commit w3m for openSUSE:Factory

Tue, 13 Nov 2012 08:11:03 -0800 

Hello community,

here is the log from the commit of package w3m for openSUSE:Factory checked in 
at 2012-11-13 17:10:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/w3m (Old)
 and      /work/SRC/openSUSE:Factory/.w3m.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "w3m", Maintainer is "m...@suse.com"

Changes:
--------
--- /work/SRC/openSUSE:Factory/w3m/w3m.changes  2012-10-03 10:13:38.000000000 
+0200
+++ /work/SRC/openSUSE:Factory/.w3m.new/w3m.changes     2012-11-13 
17:10:42.000000000 +0100
@@ -1,0 +2,9 @@
+Mon Nov 12 18:26:45 UTC 2012 - crrodrig...@opensuse.org
+
+- Due to the "CRIME attack" (CVE-2012-4929) HTTPS clients
+  that negotiate TLS-level compression can be abused for
+  MITM attacks. (w3m-openssl.patch) 
+
+- Use SSL_MODE_RELEASE_BUFFERS if available .
+
+-------------------------------------------------------------------

New:
----
  w3m-openssl.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ w3m.spec ++++++
--- /var/tmp/diff_new_pack.Ox3NDA/_old  2012-11-13 17:10:44.000000000 +0100
+++ /var/tmp/diff_new_pack.Ox3NDA/_new  2012-11-13 17:10:44.000000000 +0100
@@ -50,6 +50,7 @@
 Patch501:       gc-configure.patch
 Patch502:       gc-arm.patch
 Patch503:       w3m-fh-def.patch
+Patch504:       w3m-openssl.patch
 
 %package inline-image
 Summary:        An inline image extension for w3m
@@ -101,6 +102,7 @@
 %patch11
 %patch12
 %patch503
+%patch504
 cd ../gc*
 %patch500
 %patch501

++++++ w3m-openssl.patch ++++++
--- url.c.orig
+++ url.c
@@ -337,7 +337,15 @@ openSSLHandle(int sock, char *hostname,
            if (strchr(ssl_forbid_method, 'T'))
                option |= SSL_OP_NO_TLSv1;
        }
+#ifdef SSL_OP_NO_COMPRESSION
+       option |= SSL_OP_NO_COMPRESSION;
+#endif
        SSL_CTX_set_options(ssl_ctx, option);
+
+#ifdef SSL_MODE_RELEASE_BUFFERS
+       SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
+
 #ifdef USE_SSL_VERIFY
        /* derived from openssl-0.9.5/apps/s_{client,cb}.c */
 #if 1                          /* use SSL_get_verify_result() to verify cert */
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to