apache2-mod_nss-1.0.17-lp151.3.3.1<>,]]{/=„Iх @t ̘%wCt+81"kn%ͲFbDFY@e PhU~!b8|]>MTn[p5}10(nd53[3Z96GZ5jifc6¢ sR]qJVo2# 1%23*H[U. Fk{=yC-ajy7r* <;I3 >Zal\c\>@;H?;8d % O(,8<OXc |0|     H  0 | ) )4)(89: >2F2G2H3I3hX3|Y3\3]4^4 b5c6d79e7>f7Al7Cu7Xv7 w9x9y:<'z::::;4Capache2-mod_nss1.0.17lp151.3.3.1SSL/TLS module for the Apache HTTP serverThe mod_nss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols using the Network Security Services (NSS) security library.]{cloud135?openSUSE Leap 15.1openSUSEApache-2.0http://bugs.opensuse.orgProductivity/Networking/Web/Servershttps://pagure.io/mod_nsslinuxx86_64umask 077 # generate a self-signed certificate if there isn't either # key3.db (old DBM format) or key4.db (new SQLite format) if [ ! -e /etc/apache2/mod_nss.d/key3.db -a ! -e /etc/apache2/mod_nss.d/key4.db ]; then /usr/sbin/gencert /etc/apache2/mod_nss.d > /etc/apache2/mod_nss.d/install.log 2>&1 echo "" echo "apache2-mod_nss certificate database generated." echo "" fi # Make sure that the database ownership is setup properly. find /etc/apache2/mod_nss.d -user root -name "*.db" -exec /bin/chgrp -h www {} + find /etc/apache2/mod_nss.d -user root -name "*.db" ! -type l -exec /bin/chmod 640 {} +2,8(['`:`t,]A큠AA큤A큤]{]{]{]{]{]{]{]{]{]{]{]{]{]{Z>RP\Z>]{Z>998be6de2339769decc457a9b957f74d6282d75ac2bc0d8512c3f2dd5dd24139c676ad1c81e5911f9deea8bec85f878dacf1c3f98e8dca86d963504620de37b7d26659fcf90bb5c8e1c26108ec00cdfad8d397e5a42ea7fdda2fafbc30d177b15c6c9124ba3d2b1ec264b5ff5d8cda9d5c264e1a632ccfa5fe0b47c0ad8c49474a8860500c7d71e00919976e1a27de74d8e92efe874bc6dbf82beef52ec08d9f120a9bdb8363f0d060c3d46d01d088aaed426af59c6aa6e42d15db0dc251a480480385b0bc0162e8fc4cd1e86a97139ec29d5734ba1ddc5e36bd91c241040af0d0e3a6ac30ed947a2ba5517c03efd71b405c8cf93153c5214b823594d54dbd1bd1011fea84d86040659bec6ddc7ff48346b743735c15d43c62adca267cd05f172662706fe07090f08df4c735ee5bde97d29b1b77cfda684b0c79715fa843812fc71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4QQQQrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootwwwrootwwwwwwrootrootrootrootrootrootrootrootrootrootrootrootapache2-mod_nss-1.0.17-lp151.3.3.1.src.rpmapache2-mod_nssapache2-mod_nss(x86-64)config(apache2-mod_nss)libmodnss.so()(64bit)mod_nss@@ @@@@@@@@@@@@@@@@@@@@@@@@@@     /bin/bash/bin/sh/usr/bin/perlapache2apache_mmn_20120211config(apache2-mod_nss)findutilsiproute2libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnss3.so(NSS_3.10)(64bit)libnss3.so(NSS_3.10.2)(64bit)libnss3.so(NSS_3.11.7)(64bit)libnss3.so(NSS_3.12)(64bit)libnss3.so(NSS_3.2)(64bit)libnss3.so(NSS_3.3)(64bit)libnss3.so(NSS_3.4)(64bit)libnss3.so(NSS_3.5)(64bit)libnss3.so(NSS_3.6)(64bit)libnss3.so(NSS_3.9)(64bit)libnss3.so(NSS_3.9.2)(64bit)libplc4.so()(64bit)libssl3.so()(64bit)libssl3.so(NSS_3.12.6)(64bit)libssl3.so(NSS_3.14)(64bit)libssl3.so(NSS_3.2)(64bit)libssl3.so(NSS_3.4)(64bit)libssl3.so(NSS_3.7.4)(64bit)mozilla-nssmozilla-nss-toolsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)suse_maintenance_mmn_02.2.121.0.17-lp151.3.3.13.253.0.4-14.6.0-14.0-15.2-14.14.1]w@Z2@Z@Z@Z%Z@Z8@Z.s@Z)-@YW@Wڍ@WE@W)@V@VJVVVjVCVqU|@U|@UUY@UKSUT@TXTPVítězslav