Hello community,
here is the log from the commit of package gnome-vfs2 for openSUSE:Factory checked in at 2012-08-13 18:26:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnome-vfs2 (Old)
and /work/SRC/openSUSE:Factory/.gnome-vfs2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnome-vfs2", Maintainer is "gnome-maintainers@suse.de"
Changes:
--------
--- /work/SRC/openSUSE:Factory/gnome-vfs2/gnome-vfs2.changes 2011-09-23 02:01:08.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.gnome-vfs2.new/gnome-vfs2.changes 2012-08-13 18:26:57.000000000 +0200
@@ -1,0 +2,12 @@
+Mon Jul 16 03:31:18 UTC 2012 - crrodriguez@opensuse.org
+
+- Add gnome-vfs2-ssl.patch:
+ + Never try to negotiate SSLv2 as it is completely broken from
+ the security POV.
+ + Use SSL_MODE_RELEASE_BUFFERS to keep openSSL memory usage as
+ low as possible.
+ + There are a myriad of other possible attacks like BEAST,
+ version/cipher downgrades still possible but this patch do not
+ address this concerns.
+
+-------------------------------------------------------------------
New:
----
gnome-vfs2-ssl.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gnome-vfs2.spec ++++++
--- /var/tmp/diff_new_pack.mSz2eV/_old 2012-08-13 18:27:02.000000000 +0200
+++ /var/tmp/diff_new_pack.mSz2eV/_new 2012-08-13 18:27:02.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package gnome-vfs2
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,8 +15,6 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
-
Name: gnome-vfs2
%define _name gnome-vfs
@@ -46,7 +44,7 @@
BuildRequires: openssl-devel
BuildRequires: samba
Version: 2.24.4
-Release: 5
+Release: 0
Summary: The GNOME 2.x Desktop Virtual File System Libraries
License: GPL-2.0+ ; LGPL-2.1+
Group: Development/Libraries/GNOME
@@ -71,6 +69,8 @@
Patch41: gnome-vfs-url_handler_irc.patch
# PATCH-FIX-UPSTREAM gnome-vfs2-non_void.patch bgo#611574 ro@novell.com -- Fix no-return-in-non-void-function.
Patch42: gnome-vfs2-non_void.patch
+# PATCH-FIX-OPENSUSE gnome-vfs2-ssl.patch bgo#681242 crrodriguez@opensuse.org - Never negotiate SSLv2 because it is broken
+Patch43: gnome-vfs2-ssl.patch
# bug437293
%ifarch ppc64
Obsoletes: gnome-vfs2-64bit
@@ -108,10 +108,11 @@
Mathieu Lacage