[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/

2024-04-15 Thread Sam James 
commit: e499bab5e3954a68c5f62be43689aa41244067f9
Author: Sam James  gentoo  org>
AuthorDate: Tue Apr 16 02:26:48 2024 +
Commit: Sam James  gentoo  org>
CommitDate: Tue Apr 16 02:26:48 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e499bab5

net-misc/wget: fix build w/ USE="-debug libproxy"

Closes: https://bugs.gentoo.org/930060
Signed-off-by: Sam James  gentoo.org>

 .../wget/files/wget-1.24.5-libproxy-no-debug.patch | 50 ++
 net-misc/wget/wget-1.24.5.ebuild   |  4 ++
 2 files changed, 54 insertions(+)

diff --git a/net-misc/wget/files/wget-1.24.5-libproxy-no-debug.patch 
b/net-misc/wget/files/wget-1.24.5-libproxy-no-debug.patch
new file mode 100644
index ..9f75dc471a16
--- /dev/null
+++ b/net-misc/wget/files/wget-1.24.5-libproxy-no-debug.patch
@@ -0,0 +1,50 @@
+https://bugs.gentoo.org/930060
+https://gitlab.com/gnuwget/wget/-/issues/19
+https://gitlab.com/gnuwget/wget/-/merge_requests/39
+
+From 5f0aa59239c36fc945b94d8ab91562d56e5bf776 Mon Sep 17 00:00:00 2001
+From: Sam James 
+Date: Tue, 16 Apr 2024 03:18:40 +0100
+Subject: [PATCH] Fix libproxy build with --disable-debug
+
+The definition of debug_logprintf in src/log.c is guarded by ENABLE_DEBUG
+(although its prototype is unconditionally available in src/log.h).
+
+The uses of debug_logprintf in src/retr.c aren't guarded by ENABLE_DEBUG.
+
+Use the DEBUGP macro which is designed for this purpose.
+
+* src/retr.c (getproxy): Use DEBUGP macro.
+
+Fixes: https://gitlab.com/gnuwget/wget/-/issues/19
+Copyright-paperwork-exempt: Yes
+--- a/src/retr.c
 b/src/retr.c
+@@ -1498,21 +1498,21 @@ getproxy (struct url *u)
+   pxProxyFactory *pf = px_proxy_factory_new ();
+   if (!pf)
+ {
+-  debug_logprintf ("Allocating memory for libproxy failed");
++  DEBUGP (("Allocating memory for libproxy failed"));
+  return NULL;
+ }
+ 
+-  debug_logprintf ("asking libproxy about url '%s'\n", u->url);
++  DEBUGP (("asking libproxy about url '%s'\n", u->url));
+   char **proxies = px_proxy_factory_get_proxies (pf, u->url);
+   if (proxies)
+ {
+   if (proxies[0])
+ {
+-  debug_logprintf ("libproxy suggest to use '%s'\n", proxies[0]);
++  DEBUGP (("libproxy suggest to use '%s'\n", proxies[0]));
+   if (strcmp (proxies[0], "direct://") != 0)
+ {
+   proxy = xstrdup (proxies[0]);
+-  debug_logprintf ("libproxy setting to use '%s'\n", proxy);
++  DEBUGP (("libproxy setting to use '%s'\n", proxy));
+ }
+ }
+ 
+-- 
+GitLab

diff --git a/net-misc/wget/wget-1.24.5.ebuild b/net-misc/wget/wget-1.24.5.ebuild
index 81f8f939140c..6626e1328e7d 100644
--- a/net-misc/wget/wget-1.24.5.ebuild
+++ b/net-misc/wget/wget-1.24.5.ebuild
@@ -63,6 +63,10 @@ DOCS=( AUTHORS MAILING-LIST NEWS README )
 # gnulib FPs
 QA_CONFIG_IMPL_DECL_SKIP=( unreachable MIN alignof static_assert )
 
+PATCHES=(
+   "${FILESDIR}"/${PN}-1.24.5-libproxy-no-debug.patch
+)
+
 pkg_setup() {
use test && python-any-r1_pkg_setup
 }

[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/

2022-06-08 Thread Sam James 
commit: d00c2c8bd673909c1546d04c1fd122fadd2f00e3
Author: Sam James  gentoo  org>
AuthorDate: Thu Jun  9 00:24:08 2022 +
Commit: Sam James  gentoo  org>
CommitDate: Thu Jun  9 01:20:25 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d00c2c8b

net-misc/wget: backport HSTS fix (32-bit)

Closes: https://bugs.gentoo.org/850676
Signed-off-by: Sam James  gentoo.org>

 net-misc/wget/files/wget-1.21.3-hsts-type.patch | 211 
 net-misc/wget/wget-1.21.3-r1.ebuild | 114 +
 2 files changed, 325 insertions(+)

diff --git a/net-misc/wget/files/wget-1.21.3-hsts-type.patch 
b/net-misc/wget/files/wget-1.21.3-hsts-type.patch
new file mode 100644
index ..bac1330ddc79
--- /dev/null
+++ b/net-misc/wget/files/wget-1.21.3-hsts-type.patch
@@ -0,0 +1,211 @@
+https://bugs.gentoo.org/850676
+https://git.savannah.gnu.org/cgit/wget.git/commit/?id=cb114fbbf73eb687d28b01341c8d4266ffa96c9d
+
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= 
+Date: Sun, 20 Mar 2022 12:18:20 +0100
+Subject: Fix HSTS portability by using int64_t instead of time_t.
+
+* src/hsts.c: Use int64_t instead of time_t.
+* src/http.c: Use int64_t for parsing Strict-Transport-Security.
+--- a/src/hsts.c
 b/src/hsts.c
+@@ -61,8 +61,8 @@ struct hsts_kh {
+ };
+ 
+ struct hsts_kh_info {
+-  time_t created;
+-  time_t max_age;
++  int64_t created;
++  int64_t max_age;
+   bool include_subdomains;
+ };
+ 
+@@ -166,7 +166,7 @@ end:
+ static bool
+ hsts_new_entry_internal (hsts_store_t store,
+  const char *host, int port,
+- time_t created, time_t max_age,
++ int64_t created, int64_t max_age,
+  bool include_subdomains,
+  bool check_validity,
+  bool check_expired,
+@@ -216,21 +216,21 @@ bail:
+ static bool
+ hsts_add_entry (hsts_store_t store,
+ const char *host, int port,
+-time_t max_age, bool include_subdomains)
++int64_t max_age, bool include_subdomains)
+ {
+-  time_t t = time (NULL);
++  int64_t t = (int64_t) time (NULL);
+ 
+   /* It might happen time() returned -1 */
+-  return (t == (time_t)(-1) ?
++  return (t == -1) ?
+   false :
+-  hsts_new_entry_internal (store, host, port, t, max_age, 
include_subdomains, false, true, false));
++  hsts_new_entry_internal (store, host, port, t, max_age, 
include_subdomains, false, true, false);
+ }
+ 
+ /* Creates a new entry, unless an identical one already exists. */
+ static bool
+ hsts_new_entry (hsts_store_t store,
+ const char *host, int port,
+-time_t created, time_t max_age,
++int64_t created, int64_t max_age,
+ bool include_subdomains)
+ {
+   return hsts_new_entry_internal (store, host, port, created, max_age, 
include_subdomains, true, true, true);
+@@ -245,7 +245,7 @@ hsts_remove_entry (hsts_store_t store, struct hsts_kh *kh)
+ static bool
+ hsts_store_merge (hsts_store_t store,
+   const char *host, int port,
+-  time_t created, time_t max_age,
++  int64_t created, int64_t max_age,
+   bool include_subdomains)
+ {
+   enum hsts_kh_match match_type = NO_MATCH;
+@@ -276,11 +276,11 @@ hsts_read_database (hsts_store_t store, FILE *fp, bool 
merge_with_existing_entri
+   size_t len = 0;
+   int items_read;
+   bool result = false;
+-  bool (*func)(hsts_store_t, const char *, int, time_t, time_t, bool);
++  bool (*func)(hsts_store_t, const char *, int, int64_t, int64_t, bool);
+ 
+   char host[256];
+   int port;
+-  time_t created, max_age;
++  int64_t created, max_age;
+   int include_subdomains;
+ 
+   func = (merge_with_existing_entries ? hsts_store_merge : hsts_new_entry);
+@@ -326,10 +326,9 @@ hsts_store_dump (hsts_store_t store, FILE *fp)
+   struct hsts_kh *kh = (struct hsts_kh *) it.key;
+   struct hsts_kh_info *khi = (struct hsts_kh_info *) it.value;
+ 
+-  if (fprintf (fp, "%s\t%d\t%d\t%lu\t%lu\n",
++  if (fprintf (fp, "%s\t%d\t%d\t%" PRId64 "\t%" PRId64 "\n",
+kh->host, kh->explicit_port, khi->include_subdomains,
+-   (unsigned long) khi->created,
+-   (unsigned long) khi->max_age) < 0)
++   khi->created, khi->max_age) < 0)
+ {
+   logprintf (LOG_ALWAYS, "Could not write the HSTS database 
correctly.\n");
+   break;
+@@ -439,7 +438,7 @@ hsts_match (hsts_store_t store, struct url *u)
+ bool
+ hsts_store_entry (hsts_store_t store,
+   enum url_scheme scheme, const char *host, int port,
+-  time_t max_age, bool include_subdomains)
++  int64_t max_age, bool include_subdomains)
+ {
+   bool result = false;
+   enum hsts_kh_match match = NO_MATCH;
+@@ -464,9 +463,9 @@ hsts_store_entry (hsts_store_t store,
+* 'created' field

[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/

2021-01-02 Thread Lars Wendler 
commit: 38e53c2df01940da65e045f5d6b2185b671f9eb0
Author: Lars Wendler  gentoo  org>
AuthorDate: Sat Jan  2 19:43:31 2021 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Sat Jan  2 19:45:56 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38e53c2d

net-misc/wget: Don't use bashisms in configure

Reported-by: Matt Whitlock  mattwhitlock.name>
Closes: https://bugs.gentoo.org/762946
Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Lars Wendler  gentoo.org>

 net-misc/wget/files/wget-1.21-avoid_bashisms.patch | 26 ++
 .../wget/files/wget-1.21-avoid_eautoreconf.patch   | 11 +
 net-misc/wget/wget-1.21-r1.ebuild  |  4 +++-
 3 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/net-misc/wget/files/wget-1.21-avoid_bashisms.patch 
b/net-misc/wget/files/wget-1.21-avoid_bashisms.patch
new file mode 100644
index 000..478621ecb59
--- /dev/null
+++ b/net-misc/wget/files/wget-1.21-avoid_bashisms.patch
@@ -0,0 +1,26 @@
+From a9092887e0e98877a205e9052930692f35fb179e Mon Sep 17 00:00:00 2001
+From: Matt Whitlock 
+Date: Sat, 2 Jan 2021 16:27:57 +0100
+Subject: [PATCH] configure.ac: Don't use bashisms
+
+Gentoo-bug: https://bugs.gentoo.org/762946
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 96adf13b..f6268fd5 100644
+--- a/configure.ac
 b/configure.ac
+@@ -978,7 +978,7 @@ AM_CONDITIONAL([IRI_IS_ENABLED], [test "X$iri" != "Xno"])
+ AM_CONDITIONAL([WITH_SSL], [test "X$with_ssl" != "Xno"])
+ AM_CONDITIONAL([METALINK_IS_ENABLED], [test "X$with_metalink" != "Xno"])
+ AM_CONDITIONAL([WITH_XATTR], [test "X$ENABLE_XATTR" != "Xno"])
+-AM_CONDITIONAL([WITH_NTLM], [test "X$ENABLE_NTLM" == "Xyes"])
++AM_CONDITIONAL([WITH_NTLM], [test "X$ENABLE_NTLM" = "Xyes"])
+ 
+ dnl
+ dnl Create output
+-- 
+2.30.0
+

diff --git a/net-misc/wget/files/wget-1.21-avoid_eautoreconf.patch 
b/net-misc/wget/files/wget-1.21-avoid_eautoreconf.patch
new file mode 100644
index 000..0e02851a257
--- /dev/null
+++ b/net-misc/wget/files/wget-1.21-avoid_eautoreconf.patch
@@ -0,0 +1,11 @@
+--- a/configure
 b/configure
+@@ -55925,7 +55925,7 @@
+   WITH_XATTR_FALSE=
+ fi
+ 
+- if test "X$ENABLE_NTLM" == "Xyes"; then
++ if test "X$ENABLE_NTLM" = "Xyes"; then
+   WITH_NTLM_TRUE=
+   WITH_NTLM_FALSE='#'
+ else

diff --git a/net-misc/wget/wget-1.21-r1.ebuild 
b/net-misc/wget/wget-1.21-r1.ebuild
index 9d919f50edb..392b9c4337c 100644
--- a/net-misc/wget/wget-1.21-r1.ebuild
+++ b/net-misc/wget/wget-1.21-r1.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=7
 
-PYTHON_COMPAT=( python3_{6,7,8} )
+PYTHON_COMPAT=( python3_{6..9} )
 
 inherit flag-o-matic python-any-r1 toolchain-funcs
 
@@ -56,6 +56,8 @@ DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc )
 
 PATCHES=(
"${FILESDIR}"/${P}-gnulib-utime-errno.patch  # 763123, drop next release
+   "${FILESDIR}"/${PN}-1.21-avoid_bashisms.patch #762946
+   "${FILESDIR}"/${PN}-1.21-avoid_eautoreconf.patch
 )
 
 pkg_setup() {

[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/

2019-01-10 Thread Mikle Kolyada 
commit: 16bfff66772642d3ad4278cecf819b20b025a88a
Author: Mikle Kolyada  gentoo  org>
AuthorDate: Thu Jan 10 10:20:18 2019 +
Commit: Mikle Kolyada  gentoo  org>
CommitDate: Thu Jan 10 10:20:18 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16bfff66

net-misc/wget: Security cleanup

Signed-off-by: Mikle Kolyada  gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 net-misc/wget/Manifest |   2 -
 ...t-1.19.5-fix-dot-prefixed-domain-matching.patch |  33 --
 net-misc/wget/wget-1.19.5-r1.ebuild| 119 -
 net-misc/wget/wget-1.20.ebuild | 118 
 4 files changed, 272 deletions(-)

diff --git a/net-misc/wget/Manifest b/net-misc/wget/Manifest
index 7b8ec72207b..8660cb751b2 100644
--- a/net-misc/wget/Manifest
+++ b/net-misc/wget/Manifest
@@ -1,3 +1 @@
-DIST wget-1.19.5.tar.gz 4455797 BLAKE2B 
988b80090ff1f62cb527afb33c03b7c6a68bbc1649d42f62061e05e416bebf5b2e9546ebafad3c9cdbf1199a8d2b84f4427c921f23338b02631da357da9b3d61
 SHA512 
0d4964e0f5adb0c023edc831bde9c9f13f3222f6efc1ce93250d234ab937e92b53921624532fb0e6586151ddfdee6df9a7ca91a2a99b3d16e2e68401c625301b
 DIST wget-1.20.1.tar.gz 4392853 BLAKE2B 
5740fa70064e24a699ba5fc0b6262b372fc877e86fc74bede07bcfe7dcdf6d4a15db7686fc900d8ec90ad3adce8c4af1c00460601c1845da7907f929d8d48447
 SHA512 
855c7e3c45f9020a9fdb30e286ee6a0bdcaa780be3d0dda9ffdae73b562ae1012d4550242f66240407a28076a7054328d4f08a469a0da227a9e3410b8d5f46dc
-DIST wget-1.20.tar.gz 4474641 BLAKE2B 
f9a1fdb1299dcee36467e6a78fc90fb8b17b71d14079b5ce6d60a19a27a2bd4c53fdbd3660cbd2d94a3523d4c5ea517e52f46e4af1be60db885fe79a376b3720
 SHA512 
2e50b9e83c22cb342d85981f89253d9c72bb1a48152c17c4c0b6315683890075f60ad2783e4fa8c2a6d15c53820d9ecb8d0c4b81cfcef4fcc66126ed1cb7ff54

diff --git 
a/net-misc/wget/files/wget-1.19.5-fix-dot-prefixed-domain-matching.patch 
b/net-misc/wget/files/wget-1.19.5-fix-dot-prefixed-domain-matching.patch
deleted file mode 100644
index 129f0b67541..000
--- a/net-misc/wget/files/wget-1.19.5-fix-dot-prefixed-domain-matching.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From fd85ac9cc623847e9d94d9f9241ab34e2c146cbf Mon Sep 17 00:00:00 2001
-From: Luiz Angelo Daros de Luca 
-Date: Thu, 25 Oct 2018 17:39:52 -0300
-Subject: [PATCH] * src/host.c (sufmatch): Fix dot-prefixed domain matching
-
-Current sufmatch does not match when domain is dot-prefixed.
-The example of no_proxy in man (.mit.edu) does use a dot-prefixed
-domain.
-
-Signed-off-by: Luiz Angelo Daros de Luca 
-Copyright-paperwork-exempt: Yes

- src/host.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/host.c b/src/host.c
-index b42cd6e8..2bf848f3 100644
 a/src/host.c
-+++ b/src/host.c
-@@ -1033,8 +1033,9 @@ sufmatch (const char **list, const char *what)
-   /* Domain or subdomain match
-* k == -1: exact match
-* k >= 0 && what[k] == '.': subdomain match
-+   * k >= 0 && list[i][0] == '.': dot-prefixed subdomain match
-*/
--  if (j == -1 && (k == -1 || what[k] == '.'))
-+  if (j == -1 && (k == -1 || what[k] == '.' || list[i][0] == '.'))
- return true;
- }
- 
--- 
-2.18.1
-

diff --git a/net-misc/wget/wget-1.19.5-r1.ebuild 
b/net-misc/wget/wget-1.19.5-r1.ebuild
deleted file mode 100644
index 9e11017f010..000
--- a/net-misc/wget/wget-1.19.5-r1.ebuild
+++ /dev/null
@@ -1,119 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python3_{4,5,6} )
-
-inherit flag-o-matic python-any-r1 toolchain-funcs
-
-DESCRIPTION="Network utility to retrieve files from the WWW"
-HOMEPAGE="https://www.gnu.org/software/wget/;
-SRC_URI="mirror://gnu/wget/${P}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc 
x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux 
~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris 
~x64-solaris ~x86-solaris"
-IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib"
-REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )"
-
-# Force a newer libidn2 to avoid libunistring deps. #612498
-LIB_DEPEND="
-   idn? ( >=net-dns/libidn2-0.14:=[static-libs(+)] )
-   pcre? ( dev-libs/libpcre[static-libs(+)] )
-   ssl? (
-   gnutls? ( net-libs/gnutls:0=[static-libs(+)] )
-   !gnutls? (
-   !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
-   libressl? ( dev-libs/libressl:0=[static-libs(+)] )
-   )
-   )
-   uuid? ( sys-apps/util-linux[static-libs(+)] )
-   zlib? ( sys-libs/zlib[static-libs(+)] )
-"
-RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )"
-DEPEND="
-   ${RDEPEND}
-   app-arch/xz-utils
-   virtual/pkgconfig
-   static? ( ${LIB_DEPEND} )
-   test? (
-

[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/

2018-11-14 Thread Thomas Deutschmann 
commit: c1839c97223aa60fa40c2812c5fe625df2b60564
Author: Thomas Deutschmann  gentoo  org>
AuthorDate: Wed Nov 14 13:23:37 2018 +
Commit: Thomas Deutschmann  gentoo  org>
CommitDate: Wed Nov 14 13:23:37 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1839c97

net-misc/wget: fix dot-prefixed domain matching

Reported-by: Henning Schild  hennsch.de>
Closes: https://github.com/gentoo/gentoo/pull/10416
Package-Manager: Portage-2.3.51, Repoman-2.3.12
RepoMan-Options: --force
Signed-off-by: Thomas Deutschmann  gentoo.org>

 ...t-1.19.5-fix-dot-prefixed-domain-matching.patch | 33 ++
 .../{wget-1.19.5.ebuild => wget-1.19.5-r1.ebuild}  |  4 ++-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git 
a/net-misc/wget/files/wget-1.19.5-fix-dot-prefixed-domain-matching.patch 
b/net-misc/wget/files/wget-1.19.5-fix-dot-prefixed-domain-matching.patch
new file mode 100644
index 000..129f0b67541
--- /dev/null
+++ b/net-misc/wget/files/wget-1.19.5-fix-dot-prefixed-domain-matching.patch
@@ -0,0 +1,33 @@
+From fd85ac9cc623847e9d94d9f9241ab34e2c146cbf Mon Sep 17 00:00:00 2001
+From: Luiz Angelo Daros de Luca 
+Date: Thu, 25 Oct 2018 17:39:52 -0300
+Subject: [PATCH] * src/host.c (sufmatch): Fix dot-prefixed domain matching
+
+Current sufmatch does not match when domain is dot-prefixed.
+The example of no_proxy in man (.mit.edu) does use a dot-prefixed
+domain.
+
+Signed-off-by: Luiz Angelo Daros de Luca 
+Copyright-paperwork-exempt: Yes
+---
+ src/host.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/host.c b/src/host.c
+index b42cd6e8..2bf848f3 100644
+--- a/src/host.c
 b/src/host.c
+@@ -1033,8 +1033,9 @@ sufmatch (const char **list, const char *what)
+   /* Domain or subdomain match
+* k == -1: exact match
+* k >= 0 && what[k] == '.': subdomain match
++   * k >= 0 && list[i][0] == '.': dot-prefixed subdomain match
+*/
+-  if (j == -1 && (k == -1 || what[k] == '.'))
++  if (j == -1 && (k == -1 || what[k] == '.' || list[i][0] == '.'))
+ return true;
+ }
+ 
+-- 
+2.18.1
+

diff --git a/net-misc/wget/wget-1.19.5.ebuild 
b/net-misc/wget/wget-1.19.5-r1.ebuild
similarity index 96%
rename from net-misc/wget/wget-1.19.5.ebuild
rename to net-misc/wget/wget-1.19.5-r1.ebuild
index 15bbc380348..6db7c1194b0 100644
--- a/net-misc/wget/wget-1.19.5.ebuild
+++ b/net-misc/wget/wget-1.19.5-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -49,6 +49,8 @@ DEPEND="
 
 DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc )
 
+PATCHES=( "${FILESDIR}"/${P}-fix-dot-prefixed-domain-matching.patch )
+
 pkg_setup() {
use test && python-any-r1_pkg_setup
 }

[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/

2018-01-21 Thread Lars Wendler 
commit: f84e4cc7ce0c7f989cfe9b7c5eb525a9e622ead6
Author: Lars Wendler  gentoo  org>
AuthorDate: Sun Jan 21 20:06:50 2018 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Sun Jan 21 20:08:04 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f84e4cc7

net-misc/wget: Removed old.

