commit lftp for openSUSE:Factory

Fri, 29 May 2015 01:44:55 -0700 

Hello community,

here is the log from the commit of package lftp for openSUSE:Factory checked in 
at 2015-05-29 10:41:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/lftp (Old)
 and      /work/SRC/openSUSE:Factory/.lftp.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "lftp"

Changes:
--------
--- /work/SRC/openSUSE:Factory/lftp/lftp.changes        2015-01-12 
09:50:15.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.lftp.new/lftp.changes   2015-05-29 
10:41:02.000000000 +0200
@@ -1,0 +2,20 @@
+Thu May 28 08:27:26 UTC 2015 - idon...@suse.com
+
+- Update to version 4.6.2:
+  * new command "edit" instead of the edit alias.
+  * new setting ssl:priority for disabling selected protocols.
+  * new settings fish:auto-confirm and sftp:auto-confirm.
+  * new setting file:use-lock to lock local files before accessing.
+  * ftp: fixed disconnecting on timeout (broken in 4.6.0).
+  * http: enclose ipv6 address in brackets in URLs and Host header.
+  * fixed mirror for http protocol with redirections.
+  * fixed `bookmark edit' to use correct XDG path if XDG is used.
+  * fixed a wildcard certificate validation vulnerability (CVE-2014-0139).
+  * fixed proxy authentication for CONNECT method.
+  * fixed exit code of `help' command.
+  * fixed sftp to show file names with slashes.
+  * fixed pget status display when all chunks are done except the first one.
+- Drop lftp-CVE-2014-0139.patch, fixed upstream.
+- Refresh lftp-default-ssl-cipher.patch
+
+-------------------------------------------------------------------

Old:
----
  lftp-4.6.1.tar.xz
  lftp-4.6.1.tar.xz.asc
  lftp-CVE-2014-0139.patch

New:
----
  lftp-4.6.2.tar.xz
  lftp-4.6.2.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ lftp.spec ++++++
--- /var/tmp/diff_new_pack.SXdgkG/_old  2015-05-29 10:41:03.000000000 +0200
+++ /var/tmp/diff_new_pack.SXdgkG/_new  2015-05-29 10:41:03.000000000 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package lftp
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 # Copyright (c) 2012 Pascal Bleser <pascal.ble...@opensuse.org>
 #
 # All modifications and additions to the file contributed by third parties
@@ -19,7 +19,7 @@
 
 %define vi_version 1.1
 Name:           lftp
-Version:        4.6.1
+Version:        4.6.2
 Release:        0
 Summary:        Command Line File Transfer Program
 License:        GPL-2.0+
@@ -41,7 +41,6 @@
 Patch9:         lftp-config_h.patch
 # PATCH-FEATURE-OPENSUSE lftp-ssl-cipher.patch pgaj...@suse.cz -- use stronger 
cipher [bnc#857148]
 Patch10:        lftp-default-ssl-cipher.patch
-Patch11:        lftp-CVE-2014-0139.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@@ -91,8 +90,7 @@
 popd #src
 %patch7 -p1
 %patch9 -p1
-%patch10
-%patch11
+%patch10 -p1
 
 %build
 autoreconf -fi

++++++ lftp-4.6.1.tar.xz -> lftp-4.6.2.tar.xz ++++++
++++ 35444 lines of diff (skipped)

++++++ lftp-default-ssl-cipher.patch ++++++
--- /var/tmp/diff_new_pack.SXdgkG/_old  2015-05-29 10:41:04.000000000 +0200
+++ /var/tmp/diff_new_pack.SXdgkG/_new  2015-05-29 10:41:04.000000000 +0200
@@ -1,13 +1,13 @@
-Index: src/lftp_ssl.cc
+Index: lftp-4.6.2/src/lftp_ssl.cc
 ===================================================================
---- src/lftp_ssl.cc.orig       2013-03-19 13:55:58.000000000 +0100
-+++ src/lftp_ssl.cc    2014-07-29 11:26:00.702007402 +0200
-@@ -772,7 +772,7 @@
-    SSLeay_add_ssl_algorithms();
-    ssl_ctx=SSL_CTX_new(SSLv23_client_method());
-    SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL|SSL_OP_NO_TICKET|SSL_OP_NO_SSLv2);
+--- lftp-4.6.2.orig/src/lftp_ssl.cc
++++ lftp-4.6.2/src/lftp_ssl.cc
+@@ -814,7 +814,7 @@ lftp_ssl_openssl_instance::lftp_ssl_open
+       }
+    }
+    SSL_CTX_set_options(ssl_ctx, options);
 -   SSL_CTX_set_cipher_list(ssl_ctx, 
"ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH");
-+   //SSL_CTX_set_cipher_list(ssl_ctx, 
"ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH");
++//    SSL_CTX_set_cipher_list(ssl_ctx, 
"ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH");
     
SSL_CTX_set_verify(ssl_ctx,SSL_VERIFY_PEER,lftp_ssl_openssl::verify_callback);
  //    SSL_CTX_set_default_passwd_cb(ssl_ctx,lftp_ssl_passwd_callback);

Reply via email to