Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

mod_nss-1.0.14-12.el7 RPM for x86_64

From CentOS 7.9.2009 for x86_64 / Packages

Name: mod_nss Distribution: Unknown
Version: 1.0.14 Vendor: CentOS
Release: 12.el7 Build date: Wed Apr 11 05:20:59 2018
Group: System Environment/Daemons Build host: x86-01.bsys.centos.org
Size: 312357 Source RPM: mod_nss-1.0.14-12.el7.src.rpm
Packager: CentOS BuildSystem <http://bugs.centos.org>
Url: https://pagure.io/mod_nss/
Summary: SSL/TLS module for the Apache HTTP server
 
The mod_nss module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols using the Network Security Services (NSS)
security library.

Provides

Requires

License

ASL 2.0

Changelog

* Fri Nov 03 2017 Rob Crittenden <rcritten@redhat.com> - 1.0.14-12
  - Correct URL and Source entries to point to pagure.io (#1502362)
  - Remove deprecated NSSSessionCacheTimeout from default config (#1257662)
* Wed Jul 19 2017 Rob Crittenden <rcritten@redhat.com> - 1.0.14-11
  - TLS session cache was not working (#1461580)
* Wed May 10 2017 Rob Crittenden <rcritten@redhat.com> - 1.0.14-10
  - Apply the nss_pcache man page patch (#1382102)
* Wed May 10 2017 Rob Crittenden <rcritten@redhat.com> - 1.0.14-9
  - Update nss_pcache.8 to drop directory and prefix options (#1382102)
  