Package-Manager: Portage-2.3.20, Repoman-2.3.6

 net-misc/wget/Manifest |   1 -
 ...-fix-segfault-due-to-derefencing-null-ptr.patch |  66 
 .../wget/files/wget-1.92.2-openssl-1.1.0-r1.patch  |  80 ---
 net-misc/wget/wget-1.19.2-r2.ebuild| 114 -
 4 files changed, 261 deletions(-)

diff --git a/net-misc/wget/Manifest b/net-misc/wget/Manifest
index 3c58342fa16..5002301da68 100644
--- a/net-misc/wget/Manifest
+++ b/net-misc/wget/Manifest
@@ -1,4 +1,3 @@
 DIST wget-1.19.1.tar.xz 2111756 BLAKE2B 
e5dcaa791f78bb2d7de19a6f689430cd692e1232b7392102936e5f3b4e3592861bcfc78e27df0c4b02a9002ce4c755e765a0a51749670464789fc9f07f8787f7
 SHA512 
00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5
-DIST wget-1.19.2.tar.gz 4349267 BLAKE2B 
3622d39ea477d4137bd7f2a443d141d8832e2e1adf4dceb5c396aea782fee31bd69ad2b49771062f25c57e6a21701f844077000dfa175e89eae26cf4c3fdca09
 SHA512 
a0f8afcc0767a8fd1acd64b1b1b27d177bc938e70cc3709c1b3faa6c1426ec926642cd8e49d292cec0268ee507683539b5152072110106de5a728a03efd8cedd
 DIST wget-1.19.3.tar.gz 4311432 BLAKE2B 
7c636465b1fe575531ec6616d27a07d3c4b398dda002eb4199d4c72906f233067a420f1c3a0878b3fe3cb9fae47a12cd50a83098f20f59ca6dd35bc37b1468a6
 SHA512 
8e1cbad2a31880befaf2c079bb17a357a135f6f2402048d27ac367430dbd932ef1b8197fb1002a64474e5480a8d9e41146b5cfd591d204b2f8b0bb240ecddb2c
 DIST wget-1.19.4.tar.gz 4310657 BLAKE2B 
3f2e5a32e897101761d449f079bf9df38e60b68284230553b03280a6262e60b3d0b5af3bd9fdd334d09cac5ed3417c3a7e8736b1710f3a7402a123b4633b95e4
 SHA512 
e84b0c40235b160ade69e18f2f139c782eb2387edc97a847c11dbb906c0273daf6d0ef5afe20360ba965c7da8b5e109f5a45e39ea93d20ec945575203235943a

diff --git 
a/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch
 
b/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch
deleted file mode 100644
index 8a66e08c3e3..000
--- 
a/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 973c26ed7d51052a7b6e120ed1b84e4727e1 Mon Sep 17 00:00:00 2001
-From: Darshit Shah 
-Date: Mon, 6 Nov 2017 10:09:03 +0100
-Subject: Fix Segfault due to derefencing null ptr
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-* src/http.c(gethttp): When Encoding is gzip, ensure that the
-Content-Type Header was actually seen. Without this, the "type" variable
-is null causing a Segfault.
-
-Reported-By: Noël Köthe 

- src/http.c | 30 +++---
- 1 file changed, 19 insertions(+), 11 deletions(-)
-
-diff --git a/src/http.c b/src/http.c
-index 9954848..2a5454f 100644
 a/src/http.c
-+++ b/src/http.c
-@@ -3714,22 +3714,30 @@ gethttp (const struct url *u, struct url 
*original_url, struct http_stat *hs,
-&& opt.compression != compression_none)
- {
-   /* Make sure the Content-Type is not gzip before decompressing */
--  const char * p = strchr (type, '/');
--  if (p == NULL)
--{
--  hs->remote_encoding = ENC_GZIP;
--  hs->local_encoding = ENC_NONE;
--}
--  else
-+  if (type)
- {
--  p++;
--  if (c_tolower(p[0]) == 'x' && p[1] == '-')
--p += 2;
--  if (0 != c_strcasecmp (p, "gzip"))
-+  const char * p = strchr (type, '/');
-+  if (p == NULL)
- {
-   hs->remote_encoding = ENC_GZIP;
-   hs->local_encoding = ENC_NONE;
- }
-+  else
-+{
-+  p++;
-+  if (c_tolower(p[0]) == 'x' && p[1] == '-')
-+p += 2;
-+  if (0 != c_strcasecmp (p, "gzip"))
-+{
-+  hs->remote_encoding = ENC_GZIP;
-+  hs->local_encoding = ENC_NONE;
-+}
-+}
-+}
-+  else
-+{
-+   hs->remote_encoding = ENC_GZIP;
-+   hs->local_encoding = ENC_NONE;
- }
- }
- #endif
--- 
-cgit v1.0-41-gc330
-

diff --git a/net-misc/wget/files/wget-1.92.2-openssl-1.1.0-r1.patch 
b/net-misc/wget/files/wget-1.92.2-openssl-1.1.0-r1.patch
deleted file mode 100644
index 79f33b15759..000
--- a/net-misc/wget/files/wget-1.92.2-openssl-1.1.0-r1.patch
+++ /dev/null
@@ -1,80 +0,0 @@
 a/src/openssl.c
-+++ b/src/openssl.c
-@@ -174,11 +174,16

[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/

2017-12-03 Thread Matt Thode 
commit: bb2668b25a60043cebec65fdcfa9c1082495d7b7
Author: Matthew Thode  gentoo  org>
AuthorDate: Sun Dec  3 23:16:30 2017 +
Commit: Matt Thode  gentoo  org>
CommitDate: Sun Dec  3 23:16:58 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb2668b2

net-misc/wget: fix build on openssl 1.1

Package-Manager: Portage-2.3.14, Repoman-2.3.6

 net-misc/wget/Manifest |   4 +-
 .../wget/files/wget-1.92.2-openssl-1.1.0-r1.patch  |  80 +++
 net-misc/wget/wget-1.19.2-r2.ebuild| 114 +
 3 files changed, 196 insertions(+), 2 deletions(-)

diff --git a/net-misc/wget/Manifest b/net-misc/wget/Manifest
index b0bee83e879..0cd18ff7446 100644
--- a/net-misc/wget/Manifest
+++ b/net-misc/wget/Manifest
@@ -1,2 +1,2 @@
-DIST wget-1.19.1.tar.xz 2111756 SHA256 
0c950b9671881222a4d385b013c9604e98a8025d1988529dfca0e93617744cd2 SHA512 
00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5
 WHIRLPOOL 
2a4bd80f1e7134637227609f532ee3385472a6895ff22efeface42d082072a09abaa5dd2d8653bfdab015de801d31426b01d73ab5dd1a6864b84c29dc8e72462
-DIST wget-1.19.2.tar.gz 4349267 SHA256 
4f4a673b6d466efa50fbfba796bd84a46ae24e370fa562ede5b21ab53c11a920 SHA512 
a0f8afcc0767a8fd1acd64b1b1b27d177bc938e70cc3709c1b3faa6c1426ec926642cd8e49d292cec0268ee507683539b5152072110106de5a728a03efd8cedd
 WHIRLPOOL 
64398a8fc132a21d81d6fd7c97335739525fb8b31eca4aa4aa7048f251691c05ad1f004c36d6e633abf02d174ffefcb2176213e68fefb76bce505d247940af3a
+DIST wget-1.19.1.tar.xz 2111756 BLAKE2B 
e5dcaa791f78bb2d7de19a6f689430cd692e1232b7392102936e5f3b4e3592861bcfc78e27df0c4b02a9002ce4c755e765a0a51749670464789fc9f07f8787f7
 SHA512 
00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5
+DIST wget-1.19.2.tar.gz 4349267 BLAKE2B 
3622d39ea477d4137bd7f2a443d141d8832e2e1adf4dceb5c396aea782fee31bd69ad2b49771062f25c57e6a21701f844077000dfa175e89eae26cf4c3fdca09
 SHA512 
a0f8afcc0767a8fd1acd64b1b1b27d177bc938e70cc3709c1b3faa6c1426ec926642cd8e49d292cec0268ee507683539b5152072110106de5a728a03efd8cedd

