[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] branch master updated (419b507 -> 1e38cf7)

Timo Aaltonen tjaalton-guest at moszumanska.debian.org
Wed Jul 2 13:55:21 UTC 2014

This is an automated email from the git hooks/post-receive script.

tjaalton-guest pushed a change to branch master
in repository libapache2-mod-nss.

      from  419b507   releasing package libapache2-mod-nss version 1.0.8-4
       new  f6ecd9d   Initial import of mod_nss
       new  aabd41a   By default, don't start with an expired cert. Add option SSLEnforceValid Cert on/off to allow one to start with a bad cert.
       new  e5a4f20   The path to the cert database was hardcoded, use the value passed in by Apache.
       new  2143559   Add support for apr-config. Print out some nice notes alerting the user to verify that mod_ssl is disabled. Tell the user about gencert so they can generate their own self-signed certificate.
       new  e001ab8   Remove check for Define SSL Comment out a few entries that the average user won't need Do some general cleanups and fixups
       new  49fe778   First crack at migrating an existing ssl.conf to nss.conf.
       new  0eba132   Enable more ciphers than just fips_3des_sha.
       new  32a0cc4   Terminate echo'd strings
       new  77042d5   When doing SSLVerifyCert require then we need to always require the certificate to match what OpenSSL does.
       new  d4ead13   Add support for the SSL_CLIENT_CERT_CHAIN_ environment variable. SSL_CLIENT_I_DN_ was incorrectly parsing the client certificate subject instead of the issuer subject. Print out PEM files the same way as OpenSSL
       new  b2aee92   Generate gencert so we can set the NSS and NSPR directories and make things easier for the user. Also try really, really hard to get the FQDN so we can create a host-specific self-signed certificate.
       new  102486d   Changed function and configuration names so mod_nss can peacefully co-exist with mod_ssl.
       new  348a79c   Remove message about co-existing with mod_ssl, that works ok now. Also fix nasty typo.
       new  62d308e   Initialize enforcement of valid certificates to true.
       new  d99ab1c   Fix formatting and variable name in error message.
       new  505e42a   Basic documentation on the mod_nss module.
       new  ffb5fab   Reflect new Directive naming convention
       new  765a354   Zero length file for now so autoconf will shut up.
       new  e882f30   Add NSS database prefix support
       new  398e33b   Earlier versions of Apache 2.0 (such as on RHEL 3) don't support AP_BUCKET_IS_EOC. Define around it.
       new  08d5d7d   Fix lunasa problem. The key we generate must work for both encryption and decryption. By default generate key only returns encryption keys.
       new  c656f45   Add in support for older versions of NSS that don't have the function PK11_TokenKeyGenWithFlags(). Older versions of NSS will only work with software certificates when using nss_pcache. The workaround is to store the token passwords in a file instead.
       new  3103cc0   Don't assume that apr-config is in the PATH. Let the user specify which one to run, just like with apxs.
       new  feb631f   Clarify things a bit, change directive name to match new naming scheme.
       new  b4164d9   Add libsoftokn3.so for nss_pcache.
       new  64342aa   Add more information related to gencert Tell user's where to find more documentation
       new  f1d0c79   Added Database Management section. Added links to NSS and NSPR
       new  d3a1b4f   Changed 2 function names from SSL -> NSS I had missed in earlier cleanup
       new  70d2235   Properly clean up the SSL environment so NSS can be shut down gracefully.
       new  bb9b72e   Also clean up the SSL Session ID Cache when shutting down. If we are using the forked model, use the MP version of the Session ID cache. Don't call PR_Cleanup(), this could cause problems.
       new  203bed3   More correct detection of NSS version when determining whether we should expect PK11_TokenKeyGenWithFlags(). It hasn't been included as of NSS 3.10.0.
       new  8625526   Add a FIPS configuration option. This enables the FIPS internal database module, configures for SSLv3 and TLSv1 and enables the 2 FIPS ciphers (and disables all the others).
       new  c1a0fd4   Add OCSP support
       new  a160145   Add information about how to use built-in CA's via libnssckbi.so
       new  800a72a   Add short example of how to use certutil to generate a certificate request suitable for submission to a 3rd party CA such as Verisign.
