Accepting request 174329 from home:posophe:branches:network:utilities

update OBS-URL: https://build.opensuse.org/request/show/174329 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=37
2013-05-03 08:34:44 +00:00 · 2013-05-03 08:34:44 +00:00 · e426f6663a
commit e426f6663a
parent 1328542cd1
9 changed files with 47 additions and 170 deletions
--- a/wget-1.13.4.tar.bz2
+++ b/wget-1.13.4.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:f76518dfd7bcde41b7762df5cc5516bc8a178f122811aba18a64993fb9458881
 size 1931885
--- a/wget-1.14-no-ssl-comp.patch
+++ b/wget-1.14-no-ssl-comp.patch
@ -0,0 +1,13 @@
 --- src/openssl.c.orig
 +++ src/openssl.c
@@ -241,7 +241,9 @@
   /* The OpenSSL library can handle renegotiations automatically, so
      tell it to do so.  */
   SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY);
 -
 +#ifdef SSL_OP_NO_COMPRESSION
 +  SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
 +#endif
   return true;
  error:
--- a/wget-1.14-openssl-no-intern.patch
+++ b/wget-1.14-openssl-no-intern.patch
@ -1,6 +1,6 @@
 --- src/openssl.c.orig
 +++ src/openssl.c
-@@ -29,6 +29,7 @@ Corresponding Source for a non-source fo
+@@ -29,6 +29,7 @@
 shall include the source code for the parts of OpenSSL used as well
 as that of the covered work.  */
@ -8,7 +8,7 @@
 #include "wget.h"
 #include <assert.h>
-@@ -429,7 +430,7 @@ ssl_connect_wget (int fd, const char *ho
+@@ -425,7 +426,7 @@
   if (!SSL_set_fd (conn, FD_TO_SOCKET (fd)))
     goto error;
   SSL_set_connect_state (conn);
--- a/wget-1.14.tar.xz
+++ b/wget-1.14.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:1761d7f7c6a2ad6c8d494d239c53f0c17126efb6449ada16dee3a66d87a4147b
 size 1584060
--- a/wget-no-ssl-comp.patch
+++ b/wget-no-ssl-comp.patch
@ -1,13 +0,0 @@
 --- src/openssl.c.orig
 +++ src/openssl.c
@@ -248,6 +248,10 @@ ssl_init ()
   /* Keep memory usage as low as possible */
   SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
 #endif
 +#ifdef SSL_OP_NO_COMPRESSION
 +  SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
 +#endif
 +
   return true;
  error:
--- a/wget-sni.patch
+++ b/wget-sni.patch
@ -1,127 +0,0 @@
 --- src/host.c
 +++ src/host.c
@@ -914,3 +914,19 @@ host_cleanup (void)
       host_name_addresses_map = NULL;
     }
 }
 +
 +/* Determine whether or not a hostname is an IP address that we recognise. */
 +bool
 +is_ip_address (const char *name)
 +{
 +  const char *endp;
 +
 +  endp = name + strlen(name);
 +  if (is_valid_ipv4_address(name, endp))
 +    return true;
 +#ifdef ENABLE_IPV6
 +  if (is_valid_ipv6_address(name, endp))
 +    return true;
 +#endif
 +  return false;
 +}
 --- src/host.h
 +++ src/host.h
@@ -102,5 +102,5 @@ bool accept_domain (struct url *);
 bool sufmatch (const char **, const char *);
 void host_cleanup (void);
 -
 +bool is_ip_address(const char *);
 #endif /* HOST_H */
 --- src/http.c
 +++ src/http.c
@@ -1909,7 +1909,7 @@ gethttp (struct url *u, struct http_stat
       if (conn->scheme == SCHEME_HTTPS)
         {
 -          if (!ssl_connect_wget (sock))
 +          if (!ssl_connect_wget (sock, u->host))
             {
               fd_close (sock);
               return CONSSLERR;
 --- src/openssl.c
 +++ src/openssl.c
@@ -40,12 +40,12 @@ as that of the covered work.  */
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
 -
 +#include <openssl/engine.h>
 #include "utils.h"
 #include "connect.h"
 #include "url.h"
 #include "ssl.h"
 -
 +#include "host.h"
 #ifdef WINDOWS
 # include <w32sock.h>
 #endif
@@ -175,11 +175,15 @@ ssl_init ()
                  _("Could not seed PRNG; consider using --random-file.\n"));
       goto error;
     }
 -
 +  OPENSSL_config(NULL);
   SSL_library_init ();
   SSL_load_error_strings ();
   SSLeay_add_all_algorithms ();
   SSLeay_add_ssl_algorithms ();
 + /* Load all bundled ENGINEs into memory and make them visible */
 +  ENGINE_load_builtin_engines();
 + /* Register all of them for every algorithm they collectively implement */
 +  ENGINE_register_all_complete();
   switch (opt.secure_protocol)
     {
@@ -239,7 +243,10 @@ ssl_init ()
   /* The OpenSSL library can handle renegotiations automatically, so
      tell it to do so.  */
   SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY);
 -
 +#ifdef SSL_MODE_RELEASE_BUFFERS
 +  /* Keep memory usage as low as possible */
 +  SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
