openSUSE Recommended Update: libserf: update to Serf 1.3.4 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0241-1 Rating: low References: #862983 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues with libserf: - bnc#862983: update to Serf 1.3.4 This release fixes a race condition during OpenSSL initialisation and two ssl tunnel setup failures * Endless loop during ssl tunnel setup with Negotiate authn * Can't setup ssl tunnel which sends Connection close header * race condition when initializing OpenSSL from multiple threads * Incorrect pkg-config file when GSSAPI isn't configured - also includes changes from 1.3.3 This is a small patch release containing a fix to solve a problem connecting to multi-homed servers (e.g. ipv4/ipv6) and some improvements in the use of error codes during ssl certificate validation and handling of timed out connections. * Try more addresses of multihomed servers * Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE correctly * Return APR_TIMEUP from poll() to enable detecting connection timeouts Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-133 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libserf-1-1-1.3.4-4.1 libserf-1-1-debuginfo-1.3.4-4.1 libserf-debugsource-1.3.4-4.1 libserf-devel-1.3.4-4.1 References: https://bugzilla.novell.com/862983