commit apache2-mod_nss for openSUSE:Factory

Sat, 17 Sep 2016 05:41:10 -0700 

Hello community,

here is the log from the commit of package apache2-mod_nss for openSUSE:Factory 
checked in at 2016-09-17 14:40:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_nss (Old)
 and      /work/SRC/openSUSE:Factory/.apache2-mod_nss.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apache2-mod_nss"

Changes:
--------
--- /work/SRC/openSUSE:Factory/apache2-mod_nss/apache2-mod_nss.changes  
2016-08-05 18:16:41.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.apache2-mod_nss.new/apache2-mod_nss.changes     
2016-09-17 14:40:32.000000000 +0200
@@ -1,0 +2,15 @@
+Thu Sep 15 10:44:06 UTC 2016 - [email protected]
+
+- don't disable SSLV2, because it doesn't work with NSS 3.24
+  (boo#993642)
+  * add mod_nss-dont_disable_SSLV2.patch
+- remove deprecated NSSSessionCacheTimeout option from mod_nss.conf.in
+  (bsc#998176)
+- change ownership of the gencert generated NSS database so apache
+  can read it (bsc#998180)
+  * add mod_nss-gencert-correct-ownership.patch
+- use correct configuration path in mod_nss.conf.in (bsc#996282)
+- remove %post migration code from the old alias directory
+- generate dummy certificates if there aren't any in mod_nss.d
+
+-------------------------------------------------------------------

New:
----
  mod_nss-dont_disable_SSLV2.patch
  mod_nss-gencert-correct-ownership.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apache2-mod_nss.spec ++++++
--- /var/tmp/diff_new_pack.dmgxzl/_old  2016-09-17 14:40:34.000000000 +0200
+++ /var/tmp/diff_new_pack.dmgxzl/_new  2016-09-17 14:40:34.000000000 +0200
@@ -52,6 +52,8 @@
 BuildRequires:  pkgconfig
 
 Patch1:         mod_nss-migrate.patch
+Patch2:         mod_nss-gencert-correct-ownership.patch
+Patch3:         mod_nss-dont_disable_SSLV2.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define    apxs /usr/sbin/apxs2
@@ -72,6 +74,8 @@
 %prep
 %setup -q -n mod_nss-%{version}
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
 
 # Touch expression parser sources to prevent regenerating it
 touch nss_expr_*.[chyl]
@@ -188,48 +192,15 @@
 
 %post
 umask 077
-if [ "$1" -eq 1 ] ; then
-    # this is first time installation.
-    if [ ! -e %{apache_sysconf_nssdir}/key3.db ]; then
+if [ ! -e %{apache_sysconf_nssdir}/key3.db ]; then
         %{_sbindir}/gencert %{apache_sysconf_nssdir} > 
%{apache_sysconf_nssdir}/install.log 2>&1
         echo ""
         echo "%{name} certificate database generated."
         echo ""
-    fi
-    # Make sure that the database ownership is setup properly.
-    find %{apache_sysconf_nssdir} -user root -name "*.db" -exec /bin/chgrp www 
{} \;
-    find %{apache_sysconf_nssdir} -user root -name "*.db" -exec /bin/chmod 640 
{} \;
-fi
-if [ "$1" -eq 2 ]; then
-    # this is the upgrade case for this %post:
-    if [ -d %{apache_sysconfdir}/alias ]; then
-       copied_files=""
-       for dbfile in *.db; do
-           if [ ! -f %{apache_sysconf_nssdir}/"$dbfile" -a -f "$dbfile" ]; then
-               cp -a "$dbfile" %{apache_sysconf_nssdir}/"$dbfile"
-               copied_files="$copied_files $dbfile"
-           fi
-       done
-       if [ "$copied_files" != "" ]; then
-               {
-               echo "This notice was written by the post-install script of the 
package"
-               echo "%{name}."
-               echo ""
-               echo "The files $copied_files"
-               echo "have been copied to the directory 
%{apache_sysconf_nssdir},"
-               echo "as this directory is not referenced by the default 
configuration any longer,"
-               echo "and because these files did not exist in 
%{apache_sysconf_nssdir}."
-               echo "Existing files have not been modified."
-               echo ""
-               echo "Please check your configuration and remove or move your 
certificate and"
-               echo "key storage to your desired place, and adjust your module 
configuration"
-               echo "accordingly."
-               echo ""
-               echo "Thank you."
-               } > %{apache_sysconfdir}/alias/README-dbfiles.txt
-       fi
-    fi
 fi
+# Make sure that the database ownership is setup properly.
+find %{apache_sysconf_nssdir} -user root -name "*.db" -exec /bin/chgrp www {} 
\;
+find %{apache_sysconf_nssdir} -user root -name "*.db" -exec /bin/chmod 640 {} 
\;
 
