Hello community, here is the log from the commit of package openssl checked in at Mon Nov 6 22:25:34 CET 2006. -------- --- openssl/openssl.changes 2006-10-04 15:08:55.000000000 +0200 +++ /mounts/work_src_done/STABLE/openssl/openssl.changes 2006-11-06 18:36:09.000000000 +0100 @@ -1,0 +2,7 @@ +Mon Nov 6 18:35:10 CET 2006 - poeml@suse.de + +- configure with 'zlib' instead of 'zlib-dynamic'. Build with the + latter, there are problems opening the libz when running on the + Via Epia or vmware platforms. [#213305] + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl.spec ++++++ --- /var/tmp/diff_new_pack.JdK2lY/_old 2006-11-06 22:25:00.000000000 +0100 +++ /var/tmp/diff_new_pack.JdK2lY/_new 2006-11-06 22:25:00.000000000 +0100 @@ -17,14 +17,14 @@ %endif %define ssletcdir %{_sysconfdir}/ssl %define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g; s+_.*++g") -License: BSD, Other License(s), see package +License: BSD License and BSD-like, Other License(s), see package Group: Productivity/Networking/Security Provides: ssl Conflicts: ssleay Obsoletes: ssleay Autoreqprov: on Version: 0.9.8d -Release: 2 +Release: 11 Summary: Secure Sockets and Transport Layer Security URL: http://www.openssl.org/ Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2 @@ -173,7 +173,7 @@ # config_flags="threads shared no-rc5 no-idea \ enable-camellia \ -zlib-dynamic \ +zlib \ --prefix=%{_prefix} \ --openssldir=%{ssletcdir} \ $RPM_OPT_FLAGS \ @@ -335,6 +335,10 @@ %{_libdir}/engines %changelog -n openssl +* Mon Nov 06 2006 - poeml@suse.de +- configure with 'zlib' instead of 'zlib-dynamic'. Build with the + latter, there are problems opening the libz when running on the + Via Epia or vmware platforms. [#213305] * Wed Oct 04 2006 - poeml@suse.de - add patch for the CVE-2006-2940 fix: the newly introduced limit on DH modulus size could lead to a crash when exerted. [#208971] @@ -392,9 +396,9 @@ support, which is required for curve and point format negotiation to avoid potential handshake problems. [Bodo Moeller] *) Disable rogue ciphersuites: -- SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") -- SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") -- SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there. @@ -433,7 +437,7 @@ to conform with the standards mentioned here: http://www.zlib.net/DLL_FAQ.txt Static zlib linking now works on Windows and the new --with-zlib-include ---with-zlib-lib options to Configure can be used to supply the location + --with-zlib-lib options to Configure can be used to supply the location of the headers and library. Gracefully handle case where zlib library can't be loaded. [Steve Henson] *) Several fixes and enhancements to the OID generation code. The old code @@ -699,13 +703,13 @@ - configuration syntax has changed ($sys_id added before $lflags) * Thu Feb 20 2003 - poeml@suse.de - update to bugfix release 0.9.6i: -- security fix: In ssl3_get_record (ssl/s3_pkt.c), minimize + - security fix: In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078) -- a few more small bugfixes (mainly missing assertions) + - a few more small bugfixes (mainly missing assertions) * Fri Dec 06 2002 - poeml@suse.de - update to 0.9.6h (last release in the 0.9.6 series) o New configuration targets for Tandem OSS and A/UX. @@ -734,7 +738,7 @@ * Mon Aug 12 2002 - poeml@suse.de - update to 0.9.6g and drop the now included ASN1 check patch. Other change: -- Use proper error handling instead of 'assertions' in buffer + - Use proper error handling instead of 'assertions' in buffer overflow checks added in 0.9.6e. This prevents DoS (the assertions could call abort()). * Fri Aug 09 2002 - kukuk@suse.de ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org