Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:2403
patchinfo
_patchinfo
Overview
Details
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo
<patchinfo> <issue id="847216" tracker="bnc">FATE#316419: apache2-mod_nss: tracker bug</issue> <issue id="853039" tracker="bnc">CVE-2013-4566: apache2-mod_nss: client certificate verification problematic</issue> <issue id="CVE-2013-4566" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>draht</packager> <description> - mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes CVE-2013-4566: If 'NSSVerifyClient none' is set in the server / vhost context (i.e. when server is configured to not request or require client certificate authentication on the initial connection), and client certificate authentication is expected to be required for a specific directory via 'NSSVerifyClient require' setting, mod_nss fails to properly require certificate authentication. Remote attacker can use this to access content of the restricted directories. [bnc#853039] - glue documentation added to /etc/apache2/conf.d/mod_nss.conf: * simultaneaous usage of mod_ssl and mod_nss * SNI concurrency * SUSE framework for apache configuration, Listen directive * module initialization - mod_nss-conf.patch obsoleted by scratch-version of nss.conf.in or mod_nss.conf, respectively. This also leads to the removal of nss.conf.in specific chunks in mod_nss-negotiate.patch and mod_nss-tlsv1_1.patch . - mod_nss_migrate.pl conversion script added; not patched from source, but partially rewritten. - README-SUSE.txt added with step-by-step instructions on how to convert and manage certificates and keys, as well as a rationale about why mod_nss was included in SLES. - package ready for submission [bnc#847216] - generic cleanup of the package: - explicit Requires: to mozilla-nss >= 3.15.1, as TLS-1.2 support came with this version - this is the objective behind this version update of apache2-mod_nss. Tracker bug [bnc#847216] - change path /etc/apache2/alias to /etc/apache2/mod_nss.d to avoid ambiguously interpreted name of directory. - merge content of /etc/apache2/alias to /etc/apache2/mod_nss.d if /etc/apache2/alias exists. - set explicit filemodes 640 for %post generated *.db files in /etc/apache2/mod_nss.d </description> <summary>update for apache2-mod_nss</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor