Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

apache2-mod_nss-1.0.17-lp151.3.3.1 RPM for x86_64

From OpenSuSE Leap 15.1 updates for x86_64

Name: apache2-mod_nss Distribution: openSUSE Leap 15.1
Version: 1.0.17 Vendor: openSUSE
Release: lp151.3.3.1 Build date: Fri Sep 13 14:09:36 2019
Group: Productivity/Networking/Web/Servers Build host: cloud135
Size: 343951 Source RPM: apache2-mod_nss-1.0.17-lp151.3.3.1.src.rpm
Summary: SSL/TLS module for the Apache HTTP server
The mod_nss module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols using the Network Security Services (NSS)
security library.






* Tue Sep 10 2019 Vítězslav Čížek <>
  - Use a stronger password in gencert to pass the stricter tests in
    FIPS mode (bsc#1150133)
    * mod_nss-gencert_stronger_password.patch
* Tue Mar 27 2018
  - Update to 1.0.17
    * Add TLSv1.3 support
    * Update documentation for TLS 1.3
    * Add TLS 1.3 support to the cipher tests
    * PEP-8 fixups
    * Change the default certificate database format to SQLite.
* Mon Mar 19 2018
  - Use fixed upstream 1.0.16 tarball
* Mon Mar 19 2018
  - Update to 1.0.16
    * Fix up some broken cipher strings from a bad merge
  - adjust distro detection, Tumbleweed has NSS 3.35, Leap 15 has 3.34
  - drop 0001-Fix-up-some-broken-cipher-strings-from-a-bad-merge.patch
* Thu Mar 08 2018
  - Since the update to NSS 3.35, the default NSS certificate
    database format changed from Berkley DB to SQLite
  - use %license tag
* Wed Mar 07 2018
  - Update to 1.0.15
    * Try to auto-detect the NSS database format if not specified
    * Update nss_pcache.8 man page to drop directory and prefix
    * When a token is configured in password file only authenticate once
    * Return an error when NSSPassPhraseDialog is invalid
    * Move 3DES ciphers down from HIGH to MEDIUM to match OpenSSL 1.0.2k+
    * Add -Werror=implicit-function-declaration to CFLAGS
    * Handle group membership when testing for file permissions
    * NSS system-wide policy now disables SSLv3, don't use it in tests
    * Add missing error messages for libssl errors
    * Fix doc typo in SSL_[SERVER|CLIENT]_SAN_IPaddr env variable name
    * When including additional test config use specific extension
    * Fix the TLS Session ID cache
    * Make an invalid protocol setting fatal
    * Don't use same NSS db in nss_pcache as mod_nss, use NSS_NoDB_Init()
    * Add info log message when FIPS is enabled
    * Add AES-256 and drop DES, CAST128, SKIPJACK as wrapping key types
    * Fix removal of CR from PEM certificates
    * Add OCSP caching and timeout tuning knobs
    * Check the NSS database directory permissions as well as the files
      inside it for read access on startup.
    * Add in simple aliases for ciphers to fix those that
      don't follow the pattern (dhe_rsa_aes_128_sha256,
      dhe_rsa_aes_256_sha256) and those with typos
      (camelia_128_sha, camelia_256_sha)
    * Fix semaphore leak
    * Don't set remote user in fixup hook
    * Drop SSLv2 tests because it is completely disabled now
  - drop 0001-Handle-group-membership-when-testing-for-file-permis.patch
  - add 0001-Fix-up-some-broken-cipher-strings-from-a-bad-merge.patch
* Tue Dec 19 2017
  - buildrequire apr-devel instead of libapr1-devel
  - buildrequire apr-util-devel instead of libapr-util1-devel
* Mon Dec 11 2017
  - Fix NSS database startup permission check (bsc#1057776)
    * add 0001-Handle-group-membership-when-testing-for-file-permis.patch
* Thu Dec 07 2017
  - drop obsolete mod_nss-dont_disable_SSLV2.patch
    * bump up minimal NSS version to 3.25, which we now have everywhere
  - Require iproute2 for ss, which is used by gencert to gather noise
* Mon Oct 23 2017
  - Use ss instead of the deprecated netstat in gencert (bsc#1064415)
    * add mod_nss-gencert_use_ss_instead_of_netstat.patch
  - spec: cleanup and fix URLs
* Thu Sep 29 2016
  - Avoid changing permissions through symlinks
* Thu Sep 15 2016
  - don't disable SSLV2, because it doesn't work with NSS 3.24
    * add mod_nss-dont_disable_SSLV2.patch
  - remove deprecated NSSSessionCacheTimeout option from
  - change ownership of the gencert generated NSS database so apache
    can read it (bsc#998180)
    * add mod_nss-gencert-correct-ownership.patch
  - use correct configuration path in (bsc#996282)
  - remove %post migration code from the old alias directory
  - generate dummy certificates if there aren't any in mod_nss.d
* Fri Jul 29 2016
  - use systemd-ask-password to prompt for a certificate passphrase
    * drop obsolete mod_nss-bnc863518-reopen_dev_tty.diff
* Sat Apr 16 2016
  - update to 1.0.14 (fixes boo#973996)
    * OpenSSL ciphers stopped parsing at +, CVE-2016-3099
    * Created valgrind suppression files to ease debugging
    * Implement SSL_PPTYPE_FILTER to call executables to get
      the key password pins. Can be used to prompt with systemd.