  - Don't share mod_nss NSS database with nss_pcache (#1382102)
* Thu Feb 23 2017 Rob Crittenden <rcritten@redhat.com> - 1.0.14-8
  - Fail start start when there are invalid Protocols defined (#1389114)
  - Handle group membership when testing NSS database filesystem
    permissions (#1395300)
  - Add OCSP cache tuning directives (#1392582) 
  - Don't share mod_nss NSS database with nss_pcache (#1382102)
* Wed Sep 21 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.14-7
  - Add the permission patch to the repository (#1312583)
* Wed Sep 21 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.14-6
  - Check the NSS certificate database directory for read permissions
    by the Apache user. (#1312583)
* Wed Aug 10 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.14-5
  - Update clean semaphore patch to not free the pinList twice.
    (#1364560)
* Tue Aug 09 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.14-4
  - Update clean semaphore patch to not close pipe twice and to
    shutdown NSS database (#1364560)
* Mon Aug 08 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.14-3
  - Clean up semaphore in nss_pcache on shutdown (#1364560)
* Tue Jun 28 2016 Matthew Harmsen <mharmsen@redhat.com> - 1.0.14-2
  - mod_nss sets r->user in fixup even if it was long ago changed
    by other module (#1347298)
* Mon May 23 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.14-1
  - Rebase to 1.0.14 (#1299063)
  - Add support for Server Name Indication (SNI) (#1053327)
  - Use upstream method to not execute live tests as root (#1256887)
  - Always call SSL_ShutdownServerSessionIDCache() in ModuleKill
    (#1263301, #1296685)
  - Don't require NSSProxyNickname (#1280287)
  - Make link to libnssckbi.so an absolute link (#1288471)
  - Fail for colons in credentials with FakeBasicAuth (#1295970)
  - Don't ignore NSSProtocol when NSSFIPS is enabled (#1312491)
  - Check filesystem permissions on NSS database at startup (#1312583)
  - OpenSSL ciphers stopped parsing at +, CVE-2016-3099 (#1323913)
  - Patch to match available ciphers so tests pass (#1299063)
  - Patch to fix tests in brew (#1299063)
* Tue Sep 22 2015 Rob Crittenden <rcritten@redhat.com> - 1.0.11-6
  - Add the supported NSS SHA384 ciphers (#1253570)
  - Add kECDH, AECDH, ECDSA and aECDSA macros (#1253570)
  - Bump the NSS BR and Requires so the new ciphers are available
  - Bump the NSPR Requires to match NSS
* Mon Sep 21 2015 Rob Crittenden <rcritten@redhat.com> - 1.0.11-5
  - Don't enable NULL ciphers in DEFAULT macro (#1253570)
  - Add OpenSSL cipher macro EECDH (#1160745)
  - Disable the live server testing in make check because it
    may run as root and fail horribly (#1160745)
* Thu Aug 27 2015 Rob Crittenden <rcritten@redhat.com> - 1.0.11-4
  - Handle permanently disabled ciphers in call to SSL_CipherPrefSet
    (#1160745)
* Mon Aug 17 2015 Rob Crittenden <rcritten@redhat.com> - 1.0.11-3
  - Fix logical and support in cipher strings CVE-2015-3277
    (#1253570)
  - Add missing BuildRequires and small patch to use requests.urllib3
    to fix make check (#1253570)
* Wed Jul 29 2015 Matthew Harmsen <mharmsen@redhat.com> - 1.0.11-2
  - Resolves: rhbz #1066236
  - Bugzilla Bug #1066236 - mod_nss: documentation formatting fixes
* Thu Jun 11 2015 Rob Crittenden <rcritten@redhat.com> - 1.0.11-1
  - Resolves: rhbz #1160745 - Rebase mod_nss to 1.0.11
* Mon Jan 05 2015 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-33
  - Resolves: rhbz #1169871
  - Bugzilla Bug #1169871 -  Default configuration enables SSL3
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.0.8-32
  - Mass rebuild 2014-01-24
* Mon Jan 13 2014 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-31
  - Resolves: rhbz #1029360
  - Bugzilla Bug #1029360 - ambiguous/invalid ENVR in httpd-mmn Provides/Requires
  - corrected typo on date
* Mon Jan 13 2014 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-30
  - Resolves: rhbz #1029360
  - Bugzilla Bug #1029360 - ambiguous/invalid ENVR in httpd-mmn Provides/Requires
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.0.8-29
  - Mass rebuild 2013-12-27
* Wed Nov 27 2013 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-28
  - Resolves: rhbz #1030276
  - [mod_nss-usecases.patch]
  - Bugzilla Bug #1030276 - mod_nss not working in FIPS mode
* Fri Nov 15 2013 Rob Crittenden <rcritten@redhat.com> - 1.0.8-27
  - Resolves: CVE-2013-4566
  - Bugzilla Bug #1024536 - mod_nss: incorrect handling of NSSVerifyClient in
    directory context [rhel-7.0] (rcritten)
  - Bugzilla Bug #1030845 - mod_nss: do not use %configure in %changelog
    (mharmsen)
* Tue Nov 12 2013 Joe Orton <jorton@redhat.com> - 1.0.8-26
  - [mod_nss-SSLEngine-off.patch]