Čížek vcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.compgajdos@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comjengelh@inai.devcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.compgajdos@suse.comvcizek@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comvcizek@suse.comvcizek@suse.compgajdos@suse.comhguo@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.com- Use a stronger password in gencert to pass the stricter tests in FIPS mode (bsc#1150133) * mod_nss-gencert_stronger_password.patch- Update to 1.0.17 * Add TLSv1.3 support * Update documentation for TLS 1.3 * Add TLS 1.3 support to the cipher tests * PEP-8 fixups * Change the default certificate database format to SQLite.- Use fixed upstream 1.0.16 tarball * https://pagure.io/mod_nss/issue/44- Update to 1.0.16 * Fix up some broken cipher strings from a bad merge - adjust distro detection, Tumbleweed has NSS 3.35, Leap 15 has 3.34 - drop 0001-Fix-up-some-broken-cipher-strings-from-a-bad-merge.patch (upstream)- Since the update to NSS 3.35, the default NSS certificate database format changed from Berkley DB to SQLite - use %license tag- Update to 1.0.15 * Try to auto-detect the NSS database format if not specified * Update nss_pcache.8 man page to drop directory and prefix * When a token is configured in password file only authenticate once * Return an error when NSSPassPhraseDialog is invalid * Move 3DES ciphers down from HIGH to MEDIUM to match OpenSSL 1.0.2k+ * Add -Werror=implicit-function-declaration to CFLAGS * Handle group membership when testing for file permissions * NSS system-wide policy now disables SSLv3, don't use it in tests * Add missing error messages for libssl errors * Fix doc typo in SSL_[SERVER|CLIENT]_SAN_IPaddr env variable name * When including additional test config use specific extension * Fix the TLS Session ID cache * Make an invalid protocol setting fatal * Don't use same NSS db in nss_pcache as mod_nss, use NSS_NoDB_Init() * Add info log message when FIPS is enabled * Add AES-256 and drop DES, CAST128, SKIPJACK as wrapping key types * Fix removal of CR from PEM certificates * Add OCSP caching and timeout tuning knobs * Check the NSS database directory permissions as well as the files inside it for read access on startup. * Add in simple aliases for ciphers to fix those that don't follow the pattern (dhe_rsa_aes_128_sha256, dhe_rsa_aes_256_sha256) and those with typos (camelia_128_sha, camelia_256_sha) * Fix semaphore leak * Don't set remote user in fixup hook * Drop SSLv2 tests because it is completely disabled now - drop 0001-Handle-group-membership-when-testing-for-file-permis.patch (upstream) - add 0001-Fix-up-some-broken-cipher-strings-from-a-bad-merge.patch- buildrequire apr-devel instead of libapr1-devel - buildrequire apr-util-devel instead of libapr-util1-devel- Fix NSS database startup permission check (bsc#1057776) * add 0001-Handle-group-membership-when-testing-for-file-permis.patch- drop obsolete mod_nss-dont_disable_SSLV2.patch * bump up minimal NSS version to 3.25, which we now have everywhere - Require iproute2 for ss, which is used by gencert to gather noise- Use ss instead of the deprecated netstat in gencert (bsc#1064415) * add mod_nss-gencert_use_ss_instead_of_netstat.patch - spec: cleanup and fix URLs- Avoid changing permissions through symlinks- don't disable SSLV2, because it doesn't work with NSS 3.24 (boo#993642) * add mod_nss-dont_disable_SSLV2.patch - remove deprecated NSSSessionCacheTimeout option from mod_nss.conf.in (bsc#998176) - change ownership of the gencert generated NSS database so apache can read it (bsc#998180) * add mod_nss-gencert-correct-ownership.patch - use correct configuration path in mod_nss.conf.in (bsc#996282) - remove %post migration code from the old alias directory - generate dummy certificates if there aren't any in mod_nss.d (bsc#998183)- use systemd-ask-password to prompt for a certificate passphrase (bsc#972968) * drop obsolete mod_nss-bnc863518-reopen_dev_tty.diff- update to 1.0.14 (fixes boo#973996) * OpenSSL ciphers stopped parsing at +, CVE-2016-3099 * Created valgrind suppression files to ease debugging * Implement SSL_PPTYPE_FILTER to call executables to get the key password pins. Can be used to prompt with systemd. * Improvements to migrate.pl - drop mod_nss_migrate.pl and use upstream migrate script instead * add mod_nss-migrate.patch- use a whitelist approach for keeping directives in the migration script (bsc#961907) * modify mod_nss_migrate.pl- fix test: add NSSPassPhraseDialog, point it to plain file- update to 1.0.13 Update default ciphers to something more modern and secure Check for host and netstat commands in gencert before trying to use them Add server support for DHE ciphers Extract SAN from server/client certificates into env Fix memory leaks and other coding issues caught by clang analyzer Add support for Server Name Indication (SNI) (#1010751) Add support for SNI for reverse proxy connections Add RenegBufferSize? option Add support for TLS Session Tickets (RFC 5077) Fix logical AND support in OpenSSL cipher compatibility Correctly handle disabled ciphers (CVE-2015-5244) Implement a slew more OpenSSL cipher macros Fix a number of illegal memory accesses and memory leaks Support for SHA384 ciphers if they are available in NSS Add compatibility for mod_ssl-style cipher definitions (#862938) Add TLSv1.2-specific ciphers Completely remove support for SSLv2 Add support for sqlite NSS databases (#1057650) Compare subject CN and VS hostname during server start up Add support for enabling TLS v1.2 Don't enable SSL 3 by default (CVE-2014-3566) Fix CVE-2013-4566 Move nss_pcache to /usr/libexec Support httpd 2.4+ - drop almost all