Sync from SUSE:SLFO:Main wget revision 37ec7b90613c7626dd79e392a58571e8
This commit is contained in:
parent
af0348558a
commit
0ceb7df7de
@ -1,74 +0,0 @@
|
|||||||
From ed0c7c7e0e8f7298352646b2fd6e06a11e242ace Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
|
|
||||||
Date: Sun, 2 Jun 2024 12:40:16 +0200
|
|
||||||
Subject: Properly re-implement userinfo parsing (rfc2396)
|
|
||||||
|
|
||||||
* src/url.c (url_skip_credentials): Properly re-implement userinfo parsing (rfc2396)
|
|
||||||
|
|
||||||
The reason why the implementation is based on RFC 2396, an outdated standard,
|
|
||||||
is that the whole file is based on that RFC, and mixing standard here might be
|
|
||||||
dangerous.
|
|
||||||
---
|
|
||||||
src/url.c | 40 ++++++++++++++++++++++++++++++++++------
|
|
||||||
1 file changed, 34 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/url.c b/src/url.c
|
|
||||||
index 69e948b..07c3bc8 100644
|
|
||||||
--- a/src/url.c
|
|
||||||
+++ b/src/url.c
|
|
||||||
@@ -41,6 +41,7 @@ as that of the covered work. */
|
|
||||||
#include "url.h"
|
|
||||||
#include "host.h" /* for is_valid_ipv6_address */
|
|
||||||
#include "c-strcase.h"
|
|
||||||
+#include "c-ctype.h"
|
|
||||||
|
|
||||||
#ifdef HAVE_ICONV
|
|
||||||
# include <iconv.h>
|
|
||||||
@@ -526,12 +527,39 @@ scheme_leading_string (enum url_scheme scheme)
|
|
||||||
static const char *
|
|
||||||
url_skip_credentials (const char *url)
|
|
||||||
{
|
|
||||||
- /* Look for '@' that comes before terminators, such as '/', '?',
|
|
||||||
- '#', or ';'. */
|
|
||||||
- const char *p = (const char *)strpbrk (url, "@/?#;");
|
|
||||||
- if (!p || *p != '@')
|
|
||||||
- return url;
|
|
||||||
- return p + 1;
|
|
||||||
+ /*
|
|
||||||
+ * This whole file implements https://www.rfc-editor.org/rfc/rfc2396 .
|
|
||||||
+ * RFC 2396 is outdated since 2005 and needs a rewrite or a thorough re-visit.
|
|
||||||
+ *
|
|
||||||
+ * The RFC says
|
|
||||||
+ * server = [ [ userinfo "@" ] hostport ]
|
|
||||||
+ * userinfo = *( unreserved | escaped | ";" | ":" | "&" | "=" | "+" | "$" | "," )
|
|
||||||
+ * unreserved = alphanum | mark
|
|
||||||
+ * mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"
|
|
||||||
+ */
|
|
||||||
+ static const char *allowed = "-_.!~*'();:&=+$,";
|
|
||||||
+
|
|
||||||
+ for (const char *p = url; *p; p++)
|
|
||||||
+ {
|
|
||||||
+ if (c_isalnum(*p))
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
+ if (strchr(allowed, *p))
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
+ if (*p == '%' && c_isxdigit(p[1]) && c_isxdigit(p[2]))
|
|
||||||
+ {
|
|
||||||
+ p += 2;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (*p == '@')
|
|
||||||
+ return p + 1;
|
|
||||||
+
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return url;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Parse credentials contained in [BEG, END). The region is expected
|
|
||||||
--
|
|
||||||
cgit v1.1
|
|
BIN
wget-1.24.5.tar.gz
(Stored with Git LFS)
BIN
wget-1.24.5.tar.gz
(Stored with Git LFS)
Binary file not shown.