       new  4283b33   Improve FIPS configuration:   - The NSS ciphers are enumerated to find those that are FIPS approved   - This list of approved ciphers is compared to the NSSCipherSuite entry     and those enabled, approved ciphers are configured. This way you aren't     forced to use all of the FIPS ciphers (in case you don't want a     56-bit cipher enabled).   - Only TLSv1 should be enabled.
       new  609e2db   Update to reflect changes to the NSSFIPS directive
       new  3e58b2e   Make SSL2 an optional protocol, disabled by default.
       new  3db52e3   Adding files required by the Apache 2.0 License
       new  250b8ca   Add missing copyright block
       new  4bd0341   separate with options for include and lib directories - use nspr and nss instead of mozilla-nspr and -nss
       new  cd6deed   force checkin of autoconf files
       new  bbde2f3   Add proxy support to mod_nss. Most of the changes are related to adding new configuration directives. For the others we need to initialize an NSS socket differently whether we will be acting as a client or a server.
       new  98c66d1   Remove a debug msg that was left in on accident.
       new  252fddb   Add support for seeding the NSS Random Number Generator. This adds a new directive, NSSRandomSeed based on the mod_ssl SSLRandomSeed directive.
       new  90314a1   Close the proxy model socket so NSS can be shutdown gracefully. Also correct an error where the PKCS#11 slot isn't closed unless a the certificate key is obtained. This also affected NSS_Shutdown().
       new  5f55572   Add in check to be sure that the same server isn't initialized with SSL more than once. This avoids a crash during shutdown where the same certificates and keys will try to be released multiple times. This is based on ssl_init_server_check() from mod_ssl.
       new  50fe6b1   added mod_nss.spec and makerpm.sh
       new  683960d   had to recreate these on rhel3 because I nuked them on rhel4
       new  1a9c5d3   removed empty flavor from spec
       new  d4cb1bb   Fix command-line argument miscounting caused by the addition of the FIPS flag. The result was that the database prefix was always missed.
       new  6286793   Changes to allow the mod_nss to work in Apache 2.2.0. Based on a patch from Oden Eriksson.
       new  0f8282d   This file was copied directly from the Apache distribution. Remove the extra per-module stuff that doesn't apply.
       new  7d1b05a   [179394] HP-UX IPF support autoconf 2.59/libtool 1.5
       new  55c7696   [179394] HP-UX IPF support autoconf 2.59/libtool 1.5
       new  deb5f50   Make configure automatically find the correct versions of apr-config and apxs
       new  b5291c8   [179394] HP-UX IPF/PA-RISC support updated hppa*64* with hppa2.* in aclocal.m4 to support 64 bit PA_RISC. CAUTION: this file could be automatically updated by "aclocal" command using libtool.m4, which contains the expression: "hppa*64*".    But 64 bit PA_RISC generates, this string "build_cpu='hppa2.0w'", which does not match "hppa*64*". So, if aclocal.m4 is updated, hppa*64* needs to be replaced.
       new  05b6031   Checking in automatically generated aclocal.m4 and derived files. aclocal-1.6; automake-1.6; autoconf
       new  50ad8c9   upgraded config.guess and config.sub to 2004-09-07 (same as mod_admserv)
       new  b9131c4   Add support for Elliptical Curve Cryptography (ECC). This is disabled by default. To enable it, pass --enable-ecc to configure.
       new  8ae9591   force checkin of autoconf files
       new  7eed0dc   188300
       new  77378f6   196070
       new  c6435b2   Drop dependency on ksh and use bash instead.
       new  330ebd5   Remove some invalid comments
       new  073a857   196070
       new  7a16cfd   mod_proxy support has been around for a while. We want SNI support as soon as NSS allows it.
