Hello community, here is the log from the commit of package wget for openSUSE:Factory checked in at Sun Oct 16 13:01:46 CEST 2011.
-------- --- openSUSE:Factory/wget/wget.changes 2011-09-23 12:50:33.000000000 +0200 +++ /mounts/work_src_done/STABLE/wget/wget.changes 2011-10-15 20:21:27.000000000 +0200 @@ -1,0 +2,15 @@ +Sat Oct 15 18:19:59 UTC 2011 - [email protected] + +- fix typo in sni patch , in the IPV6 case should be + is_valid_ipv6_address() instead of is_valid_ipv4_address() +- Add comment to the patch referencing upstream tracker. + +------------------------------------------------------------------- +Fri Oct 14 05:01:53 UTC 2011 - [email protected] + +- Update nosslv2 patch with the version in upstream +- Wget now supports SNI (server name indication), patch + based on a 2 year old fix submitted to upstream list + that somehow fell through the cracks. + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- wget-sni.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wget.spec ++++++ --- /var/tmp/diff_new_pack.5uqKhi/_old 2011-10-16 13:01:42.000000000 +0200 +++ /var/tmp/diff_new_pack.5uqKhi/_new 2011-10-16 13:01:42.000000000 +0200 @@ -30,6 +30,7 @@ # PATCH-FEATURE-UPSTREAM wget-libproxy.patch [email protected] -- Add libproxy support to wget Patch1: wget-libproxy.patch Patch2: wget-1.12-nosslv2.patch +Patch3: wget-sni.patch BuildRequires: libpng-devel BuildRequires: libproxy-devel BuildRequires: openssl-devel @@ -47,6 +48,7 @@ %patch0 %patch1 -p1 %patch2 +%patch3 %build ./autogen.sh ++++++ wget-1.12-nosslv2.patch ++++++ --- /var/tmp/diff_new_pack.5uqKhi/_old 2011-10-16 13:01:42.000000000 +0200 +++ /var/tmp/diff_new_pack.5uqKhi/_new 2011-10-16 13:01:42.000000000 +0200 @@ -1,36 +1,7 @@ ---- src/init.c.orig -+++ src/init.c -@@ -1331,7 +1331,9 @@ cmd_spec_secure_protocol (const char *co - { - static const struct decode_item choices[] = { - { "auto", secure_protocol_auto }, -+#ifndef OPENSSL_NO_SSL2 - { "sslv2", secure_protocol_sslv2 }, -+#endif - { "sslv3", secure_protocol_sslv3 }, - { "tlsv1", secure_protocol_tlsv1 }, - }; ---- src/openssl.c.orig -+++ src/openssl.c -@@ -42,6 +42,7 @@ as that of the covered work. */ - #include <openssl/x509.h> - #include <openssl/err.h> - #include <openssl/rand.h> -+#include <openssl/engine.h> - - #include "utils.h" - #include "connect.h" -@@ -178,15 +179,21 @@ ssl_init () - SSL_load_error_strings (); - SSLeay_add_all_algorithms (); - SSLeay_add_ssl_algorithms (); -+/* Load all bundled ENGINEs into memory and make them visible */ -+ ENGINE_load_builtin_engines(); -+/* Register all of them for every algorithm they collectively implement */ -+ ENGINE_register_all_complete(); - - switch (opt.secure_protocol) - { +=== modified file 'src/openssl.c' +--- src/openssl.c 2011-04-04 14:56:51 +0000 ++++ src/openssl.c 2011-04-11 09:08:39 +0000 +@@ -186,9 +186,11 @@ case secure_protocol_auto: meth = SSLv23_client_method (); break; @@ -42,26 +13,4 @@ case secure_protocol_sslv3: meth = SSLv3_client_method (); break; ---- src/options.h.orig -+++ src/options.h -@@ -171,7 +171,9 @@ struct options - #ifdef HAVE_SSL - enum { - secure_protocol_auto, -+#ifndef OPENSSL_NO_SSL2 - secure_protocol_sslv2, -+#endif - secure_protocol_sslv3, - secure_protocol_tlsv1 - } secure_protocol; /* type of secure protocol to use. */ ---- src/iri.c.orig -+++ src/iri.c -@@ -114,7 +114,7 @@ check_encoding_name (char *encoding) - static bool - open_locale_to_utf8 (void) - { -- -+ return true; - } - - /* Try converting string str from locale to UTF-8. Return a new string + ++++++ wget-sni.patch ++++++ https://savannah.gnu.org/bugs/?func=detailitem&item_id=26786 === modified file 'src/host.c' --- src/host.c.orig +++ src/host.c @@ -904,3 +904,19 @@ host_cleanup (void) host_name_addresses_map = NULL; } } + +/* Determine whether or not a hostname is an IP address that we recognise. */ +bool +is_ip_address (const char *name) +{ + const char *endp; + + endp = name + strlen(name); + if (is_valid_ipv4_address(name, endp)) + return true; +#ifdef ENABLE_IPV6 + if (is_valid_ipv6_address(name, endp)) + return true; +#endif + return false; +} --- src/host.h.orig +++ src/host.h @@ -101,5 +101,5 @@ bool accept_domain (struct url *); bool sufmatch (const char **, const char *); void host_cleanup (void); - +bool is_ip_address(const char *); #endif /* HOST_H */ --- src/http.c.orig +++ src/http.c @@ -1762,7 +1762,7 @@ gethttp (struct url *u, struct http_stat if (conn->scheme == SCHEME_HTTPS) { - if (!ssl_connect_wget (sock)) + if (!ssl_connect_wget (sock, u->host)) { fd_close (sock); return CONSSLERR; --- src/openssl.c.orig +++ src/openssl.c @@ -42,12 +42,12 @@ as that of the covered work. */ #include <openssl/x509.h> #include <openssl/err.h> #include <openssl/rand.h> - +#include <openssl/engine.h> #include "utils.h" #include "connect.h" #include "url.h" #include "ssl.h" - +#include "host.h" /* Application-wide SSL context. This is common to all SSL connections. */ static SSL_CTX *ssl_ctx; @@ -173,11 +173,15 @@ ssl_init () _("Could not seed PRNG; consider using --random-file.\n")); goto error; } - + OPENSSL_config(NULL); SSL_library_init (); SSL_load_error_strings (); SSLeay_add_all_algorithms (); SSLeay_add_ssl_algorithms (); + /* Load all bundled ENGINEs into memory and make them visible */ + ENGINE_load_builtin_engines(); + /* Register all of them for every algorithm they collectively implement */ + ENGINE_register_all_complete(); switch (opt.secure_protocol) { @@ -237,7 +241,10 @@ ssl_init () /* The OpenSSL library can handle renegotiations automatically, so tell it to do so. */ SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY); - +#ifdef SSL_MODE_RELEASE_BUFFERS + /* Keep memory usage as low as possible */ + SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS); +#endif return true; error: @@ -392,7 +399,7 @@ static struct transport_implementation o Returns true on success, false on failure. */ bool -ssl_connect_wget (int fd) +ssl_connect_wget (int fd, const char *hostname) { SSL *conn; struct openssl_transport_context *ctx; @@ -403,6 +410,18 @@ ssl_connect_wget (int fd) conn = SSL_new (ssl_ctx); if (!conn) goto error; + +#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) + /* If the SSL library was build with support for ServerNameIndication + then use it whenever we have a hostname. If not, don't, ever. */ + if (!is_ip_address(hostname)) + { + if (!SSL_set_tlsext_host_name(conn, hostname)) { + DEBUGP (("Failed to set TLS server-name indication.")); + goto error; + } + } +#endif if (!SSL_set_fd (conn, fd)) goto error; SSL_set_connect_state (conn); --- src/ssl.h.orig +++ src/ssl.h @@ -33,7 +33,7 @@ as that of the covered work. */ #define GEN_SSLFUNC_H bool ssl_init (void); -bool ssl_connect_wget (int); +bool ssl_connect_wget (int, const char *); bool ssl_check_certificate (int, const char *); #endif /* GEN_SSLFUNC_H */ --- src/iri.c.orig +++ src/iri.c @@ -114,7 +114,7 @@ check_encoding_name (char *encoding) static bool open_locale_to_utf8 (void) { - + return true; } /* Try converting string str from locale to UTF-8. Return a new string continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
