commit libressl for openSUSE:Factory
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package libressl for openSUSE:Factory checked in at 2015-06-23 11:58:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libressl (Old) and /work/SRC/openSUSE:Factory/.libressl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libressl" Changes: -------- --- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2015-03-30 19:32:48.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libressl.new/libressl.changes 2015-06-23 11:58:37.000000000 +0200 @@ -1,0 +2,20 @@ +Fri Jun 12 22:33:52 UTC 2015 - jengelh@inai.de + +- Update to new upstream release 2.2.0 +* Removal of OPENSSL_issetugid and all library getenv calls. + Applications can and should no longer rely on environment + variables for changing library behavior. + OPENSSL_CONF/SSLEAY_CONF is still supported with the openssl(1) + command. +* libtls API and documentation additions +* fixed: +* CVE-2015-1788: Malformed ECParameters causes infinite loop +* CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time +* CVE-2015-1792: CMS verify infinite loop with unknown hash + function (this code is not enabled by default) +* already fixed earlier, or not found in LibreSSL: +* CVE-2015-4000: DHE man-in-the-middle protection (Logjam) +* CVE-2015-1790: PKCS7 crash with missing EnvelopedContent +* CVE-2014-8176: Invalid free in DTLS + +------------------------------------------------------------------- Old: ---- libressl-2.1.6.tar.gz libressl-2.1.6.tar.gz.asc New: ---- libressl-2.2.0.tar.gz libressl-2.2.0.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libressl.spec ++++++ --- /var/tmp/diff_new_pack.mWV70D/_old 2015-06-23 11:58:38.000000000 +0200 +++ /var/tmp/diff_new_pack.mWV70D/_new 2015-06-23 11:58:38.000000000 +0200 @@ -17,7 +17,7 @@ Name: libressl -Version: 2.1.6 +Version: 2.2.0 Release: 0 Summary: An SSL/TLS protocol implementation License: OpenSSL @@ -41,11 +41,11 @@ OpenSSL, with the aim of refactoring the OpenSSL code so as to provide a more secure implementation. -%package -n libcrypto32 +%package -n libcrypto33 Summary: An SSL/TLS protocol implementation Group: System/Libraries -%description -n libcrypto32 +%description -n libcrypto33 The "crypto" library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the LibreSSL implementations of SSL, TLS @@ -76,7 +76,7 @@ %package devel Summary: Development files for LibreSSL, an SSL/TLS protocol implementation Group: Development/Libraries/C and C++ -Requires: libcrypto32 = %version +Requires: libcrypto33 = %version Requires: libssl32 = %version Requires: libtls3 = %version Conflicts: libopenssl-devel @@ -129,8 +129,8 @@ exit 1 fi -%post -n libcrypto32 -p /sbin/ldconfig -%postun -n libcrypto32 -p /sbin/ldconfig +%post -n libcrypto33 -p /sbin/ldconfig +%postun -n libcrypto33 -p /sbin/ldconfig %post -n libssl32 -p /sbin/ldconfig %postun -n libssl32 -p /sbin/ldconfig %post -n libtls3 -p /sbin/ldconfig @@ -142,17 +142,17 @@ %_mandir/man1/*.1* %doc COPYING -%files -n libcrypto32 +%files -n libcrypto33 %defattr(-,root,root) -%_libdir/libcrypto.so.32* +%_libdir/libcrypto.so.* %files -n libssl32 %defattr(-,root,root) -%_libdir/libssl.so.32* +%_libdir/libssl.so.* %files -n libtls3 %defattr(-,root,root) -%_libdir/libtls.so.3* +%_libdir/libtls.so.* %files devel %defattr(-,root,root) @@ -165,6 +165,6 @@ %files devel-doc %defattr(-,root,root) -%_mandir/man3/*.3* +%_mandir/man3/*.* %changelog ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.mWV70D/_old 2015-06-23 11:58:38.000000000 +0200 +++ /var/tmp/diff_new_pack.mWV70D/_new 2015-06-23 11:58:38.000000000 +0200 @@ -1,9 +1,9 @@ -libcrypto32 +libcrypto33 libssl32 libtls3 libressl-devel requires -libressl-<targettype> - requires "libcrypto32-<targettype> = <version>" + requires "libcrypto33-<targettype> = <version>" requires "libssl32-<targettype> = <version>" requires "libtls3-<targettype> = <version>" conflicts "libopenssl-devel-<targettype>" ++++++ libressl-2.1.6.tar.gz -> libressl-2.2.0.tar.gz ++++++ ++++ 29106 lines of diff (skipped)
participants (1)
-
root@hilbert.suse.de