[ol6_latest_archive] mod_nss-1.0.10-9.el6.i686

Name:	mod_nss
Version:	1.0.10
Release:	9.el6
Architecture:	i686
Group:	System Environment/Daemons
Size:	257631
License:	ASL 2.0
RPM:	mod_nss-1.0.10-9.el6.i686.rpm
Source RPM:	mod_nss-1.0.10-9.el6.src.rpm
Build Date:	Wed Jan 11 2017
Build Host:	x86-ol6-builder-04.us.oracle.com
Vendor:	Oracle America
URL:	https://fedorahosted.org/mod_nss/
Summary:	SSL/TLS module for the Apache HTTP server
Description:	The mod_nss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols using the Network Security Services (NSS) security library.

Changelog (Show File list) (Show related packages)

Mon Nov 07 2016 Matthew Harmsen <mharmsen@redhat.com> - 1.0.10-9

- Backported patch from Rob Crittenden
- Bugzilla Bug #1390359 - foward port NSS OCSP cache settings (rcritten)

Thu Oct 20 2016 Matthew Harmsen <mharmsen@redhat.com> - 1.0.10-8

- Resolves: rhbz #1379823 - mod_nss SNI serves incorrect certificate (rcritten)

Wed Aug 24 2016 Matthew Harmsen <mharmsen@redhat.com> - 1.0.10-7

- Backported patch from Rob Crittenden
- Clean up semaphore in nss_pcache on shutdown (#1364561)
- Update clean semaphore patch to not close pipe twice and to
  shutdown NSS database (#1364561)
- Update clean semaphore patch to not free the pinList twice.
  (#1364561)

Thu Feb 25 2016 Matthew Harmsen <mharmsen@redhat.com> - 1.0.10-6

- Resolves: rhbz #1312052 - NSSProtocol is ignored when NSSFIPS is enabled.

Tue Jan 19 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.10-5

- Resolves: rhbz #1295490 - Add server-side Server Name Indication
  (SNI) support
- Resolves: rhbz #1277613, #1295976 - Always shut down the SSL
  session cache when killing the module. This was the source of a
  rather large memory leak and potential crash in the case of
  SIGHUP or service reload.

Fri Jan 15 2016 Matthew Harmsen <mharmsen@redhat.com> - 1.0.10-4

- Resolves: rhbz #1280276 - Relocate and downgrade NSSProxyNickname error
  message to a warning (removed error message)

Thu Jan 14 2016 Matthew Harmsen <mharmsen@redhat.com> - 1.0.10-3

- Resolves: rhbz #1288477 - mod_nss: detect and fail for colons in
  credentials with FakeBasicAuth 
- Patch created by jkaluza@redhat.com for 'mod_ssl' in rhbz #1027442 -
  mod_ssl: detect and fail for colons in credentials with FakeBasicAuth

Wed Oct 14 2015 Rob Crittenden <rcritten@redhat.com> - 1.0.10-2

- Resolves: rhbz #1214366 - ssl re-negotiation buffer size in mod_nss
  is hard-coded at 128K

Thu Jan 22 2015 Matthew Harmsen <mharmsen@redhat.com> - 1.0.10-1

- Resolves: rhbz #1166316 - Rebase mod_nss to 1.0.10 to support TLSv1.2

Thu Jun 05 2014 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-21

- Bumped version build/runtime requirements for 'nspr' and 'nss'
- Added runtime dependency for 'nss-softokn'
- Bugzilla Bug #1002733 - Apache core generated with sig 5
- Bugzilla Bug #1016628 - mod_nss httpd segfaulting regularly
- Bugzilla Bug #866703 - Memory error in mod_nss (eol_memmove.patch)

Wed Nov 27 2013 Rob Crittenden <rcritten@redhat.com> - 1.0.8-20

- Resolves: CVE-2013-4566
- Bugzilla Bug #1030267 - mod_nss: incorrect handling of NSSVerifyClient in
  directory context [rhel-6.6]

Fri Nov 15 2013 Rob Crittenden <rcritten@redhat.com> - 1.0.8-19

- Resolves: CVE-2013-4566
- Bugzilla Bug #1030265 - mod_nss: incorrect handling of NSSVerifyClient in
  directory context [rhel-6.5.z]

Tue Oct 23 2012 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-18

- Fixes Bugzilla Bug #835071 - [RFE] Support ability to share mod_proxy with
  other SSL providers (w/jorton, nkinder, & rcritten)

Tue Oct 16 2012 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-17

- Fixes Bugzilla Bug #816394 - [RFE] Provide Apache 2.2 support for TLS v1.1
  via NSS through mod_nss . . .
- Bumped version build/runtime requirements for NSPR and NSS

Wed Oct 03 2012 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-16

- Fixes Bugzilla Bug #769906 - mod_nss insists on Required value
  NSSCipherSuite not set. (mod_nss-proxyvariables.patch)

Wed Feb 29 2012 Rob Crittenden <rcritten@redhat.com> - 1.0.8-15

- Fixes Bugzilla Bug #749408 - PK11_ListCerts called to retrieve all user
  certificates for every server (mod_nss-PK11_ListCerts.patch)
- Fixes Bugzilla Bug #749409 - Add '--enable-ecc' option to %configure
  line under %build section of RHEL 6 spec file

