Accepting request 174395 from network:utilities

update (forwarded request 174329 from posophe)

OBS-URL: https://build.opensuse.org/request/show/174395
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wget?expand=0&rev=29
This commit is contained in:
Stephan Kulow 2013-05-03 11:52:48 +00:00 committed by Git OBS Bridge
commit fa88c44b5c
9 changed files with 47 additions and 170 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f76518dfd7bcde41b7762df5cc5516bc8a178f122811aba18a64993fb9458881
size 1931885

View File

@ -0,0 +1,13 @@
--- src/openssl.c.orig
+++ src/openssl.c
@@ -241,7 +241,9 @@
/* The OpenSSL library can handle renegotiations automatically, so
tell it to do so. */
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY);
-
+#ifdef SSL_OP_NO_COMPRESSION
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
+#endif
return true;
error:

View File

@ -1,6 +1,6 @@
--- src/openssl.c.orig --- src/openssl.c.orig
+++ src/openssl.c +++ src/openssl.c
@@ -29,6 +29,7 @@ Corresponding Source for a non-source fo @@ -29,6 +29,7 @@
shall include the source code for the parts of OpenSSL used as well shall include the source code for the parts of OpenSSL used as well
as that of the covered work. */ as that of the covered work. */
@ -8,7 +8,7 @@
#include "wget.h" #include "wget.h"
#include <assert.h> #include <assert.h>
@@ -429,7 +430,7 @@ ssl_connect_wget (int fd, const char *ho @@ -425,7 +426,7 @@
if (!SSL_set_fd (conn, FD_TO_SOCKET (fd))) if (!SSL_set_fd (conn, FD_TO_SOCKET (fd)))
goto error; goto error;
SSL_set_connect_state (conn); SSL_set_connect_state (conn);

3
wget-1.14.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1761d7f7c6a2ad6c8d494d239c53f0c17126efb6449ada16dee3a66d87a4147b
size 1584060

View File

@ -1,13 +0,0 @@
--- src/openssl.c.orig
+++ src/openssl.c
@@ -248,6 +248,10 @@ ssl_init ()
/* Keep memory usage as low as possible */
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
#endif
+#ifdef SSL_OP_NO_COMPRESSION
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
+#endif
+
return true;
error:

View File

@ -1,127 +0,0 @@
--- src/host.c
+++ src/host.c
@@ -914,3 +914,19 @@ host_cleanup (void)
host_name_addresses_map = NULL;
}
}
+
+/* Determine whether or not a hostname is an IP address that we recognise. */
+bool
+is_ip_address (const char *name)
+{
+ const char *endp;
+
+ endp = name + strlen(name);
+ if (is_valid_ipv4_address(name, endp))
+ return true;
+#ifdef ENABLE_IPV6
+ if (is_valid_ipv6_address(name, endp))
+ return true;
+#endif
+ return false;
+}
--- src/host.h
+++ src/host.h
@@ -102,5 +102,5 @@ bool accept_domain (struct url *);
bool sufmatch (const char **, const char *);
void host_cleanup (void);
-
+bool is_ip_address(const char *);
#endif /* HOST_H */
--- src/http.c
+++ src/http.c
@@ -1909,7 +1909,7 @@ gethttp (struct url *u, struct http_stat
if (conn->scheme == SCHEME_HTTPS)
{
- if (!ssl_connect_wget (sock))
+ if (!ssl_connect_wget (sock, u->host))
{
fd_close (sock);
return CONSSLERR;
--- src/openssl.c
+++ src/openssl.c
@@ -40,12 +40,12 @@ as that of the covered work. */
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/rand.h>
-
+#include <openssl/engine.h>
#include "utils.h"
#include "connect.h"
#include "url.h"
#include "ssl.h"
-
+#include "host.h"
#ifdef WINDOWS
# include <w32sock.h>
#endif
@@ -175,11 +175,15 @@ ssl_init ()
_("Could not seed PRNG; consider using --random-file.\n"));
goto error;
}
-
+ OPENSSL_config(NULL);
SSL_library_init ();
SSL_load_error_strings ();
SSLeay_add_all_algorithms ();
SSLeay_add_ssl_algorithms ();
+ /* Load all bundled ENGINEs into memory and make them visible */
+ ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+ ENGINE_register_all_complete();
switch (opt.secure_protocol)
{
@@ -239,7 +243,10 @@ ssl_init ()
/* The OpenSSL library can handle renegotiations automatically, so
tell it to do so. */
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY);
-
+#ifdef SSL_MODE_RELEASE_BUFFERS
+ /* Keep memory usage as low as possible */
+ SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
return true;
error:
@@ -393,7 +400,7 @@ static struct transport_implementation o
Returns true on success, false on failure. */
bool
-ssl_connect_wget (int fd)
+ssl_connect_wget (int fd, const char *hostname)
{
SSL *conn;
struct openssl_transport_context *ctx;
@@ -404,6 +411,18 @@ ssl_connect_wget (int fd)
conn = SSL_new (ssl_ctx);
if (!conn)
goto error;
+
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+ /* If the SSL library was build with support for ServerNameIndication
+ then use it whenever we have a hostname. If not, don't, ever. */
+ if (!is_ip_address(hostname))
+ {
+ if (!SSL_set_tlsext_host_name(conn, hostname)) {
+ DEBUGP (("Failed to set TLS server-name indication."));
+ goto error;
+ }
+ }
+#endif
#ifndef FD_TO_SOCKET
# define FD_TO_SOCKET(X) (X)
#endif
--- src/ssl.h
+++ src/ssl.h
@@ -33,7 +33,7 @@ as that of the covered work. */
#define GEN_SSLFUNC_H
bool ssl_init (void);
-bool ssl_connect_wget (int);
+bool ssl_connect_wget (int, const char *);
bool ssl_check_certificate (int, const char *);
#endif /* GEN_SSLFUNC_H */

