From dabfd7233eeb0f30c409660311e510bc794b791b13091a15954139133074eb46 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Mon, 21 Dec 2009 20:18:42 +0000 Subject: [PATCH] Accepting request 26763 from home:jengelh:branches:network:utilities Copy from home:jengelh:branches:network:utilities/wget via accept of submit request 26763 revision 2. Request was accepted with message: thx OBS-URL: https://build.opensuse.org/request/show/26763 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=5 --- ready | 0 wget-1.11.4.tar.bz2 | 3 ++ wget-1.12.tar.bz2 | 3 -- wget-libproxy.patch | 96 -------------------------------------------- wget-nullcerts.patch | 48 ++++++++++++++++++++++ wget.changes | 40 ------------------ wget.spec | 45 +++++++++++---------- wgetrc.patch | 19 ++++----- 8 files changed, 82 insertions(+), 172 deletions(-) create mode 100644 ready create mode 100644 wget-1.11.4.tar.bz2 delete mode 100644 wget-1.12.tar.bz2 delete mode 100644 wget-libproxy.patch create mode 100644 wget-nullcerts.patch diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4 diff --git a/wget-1.11.4.tar.bz2 b/wget-1.11.4.tar.bz2 new file mode 100644 index 0000000..abf415e --- /dev/null +++ b/wget-1.11.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8b7f52e2861b89c3ee0cc10c3665af5b705d0cb7fc00bca59a9b1e2b50e027fb +size 954561 diff --git a/wget-1.12.tar.bz2 b/wget-1.12.tar.bz2 deleted file mode 100644 index d5d4d63..0000000 --- a/wget-1.12.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c823d938e2f849305a101c0860229b123d7564c26470fdac9118d85e3c7dba9a -size 1609032 diff --git a/wget-libproxy.patch b/wget-libproxy.patch deleted file mode 100644 index ecb2efc..0000000 --- a/wget-libproxy.patch +++ /dev/null @@ -1,96 +0,0 @@ -Index: wget-1.12/configure.ac -=================================================================== ---- wget-1.12.orig/configure.ac -+++ wget-1.12/configure.ac -@@ -353,6 +353,22 @@ then - AC_DEFINE([HAVE_MD5], 1, [Define if we're compiling support for MD5.]) - fi - -+dnl -+dnl libproxy support -+dnl -+AC_ARG_ENABLE(libproxy, -+ [ --enable-libproxy libproxy support for system wide proxy configuration]) -+if test "${enable_libproxy}" != "no" -+then -+ PKG_CHECK_MODULES([libproxy], [libproxy-1.0], [enable_libproxy=yes], [enable_libproxy=no]) -+fi -+if test "${enable_libproxy}" = "yes" -+then -+ AC_SUBST(libproxy_CFLAGS) -+ AC_SUBST(libproxy_LIBS) -+ AC_DEFINE([HAVE_LIBPROXY], 1, [Define when using libproxy]) -+fi -+ - dnl ********************************************************************** - dnl Checks for IPv6 - dnl ********************************************************************** -Index: wget-1.12/src/Makefile.am -=================================================================== ---- wget-1.12.orig/src/Makefile.am -+++ wget-1.12/src/Makefile.am -@@ -36,7 +36,7 @@ endif - - # The following line is losing on some versions of make! - DEFS = @DEFS@ -DSYSTEM_WGETRC=\"$(sysconfdir)/wgetrc\" -DLOCALEDIR=\"$(localedir)\" --LIBS = @LIBSSL@ @LIBGNUTLS@ @LIBICONV@ @LIBINTL@ @LIBS@ -+LIBS = @LIBSSL@ @LIBGNUTLS@ @LIBICONV@ @LIBINTL@ @libproxy_LIBS@ @LIBS@ - - bin_PROGRAMS = wget - wget_SOURCES = cmpt.c connect.c convert.c cookies.c ftp.c \ -Index: wget-1.12/src/retr.c -=================================================================== ---- wget-1.12.orig/src/retr.c -+++ wget-1.12/src/retr.c -@@ -55,6 +55,10 @@ as that of the covered work. */ - #include "html-url.h" - #include "iri.h" - -+#ifdef HAVE_LIBPROXY -+#include "proxy.h" -+#endif -+ - /* Total size of downloaded files. Used to enforce quota. */ - SUM_SIZE_INT total_downloaded_bytes; - -@@ -1134,7 +1138,40 @@ getproxy (struct url *u) - break; - } - if (!proxy || !