Hello community,
here is the log from the commit of package mcrypt.1052 for openSUSE:11.4:Update checked in at 2012-11-05 09:25:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:11.4:Update/mcrypt.1052 (Old)
and /work/SRC/openSUSE:11.4:Update/.mcrypt.1052.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mcrypt.1052", Maintainer is ""
Changes:
--------
New Changes file:
--- /dev/null 2012-10-22 00:44:18.403455820 +0200
+++ /work/SRC/openSUSE:11.4:Update/.mcrypt.1052.new/mcrypt.changes 2012-11-05 09:25:18.000000000 +0100
@@ -0,0 +1,181 @@
+-------------------------------------------------------------------
+Mon Oct 29 12:19:55 UTC 2012 - vdziewiecki@suse.com
+
+-Fix bnc#786100 VUL-1: CVE-2012-4527: mcrypt: stack-based buffer
+overflow via overly long file name - mcrypt-2.6.8-snprintf.patch
+
+-------------------------------------------------------------------
+Wed Oct 10 14:08:58 UTC 2012 - vdziewiecki@suse.com
+
+-Removed gaa build dependency to fix build failure. (bnc#779213)
+-------------------------------------------------------------------
+Mon Sep 10 14:04:10 UTC 2012 - vdziewiecki@suse.com
+
+-Fix bnc#779213 - VUL-0: CVE-2012-4409: mcrypt: buffer overflow flaw
+
+-------------------------------------------------------------------
+Mon Jan 3 20:42:51 UTC 2011 - aj@suse.de
+
+- Remove mcrypt-2.6.8-gettext.patch, it's not needed. Do not call
+ autoreconf, it just breaks the build.
+
+-------------------------------------------------------------------
+Sun Oct 31 12:37:02 UTC 2010 - jengelh@medozas.de
+
+- Use %_smp_mflags
+
+-------------------------------------------------------------------
+Thu Aug 6 16:37:25 UTC 2009 - puzel@novell.com
+
+- mcrypt-2.6.8-missing-fclose.patch (bnc#527721)
+
+-------------------------------------------------------------------
+Fri Apr 24 16:15:49 CEST 2009 - puzel@suse.cz
+
+- added mcrypt-native-by-default.patch (partially resolve bnc#385951)
+ - openpgp format handling is seriously broken, so make native format default
+ like in Fedora and Debian
+- added mcrypt-manpage-fix.patch
+ - fix typos in manpage
+
+-------------------------------------------------------------------
+Mon Jan 19 13:58:16 CET 2009 - prusnak@suse.cz
+
+- updated to 2.6.8
+ * Updated non valid C code to comply with standard ANSI C
+ Affects openpgp code
+- removed obsoleted overflow.patch
+
+-------------------------------------------------------------------
+Wed Jan 16 14:07:53 CET 2008 - prusnak@suse.cz
+
+- updated to 2.6.7
+ * corrected bugs related to freeing mhash (const) data
+ * corrected bugs in the win32 random gatherer
+ * THE CODE IS NOW UNDER GPLv3!
+
+-------------------------------------------------------------------
+Wed Jul 18 16:25:13 CEST 2007 - prusnak@suse.cz
+
+- updated to 2.6.6
+ * corrections in getpass()
+ * updates in OpenPGP code
+ * made the OpenPGP file format the default
+- fixed uninitialized variable in rfc2440.c (uninitialized.patch)
+
+-------------------------------------------------------------------
+Fri May 4 14:56:31 CEST 2007 - prusnak@suse.cz
+
+- updated to 2.6.5 (maintenance update)
+- cleaned spec file
+
+-------------------------------------------------------------------
+Mon Apr 2 14:45:56 CEST 2007 - rguenther@suse.de
+
+- add zlib-devel BuildRequires
+
+-------------------------------------------------------------------
+Wed Jan 24 17:46:25 CET 2007 - prusnak@suse.cz
+
+- corrected fix for buffer overflow (overflow.patch) [#238192]
+
+-------------------------------------------------------------------
+Tue May 9 15:25:31 CEST 2006 - anicka@suse.cz
+
+- fixed format string bug [#173839]
+
+-------------------------------------------------------------------
+Wed Jan 25 21:38:13 CET 2006 - mls@suse.de
+
+- converted neededforbuild to BuildRequires
+
+-------------------------------------------------------------------
+Wed Apr 27 16:01:53 CEST 2005 - meissner@suse.de
+
+- fixed buffer overflow.