View File

@ -1,17 +0,0 @@
Index: wget-1.13.4/lib/stdio.in.h
===================================================================
--- wget-1.13.4.orig/lib/stdio.in.h
+++ wget-1.13.4/lib/stdio.in.h
@@ -694,10 +694,12 @@ _GL_CXXALIAS_SYS (gets, char *, (char *s
# undef gets
# endif
_GL_CXXALIASWARN (gets);
+# if HAVE_RAW_DECL_GETS
/* It is very rare that the developer ever has full control of stdin,
so any use of gets warrants an unconditional warning. Assume it is
always declared, since it is required by C89. */
_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+# endif
#endif

View File

@ -1,3 +1,27 @@
-------------------------------------------------------------------
Thu May 2 17:50:50 UTC 2013 - p.drouand@gmail.com
- Update to version 1.14
+ add support for content-on-error. It allows to store the HTTP
payload on 4xx or 5xx errors.
+ add support for WARC files.
+ fix a memory leak problem in the GNU TLS backend.
+ autoreconf works again for distributed tarballs.
+ print some diagnostic messages to stderr not to stdout.
+ report stdout close errors.
+ accept the --report-speed option.
+ enable client certificates when GNU TLS is used.
+ add support for TLS Server Name Indication.
+ accept the arguments --accept-reject and --reject-regex.
+ the GNU TLS backend honors correctly the timeout value.
+ add support for RFC 2617 Digest Access Authentication.
- Drop patchs obsoleted by upstream
+ wget-sni.patch
+ wget-stdio.h.patch
- Rebase patchs to work with upstream
+ wget-openssl-no-intern.patch > wget-1.14-openssl-no-intern.patch
+ wget-no-ssl-comp.patch > wget-1.14-no-ssl-comp.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu May 2 09:49:33 UTC 2013 - seife+obs@b1-systems.com Thu May 2 09:49:33 UTC 2013 - seife+obs@b1-systems.com

View File

@ -17,20 +17,18 @@
Name: wget Name: wget
Version: 1.13.4 Version: 1.14
Release: 0 Release: 0
Summary: A Tool for Mirroring FTP and HTTP Servers Summary: A Tool for Mirroring FTP and HTTP Servers
License: GPL-3.0+ License: GPL-3.0+
Group: Productivity/Networking/Web/Utilities Group: Productivity/Networking/Web/Utilities
Url: http://www.gnu.org/software/wget/ Url: http://www.gnu.org/software/wget/
Source: http://ftp.gnu.org/gnu/wget/%name-%version.tar.bz2 Source: http://ftp.gnu.org/gnu/wget/%name-%version.tar.xz
Patch0: wgetrc.patch Patch0: wgetrc.patch
# PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget # PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget
Patch1: wget-libproxy.patch Patch1: wget-libproxy.patch
Patch3: wget-sni.patch Patch5: wget-1.14-openssl-no-intern.patch
Patch4: wget-stdio.h.patch Patch6: wget-1.14-no-ssl-comp.patch
Patch5: wget-openssl-no-intern.patch
Patch6: wget-no-ssl-comp.patch
BuildRequires: libpng-devel BuildRequires: libpng-devel
%if 0%{suse_version} > 1110 %if 0%{suse_version} > 1110
BuildRequires: libproxy-devel BuildRequires: libproxy-devel
@ -40,6 +38,7 @@ BuildRequires: libidn-devel
BuildRequires: makeinfo BuildRequires: makeinfo
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: pkg-config BuildRequires: pkg-config
BuildRequires: xz
PreReq: %install_info_prereq PreReq: %install_info_prereq
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -53,8 +52,6 @@ This can be done in script files or via the command line.
%if 0%{suse_version} > 1110 %if 0%{suse_version} > 1110
%patch1 %patch1
%endif %endif
%patch3
%patch4 -p1
%patch5 %patch5
%patch6 %patch6