[ol6_u3_base] mod_nss-1.0.8-15.el6.x86_64

The mod_nss module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols using the Network Security Services (NSS)
security library.

Changelog (Show File list) (Show related packages)

• Wed Feb 29 2012 Rob Crittenden <rcritten@redhat.com> - 1.0.8-15

  - Fixes Bugzilla Bug #749408 - PK11_ListCerts called to retrieve all user
    certificates for every server (mod_nss-PK11_ListCerts.patch)
  - Fixes Bugzilla Bug #749409 - Add '--enable-ecc' option to '
    CFLAGS="${CFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic}" ; export CFLAGS ; 
    CXXFLAGS="${CXXFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic}" ; export CXXFLAGS ; 
    FFLAGS="${FFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -I/usr/lib64/gfortran/modules}" ; export FFLAGS ; 
    ./configure --build=x86_64-unknown-linux-gnu --host=x86_64-unknown-linux-gnu \
  	--target=x86_64-redhat-linux-gnu \
  	--program-prefix= \
  	--prefix=/usr \
  	--exec-prefix=/usr \
  	--bindir=/usr/bin \
  	--sbindir=/usr/sbin \
  	--sysconfdir=/etc \
  	--datadir=/usr/share \
  	--includedir=/usr/include \
  	--libdir=/usr/lib64 \
  	--libexecdir=/usr/libexec \
  	--localstatedir=/var \
  	--sharedstatedir=/var/lib \
  	--mandir=/usr/share/man \
  	--infodir=/usr/share/info'
    line under '%build
  LANG=C
  export LANG
  unset DISPLAY
  ' section of RHEL 6 spec file

• Wed Feb 29 2012 Robert Relyea <rrelyea@redhat.com> - 1.0.8-14

  - Fix 'Bugzilla Bug #797358 - mod_nss fails debug assertion' by removing
    'mod_nss-no_shutdown_if_not_init.patch' and applying
    'mod_nss-no_shutdown_if_not_init_2.patch' instead
  - The 'mod_nss-no_shutdown_if_not_init_2.patch' patch also fixes
    Bugzilla Bug #797326 - File descriptor leak after "service httpd reload"
    or httpd doesn't reload

• Mon Aug 01 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-13

  - Fix array overrun when launching nss_pcache (#714154)
  - For FakeBasicAuth retrieve the entire subject, not just CN. Prefix this
    with "/" to be compatible with OpenSSL.
    Always retrieve the client certificate, not just on the first request
    it is needed. (#702437)
  - Don't try to shut down NSS if it wasn't initialized. (#691502)

• Wed Mar 09 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-12

  - Use memmove in place of memcpy since the buffers can overlap (#682326)

• Wed Mar 02 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-11

  - Lock around the pipe to nss_pcache for retrieving the token PIN
    (#677700)

• Wed Feb 02 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-10

  - Apply the patch for #634687

• Wed Feb 02 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-9

  - Add man page for gencert (#605376)
  - Fix hang when handling large POST under some conditions (#634687)

• Mon Jun 14 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-8

  - Add Requires on nss-tools for default db creation (#603172)

• Thu May 20 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-7

  - Use remote hostname set by mod_proxy to compare to CN in peer cert (#591901)

• Thu Mar 18 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-6

  - Patch to add configuration options for new NSS negotiation API (#574187)
  - Set minimum version of nss to 3.12.6 to pick up renegotiation fix

• Wed Feb 24 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-5

  - Add (pre) for Requires on httpd so we can be sure the user and group are
    already available
  - Add file Requires on libnssckbi.so so symlink can't fail
  - Use _sysconfdir macro instead of /etc

• Tue Feb 23 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-4

  - Remove unused variable and perl substitution for gencert. gencert used to
    have separate variables for NSS & NSPR libraries, that is gone now so this
    variable and substitution aren't needed.
  - Added comments to patch to identify what they do

• Wed Jan 27 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-3

  - The location of libnssckbi.so moved from /lib[64] to /usr/lib[64] (#558545)
  - Don't generate output when the default NSS database is generated (#538859)

• Mon Nov 30 2009 Dennis Gregorovic <dgregor@redhat.com> - 1.0.8-2.1

  - Rebuilt for RHEL 6

• Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-2

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

• Mon Mar 02 2009 Rob Crittenden <rcritten@redhat.com> - 1.0.8-1

  - Update to 1.0.8
  - Add patch that fixes NSPR layer bug

• Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.7-11

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

• Mon Aug 11 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.0.7-10

  - fix license tag

• Mon Jul 28 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-9

  - rebuild to bump NVR

• Mon Jul 14 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-8

  - Don't force module de-init during the configuration stage (453508)

• Thu Jul 10 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-7

  - Don't inherit the MP cache in multi-threaded mode (454701)
  - Don't initialize NSS in each child if SSL isn't configured

• Wed Jul 02 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-6

  - Update the patch for FIPS to include fixes for nss_pcache, enforce
    the security policy and properly initialize the FIPS token.

• Mon Jun 30 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-5

  - Include patch to fix NSSFIPS (446851)

• Mon Apr 28 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-4

  - Apply patch so that mod_nss calls NSS_Init() after Apache forks a child
    and not before. This is in response to a change in the NSS softtokn code
    and should have always been done this way. (444348)
  - The location of libnssckbi moved from /usr/lib[64] to /lib[64]
  - The NSS database needs to be readable by apache since we need to use it
    after the root priviledges are dropped.

• Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.0.7-3

  - Autorebuild for GCC 4.3

• Thu Oct 18 2007 Rob Crittenden <rcritten@redhat.com> 1.0.7-2

  - Register functions needed by mod_proxy if mod_ssl is not loaded.

• Fri Jun 01 2007 Rob Crittenden <rcritten@redhat.com> 1.0.7-1

  - Update to 1.0.7
  - Remove Requires for nss and nspr since those are handled automatically
    by versioned libraries
  - Updated URL and Source to reference directory.fedoraproject.org

• Mon Apr 09 2007 Rob Crittenden <rcritten@redhat.com> 1.0.6-2

  - Patch to properly detect the Apache model and set up NSS appropriately
  - Patch to punt if a bad password is encountered
  - Patch to fix crash when password.conf is malformatted
  - Don't enable ECC support as NSS doesn't have it enabled (3.11.4-0.7)

• Mon Oct 23 2006 Rob Crittenden <rcritten@redhat.com> 1.0.6-1

  - Update to 1.0.6

• Fri Aug 04 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-4

  - Include LogLevel warn in nss.conf and use separate log files

• Fri Aug 04 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-3

  - Need to initialize ECC certificate and key variables

• Fri Aug 04 2006 Jarod Wilson <jwilson@redhat.com> 1.0.3-2

  - Use %ghost for db files and install.log

• Tue Jun 20 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-1

  - Initial build