Accepting request 174329 from home:posophe:branches:network:utilities
update OBS-URL: https://build.opensuse.org/request/show/174329 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=37
This commit is contained in:
parent
1328542cd1
commit
e426f6663a
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:f76518dfd7bcde41b7762df5cc5516bc8a178f122811aba18a64993fb9458881
|
||||
size 1931885
|
13
wget-1.14-no-ssl-comp.patch
Normal file
13
wget-1.14-no-ssl-comp.patch
Normal file
@ -0,0 +1,13 @@
|
||||
--- src/openssl.c.orig
|
||||
+++ src/openssl.c
|
||||
@@ -241,7 +241,9 @@
|
||||
/* The OpenSSL library can handle renegotiations automatically, so
|
||||
tell it to do so. */
|
||||
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY);
|
||||
-
|
||||
+#ifdef SSL_OP_NO_COMPRESSION
|
||||
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
|
||||
+#endif
|
||||
return true;
|
||||
|
||||
error:
|
@ -1,6 +1,6 @@
|
||||
--- src/openssl.c.orig
|
||||
+++ src/openssl.c
|
||||
@@ -29,6 +29,7 @@ Corresponding Source for a non-source fo
|
||||
@@ -29,6 +29,7 @@
|
||||
shall include the source code for the parts of OpenSSL used as well
|
||||
as that of the covered work. */
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
#include "wget.h"
|
||||
|
||||
#include <assert.h>
|
||||
@@ -429,7 +430,7 @@ ssl_connect_wget (int fd, const char *ho
|
||||
@@ -425,7 +426,7 @@
|
||||
if (!SSL_set_fd (conn, FD_TO_SOCKET (fd)))
|
||||
goto error;
|
||||
SSL_set_connect_state (conn);
|
3
wget-1.14.tar.xz
Normal file
3
wget-1.14.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1761d7f7c6a2ad6c8d494d239c53f0c17126efb6449ada16dee3a66d87a4147b
|
||||
size 1584060
|
@ -1,13 +0,0 @@
|
||||
--- src/openssl.c.orig
|
||||
+++ src/openssl.c
|
||||
@@ -248,6 +248,10 @@ ssl_init ()
|
||||
/* Keep memory usage as low as possible */
|
||||
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
|
||||
#endif
|
||||
+#ifdef SSL_OP_NO_COMPRESSION
|
||||
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
|
||||
+#endif
|
||||
+
|
||||
return true;
|
||||
|
||||
error:
|
127
wget-sni.patch
127
wget-sni.patch
@ -1,127 +0,0 @@
|
||||
--- src/host.c
|
||||
+++ src/host.c
|
||||
@@ -914,3 +914,19 @@ host_cleanup (void)
|
||||
host_name_addresses_map = NULL;
|
||||
}
|
||||
}
|
||||
+
|
||||
+/* Determine whether or not a hostname is an IP address that we recognise. */
|
||||
+bool
|
||||
+is_ip_address (const char *name)
|
||||
+{
|
||||
+ const char *endp;
|
||||
+
|
||||
+ endp = name + strlen(name);
|
||||
+ if (is_valid_ipv4_address(name, endp))
|
||||
+ return true;
|
||||
+#ifdef ENABLE_IPV6
|
||||
+ if (is_valid_ipv6_address(name, endp))
|
||||
+ return true;
|
||||
+#endif
|
||||
+ return false;
|
||||
+}
|
||||
--- src/host.h
|
||||
+++ src/host.h
|
||||
@@ -102,5 +102,5 @@ bool accept_domain (struct url *);
|
||||
bool sufmatch (const char **, const char *);
|
||||
|
||||
void host_cleanup (void);
|
||||
-
|
||||
+bool is_ip_address(const char *);
|
||||
#endif /* HOST_H */
|
||||
--- src/http.c
|
||||
+++ src/http.c
|
||||
@@ -1909,7 +1909,7 @@ gethttp (struct url *u, struct http_stat
|
||||
|
||||
if (conn->scheme == SCHEME_HTTPS)
|
||||
{
|
||||
- if (!ssl_connect_wget (sock))
|
||||
+ if (!ssl_connect_wget (sock, u->host))
|
||||
{
|
||||
fd_close (sock);
|
||||
return CONSSLERR;
|
||||
--- src/openssl.c
|
||||
+++ src/openssl.c
|
||||
@@ -40,12 +40,12 @@ as that of the covered work. */
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rand.h>
|
||||
-
|
||||
+#include <openssl/engine.h>