    * Improvements to
  - drop and use upstream migrate script instead
    * add mod_nss-migrate.patch
* Thu Mar 17 2016
  - use a whitelist approach for keeping directives in the migration
    script (bsc#961907)
    * modify
* Wed Mar 16 2016
  - fix test: add NSSPassPhraseDialog, point it to plain file
* Mon Mar 14 2016
  - update to 1.0.13
    Update default ciphers to something more modern and secure
    Check for host and netstat commands in gencert before trying to use them
    Add server support for DHE ciphers
    Extract SAN from server/client certificates into env
    Fix memory leaks and other coding issues caught by clang analyzer
    Add support for Server Name Indication (SNI) (#1010751)
    Add support for SNI for reverse proxy connections
    Add RenegBufferSize? option
    Add support for TLS Session Tickets (RFC 5077)
    Fix logical AND support in OpenSSL cipher compatibility
    Correctly handle disabled ciphers (CVE-2015-5244)
    Implement a slew more OpenSSL cipher macros
    Fix a number of illegal memory accesses and memory leaks
    Support for SHA384 ciphers if they are available in NSS
    Add compatibility for mod_ssl-style cipher definitions (#862938)
    Add TLSv1.2-specific ciphers
    Completely remove support for SSLv2
    Add support for sqlite NSS databases (#1057650)
    Compare subject CN and VS hostname during server start up
    Add support for enabling TLS v1.2
    Don't enable SSL 3 by default (CVE-2014-3566)
    Fix CVE-2013-4566
    Move nss_pcache to /usr/libexec
    Support httpd 2.4+
  - drop almost all our patches (upstream)
    * 0001-SNI-check-with-NameVirtualHosts.patch
    * mod_nss-CVE-2013-4566-NSSVerifyClient.diff
    * mod_nss-PK11_ListCerts_2.patch
    * mod_nss-add_support_for_enabling_TLS_v1.2.patch
    * mod_nss-array_overrun.patch
    * mod_nss-cipherlist_update_for_tls12-doc.diff
    * mod_nss-cipherlist_update_for_tls12.diff
    * mod_nss-clientauth.patch
    * mod_nss-compare_subject_CN_and_VS_hostname.patch
    * mod_nss-gencert.patch
    * mod_nss-httpd24.patch
    * mod_nss-lockpcache.patch
    * mod_nss-negotiate.patch
    * mod_nss-no_shutdown_if_not_init_2.patch
    * mod_nss-overlapping_memcpy.patch
    * mod_nss-pcachesignal.h
    * mod_nss-proxyvariables.patch
    * mod_nss-reseterror.patch
    * mod_nss-reverse_proxy_send_SNI.patch
    * mod_nss-reverseproxy.patch
    * mod_nss-sslmultiproxy.patch
    * mod_nss-tlsv1_1.patch
    * mod_nss-wouldblock.patch
    * update-ciphers.patch
  - add automake and libtool to BuildRequires
  - temporarily comment out %check
* Tue Jan 12 2016
  - %check: access syntax depends on %{apache_branch}
* Fri Dec 11 2015
  - %{apache_branch} converted to number
* Wed Oct 14 2015
  - mod_nss-httpd24.patch applied depending on %{apache_branch}
    instead of %{suse_version}, fixes build for sle11 with new apache
* Fri Oct 02 2015
  - test module with %apache_test_module_curl
* Mon Sep 07 2015
  - unified ciphers with SLE-12
    * modified patches:
* Mon Sep 07 2015
  - send TLS server name extension on proxy connections (bsc#933832)
    * added mod_nss-reverse_proxy_send_SNI.patch
  - updates to the SNI code (from Stanislav Tokos):
    update update-ciphers.patch
    merge changes from the mod_nss-SNI_support.patch to:
    abstract hash for NSSNickname and ServerName, add ServerAliases and Wild
    Cards for vhost
    (bsc#927402, bsc#928039, bsc#930922)
    replace SSL_SNI_SEND_ALERT by nss_die (cleaner solution for virtual hosts)
    add alert about permission on the certificate database
* Thu Jul 16 2015
  - Requries: %{apache_suse_maintenance_mmn}
    This will pull this module to the update (in released distribution)
    when apache maintainer thinks it is good (due api/abi changes).
* Mon May 18 2015
  - The package does not carry any .conf files underneath /etc/apache2/mod_nss.d,
    therefore use 'IncludeOptional' instead of 'Include' directory in mod_nss.conf.
* Thu May 07 2015
  - change of url and source address
* Wed Apr 01 2015
  - remove "ecdhe_rsa_aes_256_sha256" cipher from the
    file as this cipher is not supported and it was listed here
    incorrectly [bnc#921182]
* Tue Mar 03 2015
  - add mod_nss-SNI_support.patch that brings Server Name Indication
    support that allows to have multiple HTTPS websites with multiple
    certificates on the same IP address and port.
    [fate#318331], [bnc#897712]
* Tue Nov 04 2014
  - bnc#902068: added mod_nss-add_support_for_enabling_TLS_v1.2.patch
    that adding small fixes for support of TLS v1.2
* Wed Oct 29 2014
  - bnc#897712: added mod_nss-compare_subject_CN_and_VS_hostname.patch
    that compare CN and VS hostname (use NSS library). Removed
    following patches:
    * mod_nss-SNI-checks.patch
    * mod_nss-SNI-callback.patch



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 9 10:07:50 2021