From dabfd7233eeb0f30c409660311e510bc794b791b13091a15954139133074eb46 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Mon, 21 Dec 2009 20:18:42 +0000 Subject: [PATCH 1/7] Accepting request 26763 from home:jengelh:branches:network:utilities Copy from home:jengelh:branches:network:utilities/wget via accept of submit request 26763 revision 2. Request was accepted with message: thx OBS-URL: https://build.opensuse.org/request/show/26763 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=5 --- ready | 0 wget-1.11.4.tar.bz2 | 3 ++ wget-1.12.tar.bz2 | 3 -- wget-libproxy.patch | 96 -------------------------------------------- wget-nullcerts.patch | 48 ++++++++++++++++++++++ wget.changes | 40 ------------------ wget.spec | 45 +++++++++++---------- wgetrc.patch | 19 ++++----- 8 files changed, 82 insertions(+), 172 deletions(-) create mode 100644 ready create mode 100644 wget-1.11.4.tar.bz2 delete mode 100644 wget-1.12.tar.bz2 delete mode 100644 wget-libproxy.patch create mode 100644 wget-nullcerts.patch diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4 diff --git a/wget-1.11.4.tar.bz2 b/wget-1.11.4.tar.bz2 new file mode 100644 index 0000000..abf415e --- /dev/null +++ b/wget-1.11.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8b7f52e2861b89c3ee0cc10c3665af5b705d0cb7fc00bca59a9b1e2b50e027fb +size 954561 diff --git a/wget-1.12.tar.bz2 b/wget-1.12.tar.bz2 deleted file mode 100644 index d5d4d63..0000000 --- a/wget-1.12.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c823d938e2f849305a101c0860229b123d7564c26470fdac9118d85e3c7dba9a -size 1609032 diff --git a/wget-libproxy.patch b/wget-libproxy.patch deleted file mode 100644 index ecb2efc..0000000 --- a/wget-libproxy.patch +++ /dev/null @@ -1,96 +0,0 @@ -Index: wget-1.12/configure.ac -=================================================================== ---- wget-1.12.orig/configure.ac -+++ wget-1.12/configure.ac -@@ -353,6 +353,22 @@ then - AC_DEFINE([HAVE_MD5], 1, [Define if we're compiling support for MD5.]) - fi - -+dnl -+dnl libproxy support -+dnl -+AC_ARG_ENABLE(libproxy, -+ [ --enable-libproxy libproxy support for system wide proxy configuration]) -+if test "${enable_libproxy}" != "no" -+then -+ PKG_CHECK_MODULES([libproxy], [libproxy-1.0], [enable_libproxy=yes], [enable_libproxy=no]) -+fi -+if test "${enable_libproxy}" = "yes" -+then -+ AC_SUBST(libproxy_CFLAGS) -+ AC_SUBST(libproxy_LIBS) -+ AC_DEFINE([HAVE_LIBPROXY], 1, [Define when using libproxy]) -+fi -+ - dnl ********************************************************************** - dnl Checks for IPv6 - dnl ********************************************************************** -Index: wget-1.12/src/Makefile.am -=================================================================== ---- wget-1.12.orig/src/Makefile.am -+++ wget-1.12/src/Makefile.am -@@ -36,7 +36,7 @@ endif - - # The following line is losing on some versions of make! - DEFS = @DEFS@ -DSYSTEM_WGETRC=\"$(sysconfdir)/wgetrc\" -DLOCALEDIR=\"$(localedir)\" --LIBS = @LIBSSL@ @LIBGNUTLS@ @LIBICONV@ @LIBINTL@ @LIBS@ -+LIBS = @LIBSSL@ @LIBGNUTLS@ @LIBICONV@ @LIBINTL@ @libproxy_LIBS@ @LIBS@ - - bin_PROGRAMS = wget - wget_SOURCES = cmpt.c connect.c convert.c cookies.c ftp.c \ -Index: wget-1.12/src/retr.c -=================================================================== ---- wget-1.12.orig/src/retr.c -+++ wget-1.12/src/retr.c -@@ -55,6 +55,10 @@ as that of the covered work. */ - #include "html-url.h" - #include "iri.h" - -+#ifdef HAVE_LIBPROXY -+#include "proxy.h" -+#endif -+ - /* Total size of downloaded files. Used to enforce quota. */ - SUM_SIZE_INT total_downloaded_bytes; - -@@ -1134,7 +1138,40 @@ getproxy (struct url *u) - break; - } - if (!proxy || !*proxy) -+#ifdef HAVE_LIBPROXY -+ { -+ pxProxyFactory *pf = px_proxy_factory_new(); -+ if (!pf) -+ { -+ logprintf (LOG_VERBOSE, _("Allocating memory for libproxy failed")); -+ return NULL; -+ } -+ int i; -+ char direct[] = "direct://"; -+ -+ logprintf (LOG_VERBOSE, _("asking libproxy about url '%s'\n"), u->url); -+ char **proxies = px_proxy_factory_get_proxies(pf, u->url); -+ if (proxies[0]) -+ { -+ char *check = NULL; -+ asprintf(&check , "%s", proxies[0]); -+ logprintf (LOG_VERBOSE, _("libproxy suggest to use '%s'\n"), check); -+ if(strcmp(check ,direct) != 0) -+ { -+ asprintf(&proxy , "%s", proxies[0]); -+ logprintf (LOG_VERBOSE, _("case 2: libproxy setting to use '%s'\n"), proxy); -+ } -+ } -+ for(i=0;proxies[i];i++) free(proxies[i]); -+ free(proxies); -+ free(pf); -+ -+ if (!proxy || !*proxy) -+ return NULL; -+ } -+#else - return NULL; -+#endif - - /* Handle shorthands. `rewritten_storage' is a kludge to allow - getproxy() to return static storage. */ diff --git a/wget-nullcerts.patch b/wget-nullcerts.patch new file mode 100644 index 0000000..00f3bbe --- /dev/null +++ b/wget-nullcerts.patch @@ -0,0 +1,48 @@ +--- src/openssl.c ++++ src/openssl.c +@@ -481,6 +481,7 @@ + { + X509 *cert; + char common_name[256]; ++ int len1, len2; + long vresult; + bool success = true; + +@@ -562,9 +563,34 @@ + UTF-8 which can be meaningfully compared to HOST. */ + + common_name[0] = '\0'; +- X509_NAME_get_text_by_NID (X509_get_subject_name (cert), +- NID_commonName, common_name, sizeof (common_name)); +- if (!pattern_match (common_name, host)) ++ len1 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), ++ NID_commonName, NULL, 0); ++ len2 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), ++ NID_commonName, common_name, ++ sizeof(common_name)); ++ if (len1 < 0 || len2 < 0) ++ { ++ logprintf (LOG_NOTQUIET, _("\ ++%s: certificate has no common name.\n"), ++ severity); ++ success = false; ++ } ++ if (len1 != len2) ++ { ++ logprintf (LOG_NOTQUIET, _("\ ++%s: certificate common name is %d bytes long, maximum allowed is %d.\n"), ++ severity, len1, sizeof(common_name)-1); ++ success = false; ++ } ++ else if (len2 != strlen(common_name)) ++ { ++ logprintf (LOG_NOTQUIET, _("\ ++%s: certificate common name contains a NULL character: '%s\\0%s'.\n"), ++ severity, escnonprint (common_name), ++ escnonprint (common_name + strlen(common_name)+1)); ++ success = false; ++ } ++ else if (!pattern_match (common_name, host)) + { + logprintf (LOG_NOTQUIET, _("\ + %s: certificate common name `%s' doesn't match requested host name `%s'.