diff --git a/wget-1.11.4.tar.bz2 b/wget-1.11.4.tar.bz2 deleted file mode 100644 index abf415e..0000000 --- a/wget-1.11.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8b7f52e2861b89c3ee0cc10c3665af5b705d0cb7fc00bca59a9b1e2b50e027fb -size 954561 diff --git a/wget-1.12.tar.bz2 b/wget-1.12.tar.bz2 new file mode 100644 index 0000000..d5d4d63 --- /dev/null +++ b/wget-1.12.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c823d938e2f849305a101c0860229b123d7564c26470fdac9118d85e3c7dba9a +size 1609032 diff --git a/wget-libproxy.patch b/wget-libproxy.patch new file mode 100644 index 0000000..ecb2efc --- /dev/null +++ b/wget-libproxy.patch @@ -0,0 +1,96 @@ +Index: wget-1.12/configure.ac +=================================================================== +--- wget-1.12.orig/configure.ac ++++ wget-1.12/configure.ac +@@ -353,6 +353,22 @@ then + AC_DEFINE([HAVE_MD5], 1, [Define if we're compiling support for MD5.]) + fi + ++dnl ++dnl libproxy support ++dnl ++AC_ARG_ENABLE(libproxy, ++ [ --enable-libproxy libproxy support for system wide proxy configuration]) ++if test "${enable_libproxy}" != "no" ++then ++ PKG_CHECK_MODULES([libproxy], [libproxy-1.0], [enable_libproxy=yes], [enable_libproxy=no]) ++fi ++if test "${enable_libproxy}" = "yes" ++then ++ AC_SUBST(libproxy_CFLAGS) ++ AC_SUBST(libproxy_LIBS) ++ AC_DEFINE([HAVE_LIBPROXY], 1, [Define when using libproxy]) ++fi ++ + dnl ********************************************************************** + dnl Checks for IPv6 + dnl ********************************************************************** +Index: wget-1.12/src/Makefile.am +=================================================================== +--- wget-1.12.orig/src/Makefile.am ++++ wget-1.12/src/Makefile.am +@@ -36,7 +36,7 @@ endif + + # The following line is losing on some versions of make! + DEFS = @DEFS@ -DSYSTEM_WGETRC=\"$(sysconfdir)/wgetrc\" -DLOCALEDIR=\"$(localedir)\" +-LIBS = @LIBSSL@ @LIBGNUTLS@ @LIBICONV@ @LIBINTL@ @LIBS@ ++LIBS = @LIBSSL@ @LIBGNUTLS@ @LIBICONV@ @LIBINTL@ @libproxy_LIBS@ @LIBS@ + + bin_PROGRAMS = wget + wget_SOURCES = cmpt.c connect.c convert.c cookies.c ftp.c \ +Index: wget-1.12/src/retr.c +=================================================================== +--- wget-1.12.orig/src/retr.c ++++ wget-1.12/src/retr.c +@@ -55,6 +55,10 @@ as that of the covered work. */ + #include "html-url.h" + #include "iri.h" + ++#ifdef HAVE_LIBPROXY ++#include "proxy.h" ++#endif ++ + /* Total size of downloaded files. Used to enforce quota. */ + SUM_SIZE_INT total_downloaded_bytes; + +@@ -1134,7 +1138,40 @@ getproxy (struct url *u) + break; + } + if (!proxy || !*proxy) ++#ifdef HAVE_LIBPROXY ++ { ++ pxProxyFactory *pf = px_proxy_factory_new(); ++ if (!pf) ++ { ++ logprintf (LOG_VERBOSE, _("Allocating memory for libproxy failed")); ++ return NULL; ++ } ++ int i; ++ char direct[] = "direct://"; ++ ++ logprintf (LOG_VERBOSE, _("asking libproxy about url '%s'\n"), u->url); ++ char **proxies = px_proxy_factory_get_proxies(pf, u->url); ++ if (proxies[0]) ++ { ++ char *check = NULL; ++ asprintf(&check , "%s", proxies[0]); ++ logprintf (LOG_VERBOSE, _("libproxy suggest to use '%s'\n"), check); ++ if(strcmp(check ,direct) != 0) ++ { ++ asprintf(&proxy , "%s", proxies[0]); ++ logprintf (LOG_VERBOSE, _("case 2: libproxy setting to use '%s'\n"), proxy); ++ } ++ } ++ for(i=0;proxies[i];i++) free(proxies[i]); ++ free(proxies); ++ free(pf); ++ ++ if (!proxy || !*proxy) ++ return NULL; ++ } ++#else + return NULL; ++#endif + + /* Handle shorthands. `rewritten_storage' is a kludge to allow + getproxy() to return static storage. */ diff --git a/wget-nullcerts.patch b/wget-nullcerts.patch deleted file mode 100644 index 00f3bbe..0000000 --- a/wget-nullcerts.patch +++ /dev/null @@ -1,48 +0,0 @@ ---- src/openssl.c -+++ src/openssl.c -@@ -481,6 +481,7 @@ - { - X509 *cert; - char common_name[256]; -+ int len1, len2; - long vresult; - bool success = true; - -@@ -562,9 +563,34 @@ - UTF-8 which can be meaningfully compared to HOST. */ - - common_name[0] = '\0'; -- X509_NAME_get_text_by_NID (X509_get_subject_name (cert), -- NID_commonName, common_name, sizeof (common_name)); -- if (!pattern_match (common_name, host)) -+ len1 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), -+ NID_commonName, NULL, 0); -+ len2 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), -+ NID_commonName, common_name, -+ sizeof(common_name)); -+ if (len1 < 0 || len2 < 0) -+ { -+ logprintf (LOG_NOTQUIET, _("\ -+%s: certificate has no common name.\n"), -+ severity); -+ success = false; -+ } -+ if (len1 != len2) -+ { -+ logprintf (LOG_NOTQUIET, _("\ -+%s: certificate common name is %d bytes long, maximum allowed is %d.\n"), -+ severity, len1, sizeof(common_name)-1); -+ success = false; -+ } -+ else if (len2 != strlen(common_name)) -+ { -+ logprintf (LOG_NOTQUIET, _("\ -+%s: certificate common name contains a NULL character: '%s\\0%s'.