diff --git a/net-misc/wget/files/wget-1.92.2-openssl-1.1.0-r1.patch 
b/net-misc/wget/files/wget-1.92.2-openssl-1.1.0-r1.patch
new file mode 100644
index 000..79f33b15759
--- /dev/null
+++ b/net-misc/wget/files/wget-1.92.2-openssl-1.1.0-r1.patch
@@ -0,0 +1,80 @@
+--- a/src/openssl.c
 b/src/openssl.c
+@@ -174,11 +174,16 @@ ssl_init (void)
+ {
+   SSL_METHOD const *meth;
+   long ssl_options = 0;
++#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 
0x1010L)
++  int ssl_proto_version = 0;
++#endif
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x00907000
+   if (ssl_true_initialized == 0)
+ {
++#if OPENSSL_API_COMPAT < 0x1010L
+   OPENSSL_config (NULL);
++#endif
+   ssl_true_initialized = 1;
+ }
+ #endif
+@@ -202,8 +207,12 @@ ssl_init (void)
+   CONF_modules_load_file(NULL, NULL,
+   CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE);
+ #endif
++#if OPENSSL_API_COMPAT >= 0x1010L
++  OPENSSL_init_ssl(0, NULL);
++#else
+   SSL_library_init ();
+   SSL_load_error_strings ();
++#endif
+ #if OPENSSL_VERSION_NUMBER < 0x1010L
+   SSLeay_add_all_algorithms ();
+   SSLeay_add_ssl_algorithms ();
+@@ -229,16 +238,31 @@ ssl_init (void)
+   ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+   break;
+ case secure_protocol_tlsv1:
++#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 
0x1010L)
++  meth = TLS_client_method();
++  ssl_proto_version = TLS1_VERSION;
++#else
+   meth = TLSv1_client_method ();
++#endif
+   break;
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x10001000
+ case secure_protocol_tlsv1_1:
++#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 
0x1010L)
++  meth = TLS_client_method();
++  ssl_proto_version = TLS1_1_VERSION;
++#else
+   meth = TLSv1_1_client_method ();
++#endif
+   break;
+ 
+ case secure_protocol_tlsv1_2:
++#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 
0x1010L)
++  meth = TLS_client_method();
++  ssl_proto_version = TLS1_2_VERSION;
++#else
+   meth = TLSv1_2_client_method ();
++#endif
+   break;
+ #else
+ case secure_protocol_tlsv1_1:
+@@ -262,8 +286,15 @@ ssl_init (void)
+   if (!ssl_ctx)
+ goto error;
+ 
++#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 
0x1010L)
+   if (ssl_options)
+ SSL_CTX_set_options (ssl_ctx, ssl_options);
++#endif
++
++#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER 
>=0x1010L)
++  if (ssl_proto_version)
++SSL_CTX_set_min_proto_version(ssl_ctx, ssl_proto_version);
++#endif
+ 
+   /* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html
+* Since we want a good protection, we also use HIGH (that excludes MD4 
ciphers and some more)

diff

[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/

2017-11-06 Thread Thomas Deutschmann 
commit: 4e301458bf4842213e6e97c12487939e4a299abf
Author: Thomas Deutschmann  gentoo  org>
AuthorDate: Mon Nov  6 21:15:07 2017 +
Commit: Thomas Deutschmann  gentoo  org>
CommitDate: Mon Nov  6 21:15:26 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e301458

net-misc/wget: Rev bump to fix segfault

Bug: http://savannah.gnu.org/bugs/?52349
Closes: https://bugs.gentoo.org/636730
Package-Manager: Portage-2.3.13, Repoman-2.3.4

 ...-fix-segfault-due-to-derefencing-null-ptr.patch |  66 +
 net-misc/wget/wget-1.19.2-r1.ebuild| 109 +
 2 files changed, 175 insertions(+)

diff --git 
a/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch
 
b/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch
new file mode 100644
index 000..8a66e08c3e3
--- /dev/null
+++ 
b/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch
@@ -0,0 +1,66 @@
+From 973c26ed7d51052a7b6e120ed1b84e4727e1 Mon Sep 17 00:00:00 2001
+From: Darshit Shah 
+Date: Mon, 6 Nov 2017 10:09:03 +0100
+Subject: Fix Segfault due to derefencing null ptr
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* src/http.c(gethttp): When Encoding is gzip, ensure that the
+Content-Type Header was actually seen. Without this, the "type" variable
+is null causing a Segfault.
+
+Reported-By: Noël Köthe 
+---
+ src/http.c | 30 +++---
+ 1 file changed, 19 insertions(+), 11 deletions(-)
+
+diff --git a/src/http.c b/src/http.c
+index 9954848..2a5454f 100644
+--- a/src/http.c
 b/src/http.c
+@@ -3714,22 +3714,30 @@ gethttp (const struct url *u, struct url 
*original_url, struct http_stat *hs,
+&& opt.compression != compression_none)
+ {
+   /* Make sure the Content-Type is not gzip before decompressing */
+-  const char * p = strchr (type, '/');
+-  if (p == NULL)
+-{
+-  hs->remote_encoding = ENC_GZIP;
+-  hs->local_encoding = ENC_NONE;
+-}
+-  else
++  if (type)
+ {
+-  p++;
+-  if (c_tolower(p[0]) == 'x' && p[1] == '-')
+-p += 2;
+-  if (0 != c_strcasecmp (p, "gzip"))
++  const char * p = strchr (type, '/');
++  if (p == NULL)
+ {
+   hs->remote_encoding = ENC_GZIP;
+   hs->local_encoding = ENC_NONE;
+ }
++  else
++{
++  p++;
++  if (c_tolower(p[0]) == 'x' && p[1] == '-')
++p += 2;
++  if (0 != c_strcasecmp (p, "gzip"))
++{
++  hs->remote_encoding = ENC_GZIP;
++  hs->local_encoding = ENC_NONE;
++}
++}
++}
++  else
++{
++   hs->remote_encoding = ENC_GZIP;
++   hs->local_encoding = ENC_NONE;
+ }
+ }
+ #endif
+-- 
+cgit v1.0-41-gc330
+

diff --git a/net-misc/wget/wget-1.19.2-r1.ebuild 
b/net-misc/wget/wget-1.19.2-r1.ebuild
new file mode 100644
index 000..112e811986a
--- /dev/null
+++ b/net-misc/wget/wget-1.19.2-r1.ebuild
@@ -0,0 +1,109 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+PYTHON_COMPAT=( python3_{4,5,6} )
+
+inherit flag-o-matic python-any-r1 toolchain-funcs
+
+DESCRIPTION="Network utility to retrieve files from the WWW"
+HOMEPAGE="https://www.gnu.org/software/wget/;
+SRC_URI="mirror://gnu/wget/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux 
~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint 
~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib"
+REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )"
+
+PATCHES=( 
"${FILESDIR}"/${PN}-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch )
+
+# Force a newer libidn2 to avoid libunistring deps. #612498
+LIB_DEPEND="idn? ( >=net-dns/libidn2-0.14[static-libs(+)] )
+   pcre? ( dev-libs/libpcre[static-libs(+)] )
+   ssl? (
+   gnutls? ( net-libs/gnutls:0=[static-libs(+)] )
+   !gnutls? (
+   !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
+   libressl? ( dev-libs/libressl[static-libs(+)] )
+   )
+   )
+   uuid? ( sys-apps/util-linux[static-libs(+)] )
+   zlib? ( sys-libs/zlib[static-libs(+)] )"
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )"
+DEPEND="${RDEPEND}
+   app-arch/xz-utils
+

[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/

2017-06-17 Thread Lars Wendler 
commit: 79c6e0d3c61d35a6669b0091f4548fb199250eb7
Author: Thomas Deutschmann  gentoo  org>
AuthorDate: Sat Jun 17 21:14:02 2017 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Sat Jun 17 21:36:52 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=79c6e0d3

net-misc/wget: Security cleanup (bug #612326)

Package-Manager: Portage-2.3.5, Repoman-2.3.2
Closes: https://github.com/gentoo/gentoo/pull/4954

 net-misc/wget/Manifest |  2 -
 .../wget-1.17.1-gnulib-cygwin-sys_select.patch | 22 -
 net-misc/wget/wget-1.18.ebuild | 99 --
 net-misc/wget/wget-1.19.1.ebuild   | 99 --
 net-misc/wget/wget-1.19.ebuild | 99 --
 5 files changed, 321 deletions(-)

