[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/
commit: e499bab5e3954a68c5f62be43689aa41244067f9 Author: Sam James gentoo org> AuthorDate: Tue Apr 16 02:26:48 2024 + Commit: Sam James gentoo org> CommitDate: Tue Apr 16 02:26:48 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e499bab5 net-misc/wget: fix build w/ USE="-debug libproxy" Closes: https://bugs.gentoo.org/930060 Signed-off-by: Sam James gentoo.org> .../wget/files/wget-1.24.5-libproxy-no-debug.patch | 50 ++ net-misc/wget/wget-1.24.5.ebuild | 4 ++ 2 files changed, 54 insertions(+) diff --git a/net-misc/wget/files/wget-1.24.5-libproxy-no-debug.patch b/net-misc/wget/files/wget-1.24.5-libproxy-no-debug.patch new file mode 100644 index ..9f75dc471a16 --- /dev/null +++ b/net-misc/wget/files/wget-1.24.5-libproxy-no-debug.patch @@ -0,0 +1,50 @@ +https://bugs.gentoo.org/930060 +https://gitlab.com/gnuwget/wget/-/issues/19 +https://gitlab.com/gnuwget/wget/-/merge_requests/39 + +From 5f0aa59239c36fc945b94d8ab91562d56e5bf776 Mon Sep 17 00:00:00 2001 +From: Sam James +Date: Tue, 16 Apr 2024 03:18:40 +0100 +Subject: [PATCH] Fix libproxy build with --disable-debug + +The definition of debug_logprintf in src/log.c is guarded by ENABLE_DEBUG +(although its prototype is unconditionally available in src/log.h). + +The uses of debug_logprintf in src/retr.c aren't guarded by ENABLE_DEBUG. + +Use the DEBUGP macro which is designed for this purpose. + +* src/retr.c (getproxy): Use DEBUGP macro. + +Fixes: https://gitlab.com/gnuwget/wget/-/issues/19 +Copyright-paperwork-exempt: Yes +--- a/src/retr.c b/src/retr.c +@@ -1498,21 +1498,21 @@ getproxy (struct url *u) + pxProxyFactory *pf = px_proxy_factory_new (); + if (!pf) + { +- debug_logprintf ("Allocating memory for libproxy failed"); ++ DEBUGP (("Allocating memory for libproxy failed")); + return NULL; + } + +- debug_logprintf ("asking libproxy about url '%s'\n", u->url); ++ DEBUGP (("asking libproxy about url '%s'\n", u->url)); + char **proxies = px_proxy_factory_get_proxies (pf, u->url); + if (proxies) + { + if (proxies[0]) + { +- debug_logprintf ("libproxy suggest to use '%s'\n", proxies[0]); ++ DEBUGP (("libproxy suggest to use '%s'\n", proxies[0])); + if (strcmp (proxies[0], "direct://") != 0) + { + proxy = xstrdup (proxies[0]); +- debug_logprintf ("libproxy setting to use '%s'\n", proxy); ++ DEBUGP (("libproxy setting to use '%s'\n", proxy)); + } + } + +-- +GitLab diff --git a/net-misc/wget/wget-1.24.5.ebuild b/net-misc/wget/wget-1.24.5.ebuild index 81f8f939140c..6626e1328e7d 100644 --- a/net-misc/wget/wget-1.24.5.ebuild +++ b/net-misc/wget/wget-1.24.5.ebuild @@ -63,6 +63,10 @@ DOCS=( AUTHORS MAILING-LIST NEWS README ) # gnulib FPs QA_CONFIG_IMPL_DECL_SKIP=( unreachable MIN alignof static_assert ) +PATCHES=( + "${FILESDIR}"/${PN}-1.24.5-libproxy-no-debug.patch +) + pkg_setup() { use test && python-any-r1_pkg_setup }
[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/
commit: d00c2c8bd673909c1546d04c1fd122fadd2f00e3 Author: Sam James gentoo org> AuthorDate: Thu Jun 9 00:24:08 2022 + Commit: Sam James gentoo org> CommitDate: Thu Jun 9 01:20:25 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d00c2c8b net-misc/wget: backport HSTS fix (32-bit) Closes: https://bugs.gentoo.org/850676 Signed-off-by: Sam James gentoo.org> net-misc/wget/files/wget-1.21.3-hsts-type.patch | 211 net-misc/wget/wget-1.21.3-r1.ebuild | 114 + 2 files changed, 325 insertions(+) diff --git a/net-misc/wget/files/wget-1.21.3-hsts-type.patch b/net-misc/wget/files/wget-1.21.3-hsts-type.patch new file mode 100644 index ..bac1330ddc79 --- /dev/null +++ b/net-misc/wget/files/wget-1.21.3-hsts-type.patch @@ -0,0 +1,211 @@ +https://bugs.gentoo.org/850676 +https://git.savannah.gnu.org/cgit/wget.git/commit/?id=cb114fbbf73eb687d28b01341c8d4266ffa96c9d + +From: =?UTF-8?q?Tim=20R=C3=BChsen?= +Date: Sun, 20 Mar 2022 12:18:20 +0100 +Subject: Fix HSTS portability by using int64_t instead of time_t. + +* src/hsts.c: Use int64_t instead of time_t. +* src/http.c: Use int64_t for parsing Strict-Transport-Security. +--- a/src/hsts.c b/src/hsts.c +@@ -61,8 +61,8 @@ struct hsts_kh { + }; + + struct hsts_kh_info { +- time_t created; +- time_t max_age; ++ int64_t created; ++ int64_t max_age; + bool include_subdomains; + }; + +@@ -166,7 +166,7 @@ end: + static bool + hsts_new_entry_internal (hsts_store_t store, + const char *host, int port, +- time_t created, time_t max_age, ++ int64_t created, int64_t max_age, + bool include_subdomains, + bool check_validity, + bool check_expired, +@@ -216,21 +216,21 @@ bail: + static bool + hsts_add_entry (hsts_store_t store, + const char *host, int port, +-time_t max_age, bool include_subdomains) ++int64_t max_age, bool include_subdomains) + { +- time_t t = time (NULL); ++ int64_t t = (int64_t) time (NULL); + + /* It might happen time() returned -1 */ +- return (t == (time_t)(-1) ? ++ return (t == -1) ? + false : +- hsts_new_entry_internal (store, host, port, t, max_age, include_subdomains, false, true, false)); ++ hsts_new_entry_internal (store, host, port, t, max_age, include_subdomains, false, true, false); + } + + /* Creates a new entry, unless an identical one already exists. */ + static bool + hsts_new_entry (hsts_store_t store, + const char *host, int port, +-time_t created, time_t max_age, ++int64_t created, int64_t max_age, + bool include_subdomains) + { + return hsts_new_entry_internal (store, host, port, created, max_age, include_subdomains, true, true, true); +@@ -245,7 +245,7 @@ hsts_remove_entry (hsts_store_t store, struct hsts_kh *kh) + static bool + hsts_store_merge (hsts_store_t store, + const char *host, int port, +- time_t created, time_t max_age, ++ int64_t created, int64_t max_age, + bool include_subdomains) + { + enum hsts_kh_match match_type = NO_MATCH; +@@ -276,11 +276,11 @@ hsts_read_database (hsts_store_t store, FILE *fp, bool merge_with_existing_entri + size_t len = 0; + int items_read; + bool result = false; +- bool (*func)(hsts_store_t, const char *, int, time_t, time_t, bool); ++ bool (*func)(hsts_store_t, const char *, int, int64_t, int64_t, bool); + + char host[256]; + int port; +- time_t created, max_age; ++ int64_t created, max_age; + int include_subdomains; + + func = (merge_with_existing_entries ? hsts_store_merge : hsts_new_entry); +@@ -326,10 +326,9 @@ hsts_store_dump (hsts_store_t store, FILE *fp) + struct hsts_kh *kh = (struct hsts_kh *) it.key; + struct hsts_kh_info *khi = (struct hsts_kh_info *) it.value; + +- if (fprintf (fp, "%s\t%d\t%d\t%lu\t%lu\n", ++ if (fprintf (fp, "%s\t%d\t%d\t%" PRId64 "\t%" PRId64 "\n", +kh->host, kh->explicit_port, khi->include_subdomains, +- (unsigned long) khi->created, +- (unsigned long) khi->max_age) < 0) ++ khi->created, khi->max_age) < 0) + { + logprintf (LOG_ALWAYS, "Could not write the HSTS database correctly.