|
|
18c7861 |
%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}}
|
|
|
18c7861 |
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
|
|
|
18c7861 |
# /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4
|
|
|
18c7861 |
%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
|
|
|
78c8f77 |
%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn 2>/dev/null || echo 0-0)}}
|
|
|
18c7861 |
|
|
|
1d51159 |
Name: mod_nss
|
|
|
b06dbc4 |
Version: 1.0.17
|
|
|
573d14e |
Release: 2%{?dist}
|
|
|
1d51159 |
Summary: SSL/TLS module for the Apache HTTP server
|
|
|
1d51159 |
Group: System Environment/Daemons
|
|
|
eb30dfb |
License: ASL 2.0
|
|
|
b06dbc4 |
URL: https://pagure.io/mod_nss/
|
|
|
b06dbc4 |
Source: https://releases.pagure.org/mod_nss/%{name}-%{version}.tar.gz
|
|
|
b06dbc4 |
BuildRequires: nspr-devel, nss-devel
|
|
|
6a017c9 |
BuildRequires: httpd-devel, apr-devel, apr-util-devel
|
|
|
1d51159 |
BuildRequires: pkgconfig
|
|
|
e0269c9 |
BuildRequires: autoconf
|
|
|
e0269c9 |
BuildRequires: automake
|
|
|
e0269c9 |
BuildRequires: libtool
|
|
|
52c5bf4 |
BuildRequires: flex
|
|
|
52c5bf4 |
BuildRequires: bison
|
|
|
b13796e |
# Needed for make check
|
|
|
b13796e |
BuildRequires: openssl
|
|
|
76ae66a |
BuildRequires: python-nose
|
|
|
3838135 |
BuildRequires: python-requests >= 2.7.0
|
|
|
3838135 |
BuildRequires: python-ndg_httpsclient
|
|
|
52c5bf4 |
BuildRequires: hostname
|
|
|
52c5bf4 |
BuildRequires: nss-tools
|
|
|
e351dcb |
Requires: httpd-mmn = %{_httpd_mmn}
|
|
|
18c7861 |
Requires(post): httpd, nss-tools
|
|
|
7493bf2 |
Requires: nss%{?_isa} >= 3.14.0.0
|
|
|
f0b689d |
# Although the following change reverses the desire of Bugzilla Bug #601939, it
|
|
|
f0b689d |
# was provided to suppress the dangling symlink warning of Bugzilla Bug #906089
|
|
|
084f391 |
# as exposed via 'rpmlint'.
|
|
|
f0b689d |
Requires: %{_libdir}/libnssckbi.so
|
|
|
f0b689d |
|
|
|
7493bf2 |
# Change configuration to not conflict with mod_ssl
|
|
|
1d51159 |
Patch1: mod_nss-conf.patch
|
|
|
7493bf2 |
# Generate a password-less NSS database
|
|
|
1d51159 |
Patch2: mod_nss-gencert.patch
|
|
|
573d14e |
# Add basic support for ssl_engine_set in mod_proxy
|
|
|
573d14e |
Patch3: mod_nss-ssl_engine_set.patch
|
|
|
1d51159 |
|
|
|
1d51159 |
%description
|
|
|
1d51159 |
The mod_nss module provides strong cryptography for the Apache Web
|
|
|
1d51159 |
server via the Secure Sockets Layer (SSL) and Transport Layer
|
|
|
1d51159 |
Security (TLS) protocols using the Network Security Services (NSS)
|
|
|
1d51159 |
security library.
