diff --git a/wget-1.11.4.tar.bz2 b/wget-1.11.4.tar.bz2 deleted file mode 100644 index abf415e..0000000 --- a/wget-1.11.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8b7f52e2861b89c3ee0cc10c3665af5b705d0cb7fc00bca59a9b1e2b50e027fb -size 954561 diff --git a/wget-1.12-nosslv2.patch b/wget-1.12-nosslv2.patch new file mode 100644 index 0000000..88b816b --- /dev/null +++ b/wget-1.12-nosslv2.patch @@ -0,0 +1,67 @@ +--- src/init.c.orig ++++ src/init.c +@@ -1331,7 +1331,9 @@ cmd_spec_secure_protocol (const char *co + { + static const struct decode_item choices[] = { + { "auto", secure_protocol_auto }, ++#ifndef OPENSSL_NO_SSL2 + { "sslv2", secure_protocol_sslv2 }, ++#endif + { "sslv3", secure_protocol_sslv3 }, + { "tlsv1", secure_protocol_tlsv1 }, + }; +--- src/openssl.c.orig ++++ src/openssl.c +@@ -42,6 +42,7 @@ as that of the covered work. */ + #include + #include + #include ++#include + + #include "utils.h" + #include "connect.h" +@@ -178,15 +179,21 @@ ssl_init () + SSL_load_error_strings (); + SSLeay_add_all_algorithms (); + SSLeay_add_ssl_algorithms (); ++/* Load all bundled ENGINEs into memory and make them visible */ ++ ENGINE_load_builtin_engines(); ++/* Register all of them for every algorithm they collectively implement */ ++ ENGINE_register_all_complete(); + + switch (opt.secure_protocol) + { + case secure_protocol_auto: + meth = SSLv23_client_method (); + break; ++#ifndef OPENSSL_NO_SSL2 + case secure_protocol_sslv2: + meth = SSLv2_client_method (); + break; ++#endif + case secure_protocol_sslv3: + meth = SSLv3_client_method (); + break; +--- src/options.h.orig ++++ src/options.h +@@ -171,7 +171,9 @@ struct options + #ifdef HAVE_SSL + enum { + secure_protocol_auto, ++#ifndef OPENSSL_NO_SSL2 + secure_protocol_sslv2, ++#endif + secure_protocol_sslv3, + secure_protocol_tlsv1 + } secure_protocol; /* type of secure protocol to use. */ +--- src/iri.c.orig ++++ src/iri.c +@@ -114,7 +114,7 @@ check_encoding_name (char *encoding) + static bool + open_locale_to_utf8 (void) + { +- ++ return true; + } + + /* Try converting string str from locale to UTF-8. Return a new string diff --git a/wget-1.12.tar.bz2 b/wget-1.12.tar.bz2 new file mode 100644 index 0000000..d5d4d63 --- /dev/null +++ b/wget-1.12.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c823d938e2f849305a101c0860229b123d7564c26470fdac9118d85e3c7dba9a +size 1609032 diff --git a/wget-libproxy.patch b/wget-libproxy.patch new file mode 100644 index 0000000..ecb2efc --- /dev/null +++ b/wget-libproxy.patch @@ -0,0 +1,96 @@ +Index: wget-1.12/configure.ac +=================================================================== +--- wget-1.12.orig/configure.ac ++++ wget-1.12/configure.ac +@@ -353,6 +353,22 @@ then + AC_DEFINE([HAVE_MD5], 1, [Define if we're compiling support for MD5.]) + fi + ++dnl ++dnl libproxy support ++dnl ++AC_ARG_ENABLE(libproxy, ++ [ --enable-libproxy libproxy support for system wide proxy configuration]) ++if test "${enable_libproxy}" != "no" ++then ++ PKG_CHECK_MODULES([libproxy], [libproxy-1.0], [enable_libproxy=yes], [enable_libproxy=no]) ++fi ++if test "${enable_libproxy}" = "yes" ++then ++ AC_SUBST(libproxy_CFLAGS) ++ AC_SUBST(libproxy_LIBS) ++ AC_DEFINE([HAVE_LIBPROXY], 1, [Define when using libproxy]) ++fi ++ + dnl ********************************************************************** + dnl Checks for IPv6 + dnl ********************************************************************** +Index: wget-1.12/src/Makefile.am +=================================================================== +--- wget-1.12.orig/src/Makefile.am ++++ wget-1.12/src/Makefile.am +@@ -36,7 +36,7 @@ endif + + # The following line is losing on some versions of make! + DEFS = @DEFS@ -DSYSTEM_WGETRC=\"$(sysconfdir)/wgetrc\" -DLOCALEDIR=\"$(localedir)\" +-LIBS = @LIBSSL@ @LIBGNUTLS@ @LIBICONV@ @LIBINTL@ @LIBS@ ++LIBS = @LIBSSL@ @LIBGNUTLS@ @LIBICONV@ @LIBINTL@ @libproxy_LIBS@ @LIBS@ + + bin_PROGRAMS = wget + wget_SOURCES = cmpt.c connect.c convert.c cookies.c ftp.c \ +Index: wget-1.12/src/retr.c +=================================================================== +--- wget-1.12.orig/src/retr.c ++++ wget-1.12/src/retr.c +@@ -55,6 +55,10 @@ as that of the covered work. */ + #include "html-url.h" + #include "iri.h" + ++#ifdef HAVE_LIBPROXY ++#include "proxy.h" ++#endif ++ + /* Total size of downloaded files. Used to enforce quota. */ + SUM_SIZE_INT total_downloaded_bytes; + +@@ -1134,7 +1138,40 @@ getproxy (struct url *u) + break; + } + if (!proxy || !*proxy) ++#ifdef HAVE_LIBPROXY ++ { ++ pxProxyFactory *pf = px_proxy_factory_new(); ++ if (!pf) ++ { ++ logprintf (LOG_VERBOSE, _("Allocating memory for libproxy failed")); ++ return NULL; ++ } ++ int i; ++ char direct[] = "direct://"; ++ ++ logprintf (LOG_VERBOSE, _("asking libproxy about url '%s'\n"), u->url); ++ char **proxies = px_proxy_factory_get_proxies(pf, u->url); ++ if (proxies[0]) ++ { ++ char *check = NULL; ++ asprintf(&check , "%s", proxies[0]); ++ logprintf (LOG_VERBOSE, _("libproxy suggest to use '%s'\n"), check); ++ if(strcmp(check ,direct) != 0) ++ { ++ asprintf(&proxy , "%s", proxies[0]); ++ logprintf (LOG_VERBOSE, _("case 2: libproxy setting to use '%s'\n"), proxy); ++ } ++ } ++ for(i=0;proxies[i];i++) free(proxies[i]); ++ free(proxies); ++ free(pf); ++ ++ if (!proxy || !*proxy) ++ return NULL; ++ } ++#else + return NULL; ++#endif + + /* Handle shorthands. `rewritten_storage' is a kludge to allow + getproxy() to return static storage. */ diff --git a/wget-nullcerts.patch b/wget-nullcerts.patch deleted file mode 100644 index 00f3bbe..0000000 --- a/wget-nullcerts.patch +++ /dev/null @@ -1,48 +0,0 @@ ---- src/openssl.c -+++ src/openssl.c -@@ -481,6 +481,7 @@ - { - X509 *cert; - char common_name[256]; -+ int len1, len2; - long vresult; - bool success = true; - -@@ -562,9 +563,34 @@ - UTF-8 which can be meaningfully compared to HOST. */ - - common_name[0] = '\0'; -- X509_NAME_get_text_by_NID (X509_get_subject_name (cert), -- NID_commonName, common_name, sizeof (common_name)); -- if (!pattern_match (common_name, host)) -+ len1 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), -+ NID_commonName, NULL, 0); -+ len2 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), -+ NID_commonName, common_name, -+ sizeof(common_name)); -+ if (len1 < 0 || len2 < 0) -+ { -+ logprintf (LOG_NOTQUIET, _("\ -+%s: certificate has no common name.\n"), -+ severity); -+ success = false; -+ } -+ if (len1 != len2) -+ { -+ logprintf (LOG_NOTQUIET, _("\ -+%s: certificate common name is %d bytes long, maximum allowed is %d.\n"), -+ severity, len1, sizeof(common_name)-1); -+ success = false; -+ } -+ else if (len2 != strlen(common_name)) -+ { -+ logprintf (LOG_NOTQUIET, _("\ -+%s: certificate common name contains a NULL character: '%s\\0%s'.\n"), -+ severity, escnonprint (common_name), -+ escnonprint (common_name + strlen(common_name)+1)); -+ success = false; -+ } -+ else if (!pattern_match (common_name, host)) - { - logprintf (LOG_NOTQUIET, _("\ - %s: certificate common name `%s' doesn't match requested host name `%s'.\n"), diff --git a/wget.changes b/wget.changes index 94c9261..191f921 100644 --- a/wget.changes +++ b/wget.changes @@ -1,3 +1,49 @@ +------------------------------------------------------------------- +Sat Apr 9 20:03:18 UTC 2011 - crrodriguez@opensuse.org + +- SSLv2 is being disabled in openSSL, allow painless obsoletion. +- Support IDN. + +------------------------------------------------------------------- +Sun Aug 15 16:37:02 CEST 2010 - dimstar@opensuse.org + +- Update to version 1.12: + + SECURITY FIX: It had been possible to trick Wget into accepting + SSL certificates that don't match the host name, through the + trick of embedding NUL characters into the certs' common name + + Added support for CSS. This includes: + - Parsing links from CSS files, and from CSS content found in + HTML style tags and attributes. + - Supporting conversion of links found within CSS content, when + --convert-links is specified. + - Ensuring that CSS files end in the ".css" filename extension, + when --convert-links is specified. + + Added support for Internationalized Resource