|
||||
#include "utils.h"
|
||||
#include "connect.h"
|
||||
#include "url.h"
|
||||
#include "ssl.h"
|
||||
-
|
||||
+#include "host.h"
|
||||
#ifdef WINDOWS
|
||||
# include <w32sock.h>
|
||||
#endif
|
||||
@@ -175,11 +175,15 @@ ssl_init ()
|
||||
_("Could not seed PRNG; consider using --random-file.\n"));
|
||||
goto error;
|
||||
}
|
||||
-
|
||||
+ OPENSSL_config(NULL);
|
||||
SSL_library_init ();
|
||||
SSL_load_error_strings ();
|
||||
SSLeay_add_all_algorithms ();
|
||||
SSLeay_add_ssl_algorithms ();
|
||||
+ /* Load all bundled ENGINEs into memory and make them visible */
|
||||
+ ENGINE_load_builtin_engines();
|
||||
+ /* Register all of them for every algorithm they collectively implement */
|
||||
+ ENGINE_register_all_complete();
|
||||
|
||||
switch (opt.secure_protocol)
|
||||
{
|
||||
@@ -239,7 +243,10 @@ ssl_init ()
|
||||
/* The OpenSSL library can handle renegotiations automatically, so
|
||||
tell it to do so. */
|
||||
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY);
|
||||
-
|
||||
+#ifdef SSL_MODE_RELEASE_BUFFERS
|
||||
+ /* Keep memory usage as low as possible */
|
||||
+ SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
|
||||
+#endif
|
||||
return true;
|
||||
|
||||
error:
|
||||
@@ -393,7 +400,7 @@ static struct transport_implementation o
|
||||
Returns true on success, false on failure. */
|
||||
|
||||
bool
|
||||
-ssl_connect_wget (int fd)
|
||||
+ssl_connect_wget (int fd, const char *hostname)
|
||||
{
|
||||
SSL *conn;
|
||||
struct openssl_transport_context *ctx;
|
||||
@@ -404,6 +411,18 @@ ssl_connect_wget (int fd)
|
||||
conn = SSL_new (ssl_ctx);
|
||||
if (!conn)
|
||||
goto error;
|
||||
+
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
|
||||
+ /* If the SSL library was build with support for ServerNameIndication
|
||||
+ then use it whenever we have a hostname. If not, don't, ever. */
|
||||
+ if (!is_ip_address(hostname))
|
||||
+ {
|
||||
+ if (!SSL_set_tlsext_host_name(conn, hostname)) {
|
||||
+ DEBUGP (("Failed to set TLS server-name indication."));
|
||||
+ goto error;
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
#ifndef FD_TO_SOCKET
|
||||
# define FD_TO_SOCKET(X) (X)
|
||||
#endif
|
||||
--- src/ssl.h
|
||||
+++ src/ssl.h
|
||||
@@ -33,7 +33,7 @@ as that of the covered work. */
|
||||
#define GEN_SSLFUNC_H
|
||||
|
||||
bool ssl_init (void);
|
||||
-bool ssl_connect_wget (int);
|
||||
+bool ssl_connect_wget (int, const char *);
|
||||
bool ssl_check_certificate (int, const char *);
|
||||
|
||||
#endif /* GEN_SSLFUNC_H */
|
@ -1,17 +0,0 @@
|
||||
Index: wget-1.13.4/lib/stdio.in.h
|
||||
===================================================================
|
||||
--- wget-1.13.4.orig/lib/stdio.in.h
|
||||
+++ wget-1.13.4/lib/stdio.in.h
|
||||
@@ -694,10 +694,12 @@ _GL_CXXALIAS_SYS (gets, char *, (char *s
|
||||
# undef gets
|
||||
# endif
|
||||
_GL_CXXALIASWARN (gets);
|
||||
+# if HAVE_RAW_DECL_GETS
|
||||
/* It is very rare that the developer ever has full control of stdin,
|
||||
so any use of gets warrants an unconditional warning. Assume it is
|
||||
always declared, since it is required by C89. */
|
||||
_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
|
||||
+# endif
|
||||
#endif
|
||||
|
||||
|
24
wget.changes
24
wget.changes
@ -1,3 +1,27 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu May 2 17:50:50 UTC 2013 - p.drouand@gmail.com
|
||||
|
||||
- Update to version 1.14
|
||||
+ add support for content-on-error. It allows to store the HTTP
|
||||
payload on 4xx or 5xx errors.