*proxy) -+#ifdef HAVE_LIBPROXY -+ { -+ pxProxyFactory *pf = px_proxy_factory_new(); -+ if (!pf) -+ { -+ logprintf (LOG_VERBOSE, _("Allocating memory for libproxy failed")); -+ return NULL; -+ } -+ int i; -+ char direct[] = "direct://"; -+ -+ logprintf (LOG_VERBOSE, _("asking libproxy about url '%s'\n"), u->url); -+ char **proxies = px_proxy_factory_get_proxies(pf, u->url); -+ if (proxies[0]) -+ { -+ char *check = NULL; -+ asprintf(&check , "%s", proxies[0]); -+ logprintf (LOG_VERBOSE, _("libproxy suggest to use '%s'\n"), check); -+ if(strcmp(check ,direct) != 0) -+ { -+ asprintf(&proxy , "%s", proxies[0]); -+ logprintf (LOG_VERBOSE, _("case 2: libproxy setting to use '%s'\n"), proxy); -+ } -+ } -+ for(i=0;proxies[i];i++) free(proxies[i]); -+ free(proxies); -+ free(pf); -+ -+ if (!proxy || !*proxy) -+ return NULL; -+ } -+#else - return NULL; -+#endif - - /* Handle shorthands. `rewritten_storage' is a kludge to allow - getproxy() to return static storage. */ diff --git a/wget-nullcerts.patch b/wget-nullcerts.patch new file mode 100644 index 0000000..00f3bbe --- /dev/null +++ b/wget-nullcerts.patch @@ -0,0 +1,48 @@ +--- src/openssl.c ++++ src/openssl.c +@@ -481,6 +481,7 @@ + { + X509 *cert; + char common_name[256]; ++ int len1, len2; + long vresult; + bool success = true; + +@@ -562,9 +563,34 @@ + UTF-8 which can be meaningfully compared to HOST. */ + + common_name[0] = '\0'; +- X509_NAME_get_text_by_NID (X509_get_subject_name (cert), +- NID_commonName, common_name, sizeof (common_name)); +- if (!pattern_match (common_name, host)) ++ len1 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), ++ NID_commonName, NULL, 0); ++ len2 = X509_NAME_get_text_by_NID (X509_get_subject_name (cert), ++ NID_commonName, common_name, ++ sizeof(common_name)); ++ if (len1 < 0 || len2 < 0) ++ { ++ logprintf (LOG_NOTQUIET, _("\ ++%s: certificate has no common name.\n"), ++ severity); ++ success = false; ++ } ++ if (len1 != len2) ++ { ++ logprintf (LOG_NOTQUIET, _("\ ++%s: certificate common name is %d bytes long, maximum allowed is %d.\n"), ++ severity, len1, sizeof(common_name)-1); ++ success = false; ++ } ++ else if (len2 != strlen(common_name)) ++ { ++ logprintf (LOG_NOTQUIET, _("\ ++%s: certificate common name contains a NULL character: '%s\\0%s'.\n"), ++ severity, escnonprint (common_name), ++ escnonprint (common_name + strlen(common_name)+1)); ++ success = false; ++ } ++ else if (!pattern_match (common_name, host)) + { + logprintf (LOG_NOTQUIET, _("\ + %s: certificate common name `%s' doesn't match requested host name `%s'.\n"), diff --git a/wget.changes b/wget.changes index aec44f7..94c9261 100644 --- a/wget.changes +++ b/wget.changes @@ -1,43 +1,3 @@ -------------------------------------------------------------------- -Sun Aug 15 16:37:02 CEST 2010 - dimstar@opensuse.org - -- Update to version 1.12: - + SECURITY FIX: It had been possible to trick Wget into accepting - SSL certificates that don't match the host name, through the - trick of embedding NUL characters into the certs' common name - + Added support for CSS. This includes: - - Parsing links from CSS files, and from CSS content found in - HTML style tags and attributes. - - Supporting conversion of links found within CSS content, when - --convert-links is specified. - - Ensuring that CSS files end in the ".css" filename extension, - when --convert-links is specified. - + Added support for Internationalized Resource Identifiers - + Wget now provides more sensible exit status codes when - downloads don't proceed as expected - + --default-page option (and associated wgetrc command) added to - support alternative default names for index.html. - + --ask-password option (and associated wgetrc command) added to - support password prompts at the console. - + The --input-file option now also handles retrieving links from - an external file. - + The output generated by the --version option now includes - information on how it was built, and the set of configure-time - options that were selected. - + --html-extension has been renamed to --adjust-extension, to - reflect the fact that it now also applies to CSS content - + An "ascii" specifier is now accepted by --restrict-file-names, - which forces the percent-encoding of all non-ASCII bytes - + Several previously existing, but undocumented .wgetrc options - are now documented. -- Drop upstream fixed wget-nullcerts.patch. -- Minor spec-cleanups using spec-cleaner -- Use smp_mflags -- Add libproxy-devel BuildRequires and enable libproxy support - using wget-libproxy.patch. -- Add pkg-config BuildRequire to succeed with the bootstrap on - openSUSE < 11.3. - ------------------------------------------------------------------- Wed Dec 16 11:09:16 CET 2009 - jengelh@medozas.de diff --git a/wget.spec b/wget.spec index 719e59d..6848574 100644 --- a/wget.spec +++ b/wget.spec @@ -1,7 +1,7 @@ # -# spec file for package wget (Version 1.12) +# spec file for package wget (Version 1.11.4) # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,47 +15,50 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +# norootforbuild Name: wget -Version: 1.12 -Release: 1 -License: GPLv3+ -Summary: A Tool for Mirroring FTP and HTTP Servers +BuildRequires: libpng-devel openssl-devel Url: http://www.gnu.org/software/wget/ +License: GPL v3 or later Group: Productivity/Networking/Web/Utilities +AutoReqProv: on +Version: 1.11.4 +Release: 7 +Summary: A Tool for Mirroring FTP and HTTP Servers Source: %name-%version.tar.bz2 -# PATCH-MISSING-TAG -- See http://wiki.opensuse.org/Packaging/Patches -Patch0: wgetrc.patch -# PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget -Patch1: wget-libproxy.patch -BuildRequires: libpng-devel -BuildRequires: libproxy-devel -BuildRequires: openssl-devel -BuildRequires: pkg-config -PreReq: %install_info_prereq +Patch1: wgetrc.patch +Patch2: wget-nullcerts.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build +PreReq: %install_info_prereq %description Wget enables you to retrieve WWW documents or FTP files from a server. This can be done in script files or via the command line. + + +Authors: +-------- + Hrvoje Niksic + %prep %setup -q -%patch0 -%patch1 -p1 +%patch1 +%patch2 %build ./autogen.sh %configure -make %{?_smp_mflags} +make %{?jobs:-j%jobs}; %install -%makeinstall +make DESTDIR=$RPM_BUILD_ROOT install %find_lang %{name} %clean -rm -rf %{buildroot}; +rm -rf $RPM_BUILD_ROOT; %post %install_info --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz @@ -65,7 +68,7 @@ rm -rf %{buildroot}; %files -f %{name}.lang %defattr(-,root,root) -%doc AUTHORS COPYING NEWS README MAILING-LIST +%doc AUTHORS COPYING NEWS README MAILING-LIST %doc doc/sample.wgetrc util/rmold.pl %{_mandir}/*/wget* %{_infodir}/wget* diff --git a/wgetrc.patch b/wgetrc.patch index 6d542d8..af7325b 100644 --- a/wgetrc.patch +++ b/wgetrc.patch @@ -1,14 +1,9 @@ -Index: doc/sample.wgetrc -=================================================================== ---- doc/sample.wgetrc.orig +--- doc/sample.wgetrc +++ doc/sample.wgetrc -@@ -114,6 +114,9 @@ - - # To try ipv6 addresses first: - #prefer-family = IPv6 -+# -+# Let the DNS resolver decide whether to prefer IPv4 or IPv6 +@@ -110,3 +110,6 @@ + # To have Wget follow FTP links from HTML files by default, set this + # to on: + #follow_ftp = off ++ ++# Let the DNS resolver decide whether to prefer IPv4 or Pv6 +prefer-family = none - - # Set default IRI support state - #iri = off