|
|
|
1d51159 |
|
|
|
1d51159 |
%prep
|
|
|
1d51159 |
%setup -q
|
|
|
1d51159 |
%patch1 -p1 -b .conf
|
|
|
1d51159 |
%patch2 -p1 -b .gencert
|
|
|
573d14e |
%patch3 -p1 -b .sslengineset
|
|
|
1d51159 |
|
|
|
1d51159 |
# Touch expression parser sources to prevent regenerating it
|
|
|
1d51159 |
touch nss_expr_*.[chyl]
|
|
|
1d51159 |
|
|
|
1d51159 |
%build
|
|
|
1d51159 |
|
|
|
1d51159 |
CFLAGS="$RPM_OPT_FLAGS"
|
|
|
18c7861 |
APXS=%{_httpd_apxs}
|
|
|
18c7861 |
|
|
|
18c7861 |
export CFLAGS APXS
|
|
|
1d51159 |
|
|
|
1d51159 |
NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --variable=includedir nspr`
|
|
|
1d51159 |
NSPR_LIB_DIR=`/usr/bin/pkg-config --variable=libdir nspr`
|
|
|
1d51159 |
|
|
|
1d51159 |
NSS_INCLUDE_DIR=`/usr/bin/pkg-config --variable=includedir nss`
|
|
|
1d51159 |
NSS_LIB_DIR=`/usr/bin/pkg-config --variable=libdir nss`
|
|
|
1d51159 |
|
|
|
1d51159 |
NSS_BIN=`/usr/bin/pkg-config --variable=exec_prefix nss`
|
|
|
1d51159 |
|
|
|
a6685ad |
autoreconf -i -f
|
|
|
1d51159 |
%configure \
|
|
|
1d51159 |
--with-nss-lib=$NSS_LIB_DIR \
|
|
|
1d51159 |
--with-nss-inc=$NSS_INCLUDE_DIR \
|
|
|
1d51159 |
--with-nspr-lib=$NSPR_LIB_DIR \
|
|
|
1d51159 |
--with-nspr-inc=$NSPR_INCLUDE_DIR \
|
|
|
7493bf2 |
--with-apr-config --enable-ecc
|
|
|
1d51159 |
|
|
|
1d51159 |
make %{?_smp_mflags} all
|
|
|
1d51159 |
|
|
|
1d51159 |
%install
|
|
|
1d51159 |
# The install target of the Makefile isn't used because that uses apxs
|
|
|
1d51159 |
# which tries to enable the module in the build host httpd instead of in
|
|
|
1d51159 |
# the build root.
|
|
|
1d51159 |
rm -rf $RPM_BUILD_ROOT
|
|
|
1d51159 |
|
|
|
1d51159 |
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf
|
|
|
18c7861 |
mkdir -p $RPM_BUILD_ROOT%{_httpd_confdir}
|
|
|
1d51159 |
mkdir -p $RPM_BUILD_ROOT%{_libdir}/httpd/modules
|
|
|
786987c |
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
|
|
|
1d51159 |
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
|
|
|
1d51159 |
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias
|
|
|
f0b689d |
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
|
|
|
1d51159 |
|
|
|
18c7861 |
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
|
|
|
18c7861 |
# httpd >= 2.4.x
|
|
|
18c7861 |
mkdir -p $RPM_BUILD_ROOT%{_httpd_modconfdir}
|
|
|
18c7861 |
sed -n /^LoadModule/p nss.conf > 10-nss.conf
|
|
|
18c7861 |
sed -i /^LoadModule/d nss.conf
|
|
|
18c7861 |
install -m 644 10-nss.conf $RPM_BUILD_ROOT%{_httpd_modconfdir}
|
|
|
18c7861 |
%endif
|
|
|
18c7861 |
|
|
|
f0b689d |
install -m 644 gencert.8 $RPM_BUILD_ROOT%{_mandir}/man8/
|
|
|
f0b689d |
install -m 644 nss_pcache.8 $RPM_BUILD_ROOT%{_mandir}/man8/
|
|
|
f0b689d |
|
|
|
18c7861 |
install -m 644 nss.conf $RPM_BUILD_ROOT%{_httpd_confdir}
|
|
|
18c7861 |
|
|
|
1d51159 |
install -m 755 .libs/libmodnss.so $RPM_BUILD_ROOT%{_libdir}/httpd/modules/
|
|
|
786987c |
install -m 755 nss_pcache $RPM_BUILD_ROOT%{_libexecdir}/
|
|
|
786987c |
# Provide a compatibility link to prevent disruption of customized deployments.
|
|
|
786987c |
#
|
|
|
786987c |
# NOTE: This link may be deprecated in a future release of 'mod_nss'.
|
|
|
786987c |
#
|
|
|
786987c |
ln -s %{_libexecdir}/nss_pcache $RPM_BUILD_ROOT%{_sbindir}/nss_pcache