\n"); + break; +@@ -439,7 +438,7 @@ hsts_match (hsts_store_t store, struct url *u) + bool + hsts_store_entry (hsts_store_t store, + enum url_scheme scheme, const char *host, int port, +- time_t max_age, bool include_subdomains) ++ int64_t max_age, bool include_subdomains) + { + bool result = false; + enum hsts_kh_match match = NO_MATCH; +@@ -464,9 +463,9 @@ hsts_store_entry (hsts_store_t store, +* 'created' field
[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/
commit: 38e53c2df01940da65e045f5d6b2185b671f9eb0 Author: Lars Wendler gentoo org> AuthorDate: Sat Jan 2 19:43:31 2021 + Commit: Lars Wendler gentoo org> CommitDate: Sat Jan 2 19:45:56 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38e53c2d net-misc/wget: Don't use bashisms in configure Reported-by: Matt Whitlock mattwhitlock.name> Closes: https://bugs.gentoo.org/762946 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Lars Wendler gentoo.org> net-misc/wget/files/wget-1.21-avoid_bashisms.patch | 26 ++ .../wget/files/wget-1.21-avoid_eautoreconf.patch | 11 + net-misc/wget/wget-1.21-r1.ebuild | 4 +++- 3 files changed, 40 insertions(+), 1 deletion(-) diff --git a/net-misc/wget/files/wget-1.21-avoid_bashisms.patch b/net-misc/wget/files/wget-1.21-avoid_bashisms.patch new file mode 100644 index 000..478621ecb59 --- /dev/null +++ b/net-misc/wget/files/wget-1.21-avoid_bashisms.patch @@ -0,0 +1,26 @@ +From a9092887e0e98877a205e9052930692f35fb179e Mon Sep 17 00:00:00 2001 +From: Matt Whitlock +Date: Sat, 2 Jan 2021 16:27:57 +0100 +Subject: [PATCH] configure.ac: Don't use bashisms + +Gentoo-bug: https://bugs.gentoo.org/762946 +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 96adf13b..f6268fd5 100644 +--- a/configure.ac b/configure.ac +@@ -978,7 +978,7 @@ AM_CONDITIONAL([IRI_IS_ENABLED], [test "X$iri" != "Xno"]) + AM_CONDITIONAL([WITH_SSL], [test "X$with_ssl" != "Xno"]) + AM_CONDITIONAL([METALINK_IS_ENABLED], [test "X$with_metalink" != "Xno"]) + AM_CONDITIONAL([WITH_XATTR], [test "X$ENABLE_XATTR" != "Xno"]) +-AM_CONDITIONAL([WITH_NTLM], [test "X$ENABLE_NTLM" == "Xyes"]) ++AM_CONDITIONAL([WITH_NTLM], [test "X$ENABLE_NTLM" = "Xyes"]) + + dnl + dnl Create output +-- +2.30.0 + diff --git a/net-misc/wget/files/wget-1.21-avoid_eautoreconf.patch b/net-misc/wget/files/wget-1.21-avoid_eautoreconf.patch new file mode 100644 index 000..0e02851a257 --- /dev/null +++ b/net-misc/wget/files/wget-1.21-avoid_eautoreconf.patch @@ -0,0 +1,11 @@ +--- a/configure b/configure +@@ -55925,7 +55925,7 @@ + WITH_XATTR_FALSE= + fi + +- if test "X$ENABLE_NTLM" == "Xyes"; then ++ if test "X$ENABLE_NTLM" = "Xyes"; then + WITH_NTLM_TRUE= + WITH_NTLM_FALSE='#' + else diff --git a/net-misc/wget/wget-1.21-r1.ebuild b/net-misc/wget/wget-1.21-r1.ebuild index 9d919f50edb..392b9c4337c 100644 --- a/net-misc/wget/wget-1.21-r1.ebuild +++ b/net-misc/wget/wget-1.21-r1.ebuild @@ -3,7 +3,7 @@ EAPI=7 -PYTHON_COMPAT=( python3_{6,7,8} ) +PYTHON_COMPAT=( python3_{6..9} ) inherit flag-o-matic python-any-r1 toolchain-funcs @@ -56,6 +56,8 @@ DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc ) PATCHES=( "${FILESDIR}"/${P}-gnulib-utime-errno.patch # 763123, drop next release + "${FILESDIR}"/${PN}-1.21-avoid_bashisms.patch #762946 + "${FILESDIR}"/${PN}-1.21-avoid_eautoreconf.patch ) pkg_setup() {
[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/
commit: 16bfff66772642d3ad4278cecf819b20b025a88a Author: Mikle Kolyada gentoo org> AuthorDate: Thu Jan 10 10:20:18 2019 + Commit: Mikle Kolyada gentoo org> CommitDate: Thu Jan 10 10:20:18 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16bfff66 net-misc/wget: Security cleanup Signed-off-by: Mikle Kolyada gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-misc/wget/Manifest | 2 - ...t-1.19.5-fix-dot-prefixed-domain-matching.patch | 33 -- net-misc/wget/wget-1.19.5-r1.ebuild| 119 - net-misc/wget/wget-1.20.ebuild | 118 4 files changed, 272 deletions(-) diff --git a/net-misc/wget/Manifest b/net-misc/wget/Manifest index 7b8ec72207b..8660cb751b2 100644 --- a/net-misc/wget/Manifest +++ b/net-misc/wget/Manifest @@ -1,3 +1 @@ -DIST wget-1.19.5.tar.gz 4455797 BLAKE2B 988b80090ff1f62cb527afb33c03b7c6a68bbc1649d42f62061e05e416bebf5b2e9546ebafad3c9cdbf1199a8d2b84f4427c921f23338b02631da357da9b3d61 SHA512 0d4964e0f5adb0c023edc831bde9c9f13f3222f6efc1ce93250d234ab937e92b53921624532fb0e6586151ddfdee6df9a7ca91a2a99b3d16e2e68401c625301b DIST wget-1.20.1.tar.gz 4392853 BLAKE2B 5740fa70064e24a699ba5fc0b6262b372fc877e86fc74bede07bcfe7dcdf6d4a15db7686fc900d8ec90ad3adce8c4af1c00460601c1845da7907f929d8d48447 SHA512 855c7e3c45f9020a9fdb30e286ee6a0bdcaa780be3d0dda9ffdae73b562ae1012d4550242f66240407a28076a7054328d4f08a469a0da227a9e3410b8d5f46dc -DIST wget-1.20.tar.gz 4474641 BLAKE2B f9a1fdb1299dcee36467e6a78fc90fb8b17b71d14079b5ce6d60a19a27a2bd4c53fdbd3660cbd2d94a3523d4c5ea517e52f46e4af1be60db885fe79a376b3720 SHA512 2e50b9e83c22cb342d85981f89253d9c72bb1a48152c17c4c0b6315683890075f60ad2783e4fa8c2a6d15c53820d9ecb8d0c4b81cfcef4fcc66126ed1cb7ff54 diff --git a/net-misc/wget/files/wget-1.19.5-fix-dot-prefixed-domain-matching.patch b/net-misc/wget/files/wget-1.19.5-fix-dot-prefixed-domain-matching.patch deleted file mode 100644 index 129f0b67541..000 --- a/net-misc/wget/files/wget-1.19.5-fix-dot-prefixed-domain-matching.patch +++ /dev/null @@ -1,33 +0,0 @@ -From fd85ac9cc623847e9d94d9f9241ab34e2c146cbf Mon Sep 17 00:00:00 2001 -From: Luiz Angelo Daros de Luca -Date: Thu, 25 Oct 2018 17:39:52 -0300 -Subject: [PATCH] * src/host.c (sufmatch): Fix dot-prefixed domain matching - -Current sufmatch does not match when domain is dot-prefixed. -The example of no_proxy in man (.mit.edu) does use a dot-prefixed -domain. - -Signed-off-by: Luiz Angelo Daros de Luca -Copyright-paperwork-exempt: Yes - src/host.