[SECURITY] Fedora 18 Update: mod_nss-1.0.8-24.fc18

Wed Nov 6 07:35:32 UTC 2013

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-19976
2013-10-25 23:49:27
--------------------------------------------------------------------------------

Name        : mod_nss
Product     : Fedora 18
Version     : 1.0.8
Release     : 24.fc18
URL         : http://directory.fedoraproject.org/wiki/Mod_nss
Summary     : SSL/TLS module for the Apache HTTP server
Description :
The mod_nss module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols using the Network Security Services (NSS)
security library.

--------------------------------------------------------------------------------
Update Information:

Bugzilla Bug #961471 - Port Downstream Patches Upstream
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 21 2013 Matthew Harmsen <mharmsen at redhat.com> - 1.0.8-24
- Bugzilla Bug #961471 - Port Downstream Patches Upstream (mharmsen)
- Add '--enable-ecc' option to '
  CFLAGS="${CFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4  -m64 -mtune=generic}" ; export CFLAGS ; 
  CXXFLAGS="${CXXFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4  -m64 -mtune=generic}" ; export CXXFLAGS ; 
  FFLAGS="${FFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4  -m64 -mtune=generic -I/usr/lib64/gfortran/modules}" ; export FFLAGS ; 
  LDFLAGS="${LDFLAGS:--Wl,-z,relro }"; export LDFLAGS; 
  ./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu \
	--program-prefix= \
	--disable-dependency-tracking \
	--prefix=/usr \
	--exec-prefix=/usr \
	--bindir=/usr/bin \
	--sbindir=/usr/sbin \
	--sysconfdir=/etc \
	--datadir=/usr/share \
	--includedir=/usr/include \
	--libdir=/usr/lib64 \
	--libexecdir=/usr/libexec \
	--localstatedir=/var \
	--sharedstatedir=/var/lib \
	--mandir=/usr/share/man \
	--infodir=/usr/share/info' line under '%build' section of
  this spec file (mharmsen)
- Bumped version build/runtime requirements for NSPR and NSS (mharmsen)
- [mod_nss-PK11_ListCerts_2.patch]
- Bugzilla Bug #767802 - PK11_ListCerts called to retrieve all user
  certificates for every server (rcritten)
- [mod_nss-array_overrun.patch]
- Bugzilla Bug #1022717 - overrunning array when executing nss_pcache
  (rcritten)
- [mod_nss-clientauth.patch]
- Bugzilla Bug #1017675 - mod_nss: FakeBasicAuth authentication bypass
  [fedora-all] (rcritten)
- [mod_nss-no_shutdown_if_not_init_2.patch]
- Bugzilla Bug #1022722 - File descriptor leak after "service httpd reload"
  or httpd doesn't reload (rrelyea)
- [mod_nss-proxyvariables.patch]
- Bugzilla Bug #1022726 - mod_nss insists on Required value NSSCipherSuite
  not set. (mharmsen)
- [mod_nss-tlsv1_1.patch]
- Bugzilla Bug #979798 - current nss support TLS 1.1 so mod_nss should pick
  it up (mharmsen)
- Bugzilla Bug #979718 - mod_nss documentation should mention TLS 1.1
  (mharmsen)
- [mod_nss-sslmultiproxy_2.patch]
- Fixes Bugzilla Bug #1021469 - [RFE] Support ability to share mod_proxy with
  other SSL providers (jorton, mharmsen, nkinder, & rcritten)
* Tue Jul 30 2013 Joe Orton <jorton at redhat.com> - 1.0.8-23
- add dependency on httpd-mmn
* Wed Jul  3 2013 Matthew Harmsen <mharmsen at redhat.com> - 1.0.8-22
- Moved 'nss_pcache' from %sbindir to %libexecdir
  (provided compatibility link)
* Tue Jul  2 2013 Matthew Harmsen <mharmsen at redhat.com> - 1.0.8-21.1
- rpmlint mod_nss.spec
  0 packages and 1 specfiles checked; 0 errors, 0 warnings.
- rpmlint mod_nss-1.0.8-21.1 (SRPM)
  W: spelling-error %description -l en_US nss -> ass, nos, nus
  1 packages and 0 specfiles checked; 0 errors, 1 warnings.
- rpmlint mod_nss-1.0.8-21.1 (RPM)
  W: spelling-error %description -l en_US nss -> ass, nos, nus
  E: non-readable /etc/httpd/alias/cert8.db 0640L
  E: non-readable /etc/httpd/alias/secmod.db 0640L
  E: non-readable /etc/httpd/alias/key3.db 0640L
  1 packages and 0 specfiles checked; 3 errors, 1 warnings.
- rpmlint mod_nss-debuginfo-1.0.8-21.1 (RPM)
  W: spelling-error Summary(en_US) nss -> ass, nos, nus
  W: spelling-error %description -l en_US nss -> ass, nos, nus
  1 packages and 0 specfiles checked; 0 errors, 2 warnings.
* Tue Jun 25 2013 Matthew Harmsen <mharmsen at redhat.com> - 1.0.8-21
- Bugzilla Bug #884115 - Package mod_nss-1.0.8-18.1.el7 failed RHEL7 RPMdiff
  testing
- Bugzilla Bug #906082 - mod_nss requires manpages for gencert and nss_pcache
- Bugzilla Bug #906089 - Fix dangling symlinks in mod_nss
- Bugzilla Bug #906097 - Correct RPM Parse Warning in mod_nss.spec
- Bugzilla Bug #948601 - Man page scan results for mod_nss
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #961471 - Port Downstream Patches Upstream
        https://bugzilla.redhat.com/show_bug.cgi?id=961471
  [ 2 ] Bug #767802 - PK11_ListCerts called to retrieve all user certificates for every server
        https://bugzilla.redhat.com/show_bug.cgi?id=767802
  [ 3 ] Bug #1022717 - overrunning array when executing nss_pcache
        https://bugzilla.redhat.com/show_bug.cgi?id=1022717
  [ 4 ] Bug #1017675 - mod_nss: FakeBasicAuth authentication bypass [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1017675
  [ 5 ] Bug #979798 - current nss support TLS 1.1 so mod_nss should pick it up
        https://bugzilla.redhat.com/show_bug.cgi?id=979798
  [ 6 ] Bug #979718 - mod_nss documentation should mention TLS 1.1
        https://bugzilla.redhat.com/show_bug.cgi?id=979718
  [ 7 ] Bug #1021469 - [RFE] Support ability to share mod_proxy with other SSL providers
        https://bugzilla.redhat.com/show_bug.cgi?id=1021469
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update mod_nss' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------