|
|
|
1d51159 |
install -m 755 gencert $RPM_BUILD_ROOT%{_sbindir}/
|
|
|
6a017c9 |
ln -s ../../../%{_libdir}/libnssckbi.so $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/
|
|
|
450756e |
touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/secmod.db
|
|
|
450756e |
touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/cert8.db
|
|
|
450756e |
touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/key3.db
|
|
|
450756e |
touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/install.log
|
|
|
1d51159 |
|
|
|
1d51159 |
perl -pi -e "s:$NSS_LIB_DIR:$NSS_BIN:" $RPM_BUILD_ROOT%{_sbindir}/gencert
|
|
|
1d51159 |
|
|
|
b13796e |
%check
|
|
|
b13796e |
make check
|
|
|
b13796e |
|
|
|
1d51159 |
%post
|
|
|
1d51159 |
umask 077
|
|
|
1d51159 |
|
|
|
1d51159 |
if [ "$1" -eq 1 ] ; then
|
|
|
198700f |
if [ ! -e %{_sysconfdir}/httpd/alias/key3.db -a ! -e %{_sysconfdir}/httpd/alias/key4.db ]; then
|
|
|
1d51159 |
%{_sbindir}/gencert %{_sysconfdir}/httpd/alias > %{_sysconfdir}/httpd/alias/install.log 2>&1
|
|
|
1d51159 |
echo ""
|
|
|
1d51159 |
echo "%{name} certificate database generated."
|
|
|
1d51159 |
echo ""
|
|
|
7be1430 |
/bin/chgrp apache %{_sysconfdir}/httpd/alias/*.db
|
|
|
7be1430 |
/bin/chmod g+r %{_sysconfdir}/httpd/alias/*.db
|
|
|
7be1430 |
|
|
|
1d51159 |
fi
|
|
|
e03f3fe |
|
|
|
7be1430 |
# We used to fix existing permissions and ownership here but it isn't needed anymore
|
|
|
7be1430 |
# since mod_nss will report permission/ownership issues on startup.
|
|
|
1d51159 |
fi
|
|
|
1d51159 |
|
|
|
1d51159 |
%files
|
|
|
1d51159 |
%defattr(-,root,root,-)
|
|
|
1d51159 |
%doc README LICENSE docs/mod_nss.html
|
|
|
f0b689d |
%{_mandir}/man8/*
|
|
|
18c7861 |
%config(noreplace) %{_httpd_confdir}/nss.conf
|
|
|
18c7861 |
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
|
|
|
18c7861 |
%config(noreplace) %{_httpd_modconfdir}/10-nss.conf
|
|
|
18c7861 |
%endif
|
|
|
1d51159 |
%{_libdir}/httpd/modules/libmodnss.so
|
|
|
1d51159 |
%dir %{_sysconfdir}/httpd/alias/
|
|
|
e03f3fe |
%ghost %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/alias/secmod.db
|
|
|
e03f3fe |
%ghost %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/alias/cert8.db
|
|
|
e03f3fe |
%ghost %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/alias/key3.db
|
|
|
450756e |
%ghost %config(noreplace) %{_sysconfdir}/httpd/alias/install.log
|
|
|
1d51159 |
%{_sysconfdir}/httpd/alias/libnssckbi.so
|
|
|
786987c |
%{_libexecdir}/nss_pcache
|
|
|
1d51159 |
%{_sbindir}/nss_pcache
|
|
|
1d51159 |
%{_sbindir}/gencert
|
|
|
1d51159 |
|
|
|
1d51159 |
%changelog
|
|
|
573d14e |
* Thu Apr 12 2018 Rob Crittenden <rcritten@redhat.com> - 1.0.17-2
|
|
|
573d14e |
- Add basic support for ssl_engine_set in mod_proxy (#1566511)
|
|
|
573d14e |
|
|
|
b06dbc4 |
* Thu Mar 29 2018 Rob Crittenden <rcritten@redhat.com> - 1.0.17-1
|
|
|
b06dbc4 |
- Update to upstream 1.0.17
|
|
|
b06dbc4 |
- Correct URL and Source entries to point to pagure.io
|
|
|
b06dbc4 |
|
|
|
198700f |
* Wed Feb 14 2018 Rob Crittenden <rcritten@redhat.com> - 1.0.16-3
|
|
|
198700f |
- Also check for sqlite NSS databases when deciding whether to generate a
|
|
|
198700f |
