[ol7_u6_base] mod_nss-1.0.14-12.el7.x86_64

Name:	mod_nss
Version:	1.0.14
Release:	12.el7
Architecture:	x86_64
Group:	System Environment/Daemons
Size:	312357
License:	ASL 2.0
RPM:	mod_nss-1.0.14-12.el7.x86_64.rpm
Source RPM:	mod_nss-1.0.14-12.el7.src.rpm
Build Date:	Sun Jan 28 2018
Build Host:	x86-ol7-builder-02.us.oracle.com
Vendor:	Oracle America
URL:	https://pagure.io/mod_nss/
Summary:	SSL/TLS module for the Apache HTTP server
Description:	The mod_nss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols using the Network Security Services (NSS) security library.

Changelog (Show File list) (Show related packages)

Fri Nov 03 2017 Rob Crittenden <rcritten@redhat.com> - 1.0.14-12

- Correct URL and Source entries to point to pagure.io (#1502362)
- Remove deprecated NSSSessionCacheTimeout from default config (#1257662)

Wed Jul 19 2017 Rob Crittenden <rcritten@redhat.com> - 1.0.14-11
```
- TLS session cache was not working (#1461580)
```
Wed May 10 2017 Rob Crittenden <rcritten@redhat.com> - 1.0.14-10
```
- Apply the nss_pcache man page patch (#1382102)
```

Wed May 10 2017 Rob Crittenden <rcritten@redhat.com> - 1.0.14-9

- Update nss_pcache.8 to drop directory and prefix options (#1382102)

- Don't share mod_nss NSS database with nss_pcache (#1382102)

Thu Feb 23 2017 Rob Crittenden <rcritten@redhat.com> - 1.0.14-8

- Fail start start when there are invalid Protocols defined (#1389114)
- Handle group membership when testing NSS database filesystem
  permissions (#1395300)
- Add OCSP cache tuning directives (#1392582) 
- Don't share mod_nss NSS database with nss_pcache (#1382102)

Wed Sep 21 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.14-7
```
- Add the permission patch to the repository (#1312583)
```

Wed Sep 21 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.14-6

- Check the NSS certificate database directory for read permissions
  by the Apache user. (#1312583)

Wed Aug 10 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.14-5

- Update clean semaphore patch to not free the pinList twice.
  (#1364560)

Tue Aug 09 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.14-4

- Update clean semaphore patch to not close pipe twice and to
  shutdown NSS database (#1364560)

Mon Aug 08 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.14-3
```
- Clean up semaphore in nss_pcache on shutdown (#1364560)
```

Tue Jun 28 2016 Matthew Harmsen <mharmsen@redhat.com> - 1.0.14-2

- mod_nss sets r->user in fixup even if it was long ago changed
  by other module (#1347298)

Mon May 23 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.14-1

- Rebase to 1.0.14 (#1299063)
- Add support for Server Name Indication (SNI) (#1053327)
- Use upstream method to not execute live tests as root (#1256887)
- Always call SSL_ShutdownServerSessionIDCache() in ModuleKill
  (#1263301, #1296685)
- Don't require NSSProxyNickname (#1280287)
- Make link to libnssckbi.so an absolute link (#1288471)
- Fail for colons in credentials with FakeBasicAuth (#1295970)
- Don't ignore NSSProtocol when NSSFIPS is enabled (#1312491)
- Check filesystem permissions on NSS database at startup (#1312583)
- OpenSSL ciphers stopped parsing at +, CVE-2016-3099 (#1323913)
- Patch to match available ciphers so tests pass (#1299063)
- Patch to fix tests in brew (#1299063)

Tue Sep 22 2015 Rob Crittenden <rcritten@redhat.com> - 1.0.11-6

- Add the supported NSS SHA384 ciphers (#1253570)
- Add kECDH, AECDH, ECDSA and aECDSA macros (#1253570)
- Bump the NSS BR and Requires so the new ciphers are available
- Bump the NSPR Requires to match NSS

Mon Sep 21 2015 Rob Crittenden <rcritten@redhat.com> - 1.0.11-5

- Don't enable NULL ciphers in DEFAULT macro (#1253570)
- Add OpenSSL cipher macro EECDH (#1160745)
- Disable the live server testing in make check because it
  may run as root and fail horribly (#1160745)

Thu Aug 27 2015 Rob Crittenden <rcritten@redhat.com> - 1.0.11-4

- Handle permanently disabled ciphers in call to SSL_CipherPrefSet
  (#1160745)

Mon Aug 17 2015 Rob Crittenden <rcritten@redhat.com> - 1.0.11-3

- Fix logical and support in cipher strings CVE-2015-3277
  (#1253570)
- Add missing BuildRequires and small patch to use requests.urllib3
  to fix make check (#1253570)

Wed Jul 29 2015 Matthew Harmsen <mharmsen@redhat.com> - 1.0.11-2

- Resolves: rhbz #1066236
- Bugzilla Bug #1066236 - mod_nss: documentation formatting fixes