@ -1,17 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQJDBAABCAAtFiEEa5j2N9h5xSNuJ3xcZP+QqujHCvkFAmXtv7QPHGdwZ0BkYXJu
|
|
||||||
aXIubmV0AAoJEGT/kKroxwr59lwQAKCzs/wa9PmMW4MgcUKXMwixoysi/kl4zwTO
|
|
||||||
V7W3JN80YRyf2kG/wPu6//JmYgeUXwY0x9XbbfwmCsopmCXsXWJlD6BswOrZi+34
|
|
||||||
BFmQOQImfUYurKjA9N/ZiZbCl8i+/WiEW/kRHJ3TCiZ578JAy+H16pM2EJbv/jkE
|
|
||||||
/FBW2gAyNcsu7pGCcv9DjdwJEGySvKklKmv6l/uA9l6wBX8/DqdmjjnMN3YaXot+
|
|
||||||
2HpWZeEDnMhT3++MAYbpPVF76OWTFoyE9WBbPbs2uci75vsghwyF9PLmyqxBRNoE
|
|
||||||
SGpY18DXrx01eXUiXYd5DUNkkFQReWRaMxkURijTgXVvebiXJ4b3Updr5Ds5j6vb
|
|
||||||
adCgyf4zj8hbd41T+an/e3u51D+6+M+jjBGmL0gY/edixZMVb9lS8FiUBD9rjvpe
|
|
||||||
VlNZWOS3C7Wr7iwq39t0R6sZc9GjnxokmcS+xCM3FBLpSg/jOJ0P+WIgVxyScuHa
|
|
||||||
sLcQk0laXWcDwfOzPSjFSEMtDvt4NANhCMxHOi0dh5L+n+KFvFIS9R1mlyKmdLCo
|
|
||||||
O72NS+Ks9zgSLebapGPFutvZlp6mB98f4YWhOyJR3VkfdHrtlWfq9EvofMM+KpB9
|
|
||||||
0bKt+eDvIpkbMhUisAtjE0OwpTSZa1pBogwF3Zwjvb+baGD51EPbh4Al8XlQ8ONE
|
|
||||||
9obMVikI
|
|
||||||
=qpKJ
|
|
||||||
-----END PGP SIGNATURE-----
|
|
BIN
wget-1.25.0.tar.gz
(Stored with Git LFS)
Normal file
BIN
wget-1.25.0.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
17
wget-1.25.0.tar.gz.sig
Normal file
17
wget-1.25.0.tar.gz.sig
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQJDBAABCAAtFiEEa5j2N9h5xSNuJ3xcZP+QqujHCvkFAmcxJnYPHGRhcm5pckBn
|
||||||
|
bnUub3JnAAoJEGT/kKroxwr528sP/2zIABlSq1MwfnKm72+ViZUF+Htd1ctJJBdv
|
||||||
|
7YDO3kUSv9cL+vJHl5/bksRT5btzVBBV8uN87AjUrB/eAwskBhbteNhTMNe0O990
|
||||||
|
st+qpHcH2b/KT0tdMXYT57W5iIv3SIMpDhEHWP6uzTr4YC2T3j22LHO3Ytm30XeM
|
||||||
|
XFAaHLxLCioAyVf+Im/oDrSW+tl882ubL7D23nBkT8Lh2R7XtBTvWof17YPBpkdY
|
||||||
|
KADgG2qSKFi08nCCMJ/k8nC0jsTrANkOC+34Zvp6ri5N9MzPKLOCLumSfwCdyeO/
|
||||||
|
vTGDJDE+Gvo130KUxnXTm7/goaUMaRiwIuPnTHc4+20NWWejZUaVfOYqiSqiNr9l
|
||||||
|
IncvZskH3SqTuygtUTlXKEZePUQ27Cf9AiylEkEzMNb6qMHBiMX6Ql9JQzEocQP9
|
||||||
|
mhP4VaauBKidqADhyDNLLSmyaHuw1nC4oXydQDR5EJ1mNpXPjzd/0p5MjQjwYAOW
|
||||||
|
+NKMF9+iraTl6wELNGB1BkU3Ya1hFVqFe7KvDy5Hk1JO6Fualq4E26S/iEuIZZ/R
|
||||||
|
KEpyqDj4w26OjuMWY5n3M26QGaKiyKpyB0vEtsrMpwwcn+Ue/QVSVXNLTYHNnN9H
|
||||||
|
NrkxPgDFixRyz4aCFOw4cu+pjz6zxeBOJ9sJZ+zajx6JUz6bC7v0CQ/TDmqAct3Y
|
||||||
|
ujdCG5mL
|
||||||
|
=FQTL
|
||||||
|
-----END PGP SIGNATURE-----
|
18
wget.changes
18
wget.changes
@ -1,3 +1,21 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Nov 12 09:22:09 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
|
||||||
|
|
||||||
|
- GNU wget 1.25.0:
|
||||||
|
* New testcase for pathconf truncation
|
||||||
|
* Fix libproxy build with --disable-debug