new certdb. (#1543379)
|
|
|
198700f |
|
|
|
52e2f4f |
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.16-2
|
|
|
52e2f4f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
52e2f4f |
|
|
|
52c5bf4 |
* Fri Jan 19 2018 Rob Crittenden <rcritten@redhat.com> - 1.0.16-1
|
|
|
52c5bf4 |
- Update to upstream 1.0.16
|
|
|
52c5bf4 |
- Add bixon and flex to BR
|
|
|
52c5bf4 |
- Add hostname and nss-tools to BR for make check
|
|
|
52c5bf4 |
|
|
|
7be1430 |
* Fri Oct 20 2017 Rob Crittenden <rcritten@redhat.com> - 1.0.14-6
|
|
|
7be1430 |
- Don't fix up NSS db permissions on every install (#1288468)
|
|
|
7be1430 |
|
|
|
1a05f7e |
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.14-5
|
|
|
1a05f7e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
1a05f7e |
|
|
|
ab362af |
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.14-4
|
|
|
ab362af |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
ab362af |
|
|
|
4a85591 |
* Tue Mar 14 2017 Rob Crittenden <rcritten@redhat.com> - 1.0.14-3
|
|
|
4a85591 |
- Don't set remote user in fixup hook (#1431206)
|
|
|
4a85591 |
|
|
|
ea5f750 |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.14-2
|
|
|
ea5f750 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
ea5f750 |
|
|
|
9ff5b90 |
* Fri Apr 15 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.14-1
|
|
|
9ff5b90 |
- Update to upstream 1.0.14
|
|
|
9ff5b90 |
- Includes fix for CVE-2016-3099
|
|
|
9ff5b90 |
|
|
|
ed23d79 |
* Mon Mar 7 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.13-1
|
|
|
ed23d79 |
- Update to upstream 1.0.13
|
|
|
ed23d79 |
|
|
|
fd6fc26 |
* Wed Feb 24 2016 Rob Crittenden <rcritten@redhat.com> - 1.0.12-3
|
|
|
fd6fc26 |
- Use proper shell syntax to not generate /0 in gencert (#1311392)
|
|
|
fd6fc26 |
|
|
|
e421abe |
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.12-2
|
|
|
e421abe |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
e421abe |
|
|
|
3838135 |
* Fri Oct 2 2015 Rob Crittenden <rcritten@redhat.com> - 1.0.12-1
|
|
|
3838135 |
- Update to upstream 1.0.12
|
|
|
3838135 |
|
|
|
76ae66a |
* Mon Aug 17 2015 Rob Crittenden <rcritten@redhat.com> - 1.0.11-5
|
|
|
76ae66a |
- Fix logical AND in cipher string parsing CVE-2015-3277
|
|
|
76ae66a |
(#1243518)
|
|
|
76ae66a |
- Add missing BuildRequires and some other changes so that
|
|
|
76ae66a |
make check passes
|
|
|
76ae66a |
|
|
|
43dc916 |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.11-4
|
|
|
43dc916 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
43dc916 |
|
|
|
b13796e |
* Sun Mar 1 2015 Peter Robinson <pbrobinson@fedoraproject.org> 1.0.11-3
|
|
|
b13796e |
- Enable make check
|
|
|
b13796e |
|
|
|
20a5438 |
* Fri Feb 27 2015 Rob Crittenden <rcritten@redhat.com> - 1.0.11-2
|
|
|
20a5438 |
- Fix parallel build issue (#1196222)
|
|
|
20a5438 |
|
|
|
a3db094 |
* Tue Dec 2 2014 Rob Crittenden <rcritten@redhat.com> - 1.0.11-1
|
|
|
a3db094 |
- Rebase to upstream mod_nss-1.0.11
|
|
|
a3db094 |
|
|
|
1af25a9 |
* Fri Oct 17 2014 Rob Crittenden <rcritten@redhat.com> - 1.0.10-1
|
|
|
1af25a9 |
- Rebase to upstream mod_nss-1.0.10
|
|
|
1af25a9 |
- Changed the URL and Source directives to point to the fedorahosted
|
|
|
1af25a9 |
site.
