Accepting request 140898 from home:elvigia:branches:network:utilities

- wget-no-ssl-comp.patch: Since the apperance of the "CRIME attack"
  (CVE-2012-4929) HTTPS clients must not negotatiate ssl compression.

OBS-URL: https://build.opensuse.org/request/show/140898
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=31
This commit is contained in:
OBS User mrdocs 2012-11-12 04:54:16 +00:00 committed by Git OBS Bridge
parent bea626af4e
commit 3070f0d570
3 changed files with 21 additions and 0 deletions

13
wget-no-ssl-comp.patch Normal file
View File

@ -0,0 +1,13 @@
--- src/openssl.c.orig
+++ src/openssl.c
@@ -248,6 +248,10 @@ ssl_init ()
/* Keep memory usage as low as possible */
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
#endif
+#ifdef SSL_OP_NO_COMPRESSION
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
+#endif
+
return true;
error:

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Nov 12 02:04:05 UTC 2012 - crrodriguez@opensuse.org
- wget-no-ssl-comp.patch: Since the apperance of the "CRIME attack"
(CVE-2012-4929) HTTPS clients must not negotatiate ssl compression.
-------------------------------------------------------------------
Thu Sep 27 13:46:49 UTC 2012 - crrodriguez@opensuse.org

View File

@ -31,6 +31,7 @@ Patch1: wget-libproxy.patch
Patch3: wget-sni.patch
Patch4: wget-stdio.h.patch
Patch5: wget-openssl-no-intern.patch
Patch6: wget-no-ssl-comp.patch
BuildRequires: libpng-devel
%if 0%{suse_version} > 1110
BuildRequires: libproxy-devel
@ -55,6 +56,7 @@ This can be done in script files or via the command line.
%patch3
%patch4 -p1
%patch5
%patch6
%build
%if 0%{suse_version} > 1110