diff --git a/net-misc/wget/Manifest b/net-misc/wget/Manifest
index 21fc31be37f..fb79385186c 100644
--- a/net-misc/wget/Manifest
+++ b/net-misc/wget/Manifest
@@ -1,3 +1 @@
-DIST wget-1.18.tar.xz 1922376 SHA256 
b5b55b75726c04c06fe253daec9329a6f1a3c0c1878e3ea76ebfebc139ea9cc1 SHA512 
a3f6fe2f44a8d797659d55cffaf81eb82b770c96222a0ee29bc4931b13846f8d8b9a07806f2197723c873a1248922d59cca5a81869661d9c6c3107447c184338
 WHIRLPOOL 
a9e467f8bd17909485329103c17a27da345421257ce82fdf77ff2e00bdae50b13570506a1887300868e99b608c71598596ee260d86879aaeddad14cbb5ec634d
 DIST wget-1.19.1.tar.xz 2111756 SHA256 
0c950b9671881222a4d385b013c9604e98a8025d1988529dfca0e93617744cd2 SHA512 
00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5
 WHIRLPOOL 
2a4bd80f1e7134637227609f532ee3385472a6895ff22efeface42d082072a09abaa5dd2d8653bfdab015de801d31426b01d73ab5dd1a6864b84c29dc8e72462
-DIST wget-1.19.tar.xz 2075916 SHA256 
0f1157bbf4daae19f3e1ddb70c6ccb2067feb834a6aa23c9d9daa7f048606384 SHA512 
2dd49d063dc3a210c4959b70ec301bb3ea5c6ba00c9a6407d0b79f8ab5a14534a2a1108b2013ff959e8089f706006d103c8794c6d638b954996873ca3ef481fc
 WHIRLPOOL 
7e272d05713d27d92cd17204adb4824478021c4edebff4bf9c34dda52366adb5afec3897b7571e9533adaca18b7f4b4abdbb75770d1439630dadfd2a9ac13afd

diff --git a/net-misc/wget/files/wget-1.17.1-gnulib-cygwin-sys_select.patch 
b/net-misc/wget/files/wget-1.17.1-gnulib-cygwin-sys_select.patch
deleted file mode 100644
index 07551361793..000
--- a/net-misc/wget/files/wget-1.17.1-gnulib-cygwin-sys_select.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-https://lists.gnu.org/archive/html/bug-gnulib/2016-03/msg00065.html
-
 gnulib/lib/sys_select.in.h.orig2014-08-03 15:31:22.0 +0200
-+++ gnulib/lib/sys_select.in.h 2016-05-19 12:57:51.243064700 +0200
-@@ -81,7 +81,7 @@
-Also, Mac OS X, AIX, HP-UX, IRIX, Solaris, Interix declare select()
-in .
-But avoid namespace pollution on glibc systems.  */
--# ifndef __GLIBC__
-+# if !(defined __GLIBC__ || defined __NEWLIB__)
- #  include 
- # endif
- 
-@@ -102,7 +102,7 @@
-But avoid namespace pollution on glibc systems.
-Do this after the include_next (for the sake of OpenBSD 5.0) but before
-the split double-inclusion guard (for the sake of Solaris).  */
--#if !(defined __GLIBC__ && !defined __UCLIBC__)
-+#if !((defined __GLIBC__ || defined __NEWLIB__) && !defined __UCLIBC__)
- # include 
- #endif
- 

diff --git a/net-misc/wget/wget-1.18.ebuild b/net-misc/wget/wget-1.18.ebuild
deleted file mode 100644
index 1637e995017..000
--- a/net-misc/wget/wget-1.18.ebuild
+++ /dev/null
@@ -1,99 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-PYTHON_COMPAT=( python3_4 )
-
-inherit flag-o-matic python-any-r1 toolchain-funcs eutils
-
-DESCRIPTION="Network utility to retrieve files from the WWW"
-HOMEPAGE="https://www.gnu.org/software/wget/;
-SRC_URI="mirror://gnu/wget/${P}.tar.xz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc 
x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux 
~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris 
~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib"
-REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )"
-
-LIB_DEPEND="idn? ( net-dns/libidn[static-libs(+)] )
-   pcre? ( dev-libs/libpcre[static-libs(+)] )
-   ssl? (
-   gnutls? ( net-libs/gnutls:0=[static-libs(+)] )
-   !gnutls? (
-   !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
-   libressl? ( dev-libs/libressl[static-libs(+)] )
-   )
-   )
-   uuid? ( sys-apps/util-linux[static-libs(+)] )
-   zlib? ( sys-libs/zlib[static-libs(+)] )"
-RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )"
-DEPEND="${RDEPEND}
-   app-arch/xz-utils
-   virtual/pkgconfig
-   static? ( ${LIB_DEPEND} )
-   test? (
-   ${PYTHON_DEPS}
-

[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/

2017-03-11 Thread Lars Wendler 
commit: ae9ba23240bc2dda1b90887732451801b96117f1
Author: Lars Wendler  gentoo  org>
AuthorDate: Sat Mar 11 19:43:33 2017 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Sat Mar 11 19:43:53 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae9ba232

net-misc/wget: Security revbump to fix CRLF injection (bug #612326).

Package-Manager: Portage-2.3.4, Repoman-2.3.2

 .../wget/files/wget-1.19.1-CRLF_injection.patch|  37 
 net-misc/wget/wget-1.19.1-r1.ebuild| 105 +
 2 files changed, 142 insertions(+)

diff --git a/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch 
b/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch
new file mode 100644
index 000..aa4e978cfda
--- /dev/null
+++ b/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch
@@ -0,0 +1,37 @@
+From 4d729e322fae359a1aefaafec1144764a54e8ad4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= 
+Date: Mon, 6 Mar 2017 10:04:22 +0100
+Subject: Fix CRLF injection in Wget host part
+
+* src/url.c (url_parse): Reject control characters in host part of URL
+
+Reported-by: Orange Tsai
+---
+ src/url.c | 11 +++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/url.c b/src/url.c
+index 8f8ff0b..7d36b27 100644
+--- a/src/url.c
 b/src/url.c
+@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, 
bool percent_encode)
+   url_unescape (u->host);
+   host_modified = true;
+ 
++  /* check for invalid control characters in host name */
++  for (p = u->host; *p; p++)
++{
++  if (c_iscntrl(*p))
++{
++  url_free(u);
++  error_code = PE_INVALID_HOST_NAME;
++  goto error;
++}
++}
++
+   /* Apply IDNA regardless of iri->utf8_encode status */
+   if (opt.enable_iri && iri)
+ {
+-- 
+cgit v1.0-41-gc330
+

diff --git a/net-misc/wget/wget-1.19.1-r1.ebuild 
b/net-misc/wget/wget-1.19.1-r1.ebuild
new file mode 100644
index 000..af24c5f197a
--- /dev/null
+++ b/net-misc/wget/wget-1.19.1-r1.ebuild
@@ -0,0 +1,105 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+PYTHON_COMPAT=( python3_{4,5} )
+
+inherit flag-o-matic python-any-r1 toolchain-funcs eutils
+
+DESCRIPTION="Network utility to retrieve files from the WWW"
+HOMEPAGE="https://www.gnu.org/software/wget/;
+SRC_URI="mirror://gnu/wget/${P}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux 
~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint 
~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib"
+REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )"
+
+LIB_DEPEND="idn? ( net-dns/libidn2[static-libs(+)] )
+   pcre? ( dev-libs/libpcre[static-libs(+)] )
+   ssl? (
+   gnutls? ( net-libs/gnutls:0=[static-libs(+)] )
+   !gnutls? (
+   !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
+   libressl? ( dev-libs/libressl[static-libs(+)] )
+   )
+   )
+   uuid? ( sys-apps/util-linux[static-libs(+)] )
+   zlib? ( sys-libs/zlib[static-libs(+)] )"
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )"
+DEPEND="${RDEPEND}
+   app-arch/xz-utils
+   virtual/pkgconfig
+   static? ( ${LIB_DEPEND} )
+   test? (
+   ${PYTHON_DEPS}
+   dev-lang/perl
+   dev-perl/HTTP-Daemon
+   dev-perl/HTTP-Message
+   dev-perl/IO-Socket-SSL
+   )
+   nls? ( sys-devel/gettext )"
+
+DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc )
+
+PATCHES=(
+   "${FILESDIR}"/${P}-CRLF_injection.patch
+)
+
+pkg_setup() {
+   use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+   epatch "${PATCHES[@]}"
+
+   # revert some hack that breaks linking, bug #585924
+   if [[ ${CHOST} == *-darwin* ]] || [[ ${CHOST} == *-solaris* ]] || [[ 
${CHOST} == *-uclibc* ]]; then
+   sed -i \
+   -e 's/^  LIBICONV=$/:/' \
+   configure || die
+   fi
+}
+
+src_configure() {
+   # fix compilation on Solaris, we need filio.h for FIONBIO as used in
+   # the included gnutls -- force ioctl.h to include this header
+   [[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1
+
+   if use static ; then
+   append-ldflags -static
+   tc-export PKG_CONFIG
+   PKG_CONFIG+=" --static"
+   fi
+   econf \
+   --disable-assert \
+   --disable-rpath \
+   $(use_enable debug) \
+   $(use_enable idn iri) \
+   $(use_enable ipv6)

[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/

2016-06-10 Thread Lars Wendler 
commit: 923d7f9355b3f4de6f0559f98e9632c2d42b1c6c
Author: Lars Wendler  gentoo  org>
AuthorDate: Fri Jun 10 06:44:37 2016 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Fri Jun 10 06:50:13 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=923d7f93

net-misc/wget: Removed old.