\n"), diff --git a/wget.changes b/wget.changes index aec44f7..94c9261 100644 --- a/wget.changes +++ b/wget.changes @@ -1,43 +1,3 @@ -------------------------------------------------------------------- -Sun Aug 15 16:37:02 CEST 2010 - dimstar@opensuse.org - -- Update to version 1.12: - + SECURITY FIX: It had been possible to trick Wget into accepting - SSL certificates that don't match the host name, through the - trick of embedding NUL characters into the certs' common name - + Added support for CSS. This includes: - - Parsing links from CSS files, and from CSS content found in - HTML style tags and attributes. - - Supporting conversion of links found within CSS content, when - --convert-links is specified. - - Ensuring that CSS files end in the ".css" filename extension, - when --convert-links is specified. - + Added support for Internationalized Resource Identifiers - + Wget now provides more sensible exit status codes when - downloads don't proceed as expected - + --default-page option (and associated wgetrc command) added to - support alternative default names for index.html. - + --ask-password option (and associated wgetrc command) added to - support password prompts at the console. - + The --input-file option now also handles retrieving links from - an external file. - + The output generated by the --version option now includes - information on how it was built, and the set of configure-time - options that were selected. - + --html-extension has been renamed to --adjust-extension, to - reflect the fact that it now also applies to CSS content - + An "ascii" specifier is now accepted by --restrict-file-names, - which forces the percent-encoding of all non-ASCII bytes - + Several previously existing, but undocumented .wgetrc options - are now documented. -- Drop upstream fixed wget-nullcerts.patch. -- Minor spec-cleanups using spec-cleaner -- Use smp_mflags -- Add libproxy-devel BuildRequires and enable libproxy support - using wget-libproxy.patch. -- Add pkg-config BuildRequire to succeed with the bootstrap on - openSUSE < 11.3. - ------------------------------------------------------------------- Wed Dec 16 11:09:16 CET 2009 - jengelh@medozas.de diff --git a/wget.spec b/wget.spec index 719e59d..6848574 100644 --- a/wget.spec +++ b/wget.spec @@ -1,7 +1,7 @@ # -# spec file for package wget (Version 1.12) +# spec file for package wget (Version 1.11.4) # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,47 +15,50 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +# norootforbuild Name: wget -Version: 1.12 -Release: 1 -License: GPLv3+ -Summary: A Tool for Mirroring FTP and HTTP Servers +BuildRequires: libpng-devel openssl-devel Url: http://www.gnu.org/software/wget/ +License: GPL v3 or later Group: Productivity/Networking/Web/Utilities +AutoReqProv: on +Version: 1.11.4 +Release: 7 +Summary: A Tool for Mirroring FTP and HTTP Servers Source: %name-%version.tar.bz2 -# PATCH-MISSING-TAG -- See http://wiki.opensuse.org/Packaging/Patches -Patch0: wgetrc.patch -# PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget -Patch1: wget-libproxy.patch -BuildRequires: libpng-devel -BuildRequires: libproxy-devel -BuildRequires: openssl-devel -BuildRequires: pkg-config -PreReq: %install_info_prereq +Patch1: wgetrc.patch +Patch2: wget-nullcerts.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build +PreReq: %install_info_prereq %description Wget enables you to retrieve WWW documents or FTP files from a server. This can be done in script files or via the command line. + + +Authors: +-------- + Hrvoje Niksic + %prep %setup -q -%patch0 -%patch1 -p1 +%patch1 +%patch2 %build ./autogen.sh %configure -make %{?_smp_mflags} +make %{?jobs:-j%jobs}; %install -%makeinstall +make DESTDIR=$RPM_BUILD_ROOT install %find_lang %{name} %clean -rm -rf %{buildroot}; +rm -rf $RPM_BUILD_ROOT; %post %install_info --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz @@ -65,7 +68,7 @@ rm -rf %{buildroot}; %files -f %{name}.lang %defattr(-,root,root) -%doc AUTHORS COPYING NEWS README MAILING-LIST +%doc AUTHORS COPYING NEWS README MAILING-LIST %doc doc/sample.wgetrc util/rmold.pl %{_mandir}/*/wget* %{_infodir}/wget* diff --git a/wgetrc.patch b/wgetrc.patch index 6d542d8..af7325b 100644 --- a/wgetrc.patch +++ b/wgetrc.patch @@ -1,14 +1,9 @@ -Index: doc/sample.wgetrc -=================================================================== ---- doc/sample.wgetrc.orig +--- doc/sample.wgetrc +++ doc/sample.wgetrc -@@ -114,6 +114,9 @@ - - # To try ipv6 addresses first: - #prefer-family = IPv6 -+# -+# Let the DNS resolver decide whether to prefer IPv4 or IPv6 +@@ -110,3 +110,6 @@ + # To have Wget follow FTP links from HTML files by default, set this + # to on: + #follow_ftp = off ++ ++# Let the DNS resolver decide whether to prefer IPv4 or Pv6 +prefer-family = none - - # Set default IRI support state - #iri = off From 4616c963103c2202471f2d17f7f5c1eea880bf5e3efdf2454abc387cb7d42004 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Wed, 23 Dec 2009 20:18:41 +0000 Subject: [PATCH 2/7] remove ; OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=6 --- wget.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wget.spec b/wget.spec index 6848574..2d614c6 100644 --- a/wget.spec +++ b/wget.spec @@ -51,7 +51,7 @@ Authors: %build ./autogen.sh %configure -make %{?jobs:-j%jobs}; +make %{?jobs:-j%jobs} %install make DESTDIR=$RPM_BUILD_ROOT install From addfe85f67cc090115b7835dbbc698db41fbc926fe4d6d67d996660ba697205c Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Sat, 26 Dec 2009 12:59:05 +0000 Subject: [PATCH 3/7] checked in OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=7 --- wget.changes | 5 ----- wget.spec | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/wget.changes b/wget.changes index 94c9261..ca74522 100644 --- a/wget.changes +++ b/wget.changes @@ -1,8 +1,3 @@ -------------------------------------------------------------------- -Wed Dec 16 11:09:16 CET 2009 - jengelh@medozas.de - -- Enable parallel building - ------------------------------------------------------------------- Tue Aug 11 15:03:51 CEST 2009 - max@suse.de diff --git a/wget.spec b/wget.spec index 2d614c6..e33ac0d 100644 --- a/wget.spec +++ b/wget.spec @@ -51,7 +51,7 @@ Authors: %build ./autogen.sh %configure -make %{?jobs:-j%jobs} +make %install make DESTDIR=$RPM_BUILD_ROOT install From 3e4fc30a1ca227f2dbffd847611f4c9dfe19d208e4196017f6d86f22ba8e4b88 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Fri, 19 Feb 2010 15:52:04 +0000 Subject: [PATCH 4/7] converted link to branch OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=8 --- wget.changes | 5 +++++ wget.spec | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/wget.changes b/wget.changes index ca74522..94c9261 100644 --- a/wget.changes +++ b/wget.