       new  12d492f   197681
       new  7a9b1da   200855
       new  7896430   200855
       new  f1040b4   200610
       new  f2f7282   Merge in changes from http://svn.apache.org/viewvc?view=rev&revision=161958
       new  ecf3a7e   Merge in changes from http://svn.apache.org/viewvc?view=rev&revision=104700
       new  a2c5668   Merge in changes from http://svn.apache.org/viewvc?view=rev&revision=290965
       new  f85e30e   Merge in http://svn.apache.org/viewvc?view=rev&revision=354394
       new  09e5676   Initialize the NSS cache before NSS_Init is called. A race condition was being triggered during the first module unload when calling NSS_Shutdown because the cache wasn't finished setting itself up in MP mode.
       new  555efa7   204138
       new  bb0f6ca   Add information about ECC including required versions of NSPR and NSS and the available ciphers.
       new  16f50b3   208848
       new  4d3a405   211139
       new  803d86b   211612
       new  9a894d9   212426
       new  ff38e91   213081
       new  c6f1107   222173
       new  dd8e415   226747
       new  61cadf2   229660
       new  68b364f   Resolves: 241936
       new  0cd05b4   Populate the changelog.
       new  bc1e4b1   The wrong variable was being used to report that NSSPassPhraseHelper wasn't found.
       new  e2baea5   Only NSSPassPhraseHelper needs to be required.
       new  4aa4a80   The error message was wrong if NSSPassPhraseHelper pointed to a non-existant file. Don't require a password file AND NSSPassPhraseHelper. Only the helper is required.
       new  0c14c8a   If mod_ssl isn't loaded then register the hooks to mod_proxy so we can do at least secure proxy in front of an unsecure host.
       new  7793b9e   Resolves BZ 248722
       new  f0cbeb2   NSS has been modified to not allow a fork after an NSS_Init() in the soft token. It apparently always did this for hardware tokens as it is part of the PKCS#11 spec.
       new  7060463   Make FIPS mode work. This fixes 2 problems:
       new  80f966c   No need to link with softokn3
       new  3b2e9ed   Fix parsing error where a token with no password would end up with a trailing tab in its value causing NSS to not find it.
       new  9576f57   Don't allow blank passwords if FIPS is enabled. This is not allowed by the NSS FIPS 140-2 security policy.
       new  503b4df   Don't inherit the MP cache when running in threaded mode Don't initialize the database if the SSL is disabled in the configuration
       new  d26e83a   Restore moduleKill function so that NSS remains initialized during the entire configuration state. Other modules were relying on mod_nss leaving NSS initialized.
       new  e19d59b   Bring up-to-date to mod_nss 1.0.8
       new  14d6276   Fix bug in disabling mod_ssl when installing mod_nss with 'make install'
       new  2870f90   Return -1 on a read failure and set the appropriate NSPR error message.
       new  118abee   Fix another place we should set PR_WOULD_BLOCK_ERROR during a read.
       new  6344040   Add controls for managing SSL renegotiation
       new  78df57b   Add TLS renegotiation options to the configuration file
       new  00dd8c4   Update list of error messages
       new  04119e7   Compare CN value of remote host with requested host in reverse proxy. Add configuration option to disable this, defaulting to on.
       new  08cfa88   Ignore SIGHUP in nss_pcache (#591889).
       new  52b20c7   2010-05-14  Rob Crittenden <rcritten at redhat.com>     * Ignore SIGHUP in nss_pcache (#591889).       Contributed by Joshua Roys <roysjosh at gmail.com>
       new  cb69869   Fix endless read loop in some situations when handling POST data (#620856)
       new  d3da91e   Only call PK11_ListCerts once and pass it when configuring each virtual server. This saves considerable time when there are a lot of certificates and/or virtual servers.
       new  883452c   Bring up to date.
       new  cb1d3ff   Revert PR_WOULD_BLOCK change and reset the NSPR error value before callling PR_Read().
       new  4aba0ec   Bug 669118
       new  3c0f6bd   * Don't use memcpy as it may operate on overlapping memory (#669118)   Patch ported from mod_ssl by Stephen Gallagher <sgallagh at redhat.com>
       new  1a10bf6   Add man page for gencert
       new  f656ffc   Add a semaphore lock around retrieving token PINs from the nss_pcache pipe. Rarely requests to the pipe were getting overridden causing that child to not enable SSL.