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/host.c b/src/host.c -index b42cd6e8..2bf848f3 100644 a/src/host.c -+++ b/src/host.c -@@ -1033,8 +1033,9 @@ sufmatch (const char **list, const char *what) - /* Domain or subdomain match -* k == -1: exact match -* k >= 0 && what[k] == '.': subdomain match -+ * k >= 0 && list[i][0] == '.': dot-prefixed subdomain match -*/ -- if (j == -1 && (k == -1 || what[k] == '.')) -+ if (j == -1 && (k == -1 || what[k] == '.' || list[i][0] == '.')) - return true; - } - --- -2.18.1 - diff --git a/net-misc/wget/wget-1.19.5-r1.ebuild b/net-misc/wget/wget-1.19.5-r1.ebuild deleted file mode 100644 index 9e11017f010..000 --- a/net-misc/wget/wget-1.19.5-r1.ebuild +++ /dev/null @@ -1,119 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -PYTHON_COMPAT=( python3_{4,5,6} ) - -inherit flag-o-matic python-any-r1 toolchain-funcs - -DESCRIPTION="Network utility to retrieve files from the WWW" -HOMEPAGE="https://www.gnu.org/software/wget/; -SRC_URI="mirror://gnu/wget/${P}.tar.gz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib" -REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )" - -# Force a newer libidn2 to avoid libunistring deps. #612498 -LIB_DEPEND=" - idn? ( >=net-dns/libidn2-0.14:=[static-libs(+)] ) - pcre? ( dev-libs/libpcre[static-libs(+)] ) - ssl? ( - gnutls? ( net-libs/gnutls:0=[static-libs(+)] ) - !gnutls? ( - !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) - libressl? ( dev-libs/libressl:0=[static-libs(+)] ) - ) - ) - uuid? ( sys-apps/util-linux[static-libs(+)] ) - zlib? ( sys-libs/zlib[static-libs(+)] ) -" -RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )" -DEPEND=" - ${RDEPEND} - app-arch/xz-utils - virtual/pkgconfig - static? ( ${LIB_DEPEND} ) - test? ( -
[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/
commit: c1839c97223aa60fa40c2812c5fe625df2b60564 Author: Thomas Deutschmann gentoo org> AuthorDate: Wed Nov 14 13:23:37 2018 + Commit: Thomas Deutschmann gentoo org> CommitDate: Wed Nov 14 13:23:37 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1839c97 net-misc/wget: fix dot-prefixed domain matching Reported-by: Henning Schild hennsch.de> Closes: https://github.com/gentoo/gentoo/pull/10416 Package-Manager: Portage-2.3.51, Repoman-2.3.12 RepoMan-Options: --force Signed-off-by: Thomas Deutschmann gentoo.org> ...t-1.19.5-fix-dot-prefixed-domain-matching.patch | 33 ++ .../{wget-1.19.5.ebuild => wget-1.19.5-r1.ebuild} | 4 ++- 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/net-misc/wget/files/wget-1.19.5-fix-dot-prefixed-domain-matching.patch b/net-misc/wget/files/wget-1.19.5-fix-dot-prefixed-domain-matching.patch new file mode 100644 index 000..129f0b67541 --- /dev/null +++ b/net-misc/wget/files/wget-1.19.5-fix-dot-prefixed-domain-matching.patch @@ -0,0 +1,33 @@ +From fd85ac9cc623847e9d94d9f9241ab34e2c146cbf Mon Sep 17 00:00:00 2001 +From: Luiz Angelo Daros de Luca +Date: Thu, 25 Oct 2018 17:39:52 -0300 +Subject: [PATCH] * src/host.c (sufmatch): Fix dot-prefixed domain matching + +Current sufmatch does not match when domain is dot-prefixed. +The example of no_proxy in man (.mit.edu) does use a dot-prefixed +domain. + +Signed-off-by: Luiz Angelo Daros de Luca +Copyright-paperwork-exempt: Yes +--- + src/host.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/host.c b/src/host.c +index b42cd6e8..2bf848f3 100644 +--- a/src/host.c b/src/host.c +@@ -1033,8 +1033,9 @@ sufmatch (const char **list, const char *what) + /* Domain or subdomain match +* k == -1: exact match +* k >= 0 && what[k] == '.': subdomain match ++ * k >= 0 && list[i][0] == '.': dot-prefixed subdomain match +*/ +- if (j == -1 && (k == -1 || what[k] == '.')) ++ if (j == -1 && (k == -1 || what[k] == '.' || list[i][0] == '.')) + return true; + } + +-- +2.18.1 + diff --git a/net-misc/wget/wget-1.19.5.ebuild b/net-misc/wget/wget-1.19.5-r1.ebuild similarity index 96% rename from net-misc/wget/wget-1.19.5.ebuild rename to net-misc/wget/wget-1.19.5-r1.ebuild index 15bbc380348..6db7c1194b0 100644 --- a/net-misc/wget/wget-1.19.5.ebuild +++ b/net-misc/wget/wget-1.19.5-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2018 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -49,6 +49,8 @@ DEPEND=" DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc ) +PATCHES=( "${FILESDIR}"/${P}-fix-dot-prefixed-domain-matching.patch ) + pkg_setup() { use test && python-any-r1_pkg_setup }
[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/
commit: f84e4cc7ce0c7f989cfe9b7c5eb525a9e622ead6 Author: Lars Wendler gentoo org> AuthorDate: Sun Jan 21 20:06:50 2018 + Commit: Lars Wendler gentoo org> CommitDate: Sun Jan 21 20:08:04 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f84e4cc7 net-misc/wget: Removed old. Package-Manager: Portage-2.3.20, Repoman-2.3.6 net-misc/wget/Manifest | 1 - ...-fix-segfault-due-to-derefencing-null-ptr.patch | 66 .../wget/files/wget-1.92.2-openssl-1.1.0-r1.patch | 80 --- net-misc/wget/wget-1.19.2-r2.ebuild| 114 - 4 files changed, 261 deletions(-) diff --git a/net-misc/wget/Manifest b/net-misc/wget/Manifest index 3c58342fa16..5002301da68 100644 --- a/net-misc/wget/Manifest +++ b/net-misc/wget/Manifest @@ -1,4 +1,3 @@ DIST wget-1.19.1.tar.xz 2111756 BLAKE2B e5dcaa791f78bb2d7de19a6f689430cd692e1232b7392102936e5f3b4e3592861bcfc78e27df0c4b02a9002ce4c755e765a0a51749670464789fc9f07f8787f7 SHA512 00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5 -DIST wget-1.19.2.tar.gz 4349267 BLAKE2B 3622d39ea477d4137bd7f2a443d141d8832e2e1adf4dceb5c396aea782fee31bd69ad2b49771062f25c57e6a21701f844077000dfa175e89eae26cf4c3fdca09 SHA512 a0f8afcc0767a8fd1acd64b1b1b27d177bc938e70cc3709c1b3faa6c1426ec926642cd8e49d292cec0268ee507683539b5152072110106de5a728a03efd8cedd DIST wget-1.19.3.tar.gz 4311432 BLAKE2B 7c636465b1fe575531ec6616d27a07d3c4b398dda002eb4199d4c72906f233067a420f1c3a0878b3fe3cb9fae47a12cd50a83098f20f59ca6dd35bc37b1468a6 SHA512 8e1cbad2a31880befaf2c079bb17a357a135f6f2402048d27ac367430dbd932ef1b8197fb1002a64474e5480a8d9e41146b5cfd591d204b2f8b0bb240ecddb2c DIST