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Dec 16 11:09:16 CET 2009 - jengelh@medozas.de + +- Enable parallel building + ------------------------------------------------------------------- Tue Aug 11 15:03:51 CEST 2009 - max@suse.de diff --git a/wget.spec b/wget.spec index e33ac0d..6bda604 100644 --- a/wget.spec +++ b/wget.spec @@ -21,11 +21,11 @@ Name: wget BuildRequires: libpng-devel openssl-devel Url: http://www.gnu.org/software/wget/ -License: GPL v3 or later +License: GPLv3+ Group: Productivity/Networking/Web/Utilities AutoReqProv: on Version: 1.11.4 -Release: 7 +Release: 8 Summary: A Tool for Mirroring FTP and HTTP Servers Source: %name-%version.tar.bz2 Patch1: wgetrc.patch @@ -51,7 +51,7 @@ Authors: %build ./autogen.sh %configure -make +make %{?jobs:-j%jobs} %install make DESTDIR=$RPM_BUILD_ROOT install From c2e8ee2439d8f131b4aa9e5e6b09650e516beea0fe7b528d84ea78ee8208423a Mon Sep 17 00:00:00 2001 From: OBS User mrdocs Date: Sun, 15 Aug 2010 21:14:08 +0000 Subject: [PATCH 5/7] Accepting request 45611 from home:dimstar:branches:network:utilities Copy from home:dimstar:branches:network:utilities/wget via accept of submit request 45611 revision 3. Request was accepted with message: OBS-URL: https://build.opensuse.org/request/show/45611 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=9 --- ready | 0 wget-1.11.4.tar.bz2 | 3 -- wget-1.12.tar.bz2 | 3 ++ wget-libproxy.patch | 96 ++++++++++++++++++++++++++++++++++++++++++++ wget-nullcerts.patch | 48 ---------------------- wget.changes | 40 ++++++++++++++++++ wget.spec | 43 +++++++++----------- wgetrc.patch | 19 +++++---- 8 files changed, 171 insertions(+), 81 deletions(-) delete mode 100644 ready delete mode 100644 wget-1.11.4.tar.bz2 create mode 100644 wget-1.12.tar.bz2 create mode 100644 wget-libproxy.patch delete mode 100644 wget-nullcerts.patch diff --git a/ready b/ready deleted file mode 100644 index 473a0f4..0000000 diff --git a/wget-1.11.4.tar.bz2 b/wget-1.11.4.tar.bz2 deleted file mode 100644 index abf415e..0000000 --- a/wget-1.11.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8b7f52e2861b89c3ee0cc10c3665af5b705d0cb7fc00bca59a9b1e2b50e027fb -size 954561 diff --git a/wget-1.12.tar.bz2 b/wget-1.12.tar.bz2 new file mode 100644 index 0000000..d5d4d63 --- /dev/null +++ b/wget-1.12.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c823d938e2f849305a101c0860229b123d7564c26470fdac9118d85e3c7dba9a +size 1609032 diff --git a/wget-libproxy.patch b/wget-libproxy.patch new file mode 100644 index 0000000..ecb2efc --- /dev/null +++ b/wget-libproxy.patch @@ -0,0 +1,96 @@ +Index: wget-1.12/configure.ac +=================================================================== +--- wget-1.12.orig/configure.ac ++++ wget-1.12/configure.ac +@@ -353,6 +353,22 @@ then + AC_DEFINE([HAVE_MD5], 1, [Define if we're compiling support for MD5.]) + fi + ++dnl ++dnl libproxy support ++dnl ++AC_ARG_ENABLE(libproxy, ++ [ --enable-libproxy libproxy support for system wide proxy configuration]) ++if test "${enable_libproxy}" != "no" ++then ++ PKG_CHECK_MODULES([libproxy], [libproxy-1.0], [enable_libproxy=yes], [enable_libproxy=no]) ++fi ++if test "${enable_libproxy}" = "yes" ++then ++ AC_SUBST(libproxy_CFLAGS) ++ AC_SUBST(libproxy_LIBS) ++ AC_DEFINE([HAVE_LIBPROXY], 1, [Define when using libproxy]) ++fi ++ + dnl ********************************************************************** + dnl Checks for IPv6 + dnl ********************************************************************** +Index: wget-1.12/src/Makefile.am +=================================================================== +--- wget-1.12.orig/src/Makefile.am ++++ wget-1.12/src/Makefile.am +@@ -36,7 +36,7 @@ endif + + # The following line is losing on some versions of make! + DEFS = @DEFS@ -DSYSTEM_WGETRC=\"$(sysconfdir)/wgetrc\" -DLOCALEDIR=\"$(localedir)\" +-LIBS = @LIBSSL@ @LIBGNUTLS@ @LIBICONV@ @LIBINTL@ @LIBS@ ++LIBS = @LIBSSL@ @LIBGNUTLS@ @LIBICONV@ @LIBINTL@ @libproxy_LIBS@ @LIBS@ + + bin_PROGRAMS = wget + wget_SOURCES = cmpt.c connect.c convert.c cookies.c ftp.c \ +Index: wget-1.12/src/retr.c +=================================================================== +--- wget-1.12.orig/src/retr.c ++++ wget-1.12/src/retr.c +@@ -55,6 +55,10 @@ as that of the covered work. */ + #include "html-url.h" + #include "iri.h" + ++#ifdef HAVE_LIBPROXY ++#include "proxy.h" ++#endif ++ + /* Total size of downloaded files. Used to enforce quota. */ + SUM_SIZE_INT total_downloaded_bytes; + +@@ -1134,7 +1138,40 @@ getproxy (struct url *u) + break; + } + if (!proxy || !*proxy) ++#ifdef HAVE_LIBPROXY ++ { ++ pxProxyFactory *pf = px_proxy_factory_new(); ++ if (!pf) ++ { ++ logprintf (LOG_VERBOSE, _("Allocating memory for libproxy failed")); ++ return NULL; ++ } ++ int i; ++ char direct[] = "direct://"; ++ ++ logprintf (LOG_VERBOSE, _("asking libproxy about url '%s'\n"), u->url); ++ char **proxies = px_proxy_factory_get_proxies(pf, u->url); ++ if (proxies[0]) ++ { ++ char *check = NULL; ++ asprintf(&check , "%s", proxies[0]); ++ logprintf (LOG_VERBOSE, _("libproxy suggest to use '%s'\n"), check); ++ if(strcmp(check ,direct) != 0) ++ { ++ asprintf(&proxy , "%s", proxies[0]); ++ logprintf (LOG_VERBOSE, _("case 2: libproxy setting to use '%s'\n"), proxy); ++ } ++ } ++ for(i=0;proxies[i];i++) free(proxies[i]); ++ free(proxies); ++ free(pf); ++ ++ if (!proxy || !