       new  a6c3370   Always copy in client certificate and fix FakeBasicAuth
       new  78fe734   No need to shut things down if NSS isn't initialized.
       new  a2bada0   Fix static array overrun when generating arg list for nss_pcache
       new  b8bc6fe   Bugzilla Bug #906082 - mod_nss requires manpages for gencert and nss_pcache.
       new  97a6da1   Moved 'nss_pcache' and provided compatibility link.
       new  399685f   Only clear the SSL Session Cache when shutting the server down.
       new  25e23d6   Add support for TLS v1.1, protocol ranges.
       new  680e899   Documentation formatting fixes
       new  14ce3fc   Fix usage string in nss_pcache to include semid
       new  2a8b281   Clarify the error messages to distinguish between server and proxy
       new  e339e2f   Install nss_pcache.8 man page
       new  8eff5df   Document sample mod_nss use cases, including FIPS.
       new  6ea9bd8   Work with mod_proxy when mod_ssl is also loaded.
       new  04a38bc   Move nss_pcache to /usr/libexec
       new  84672b9   Fix argument handling in nss_pcache
       new  ff76371   Fix incorrect handling of NSSVerifyClient in directory context
       new  d80edeb   Update Changelog and AUTHORS
       new  9e9b886   Remove a bunch of auto-generated files
       new  3413bbd   Rename configure.in to configure.ac
       new  ed17d95   Apache 2.4 compatibility changes
       new  b50b13b   Remove an unused variable
       new  c2ac0d1   Finally added a .gitignore
       new  07c2729   Add some basic functional tests.
       new  80ba95f   Merge remote-tracking branch 'origin/upstream' into master-n
       new  7777f25   update paths
       new  9c939f3   control: Use canonical vcs urls.
       new  bdbd987   compat: Bump to 9.
       new  4ab8f77   Merge branch 'master' into master-n
       new  c2de77c   debian/nss.conf: Removed, use the patched upstream conf instead.
       new  82eb270   bump the version
       new  436f3c3   control, rules: Use dh and dh-autoreconf.
       new  a7ea280   install: Install nss_pcache in /usr/lib/libapache2-mod-nss instead of /usr/sbin.
       new  b4e755f   update patches, remove upstreamed ones
       new  cf35769   gencert: Create sqlite-based db's.
       new  afe9343   rules: Disable tests, too many fedoraisms.
       new  088d3e0   install manpages, symlink to nss_pcache
       new  ea0207a   rules: Add a symlink to libnssckbi.so to the nssdb.
       new  1e38cf7   postinst, postrm: Create the nssdb on postinst, clear on postrm.

The 156 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.

Summary of changes:
 .gitignore                                      |    31 +
 AUTHORS                                         |    10 +
 ChangeLog                                       |   110 +
 INSTALL                                         |   328 +-
 Makefile.am                                     |    31 +-
 Makefile.in                                     |   600 -
 README                                          |    22 +-
 TODO                                            |     5 +-
 aclocal.m4                                      |  6683 -------
 config.guess                                    |  1447 --
 config.m4                                       |    51 -
 config.sub                                      |  1555 --
 configure                                       | 21483 ----------------------
 configure.in => configure.ac                    |     0
 debian/changelog                                |    22 +
 debian/compat                                   |     2 +-
 debian/control                                  |    10 +-
 debian/libapache2-mod-nss.dirs                  |     2 +-
 debian/libapache2-mod-nss.install               |     4 +-
 debian/libapache2-mod-nss.links                 |     1 +
 debian/libapache2-mod-nss.manpages              |     2 +
 debian/libapache2-mod-nss.postinst              |    18 +
 debian/libapache2-mod-nss.postrm                |    14 +
 debian/nss.conf                                 |   203 -
 debian/patches/fix_build                        |    14 -
 debian/patches/mod_nss-clientauth.patch         |    50 -
 debian/patches/mod_nss-conf.patch               |    77 +-
 debian/patches/mod_nss-gencert.patch            |    67 +-
