#1697: Freeze break request for links, elinks and nss_compat_ossl
Fedora Release Engineering
rel-eng at fedoraproject.org
Thu Apr 30 08:31:56 UTC 2009
#1697: Freeze break request for links, elinks and nss_compat_ossl
-----------------------------+----------------------------------------------
Reporter: lkundrak | Owner: rel-eng at lists.fedoraproject.org
Type: task | Status: new
Milestone: Fedora 11 Final | Component: koji
Keywords: |
-----------------------------+----------------------------------------------
A bulk request, these three are related somehow. Please vote on them
separately.
I maintian one of these packages, maintainers of the other agree with
these being submitted for dist-f11.
nss_compat_ossl-0.9.5-3.fc11
* This adds implementation of SSL_CTX_set_default_verify_paths()
* links' and elinks' use of default CA bundle is dependent on this.
Without it, all certificates are considered invalid
* Without this function, https implementation in both links and elinks is
nonfunctional
* I've tested that handling of trusted, untrusted, valid and expired
certification in both links and elinks works as expected. I am not aware
of any other software using that function
elinks-0.12-0.13.pre3.fc11
* This release enables verification of certificates
* Without it any certificate (untrusted, self-signed, expired) is
accepted without a warning, which can be considered a security problem!
* Without this fix, users of elinks are exposed to a security risk
* See above for testing I've conducted
links-0.12-0.13.pre3.fc11
* This release fixes the Epoch so that elinks doesn't obsolete it
* It contains no other change
* What is currently tagged in dist-f11 already contains the security fix
the above elinks build adds
* Without this fix people would not be able to install the package, since
elinks obsoletes it
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/1697>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
More information about the rel-eng
mailing list