wget-1.19.4.tar.gz 4310657 BLAKE2B 3f2e5a32e897101761d449f079bf9df38e60b68284230553b03280a6262e60b3d0b5af3bd9fdd334d09cac5ed3417c3a7e8736b1710f3a7402a123b4633b95e4 SHA512 e84b0c40235b160ade69e18f2f139c782eb2387edc97a847c11dbb906c0273daf6d0ef5afe20360ba965c7da8b5e109f5a45e39ea93d20ec945575203235943a diff --git a/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch b/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch deleted file mode 100644 index 8a66e08c3e3..000 --- a/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 973c26ed7d51052a7b6e120ed1b84e4727e1 Mon Sep 17 00:00:00 2001 -From: Darshit Shah-Date: Mon, 6 Nov 2017 10:09:03 +0100 -Subject: Fix Segfault due to derefencing null ptr -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -* src/http.c(gethttp): When Encoding is gzip, ensure that the -Content-Type Header was actually seen. Without this, the "type" variable -is null causing a Segfault. - -Reported-By: Noël Köthe - src/http.c | 30 +++--- - 1 file changed, 19 insertions(+), 11 deletions(-) - -diff --git a/src/http.c b/src/http.c -index 9954848..2a5454f 100644 a/src/http.c -+++ b/src/http.c -@@ -3714,22 +3714,30 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs, -&& opt.compression != compression_none) - { - /* Make sure the Content-Type is not gzip before decompressing */ -- const char * p = strchr (type, '/'); -- if (p == NULL) --{ -- hs->remote_encoding = ENC_GZIP; -- hs->local_encoding = ENC_NONE; --} -- else -+ if (type) - { -- p++; -- if (c_tolower(p[0]) == 'x' && p[1] == '-') --p += 2; -- if (0 != c_strcasecmp (p, "gzip")) -+ const char * p = strchr (type, '/'); -+ if (p == NULL) - { - hs->remote_encoding = ENC_GZIP; - hs->local_encoding = ENC_NONE; - } -+ else -+{ -+ p++; -+ if (c_tolower(p[0]) == 'x' && p[1] == '-') -+p += 2; -+ if (0 != c_strcasecmp (p, "gzip")) -+{ -+ hs->remote_encoding = ENC_GZIP; -+ hs->local_encoding = ENC_NONE; -+} -+} -+} -+ else -+{ -+ hs->remote_encoding = ENC_GZIP; -+ hs->local_encoding = ENC_NONE; - } - } - #endif --- -cgit v1.0-41-gc330 - diff --git a/net-misc/wget/files/wget-1.92.2-openssl-1.1.0-r1.patch b/net-misc/wget/files/wget-1.92.2-openssl-1.1.0-r1.patch deleted file mode 100644 index 79f33b15759..000 --- a/net-misc/wget/files/wget-1.92.2-openssl-1.1.0-r1.patch +++ /dev/null @@ -1,80 +0,0 @@ a/src/openssl.c -+++ b/src/openssl.c -@@ -174,11 +174,16
[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/
commit: bb2668b25a60043cebec65fdcfa9c1082495d7b7 Author: Matthew Thode gentoo org> AuthorDate: Sun Dec 3 23:16:30 2017 + Commit: Matt Thode gentoo org> CommitDate: Sun Dec 3 23:16:58 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb2668b2 net-misc/wget: fix build on openssl 1.1 Package-Manager: Portage-2.3.14, Repoman-2.3.6 net-misc/wget/Manifest | 4 +- .../wget/files/wget-1.92.2-openssl-1.1.0-r1.patch | 80 +++ net-misc/wget/wget-1.19.2-r2.ebuild| 114 + 3 files changed, 196 insertions(+), 2 deletions(-) diff --git a/net-misc/wget/Manifest b/net-misc/wget/Manifest index b0bee83e879..0cd18ff7446 100644 --- a/net-misc/wget/Manifest +++ b/net-misc/wget/Manifest @@ -1,2 +1,2 @@ -DIST wget-1.19.1.tar.xz 2111756 SHA256 0c950b9671881222a4d385b013c9604e98a8025d1988529dfca0e93617744cd2 SHA512 00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5 WHIRLPOOL 2a4bd80f1e7134637227609f532ee3385472a6895ff22efeface42d082072a09abaa5dd2d8653bfdab015de801d31426b01d73ab5dd1a6864b84c29dc8e72462 -DIST wget-1.19.2.tar.gz 4349267 SHA256 4f4a673b6d466efa50fbfba796bd84a46ae24e370fa562ede5b21ab53c11a920 SHA512 a0f8afcc0767a8fd1acd64b1b1b27d177bc938e70cc3709c1b3faa6c1426ec926642cd8e49d292cec0268ee507683539b5152072110106de5a728a03efd8cedd WHIRLPOOL 64398a8fc132a21d81d6fd7c97335739525fb8b31eca4aa4aa7048f251691c05ad1f004c36d6e633abf02d174ffefcb2176213e68fefb76bce505d247940af3a +DIST wget-1.19.1.tar.xz 2111756 BLAKE2B e5dcaa791f78bb2d7de19a6f689430cd692e1232b7392102936e5f3b4e3592861bcfc78e27df0c4b02a9002ce4c755e765a0a51749670464789fc9f07f8787f7 SHA512 00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5 +DIST wget-1.19.2.tar.gz 4349267 BLAKE2B 3622d39ea477d4137bd7f2a443d141d8832e2e1adf4dceb5c396aea782fee31bd69ad2b49771062f25c57e6a21701f844077000dfa175e89eae26cf4c3fdca09 SHA512 a0f8afcc0767a8fd1acd64b1b1b27d177bc938e70cc3709c1b3faa6c1426ec926642cd8e49d292cec0268ee507683539b5152072110106de5a728a03efd8cedd diff --git a/net-misc/wget/files/wget-1.92.2-openssl-1.1.0-r1.patch b/net-misc/wget/files/wget-1.92.2-openssl-1.1.0-r1.patch new file mode 100644 index 000..79f33b15759 --- /dev/null +++ b/net-misc/wget/files/wget-1.92.2-openssl-1.1.0-r1.patch @@ -0,0 +1,80 @@ +--- a/src/openssl.c b/src/openssl.c +@@ -174,11 +174,16 @@ ssl_init (void) + { + SSL_METHOD const *meth; + long ssl_options = 0; ++#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010L) ++ int ssl_proto_version = 0; ++#endif + + #if OPENSSL_VERSION_NUMBER >= 0x00907000 + if (ssl_true_initialized == 0) + { ++#if OPENSSL_API_COMPAT < 0x1010L + OPENSSL_config (NULL); ++#endif + ssl_true_initialized = 1; + } + #endif +@@ -202,8 +207,12 @@ ssl_init (void) + CONF_modules_load_file(NULL, NULL, + CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE); + #endif ++#if OPENSSL_API_COMPAT >= 0x1010L ++ OPENSSL_init_ssl(0, NULL); ++#else + SSL_library_init (); + SSL_load_error_strings (); ++#endif + #if OPENSSL_VERSION_NUMBER < 0x1010L + SSLeay_add_all_algorithms (); + SSLeay_add_ssl_algorithms (); +@@ -229,16 +238,31 @@ ssl_init (void) + ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + break; + case secure_protocol_tlsv1: ++#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010L) ++ meth = TLS_client_method(); ++ ssl_proto_version = TLS1_VERSION; ++#else + meth = TLSv1_client_method (); ++#endif + break; + + #if OPENSSL_VERSION_NUMBER >= 0x10001000 + case secure_protocol_tlsv1_1: ++#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010L) ++ meth = TLS_client_method(); ++ ssl_proto_version = TLS1_1_VERSION; ++#else + meth = TLSv1_1_client_method (); ++#endif + break; + + case secure_protocol_tlsv1_2: ++#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010L) ++ meth = TLS_client_method(); ++ ssl_proto_version = TLS1_2_VERSION; ++#else + meth = TLSv1_2_client_method (); ++#endif + break; + #else + case secure_protocol_tlsv1_1: +@@ -262,8 +286,15 @@ ssl_init (void) + if (!ssl_ctx) + goto error; + ++#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010L) + if (ssl_options) + SSL_CTX_set_options (ssl_ctx, ssl_options); ++#endif ++ ++#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >=0x1010L) ++ if (ssl_proto_version) ++SSL_CTX_set_min_proto_version(ssl_ctx, ssl_proto_version); ++#endif + + /* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html +* Since we want a good protection, we also use HIGH (that excludes MD4 ciphers and some more) diff
