Hello community, here is the log from the commit of package lftp for openSUSE:Factory checked in at 2015-05-29 10:41:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lftp (Old) and /work/SRC/openSUSE:Factory/.lftp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lftp" Changes: -------- --- /work/SRC/openSUSE:Factory/lftp/lftp.changes 2015-01-12 09:50:15.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.lftp.new/lftp.changes 2015-05-29 10:41:02.000000000 +0200 @@ -1,0 +2,20 @@ +Thu May 28 08:27:26 UTC 2015 - idon...@suse.com + +- Update to version 4.6.2: + * new command "edit" instead of the edit alias. + * new setting ssl:priority for disabling selected protocols. + * new settings fish:auto-confirm and sftp:auto-confirm. + * new setting file:use-lock to lock local files before accessing. + * ftp: fixed disconnecting on timeout (broken in 4.6.0). + * http: enclose ipv6 address in brackets in URLs and Host header. + * fixed mirror for http protocol with redirections. + * fixed `bookmark edit' to use correct XDG path if XDG is used. + * fixed a wildcard certificate validation vulnerability (CVE-2014-0139). + * fixed proxy authentication for CONNECT method. + * fixed exit code of `help' command. + * fixed sftp to show file names with slashes. + * fixed pget status display when all chunks are done except the first one. +- Drop lftp-CVE-2014-0139.patch, fixed upstream. +- Refresh lftp-default-ssl-cipher.patch + +------------------------------------------------------------------- Old: ---- lftp-4.6.1.tar.xz lftp-4.6.1.tar.xz.asc lftp-CVE-2014-0139.patch New: ---- lftp-4.6.2.tar.xz lftp-4.6.2.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lftp.spec ++++++ --- /var/tmp/diff_new_pack.SXdgkG/_old 2015-05-29 10:41:03.000000000 +0200 +++ /var/tmp/diff_new_pack.SXdgkG/_new 2015-05-29 10:41:03.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package lftp # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2012 Pascal Bleser <pascal.ble...@opensuse.org> # # All modifications and additions to the file contributed by third parties @@ -19,7 +19,7 @@ %define vi_version 1.1 Name: lftp -Version: 4.6.1 +Version: 4.6.2 Release: 0 Summary: Command Line File Transfer Program License: GPL-2.0+ @@ -41,7 +41,6 @@ Patch9: lftp-config_h.patch # PATCH-FEATURE-OPENSUSE lftp-ssl-cipher.patch pgaj...@suse.cz -- use stronger cipher [bnc#857148] Patch10: lftp-default-ssl-cipher.patch -Patch11: lftp-CVE-2014-0139.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc-c++ @@ -91,8 +90,7 @@ popd #src %patch7 -p1 %patch9 -p1 -%patch10 -%patch11 +%patch10 -p1 %build autoreconf -fi ++++++ lftp-4.6.1.tar.xz -> lftp-4.6.2.tar.xz ++++++ ++++ 35444 lines of diff (skipped) ++++++ lftp-default-ssl-cipher.patch ++++++ --- /var/tmp/diff_new_pack.SXdgkG/_old 2015-05-29 10:41:04.000000000 +0200 +++ /var/tmp/diff_new_pack.SXdgkG/_new 2015-05-29 10:41:04.000000000 +0200 @@ -1,13 +1,13 @@ -Index: src/lftp_ssl.cc +Index: lftp-4.6.2/src/lftp_ssl.cc =================================================================== ---- src/lftp_ssl.cc.orig 2013-03-19 13:55:58.000000000 +0100 -+++ src/lftp_ssl.cc 2014-07-29 11:26:00.702007402 +0200 -@@ -772,7 +772,7 @@ - SSLeay_add_ssl_algorithms(); - ssl_ctx=SSL_CTX_new(SSLv23_client_method()); - SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL|SSL_OP_NO_TICKET|SSL_OP_NO_SSLv2); +--- lftp-4.6.2.orig/src/lftp_ssl.cc ++++ lftp-4.6.2/src/lftp_ssl.cc +@@ -814,7 +814,7 @@ lftp_ssl_openssl_instance::lftp_ssl_open + } + } + SSL_CTX_set_options(ssl_ctx, options); - SSL_CTX_set_cipher_list(ssl_ctx, "ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH"); -+ //SSL_CTX_set_cipher_list(ssl_ctx, "ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH"); ++// SSL_CTX_set_cipher_list(ssl_ctx, "ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH"); SSL_CTX_set_verify(ssl_ctx,SSL_VERIFY_PEER,lftp_ssl_openssl::verify_callback); // SSL_CTX_set_default_passwd_cb(ssl_ctx,lftp_ssl_passwd_callback);