File _patchinfo of Package patchinfo.8802

<patchinfo incident="8802">
  <issue tracker="bnc" id="998176">obsolete option 'NSSSessionCacheTimeout' for mod_nss.conf</issue>
  <issue tracker="bnc" id="863035">apache2-mod_nss: add ciphers with 256 bit key and SHA256 or SHA384 as PRF</issue>
  <issue tracker="bnc" id="993642">apache2-mod_nss fails test suite with new mozilla-nss</issue>
  <issue tracker="bnc" id="998180">/usr/sbin/gencert creates NSS database with wrong permissions</issue>
  <issue tracker="bnc" id="998183">NSS Database does not get generated in a case where it should</issue>
  <issue tracker="bnc" id="1108771">current mozilla update breaks apache2-mod_nss openqa tests</issue>
  <issue tracker="bnc" id="996282">/etc/apache2/conf.d/mod_nss.conf contains wrong directories</issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>vitezslav_cizek</packager>
  <description>This update for apache2-mod_nss fixes the following issues:

Due to the update of mozilla-nss apache2-mod_nss needs to be updated to change
to the SQLite certificate database, which is now the default (bsc#1108771).
Because of that this update is tagged as security, to reach customers that only
install secuirty updates.

Other changes contained:

- Require minimal NSS version of 3.25 because of SSLv2 changes (bsc#993642)
- Add support for SHA384 TLS ciphers (bsc#863035)
- Remove deprecated NSSSessionCacheTimeout option from mod_nss.conf.in (bsc#998176)
- Change ownership of the gencert generated NSS database so apache can read it (bsc#998180)
- Use correct configuration path in mod_nss.conf.in (bsc#996282)
- Generate dummy certificates if there aren't any in mod_nss.d (bsc#998183)
</description>
  <summary>Security update for apache2-mod_nss</summary>
</patchinfo>