[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/
commit: 4e301458bf4842213e6e97c12487939e4a299abf Author: Thomas Deutschmann gentoo org> AuthorDate: Mon Nov 6 21:15:07 2017 + Commit: Thomas Deutschmann gentoo org> CommitDate: Mon Nov 6 21:15:26 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e301458 net-misc/wget: Rev bump to fix segfault Bug: http://savannah.gnu.org/bugs/?52349 Closes: https://bugs.gentoo.org/636730 Package-Manager: Portage-2.3.13, Repoman-2.3.4 ...-fix-segfault-due-to-derefencing-null-ptr.patch | 66 + net-misc/wget/wget-1.19.2-r1.ebuild| 109 + 2 files changed, 175 insertions(+) diff --git a/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch b/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch new file mode 100644 index 000..8a66e08c3e3 --- /dev/null +++ b/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch @@ -0,0 +1,66 @@ +From 973c26ed7d51052a7b6e120ed1b84e4727e1 Mon Sep 17 00:00:00 2001 +From: Darshit Shah+Date: Mon, 6 Nov 2017 10:09:03 +0100 +Subject: Fix Segfault due to derefencing null ptr +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* src/http.c(gethttp): When Encoding is gzip, ensure that the +Content-Type Header was actually seen. Without this, the "type" variable +is null causing a Segfault. + +Reported-By: Noël Köthe +--- + src/http.c | 30 +++--- + 1 file changed, 19 insertions(+), 11 deletions(-) + +diff --git a/src/http.c b/src/http.c +index 9954848..2a5454f 100644 +--- a/src/http.c b/src/http.c +@@ -3714,22 +3714,30 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs, +&& opt.compression != compression_none) + { + /* Make sure the Content-Type is not gzip before decompressing */ +- const char * p = strchr (type, '/'); +- if (p == NULL) +-{ +- hs->remote_encoding = ENC_GZIP; +- hs->local_encoding = ENC_NONE; +-} +- else ++ if (type) + { +- p++; +- if (c_tolower(p[0]) == 'x' && p[1] == '-') +-p += 2; +- if (0 != c_strcasecmp (p, "gzip")) ++ const char * p = strchr (type, '/'); ++ if (p == NULL) + { + hs->remote_encoding = ENC_GZIP; + hs->local_encoding = ENC_NONE; + } ++ else ++{ ++ p++; ++ if (c_tolower(p[0]) == 'x' && p[1] == '-') ++p += 2; ++ if (0 != c_strcasecmp (p, "gzip")) ++{ ++ hs->remote_encoding = ENC_GZIP; ++ hs->local_encoding = ENC_NONE; ++} ++} ++} ++ else ++{ ++ hs->remote_encoding = ENC_GZIP; ++ hs->local_encoding = ENC_NONE; + } + } + #endif +-- +cgit v1.0-41-gc330 + diff --git a/net-misc/wget/wget-1.19.2-r1.ebuild b/net-misc/wget/wget-1.19.2-r1.ebuild new file mode 100644 index 000..112e811986a --- /dev/null +++ b/net-misc/wget/wget-1.19.2-r1.ebuild @@ -0,0 +1,109 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +PYTHON_COMPAT=( python3_{4,5,6} ) + +inherit flag-o-matic python-any-r1 toolchain-funcs + +DESCRIPTION="Network utility to retrieve files from the WWW" +HOMEPAGE="https://www.gnu.org/software/wget/; +SRC_URI="mirror://gnu/wget/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib" +REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )" + +PATCHES=( "${FILESDIR}"/${PN}-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch ) + +# Force a newer libidn2 to avoid libunistring deps. #612498 +LIB_DEPEND="idn? ( >=net-dns/libidn2-0.14[static-libs(+)] ) + pcre? ( dev-libs/libpcre[static-libs(+)] ) + ssl? ( + gnutls? ( net-libs/gnutls:0=[static-libs(+)] ) + !gnutls? ( + !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) + libressl? ( dev-libs/libressl[static-libs(+)] ) + ) + ) + uuid? ( sys-apps/util-linux[static-libs(+)] ) + zlib? ( sys-libs/zlib[static-libs(+)] )" +RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )" +DEPEND="${RDEPEND} + app-arch/xz-utils +
[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/
commit: 79c6e0d3c61d35a6669b0091f4548fb199250eb7 Author: Thomas Deutschmann gentoo org> AuthorDate: Sat Jun 17 21:14:02 2017 + Commit: Lars Wendler gentoo org> CommitDate: Sat Jun 17 21:36:52 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=79c6e0d3 net-misc/wget: Security cleanup (bug #612326) Package-Manager: Portage-2.3.5, Repoman-2.3.2 Closes: https://github.com/gentoo/gentoo/pull/4954 net-misc/wget/Manifest | 2 - .../wget-1.17.1-gnulib-cygwin-sys_select.patch | 22 - net-misc/wget/wget-1.18.ebuild | 99 -- net-misc/wget/wget-1.19.1.ebuild | 99 -- net-misc/wget/wget-1.19.ebuild | 99 -- 5 files changed, 321 deletions(-) diff --git a/net-misc/wget/Manifest b/net-misc/wget/Manifest index 21fc31be37f..fb79385186c 100644 --- a/net-misc/wget/Manifest +++ b/net-misc/wget/Manifest @@ -1,3 +1 @@ -DIST wget-1.18.tar.xz 1922376 SHA256 b5b55b75726c04c06fe253daec9329a6f1a3c0c1878e3ea76ebfebc139ea9cc1 SHA512 a3f6fe2f44a8d797659d55cffaf81eb82b770c96222a0ee29bc4931b13846f8d8b9a07806f2197723c873a1248922d59cca5a81869661d9c6c3107447c184338 WHIRLPOOL a9e467f8bd17909485329103c17a27da345421257ce82fdf77ff2e00bdae50b13570506a1887300868e99b608c71598596ee260d86879aaeddad14cbb5ec634d DIST wget-1.19.1.tar.xz 2111756 SHA256 0c950b9671881222a4d385b013c9604e98a8025d1988529dfca0e93617744cd2 SHA512 00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5 WHIRLPOOL 2a4bd80f1e7134637227609f532ee3385472a6895ff22efeface42d082072a09abaa5dd2d8653bfdab015de801d31426b01d73ab5dd1a6864b84c29dc8e72462 -DIST wget-1.19.tar.xz 2075916 SHA256 0f1157bbf4daae19f3e1ddb70c6ccb2067feb834a6aa23c9d9daa7f048606384 SHA512 2dd49d063dc3a210c4959b70ec301bb3ea5c6ba00c9a6407d0b79f8ab5a14534a2a1108b2013ff959e8089f706006d103c8794c6d638b954996873ca3ef481fc WHIRLPOOL 7e272d05713d27d92cd17204adb4824478021c4edebff4bf9c34dda52366adb5afec3897b7571e9533adaca18b7f4b4abdbb75770d1439630dadfd2a9ac13afd diff --git a/net-misc/wget/files/wget-1.17.1-gnulib-cygwin-sys_select.patch b/net-misc/wget/files/wget-1.17.1-gnulib-cygwin-sys_select.patch deleted file mode 100644 index 07551361793..000 --- a/net-misc/wget/files/wget-1.17.1-gnulib-cygwin-sys_select.patch +++ /dev/null @@ -1,22 +0,0 @@ -https://lists.gnu.org/archive/html/bug-gnulib/2016-03/msg00065.html - gnulib/lib/sys_select.in.h.orig2014-08-03 15:31:22.0 +0200 -+++ gnulib/lib/sys_select.in.h 2016-05-19 12:57:51.243064700 +0200 -@@ -81,7 +81,7 @@ -Also, Mac OS X, AIX, HP-UX, IRIX, Solaris, Interix declare select() -in . -But avoid namespace pollution on glibc systems. */ --# ifndef __GLIBC__ -+# if !