diff --git a/ChangeLog b/ChangeLog
index 4d43e7a6f3..cdd96de4aa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,6 +31,11 @@ Changes in version 0.2.2.1-alpha - 2009-??-??
 
 
 Changes in version 0.2.1.16-?? - 2009-??-??
+  o Security fixes:
+    - Fix an edge case where a malicious exit relay could convince a
+      controller that the client's DNS question resolves to an internal IP
+      address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
+
   o Major performance improvements (on 0.2.0.x):
     - Disable and refactor some debugging checks that forced a linear scan
       over the whole server-side DNS cache.  These accounted for over 50%
diff --git a/tor.spec.in b/tor.spec.in
index 6133ce6049..3d78e4d12c 100644
--- a/tor.spec.in
+++ b/tor.spec.in
@@ -62,7 +62,7 @@
 %endif
 
 %if %{is_rfl}
-%define ostag redflag%(sed -e 's/^.*Desktop /redflag/' -e 's/ .*$//' -e 's/\\./_/g' < /etc/redflag-release)
+%define ostag %(sed -e 's/^.*Desktop /redflag/' -e 's/ .*$//' -e 's/\\./_/g' < /etc/redflag-release)
 %endif
 
 # Using the build date ensures that every build really does get
@@ -109,11 +109,11 @@ Vendor: The Tor Project (https://torproject.org)
 Packager: Andrew Lewman <andrew@torproject.org>
 
 %if %{is_suse}
-Requires: openssl >= 0.9.6
-BuildRequires: openssl-devel >= 0.9.6, rpm >= 4.0, zlib-devel
+Requires: openssl >= 0.9.7
+BuildRequires: openssl-devel >= 0.9.7, rpm >= 4.0, zlib-devel
 %else 
-Requires: openssl >= 0.9.6, libevent >= 1.1
-BuildRequires: openssl-devel >= 0.9.6, libevent-devel >= 1.1
+Requires: openssl >= 0.9.7
+BuildRequires: openssl-devel >= 0.9.7
 %endif
 %if %{is_fc}
 BuildRequires: rpm-build >= 4.0