 debian/patches/mod_nss-httpd24.patch            |   135 -
 debian/patches/mod_nss-lockpcache.patch         |   240 -
 debian/patches/mod_nss-negotiate.patch          |   184 -
 debian/patches/mod_nss-nssverifyclient.patch    |    12 -
 debian/patches/mod_nss-overlapping_memcpy.patch |    24 -
 debian/patches/mod_nss-pcachesignal.patch       |    21 -
 debian/patches/mod_nss-reseterror.patch         |    10 -
 debian/patches/mod_nss-reverseproxy.patch       |   182 -
 debian/patches/mod_nss-wouldblock.patch         |    12 -
 debian/patches/series                           |    11 -
 debian/rules                                    |   104 +-
 depcomp                                         |   529 -
 docs/mod_nss.html                               |   657 +-
 gencert.8                                       |    59 +
 gencert.in                                      |    24 +-
 install-sh                                      |   251 -
 ltmain.sh                                       |  6870 -------
 migrate.pl                                      |     3 +-
 missing                                         |   336 -
 mkinstalldirs                                   |    40 -
 mod_nss.c                                       |    71 +-
 mod_nss.h                                       |    39 +-
 nss.conf.in                                     |    24 +-
 nss_engine_config.c                             |    48 +
 nss_engine_init.c                               |   393 +-
 nss_engine_io.c                                 |    28 +-
 nss_engine_kernel.c                             |    15 +-
 nss_engine_log.c                                |    20 +-
 nss_engine_pphrase.c                            |    17 +
 nss_engine_vars.c                               |    42 +-
 nss_pcache.8                                    |    95 +
 nss_pcache.c                                    |    30 +-
 test/createinstance.sh                          |    59 +
 test/httpd.conf.tmpl                            |   999 +
 test/setup.sh                                   |    55 +
 test/suite1.tmpl                                |    65 +
 test/test.py                                    |   138 +
 test/test_config.py                             |   186 +
 test/test_request.py                            |   190 +
 test/test_util.py                               |    52 +
 68 files changed, 3616 insertions(+), 41496 deletions(-)
 create mode 100644 .gitignore
 delete mode 100644 Makefile.in
 delete mode 100644 aclocal.m4
 delete mode 100755 config.guess
 delete mode 100644 config.m4
 delete mode 100755 config.sub
 delete mode 100755 configure
 rename configure.in => configure.ac (100%)
 create mode 100644 debian/libapache2-mod-nss.links
 create mode 100644 debian/libapache2-mod-nss.manpages
 create mode 100644 debian/libapache2-mod-nss.postinst
 create mode 100644 debian/libapache2-mod-nss.postrm
 delete mode 100644 debian/nss.conf
 delete mode 100644 debian/patches/fix_build
 delete mode 100644 debian/patches/mod_nss-clientauth.patch
 delete mode 100644 debian/patches/mod_nss-httpd24.patch
 delete mode 100644 debian/patches/mod_nss-lockpcache.patch
 delete mode 100644 debian/patches/mod_nss-negotiate.patch
 delete mode 100644 debian/patches/mod_nss-nssverifyclient.patch
 delete mode 100644 debian/patches/mod_nss-overlapping_memcpy.patch
 delete mode 100644 debian/patches/mod_nss-pcachesignal.patch
 delete mode 100644 debian/patches/mod_nss-reseterror.patch
 delete mode 100644 debian/patches/mod_nss-reverseproxy.patch
 delete mode 100644 debian/patches/mod_nss-wouldblock.patch
 delete mode 100755 depcomp
 create mode 100644 gencert.8
 delete mode 100755 install-sh
 delete mode 100644 ltmain.sh
 delete mode 100755 missing
 delete mode 100755 mkinstalldirs
 create mode 100644 nss_pcache.8
 create mode 100755 test/createinstance.sh
 create mode 100644 test/httpd.conf.tmpl
 create mode 100755 test/setup.sh
 create mode 100644 test/suite1.tmpl
 create mode 100644 test/test.py
 create mode 100644 test/test_config.py
 create mode 100644 test/test_request.py
 create mode 100644 test/test_util.py

Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git

More information about the Pkg-fedora-ds-maintainers mailing list