Thu Jun 11 2015 Rob Crittenden <rcritten@redhat.com> - 1.0.11-1
```
- Resolves: rhbz #1160745 - Rebase mod_nss to 1.0.11
```

Mon Jan 05 2015 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-33

- Resolves: rhbz #1169871
- Bugzilla Bug #1169871 -  Default configuration enables SSL3

Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.0.8-32
```
- Mass rebuild 2014-01-24
```

Mon Jan 13 2014 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-31

- Resolves: rhbz #1029360
- Bugzilla Bug #1029360 - ambiguous/invalid ENVR in httpd-mmn Provides/Requires
- corrected typo on date

Mon Jan 13 2014 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-30

- Resolves: rhbz #1029360
- Bugzilla Bug #1029360 - ambiguous/invalid ENVR in httpd-mmn Provides/Requires

Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.0.8-29
```
- Mass rebuild 2013-12-27
```

Wed Nov 27 2013 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-28

- Resolves: rhbz #1030276
- [mod_nss-usecases.patch]
- Bugzilla Bug #1030276 - mod_nss not working in FIPS mode

Fri Nov 15 2013 Rob Crittenden <rcritten@redhat.com> - 1.0.8-27

- Resolves: CVE-2013-4566
- Bugzilla Bug #1024536 - mod_nss: incorrect handling of NSSVerifyClient in
  directory context [rhel-7.0] (rcritten)
- Bugzilla Bug #1030845 - mod_nss: do not use %configure in %changelog
  (mharmsen)

Tue Nov 12 2013 Joe Orton <jorton@redhat.com> - 1.0.8-26

- [mod_nss-SSLEngine-off.patch]
- Bugzilla Bug #1029042 - Implicit SSLEngine for 443 port breaks mod_nss
  configuration (jorton)
- [mod_nss-unused-filter_ctx.patch]
- Bugzilla Bug #1029665 - Remove unused variable 'filter_ctx' (mharmsen)

Fri Nov 01 2013 Tomas Hoger <thoger@redhat.com> - 1.0.8-25

- Bugzilla Bug #1025317 - mod_nss: documentation formatting fixes [rhel-7]

Thu Oct 24 2013 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-24

- Add '--enable-ecc' option to %configure line under %build section of
  this spec file (mharmsen)
- Bumped version build/runtime requirements for NSPR and NSS (mharmsen)
- [mod_nss-PK11_ListCerts_2.patch]
- Bugzilla Bug #1022295 - PK11_ListCerts called to retrieve all user
  certificates for every server (rcritten)
- [mod_nss-array_overrun.patch]
- Bugzilla Bug #1022298 - overrunning array when executing nss_pcache
  (rcritten)
- [mod_nss-clientauth.patch]
- Bugzilla Bug #1022921 - mod_nss: FakeBasicAuth authentication bypass
  [rhel-7.0] (rcritten)
- [mod_nss-no_shutdown_if_not_init_2.patch]
- Bugzilla Bug #1022303 - File descriptor leak after "service httpd reload"
  or httpd doesn't reload (rrelyea)
- [mod_nss-proxyvariables.patch]
- Bugzilla Bug #1022309 - mod_nss insists on Required value NSSCipherSuite
  not set. (mharmsen)
- [mod_nss-tlsv1_1.patch]
- Bugzilla Bug #1022310 - current nss support TLS 1.1 so mod_nss should pick
  it up (mharmsen)
- [mod_nss-sslmultiproxy_2.patch]
- Fixes Bugzilla Bug #1021458 - [RFE] Support ability to share mod_proxy with
  other SSL providers (jorton, mharmsen, nkinder, & rcritten)

Tue Jul 30 2013 Joe Orton <jorton@redhat.com> - 1.0.8-23
```
- add dependency on httpd-mmn
```

Wed Jul 03 2013 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-22

- Moved 'nss_pcache' from %sbindir to %libexecdir
  (provided compatibility link)

Tue Jul 02 2013 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-21.1

- Add the following explanation to the 'Dangling symlinks' textbox in rpmdiff:
  Symlink 'etc/httpd/alias/libnssckbi.so' is deliberate.
  This test does not belong in rpmdiff. This test belongs in TPS.
  Since the symlink points to a file in another package, e.g. a
  dependency or a system file, rpmdiff cannot detect this. Remember,
  rpmdiff does not install or even know about package dependencies.
  That's TPS's job.
- Add the following explanation to the 'Brewtap results' textbox in rpmdiff:
  The '/etc/httpd/conf.d/nss.conf' file does not require a man page
  because its parameters are sufficiently documented within the
  configuration file itself.
  The '/etc/httpd/conf.modules.d/10-nss.conf' file does not require
  a man page because the file merely contains the line
  'LoadModule nss_module modules/libmodnss.so' to support httpd
  loading of Dynamic Shared Objects ('/etc/httpd/conf/httpd.conf').