|
||||||
|
* [BREAKING CHANGE] Support continious reading from stdin pipes
|
||||||
|
* Properly re-implement userinfo parsing (rfc2396)
|
||||||
|
* init: fix -Warray-bounds in setval_internal_tilde
|
||||||
|
* Fix build error on MingW with `G_GETFL` and `F_SETFL` flags
|
||||||
|
* Fix returning uninitialized variable
|
||||||
|
* Fix a static analysis false positive
|
||||||
|
* [BREAKING CHANGE] Fix CVE-2024-10524 (drop support for shorthand URLs)
|
||||||
|
(bsc#1233256)
|
||||||
|
- Remove committed patches
|
||||||
|
* properly-re-implement-userinfo-parsing.patch
|
||||||
|
- Renumber patches
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Sep 11 17:22:46 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
|
Wed Sep 11 17:22:46 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
|
||||||
|
|
||||||
|
13
wget.spec
13
wget.spec
@ -19,7 +19,7 @@
|
|||||||
|
|
||||||
%bcond_with regression_tests
|
%bcond_with regression_tests
|
||||||
Name: wget
|
Name: wget
|
||||||
Version: 1.24.5
|
Version: 1.25.0
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: A Tool for Mirroring FTP and HTTP Servers
|
Summary: A Tool for Mirroring FTP and HTTP Servers
|
||||||
License: GPL-3.0-or-later
|
License: GPL-3.0-or-later
|
||||||
@ -30,13 +30,12 @@ Source1: https://ftp.gnu.org/gnu/wget/%{name}-%{version}.tar.gz.sig
|
|||||||
# From https://savannah.gnu.org/project/release-gpgkeys.php?group=wget&download=1
|
# From https://savannah.gnu.org/project/release-gpgkeys.php?group=wget&download=1
|
||||||
Source2: %{name}.keyring
|
Source2: %{name}.keyring
|
||||||
Patch0: wgetrc.patch
|
Patch0: wgetrc.patch
|
||||||
Patch6: wget-1.14-no-ssl-comp.patch
|
Patch1: wget-1.14-no-ssl-comp.patch
|
||||||
# PATCH-FIX-OPENSUSE fix pod syntax for perl 5.18 coolo@suse.de
|
# PATCH-FIX-OPENSUSE fix pod syntax for perl 5.18 coolo@suse.de
|
||||||
Patch7: wget-fix-pod-syntax.diff
|
Patch2: wget-fix-pod-syntax.diff
|
||||||
Patch8: wget-errno-clobber.patch
|
Patch3: wget-errno-clobber.patch
|
||||||
Patch9: remove-env-from-shebang.patch
|
Patch4: remove-env-from-shebang.patch
|
||||||
Patch10: wget-do-not-propagate-credentials.patch
|
Patch5: wget-do-not-propagate-credentials.patch
|
||||||
Patch11: properly-re-implement-userinfo-parsing.patch
|
|
||||||
BuildRequires: gpgme-devel >= 0.4.2
|
BuildRequires: gpgme-devel >= 0.4.2
|
||||||
BuildRequires: libcares-devel
|
BuildRequires: libcares-devel
|
||||||
BuildRequires: libidn2-devel
|
BuildRequires: libidn2-devel
|
||||||
|
Loading…
Reference in New Issue
Block a user