(defined __GLIBC__ || defined __NEWLIB__) - # include - # endif - -@@ -102,7 +102,7 @@ -But avoid namespace pollution on glibc systems. -Do this after the include_next (for the sake of OpenBSD 5.0) but before -the split double-inclusion guard (for the sake of Solaris). */ --#if !(defined __GLIBC__ && !defined __UCLIBC__) -+#if !((defined __GLIBC__ || defined __NEWLIB__) && !defined __UCLIBC__) - # include - #endif - diff --git a/net-misc/wget/wget-1.18.ebuild b/net-misc/wget/wget-1.18.ebuild deleted file mode 100644 index 1637e995017..000 --- a/net-misc/wget/wget-1.18.ebuild +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="5" - -PYTHON_COMPAT=( python3_4 ) - -inherit flag-o-matic python-any-r1 toolchain-funcs eutils - -DESCRIPTION="Network utility to retrieve files from the WWW" -HOMEPAGE="https://www.gnu.org/software/wget/; -SRC_URI="mirror://gnu/wget/${P}.tar.xz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib" -REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )" - -LIB_DEPEND="idn? ( net-dns/libidn[static-libs(+)] ) - pcre? ( dev-libs/libpcre[static-libs(+)] ) - ssl? ( - gnutls? ( net-libs/gnutls:0=[static-libs(+)] ) - !gnutls? ( - !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) - libressl? ( dev-libs/libressl[static-libs(+)] ) - ) - ) - uuid? ( sys-apps/util-linux[static-libs(+)] ) - zlib? ( sys-libs/zlib[static-libs(+)] )" -RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )" -DEPEND="${RDEPEND} - app-arch/xz-utils - virtual/pkgconfig - static? ( ${LIB_DEPEND} ) - test? ( - ${PYTHON_DEPS} -
[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/
commit: ae9ba23240bc2dda1b90887732451801b96117f1 Author: Lars Wendler gentoo org> AuthorDate: Sat Mar 11 19:43:33 2017 + Commit: Lars Wendler gentoo org> CommitDate: Sat Mar 11 19:43:53 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae9ba232 net-misc/wget: Security revbump to fix CRLF injection (bug #612326). Package-Manager: Portage-2.3.4, Repoman-2.3.2 .../wget/files/wget-1.19.1-CRLF_injection.patch| 37 net-misc/wget/wget-1.19.1-r1.ebuild| 105 + 2 files changed, 142 insertions(+) diff --git a/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch b/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch new file mode 100644 index 000..aa4e978cfda --- /dev/null +++ b/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch @@ -0,0 +1,37 @@ +From 4d729e322fae359a1aefaafec1144764a54e8ad4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?=+Date: Mon, 6 Mar 2017 10:04:22 +0100 +Subject: Fix CRLF injection in Wget host part + +* src/url.c (url_parse): Reject control characters in host part of URL + +Reported-by: Orange Tsai +--- + src/url.c | 11 +++ + 1 file changed, 11 insertions(+) + +diff --git a/src/url.c b/src/url.c +index 8f8ff0b..7d36b27 100644 +--- a/src/url.c b/src/url.c +@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode) + url_unescape (u->host); + host_modified = true; + ++ /* check for invalid control characters in host name */ ++ for (p = u->host; *p; p++) ++{ ++ if (c_iscntrl(*p)) ++{ ++ url_free(u); ++ error_code = PE_INVALID_HOST_NAME; ++ goto error; ++} ++} ++ + /* Apply IDNA regardless of iri->utf8_encode status */ + if (opt.enable_iri && iri) + { +-- +cgit v1.0-41-gc330 + diff --git a/net-misc/wget/wget-1.19.1-r1.ebuild b/net-misc/wget/wget-1.19.1-r1.ebuild new file mode 100644 index 000..af24c5f197a --- /dev/null +++ b/net-misc/wget/wget-1.19.1-r1.ebuild @@ -0,0 +1,105 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +PYTHON_COMPAT=( python3_{4,5} ) + +inherit flag-o-matic python-any-r1 toolchain-funcs eutils + +DESCRIPTION="Network utility to retrieve files from the WWW" +HOMEPAGE="https://www.gnu.org/software/wget/; +SRC_URI="mirror://gnu/wget/${P}.tar.xz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib" +REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )" + +LIB_DEPEND="idn? ( net-dns/libidn2[static-libs(+)] ) + pcre? ( dev-libs/libpcre[static-libs(+)] ) + ssl? ( + gnutls? ( net-libs/gnutls:0=[static-libs(+)] ) + !gnutls? ( + !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) + libressl? ( dev-libs/libressl[static-libs(+)] ) + ) + ) + uuid? ( sys-apps/util-linux[static-libs(+)] ) + zlib? ( sys-libs/zlib[static-libs(+)] )" +RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )" +DEPEND="${RDEPEND} + app-arch/xz-utils + virtual/pkgconfig + static? ( ${LIB_DEPEND} ) + test? ( + ${PYTHON_DEPS} + dev-lang/perl + dev-perl/HTTP-Daemon + dev-perl/HTTP-Message + dev-perl/IO-Socket-SSL + ) + nls? ( sys-devel/gettext )" + +DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc ) + +PATCHES=( + "${FILESDIR}"/${P}-CRLF_injection.patch +) + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + epatch "${PATCHES[@]}" + + # revert some hack that breaks linking, bug #585924 + if [[ ${CHOST} == *-darwin* ]] || [[ ${CHOST} == *-solaris* ]] || [[ ${CHOST} == *-uclibc* ]]; then + sed -i \ + -e 's/^ LIBICONV=$/:/' \ + configure || die + fi +} + +src_configure() { + # fix compilation on Solaris, we need filio.h for FIONBIO as used in + # the included gnutls -- force ioctl.h to include this header + [[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1 + + if use static ; then + append-ldflags -static + tc-export PKG_CONFIG + PKG_CONFIG+=" --static" + fi + econf \ + --disable-assert \ + --disable-rpath \ + $(use_enable debug) \ + $(use_enable idn iri) \ + $(use_enable ipv6)
[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/