  - Bugzilla Bug #1029042 - Implicit SSLEngine for 443 port breaks mod_nss
    configuration (jorton)
  - [mod_nss-unused-filter_ctx.patch]
  - Bugzilla Bug #1029665 - Remove unused variable 'filter_ctx' (mharmsen)
* Fri Nov 01 2013 Tomas Hoger <thoger@redhat.com> - 1.0.8-25
  - Bugzilla Bug #1025317 - mod_nss: documentation formatting fixes [rhel-7]
* Thu Oct 24 2013 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-24
  - Add '--enable-ecc' option to %configure line under %build section of
    this spec file (mharmsen)
  - Bumped version build/runtime requirements for NSPR and NSS (mharmsen)
  - [mod_nss-PK11_ListCerts_2.patch]
  - Bugzilla Bug #1022295 - PK11_ListCerts called to retrieve all user
    certificates for every server (rcritten)
  - [mod_nss-array_overrun.patch]
  - Bugzilla Bug #1022298 - overrunning array when executing nss_pcache
    (rcritten)
  - [mod_nss-clientauth.patch]
  - Bugzilla Bug #1022921 - mod_nss: FakeBasicAuth authentication bypass
    [rhel-7.0] (rcritten)
  - [mod_nss-no_shutdown_if_not_init_2.patch]
  - Bugzilla Bug #1022303 - File descriptor leak after "service httpd reload"
    or httpd doesn't reload (rrelyea)
  - [mod_nss-proxyvariables.patch]
  - Bugzilla Bug #1022309 - mod_nss insists on Required value NSSCipherSuite
    not set. (mharmsen)
  - [mod_nss-tlsv1_1.patch]
  - Bugzilla Bug #1022310 - current nss support TLS 1.1 so mod_nss should pick
    it up (mharmsen)
  - [mod_nss-sslmultiproxy_2.patch]
  - Fixes Bugzilla Bug #1021458 - [RFE] Support ability to share mod_proxy with
    other SSL providers (jorton, mharmsen, nkinder, & rcritten)
* Tue Jul 30 2013 Joe Orton <jorton@redhat.com> - 1.0.8-23
  - add dependency on httpd-mmn
* Wed Jul 03 2013 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-22
  - Moved 'nss_pcache' from %sbindir to %libexecdir
    (provided compatibility link)
* Tue Jul 02 2013 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-21.1
  - Add the following explanation to the 'Dangling symlinks' textbox in rpmdiff:
    Symlink 'etc/httpd/alias/libnssckbi.so' is deliberate.
    This test does not belong in rpmdiff. This test belongs in TPS.
    Since the symlink points to a file in another package, e.g. a
    dependency or a system file, rpmdiff cannot detect this. Remember,
    rpmdiff does not install or even know about package dependencies.
    That's TPS's job.
  - Add the following explanation to the 'Brewtap results' textbox in rpmdiff:
    The '/etc/httpd/conf.d/nss.conf' file does not require a man page
    because its parameters are sufficiently documented within the
    configuration file itself.
    The '/etc/httpd/conf.modules.d/10-nss.conf' file does not require
    a man page because the file merely contains the line
    'LoadModule nss_module modules/libmodnss.so' to support httpd
    loading of Dynamic Shared Objects ('/etc/httpd/conf/httpd.conf').
* Tue Jun 25 2013 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-21
  - Bugzilla Bug #884115 - Package mod_nss-1.0.8-18.1.el7 failed RHEL7 RPMdiff
    testing
  - Bugzilla Bug #906082 - mod_nss requires manpages for gencert and nss_pcache
  - Bugzilla Bug #906089 - Fix dangling symlinks in mod_nss
  - Bugzilla Bug #906097 - Correct RPM Parse Warning in mod_nss.spec
  - Bugzilla Bug #948601 - Man page scan results for mod_nss
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-20.1
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-19.1
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Jun 18 2012 Joe Orton <jorton@redhat.com> - 1.0.8-18.1
  - fix build for RHEL7
* Fri Jun 15 2012 Rob Crittenden <rcritten@redhat.com> - 1.0.8-18
  - Actually apply the patch to use memmove in place of memcpy since the
    buffers can overlap (#669118)
* Tue Jun 12 2012 Nathan Kinder <nkinder@redhat.com> - 1.0.8-17
  - Port mod_nss to work with httpd 2.4
* Mon Apr 23 2012 Joe Orton <jorton@redhat.com> - 1.0.8-16
  - packaging fixes/updates (#803072)
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-15
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Mar 07 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-14
  - Add Requires(post) for nss-tools, gencert needs it (#652007)
* Wed Mar 02 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-13
  - Lock around the pipe to nss_pcache for retrieving the token PIN
    (#677701)
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-12
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Jan 12 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-11
  - Use memmove in place of memcpy since the buffers can overlap (#669118)
* Wed Sep 29 2010 jkeating - 1.0.8-10
  - Rebuilt for gcc bug 634757
* Thu Sep 23 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-9