|
|
|
1af25a9 |
|
|
|
e0269c9 |
* Thu Aug 28 2014 Rob Crittenden <rcritten@redhat.com> - 1.0.9-2
|
|
|
e0269c9 |
- Add explicit BuildRequires for autoconf, automake and libtool
|
|
|
e0269c9 |
|
|
|
a6685ad |
* Wed Aug 27 2014 Rob Crittenden <rcritten@redhat.com> - 1.0.9-1
|
|
|
a6685ad |
- Rebase to upstream mod_nss-1.0.9
|
|
|
a6685ad |
|
|
|
b5de658 |
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-31
|
|
|
b5de658 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
b5de658 |
|
|
|
5b97e89 |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-30
|
|
|
5b97e89 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
5b97e89 |
|
|
|
78c8f77 |
* Thu Jan 23 2014 Joe Orton <jorton@redhat.com> - 1.0.8-29
|
|
|
78c8f77 |
- fix _httpd_mmn expansion in absence of httpd-devel
|
|
|
78c8f77 |
|
|
|
63709b8 |
* Tue Dec 3 2013 Rob Crittenden <rcritten@redhat.com> - 1.0.8-28
|
|
|
63709b8 |
- Resolves: CVE-2013-4566, bz #1036940
|
|
|
63709b8 |
- [mod_nss-nssverifyclient.patch]
|
|
|
63709b8 |
- Bugzilla Bug #1037722 - CVE-2013-4566 mod_nss: incorrect handling of
|
|
|
63709b8 |
NSSVerifyClient in directory context [fedora-all] (rcritten)
|
|
|
63709b8 |
- Bugzilla Bug #1037761 - mod_nss does not respect `NSSVerifyClient` in
|
|
|
63709b8 |
Directory (rcritten)
|
|
|
63709b8 |
- [mod_nss-usecases.patch]
|
|
|
63709b8 |
- Bugzilla Bug #1036940 - [DOC] making mod_nss work in FIPS mode (mharmsen)
|
|
|
63709b8 |
|
|
|
fc848bb |
* Tue Nov 12 2013 Joe Orton <jorton@redhat.com> - 1.0.8-26
|
|
|
fc848bb |
- [mod_nss-SSLEngine-off.patch]
|
|
|
fc848bb |
- Bugzilla Bug #1029043 - Implicit SSLEngine for 443 port breaks mod_nss
|
|
|
fc848bb |
configuration (jorton)
|
|
|
fc848bb |
- [mod_nss-unused-filter_ctx.patch]
|
|
|
fc848bb |
- Bugzilla Bug #1023237 - Remove unused variable 'filter_ctx' (mharmsen)
|
|
|
fc848bb |
|
|
|
fc848bb |
* Tue Nov 12 2013 Tomas Hoger <thoger@redhat.com> - 1.0.8-25
|
|
|
fc848bb |
- [mod_nss-docs-fix.patch]
|
|
|
fc848bb |
- Bugzilla Bug #1025316 - mod_nss: documentation formatting fixes
|
|
|
fc848bb |
|
|
|
7493bf2 |
* Mon Oct 21 2013 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-24
|
|
|
7493bf2 |
- Bugzilla Bug #961471 - Port Downstream Patches Upstream (mharmsen)
|
|
|
63709b8 |
- Add '--enable-ecc' option to %%configure line under %%build section of
|
|
|
7493bf2 |
this spec file (mharmsen)
|
|
|
7493bf2 |
- Bumped version build/runtime requirements for NSPR and NSS (mharmsen)
|
|
|
7493bf2 |
- [mod_nss-PK11_ListCerts_2.patch]
|
|
|
7493bf2 |
- Bugzilla Bug #767802 - PK11_ListCerts called to retrieve all user
|
|
|
7493bf2 |
certificates for every server (rcritten)
|
|
|
7493bf2 |
- [mod_nss-array_overrun.patch]
|
|
|
7493bf2 |
- Bugzilla Bug #1022717 - overrunning array when executing nss_pcache
|
|
|
7493bf2 |
(rcritten)
|
|
|
7493bf2 |
- [mod_nss-clientauth.patch]
|
|
|
7493bf2 |
- Bugzilla Bug #1017675 - mod_nss: FakeBasicAuth authentication bypass
|
|
|
7493bf2 |
[fedora-all] (rcritten)
|
|
|
7493bf2 |
- [mod_nss-no_shutdown_if_not_init_2.patch]
|
|
|
7493bf2 |
- Bugzilla Bug #1022722 - File descriptor leak after "service httpd reload"
|
|
|
7493bf2 |
or httpd doesn't reload (rrelyea)
|
|
|
7493bf2 |
- [mod_nss-proxyvariables.patch]
|
|
|
7493bf2 |
- Bugzilla Bug #1022726 - mod_nss insists on Required value NSSCipherSuite
|
|
|
7493bf2 |
not set. (mharmsen)
|
|
|
7493bf2 |
- [mod_nss-tlsv1_1.patch]
|
|
|
7493bf2 |
- Bugzilla Bug #979798 - current nss support TLS 1.1 so mod_nss should pick
|
|
|
7493bf2 |
it up (mharmsen)
|
|
|
7493bf2 |
- Bugzilla Bug #979718 - mod_nss documentation should mention TLS 1.1
|
|
|
7493bf2 |
(mharmsen)
|
|
|
7493bf2 |