*proxy) ++ return NULL; ++ } ++#else + return NULL; ++#endif + + /* Handle shorthands. `rewritten_storage' is a kludge to allow + getproxy() to return static storage. */ diff --git a/wget-nullcerts.patch b/wget-nullcerts.patch deleted file mode 100644 index 00f3bbe..0000000 --- a/wget-nullcerts.patch +++ /dev/null @@ -1,48 +0,0 @@ ---- src/openssl.c -+++ src/openssl.c -@@ -481,6 +481,7 @@ - { - X509 *cert; - char common_name[256]; -+ int len1, len2; - long vresult; - bool success = true; - -@@ -562,9 +563,34 @@ - UTF-8 which can be meaningfully compared to HOST. */ - - common_name[0] = '\0'; -- X509_NAME_get_text_by_NID (X509_get_subject_name (cert), -- NID_commonName, common_name, sizeof (common_name)); -- if (!pattern_match (common_name, host)) -+ len1 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), -+ NID_commonName, NULL, 0); -+ len2 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), -+ NID_commonName, common_name, -+ sizeof(common_name)); -+ if (len1 < 0 || len2 < 0) -+ { -+ logprintf (LOG_NOTQUIET, _("\ -+%s: certificate has no common name.\n"), -+ severity); -+ success = false; -+ } -+ if (len1 != len2) -+ { -+ logprintf (LOG_NOTQUIET, _("\ -+%s: certificate common name is %d bytes long, maximum allowed is %d.\n"), -+ severity, len1, sizeof(common_name)-1); -+ success = false; -+ } -+ else if (len2 != strlen(common_name)) -+ { -+ logprintf (LOG_NOTQUIET, _("\ -+%s: certificate common name contains a NULL character: '%s\\0%s'.\n"), -+ severity, escnonprint (common_name), -+ escnonprint (common_name + strlen(common_name)+1)); -+ success = false; -+ } -+ else if (!pattern_match (common_name, host)) - { - logprintf (LOG_NOTQUIET, _("\ - %s: certificate common name `%s' doesn't match requested host name `%s'.\n"), diff --git a/wget.changes b/wget.changes index 94c9261..aec44f7 100644 --- a/wget.changes +++ b/wget.changes @@ -1,3 +1,43 @@ +------------------------------------------------------------------- +Sun Aug 15 16:37:02 CEST 2010 - dimstar@opensuse.org + +- Update to version 1.12: + + SECURITY FIX: It had been possible to trick Wget into accepting + SSL certificates that don't match the host name, through the + trick of embedding NUL characters into the certs' common name + + Added support for CSS. This includes: + - Parsing links from CSS files, and from CSS content found in + HTML style tags and attributes. + - Supporting conversion of links found within CSS content, when + --convert-links is specified. + - Ensuring that CSS files end in the ".css" filename extension, + when --convert-links is specified. + + Added support for Internationalized Resource Identifiers + + Wget now provides more sensible exit status codes when + downloads don't proceed as expected + + --default-page option (and associated wgetrc command) added to + support alternative default names for index.html. + + --ask-password option (and associated wgetrc command) added to + support password prompts at the console. + + The --input-file option now also handles retrieving links from + an external file. + + The output generated by the --version option now includes + information on how it was built, and the set of configure-time + options that were selected. + + --html-extension has been renamed to --adjust-extension, to + reflect the fact that it now also applies to CSS content + + An "ascii" specifier is now accepted by --restrict-file-names, + which forces the percent-encoding of all non-ASCII bytes + + Several previously existing, but undocumented .wgetrc options + are now documented. +- Drop upstream fixed wget-nullcerts.patch. +- Minor spec-cleanups using spec-cleaner +- Use smp_mflags +- Add libproxy-devel BuildRequires and enable libproxy support + using wget-libproxy.patch. +- Add pkg-config BuildRequire to succeed with the bootstrap on + openSUSE < 11.3. + ------------------------------------------------------------------- Wed Dec 16 11:09:16 CET 2009 - jengelh@medozas.de diff --git a/wget.spec b/wget.spec index 6bda604..af2e74b 100644 --- a/wget.spec +++ b/wget.spec @@ -1,5 +1,5 @@ # -# spec file for package wget (Version 1.11.4) +# spec file for package wget (Version 1.12) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -15,50 +15,47 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: wget -BuildRequires: libpng-devel openssl-devel -Url: http://www.gnu.org/software/wget/ +Version: 1.12 +Release: 1 License: GPLv3+ -Group: Productivity/Networking/Web/Utilities -AutoReqProv: on -Version: 1.11.4 -Release: 8 Summary: A Tool for Mirroring FTP and HTTP Servers +Url: http://www.gnu.org/software/wget/ +Group: Productivity/Networking/Web/Utilities Source: %name-%version.tar.bz2 -Patch1: wgetrc.patch -Patch2: wget-nullcerts.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build +# PATCH-MISSING-TAG -- See http://wiki.opensuse.org/Packaging/Patches +Patch0: wgetrc.patch +# PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget +Patch1: wget-libproxy.patch +BuildRequires: libpng-devel +BuildRequires: libproxy-devel +BuildRequires: openssl-devel +BuildRequires: pkg-config PreReq: %install_info_prereq +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Wget enables you to retrieve WWW documents or FTP files from a server. This can be done in script files or via the command line. - - -Authors: --------- - Hrvoje Niksic - %prep %setup -q -%patch1 -%patch2 +%patch0 +%patch1 -p1 %build ./autogen.sh %configure -make %{?jobs:-j%jobs} +make %{?