Package-Manager: portage-2.2.28
Signed-off-by: Lars Wendler  gentoo.org>

 net-misc/wget/Manifest|  1 -
 net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch | 76 --
 net-misc/wget/wget-1.16.3-r1.ebuild   | 91 --
 net-misc/wget/wget-1.16.3-r2.ebuild   | 93 ---
 net-misc/wget/wget-1.17.1.ebuild  | 89 --
 5 files changed, 350 deletions(-)

diff --git a/net-misc/wget/Manifest b/net-misc/wget/Manifest
index a822981..cdb1bc4 100644
--- a/net-misc/wget/Manifest
+++ b/net-misc/wget/Manifest
@@ -1,3 +1,2 @@
-DIST wget-1.16.3.tar.xz 1794148 SHA256 
67f7b7b0f5c14db633e3b18f53172786c001e153d545cfc85d82759c5c2ffb37 SHA512 
2d1fe632bcd116a68ae333278e368cb810081b51d2259ddade602bebf3dd08dee1f51f67c9c7d79d2410e19fe0d48a0b9a1b1a7c7c6eeb47e2840ce6c1a3471c
 WHIRLPOOL 
b8fe9880523fc295b092c3b9ff4f9af58c071f55d516903ded66df67722cd27955ad651f6f2f6032b611e5445dd89b8ff97878443abc04d095c29e76f0564490
 DIST wget-1.17.1.tar.xz 1894140 SHA256 
fe559b61eb9cc01635ac6206a14e02cb51591838c35fa83c7a4aacae0bdd97c9 SHA512 
aa13584c94d0911268aeee9d6c7b1a7de259e0ec0f9daebe767e1f45afba097a6e9de09f370e55ead7acc9faa68f189063ac9e3d2d4a8d490f0b4edb6adc19ba
 WHIRLPOOL 
3efbac1862cb6537ea08eeb95dea2f34ca29f6a170c80961ef3037d411458ac343dfd13f2ff056b528e6591fb282eaf4bf1c2113939b25764c39630510b35cf0
 DIST wget-1.18.tar.xz 1922376 SHA256 
b5b55b75726c04c06fe253daec9329a6f1a3c0c1878e3ea76ebfebc139ea9cc1 SHA512 
a3f6fe2f44a8d797659d55cffaf81eb82b770c96222a0ee29bc4931b13846f8d8b9a07806f2197723c873a1248922d59cca5a81869661d9c6c3107447c184338
 WHIRLPOOL 
a9e467f8bd17909485329103c17a27da345421257ce82fdf77ff2e00bdae50b13570506a1887300868e99b608c71598596ee260d86879aaeddad14cbb5ec634d

diff --git a/net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch 
b/net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch
deleted file mode 100644
index 9936f1e..000
--- a/net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-https://bugs.gentoo.org/560418
-
-fix from upstream
-
-From 075d7556964f5a871a73c22ac4b69f5361295099 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tim=20R=C3=BChsen?= 
-Date: Tue, 11 Aug 2015 16:48:08 +0200
-Subject: [PATCH] Fix IP address exposure in FTP code
-
-* src/ftp.c (getftp): Do not use PORT when PASV fails.
-* tests/FTPServer.px: Add pasv_not_supported server flag.
-* tests/Makefile.am: Add Test-ftp-pasv-not-supported.px
-* tests/Test-ftp-pasv-not-supported.px: New test
-
-Fix IP address exposure when automatically falling back from
-passive mode to active mode (using the PORT command). A behavior that
-may be used to expose a client's privacy even when using a proxy.

- NEWS |  2 ++
- src/ftp.c| 19 +++-
- tests/FTPServer.pm   |  8 +
- tests/Makefile.am|  3 +-
- tests/Test-ftp-pasv-not-supported.px | 60 
- 5 files changed, 84 insertions(+), 8 deletions(-)
- create mode 100755 tests/Test-ftp-pasv-not-supported.px
-
-diff --git a/src/ftp.c b/src/ftp.c
-index 68f1a33..9dab99c 100644
 a/src/ftp.c
-+++ b/src/ftp.c
-@@ -252,7 +252,6 @@ getftp (struct url *u, wgint passed_expected_bytes, wgint 
*qtyread,
-   char *respline, *tms;
-   const char *user, *passwd, *tmrate;
-   int cmd = con->cmd;
--  bool pasv_mode_open = false;
-   wgint expected_bytes = 0;
-   bool got_expected_bytes = false;
-   bool rest_failed = false;
-@@ -883,13 +882,19 @@ Error in server response, closing control 
connection.\n"));
-   ? CONERROR : CONIMPOSSIBLE);
- }
- 
--  pasv_mode_open = true;  /* Flag to avoid accept port */
-   if (!opt.server_response)
- logputs (LOG_VERBOSE, _("done."));
--} /* err==FTP_OK */
--}
-+}
-+  else
-+return err;
- 
--  if (!pasv_mode_open)   /* Try to use a port command if PASV failed */
-+  /*
-+   * We do not want to fall back from PASSIVE mode to ACTIVE mode !
-+   * The reason is the PORT command exposes the client's real IP 
address
-+   * to the server. Bad for someone who relies on privacy via a ftp 
proxy.
-+   */
-+}
-+  else
- {
-   err = ftp_do_port (csock, _sock);
-   /* FTPRERR, WRITEFAILED, bindport (FTPSYSERR), HOSTERR,
-@@ -1148,8 +1153,8 @@ Error in server response, closing control 
connection.\n"));
- }
- 
-   /* If no transmission was required, then everything is OK.  */
--

[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/

2016-03-01 Thread Mike Frysinger 
commit: 885437bfa2b7d96e6aa6dc846f0123051496b5d3
Author: Mike Frysinger  gentoo  org>
AuthorDate: Wed Mar  2 05:31:17 2016 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Wed Mar  2 05:33:30 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=885437bf

net-misc/wget: add upstream fix for progress bar #410529 and use subslots 
w/openssl #576128 and w/gnutls #573936

 .../wget/files/wget-1.17.1-progress-bar-segv.patch | 35 
 net-misc/wget/wget-1.17.1-r1.ebuild| 94 ++
 2 files changed, 129 insertions(+)

diff --git a/net-misc/wget/files/wget-1.17.1-progress-bar-segv.patch 
b/net-misc/wget/files/wget-1.17.1-progress-bar-segv.patch
new file mode 100644
index 000..5cfd41f
--- /dev/null
+++ b/net-misc/wget/files/wget-1.17.1-progress-bar-segv.patch
@@ -0,0 +1,35 @@
+From 7099f4899880eaefc2c40a3dc7693ab4174a819b Mon Sep 17 00:00:00 2001
+From: Darshit Shah 
+Date: Mon, 22 Feb 2016 15:08:15 +0100
+Subject: [PATCH] Sanitize value sent to memset to prevent SEGFAULT
+
+---
+ src/progress.c | 5 +
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/progress.c b/src/progress.c
+index 93f6246..8a5df21 100644
+--- a/src/progress.c
 b/src/progress.c
+@@ -1164,6 +1164,8 @@ create_image (struct bar_progress *bp, double 
dl_total_time, bool done)
+ }
+ 
+   padding = bp->width - count_cols (bp->buffer);
++  assert (padding > 0 && "Padding length became non-positive!");
++  padding = padding > 0 ? padding : 0;
+   memset (p, ' ', padding);
+   p += padding;
+   *p = '\0';
+@@ -1174,6 +1176,9 @@ create_image (struct bar_progress *bp, double 
dl_total_time, bool done)
+* from the release code since we do not want Wget to crash and burn when 
the
+* assertion fails. Instead Wget should continue downloading and display a
+* horrible and irritating progress bar that spams the screen with newlines.
++   *
++   * By default, all assertions are disabled in a Wget build and are enabled
++   * only with the --enable-assert configure option.
+*/
+   assert (count_cols (bp->buffer) == bp->width);
+ }
+-- 
+2.6.2
+