- [mod_nss-sslmultiproxy_2.patch]
|
|
|
7493bf2 |
- Fixes Bugzilla Bug #1021469 - [RFE] Support ability to share mod_proxy with
|
|
|
7493bf2 |
other SSL providers (jorton, mharmsen, nkinder, & rcritten)
|
|
|
7493bf2 |
|
|
|
e351dcb |
* Tue Jul 30 2013 Joe Orton <jorton@redhat.com> - 1.0.8-23
|
|
|
e351dcb |
- add dependency on httpd-mmn
|
|
|
e351dcb |
|
|
|
786987c |
* Wed Jul 3 2013 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-22
|
|
|
786987c |
- Moved 'nss_pcache' from %%sbindir to %%libexecdir
|
|
|
786987c |
(provided compatibility link)
|
|
|
786987c |
|
|
|
084f391 |
* Tue Jul 2 2013 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-21.1
|
|
|
084f391 |
- rpmlint mod_nss.spec
|
|
|
084f391 |
0 packages and 1 specfiles checked; 0 errors, 0 warnings.
|
|
|
084f391 |
- rpmlint mod_nss-1.0.8-21.1 (SRPM)
|
|
|
084f391 |
W: spelling-error %%description -l en_US nss -> ass, nos, nus
|
|
|
084f391 |
1 packages and 0 specfiles checked; 0 errors, 1 warnings.
|
|
|
084f391 |
- rpmlint mod_nss-1.0.8-21.1 (RPM)
|
|
|
084f391 |
W: spelling-error %%description -l en_US nss -> ass, nos, nus
|
|
|
084f391 |
E: non-readable /etc/httpd/alias/cert8.db 0640L
|
|
|
084f391 |
E: non-readable /etc/httpd/alias/secmod.db 0640L
|
|
|
084f391 |
E: non-readable /etc/httpd/alias/key3.db 0640L
|
|
|
084f391 |
1 packages and 0 specfiles checked; 3 errors, 1 warnings.
|
|
|
084f391 |
- rpmlint mod_nss-debuginfo-1.0.8-21.1 (RPM)
|
|
|
084f391 |
W: spelling-error Summary(en_US) nss -> ass, nos, nus
|
|
|
084f391 |
W: spelling-error %%description -l en_US nss -> ass, nos, nus
|
|
|
084f391 |
1 packages and 0 specfiles checked; 0 errors, 2 warnings.
|
|
|
084f391 |
|
|
|
f0b689d |
* Tue Jun 25 2013 Matthew Harmsen <mharmsen@redhat.com> - 1.0.8-21
|
|
|
f0b689d |
- Bugzilla Bug #884115 - Package mod_nss-1.0.8-18.1.el7 failed RHEL7 RPMdiff
|
|
|
f0b689d |
testing
|
|
|
f0b689d |
- Bugzilla Bug #906082 - mod_nss requires manpages for gencert and nss_pcache
|
|
|
f0b689d |
- Bugzilla Bug #906089 - Fix dangling symlinks in mod_nss
|
|
|
f0b689d |
- Bugzilla Bug #906097 - Correct RPM Parse Warning in mod_nss.spec
|
|
|
f0b689d |
- Bugzilla Bug #948601 - Man page scan results for mod_nss
|
|
|
f0b689d |
|
|
|
33f6f4f |
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-20.1
|
|
|
33f6f4f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
33f6f4f |
|
|
|
c0e3721 |
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-19.1
|
|
|
c0e3721 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
c0e3721 |
|
|
|
476c57d |
* Mon Jun 18 2012 Joe Orton <jorton@redhat.com> - 1.0.8-18.1
|
|
|
476c57d |
- fix build for RHEL7
|
|
|
476c57d |
|
|
|
be31bd1 |
* Fri Jun 15 2012 Rob Crittenden <rcritten@redhat.com> - 1.0.8-18
|
|
|
be31bd1 |
- Actually apply the patch to use memmove in place of memcpy since the
|
|
|
be31bd1 |
buffers can overlap (#669118)
|
|
|
be31bd1 |
|
|
|
f0160da |
* Tue Jun 12 2012 Nathan Kinder <nkinder@redhat.com> - 1.0.8-17
|
|
|
f0160da |
- Port mod_nss to work with httpd 2.4
|
|
|
f0160da |
|
|
|
18c7861 |
* Mon Apr 23 2012 Joe Orton <jorton@redhat.com> - 1.0.8-16
|
|
|
18c7861 |
- packaging fixes/updates (#803072)
|
|
|
18c7861 |
|
|
|
3717a76 |
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-15
|
|
|
3717a76 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
3717a76 |
|
|
|
084f391 |
* Mon Mar 7 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-14
|
|
|
7a3225a |
- Add Requires(post) for nss-tools, gencert needs it (#652007)
|
|
|
7a3225a |
|
|
|
2877b8e |
* Wed Mar 2 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-13
|
|
|
2877b8e |
- Lock around the pipe to nss_pcache for retrieving the token PIN
