Hello community, here is the log from the commit of package xchat-gnome for openSUSE:Factory checked in at 2015-04-13 20:31:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xchat-gnome (Old) and /work/SRC/openSUSE:Factory/.xchat-gnome.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xchat-gnome" Changes: -------- --- /work/SRC/openSUSE:Factory/xchat-gnome/xchat-gnome.changes 2013-09-23 15:54:00.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.xchat-gnome.new/xchat-gnome.changes 2015-04-13 20:31:20.000000000 +0200 @@ -1,0 +2,5 @@ +Sun Apr 12 09:42:49 UTC 2015 - zai...@opensuse.org + +- Add xchat-gnome-poodle.patch, protect against poole (bgo#738870). + +------------------------------------------------------------------- New: ---- xchat-gnome-poodle.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xchat-gnome.spec ++++++ --- /var/tmp/diff_new_pack.OqBax2/_old 2015-04-13 20:31:21.000000000 +0200 +++ /var/tmp/diff_new_pack.OqBax2/_new 2015-04-13 20:31:21.000000000 +0200 @@ -33,6 +33,8 @@ Patch3: xchat-gnome-dso-linking.patch # PATCH-FIX-UPSTREAM xchat-gnome-perl-plugin.patch bgo#698232 dims...@opensuse.org -- Fix building with -Werror=missing-prototypes. Patch4: xchat-gnome-perl-plugin.patch +# PATCH-FIX-UPSTREAM xchat-gnome-poodle.patch bgo#738870 zai...@opensuse.org -- Patch for poodle attack. +Patch5: xchat-gnome-poodle.patch BuildRequires: dbus-1-glib-devel BuildRequires: fdupes BuildRequires: gconf2-devel @@ -91,6 +93,7 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 translation-update-upstream %build ++++++ xchat-gnome-poodle.patch ++++++ >From f9e2f17c26abf90b340c8a80248326f4c7c1f3b7 Mon Sep 17 00:00:00 2001 From: Marc Deslauriers <marc.deslauri...@ubuntu.com> Date: Tue, 9 Dec 2014 22:02:14 +0530 Subject: gnome bz#738870 SSLv3 should no longer be used for security reasons. Let the best connection method be automatically determined by using SSLv23_client_method() and SSLv23_server_method(). https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ diff --git a/src/common/ssl.c b/src/common/ssl.c index a18ad47..35eb237 100644 --- a/src/common/ssl.c +++ b/src/common/ssl.c @@ -70,7 +70,7 @@ _SSL_context_init (void (*info_cb_func), int server) SSLeay_add_ssl_algorithms (); SSL_load_error_strings (); - ctx = SSL_CTX_new (server ? SSLv3_server_method() : SSLv3_client_method ()); + ctx = SSL_CTX_new (server ? SSLv23_server_method() : SSLv23_client_method ()); SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH); SSL_CTX_set_timeout (ctx, 300); @@ -281,7 +281,7 @@ _SSL_socket (SSL_CTX *ctx, int sd) __SSL_critical_error ("SSL_new"); SSL_set_fd (ssl, sd); - if (ctx->method == SSLv3_client_method()) + if (ctx->method == SSLv23_client_method()) SSL_set_connect_state (ssl); else SSL_set_accept_state(ssl); -- cgit v0.10.2