|
||||
+ add support for WARC files.
|
||||
+ fix a memory leak problem in the GNU TLS backend.
|
||||
+ autoreconf works again for distributed tarballs.
|
||||
+ print some diagnostic messages to stderr not to stdout.
|
||||
+ report stdout close errors.
|
||||
+ accept the --report-speed option.
|
||||
+ enable client certificates when GNU TLS is used.
|
||||
+ add support for TLS Server Name Indication.
|
||||
+ accept the arguments --accept-reject and --reject-regex.
|
||||
+ the GNU TLS backend honors correctly the timeout value.
|
||||
+ add support for RFC 2617 Digest Access Authentication.
|
||||
- Drop patchs obsoleted by upstream
|
||||
+ wget-sni.patch
|
||||
+ wget-stdio.h.patch
|
||||
- Rebase patchs to work with upstream
|
||||
+ wget-openssl-no-intern.patch > wget-1.14-openssl-no-intern.patch
|
||||
+ wget-no-ssl-comp.patch > wget-1.14-no-ssl-comp.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 2 09:49:33 UTC 2013 - seife+obs@b1-systems.com
|
||||
|
||||
|
13
wget.spec
13
wget.spec
@ -17,20 +17,18 @@
|
||||
|
||||
|
||||
Name: wget
|
||||
Version: 1.13.4
|
||||
Version: 1.14
|
||||
Release: 0
|
||||
Summary: A Tool for Mirroring FTP and HTTP Servers
|
||||
License: GPL-3.0+
|
||||
Group: Productivity/Networking/Web/Utilities
|
||||
Url: http://www.gnu.org/software/wget/
|
||||
Source: http://ftp.gnu.org/gnu/wget/%name-%version.tar.bz2
|
||||
Source: http://ftp.gnu.org/gnu/wget/%name-%version.tar.xz
|
||||
Patch0: wgetrc.patch
|
||||
# PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget
|
||||
Patch1: wget-libproxy.patch
|
||||
Patch3: wget-sni.patch
|
||||
Patch4: wget-stdio.h.patch
|
||||
Patch5: wget-openssl-no-intern.patch
|
||||
Patch6: wget-no-ssl-comp.patch
|
||||
Patch5: wget-1.14-openssl-no-intern.patch
|
||||
Patch6: wget-1.14-no-ssl-comp.patch
|
||||
BuildRequires: libpng-devel
|
||||
%if 0%{suse_version} > 1110
|
||||
BuildRequires: libproxy-devel
|
||||
@ -40,6 +38,7 @@ BuildRequires: libidn-devel
|
||||
BuildRequires: makeinfo
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: pkg-config
|
||||
BuildRequires: xz
|
||||
PreReq: %install_info_prereq
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
@ -53,8 +52,6 @@ This can be done in script files or via the command line.
|
||||
%if 0%{suse_version} > 1110
|
||||
%patch1
|
||||
%endif
|
||||
%patch3
|
||||
%patch4 -p1
|
||||
%patch5
|
||||
%patch6
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user