_smp_mflags} %install -make DESTDIR=$RPM_BUILD_ROOT install +%makeinstall %find_lang %{name} %clean -rm -rf $RPM_BUILD_ROOT; +rm -rf %{buildroot}; %post %install_info --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz @@ -68,7 +65,7 @@ rm -rf $RPM_BUILD_ROOT; %files -f %{name}.lang %defattr(-,root,root) -%doc AUTHORS COPYING NEWS README MAILING-LIST +%doc AUTHORS COPYING NEWS README MAILING-LIST %doc doc/sample.wgetrc util/rmold.pl %{_mandir}/*/wget* %{_infodir}/wget* diff --git a/wgetrc.patch b/wgetrc.patch index af7325b..6d542d8 100644 --- a/wgetrc.patch +++ b/wgetrc.patch @@ -1,9 +1,14 @@ ---- doc/sample.wgetrc +Index: doc/sample.wgetrc +=================================================================== +--- doc/sample.wgetrc.orig +++ doc/sample.wgetrc -@@ -110,3 +110,6 @@ - # To have Wget follow FTP links from HTML files by default, set this - # to on: - #follow_ftp = off -+ -+# Let the DNS resolver decide whether to prefer IPv4 or Pv6 +@@ -114,6 +114,9 @@ + + # To try ipv6 addresses first: + #prefer-family = IPv6 ++# ++# Let the DNS resolver decide whether to prefer IPv4 or IPv6 +prefer-family = none + + # Set default IRI support state + #iri = off From f0d8f53d83fc614332a837e2f0acd140e64248e7b19711282976b81be30f47c5 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Thu, 7 Oct 2010 20:16:36 +0000 Subject: [PATCH 6/7] Accepting request 49901 from network:utilities checked in (request 49901) OBS-URL: https://build.opensuse.org/request/show/49901 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=10 --- wget-1.11.4.tar.bz2 | 3 ++ wget-1.12.tar.bz2 | 3 -- wget-libproxy.patch | 96 -------------------------------------------- wget-nullcerts.patch | 48 ++++++++++++++++++++++ wget.changes | 40 ------------------ wget.spec | 43 +++++++++++--------- wgetrc.patch | 19 ++++----- 7 files changed, 81 insertions(+), 171 deletions(-) create mode 100644 wget-1.11.4.tar.bz2 delete mode 100644 wget-1.12.tar.bz2 delete mode 100644 wget-libproxy.patch create mode 100644 wget-nullcerts.patch diff --git a/wget-1.11.4.tar.bz2 b/wget-1.11.4.tar.bz2 new file mode 100644 index 0000000..abf415e --- /dev/null +++ b/wget-1.11.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8b7f52e2861b89c3ee0cc10c3665af5b705d0cb7fc00bca59a9b1e2b50e027fb +size 954561 diff --git a/wget-1.12.tar.bz2 b/wget-1.12.tar.bz2 deleted file mode 100644 index d5d4d63..0000000 --- a/wget-1.12.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c823d938e2f849305a101c0860229b123d7564c26470fdac9118d85e3c7dba9a -size 1609032 diff --git a/wget-libproxy.patch b/wget-libproxy.patch deleted file mode 100644 index ecb2efc..0000000 --- a/wget-libproxy.patch +++ /dev/null @@ -1,96 +0,0 @@ -Index: wget-1.12/configure.ac -=================================================================== ---- wget-1.12.orig/configure.ac -+++ wget-1.12/configure.ac -@@ -353,6 +353,22 @@ then - AC_DEFINE([HAVE_MD5], 1, [Define if we're compiling support for MD5.]) - fi - -+dnl -+dnl libproxy support -+dnl -+AC_ARG_ENABLE(libproxy, -+ [ --enable-libproxy libproxy support for system wide proxy configuration]) -+if test "${enable_libproxy}" != "no" -+then -+ PKG_CHECK_MODULES([libproxy], [libproxy-1.0], [enable_libproxy=yes], [enable_libproxy=no]) -+fi -+if test "${enable_libproxy}" = "yes" -+then -+ AC_SUBST(libproxy_CFLAGS) -+ AC_SUBST(libproxy_LIBS) -+ AC_DEFINE([HAVE_LIBPROXY], 1, [Define when using libproxy]) -+fi -+ - dnl ********************************************************************** - dnl Checks for IPv6 - dnl ********************************************************************** -Index: wget-1.12/src/Makefile.am -=================================================================== ---- wget-1.12.orig/src/Makefile.am -+++ wget-1.12/src/Makefile.am -@@ -36,7 +36,7 @@ endif - - # The following line is losing on some versions of make! - DEFS = @DEFS@ -DSYSTEM_WGETRC=\"$(sysconfdir)/wgetrc\" -DLOCALEDIR=\"$(localedir)\" --LIBS = @LIBSSL@ @LIBGNUTLS@ @LIBICONV@ @LIBINTL@ @LIBS@ -+LIBS = @LIBSSL@ @LIBGNUTLS@ @LIBICONV@ @LIBINTL@ @libproxy_LIBS@ @LIBS@ - - bin_PROGRAMS = wget - wget_SOURCES = cmpt.c connect.c convert.c cookies.c ftp.c \ -Index: wget-1.12/src/retr.c -=================================================================== ---- wget-1.12.orig/src/retr.c -+++ wget-1.12/src/retr.c -@@ -55,6 +55,10 @@ as that of the covered work. */ - #include "html-url.h" - #include "iri.h" - -+#ifdef HAVE_LIBPROXY -+#include "proxy.h" -+#endif -+ - /* Total size of downloaded files. Used to enforce quota. */ - SUM_SIZE_INT total_downloaded_bytes; - -@@ -1134,7 +1138,40 @@ getproxy (struct url *u) - break; - } - if (!proxy || !*proxy) -+#ifdef HAVE_LIBPROXY -+ { -+ pxProxyFactory *pf = px_proxy_factory_new(); -+ if (!pf) -+ { -+ logprintf (LOG_VERBOSE, _("Allocating memory for libproxy failed")); -+ return NULL; -+ } -+ int i; -+ char direct[] = "direct://"; -+ -+ logprintf (LOG_VERBOSE, _("asking libproxy about url '%s'\n"), u->url); -+ char **proxies = px_proxy_factory_get_proxies(pf, u->url); -+ if (proxies[0]) -+ { -+ char *check = NULL; -+ asprintf(&check , "%s", proxies[0]); -+ logprintf (LOG_VERBOSE, _("libproxy suggest to use '%s'\n"), check); -+ if(strcmp(check ,direct) != 0) -+ { -+ asprintf(&proxy , "%s", proxies[0]); -+ logprintf (LOG_VERBOSE, _("case 2: libproxy setting to use '%s'\n"), proxy); -+ } -+ } -+ for(i=0;proxies[i];i++) free(proxies[i]); -+ free(proxies); -+ free(pf); -+ -+ if (!proxy || !*proxy) -+ return NULL; -+ } -+#else - return NULL; -+#endif - - /* Handle shorthands. `rewritten_storage' is a kludge to allow - getproxy() to return static storage. */ diff --git a/wget-nullcerts.patch b/wget-nullcerts.patch new file mode 100644 index 0000000..00f3bbe --- /dev/null +++ b/wget-nullcerts.patch @@ -0,0 +1,48 @@ +--- src/openssl.c ++++ src/openssl.c +@@ -481,6 +481,7 @@ + { + X509 *cert; + char common_name[256]; ++ int len1, len2; + long vresult; + bool success = true; + +@@ -562,9 +563,34 @@ + UTF-8 which can be meaningfully compared to HOST. */ + + common_name[0] = '\0'; +- X509_NAME_get_text_by_NID (X509_get_subject_name (cert), +- NID_commonName, common_name, sizeof (common_name)); +- if (!pattern_match (common_name, host)) ++ len1 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), ++ NID_commonName, NULL, 0); ++ len2 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), ++ NID_commonName, common_name, ++ sizeof(common_name)); ++ if (len1 < 0 || len2 < 0) ++ { ++ logprintf (LOG_NOTQUIET, _("\ ++%s: certificate has no common name.\n"), ++ severity); ++ success = false; ++ } ++ if (len1 != len2) ++ { ++ logprintf (LOG_NOTQUIET, _("\ ++%s: certificate common name is %d bytes long, maximum allowed is %d.