Revisions of apache2-mod_nss
buildservice-autocommit
accepted
request 259735
from
Wolfgang Rosenauer (wrosenauer)
(revision 17)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 259693
from
Kristyna Streitova (kstreitova)
(revision 16)
- bnc#902068: added mod_nss-add_support_for_enabling_TLS_v1.2.patch that adding small fixes for support of TLS v1.2
buildservice-autocommit
accepted
request 258960
from
Wolfgang Rosenauer (wrosenauer)
(revision 15)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 258819
from
Kristyna Streitova (kstreitova)
(revision 14)
- bnc#897712: added mod_nss-compare_subject_CN_and_VS_hostname.patch that compare CN and VS hostname (use NSS library). Removed following patches: * mod_nss-SNI-checks.patch * mod_nss-SNI-callback.patch
buildservice-autocommit
accepted
request 245714
from
Wolfgang Rosenauer (wrosenauer)
(revision 13)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 245545
from
Marcus Meissner (msmeissn)
(revision 12)
- mod_nss-cipherlist_update_for_tls12-doc.diff, mod_nss-cipherlist_update_for_tls12.diff, mod_nss.conf.in: Added more TLS 1.2 ciphers, the CBC with SHA256.
buildservice-autocommit
accepted
request 242392
from
Wolfgang Rosenauer (wrosenauer)
(revision 11)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 242385
from
Roman Drahtmueller (draht)
(revision 10)
- mod_nss-bnc863518-reopen_dev_tty.diff: close(0) and open("/dev/tty", ...) to make sure that stdin can be read from. startproc may inherit wrongly opened file descriptors to httpd. (Note: An analogous fix exists in startproc(8), too.) [bnc#863518] - VirtualHost part in /etc/apache2/conf.d/mod_nss.conf is now externalized to /etc/apache2/conf.d/vhost-nss.template and not activated/read by default. [bnc#878681] - NSSCipherSuite update following additional ciphers of Feb 18 change. [bnc#878681] - mod_nss-SNI-callback.patch, mod_nss-SNI-checks.patch: server side SNI was not implemented when mod_nss was made; patches implement SNI with checks if SNI provided hostname equals Host: field in http request header.
buildservice-autocommit
accepted
request 223307
from
Wolfgang Rosenauer (wrosenauer)
(revision 9)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 222758
from
Roman Drahtmueller (draht)
(revision 8)
- mod_nss-cipherlist_update_for_tls12-doc.diff mod_nss-cipherlist_update_for_tls12.diff GCM mode and Camellia ciphers added to the supported ciphers list. The additional ciphers are: rsa_aes_128_gcm_sha == TLS_RSA_WITH_AES_128_GCM_SHA256 rsa_camellia_128_sha == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA rsa_camellia_256_sha == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA ecdh_ecdsa_aes_128_gcm_sha == TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ecdhe_ecdsa_aes_128_gcm_sha == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ecdh_rsa_aes_128_gcm_sha == TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ecdhe_rsa_aes_128_gcm_sha == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [bnc#863035] - mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566: If 'NSSVerifyClient none' is set in the server / vhost context (i.e. when server is configured to not request or require client certificate authentication on the initial connection), and client certificate authentication is expected to be required for a specific directory via 'NSSVerifyClient require' setting, mod_nss fails to properly require certificate authentication. Remote attacker can use this to access content of the restricted directories. [bnc#853039] - glue documentation added to /etc/apache2/conf.d/mod_nss.conf: * simultaneaous usage of mod_ssl and mod_nss * SNI concurrency * SUSE framework for apache configuration, Listen directive * module initialization - mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in or mod_nss.conf, respectively. This also leads to the removal of
buildservice-autocommit
accepted
request 186068
from
Wolfgang Rosenauer (wrosenauer)
(revision 7)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 186032
from
Marcus Meissner (msmeissn)
(revision 6)
- mod_nss-tlsv1_1.patch: nss.conf.in missed for TLSv1.2 default. - mod_nss-clientauth.patch: merged from RHEL6 pkg - mod_nss-PK11_ListCerts_2.patch: merged from RHEL6 pkg - mod_nss-no_shutdown_if_not_init_2.patch: merged from RHEL6 pkg - mod_nss-sslmultiproxy.patch: merged from RHEL6 pkg - make it build on both Apache2 2.4 and 2.2 systems
buildservice-autocommit
accepted
request 185517
from
Wolfgang Rosenauer (wrosenauer)
(revision 5)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 185495
from
Marcus Meissner (msmeissn)
(revision 4)
- Add support for TLS v1.1 and TLS v1.2 (TLS v1.2 requires mozilla nss 3.15.1 or newer.) - merged in mod_nss-proxyvariables.patch and mod_nss-tlsv1_1.patch from redhat to allow tls v1.1 too. - ported the tls v1.1 patch to be tls v1.2 aware - added mod_nss-proxyvariables.patch (from RHEL6 package) - added mod_nss-tlsv1_1.patch (from RHEL6 package, enhanced with TLS 1.2) - mod_nss-array_overrun.patch: from RHEL6 package, fixed a array index overrun
Stephan Kulow (coolo)
accepted
request 182916
from
Aeneas Jaißle (aeneas_jaissle)
(revision 3)
initialized devel package after accepting 182916
Wolfgang Rosenauer (wrosenauer)
accepted
request 182915
from
Aeneas Jaißle (aeneas_jaissle)
(revision 2)
- Changed source to original tar.gz
Wolfgang Rosenauer (wrosenauer)
committed
(revision 1)
osc copypac from project:mozilla package:apache2-mod_nss revision:4
Displaying all 17 revisions