|
|
|
2877b8e |
(#677701)
|
|
|
2877b8e |
|
|
|
a027bee |
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-12
|
|
|
a027bee |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
a027bee |
|
|
|
7884b1d |
* Wed Jan 12 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.8-11
|
|
|
7884b1d |
- Use memmove in place of memcpy since the buffers can overlap (#669118)
|
|
|
7884b1d |
|
|
Jesse Keating |
b83f9ae |
* Wed Sep 29 2010 jkeating - 1.0.8-10
|
|
Jesse Keating |
b83f9ae |
- Rebuilt for gcc bug 634757
|
|
Jesse Keating |
b83f9ae |
|
|
|
c191a5f |
* Thu Sep 23 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-9
|
|
|
c191a5f |
- Revert mod_nss-wouldblock patch
|
|
|
c191a5f |
- Reset NSPR error before calling PR_Read(). This should fix looping
|
|
|
c191a5f |
in #620856
|
|
|
c191a5f |
|
|
|
8c652c6 |
* Fri Sep 17 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-8
|
|
|
8c652c6 |
- Fix hang when handling large POST under some conditions (#620856)
|
|
|
8c652c6 |
|
|
|
1563eb1 |
* Tue Jun 22 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-7
|
|
|
1563eb1 |
- Remove file Requires on libnssckbi.so (#601939)
|
|
|
1563eb1 |
|
|
|
4658ec2 |
* Fri May 14 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-6
|
|
|
4658ec2 |
- Ignore SIGHUP in nss_pcache (#591889).
|
|
|
4658ec2 |
|
|
|
37f57cd |
* Thu May 13 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-5
|
|
|
37f57cd |
- Use remote hostname set by mod_proxy to compare to CN in peer cert (#591224)
|
|
|
37f57cd |
|
|
|
6a017c9 |
* Thu Mar 18 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-4
|
|
|
6a017c9 |
- Patch to add configuration options for new NSS negotiation API (#574187)
|
|
|
6a017c9 |
- Add (pre) for Requires on httpd so we can be sure the user and group are
|
|
|
6a017c9 |
already available
|
|
|
6a017c9 |
- Add file Requires on libnssckbi.so so symlink can't fail
|
|
|
6a017c9 |
- Use _sysconfdir macro instead of /etc
|
|
|
6a017c9 |
- Set minimum level of NSS to 3.12.6
|
|
|
6a017c9 |
|
|
|
6a017c9 |
* Mon Jan 25 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.8-3
|
|
|
6a017c9 |
- The location of libnssckbi moved from /lib[64] to /usr/lib[64] (556744)
|
|
|
6a017c9 |
|
|
|
83b11db |
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-2
|
|
|
83b11db |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
83b11db |
|
|
|
ab58f3b |
* Mon Mar 2 2009 Rob Crittenden <rcritten@redhat.com> - 1.0.8-1
|
|
|
ab58f3b |
- Update to 1.0.8
|
|
|
ab58f3b |
- Add patch that fixes NSPR layer bug
|
|
|
ab58f3b |
|
|
|
27f1634 |
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.7-11
|
|
|
27f1634 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
27f1634 |
|
|
|
eb30dfb |
* Mon Aug 11 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.0.7-10
|
|
|
eb30dfb |
- fix license tag
|
|
|
eb30dfb |
|
|
|
e821ee0 |
* Mon Jul 28 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-9
|
|
|
e821ee0 |
- rebuild to bump NVR
|
|
|
e821ee0 |
|
|
|
73247ca |
* Mon Jul 14 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-8
|
|
|
73247ca |
- Don't force module de-init during the configuration stage (453508)
|
|
|
73247ca |
|
|
|
73247ca |
* Thu Jul 10 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-7
|
|
|
73247ca |
- Don't inherit the MP cache in multi-threaded mode (454701)
|
|
|
73247ca |
- Don't initialize NSS in each child if SSL isn't configured
|
|
|
73247ca |
|
|
|
541e194 |
* Wed Jul 2 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-6
|
|
|
541e194 |
- Update the patch for FIPS to include fixes for nss_pcache, enforce
|
|
|
541e194 |
the security policy and properly initialize the FIPS token.