diff --git a/net-misc/wget/wget-1.17.1-r1.ebuild 
b/net-misc/wget/wget-1.17.1-r1.ebuild
new file mode 100644
index 000..7959314
--- /dev/null
+++ b/net-misc/wget/wget-1.17.1-r1.ebuild
@@ -0,0 +1,94 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+PYTHON_COMPAT=( python{3_3,3_4} )
+
+inherit flag-o-matic python-any-r1 toolchain-funcs eutils
+
+DESCRIPTION="Network utility to retrieve files from the WWW"
+HOMEPAGE="https://www.gnu.org/software/wget/;
+SRC_URI="mirror://gnu/wget/${P}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd 
~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux 
~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint 
~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib"
+REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )"
+
+LIB_DEPEND="idn? ( net-dns/libidn[static-libs(+)] )
+   pcre? ( dev-libs/libpcre[static-libs(+)] )
+   ssl? (
+   gnutls? ( net-libs/gnutls:0=[static-libs(+)] )
+   !gnutls? (
+   !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
+   libressl? ( dev-libs/libressl[static-libs(+)] )
+   )
+   )
+   uuid? ( sys-apps/util-linux[static-libs(+)] )
+   zlib? ( sys-libs/zlib[static-libs(+)] )"
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )"
+DEPEND="${RDEPEND}
+   app-arch/xz-utils
+   virtual/pkgconfig
+   static? ( ${LIB_DEPEND} )
+   test? (
+   ${PYTHON_DEPS}
+   dev-lang/perl
+   dev-perl/HTTP-Daemon
+   dev-perl/HTTP-Message
+   dev-perl/IO-Socket-SSL
+   )
+   nls? ( sys-devel/gettext )"
+
+DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc )
+
+pkg_setup() {
+   use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+   epatch "${FILESDIR}"/${P}-progress-bar-segv.patch
+}
+
+src_configure() {
+   # fix compilation on Solaris, we need filio.h for FIONBIO as used in
+   # the included gnutls -- force ioctl.h to include this header
+   [[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1
+
+   if use static ; then
+   append-ldflags -static
+   tc-export PKG_CONFIG
+   PKG_CONFIG+=" --static"
+   fi
+   econf \
+   --disable-assert \
+   --disable-rpath \
+   $(use_with ssl ssl $(usex gnutls gnutls openssl)) \
+   $(use_enable ssl opie) \
+   $(use_enable ssl digest) \
+

[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/

2015-09-14 Thread Mike Frysinger 
commit: ed1e5984dd18412d94ee20624acbdfa10c3f994a
Author: Mike Frysinger  gentoo  org>
AuthorDate: Mon Sep 14 23:11:12 2015 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Mon Sep 14 23:11:18 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed1e5984

net-misc/wget: fix from upstream for pasv ftp behavior #560418

 net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch | 175 ++
 net-misc/wget/wget-1.16.3-r1.ebuild   |  91 +++
 2 files changed, 266 insertions(+)

diff --git a/net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch 
b/net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch
new file mode 100644
index 000..5663502
--- /dev/null
+++ b/net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch
@@ -0,0 +1,175 @@
+https://bugs.gentoo.org/560418
+
+fix from upstream
+
+From 075d7556964f5a871a73c22ac4b69f5361295099 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= 
+Date: Tue, 11 Aug 2015 16:48:08 +0200
+Subject: [PATCH] Fix IP address exposure in FTP code
+
+* src/ftp.c (getftp): Do not use PORT when PASV fails.
+* tests/FTPServer.px: Add pasv_not_supported server flag.
+* tests/Makefile.am: Add Test-ftp-pasv-not-supported.px
+* tests/Test-ftp-pasv-not-supported.px: New test
+
+Fix IP address exposure when automatically falling back from
+passive mode to active mode (using the PORT command). A behavior that
+may be used to expose a client's privacy even when using a proxy.
+---
+ NEWS |  2 ++
+ src/ftp.c| 19 +++-
+ tests/FTPServer.pm   |  8 +
+ tests/Makefile.am|  3 +-
+ tests/Test-ftp-pasv-not-supported.px | 60 
+ 5 files changed, 84 insertions(+), 8 deletions(-)
+ create mode 100755 tests/Test-ftp-pasv-not-supported.px
+
+diff --git a/src/ftp.c b/src/ftp.c
+index 68f1a33..9dab99c 100644
+--- a/src/ftp.c
 b/src/ftp.c
+@@ -252,7 +252,6 @@ getftp (struct url *u, wgint passed_expected_bytes, wgint 
*qtyread,
+   char *respline, *tms;
+   const char *user, *passwd, *tmrate;
+   int cmd = con->cmd;
+-  bool pasv_mode_open = false;
+   wgint expected_bytes = 0;
+   bool got_expected_bytes = false;
+   bool rest_failed = false;
+@@ -883,13 +882,19 @@ Error in server response, closing control 
connection.\n"));
+   ? CONERROR : CONIMPOSSIBLE);
+ }
+ 
+-  pasv_mode_open = true;  /* Flag to avoid accept port */
+   if (!opt.server_response)
+ logputs (LOG_VERBOSE, _("done."));
+-} /* err==FTP_OK */
+-}
++}
++  else
++return err;
+ 
+-  if (!pasv_mode_open)   /* Try to use a port command if PASV failed */
++  /*
++   * We do not want to fall back from PASSIVE mode to ACTIVE mode !
++   * The reason is the PORT command exposes the client's real IP 
address
++   * to the server. Bad for someone who relies on privacy via a ftp 
proxy.
++   */
++}
++  else
+ {
+   err = ftp_do_port (csock, _sock);
+   /* FTPRERR, WRITEFAILED, bindport (FTPSYSERR), HOSTERR,
+@@ -1148,8 +1153,8 @@ Error in server response, closing control 
connection.\n"));
+ }
+ 
+   /* If no transmission was required, then everything is OK.  */
+-  if (!pasv_mode_open)  /* we are not using pasive mode so we need
+-  to accept */
++  if (!opt.ftp_pasv)  /* we are not using passive mode so we need
++ to accept */
+ {
+   /* Wait for the server to connect to the address we're waiting
+  at.  */
+diff --git a/tests/FTPServer.pm b/tests/FTPServer.pm
+index c0a6e47..a5185d6 100644
+--- a/tests/FTPServer.pm
 b/tests/FTPServer.pm
+@@ -740,6 +740,14 @@ sub run
+ last;
+ }
+ 
++if (defined($self->{_server_behavior}{pasv_not_supported})
++&& $cmd eq 'PASV')
++{
++print {$conn->{socket}}
++  "500 PASV not supported.\r\n";
++next;
++}
++
+ # Run the command.
+ &{$command_table->{$cmd}}($conn, $cmd, $rest);
+ }
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 5d387aa..daf162f 100644
+--- a/tests/Makefile.am
 b/tests/Makefile.am
+@@ -127,7 +127,8 @@ PX_TESTS = \
+  Test--start-pos.px \
+  Test--start-pos--continue.px \
+  Test--httpsonly-r.px \
+- Test-204.px
++ Test-204.px \
++ Test-ftp-pasv-not-supported.px
+ 
+ EXTRA_DIST = FTPServer.pm FTPTest.pm HTTPServer.pm HTTPTest.pm \
+  WgetTests.pm WgetFeature.pm WgetFeature.cfg $(PX_TESTS) \
+diff --git a/tests/Test-ftp-pasv-not-supported.px 
b/tests/Test-ftp-pasv-not-supported.px
+new