From 3070f0d570ddad72ffd809efce9c5ffee12be646b34a682906b39a858bc76076 Mon Sep 17 00:00:00 2001
From: OBS User mrdocs <null@suse.de>
Date: Mon, 12 Nov 2012 04:54:16 +0000
Subject: [PATCH] Accepting request 140898 from
 home:elvigia:branches:network:utilities

- wget-no-ssl-comp.patch: Since the apperance of the "CRIME attack"
  (CVE-2012-4929) HTTPS clients must not negotatiate ssl compression.

OBS-URL: https://build.opensuse.org/request/show/140898
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=31
---
 wget-no-ssl-comp.patch | 13 +++++++++++++
 wget.changes           |  6 ++++++
 wget.spec              |  2 ++
 3 files changed, 21 insertions(+)
 create mode 100644 wget-no-ssl-comp.patch

diff --git a/wget-no-ssl-comp.patch b/wget-no-ssl-comp.patch
new file mode 100644
index 0000000..82b13fa
--- /dev/null
+++ b/wget-no-ssl-comp.patch
@@ -0,0 +1,13 @@
+--- src/openssl.c.orig
++++ src/openssl.c
+@@ -248,6 +248,10 @@ ssl_init ()
+   /* Keep memory usage as low as possible */
+   SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+ #endif
++#ifdef SSL_OP_NO_COMPRESSION
++  SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
++#endif
++
+   return true;
+ 
+  error:
diff --git a/wget.changes b/wget.changes
index 7d6a7d6..7d03cba 100644
--- a/wget.changes
+++ b/wget.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Nov 12 02:04:05 UTC 2012 - crrodriguez@opensuse.org
+
+- wget-no-ssl-comp.patch: Since the apperance of the "CRIME attack"
+  (CVE-2012-4929) HTTPS clients must not negotatiate ssl compression.
+
 -------------------------------------------------------------------
 Thu Sep 27 13:46:49 UTC 2012 - crrodriguez@opensuse.org
 
diff --git a/wget.spec b/wget.spec
index d37172a..8da432b 100644
--- a/wget.spec
+++ b/wget.spec
@@ -31,6 +31,7 @@ Patch1:         wget-libproxy.patch
 Patch3:         wget-sni.patch
 Patch4:         wget-stdio.h.patch
 Patch5:         wget-openssl-no-intern.patch
+Patch6:         wget-no-ssl-comp.patch
 BuildRequires:  libpng-devel
 %if 0%{suse_version} > 1110
 BuildRequires:  libproxy-devel
@@ -55,6 +56,7 @@ This can be done in script files or via the command line.
 %patch3
 %patch4 -p1
 %patch5
+%patch6
 
 %build
 %if 0%{suse_version} > 1110