\n"), -+ severity, escnonprint (common_name), -+ escnonprint (common_name + strlen(common_name)+1)); -+ success = false; -+ } -+ else if (!pattern_match (common_name, host)) - { - logprintf (LOG_NOTQUIET, _("\ - %s: certificate common name `%s' doesn't match requested host name `%s'.\n"), diff --git a/wget.changes b/wget.changes index 94c9261..aec44f7 100644 --- a/wget.changes +++ b/wget.changes @@ -1,3 +1,43 @@ +------------------------------------------------------------------- +Sun Aug 15 16:37:02 CEST 2010 - dimstar@opensuse.org + +- Update to version 1.12: + + SECURITY FIX: It had been possible to trick Wget into accepting + SSL certificates that don't match the host name, through the + trick of embedding NUL characters into the certs' common name + + Added support for CSS. This includes: + - Parsing links from CSS files, and from CSS content found in + HTML style tags and attributes. + - Supporting conversion of links found within CSS content, when + --convert-links is specified. + - Ensuring that CSS files end in the ".css" filename extension, + when --convert-links is specified. + + Added support for Internationalized Resource Identifiers + + Wget now provides more sensible exit status codes when + downloads don't proceed as expected + + --default-page option (and associated wgetrc command) added to + support alternative default names for index.html. + + --ask-password option (and associated wgetrc command) added to + support password prompts at the console. + + The --input-file option now also handles retrieving links from + an external file. + + The output generated by the --version option now includes + information on how it was built, and the set of configure-time + options that were selected. + + --html-extension has been renamed to --adjust-extension, to + reflect the fact that it now also applies to CSS content + + An "ascii" specifier is now accepted by --restrict-file-names, + which forces the percent-encoding of all non-ASCII bytes + + Several previously existing, but undocumented .wgetrc options + are now documented. +- Drop upstream fixed wget-nullcerts.patch. +- Minor spec-cleanups using spec-cleaner +- Use smp_mflags +- Add libproxy-devel BuildRequires and enable libproxy support + using wget-libproxy.patch. +- Add pkg-config BuildRequire to succeed with the bootstrap on + openSUSE < 11.3. + ------------------------------------------------------------------- Wed Dec 16 11:09:16 CET 2009 - jengelh@medozas.de diff --git a/wget.spec b/wget.spec index 6bda604..719e59d 100644 --- a/wget.spec +++ b/wget.spec @@ -1,7 +1,7 @@ # -# spec file for package wget (Version 1.11.4) +# spec file for package wget (Version 1.12) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,50 +15,47 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: wget -BuildRequires: libpng-devel openssl-devel -Url: http://www.gnu.org/software/wget/ +Version: 1.12 +Release: 1 License: GPLv3+ -Group: Productivity/Networking/Web/Utilities -AutoReqProv: on -Version: 1.11.4 -Release: 8 Summary: A Tool for Mirroring FTP and HTTP Servers +Url: http://www.gnu.org/software/wget/ +Group: Productivity/Networking/Web/Utilities Source: %name-%version.tar.bz2 -Patch1: wgetrc.patch -Patch2: wget-nullcerts.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build +# PATCH-MISSING-TAG -- See http://wiki.opensuse.org/Packaging/Patches +Patch0: wgetrc.patch +# PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget +Patch1: wget-libproxy.patch +BuildRequires: libpng-devel +BuildRequires: libproxy-devel +BuildRequires: openssl-devel +BuildRequires: pkg-config PreReq: %install_info_prereq +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Wget enables you to retrieve WWW documents or FTP files from a server. This can be done in script files or via the command line. - - -Authors: --------- - Hrvoje Niksic - %prep %setup -q -%patch1 -%patch2 +%patch0 +%patch1 -p1 %build ./autogen.sh %configure -make %{?jobs:-j%jobs} +make %{?_smp_mflags} %install -make DESTDIR=$RPM_BUILD_ROOT install +%makeinstall %find_lang %{name} %clean -rm -rf $RPM_BUILD_ROOT; +rm -rf %{buildroot}; %post %install_info --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz @@ -68,7 +65,7 @@ rm -rf $RPM_BUILD_ROOT; %files -f %{name}.lang %defattr(-,root,root) -%doc AUTHORS COPYING NEWS README MAILING-LIST +%doc AUTHORS COPYING NEWS README MAILING-LIST %doc doc/sample.wgetrc util/rmold.pl %{_mandir}/*/wget* %{_infodir}/wget* diff --git a/wgetrc.patch b/wgetrc.patch index af7325b..6d542d8 100644 --- a/wgetrc.patch +++ b/wgetrc.patch @@ -1,9 +1,14 @@ ---- doc/sample.wgetrc +Index: doc/sample.wgetrc +=================================================================== +--- doc/sample.wgetrc.orig +++ doc/sample.wgetrc -@@ -110,3 +110,6 @@ - # To have Wget follow FTP links from HTML files by default, set this - # to on: - #follow_ftp = off -+ -+# Let the DNS resolver decide whether to prefer IPv4 or Pv6 +@@ -114,6 +114,9 @@ + + # To try ipv6 addresses first: + #prefer-family = IPv6 ++# ++# Let the DNS resolver decide whether to prefer IPv4 or IPv6 +prefer-family = none + + # Set default IRI support state + #iri = off