Accepting request 440725 from security

- SSL_MODE_SEND_FALLBACK_SCSV.patch: Add patch to treat SSL_MODE_SEND_FALLBACK_SCSV conditionally.

OBS-URL: https://build.opensuse.org/request/show/440725
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sslscan?expand=0&rev=2

SSL_MODE_SEND_FALLBACK_SCSV.patch

@@ -0,0 +1,15 @@
+diff -rup sslscan-1.11.7-rbsec.orig/sslscan.c sslscan-1.11.7-rbsec/sslscan.c
+--- sslscan-1.11.7-rbsec.orig/sslscan.c	2016-06-13 14:42:11.000000000 +0200
++++ sslscan-1.11.7-rbsec/sslscan.c	2016-10-31 14:28:02.727501941 +0100
+@@ -873,7 +873,11 @@ int testFallback(struct sslCheckOptions
+         {
+             if (downgraded)
+             {
++#ifdef SSL_MODE_SEND_FALLBACK_SCSV
+                 SSL_CTX_set_mode(options->ctx, SSL_MODE_SEND_FALLBACK_SCSV);
++#else
++		;
++#endif
+             }
+             if (SSL_CTX_set_cipher_list(options->ctx, "ALL:COMPLEMENTOFALL") != 0)
+             {

sslscan.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Oct 31 13:51:36 UTC 2016 - manfred.h@gmx.net
+
+- SSL_MODE_SEND_FALLBACK_SCSV.patch: Add patch to treat SSL_MODE_SEND_FALLBACK_SCSV conditionally.
+
 -------------------------------------------------------------------
 Thu Oct 27 09:12:12 UTC 2016 - jweberhofer@weberhofer.at
 

sslscan.spec

@@ -26,6 +26,7 @@ Url:            https://www.titania-security.com/labs/sslscan
 Source:         https://github.com/rbsec/sslscan/archive/%{version}-rbsec.tar.gz#/%{name}-%{version}-rbsec.tar.gz
 #Patches copied from Debian package
 Patch1:         fedora-sslscan-patents.patch
+Patch2:         SSL_MODE_SEND_FALLBACK_SCSV.patch
 BuildRequires:  openssl-devel
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -39,6 +40,7 @@ ciphers of the SSL service.
 %if %{defined fedora}
 %patch1 -p1
 %endif
+%patch2 -p1
 
 %build
 make CFLAGS="%{optflags}" %{?_smp_mflags}