|
|
|
541e194 |
|
|
|
ba1b066 |
* Mon Jun 30 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-5
|
|
|
ba1b066 |
- Include patch to fix NSSFIPS (446851)
|
|
|
ba1b066 |
|
|
|
e03f3fe |
* Mon Apr 28 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.7-4
|
|
|
e03f3fe |
- Apply patch so that mod_nss calls NSS_Init() after Apache forks a child
|
|
|
e03f3fe |
and not before. This is in response to a change in the NSS softtokn code
|
|
|
e03f3fe |
and should have always been done this way. (444348)
|
|
|
e03f3fe |
- The location of libnssckbi moved from /usr/lib[64] to /lib[64]
|
|
|
e03f3fe |
- The NSS database needs to be readable by apache since we need to use it
|
|
|
e03f3fe |
after the root priviledges are dropped.
|
|
|
e03f3fe |
|
|
|
818134b |
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.0.7-3
|
|
|
818134b |
- Autorebuild for GCC 4.3
|
|
|
818134b |
|
|
|
b0b7ced |
* Thu Oct 18 2007 Rob Crittenden <rcritten@redhat.com> 1.0.7-2
|
|
|
b0b7ced |
- Register functions needed by mod_proxy if mod_ssl is not loaded.
|
|
|
b0b7ced |
|
|
|
a3ec3c2 |
* Fri Jun 1 2007 Rob Crittenden <rcritten@redhat.com> 1.0.7-1
|
|
|
a3ec3c2 |
- Update to 1.0.7
|
|
|
a3ec3c2 |
- Remove Requires for nss and nspr since those are handled automatically
|
|
|
a3ec3c2 |
by versioned libraries
|
|
|
a3ec3c2 |
- Updated URL and Source to reference directory.fedoraproject.org
|
|
|
a3ec3c2 |
|
|
|
1150597 |
* Mon Apr 9 2007 Rob Crittenden <rcritten@redhat.com> 1.0.6-2
|
|
|
1150597 |
- Patch to properly detect the Apache model and set up NSS appropriately
|
|
|
1150597 |
- Patch to punt if a bad password is encountered
|
|
|
1150597 |
- Patch to fix crash when password.conf is malformatted
|
|
|
1150597 |
- Don't enable ECC support as NSS doesn't have it enabled (3.11.4-0.7)
|
|
|
1150597 |
|
|
|
c13df6e |
* Mon Oct 23 2006 Rob Crittenden <rcritten@redhat.com> 1.0.6-1
|
|
|
c13df6e |
- Update to 1.0.6
|
|
|
39a6bb3 |
|
|
|
450756e |
* Fri Aug 04 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-4
|
|
|
450756e |
- Include LogLevel warn in nss.conf and use separate log files
|
|
|
450756e |
|
|
|
450756e |
* Fri Aug 04 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-3
|
|
|
450756e |
- Need to initialize ECC certificate and key variables
|
|
|
450756e |
|
|
|
450756e |
* Fri Aug 04 2006 Jarod Wilson <jwilson@redhat.com> 1.0.3-2
|
|
|
450756e |
- Use %%ghost for db files and install.log
|
|
|
450756e |
|
|
|
1d51159 |
* Tue Jun 20 2006 Rob Crittenden <rcritten@redhat.com> 1.0.3-1
|
|
|
1d51159 |
- Initial build
|