\n"), ++ severity, len1, sizeof(common_name)-1); ++ success = false; ++ } ++ else if (len2 != strlen(common_name)) ++ { ++ logprintf (LOG_NOTQUIET, _("\ ++%s: certificate common name contains a NULL character: '%s\\0%s'.\n"), ++ severity, escnonprint (common_name), ++ escnonprint (common_name + strlen(common_name)+1)); ++ success = false; ++ } ++ else if (!pattern_match (common_name, host)) + { + logprintf (LOG_NOTQUIET, _("\ + %s: certificate common name `%s' doesn't match requested host name `%s'.\n"), diff --git a/wget.changes b/wget.changes index aec44f7..94c9261 100644 --- a/wget.changes +++ b/wget.changes @@ -1,43 +1,3 @@ -------------------------------------------------------------------- -Sun Aug 15 16:37:02 CEST 2010 - dimstar@opensuse.org - -- Update to version 1.12: - + SECURITY FIX: It had been possible to trick Wget into accepting - SSL certificates that don't match the host name, through the - trick of embedding NUL characters into the certs' common name - + Added support for CSS. This includes: - - Parsing links from CSS files, and from CSS content found in - HTML style tags and attributes. - - Supporting conversion of links found within CSS content, when - --convert-links is specified. - - Ensuring that CSS files end in the ".css" filename extension, - when --convert-links is specified. - + Added support for Internationalized Resource Identifiers - + Wget now provides more sensible exit status codes when - downloads don't proceed as expected - + --default-page option (and associated wgetrc command) added to - support alternative default names for index.html. - + --ask-password option (and associated wgetrc command) added to - support password prompts at the console. - + The --input-file option now also handles retrieving links from - an external file. - + The output generated by the --version option now includes - information on how it was built, and the set of configure-time - options that were selected. - + --html-extension has been renamed to --adjust-extension, to - reflect the fact that it now also applies to CSS content - + An "ascii" specifier is now accepted by --restrict-file-names, - which forces the percent-encoding of all non-ASCII bytes - + Several previously existing, but undocumented .wgetrc options - are now documented. -- Drop upstream fixed wget-nullcerts.patch. -- Minor spec-cleanups using spec-cleaner -- Use smp_mflags -- Add libproxy-devel BuildRequires and enable libproxy support - using wget-libproxy.patch. -- Add pkg-config BuildRequire to succeed with the bootstrap on - openSUSE < 11.3. - ------------------------------------------------------------------- Wed Dec 16 11:09:16 CET 2009 - jengelh@medozas.de diff --git a/wget.spec b/wget.spec index af2e74b..6bda604 100644 --- a/wget.spec +++ b/wget.spec @@ -1,5 +1,5 @@ # -# spec file for package wget (Version 1.12) +# spec file for package wget (Version 1.11.4) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -15,47 +15,50 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +# norootforbuild Name: wget -Version: 1.12 -Release: 1 -License: GPLv3+ -Summary: A Tool for Mirroring FTP and HTTP Servers +BuildRequires: libpng-devel openssl-devel Url: http://www.gnu.org/software/wget/ +License: GPLv3+ Group: Productivity/Networking/Web/Utilities +AutoReqProv: on +Version: 1.11.4 +Release: 8 +Summary: A Tool for Mirroring FTP and HTTP Servers Source: %name-%version.tar.bz2 -# PATCH-MISSING-TAG -- See http://wiki.opensuse.org/Packaging/Patches -Patch0: wgetrc.patch -# PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget -Patch1: wget-libproxy.patch -BuildRequires: libpng-devel -BuildRequires: libproxy-devel -BuildRequires: openssl-devel -BuildRequires: pkg-config -PreReq: %install_info_prereq +Patch1: wgetrc.patch +Patch2: wget-nullcerts.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build +PreReq: %install_info_prereq %description Wget enables you to retrieve WWW documents or FTP files from a server. This can be done in script files or via the command line. + + +Authors: +-------- + Hrvoje Niksic + %prep %setup -q -%patch0 -%patch1 -p1 +%patch1 +%patch2 %build ./autogen.sh %configure -make %{?_smp_mflags} +make %{?jobs:-j%jobs} %install -%makeinstall +make DESTDIR=$RPM_BUILD_ROOT install %find_lang %{name} %clean -rm -rf %{buildroot}; +rm -rf $RPM_BUILD_ROOT; %post %install_info --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz @@ -65,7 +68,7 @@ rm -rf %{buildroot}; %files -f %{name}.lang %defattr(-,root,root) -%doc AUTHORS COPYING NEWS README MAILING-LIST +%doc AUTHORS COPYING NEWS README MAILING-LIST %doc doc/sample.wgetrc util/rmold.pl %{_mandir}/*/wget* %{_infodir}/wget* diff --git a/wgetrc.patch b/wgetrc.patch index 6d542d8..af7325b 100644 --- a/wgetrc.patch +++ b/wgetrc.patch @@ -1,14 +1,9 @@ -Index: doc/sample.wgetrc -=================================================================== ---- doc/sample.wgetrc.orig +--- doc/sample.wgetrc +++ doc/sample.wgetrc -@@ -114,6 +114,9 @@ - - # To try ipv6 addresses first: - #prefer-family = IPv6 -+# -+# Let the DNS resolver decide whether to prefer IPv4 or IPv6 +@@ -110,3 +110,6 @@ + # To have Wget follow FTP links from HTML files by default, set this + # to on: + #follow_ftp = off ++ ++# Let the DNS resolver decide whether to prefer IPv4 or Pv6 +prefer-family = none - - # Set default IRI support state - #iri = off From b3005307572725d8b7a28d8152a7408deaa485758ad20547280f9c92db5f79e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Sat, 9 Apr 2011 20:21:44 +0000 Subject: [PATCH 7/7] Accepting request 66600 from home:elvigia:branches:network:utilities OBS-URL: https://build.opensuse.org/request/show/66600 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=11 --- wget-1.11.4.tar.bz2 | 3 -- wget-1.12-nosslv2.patch | 67 ++++++++++++++++++++++++++++ wget-1.12.tar.bz2 | 3 ++ wget-libproxy.patch | 96 +++++++++++++++++++++++++++++++++++++++++ wget-nullcerts.patch | 48 --------------------- wget.changes | 46 ++++++++++++++++++++ wget.spec | 46 ++++++++++---------- wgetrc.patch | 19 +++++--- 8 files changed, 247 insertions(+), 81 deletions(-) delete mode 100644 wget-1.11.4.tar.bz2 create mode 100644 wget-1.12-nosslv2.patch create mode 100644 wget-1.12.tar.bz2 create mode 100644 wget-libproxy.patch delete mode 100644 wget-nullcerts.patch diff --git a/wget-1.11.4.tar.bz2 b/wget-1.11.4.tar.bz2 deleted file mode 100644 index abf415e..0000000 --- a/wget-1.11.