This is mostly a security release to fix an error in the handling of
+CIPHER in the OpenSSL compatibility code. CVE-2016-3099 was due to the
fact that mod_nss stopped parsing cipher strings when it came across a +
for cipher re-ordering. NSS doesn't support re-ordering. The problem is
that there may be very important things beyond it but an error wasn't
return, it just stopped looking at the ciphers.
This release also updates the mod_ssl -> mod_nss migration script.
Support was added for SSL_PPTYPE_FILTER so that now NSSPassPhraseDialog
can use exec: and call a script to get the password from systemd, for
example.
And finally, I added some Valgrind suppression files to make finding
memory issues a lot easier.
Source is at
https://fedorahosted.org/releases/m/o/mod_nss/mod_nss-1.0.14.tar.gz
rob
_______________________________________________
Mod_nss-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/mod_nss-list
