Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package filezilla for openSUSE:Factory checked in at 2024-04-17 16:20:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/filezilla (Old) and /work/SRC/openSUSE:Factory/.filezilla.new.26366 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "filezilla" Wed Apr 17 16:20:38 2024 rev:114 rq:1168540 version:3.67.0 Changes: -------- --- /work/SRC/openSUSE:Factory/filezilla/filezilla.changes 2024-02-26 19:46:54.357195105 +0100 +++ /work/SRC/openSUSE:Factory/.filezilla.new.26366/filezilla.changes 2024-04-17 16:24:44.565429651 +0200 @@ -1,0 +2,16 @@ +Wed Apr 17 12:31:51 UTC 2024 - ecsos <[email protected]> + +- Update to 3.67.0 + * Fixed vulnerabilities: + - SFTP: Fixed PuTTY ECDSA NIST P-521 private key recovery + vulnerability (CVE-2024-31497). + If you use NIST P-521 keys to connect to SSH/SFTP servers, + you should regenerate them and revoke the previous ones. + - Official binaries are now built against GnuTLS 3.8.4 + * Bugfixes and minor changes: + - Updated to libfilezilla 0.47.0 +- Fix boo#1222871 - (CVE-2024-31497) +- Add filezilla-verifyhostkeydialog.patch to fix build error. +- Add filezilla-sftp_crypt_info_dlg.patch to fix build error. + +------------------------------------------------------------------- Old: ---- FileZilla_3.66.5_src.tar.xz New: ---- FileZilla_3.67.0_src.tar.xz filezilla-sftp_crypt_info_dlg.patch filezilla-verifyhostkeydialog.patch BETA DEBUG BEGIN: New:- Add filezilla-verifyhostkeydialog.patch to fix build error. - Add filezilla-sftp_crypt_info_dlg.patch to fix build error. New:- Fix boo#1222871 - (CVE-2024-31497) - Add filezilla-verifyhostkeydialog.patch to fix build error. - Add filezilla-sftp_crypt_info_dlg.patch to fix build error. BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ filezilla.spec ++++++ --- /var/tmp/diff_new_pack.UGjz5Z/_old 2024-04-17 16:24:46.917515694 +0200 +++ /var/tmp/diff_new_pack.UGjz5Z/_new 2024-04-17 16:24:46.921515840 +0200 @@ -16,11 +16,11 @@ # -%define libversion 3.66.5 -%define libfilezillaversion 0.46.0 +%define libversion 3.67.0 +%define libfilezillaversion 0.47.0 Name: filezilla -Version: 3.66.5 +Version: 3.67.0 Release: 0 Summary: A GUI FTP and SFTP Client License: GPL-2.0-or-later @@ -29,6 +29,8 @@ Source0: https://download.filezilla-project.org/client/FileZilla_%{version}_src.tar.xz Patch0: %{name}-welcome_dialog.patch Patch1: disable-avx-on-i586.patch +Patch2: %{name}-verifyhostkeydialog.patch +Patch3: %{name}-sftp_crypt_info_dlg.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: fdupes ++++++ FileZilla_3.66.5_src.tar.xz -> FileZilla_3.67.0_src.tar.xz ++++++ ++++ 10124 lines of diff (skipped) ++++++ filezilla-sftp_crypt_info_dlg.patch ++++++ diff -Pdpru filezilla-3.67.0.orig/src/interface/sftp_crypt_info_dlg.cpp filezilla-3.67.0/src/interface/sftp_crypt_info_dlg.cpp --- filezilla-3.67.0.orig/src/interface/sftp_crypt_info_dlg.cpp 2024-03-09 05:30:02.000000000 +0100 +++ filezilla-3.67.0/src/interface/sftp_crypt_info_dlg.cpp 2024-04-17 14:29:08.105201893 +0200 @@ -28,7 +28,7 @@ void CSftpEncryptioInfoDialog::ShowDialo { auto [box, inner] = lay.createStatBox(main, _("Server host key"), 2); inner->Add(new wxStaticText(box, nullID, _("Algorithm:"))); - inner->Add(new wxStaticText(box, nullID, pNotification->hostKeyAlgorithm.empty() ? _("Unknown") : LabelEscape(pNotification->hostKeyAlgorithm))); + inner->Add(new wxStaticText(box, nullID, pNotification->hostKeyAlgorithm.empty() ? wxString(_("Unknown")) : wxString(LabelEscape(pNotification->hostKeyAlgorithm)))); inner->Add(new wxStaticText(box, nullID, _("Fingerprints:"))); inner->Add(new wxStaticText(box, nullID, LabelEscape(pNotification->hostKeyFingerprint))); } ++++++ filezilla-verifyhostkeydialog.patch ++++++ diff -Pdpru filezilla-3.67.0.orig/src/interface/verifyhostkeydialog.cpp filezilla-3.67.0/src/interface/verifyhostkeydialog.cpp --- filezilla-3.67.0.orig/src/interface/verifyhostkeydialog.cpp 2024-03-07 05:30:02.000000000 +0100 +++ filezilla-3.67.0/src/interface/verifyhostkeydialog.cpp 2024-04-17 14:19:34.512320678 +0200 @@ -60,7 +60,7 @@ void CVerifyHostkeyDialog::ShowVerificat inner->Add(new wxStaticText(box, nullID, _("Host:"))); inner->Add(new wxStaticText(box, nullID, LabelEscape(host))); inner->Add(new wxStaticText(box, nullID, _("Hostkey algorithm:"))); - inner->Add(new wxStaticText(box, nullID, notification.hostKeyAlgorithm.empty() ? _("Unknown") : LabelEscape(notification.hostKeyAlgorithm))); + inner->Add(new wxStaticText(box, nullID, notification.hostKeyAlgorithm.empty() ? wxString(_("Unknown")) : wxString(LabelEscape(notification.hostKeyAlgorithm)))); inner->Add(new wxStaticText(box, nullID, _("Fingerprints:"))); inner->Add(new wxStaticText(box, nullID, LabelEscape(notification.hostKeyFingerprint)));