our patches (upstream) * 0001-SNI-check-with-NameVirtualHosts.patch * mod_nss-CVE-2013-4566-NSSVerifyClient.diff * mod_nss-PK11_ListCerts_2.patch * mod_nss-add_support_for_enabling_TLS_v1.2.patch * mod_nss-array_overrun.patch * mod_nss-cipherlist_update_for_tls12-doc.diff * mod_nss-cipherlist_update_for_tls12.diff * mod_nss-clientauth.patch * mod_nss-compare_subject_CN_and_VS_hostname.patch * mod_nss-gencert.patch * mod_nss-httpd24.patch * mod_nss-lockpcache.patch * mod_nss-negotiate.patch * mod_nss-no_shutdown_if_not_init_2.patch * mod_nss-overlapping_memcpy.patch * mod_nss-pcachesignal.h * mod_nss-proxyvariables.patch * mod_nss-reseterror.patch * mod_nss-reverse_proxy_send_SNI.patch * mod_nss-reverseproxy.patch * mod_nss-sslmultiproxy.patch * mod_nss-tlsv1_1.patch * mod_nss-wouldblock.patch * update-ciphers.patch - add automake and libtool to BuildRequires - temporarily comment out %check- %check: access syntax depends on %{apache_branch}- %{apache_branch} converted to number- mod_nss-httpd24.patch applied depending on %{apache_branch} instead of %{suse_version}, fixes build for sle11 with new apache- test module with %apache_test_module_curl- unified ciphers with SLE-12 * modified patches: mod_nss-cipherlist_update_for_tls12-doc.diff mod_nss-cipherlist_update_for_tls12.diff update-ciphers.patch- send TLS server name extension on proxy connections (bsc#933832) * added mod_nss-reverse_proxy_send_SNI.patch - updates to the SNI code (from Stanislav Tokos): update update-ciphers.patch (bsc#928039) merge changes from the mod_nss-SNI_support.patch to: 0001-SNI-check-with-NameVirtualHosts.patch (bnc#927402) abstract hash for NSSNickname and ServerName, add ServerAliases and Wild Cards for vhost (bsc#927402, bsc#928039, bsc#930922) replace SSL_SNI_SEND_ALERT by nss_die (cleaner solution for virtual hosts) (bsc#930186) add alert about permission on the certificate database (bsc#933265)- Requries: %{apache_suse_maintenance_mmn} This will pull this module to the update (in released distribution) when apache maintainer thinks it is good (due api/abi changes).- The package does not carry any .conf files underneath /etc/apache2/mod_nss.d, therefore use 'IncludeOptional' instead of 'Include' directory in mod_nss.conf.- change of url and source address- remove "ecdhe_rsa_aes_256_sha256" cipher from the mod_nss.conf.in file as this cipher is not supported and it was listed here incorrectly [bnc#921182]- add mod_nss-SNI_support.patch that brings Server Name Indication support that allows to have multiple HTTPS websites with multiple certificates on the same IP address and port. [fate#318331], [bnc#897712]- bnc#902068: added mod_nss-add_support_for_enabling_TLS_v1.2.patch that adding small fixes for support of TLS v1.2- bnc#897712: added mod_nss-compare_subject_CN_and_VS_hostname.patch that compare CN and VS hostname (use NSS library). Removed following patches: * mod_nss-SNI-checks.patch * mod_nss-SNI-callback.patch/bin/shcloud135 1568376576 1.0.17-lp151.3.3.11.0.17-lp151.3.3.11.0.17-lp151.3.3.1 mod_nss.conflisten_nss.confmod_nss.dcert8.dbinstall.logkey3.dbsecmod.dbvhost-nss.templateapache2mod_nss.sogencertmod_nss_migrate.plnss_pcacheapache2-mod_nssREADMEREADME-SUSE.txtmod_nss.htmlapache2-mod_nssLICENSE/etc/apache2/conf.d//etc/apache2//etc/apache2/mod_nss.d//etc/apache2/vhosts.d//usr/lib64//usr/lib64/apache2//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/apache2-mod_nss//usr/share/licenses//usr/share/licenses/apache2-mod_nss/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:11072/openSUSE_Leap_15.1_Update/4a47511320140e467cc73bb677b63f6e-apache2-mod_nss.openSUSE_Leap_15.1_Updatedrpmxz5x86_64-suse-linuxASCII text, with very long linesASCII textdirectoryemptyELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=c9391b9ad45359553c43919236a8367ccddc2d5f, strippedBourne-Again shell script, ASCII text executablePerl script text executableELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=5ef019a3c6a1d6ae267cdc637faddfacb4eedf9a, strippedHTML document, ASCII text, with very long lines PRR R!RRRRRRRRRRRRR R R R R RRRRRRRR R R R RRRRRRR9TtI/L:2utf-868b046c374614eddc24259d7187ef0dd62668c08302d96069108e79fa766fa00?7zXZ !t/hq]"k%d"5okw@_J(Fu "Oxe+X0-T+z͘E +A*@V+^*/1;ja8ޢDo{cܣHq#CMijN,0L7ğ r @ Wi߷[E Q;f5vNfx: *Hr$LI"'m@|36bbHf8;o-ehʬ0IW\'Q=#]b|. Vď=*sb;]`Yklg#qW[!gwpq>\stFwkC\S} JmM#jՑCto$s/Nɯ8ٔ w#*Z63s\u}V;O6πU.76O' hzcұ26nGx\Z#{ Pb#X$`Bz;d] l4G%i' E"J1i͹(jFF7y@!YNHj!סn{JS1m+7hPٯD+(Ӑ:Lh_1iyCAĖO$e©!\O:y ]fHfo51.~2ڊċ<σF˵չ$O6ʶ쩜` l>a3`u,[\mAxŹ-}V {Q\W c~qvܑD އ즺m;e? ο%XuK[WXƅ`2a.ﴱAҺ*-8 |zVaݥ\[>YW3%]e7D#9SiaJYy m;ίX0<Ƽbpn|Kn|Ŕ{Iл{Vv/;fFI4eĵ_*=۴f, VQ -436*)Jb+[c鎻AhŠ {B!WD|yI^rb6 Y|Ŷe]َEKxKJDPɛMN:gtۺ'mbgwPct $Ujw<0}d wmѮ\e!W`ڼgR0ݏAi\â0 YjT l |gUtc Zz1WXٻ -N&~}Vy)SwT3FMIoeKu96i:3g2ͽ^ $ McDTmVXc՝Y.;]mT7hIǩZs悽}CS釽W{W*p0W`X'7#l<\ 'y\`'kR$*N v!rbgFq/h1탰ը+|Q )8p;P&\)>{.ySca+vmRy47=?hp FV,.7UrH8ZalMgYqb)\x8P!jy\ =}Xp֪r;re&Pdßz͖0hc/nG@3lFr#o!d'a@ȓZPmo=ZJ-W~ֆ ǪhzrVP 8KC:u2>į舕 y >#g@"8`q<27ĸ5So!@a<_yXC4d>{+V#RSNO)  +,[(}$YmƸ 5:-Vs;(pay0WA(AQs- g̰q'Ae%JWQK bpHŤK3,k_{ͷ)f>#_pFv5wdHA»L]!Qqlk>Vd&]j[1p8=n| 9v a8){0YNn`8׎3RsV?*r.f|>ѵ]};OW+h0bV/5v[jRzEH2M7/Z:yи뤲BK 'Ja[=)iiԫf̮ϵz}I>I=^YwGrG #z>n}%gv/5W:'G;t^1}PaPBӫ TWrVng>eK85وfFHw *3_~=.bXq}jP-aaL*]nY_w#G.T[ .Έ c){q!N bs#=H*qsMJA`)BT>f$~Hpfs x7~H1z`ERJ>y|ɓ'Qu+>&1Hs1Lg.i ĔvCmے%5a*8EerX2D;"K.qgf䱆$,+2]\QZ(T*1 Жg;'΋\ٍ.wcg?7p6jCbvgvH̸ӵO7'рj@ ㎱?otj["H W7'w|1-¦m=ʀ(} #D4_*y)1? AZp ]u]w {?km,Z3S;4L`4Z=%޾m_~͑;TpvQJefCJ^m2K,AwڞЊl%cS džQXJb[Lfn \^žmKbҫ/ *.Wpr? C`7FÎS ílD?N2\Qҍ1PZTV.]L$gPjS";IwoE4yIX+O!?F5'.T 5wT6Ib\b= Y ^ǃGȘo'x cA>)}g*-,Rֆbg +8 rnS>0uMy딨 a} W"̤d8{w^XEZ":7$A$ OX;TWV/mms:\WAX|\>X/ݐD+|\/6rgQ6y9%H*X2dQ:PSQ6{oG o &ћNZߥ8s7#VΑ>o5i$I6%Q/^rv&]"A ^5H6clWILQb_RxD&rR)ٓ'm 2\λ!5^AٌsVIiP0eܫ7(ni Ɖ6=[QY3dxMy20Jurpt&v o28D Ĥ  GcN+7AkM*,fbI@ b0MDRZ>[sk,]eât0 _B,bz+Z ~Jn)vFR֭lg805]k\~{C)>u]Ω5٘$ Da>y\c["X+F_P`$ k?a^3'tݤ ^C_flLZc% Zه_]Ϳo]_"׉Yo*s|_\!^v[/WKYDvXbKozl< YZ