
startproc may inherit wrongly opened file descriptors to httpd.
(Note: An analogous fix exists in startproc(8), too.)
[bnc#863518]
- VirtualHost part in /etc/apache2/conf.d/mod_nss.conf is now
externalized to /etc/apache2/conf.d/vhost-nss.template and not
activated/read by default. [bnc#878681]
- NSSCipherSuite update following additional ciphers of Feb 18
change. [bnc#878681]
- mod_nss-SNI-callback.patch, mod_nss-SNI-checks.patch:
server side SNI was not implemented when mod_nss was made;
patches implement SNI with checks if SNI provided hostname
equals Host: field in http request header.
buildservice-autocommit
accepted
request 223307
from
Wolfgang Rosenauer (wrosenauer)
(revision 9)
Wolfgang Rosenauer (wrosenauer)
(revision 9)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 222758
from
Roman Drahtmueller (draht)
(revision 8)
- mod_nss-cipherlist_update_for_tls12-doc.diff mod_nss-cipherlist_update_for_tls12.diff GCM mode and Camellia ciphers added to the supported ciphers list. The additional ciphers are: rsa_aes_128_gcm_sha == TLS_RSA_WITH_AES_128_GCM_SHA256 rsa_camellia_128_sha == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA rsa_camellia_256_sha == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA ecdh_ecdsa_aes_128_gcm_sha == TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ecdhe_ecdsa_aes_128_gcm_sha == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ecdh_rsa_aes_128_gcm_sha == TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ecdhe_rsa_aes_128_gcm_sha == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [bnc#863035] - mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566: If 'NSSVerifyClient none' is set in the server / vhost context (i.e. when server is configured to not request or require client certificate authentication on the initial connection), and client certificate authentication is expected to be required for a specific directory via 'NSSVerifyClient require' setting, mod_nss fails to properly require certificate authentication. Remote attacker can use this to access content of the restricted directories. [bnc#853039] - glue documentation added to /etc/apache2/conf.d/mod_nss.conf: * simultaneaous usage of mod_ssl and mod_nss * SNI concurrency * SUSE framework for apache configuration, Listen directive * module initialization - mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in or mod_nss.conf, respectively. This also leads to the removal of
buildservice-autocommit
accepted
request 186068
from
Wolfgang Rosenauer (wrosenauer)
(revision 7)
Wolfgang Rosenauer (wrosenauer)
(revision 7)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 186032
from
Marcus Meissner (msmeissn)
(revision 6)
- mod_nss-tlsv1_1.patch: nss.conf.in missed for TLSv1.2 default. - mod_nss-clientauth.patch: merged from RHEL6 pkg - mod_nss-PK11_ListCerts_2.patch: merged from RHEL6 pkg - mod_nss-no_shutdown_if_not_init_2.patch: merged from RHEL6 pkg - mod_nss-sslmultiproxy.patch: merged from RHEL6 pkg - make it build on both Apache2 2.4 and 2.2 systems
buildservice-autocommit
accepted
request 185517
from
Wolfgang Rosenauer (wrosenauer)
(revision 5)
Wolfgang Rosenauer (wrosenauer)
(revision 5)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 185495
from
Marcus Meissner (msmeissn)
(revision 4)
- Add support for TLS v1.1 and TLS v1.2
(TLS v1.2 requires mozilla nss 3.15.1 or newer.)
- merged in mod_nss-proxyvariables.patch and mod_nss-tlsv1_1.patch
from redhat to allow tls v1.1 too.
- ported the tls v1.1 patch to be tls v1.2 aware
- added mod_nss-proxyvariables.patch (from RHEL6 package)
- added mod_nss-tlsv1_1.patch (from RHEL6 package, enhanced with TLS 1.2)
- mod_nss-array_overrun.patch: from RHEL6 package, fixed a array index overrun
Stephan Kulow (coolo)
accepted
request 182916
from
Aeneas Jaißle (aeneas_jaissle)
(revision 3)
initialized devel package after accepting 182916
Wolfgang Rosenauer (wrosenauer)
accepted
request 182915
from
Aeneas Jaißle (aeneas_jaissle)
(revision 2)
- Changed source to original tar.gz
Wolfgang Rosenauer (wrosenauer)
committed
(revision 1)
osc copypac from project:mozilla package:apache2-mod_nss revision:4
Displaying all 17 revisions