+
+-------------------------------------------------------------------
+Thu Jan 22 18:36:45 CET 2004 - ro@suse.de
+
+- remove old aclocal.m4 and acinclude.m4
+
+-------------------------------------------------------------------
+Sat Jan 10 17:00:17 CET 2004 - adrian@suse.de
+
+- add %defattr
+
+-------------------------------------------------------------------
+Thu Jul 24 13:55:09 CEST 2003 - tcrhak@suse.cz
+
+- update to version 2.6.4
+
+-------------------------------------------------------------------
+Thu Jun 19 21:22:15 CEST 2003 - ro@suse.de
+
+- build with current gettext
+
+-------------------------------------------------------------------
+Thu Dec 19 15:38:00 CET 2002 - tcrhak@suse.cz
+
+- update to version 2.6.3
+
+-------------------------------------------------------------------
+Fri Aug 16 14:28:07 CEST 2002 - prehak@suse.cz
+
+- mhash is no more built under mcrypt, it is a separate package now
+- fixed %files section
+
+-------------------------------------------------------------------
+Mon Aug 5 16:39:40 CEST 2002 - prehak@suse.cz
+
+- update to version 2.6.2
+- mhash updated to version 0.8.16
+- set path to includes before running of configure
+
+-------------------------------------------------------------------
+Tue Apr 2 18:15:56 CEST 2002 - tcrhak@suse.cz
+
+- build with new automake/autoconf
+
+-------------------------------------------------------------------
+Wed Jan 30 10:42:01 CET 2002 - cihlar@suse.cz
+
+- update mcrypt to 2.5.11
+- update mhash to 0.8.13
+- fixed %files
+
+-------------------------------------------------------------------
+Mon Aug 6 14:23:10 CEST 2001 - cihlar@suse.cz
+
+- fixed calls of autoconf, aclocal and automake
+
+-------------------------------------------------------------------
+Tue Jun 26 13:37:57 CEST 2001 - pblaha@suse.cz
+
+- update on 2.5.7 and mhash on 0.8.9
+
+-------------------------------------------------------------------
+Mon May 28 17:23:14 CEST 2001 - pblaha@suse.cz
+
+- fix include on ia64
+
+-------------------------------------------------------------------
+Fri Apr 27 11:08:07 CEST 2001 - pblaha@suse.cz
+
+- fixed .po files for correct locale
+
+-------------------------------------------------------------------
+Mon Oct 16 10:22:08 CEST 2000 - pblaha@suse.cz
+
+- update to 2.5.5 and repair czech locales
+
+-------------------------------------------------------------------
+Mon May 29 14:09:00 CEST 2000 - bubnikv@suse.cz
+
+- sorted
+
+-------------------------------------------------------------------
+Mon Apr 17 11:10:29 CEST 2000 - bubnikv@suse.cz
+
+- new package (2.5.3)
+
New:
----
mcrypt-2.6.8-format_strings.patch
mcrypt-2.6.8-missing-fclose.patch
mcrypt-2.6.8-snprintf.patch
mcrypt-2.6.8-uninitialized.patch
mcrypt-2.6.8.tar.bz2
mcrypt-CVE-2012-4409.patch
mcrypt-manpage-fix.patch
mcrypt-native-by-default.patch
mcrypt.changes
mcrypt.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mcrypt.spec ++++++
#
# spec file for package mcrypt
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: mcrypt
BuildRequires: libmcrypt-devel
BuildRequires: mhash-devel
BuildRequires: zlib-devel
Version: 2.6.8
Release: 0
Summary: Replacement for the crypt Command
License: GPL-3.0+
Group: Productivity/Security
Source: %{name}-%{version}.tar.bz2
Patch1: %{name}-%{version}-format_strings.patch
Patch2: %{name}-%{version}-uninitialized.patch
# PATCH-FEATURE-OPENSUSE mcrypt-native-by-default.patch bnc385951 petr.uzel@suse.cz -- make native encryption format default (patch from Fedora)
Patch3: mcrypt-native-by-default.patch
# PATCH-FIX-OPENSUSE mcrypt-manpage-fix.patch petr.uzel@suse.cz -- fix manpage typos (patch from Debian)
Patch4: mcrypt-manpage-fix.patch
Patch5: mcrypt-2.6.8-missing-fclose.patch
Patch6: mcrypt-CVE-2012-4409.patch
#PATCH-FIX-UPSTREAM bnc#786100
Patch7: mcrypt-2.6.8-snprintf.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: http://mcrypt.sourceforge.net/
%description
A replacement for the old unix crypt(1) command. Mcrypt uses the
following encryption (block) algorithms: BLOWFISH, DES, TripleDES,
3-WAY, SAFER-SK64, SAFER-SK128, CAST-128, RC2 TEA (extended), TWOFISH,
RC6, IDEA, and GOST. The Unix crypt algorithm is also included to allow
compatibility with the crypt(1) command. CBC, ECB, OFB, and CFB modes
of encryption are supported.
Authors:
--------
Nikos Mavroyanopoulos