commit: 923d7f9355b3f4de6f0559f98e9632c2d42b1c6c Author: Lars Wendler gentoo org> AuthorDate: Fri Jun 10 06:44:37 2016 + Commit: Lars Wendler gentoo org> CommitDate: Fri Jun 10 06:50:13 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=923d7f93 net-misc/wget: Removed old. Package-Manager: portage-2.2.28 Signed-off-by: Lars Wendler gentoo.org> net-misc/wget/Manifest| 1 - net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch | 76 -- net-misc/wget/wget-1.16.3-r1.ebuild | 91 -- net-misc/wget/wget-1.16.3-r2.ebuild | 93 --- net-misc/wget/wget-1.17.1.ebuild | 89 -- 5 files changed, 350 deletions(-) diff --git a/net-misc/wget/Manifest b/net-misc/wget/Manifest index a822981..cdb1bc4 100644 --- a/net-misc/wget/Manifest +++ b/net-misc/wget/Manifest @@ -1,3 +1,2 @@ -DIST wget-1.16.3.tar.xz 1794148 SHA256 67f7b7b0f5c14db633e3b18f53172786c001e153d545cfc85d82759c5c2ffb37 SHA512 2d1fe632bcd116a68ae333278e368cb810081b51d2259ddade602bebf3dd08dee1f51f67c9c7d79d2410e19fe0d48a0b9a1b1a7c7c6eeb47e2840ce6c1a3471c WHIRLPOOL b8fe9880523fc295b092c3b9ff4f9af58c071f55d516903ded66df67722cd27955ad651f6f2f6032b611e5445dd89b8ff97878443abc04d095c29e76f0564490 DIST wget-1.17.1.tar.xz 1894140 SHA256 fe559b61eb9cc01635ac6206a14e02cb51591838c35fa83c7a4aacae0bdd97c9 SHA512 aa13584c94d0911268aeee9d6c7b1a7de259e0ec0f9daebe767e1f45afba097a6e9de09f370e55ead7acc9faa68f189063ac9e3d2d4a8d490f0b4edb6adc19ba WHIRLPOOL 3efbac1862cb6537ea08eeb95dea2f34ca29f6a170c80961ef3037d411458ac343dfd13f2ff056b528e6591fb282eaf4bf1c2113939b25764c39630510b35cf0 DIST wget-1.18.tar.xz 1922376 SHA256 b5b55b75726c04c06fe253daec9329a6f1a3c0c1878e3ea76ebfebc139ea9cc1 SHA512 a3f6fe2f44a8d797659d55cffaf81eb82b770c96222a0ee29bc4931b13846f8d8b9a07806f2197723c873a1248922d59cca5a81869661d9c6c3107447c184338 WHIRLPOOL a9e467f8bd17909485329103c17a27da345421257ce82fdf77ff2e00bdae50b13570506a1887300868e99b608c71598596ee260d86879aaeddad14cbb5ec634d diff --git a/net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch b/net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch deleted file mode 100644 index 9936f1e..000 --- a/net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch +++ /dev/null @@ -1,76 +0,0 @@ -https://bugs.gentoo.org/560418 - -fix from upstream - -From 075d7556964f5a871a73c22ac4b69f5361295099 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Tim=20R=C3=BChsen?=-Date: Tue, 11 Aug 2015 16:48:08 +0200 -Subject: [PATCH] Fix IP address exposure in FTP code - -* src/ftp.c (getftp): Do not use PORT when PASV fails. -* tests/FTPServer.px: Add pasv_not_supported server flag. -* tests/Makefile.am: Add Test-ftp-pasv-not-supported.px -* tests/Test-ftp-pasv-not-supported.px: New test - -Fix IP address exposure when automatically falling back from -passive mode to active mode (using the PORT command). A behavior that -may be used to expose a client's privacy even when using a proxy. - NEWS | 2 ++ - src/ftp.c| 19 +++- - tests/FTPServer.pm | 8 + - tests/Makefile.am| 3 +- - tests/Test-ftp-pasv-not-supported.px | 60 - 5 files changed, 84 insertions(+), 8 deletions(-) - create mode 100755 tests/Test-ftp-pasv-not-supported.px - -diff --git a/src/ftp.c b/src/ftp.c -index 68f1a33..9dab99c 100644 a/src/ftp.c -+++ b/src/ftp.c -@@ -252,7 +252,6 @@ getftp (struct url *u, wgint passed_expected_bytes, wgint *qtyread, - char *respline, *tms; - const char *user, *passwd, *tmrate; - int cmd = con->cmd; -- bool pasv_mode_open = false; - wgint expected_bytes = 0; - bool got_expected_bytes = false; - bool rest_failed = false; -@@ -883,13 +882,19 @@ Error in server response, closing control connection.\n")); - ? CONERROR : CONIMPOSSIBLE); - } - -- pasv_mode_open = true; /* Flag to avoid accept port */ - if (!opt.server_response) - logputs (LOG_VERBOSE, _("done.")); --} /* err==FTP_OK */ --} -+} -+ else -+return err; - -- if (!pasv_mode_open) /* Try to use a port command if PASV failed */ -+ /* -+ * We do not want to fall back from PASSIVE mode to ACTIVE mode ! -+ * The reason is the PORT command exposes the client's real IP address -+ * to the server. Bad for someone who relies on privacy via a ftp proxy. -+ */ -+} -+ else - { - err = ftp_do_port (csock, _sock); - /* FTPRERR, WRITEFAILED, bindport (FTPSYSERR), HOSTERR, -@@ -1148,8 +1153,8 @@ Error in server response, closing control connection.\n")); - } - - /* If no transmission was required, then everything is OK. */ --
[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/
commit: 885437bfa2b7d96e6aa6dc846f0123051496b5d3 Author: Mike Frysinger gentoo org> AuthorDate: Wed Mar 2 05:31:17 2016 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Mar 2 05:33:30 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=885437bf net-misc/wget: add upstream fix for progress bar #410529 and use subslots w/openssl #576128 and w/gnutls #573936 .../wget/files/wget-1.17.1-progress-bar-segv.patch | 35 net-misc/wget/wget-1.17.1-r1.ebuild| 94 ++ 2 files changed, 129 insertions(+) diff --git a/net-misc/wget/files/wget-1.17.1-progress-bar-segv.patch b/net-misc/wget/files/wget-1.17.1-progress-bar-segv.patch new file mode 100644 index 000..5cfd41f --- /dev/null +++ b/net-misc/wget/files/wget-1.17.1-progress-bar-segv.patch @@ -0,0 +1,35 @@ +From 7099f4899880eaefc2c40a3dc7693ab4174a819b Mon Sep 17 00:00:00 2001 +From: Darshit Shah+Date: Mon, 22 Feb 2016 15:08:15 +0100 +Subject: [PATCH] Sanitize value sent to memset to prevent SEGFAULT + +--- + src/progress.c | 5 + + 1 file changed, 5 insertions(+) + +diff --git a/src/progress.c b/src/progress.c +index 93f6246..8a5df21 100644 +--- a/src/progress.c b/src/progress.c +@@ -1164,6 +1164,8 @@ create_image (struct bar_progress *bp, double dl_total_time, bool done) + } + + padding = bp->width - count_cols (bp->buffer); ++ assert (padding > 0 && "Padding length became non-positive!"); ++ padding = padding > 0 ? padding : 0; + memset (p, ' ', padding); + p += padding; + *p = '\0'; +@@ -1174,6 +1176,9 @@ create_image (struct bar_progress *bp, double dl_total_time, bool done) +* from the release code since we do not want Wget to crash and burn when the +* assertion fails. Instead Wget should continue downloading and display a +* horrible and irritating progress bar that spams the screen with newlines. ++ * ++ * By default, all assertions are disabled in a Wget build and are enabled ++ * only with the --enable-assert configure option. +*/ + assert (count_cols (bp->buffer) == bp->width); + } +-- +2.6.2 + diff --git a/net-misc/wget/wget-1.17.1-r1.ebuild b/net-misc/wget/wget-1.17.1-r1.ebuild new file mode 100644 index 000..7959314 --- /dev/null +++ b/net-misc/wget/wget-1.17.1-r1.ebuild @@ -0,0 +1,94 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +PYTHON_COMPAT=( python{3_3,3_4} ) + +inherit flag-o-matic python-any-r1 toolchain-funcs eutils + +DESCRIPTION="Network utility to retrieve files from the WWW" +HOMEPAGE="https://www.gnu.org/software/wget/; +SRC_URI="mirror://gnu/wget/${P}.tar.xz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib" +REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )" + +LIB_DEPEND="idn? ( net-dns/libidn[static-libs(+)] ) + pcre? ( dev-libs/libpcre[static-libs(+)] ) + ssl? ( + gnutls? ( net-libs/gnutls:0=[static-libs(+)] ) + !gnutls? ( + !