 %files
 %defattr(-,root,root,-)
@@ -244,7 +215,6 @@
 %ghost %attr(0640,root,www) %config(noreplace) 
%{apache_sysconf_nssdir}/cert8.db
 %ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/key3.db
 %ghost %config(noreplace) %{apache_sysconf_nssdir}/install.log
-#%%{apache_sysconf_nssdir}/libnssckbi.so
 %{_sbindir}/nss_pcache
 %{_sbindir}/gencert
 %{_sbindir}/mod_nss_migrate.pl

++++++ mod_nss-dont_disable_SSLV2.patch ++++++
Index: mod_nss-1.0.14/nss_engine_init.c
===================================================================
--- mod_nss-1.0.14.orig/nss_engine_init.c       2016-04-15 20:27:59.000000000 
+0200
+++ mod_nss-1.0.14/nss_engine_init.c    2016-09-15 13:34:23.723723904 +0200
@@ -796,7 +796,8 @@ static void nss_init_ctx_protocol(server
         }
     }
 
-    stat = SSL_OptionSet(mctx->model, SSL_ENABLE_SSL2, PR_FALSE);
+    //stat = SSL_OptionSet(mctx->model, SSL_ENABLE_SSL2, PR_FALSE);
+    stat = SECSuccess;
 
     /* Set protocol version ranges:
      *
++++++ mod_nss-gencert-correct-ownership.patch ++++++
Index: mod_nss-1.0.14/gencert.in
===================================================================
--- mod_nss-1.0.14.orig/gencert.in      2016-04-15 20:27:59.000000000 +0200
+++ mod_nss-1.0.14/gencert.in   2016-09-13 17:11:20.810502756 +0200
@@ -332,4 +332,10 @@ echo ""
 echo "The database password is httptest"
 echo ""
 
+# change the ownership of the NSS database so apache can access it
+echo "Setting the ownership of the NSS database to root:www"
+chmod 640 $DBDIR/*.db
+chown root:www $DBDIR/*.db
+
+
 exit 0
++++++ mod_nss.conf.in ++++++
--- /var/tmp/diff_new_pack.dmgxzl/_old  2016-09-17 14:40:34.000000000 +0200
+++ /var/tmp/diff_new_pack.dmgxzl/_new  2016-09-17 14:40:34.000000000 +0200
@@ -50,13 +50,13 @@
 #    it is recommended to decide for one and deactivate the other.
 #
 # Certificates:
-# The directory /etc/apache/mod_nss.d contains everything that mod_nss
+# The directory /etc/apache2/mod_nss.d contains everything that mod_nss
 # needs: keys, certificates. The default configuration has reference
-# to .db files in /etc/apache/mod_nss.d that shall illustrate how the
+# to .db files in /etc/apache2/mod_nss.d that shall illustrate how the
 # configuration should/could look like.
 #
 # In addition to providing a central location to store keys and certificates,
-# /etc/apache/mod_nss.d may also contain configuration files that are
+# /etc/apache2/mod_nss.d may also contain configuration files that are
 # included directly after this documentation text. Note that only files
 # named *.conf are included!
 #
@@ -141,10 +141,8 @@
 
 #   Configure the SSL Session Cache. 
 #   NSSSessionCacheSize is the number of entries in the cache.
-#   NSSSessionCacheTimeout is the SSL2 session timeout (in seconds).
 #   NSSSession3CacheTimeout is the SSL3/TLS session timeout (in seconds).
 NSSSessionCacheSize 10000
-NSSSessionCacheTimeout 100
 NSSSession3CacheTimeout 86400
 
 #

Reply via email to