Hello community, here is the log from the commit of package libressl for openSUSE:Factory checked in at 2015-03-11 09:57:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libressl (Old) and /work/SRC/openSUSE:Factory/.libressl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libressl" Changes: -------- --- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2015-02-05 11:00:38.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libressl.new/libressl.changes 2015-03-11 09:57:30.000000000 +0100 @@ -1,0 +2,42 @@ +Fri Mar 6 18:19:18 UTC 2015 - [email protected] + +- Update to 2.1.4: + * Improvements to libtls: + - a new API for loading CA chains directly from memory instead + of a file, allowing verification with privilege separation in + a chroot without direct access to CA certificate files. + - Ciphers default to TLSv1.2 with AEAD and PFS. + - Improved error handling and message generation. + - New APIs and improved documentation. + * Add X509_STORE_load_mem API for loading certificates from memory. + This facilitates accessing certificates from a chrooted + environment. + * New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by + using 'TLSv1.2+AEAD' as the cipher selection string. + * New openssl(1) command 'certhash' replaces the c_rehash script. + * Server-side support for TLS_FALLBACK_SCSV for compatibility + with various auditor and vulnerability scanners. + * Dead and disabled code removal including MD5, Netscape + workarounds, non-POSIX IO, SCTP, RFC 3779 support, + "#if 0" sections, and more. + * The ASN1 macros are expanded to aid readability and + maintainability. + * Various NULL pointer asserts removed in favor of letting the + OS/signal handler catch them. + * Refactored argument handling in openssl(1) for consistency and + maintainability. + * Support for building with OPENSSL_NO_DEPRECATED. + * Dozens of issues found with the Coverity scanner fixed. + * Fix a minor information leak that was introduced in t1_lib.c + r1.71, whereby an additional 28 bytes of .rodata (or .data) is + provided to the network. In most cases this is a non-issue + since the memory content is already public. + * Fixes for the following low-severity issues were integrated + into LibreSSL from OpenSSL 1.0.1k: + - CVE-2015-0205 - DH client certificates accepted without + verification. + - CVE-2014-3570 - Bignum squaring may produce incorrect results. + - CVE-2014-8275 - Certificate fingerprints can be modified. + - CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]. + +------------------------------------------------------------------- Old: ---- libressl-2.1.3.tar.gz New: ---- libressl-2.1.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libressl.spec ++++++ --- /var/tmp/diff_new_pack.ZMB8uq/_old 2015-03-11 09:57:31.000000000 +0100 +++ /var/tmp/diff_new_pack.ZMB8uq/_new 2015-03-11 09:57:31.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libressl # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: libressl -Version: 2.1.3 +Version: 2.1.4 Release: 0 Summary: An SSL/TLS protocol implementation License: OpenSSL @@ -42,31 +42,31 @@ OpenSSL, with the aim of refactoring the OpenSSL code so as to provide a more secure implementation. -%package -n libcrypto30 +%package -n libcrypto32 Summary: An SSL/TLS protocol implementation Group: System/Libraries -%description -n libcrypto30 +%description -n libcrypto32 The "crypto" library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the LibreSSL implementations of SSL, TLS and S/MIME, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards. -%package -n libssl30 +%package -n libssl32 Summary: An SSL/TLS protocol implementation Group: System/Libraries -%description -n libssl30 +%description -n libssl32 LibreSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It derives from OpenSSL and intends to provide a more secure implementation. -%package -n libtls1 +%package -n libtls3 Summary: A simplified interface for the OpenSSL/LibreSSL TLS protocol implementation Group: System/Libraries -%description -n libtls1 +%description -n libtls3 LibreSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It derives from OpenSSL and intends to provide a more secure implementation. @@ -77,9 +77,9 @@ %package devel Summary: Development files for LibreSSL, an SSL/TLS protocol implementation Group: Development/Libraries/C and C++ -Requires: libcrypto30 = %version -Requires: libssl30 = %version -Requires: libtls1 = %version +Requires: libcrypto32 = %version +Requires: libssl32 = %version +Requires: libtls3 = %version Conflicts: libopenssl-devel %description devel @@ -114,7 +114,7 @@ %install b="%buildroot" -make install DESTDIR="$b" +%make_install rm -f "$b/%_libdir"/*.la for i in "$b/%_mandir"/man*; do pushd "$i" @@ -132,12 +132,12 @@ exit 1 fi -%post -n libcrypto30 -p /sbin/ldconfig -%postun -n libcrypto30 -p /sbin/ldconfig -%post -n libssl30 -p /sbin/ldconfig -%postun -n libssl30 -p /sbin/ldconfig -%post -n libtls1 -p /sbin/ldconfig -%postun -n libtls1 -p /sbin/ldconfig +%post -n libcrypto32 -p /sbin/ldconfig +%postun -n libcrypto32 -p /sbin/ldconfig +%post -n libssl32 -p /sbin/ldconfig +%postun -n libssl32 -p /sbin/ldconfig +%post -n libtls3 -p /sbin/ldconfig +%postun -n libtls3 -p /sbin/ldconfig %files %defattr(-,root,root) @@ -145,17 +145,17 @@ %_mandir/man1/*.1* %doc COPYING -%files -n libcrypto30 +%files -n libcrypto32 %defattr(-,root,root) -%_libdir/libcrypto.so.30* +%_libdir/libcrypto.so.32* -%files -n libssl30 +%files -n libssl32 %defattr(-,root,root) -%_libdir/libssl.so.30* +%_libdir/libssl.so.32* -%files -n libtls1 +%files -n libtls3 %defattr(-,root,root) -%_libdir/libtls.so.1* +%_libdir/libtls.so.3* %files devel %defattr(-,root,root) ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.ZMB8uq/_old 2015-03-11 09:57:31.000000000 +0100 +++ /var/tmp/diff_new_pack.ZMB8uq/_new 2015-03-11 09:57:31.000000000 +0100 @@ -1,9 +1,9 @@ -libcrypto30 -libssl30 -libtls1 +libcrypto32 +libssl32 +libtls3 libressl-devel requires -libressl-<targettype> - requires "libcrypto30-<targettype> = <version>" - requires "libssl30-<targettype> = <version>" - requires "libtls1-<targettype> = <version>" + requires "libcrypto32-<targettype> = <version>" + requires "libssl32-<targettype> = <version>" + requires "libtls3-<targettype> = <version>" conflicts "libopenssl-devel-<targettype>" ++++++ libressl-2.1.3.tar.gz -> libressl-2.1.4.tar.gz ++++++ ++++ 51381 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