Tue Jun 25 2013 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-21

- Bugzilla Bug #884115 - Package mod_nss-1.0.8-18.1.el7 failed RHEL7 RPMdiff
  testing
- Bugzilla Bug #906082 - mod_nss requires manpages for gencert and nss_pcache
- Bugzilla Bug #906089 - Fix dangling symlinks in mod_nss
- Bugzilla Bug #906097 - Correct RPM Parse Warning in mod_nss.spec
- Bugzilla Bug #948601 - Man page scan results for mod_nss

Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-20.1
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
```
Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-19.1
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
```
Mon Jun 18 2012 Joe Orton <jorton@redhat.com> - 1.0.8-18.1
```
- fix build for RHEL7
```

Fri Jun 15 2012 Rob Crittenden <rcritten@redhat.com> - 1.0.8-18

- Actually apply the patch to use memmove in place of memcpy since the
  buffers can overlap (#669118)

Tue Jun 12 2012 Nathan Kinder <nkinder@redhat.com> - 1.0.8-17
```
- Port mod_nss to work with httpd 2.4
```
Mon Apr 23 2012 Joe Orton <jorton@redhat.com> - 1.0.8-16
```
- packaging fixes/updates (#803072)
```
Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-15
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
```
Mon Mar 07 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-14
```
- Add Requires(post) for nss-tools, gencert needs it (#652007)
```

Wed Mar 02 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-13

- Lock around the pipe to nss_pcache for retrieving the token PIN
  (#677701)

Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-12
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
```

Wed Jan 12 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-11

- Use memmove in place of memcpy since the buffers can overlap (#669118)

Wed Sep 29 2010 jkeating - 1.0.8-10
```
- Rebuilt for gcc bug 634757
```

Thu Sep 23 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-9

- Revert mod_nss-wouldblock patch
- Reset NSPR error before calling PR_Read(). This should fix looping
  in #620856

Fri Sep 17 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-8

- Fix hang when handling large POST under some conditions (#620856)

Tue Jun 22 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-7
```
- Remove file Requires on libnssckbi.so (#601939)
```
Fri May 14 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-6
```
- Ignore SIGHUP in nss_pcache (#591889).
```

Thu May 13 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-5

- Use remote hostname set by mod_proxy to compare to CN in peer cert (#591224)

Thu Mar 18 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-4

- Patch to add configuration options for new NSS negotiation API (#574187)
- Add (pre) for Requires on httpd so we can be sure the user and group are
  already available
- Add file Requires on libnssckbi.so so symlink can't fail
- Use _sysconfdir macro instead of /etc
- Set minimum level of NSS to 3.12.6

Mon Jan 25 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-3

- The location of libnssckbi moved from /lib[64] to /usr/lib[64] (556744)

Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-2
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
```
Mon Mar 02 2009 Rob Crittenden <rcritten@redhat.com> - 1.0.8-1
```
- Update to 1.0.8
- Add patch that fixes NSPR layer bug
```
Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.7-11
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
```
Mon Aug 11 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.0.7-10
```
- fix license tag
```
Mon Jul 28 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-9
```
- rebuild to bump NVR
```

Mon Jul 14 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-8

- Don't force module de-init during the configuration stage (453508)

Thu Jul 10 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-7

- Don't inherit the MP cache in multi-threaded mode (454701)
- Don't initialize NSS in each child if SSL isn't configured

Wed Jul 02 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-6

- Update the patch for FIPS to include fixes for nss_pcache, enforce
  the security policy and properly initialize the FIPS token.

Mon Jun 30 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-5
```
- Include patch to fix NSSFIPS (446851)
```

Mon Apr 28 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-4

- Apply patch so that mod_nss calls NSS_Init() after Apache forks a child
  and not before. This is in response to a change in the NSS softtokn code
  and should have always been done this way. (444348)
- The location of libnssckbi moved from /usr/lib[64] to /lib[64]
- The NSS database needs to be readable by apache since we need to use it
  after the root priviledges are dropped.

Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.0.7-3
```
- Autorebuild for GCC 4.3
```

Thu Oct 18 2007 Rob Crittenden <rcritten@redhat.com> 1.0.7-2

- Register functions needed by mod_proxy if mod_ssl is not loaded.

Fri Jun 01 2007 Rob Crittenden <rcritten@redhat.com> 1.0.7-1

- Update to 1.0.7
- Remove Requires for nss and nspr since those are handled automatically
  by versioned libraries
- Updated URL and Source to reference directory.fedoraproject.org

Mon Apr 09 2007 Rob Crittenden <rcritten@redhat.com> 1.0.6-2

- Patch to properly detect the Apache model and set up NSS appropriately
- Patch to punt if a bad password is encountered
- Patch to fix crash when password.conf is malformatted
- Don't enable ECC support as NSS doesn't have it enabled (3.11.4-0.7)

Mon Oct 23 2006 Rob Crittenden <rcritten@redhat.com> 1.0.6-1
```
- Update to 1.0.6
```

Fri Aug 04 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-4

- Include LogLevel warn in nss.conf and use separate log files

Fri Aug 04 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-3
```
- Need to initialize ECC certificate and key variables
```
Fri Aug 04 2006 Jarod Wilson <jwilson@redhat.com> 1.0.3-2
```
- Use %ghost for db files and install.log
```
Tue Jun 20 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-1
```
- Initial build
```