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) + libressl? ( dev-libs/libressl[static-libs(+)] ) + ) + ) + uuid? ( sys-apps/util-linux[static-libs(+)] ) + zlib? ( sys-libs/zlib[static-libs(+)] )" +RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )" +DEPEND="${RDEPEND} + app-arch/xz-utils + virtual/pkgconfig + static? ( ${LIB_DEPEND} ) + test? ( + ${PYTHON_DEPS} + dev-lang/perl + dev-perl/HTTP-Daemon + dev-perl/HTTP-Message + dev-perl/IO-Socket-SSL + ) + nls? ( sys-devel/gettext )" + +DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc ) + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-progress-bar-segv.patch +} + +src_configure() { + # fix compilation on Solaris, we need filio.h for FIONBIO as used in + # the included gnutls -- force ioctl.h to include this header + [[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1 + + if use static ; then + append-ldflags -static + tc-export PKG_CONFIG + PKG_CONFIG+=" --static" + fi + econf \ + --disable-assert \ + --disable-rpath \ + $(use_with ssl ssl $(usex gnutls gnutls openssl)) \ + $(use_enable ssl opie) \ + $(use_enable ssl digest) \ +
[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/
commit: ed1e5984dd18412d94ee20624acbdfa10c3f994a Author: Mike Frysinger gentoo org> AuthorDate: Mon Sep 14 23:11:12 2015 + Commit: Mike Frysinger gentoo org> CommitDate: Mon Sep 14 23:11:18 2015 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed1e5984 net-misc/wget: fix from upstream for pasv ftp behavior #560418 net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch | 175 ++ net-misc/wget/wget-1.16.3-r1.ebuild | 91 +++ 2 files changed, 266 insertions(+) diff --git a/net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch b/net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch new file mode 100644 index 000..5663502 --- /dev/null +++ b/net-misc/wget/files/wget-1.16.3-ftp-pasv-ip.patch @@ -0,0 +1,175 @@ +https://bugs.gentoo.org/560418 + +fix from upstream + +From 075d7556964f5a871a73c22ac4b69f5361295099 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?=+Date: Tue, 11 Aug 2015 16:48:08 +0200 +Subject: [PATCH] Fix IP address exposure in FTP code + +* src/ftp.c (getftp): Do not use PORT when PASV fails. +* tests/FTPServer.px: Add pasv_not_supported server flag. +* tests/Makefile.am: Add Test-ftp-pasv-not-supported.px +* tests/Test-ftp-pasv-not-supported.px: New test + +Fix IP address exposure when automatically falling back from +passive mode to active mode (using the PORT command). A behavior that +may be used to expose a client's privacy even when using a proxy. +--- + NEWS | 2 ++ + src/ftp.c| 19 +++- + tests/FTPServer.pm | 8 + + tests/Makefile.am| 3 +- + tests/Test-ftp-pasv-not-supported.px | 60 + 5 files changed, 84 insertions(+), 8 deletions(-) + create mode 100755 tests/Test-ftp-pasv-not-supported.px + +diff --git a/src/ftp.c b/src/ftp.c +index 68f1a33..9dab99c 100644 +--- a/src/ftp.c b/src/ftp.c +@@ -252,7 +252,6 @@ getftp (struct url *u, wgint passed_expected_bytes, wgint *qtyread, + char *respline, *tms; + const char *user, *passwd, *tmrate; + int cmd = con->cmd; +- bool pasv_mode_open = false; + wgint expected_bytes = 0; + bool got_expected_bytes = false; + bool rest_failed = false; +@@ -883,13 +882,19 @@ Error in server response, closing control connection.\n")); + ? CONERROR : CONIMPOSSIBLE); + } + +- pasv_mode_open = true; /* Flag to avoid accept port */ + if (!opt.server_response) + logputs (LOG_VERBOSE, _("done.")); +-} /* err==FTP_OK */ +-} ++} ++ else ++return err; + +- if (!pasv_mode_open) /* Try to use a port command if PASV failed */ ++ /* ++ * We do not want to fall back from PASSIVE mode to ACTIVE mode ! ++ * The reason is the PORT command exposes the client's real IP address ++ * to the server. Bad for someone who relies on privacy via a ftp proxy. ++ */ ++} ++ else + { + err = ftp_do_port (csock, _sock); + /* FTPRERR, WRITEFAILED, bindport (FTPSYSERR), HOSTERR, +@@ -1148,8 +1153,8 @@ Error in server response, closing control connection.\n")); + } + + /* If no transmission was required, then everything is OK. */ +- if (!pasv_mode_open) /* we are not using pasive mode so we need +- to accept */ ++ if (!opt.ftp_pasv) /* we are not using passive mode so we need ++ to accept */ + { + /* Wait for the server to connect to the address we're waiting + at. */ +diff --git a/tests/FTPServer.pm b/tests/FTPServer.pm +index c0a6e47..a5185d6 100644 +--- a/tests/FTPServer.pm b/tests/FTPServer.pm +@@ -740,6 +740,14 @@ sub run + last; + } + ++if (defined($self->{_server_behavior}{pasv_not_supported}) ++&& $cmd eq 'PASV') ++{ ++print {$conn->{socket}} ++ "500 PASV not supported.\r\n"; ++next; ++} ++ + # Run the command. + &{$command_table->{$cmd}}($conn, $cmd, $rest); + } +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 5d387aa..daf162f 100644 +--- a/tests/Makefile.am b/tests/Makefile.am +@@ -127,7 +127,8 @@ PX_TESTS = \ + Test--start-pos.px \ + Test--start-pos--continue.px \ + Test--httpsonly-r.px \ +- Test-204.px ++ Test-204.px \ ++ Test-ftp-pasv-not-supported.px + + EXTRA_DIST = FTPServer.pm FTPTest.pm HTTPServer.pm HTTPTest.pm \ + WgetTests.pm WgetFeature.pm WgetFeature.cfg $(PX_TESTS) \ +diff --git a/tests/Test-ftp-pasv-not-supported.px b/tests/Test-ftp-pasv-not-supported.px +new