From 3070f0d570ddad72ffd809efce9c5ffee12be646b34a682906b39a858bc76076 Mon Sep 17 00:00:00 2001 From: OBS User mrdocs Date: Mon, 12 Nov 2012 04:54:16 +0000 Subject: [PATCH] Accepting request 140898 from home:elvigia:branches:network:utilities - wget-no-ssl-comp.patch: Since the apperance of the "CRIME attack" (CVE-2012-4929) HTTPS clients must not negotatiate ssl compression. OBS-URL: https://build.opensuse.org/request/show/140898 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=31 --- wget-no-ssl-comp.patch | 13 +++++++++++++ wget.changes | 6 ++++++ wget.spec | 2 ++ 3 files changed, 21 insertions(+) create mode 100644 wget-no-ssl-comp.patch diff --git a/wget-no-ssl-comp.patch b/wget-no-ssl-comp.patch new file mode 100644 index 0000000..82b13fa --- /dev/null +++ b/wget-no-ssl-comp.patch @@ -0,0 +1,13 @@ +--- src/openssl.c.orig ++++ src/openssl.c +@@ -248,6 +248,10 @@ ssl_init () + /* Keep memory usage as low as possible */ + SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS); + #endif ++#ifdef SSL_OP_NO_COMPRESSION ++ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION); ++#endif ++ + return true; + + error: diff --git a/wget.changes b/wget.changes index 7d6a7d6..7d03cba 100644 --- a/wget.changes +++ b/wget.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Nov 12 02:04:05 UTC 2012 - crrodriguez@opensuse.org + +- wget-no-ssl-comp.patch: Since the apperance of the "CRIME attack" + (CVE-2012-4929) HTTPS clients must not negotatiate ssl compression. + ------------------------------------------------------------------- Thu Sep 27 13:46:49 UTC 2012 - crrodriguez@opensuse.org diff --git a/wget.spec b/wget.spec index d37172a..8da432b 100644 --- a/wget.spec +++ b/wget.spec @@ -31,6 +31,7 @@ Patch1: wget-libproxy.patch Patch3: wget-sni.patch Patch4: wget-stdio.h.patch Patch5: wget-openssl-no-intern.patch +Patch6: wget-no-ssl-comp.patch BuildRequires: libpng-devel %if 0%{suse_version} > 1110 BuildRequires: libproxy-devel @@ -55,6 +56,7 @@ This can be done in script files or via the command line. %patch3 %patch4 -p1 %patch5 +%patch6 %build %if 0%{suse_version} > 1110