A new user interface for you!

File apache2-mod_nss.changes of Package apache2-mod_nss

Thu Aug 21 15:34:01 CEST 2014 - draht@suse.de

- mod_nss-cipherlist_update_for_tls12.diff
  ciphers rsa_aes_128_sha256, rsa_aes_256_sha256,
  ecdhe_ecdsa_aes_128_sha256 and ecdhe_rsa_aes_128_sha256
  (sha2 variants) were added. [bnc#863035]
- additional note to changelog of 
  Fri Jun 27 16:13:01 CEST 2014 - draht@suse.de:
  The bugzilla reference is [bnc#864929]

Thu Jul 24 12:49:29 CEST 2014 - draht@suse.de

- mod_nss-bnc863518-reopen_dev_tty.diff: close(0) and 
  open("/dev/tty", ...) to make sure that stdin can be read from.
  startproc may inherit wrongly opened file descriptors to httpd.
  (Note: An analogous fix exists in startproc(8), too.)
- VirtualHost part in /etc/apache2/conf.d/mod_nss.conf is now
  externalized to /etc/apache2/conf.d/vhost-nss.template and not
  activated/read by default. [bnc#878681]
- NSSCipherSuite update following additional ciphers of Feb 18
  change. [bnc#878681]

Fri Jun 27 16:13:01 CEST 2014 - draht@suse.de

- mod_nss-SNI-callback.patch, mod_nss-SNI-checks.patch:
  server side SNI was not implemented when mod_nss was made;
  patches implement SNI with checks if SNI provided hostname
  equals Host: field in http request header.

Tue Feb 18 16:31:45 CET 2014 - draht@suse.de

- mod_nss-cipherlist_update_for_tls12-doc.diff
  GCM mode and Camellia ciphers added to the supported ciphers list.
  The additional ciphers are: 
  rsa_aes_128_gcm_sha == TLS_RSA_WITH_AES_128_GCM_SHA256
  rsa_camellia_128_sha == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
  rsa_camellia_256_sha == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
  ecdh_ecdsa_aes_128_gcm_sha == TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
  ecdhe_ecdsa_aes_128_gcm_sha == TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  ecdh_rsa_aes_128_gcm_sha == TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
  ecdhe_rsa_aes_128_gcm_sha == TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Fri Nov 29 16:30:07 CET 2013 - draht@suse.de

- mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566:
  If 'NSSVerifyClient none' is set in the server / vhost context
  (i.e. when server is configured to not request or require client
  certificate authentication on the initial connection), and client
  certificate authentication is expected to be required for a 
  specific directory via 'NSSVerifyClient require' setting, 
  mod_nss fails to properly require certificate authentication.
  Remote attacker can use this to access content of the restricted
  directories. [bnc#853039]

Fri Nov  8 20:46:07 CET 2013 - draht@suse.de

- glue documentation added to /etc/apache2/conf.d/mod_nss.conf:
  * simultaneaous usage of mod_ssl and mod_nss
  * SNI concurrency
  * SUSE framework for apache configuration, Listen directive
  * module initialization
- mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in
  or mod_nss.conf, respectively. This also leads to the removal of
  nss.conf.in specific chunks in mod_nss-negotiate.patch and
  mod_nss-tlsv1_1.patch .
- mod_nss_migrate.pl conversion script added; not patched from
  source, but partially rewritten.
- README-SUSE.txt added with step-by-step instructions on how to
  convert and manage certificates and keys, as well as a rationale
  about why mod_nss was included in SLES.
- package ready for submission [bnc#847216]

Tue Nov  5 15:45:08 CET 2013 - draht@suse.de

- generic cleanup of the package:
- explicit Requires: to mozilla-nss >= 3.15.1, as TLS-1.2 support
  came with this version - this is the objective behind this
  version update of apache2-mod_nss. Tracker bug [bnc#847216]
- change path /etc/apache2/alias to /etc/apache2/mod_nss.d to avoid
  ambiguously interpreted name of directory.
- merge content of /etc/apache2/alias to /etc/apache2/mod_nss.d if 
  /etc/apache2/alias exists.
- set explicit filemodes 640 for %post generated *.db files in

Fri Aug  2 08:29:35 UTC 2013 - meissner@suse.com

- mod_nss-tlsv1_1.patch: nss.conf.in missed for TLSv1.2 default.
- mod_nss-clientauth.patch: merged from RHEL6 pkg
- mod_nss-PK11_ListCerts_2.patch: merged from RHEL6 pkg
- mod_nss-no_shutdown_if_not_init_2.patch: merged from RHEL6 pkg
- mod_nss-sslmultiproxy.patch: merged from RHEL6 pkg
- make it build on both Apache2 2.4 and 2.2 systems

Thu Aug  1 15:06:55 UTC 2013 - meissner@suse.com

- Add support for TLS v1.1 and TLS v1.2 
  (TLS v1.2 requires mozilla nss 3.15.1 or newer.)
  - merged in mod_nss-proxyvariables.patch and mod_nss-tlsv1_1.patch
    from redhat to allow tls v1.1 too.
  - ported the tls v1.1 patch to be tls v1.2 aware
  - added mod_nss-proxyvariables.patch (from RHEL6 package)
  - added mod_nss-tlsv1_1.patch (from RHEL6 package, enhanced with TLS 1.2)
- mod_nss-array_overrun.patch: from RHEL6 package, fixed a array index overrun

Fri Jul 12 10:42:06 UTC 2013 - aj@ajaissle.de

- Changed source to original tar.gz 

Thu Jul 11 14:50:42 UTC 2013 - aj@ajaissle.de

- Added mod_nns-httpd24.patch to support build with apache 2.4

Tue Jan 22 09:35:41 UTC 2013 - aj@ajaissle.de

-  Changed mod_nss-conf.patch to adjust mod_nss.conf to match SUSE 
   dir layout [bnc#799483]
-  Cleaned up license tag

Sun Apr 15 14:17:19 UTC 2012 - wr@rosenauer.org

- import some patches from Fedora
- removed autoreconf call

Wed Feb 17 13:30:47 UTC 2010 - nix@opensuse.org

- Fix mod_nss-conf.patch to work on SUSE
- Rename package from mod_nss to apache2-mod_nss