Identifiers + + Wget now provides more sensible exit status codes when + downloads don't proceed as expected + + --default-page option (and associated wgetrc command) added to + support alternative default names for index.html. + + --ask-password option (and associated wgetrc command) added to + support password prompts at the console. + + The --input-file option now also handles retrieving links from + an external file. + + The output generated by the --version option now includes + information on how it was built, and the set of configure-time + options that were selected. + + --html-extension has been renamed to --adjust-extension, to + reflect the fact that it now also applies to CSS content + + An "ascii" specifier is now accepted by --restrict-file-names, + which forces the percent-encoding of all non-ASCII bytes + + Several previously existing, but undocumented .wgetrc options + are now documented. +- Drop upstream fixed wget-nullcerts.patch. +- Minor spec-cleanups using spec-cleaner +- Use smp_mflags +- Add libproxy-devel BuildRequires and enable libproxy support + using wget-libproxy.patch. +- Add pkg-config BuildRequire to succeed with the bootstrap on + openSUSE < 11.3. + ------------------------------------------------------------------- Wed Dec 16 11:09:16 CET 2009 - jengelh@medozas.de diff --git a/wget.spec b/wget.spec index 6bda604..e8a17b2 100644 --- a/wget.spec +++ b/wget.spec @@ -1,7 +1,7 @@ # -# spec file for package wget (Version 1.11.4) +# spec file for package wget (Version 1.12) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,50 +15,50 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: wget -BuildRequires: libpng-devel openssl-devel -Url: http://www.gnu.org/software/wget/ +Version: 1.12 +Release: 1 License: GPLv3+ -Group: Productivity/Networking/Web/Utilities -AutoReqProv: on -Version: 1.11.4 -Release: 8 Summary: A Tool for Mirroring FTP and HTTP Servers +Url: http://www.gnu.org/software/wget/ +Group: Productivity/Networking/Web/Utilities Source: %name-%version.tar.bz2 -Patch1: wgetrc.patch -Patch2: wget-nullcerts.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build +# PATCH-MISSING-TAG -- See http://wiki.opensuse.org/Packaging/Patches +Patch0: wgetrc.patch +# PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget +Patch1: wget-libproxy.patch +Patch2: wget-1.12-nosslv2.patch +BuildRequires: libpng-devel +BuildRequires: libproxy-devel +BuildRequires: openssl-devel +BuildRequires: pkg-config +BuildRequires: libidn-devel PreReq: %install_info_prereq +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Wget enables you to retrieve WWW documents or FTP files from a server. This can be done in script files or via the command line. - - -Authors: --------- - Hrvoje Niksic - %prep %setup -q -%patch1 +%patch0 +%patch1 -p1 %patch2 %build ./autogen.sh %configure -make %{?jobs:-j%jobs} +make %{?_smp_mflags} %install -make DESTDIR=$RPM_BUILD_ROOT install +%makeinstall %find_lang %{name} %clean -rm -rf $RPM_BUILD_ROOT; +rm -rf %{buildroot}; %post %install_info --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz @@ -68,7 +68,7 @@ rm -rf $RPM_BUILD_ROOT; %files -f %{name}.lang %defattr(-,root,root) -%doc AUTHORS COPYING NEWS README MAILING-LIST +%doc AUTHORS COPYING NEWS README MAILING-LIST %doc doc/sample.wgetrc util/rmold.pl %{_mandir}/*/wget* %{_infodir}/wget* diff --git a/wgetrc.patch b/wgetrc.patch index af7325b..6d542d8 100644 --- a/wgetrc.patch +++ b/wgetrc.patch @@ -1,9 +1,14 @@ ---- doc/sample.wgetrc +Index: doc/sample.wgetrc +=================================================================== +--- doc/sample.wgetrc.orig +++ doc/sample.wgetrc -@@ -110,3 +110,6 @@ - # To have Wget follow FTP links from HTML files by default, set this - # to on: - #follow_ftp = off -+ -+# Let the DNS resolver decide whether to prefer IPv4 or Pv6 +@@ -114,6 +114,9 @@ + + # To try ipv6 addresses first: + #prefer-family = IPv6 ++# ++# Let the DNS resolver decide whether to prefer IPv4 or IPv6 +prefer-family = none + + # Set default IRI support state + #iri = off