Hello community, here is the log from the commit of package lynx for openSUSE:12.3 checked in at 2013-02-15 18:47:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3/lynx (Old) and /work/SRC/openSUSE:12.3/.lynx.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lynx", Maintainer is "dlova...@suse.com" Changes: -------- --- /work/SRC/openSUSE:12.3/lynx/lynx.changes 2013-01-31 01:26:44.000000000 +0100 +++ /work/SRC/openSUSE:12.3/.lynx.new/lynx.changes 2013-02-15 18:47:02.000000000 +0100 @@ -1,0 +2,9 @@ +Mon Feb 11 04:28:19 UTC 2013 - crrodrig...@opensuse.org + +- lynx-openssl.patch : just like in the "links" case, HTTPS + clients must not: + * Negotiate SSLv2 + * Attempt to use SSL compression (due to CVE-2012-4929) +- Fix debuginfo generation. + +------------------------------------------------------------------- New: ---- lynx-openssl.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lynx.spec ++++++ --- /var/tmp/diff_new_pack.g90ZDo/_old 2013-02-15 18:47:02.000000000 +0100 +++ /var/tmp/diff_new_pack.g90ZDo/_new 2013-02-15 18:47:02.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package lynx # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,11 +15,13 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: lynx BuildRequires: ncurses-devel BuildRequires: openssl-devel BuildRequires: postfix -Provides: lynxssl web_browser +Provides: lynxssl +Provides: web_browser Obsoletes: lynxssl PreReq: /bin/cp Requires: xli @@ -35,6 +37,7 @@ Patch101: lynx-2.8.5-charset.patch Patch102: %{name}-%{version}-enable_xli.patch Patch103: lynx-no-build-date.patch +Patch104: lynx-openssl.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -50,17 +53,14 @@ %patch101 -p0 %patch102 -p1 %patch103 +%patch104 # containing a few test msg's only: # rm -f po/{es,fr,it,ko,no,pl,pt}.po %build -export CFLAGS="$RPM_OPT_FLAGS -pipe" -./configure \ +%configure --enable-debug --with-build-cflags="%optflags" \ --with-ssl \ --enable-nls \ - --prefix=/usr \ - --mandir=%{_mandir} \ - --sysconfdir=/etc \ --disable-default-colors \ --disable-color-style \ --with-screen=ncursesw \ @@ -68,21 +68,18 @@ make %{?_smp_mflags} mv lynx lynx-bw make distclean -./configure \ +%configure --enable-debug --with-build-cflags="%optflags" \ --with-ssl \ --enable-nls \ - --prefix=/usr \ - --mandir=%{_mandir} \ - --sysconfdir=/etc \ --enable-default-colors \ --with-screen=ncursesw \ --enable-ipv6 -make +make %{?_smp_mflags} %install make DESTDIR=$RPM_BUILD_ROOT install make clean -make EXTRAA="-DSHOW_COLOR=TRUE" +make EXTRAA="-DSHOW_COLOR=TRUE" %{?_smp_mflags} mkdir -p $RPM_BUILD_ROOT mv $RPM_BUILD_ROOT/usr/bin/lynx $RPM_BUILD_ROOT/usr/bin/lynx-color install lynx-bw $RPM_BUILD_ROOT/usr/bin/lynx ++++++ lynx-openssl.patch ++++++ --- WWW/Library/Implementation/HTTP.c.orig +++ WWW/Library/Implementation/HTTP.c @@ -122,7 +122,13 @@ SSL *HTGetSSLHandle(void) #else SSLeay_add_ssl_algorithms(); ssl_ctx = SSL_CTX_new(SSLv23_client_method()); - SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); + SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); +#ifdef SSL_OP_NO_COMPRESSION + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION); +#endif +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); +#endif SSL_CTX_set_default_verify_paths(ssl_ctx); SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, HTSSLCallback); #endif /* SSLEAY_VERSION_NUMBER < 0x0800 */ -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org