 +#endif
   return true;
  error:
@@ -393,7 +400,7 @@ static struct transport_implementation o
    Returns true on success, false on failure.  */
 bool
 -ssl_connect_wget (int fd)
 +ssl_connect_wget (int fd, const char *hostname)
 {
   SSL *conn;
   struct openssl_transport_context *ctx;
@@ -404,6 +411,18 @@ ssl_connect_wget (int fd)
   conn = SSL_new (ssl_ctx);
   if (!conn)
     goto error;
 +
 +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
 +  /* If the SSL library was build with support for ServerNameIndication
 +     then use it whenever we have a hostname.  If not, don't, ever. */
 +  if (!is_ip_address(hostname))
 +    {
 +      if (!SSL_set_tlsext_host_name(conn, hostname)) {
 +   DEBUGP (("Failed to set TLS server-name indication."));
 +   goto error;
 +      }
 +    }
 +#endif
 #ifndef FD_TO_SOCKET
 # define FD_TO_SOCKET(X) (X)
 #endif
 --- src/ssl.h
 +++ src/ssl.h
@@ -33,7 +33,7 @@ as that of the covered work.  */
 #define GEN_SSLFUNC_H
 bool ssl_init (void);
 -bool ssl_connect_wget (int);
 +bool ssl_connect_wget (int, const char *);
 bool ssl_check_certificate (int, const char *);
 #endif /* GEN_SSLFUNC_H */
--- a/wget-stdio.h.patch
+++ b/wget-stdio.h.patch
@ -1,17 +0,0 @@
 Index: wget-1.13.4/lib/stdio.in.h
 ===================================================================
 --- wget-1.13.4.orig/lib/stdio.in.h
 +++ wget-1.13.4/lib/stdio.in.h
@@ -694,10 +694,12 @@ _GL_CXXALIAS_SYS (gets, char *, (char *s
 #  undef gets
 # endif
 _GL_CXXALIASWARN (gets);
 +# if HAVE_RAW_DECL_GETS
 /* It is very rare that the developer ever has full control of stdin,
    so any use of gets warrants an unconditional warning.  Assume it is
    always declared, since it is required by C89.  */
 _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
 +# endif
 #endif
--- a/wget.changes
+++ b/wget.changes
@ -1,3 +1,27 @@
 -------------------------------------------------------------------
 Thu May  2 17:50:50 UTC 2013 - p.drouand@gmail.com
 - Update to version 1.14
  + add support for content-on-error.  It allows to store the HTTP
    payload on 4xx or 5xx errors.
  + add support for WARC files.
  + fix a memory leak problem in the GNU TLS backend.
  + autoreconf works again for distributed tarballs.
  + print some diagnostic messages to stderr not to stdout.
  + report stdout close errors.
  + accept the --report-speed option.
  + enable client certificates when GNU TLS is used.
  + add support for TLS Server Name Indication.
  + accept the arguments --accept-reject and --reject-regex.
  + the GNU TLS backend honors correctly the timeout value.
  + add support for RFC 2617 Digest Access Authentication.
 - Drop patchs obsoleted by upstream
  + wget-sni.patch
  + wget-stdio.h.patch
 - Rebase patchs to work with upstream
  + wget-openssl-no-intern.patch > wget-1.14-openssl-no-intern.patch
  + wget-no-ssl-comp.patch > wget-1.14-no-ssl-comp.patch
 -------------------------------------------------------------------
 Thu May  2 09:49:33 UTC 2013 - seife+obs@b1-systems.com
--- a/wget.spec
+++ b/wget.spec
@ -17,20 +17,18 @@
 Name:           wget
-Version:        1.13.4
+Version:        1.14
 Release:        0
 Summary:        A Tool for Mirroring FTP and HTTP Servers
 License:        GPL-3.0+
 Group:          Productivity/Networking/Web/Utilities
 Url:            http://www.gnu.org/software/wget/
-Source:         http://ftp.gnu.org/gnu/wget/%name-%version.tar.bz2
+Source:         http://ftp.gnu.org/gnu/wget/%name-%version.tar.xz
 Patch0:         wgetrc.patch
 # PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget
 Patch1:         wget-libproxy.patch
-Patch3:         wget-sni.patch
+Patch5:         wget-1.14-openssl-no-intern.patch
-Patch4:         wget-stdio.h.patch
+Patch6:         wget-1.14-no-ssl-comp.patch
 Patch5:         wget-openssl-no-intern.patch
 Patch6:         wget-no-ssl-comp.patch
 BuildRequires:  libpng-devel
 %if 0%{suse_version} > 1110
 BuildRequires:  libproxy-devel
@ -40,6 +38,7 @@ BuildRequires:  libidn-devel
 BuildRequires:  makeinfo
 BuildRequires:  openssl-devel
 BuildRequires:  pkg-config
 BuildRequires:  xz
 PreReq:         %install_info_prereq
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@ -53,8 +52,6 @@ This can be done in script files or via the command line.
 %if 0%{suse_version} > 1110
 %patch1
 %endif
 %patch3
 %patch4 -p1
 %patch5
 %patch6