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8b7f52e2861b89c3ee0cc10c3665af5b705d0cb7fc00bca59a9b1e2b50e027fb -size 954561 diff --git a/wget-1.12-nosslv2.patch b/wget-1.12-nosslv2.patch new file mode 100644 index 0000000..88b816b --- /dev/null +++ b/wget-1.12-nosslv2.patch @@ -0,0 +1,67 @@ +--- src/init.c.orig ++++ src/init.c +@@ -1331,7 +1331,9 @@ cmd_spec_secure_protocol (const char *co + { + static const struct decode_item choices[] = { + { "auto", secure_protocol_auto }, ++#ifndef OPENSSL_NO_SSL2 + { "sslv2", secure_protocol_sslv2 }, ++#endif + { "sslv3", secure_protocol_sslv3 }, + { "tlsv1", secure_protocol_tlsv1 }, + }; +--- src/openssl.c.orig ++++ src/openssl.c +@@ -42,6 +42,7 @@ as that of the covered work. */ + #include + #include + #include ++#include + + #include "utils.h" + #include "connect.h" +@@ -178,15 +179,21 @@ ssl_init () + SSL_load_error_strings (); + SSLeay_add_all_algorithms (); + SSLeay_add_ssl_algorithms (); ++/* Load all bundled ENGINEs into memory and make them visible */ ++ ENGINE_load_builtin_engines(); ++/* Register all of them for every algorithm they collectively implement */ ++ ENGINE_register_all_complete(); + + switch (opt.secure_protocol) + { + case secure_protocol_auto: + meth = SSLv23_client_method (); + break; ++#ifndef OPENSSL_NO_SSL2 + case secure_protocol_sslv2: + meth = SSLv2_client_method (); + break; ++#endif + case secure_protocol_sslv3: + meth = SSLv3_client_method (); + break; +--- src/options.h.orig ++++ src/options.h +@@ -171,7 +171,9 @@ struct options + #ifdef HAVE_SSL + enum { + secure_protocol_auto, ++#ifndef OPENSSL_NO_SSL2 + secure_protocol_sslv2, ++#endif + secure_protocol_sslv3, + secure_protocol_tlsv1 + } secure_protocol; /* type of secure protocol to use. */ +--- src/iri.c.orig ++++ src/iri.c +@@ -114,7 +114,7 @@ check_encoding_name (char *encoding) + static bool + open_locale_to_utf8 (void) + { +- ++ return true; + } + + /* Try converting string str from locale to UTF-8. Return a new string diff --git a/wget-1.12.tar.bz2 b/wget-1.12.tar.bz2 new file mode 100644 index 0000000..d5d4d63 --- /dev/null +++ b/wget-1.12.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c823d938e2f849305a101c0860229b123d7564c26470fdac9118d85e3c7dba9a +size 1609032 diff --git a/wget-libproxy.patch b/wget-libproxy.patch new file mode 100644 index 0000000..ecb2efc --- /dev/null +++ b/wget-libproxy.patch @@ -0,0 +1,96 @@ +Index: wget-1.12/configure.ac +=================================================================== +--- wget-1.12.orig/configure.ac ++++ wget-1.12/configure.ac +@@ -353,6 +353,22 @@ then + AC_DEFINE([HAVE_MD5], 1, [Define if we're compiling support for MD5.]) + fi + ++dnl ++dnl libproxy support ++dnl ++AC_ARG_ENABLE(libproxy, ++ [ --enable-libproxy libproxy support for system wide proxy configuration]) ++if test "${enable_libproxy}" != "no" ++then ++ PKG_CHECK_MODULES([libproxy], [libproxy-1.0], [enable_libproxy=yes], [enable_libproxy=no]) ++fi ++if test "${enable_libproxy}" = "yes" ++then ++ AC_SUBST(libproxy_CFLAGS) ++ AC_SUBST(libproxy_LIBS) ++ AC_DEFINE([HAVE_LIBPROXY], 1, [Define when using libproxy]) ++fi ++ + dnl ********************************************************************** + dnl Checks for IPv6 + dnl ********************************************************************** +Index: wget-1.12/src/Makefile.am +=================================================================== +--- wget-1.12.orig/src/Makefile.am ++++ wget-1.12/src/Makefile.am +@@ -36,7 +36,7 @@ endif + + # The following line is losing on some versions of make! + DEFS = @DEFS@ -DSYSTEM_WGETRC=\"$(sysconfdir)/wgetrc\" -DLOCALEDIR=\"$(localedir)\" +-LIBS = @LIBSSL@ @LIBGNUTLS@ @LIBICONV@ @LIBINTL@ @LIBS@ ++LIBS = @LIBSSL@ @LIBGNUTLS@ @LIBICONV@ @LIBINTL@ @libproxy_LIBS@ @LIBS@ + + bin_PROGRAMS = wget + wget_SOURCES = cmpt.c connect.c convert.c cookies.c ftp.c \ +Index: wget-1.12/src/retr.c +=================================================================== +--- wget-1.12.orig/src/retr.c ++++ wget-1.12/src/retr.c +@@ -55,6 +55,10 @@ as that of the covered work. */ + #include "html-url.h" + #include "iri.h" + ++#ifdef HAVE_LIBPROXY ++#include "proxy.h" ++#endif ++ + /* Total size of downloaded files. Used to enforce quota. */ + SUM_SIZE_INT total_downloaded_bytes; + +@@ -1134,7 +1138,40 @@ getproxy (struct url *u) + break; + } + if (!proxy || !*proxy) ++#ifdef HAVE_LIBPROXY ++ { ++ pxProxyFactory *pf = px_proxy_factory_new(); ++ if (!pf) ++ { ++ logprintf (LOG_VERBOSE, _("Allocating memory for libproxy failed")); ++ return NULL; ++ } ++ int i; ++ char direct[] = "direct://"; ++ ++ logprintf (LOG_VERBOSE, _("asking libproxy about url '%s'\n"), u->url); ++ char **proxies = px_proxy_factory_get_proxies(pf, u->url); ++ if (proxies[0]) ++ { ++ char *check = NULL; ++ asprintf(&check , "%s", proxies[0]); ++ logprintf (LOG_VERBOSE, _("libproxy suggest to use '%s'\n"), check); ++ if(strcmp(check ,direct) != 0) ++ { ++ asprintf(&proxy , "%s", proxies[0]); ++ logprintf (LOG_VERBOSE, _("case 2: libproxy setting to use '%s'\n"), proxy); ++ } ++ } ++ for(i=0;proxies[i];i++) free(proxies[i]); ++ free(proxies); ++ free(pf); ++ ++ if (!proxy || !*proxy) ++ return NULL; ++ } ++#else + return NULL; ++#endif + + /* Handle shorthands. `rewritten_storage' is a kludge to allow + getproxy() to return static storage. */ diff --git a/wget-nullcerts.patch b/wget-nullcerts.patch deleted file mode 100644 index 00f3bbe..0000000 --- a/wget-nullcerts.patch +++ /dev/null @@ -1,48 +0,0 @@ ---- src/openssl.c -+++ src/openssl.c -@@ -481,6 +481,7 @@ - { - X509 *cert; - char common_name[256]; -+ int len1, len2; - long vresult; - bool success = true; - -@@ -562,9 +563,34 @@ - UTF-8 which can be meaningfully compared to HOST. */ - - common_name[0] = '\0'; -- X509_NAME_get_text_by_NID (X509_get_subject_name (cert), -- NID_commonName, common_name, sizeof (common_name)); -- if (!pattern_match (common_name, host)) -+ len1 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), -+ NID_commonName, NULL, 0); -+ len2 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), -+ NID_commonName, common_name, -+ sizeof(common_name)); -+ if (len1 < 0 || len2 < 0) -+ { -+ logprintf (LOG_NOTQUIET, _("\ -+%s: certificate has no common name.