On Tue Oct 31, 2017 at 12:03:22PM +0000, Stuart Henderson wrote: > On 2017/10/31 12:20, Rafael Sadowski wrote: > > Hi All, > > > > Update Wget to the latest stable version 1.19.1. This version includes > > the following CVE patches: > > > > "Fix stack overflow in HTTP protocol handling (CVE-2017-13089)" > > http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f > > > > "Fix heap overflow in HTTP protocol handling (CVE-2017-13090)" > > http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba > > > > 1.19.1 provide only .tar.lz and tar.gz. Since we don't support *.lz, I > > have decided to *.gz > > > > Also please find attached a diff for -stable. > > > > Ok? Feedback? > > > > Best regards, > > > > Rafael Sadowski > > > > > > Index: Makefile > > =================================================================== > > RCS file: /cvs/ports/net/wget/Makefile,v > > retrieving revision 1.72 > > diff -u -p -u -p -r1.72 Makefile > > --- Makefile 22 Feb 2017 02:49:25 -0000 1.72 > > +++ Makefile 31 Oct 2017 10:54:50 -0000 > > @@ -2,7 +2,7 @@ > > > > COMMENT = retrieve files from the web via HTTP, HTTPS and FTP > > > > -DISTNAME = wget-1.19.1 > > +DISTNAME = wget-1.19.2 > > CATEGORIES = net > > > > HOMEPAGE = https://www.gnu.org/software/wget/ > > @@ -17,7 +17,7 @@ LIB_DEPENDS = converters/libunistring \ > > net/libpsl > > > > MASTER_SITES = ${MASTER_SITE_GNU:=wget/} > > -EXTRACT_SUFX = .tar.xz > > +EXTRACT_SUFX = .tar.gz > > .tar.gz is the default, so just remove EXTRACT_SUFX. (We do have support > for .lz but at least for -stable it's easier for people if they don't > have to install a weird compression tool :) > > > -+++ doc/wget.texi Sat Feb 11 16:46:13 2017 > > -@@ -191,14 +191,14 @@ gauge can be customized to your preferences. > > - Most of the features are fully configurable, either through command line > > - options, or via the initialization file @file{.wgetrc} (@pxref{Startup > > - File}). Wget allows you to define @dfn{global} startup files > > --(@file{/usr/local/etc/wgetrc} by default) for site settings. You can also > > -+(@file{${SYSCONFDIR}/wgetrc} by default) for site settings. You can also > > - specify the location of a startup file with the --config option. > > - > > - > > - @ignore > > - @c man begin FILES > > - @table @samp > > --@item /usr/local/etc/wgetrc > > -+@item ${SYSCONFDIR}/wgetrc > > - Default location of the @dfn{global} startup file. > > - > > - @item .wgetrc > > That hunk of the patch needs merging by hand. >
Thanks for the notes. New diff below, plus I removed gettext as MODULE. Index: Makefile =================================================================== RCS file: /cvs/ports/net/wget/Makefile,v retrieving revision 1.72 diff -u -p -u -p -r1.72 Makefile --- Makefile 22 Feb 2017 02:49:25 -0000 1.72 +++ Makefile 31 Oct 2017 16:52:31 -0000 @@ -2,7 +2,7 @@ COMMENT = retrieve files from the web via HTTP, HTTPS and FTP -DISTNAME = wget-1.19.1 +DISTNAME = wget-1.19.2 CATEGORIES = net HOMEPAGE = https://www.gnu.org/software/wget/ @@ -10,16 +10,17 @@ HOMEPAGE = https://www.gnu.org/software/ # GPLv3 PERMIT_PACKAGE_CDROM = Yes -WANTLIB = c crypto idn2 pcre psl ssl unistring z +WANTLIB += c crypto iconv idn2 intl pcre psl ssl unistring z + +BUILD_DEPENDS = devel/gettext-tools + LIB_DEPENDS = converters/libunistring \ + devel/gettext \ devel/libidn2 \ devel/pcre \ net/libpsl MASTER_SITES = ${MASTER_SITE_GNU:=wget/} -EXTRACT_SUFX = .tar.xz - -MODULES = devel/gettext # some regression tests require python3 MODULES += lang/python Index: distinfo =================================================================== RCS file: /cvs/ports/net/wget/distinfo,v retrieving revision 1.19 diff -u -p -u -p -r1.19 distinfo --- distinfo 22 Feb 2017 02:49:25 -0000 1.19 +++ distinfo 31 Oct 2017 16:52:31 -0000 @@ -1,2 +1,2 @@ -SHA256 (wget-1.19.1.tar.xz) = DJULlnGIEiKk04WwE8lgTpioAl0ZiFKd/KDpNhd0TNI= -SIZE (wget-1.19.1.tar.xz) = 2111756 +SHA256 (wget-1.19.2.tar.gz) = T0pnO21GbvpQ+/unlr2EpGriTjcPpWLt5bIatTwRqSA= +SIZE (wget-1.19.2.tar.gz) = 4349267 Index: patches/patch-doc_wget_texi =================================================================== RCS file: /cvs/ports/net/wget/patches/patch-doc_wget_texi,v retrieving revision 1.12 diff -u -p -u -p -r1.12 patch-doc_wget_texi --- patches/patch-doc_wget_texi 22 Feb 2017 02:49:25 -0000 1.12 +++ patches/patch-doc_wget_texi 31 Oct 2017 16:52:31 -0000 @@ -1,15 +1,17 @@ $OpenBSD: patch-doc_wget_texi,v 1.12 2017/02/22 02:49:25 danj Exp $ ---- doc/wget.texi.orig Sat Feb 11 05:45:22 2017 -+++ doc/wget.texi Sat Feb 11 16:46:13 2017 -@@ -191,14 +191,14 @@ gauge can be customized to your preferences. +Index: doc/wget.texi +--- doc/wget.texi.orig ++++ doc/wget.texi +@@ -191,7 +191,7 @@ gauge can be customized to your preferences. Most of the features are fully configurable, either through command line options, or via the initialization file @file{.wgetrc} (@pxref{Startup File}). Wget allows you to define @dfn{global} startup files -(@file{/usr/local/etc/wgetrc} by default) for site settings. You can also +(@file{${SYSCONFDIR}/wgetrc} by default) for site settings. You can also specify the location of a startup file with the --config option. - - + To disable the reading of config files, use --no-config. + If both --config and --no-config are given, --no-config is ignored. +@@ -200,7 +200,7 @@ If both --config and --no-config are given, --no-confi @ignore @c man begin FILES @table @samp @@ -18,7 +20,7 @@ $OpenBSD: patch-doc_wget_texi,v 1.12 201 Default location of the @dfn{global} startup file. @item .wgetrc -@@ -3113,9 +3113,8 @@ commands. +@@ -3143,9 +3143,8 @@ commands. @cindex location of wgetrc When initializing, Wget will look for a @dfn{global} startup file, @@ -30,7 +32,7 @@ $OpenBSD: patch-doc_wget_texi,v 1.12 201 Then it will look for the user's file. If the environmental variable @code{WGETRC} is set, Wget will try to load that file. Failing that, no -@@ -3125,7 +3124,7 @@ If @code{WGETRC} is not set, Wget will try to load @fi +@@ -3155,7 +3154,7 @@ If @code{WGETRC} is not set, Wget will try to load @fi The fact that user's settings are loaded after the system-wide ones means that in case of collision user's wgetrc @emph{overrides} the