Wed Feb 29 2012 Robert Relyea <rrelyea@redhat.com> - 1.0.8-14

- Fix 'Bugzilla Bug #797358 - mod_nss fails debug assertion' by removing
  'mod_nss-no_shutdown_if_not_init.patch' and applying
  'mod_nss-no_shutdown_if_not_init_2.patch' instead
- The 'mod_nss-no_shutdown_if_not_init_2.patch' patch also fixes
  Bugzilla Bug #797326 - File descriptor leak after "service httpd reload"
  or httpd doesn't reload

Mon Aug 01 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-13

- Fix array overrun when launching nss_pcache (#714154)
- For FakeBasicAuth retrieve the entire subject, not just CN. Prefix this
  with "/" to be compatible with OpenSSL.
  Always retrieve the client certificate, not just on the first request
  it is needed. (#702437)
- Don't try to shut down NSS if it wasn't initialized. (#691502)

Wed Mar 09 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-12

- Use memmove in place of memcpy since the buffers can overlap (#682326)

Wed Mar 02 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-11

- Lock around the pipe to nss_pcache for retrieving the token PIN
  (#677700)

Wed Feb 02 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-10
```
- Apply the patch for #634687
```

Wed Feb 02 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-9

- Add man page for gencert (#605376)
- Fix hang when handling large POST under some conditions (#634687)

Mon Jun 14 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-8
```
- Add Requires on nss-tools for default db creation (#603172)
```

Thu May 20 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-7

- Use remote hostname set by mod_proxy to compare to CN in peer cert (#591901)

Thu Mar 18 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-6

- Patch to add configuration options for new NSS negotiation API (#574187)
- Set minimum version of nss to 3.12.6 to pick up renegotiation fix

Wed Feb 24 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-5

- Add (pre) for Requires on httpd so we can be sure the user and group are
  already available
- Add file Requires on libnssckbi.so so symlink can't fail
- Use _sysconfdir macro instead of /etc

Tue Feb 23 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-4

- Remove unused variable and perl substitution for gencert. gencert used to
  have separate variables for NSS & NSPR libraries, that is gone now so this
  variable and substitution aren't needed.
- Added comments to patch to identify what they do

Wed Jan 27 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-3

- The location of libnssckbi.so moved from /lib[64] to /usr/lib[64] (#558545)
- Don't generate output when the default NSS database is generated (#538859)

Mon Nov 30 2009 Dennis Gregorovic <dgregor@redhat.com> - 1.0.8-2.1
```
- Rebuilt for RHEL 6
```
Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-2
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
```
Mon Mar 02 2009 Rob Crittenden <rcritten@redhat.com> - 1.0.8-1
```
- Update to 1.0.8
- Add patch that fixes NSPR layer bug
```
Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.7-11
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
```
Mon Aug 11 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.0.7-10
```
- fix license tag
```
Mon Jul 28 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-9
```
- rebuild to bump NVR
```

Mon Jul 14 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-8

- Don't force module de-init during the configuration stage (453508)

Thu Jul 10 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-7

- Don't inherit the MP cache in multi-threaded mode (454701)
- Don't initialize NSS in each child if SSL isn't configured

Wed Jul 02 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-6

- Update the patch for FIPS to include fixes for nss_pcache, enforce
  the security policy and properly initialize the FIPS token.

Mon Jun 30 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-5
```
- Include patch to fix NSSFIPS (446851)
```

Mon Apr 28 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-4

- Apply patch so that mod_nss calls NSS_Init() after Apache forks a child
  and not before. This is in response to a change in the NSS softtokn code
  and should have always been done this way. (444348)
- The location of libnssckbi moved from /usr/lib[64] to /lib[64]
- The NSS database needs to be readable by apache since we need to use it
  after the root priviledges are dropped.

Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.0.7-3
```
- Autorebuild for GCC 4.3
```

Thu Oct 18 2007 Rob Crittenden <rcritten@redhat.com> 1.0.7-2

- Register functions needed by mod_proxy if mod_ssl is not loaded.

Fri Jun 01 2007 Rob Crittenden <rcritten@redhat.com> 1.0.7-1

- Update to 1.0.7
- Remove Requires for nss and nspr since those are handled automatically
  by versioned libraries
- Updated URL and Source to reference directory.fedoraproject.org

Mon Apr 09 2007 Rob Crittenden <rcritten@redhat.com> 1.0.6-2

- Patch to properly detect the Apache model and set up NSS appropriately
- Patch to punt if a bad password is encountered
- Patch to fix crash when password.conf is malformatted
- Don't enable ECC support as NSS doesn't have it enabled (3.11.4-0.7)

Mon Oct 23 2006 Rob Crittenden <rcritten@redhat.com> 1.0.6-1
```
- Update to 1.0.6
```

Fri Aug 04 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-4

- Include LogLevel warn in nss.conf and use separate log files

Fri Aug 04 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-3
```
- Need to initialize ECC certificate and key variables
```
Fri Aug 04 2006 Jarod Wilson <jwilson@redhat.com> 1.0.3-2
```
- Use %ghost for db files and install.log
```
Tue Jun 20 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-1
```
- Initial build
```