\n"), -+ severity); -+ success = false; -+ } -+ if (len1 != len2) -+ { -+ logprintf (LOG_NOTQUIET, _("\ -+%s: certificate common name is %d bytes long, maximum allowed is %d.\n"), -+ severity, len1, sizeof(common_name)-1); -+ success = false; -+ } -+ else if (len2 != strlen(common_name)) -+ { -+ logprintf (LOG_NOTQUIET, _("\ -+%s: certificate common name contains a NULL character: '%s\\0%s'.\n"), -+ severity, escnonprint (common_name), -+ escnonprint (common_name + strlen(common_name)+1)); -+ success = false; -+ } -+ else if (!pattern_match (common_name, host)) - { - logprintf (LOG_NOTQUIET, _("\ - %s: certificate common name `%s' doesn't match requested host name `%s'.\n"), diff --git a/wget.changes b/wget.changes index 94c9261..191f921 100644 --- a/wget.changes +++ b/wget.changes @@ -1,3 +1,49 @@ +------------------------------------------------------------------- +Sat Apr 9 20:03:18 UTC 2011 - crrodriguez@opensuse.org + +- SSLv2 is being disabled in openSSL, allow painless obsoletion. +- Support IDN. + +------------------------------------------------------------------- +Sun Aug 15 16:37:02 CEST 2010 - dimstar@opensuse.org + +- Update to version 1.12: + + SECURITY FIX: It had been possible to trick Wget into accepting + SSL certificates that don't match the host name, through the + trick of embedding NUL characters into the certs' common name + + Added support for CSS. This includes: + - Parsing links from CSS files, and from CSS content found in + HTML style tags and attributes. + - Supporting conversion of links found within CSS content, when + --convert-links is specified. + - Ensuring that CSS files end in the ".css" filename extension, + when --convert-links is specified. + + Added support for Internationalized Resource Identifiers + + Wget now provides more sensible exit status codes when + downloads don't proceed as expected + + --default-page option (and associated wgetrc command) added to + support alternative default names for index.html. + + --ask-password option (and associated wgetrc command) added to + support password prompts at the console. + + The --input-file option now also handles retrieving links from + an external file. + + The output generated by the --version option now includes + information on how it was built, and the set of configure-time + options that were selected. + + --html-extension has been renamed to --adjust-extension, to + reflect the fact that it now also applies to CSS content + + An "ascii" specifier is now accepted by --restrict-file-names, + which forces the percent-encoding of all non-ASCII bytes + + Several previously existing, but undocumented .wgetrc options + are now documented. +- Drop upstream fixed wget-nullcerts.patch. +- Minor spec-cleanups using spec-cleaner +- Use smp_mflags +- Add libproxy-devel BuildRequires and enable libproxy support + using wget-libproxy.patch. +- Add pkg-config BuildRequire to succeed with the bootstrap on + openSUSE < 11.3. + ------------------------------------------------------------------- Wed Dec 16 11:09:16 CET 2009 - jengelh@medozas.de diff --git a/wget.spec b/wget.spec index 6bda604..e8a17b2 100644 --- a/wget.spec +++ b/wget.spec @@ -1,7 +1,7 @@ # -# spec file for package wget (Version 1.11.4) +# spec file for package wget (Version 1.12) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,50 +15,50 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: wget -BuildRequires: libpng-devel openssl-devel -Url: http://www.gnu.org/software/wget/ +Version: 1.12 +Release: 1 License: GPLv3+ -Group: Productivity/Networking/Web/Utilities -AutoReqProv: on -Version: 1.11.4 -Release: 8 Summary: A Tool for Mirroring FTP and HTTP Servers +Url: http://www.gnu.org/software/wget/ +Group: Productivity/Networking/Web/Utilities Source: %name-%version.tar.bz2 -Patch1: wgetrc.patch -Patch2: wget-nullcerts.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build +# PATCH-MISSING-TAG -- See http://wiki.opensuse.org/Packaging/Patches +Patch0: wgetrc.patch +# PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget +Patch1: wget-libproxy.patch +Patch2: wget-1.12-nosslv2.patch +BuildRequires: libpng-devel +BuildRequires: libproxy-devel +BuildRequires: openssl-devel +BuildRequires: pkg-config +BuildRequires: libidn-devel PreReq: %install_info_prereq +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Wget enables you to retrieve WWW documents or FTP files from a server. This can be done in script files or via the command line. - - -Authors: --------- - Hrvoje Niksic - %prep %setup -q -%patch1 +%patch0 +%patch1 -p1 %patch2 %build ./autogen.sh %configure -make %{?jobs:-j%jobs} +make %{?_smp_mflags} %install -make DESTDIR=$RPM_BUILD_ROOT install +%makeinstall %find_lang %{name} %clean -rm -rf $RPM_BUILD_ROOT; +rm -rf %{buildroot}; %post %install_info --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz @@ -68,7 +68,7 @@ rm -rf $RPM_BUILD_ROOT; %files -f %{name}.lang %defattr(-,root,root) -%doc AUTHORS COPYING NEWS README MAILING-LIST +%doc AUTHORS COPYING NEWS README MAILING-LIST %doc doc/sample.wgetrc util/rmold.pl %{_mandir}/*/wget* %{_infodir}/wget* diff --git a/wgetrc.patch b/wgetrc.patch index af7325b..6d542d8 100644 --- a/wgetrc.patch +++ b/wgetrc.patch @@ -1,9 +1,14 @@ ---- doc/sample.wgetrc +Index: doc/sample.wgetrc +=================================================================== +--- doc/sample.wgetrc.orig +++ doc/sample.wgetrc -@@ -110,3 +110,6 @@ - # To have Wget follow FTP links from HTML files by default, set this - # to on: - #follow_ftp = off -+ -+# Let the DNS resolver decide whether to prefer IPv4 or Pv6 +@@ -114,6 +114,9 @@ + + # To try ipv6 addresses first: + #prefer-family = IPv6 ++# ++# Let the DNS resolver decide whether to prefer IPv4 or IPv6 +prefer-family = none + + # Set default IRI support state + #iri = off