Overview

File _patchinfo of Package patchinfo.2403

<patchinfo>
  <issue id="847216" tracker="bnc">FATE#316419: apache2-mod_nss: tracker bug</issue>
  <issue id="853039" tracker="bnc">CVE-2013-4566: apache2-mod_nss: client certificate verification problematic</issue>
  <issue id="CVE-2013-4566" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>draht</packager>
  <description>
- mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566:
  If 'NSSVerifyClient none' is set in the server / vhost context
  (i.e. when server is configured to not request or require client
  certificate authentication on the initial connection), and client
  certificate authentication is expected to be required for a 
  specific directory via 'NSSVerifyClient require' setting, 
  mod_nss fails to properly require certificate authentication.
  Remote attacker can use this to access content of the restricted
  directories. [bnc#853039]

- glue documentation added to /etc/apache2/conf.d/mod_nss.conf:
  * simultaneaous usage of mod_ssl and mod_nss
  * SNI concurrency
  * SUSE framework for apache configuration, Listen directive
  * module initialization
- mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in
  or mod_nss.conf, respectively. This also leads to the removal of
  nss.conf.in specific chunks in mod_nss-negotiate.patch and
  mod_nss-tlsv1_1.patch .
- mod_nss_migrate.pl conversion script added; not patched from
  source, but partially rewritten.
- README-SUSE.txt added with step-by-step instructions on how to
  convert and manage certificates and keys, as well as a rationale
  about why mod_nss was included in SLES.
- package ready for submission [bnc#847216]

- generic cleanup of the package:
- explicit Requires: to mozilla-nss &gt;= 3.15.1, as TLS-1.2 support
  came with this version - this is the objective behind this
  version update of apache2-mod_nss. Tracker bug [bnc#847216]
- change path /etc/apache2/alias to /etc/apache2/mod_nss.d to avoid
  ambiguously interpreted name of directory.
- merge content of /etc/apache2/alias to /etc/apache2/mod_nss.d if 
  /etc/apache2/alias exists.
- set explicit filemodes 640 for %post generated *.db files in
  /etc/apache2/mod_nss.d
</description>
  <summary>update for apache2-mod_nss</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places