  - Revert mod_nss-wouldblock patch
  - Reset NSPR error before calling PR_Read(). This should fix looping
    in #620856
* Fri Sep 17 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-8
  - Fix hang when handling large POST under some conditions (#620856)
* Tue Jun 22 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-7
  - Remove file Requires on libnssckbi.so (#601939)
* Fri May 14 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-6
  - Ignore SIGHUP in nss_pcache (#591889).
* Thu May 13 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-5
  - Use remote hostname set by mod_proxy to compare to CN in peer cert (#591224)
* Thu Mar 18 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-4
  - Patch to add configuration options for new NSS negotiation API (#574187)
  - Add (pre) for Requires on httpd so we can be sure the user and group are
    already available
  - Add file Requires on libnssckbi.so so symlink can't fail
  - Use _sysconfdir macro instead of /etc
  - Set minimum level of NSS to 3.12.6
* Mon Jan 25 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-3
  - The location of libnssckbi moved from /lib[64] to /usr/lib[64] (556744)
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Mon Mar 02 2009 Rob Crittenden <rcritten@redhat.com> - 1.0.8-1
  - Update to 1.0.8
  - Add patch that fixes NSPR layer bug
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.7-11
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Aug 11 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.0.7-10
  - fix license tag
* Mon Jul 28 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-9
  - rebuild to bump NVR
* Mon Jul 14 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-8
  - Don't force module de-init during the configuration stage (453508)
* Thu Jul 10 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-7
  - Don't inherit the MP cache in multi-threaded mode (454701)
  - Don't initialize NSS in each child if SSL isn't configured
* Wed Jul 02 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-6
  - Update the patch for FIPS to include fixes for nss_pcache, enforce
    the security policy and properly initialize the FIPS token.
* Mon Jun 30 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-5
  - Include patch to fix NSSFIPS (446851)
* Mon Apr 28 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-4
  - Apply patch so that mod_nss calls NSS_Init() after Apache forks a child
    and not before. This is in response to a change in the NSS softtokn code
    and should have always been done this way. (444348)
  - The location of libnssckbi moved from /usr/lib[64] to /lib[64]
  - The NSS database needs to be readable by apache since we need to use it
    after the root priviledges are dropped.
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.0.7-3
  - Autorebuild for GCC 4.3
* Thu Oct 18 2007 Rob Crittenden <rcritten@redhat.com> 1.0.7-2
  - Register functions needed by mod_proxy if mod_ssl is not loaded.
* Fri Jun 01 2007 Rob Crittenden <rcritten@redhat.com> 1.0.7-1
  - Update to 1.0.7
  - Remove Requires for nss and nspr since those are handled automatically
    by versioned libraries
  - Updated URL and Source to reference directory.fedoraproject.org
* Mon Apr 09 2007 Rob Crittenden <rcritten@redhat.com> 1.0.6-2
  - Patch to properly detect the Apache model and set up NSS appropriately
  - Patch to punt if a bad password is encountered
  - Patch to fix crash when password.conf is malformatted
  - Don't enable ECC support as NSS doesn't have it enabled (3.11.4-0.7)
* Mon Oct 23 2006 Rob Crittenden <rcritten@redhat.com> 1.0.6-1
  - Update to 1.0.6
* Fri Aug 04 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-4
  - Include LogLevel warn in nss.conf and use separate log files
* Fri Aug 04 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-3
  - Need to initialize ECC certificate and key variables
* Fri Aug 04 2006 Jarod Wilson <jwilson@redhat.com> 1.0.3-2
  - Use %ghost for db files and install.log
* Tue Jun 20 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-1
  - Initial build

Files

/etc/httpd/alias
/etc/httpd/alias/cert8.db
/etc/httpd/alias/install.log
/etc/httpd/alias/key3.db
/etc/httpd/alias/libnssckbi.so
/etc/httpd/alias/secmod.db
/etc/httpd/conf.d/nss.conf
/etc/httpd/conf.modules.d/10-nss.conf
/usr/lib64/httpd/modules/libmodnss.so
/usr/libexec/nss_pcache
/usr/sbin/gencert
/usr/sbin/nss_pcache
/usr/share/doc/mod_nss-1.0.14
/usr/share/doc/mod_nss-1.0.14/LICENSE
/usr/share/doc/mod_nss-1.0.14/README
/usr/share/doc/mod_nss-1.0.14/mod_nss.html
/usr/share/man/man8/gencert.8.gz
/usr/share/man/man8/nss_pcache.8.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Apr 9 14:35:08 2024