From 06d4ff90e724e5f794fed13c3bb680c4421962c5 Mon Sep 17 00:00:00 2001 From: basebuilder_pel7x64builder0 Date: Tue, 27 Nov 2018 17:46:05 +0100 Subject: [PATCH] wget package update Signed-off-by: basebuilder_pel7x64builder0 --- SOURCES/wget-1.12-path.patch | 169 +++++ SOURCES/wget-1.14-CVE-2014-4877.patch | 151 +++++ SOURCES/wget-1.14-CVE-2016-4971.patch | 261 ++++++++ SOURCES/wget-1.14-CVE-2017-13089.patch | 18 + SOURCES/wget-1.14-CVE-2017-13090.patch | 21 + SOURCES/wget-1.14-CVE-2018-0494.patch | 43 ++ ...4-Fix-deadcode-and-possible-NULL-use.patch | 47 ++ ...14-add-openssl-tlsv11-tlsv12-support.patch | 122 ++++ .../wget-1.14-add_missing_options_doc.patch | 27 + ...et-1.14-digest-auth-qop-segfault-fix.patch | 22 + ...ng-opts-and-fix-preserve-permissions.patch | 61 ++ SOURCES/wget-1.14-document-backups.patch | 60 ++ ...14-fix-backups-to-work-as-documented.patch | 80 +++ ...1.14-fix-double-free-of-iri-orig_url.patch | 29 + ...onization-in-Test-proxied-https-auth.patch | 164 +++++ SOURCES/wget-1.14-manpage-tex5.patch | 55 ++ SOURCES/wget-1.14-rh1147572.patch | 26 + SOURCES/wget-1.14-rh1203384.patch | 30 + ...set_sock_to_-1_if_no_persistent_conn.patch | 32 + SOURCES/wget-1.14-sslreadtimeout.patch | 105 ++++ ...et-1.14-support-non-ASCII-characters.patch | 154 +++++ .../wget-1.14-texi2pod_error_perl518.patch | 25 + SOURCES/wget-rh-modified.patch | 11 + SPECS/wget.spec | 590 ++++++++++++++++++ 24 files changed, 2303 insertions(+) create mode 100644 SOURCES/wget-1.12-path.patch create mode 100644 SOURCES/wget-1.14-CVE-2014-4877.patch create mode 100644 SOURCES/wget-1.14-CVE-2016-4971.patch create mode 100644 SOURCES/wget-1.14-CVE-2017-13089.patch create mode 100644 SOURCES/wget-1.14-CVE-2017-13090.patch create mode 100644 SOURCES/wget-1.14-CVE-2018-0494.patch create mode 100644 SOURCES/wget-1.14-Fix-deadcode-and-possible-NULL-use.patch create mode 100644 SOURCES/wget-1.14-add-openssl-tlsv11-tlsv12-support.patch create mode 100644 SOURCES/wget-1.14-add_missing_options_doc.patch create mode 100644 SOURCES/wget-1.14-digest-auth-qop-segfault-fix.patch create mode 100644 SOURCES/wget-1.14-doc-missing-opts-and-fix-preserve-permissions.patch create mode 100644 SOURCES/wget-1.14-document-backups.patch create mode 100644 SOURCES/wget-1.14-fix-backups-to-work-as-documented.patch create mode 100644 SOURCES/wget-1.14-fix-double-free-of-iri-orig_url.patch create mode 100644 SOURCES/wget-1.14-fix-synchronization-in-Test-proxied-https-auth.patch create mode 100644 SOURCES/wget-1.14-manpage-tex5.patch create mode 100644 SOURCES/wget-1.14-rh1147572.patch create mode 100644 SOURCES/wget-1.14-rh1203384.patch create mode 100644 SOURCES/wget-1.14-set_sock_to_-1_if_no_persistent_conn.patch create mode 100644 SOURCES/wget-1.14-sslreadtimeout.patch create mode 100644 SOURCES/wget-1.14-support-non-ASCII-characters.patch create mode 100644 SOURCES/wget-1.14-texi2pod_error_perl518.patch create mode 100644 SOURCES/wget-rh-modified.patch create mode 100644 SPECS/wget.spec diff --git a/SOURCES/wget-1.12-path.patch b/SOURCES/wget-1.12-path.patch new file mode 100644 index 00000000..737809af --- /dev/null +++ b/SOURCES/wget-1.12-path.patch @@ -0,0 +1,169 @@ +diff -urN wget-1.12/doc/sample.wgetrc wget-1.12.patched/doc/sample.wgetrc +--- wget-1.12/doc/sample.wgetrc 2009-09-22 04:53:58.000000000 +0200 ++++ wget-1.12.patched/doc/sample.wgetrc 2009-11-17 12:29:18.000000000 +0100 +@@ -7,7 +7,7 @@ + ## not contain a comprehensive list of commands -- look at the manual + ## to find out what you can put into this file. + ## +-## Wget initialization file can reside in /usr/local/etc/wgetrc ++## Wget initialization file can reside in /etc/wgetrc + ## (global, for all users) or $HOME/.wgetrc (for a single user). + ## + ## To use the settings in this file, you will have to uncomment them, +@@ -16,7 +16,7 @@ + + + ## +-## Global settings (useful for setting up in /usr/local/etc/wgetrc). ++## Global settings (useful for setting up in /etc/wgetrc). + ## Think well before you change them, since they may reduce wget's + ## functionality, and make it behave contrary to the documentation: + ## +diff -urN wget-1.12/doc/sample.wgetrc.munged_for_texi_inclusion wget-1.12.patched/doc/sample.wgetrc.munged_for_texi_inclusion +--- wget-1.12/doc/sample.wgetrc.munged_for_texi_inclusion 2009-09-22 06:08:52.000000000 +0200 ++++ wget-1.12.patched/doc/sample.wgetrc.munged_for_texi_inclusion 2009-11-17 12:29:39.000000000 +0100 +@@ -7,7 +7,7 @@ + ## not contain a comprehensive list of commands -- look at the manual + ## to find out what you can put into this file. + ## +-## Wget initialization file can reside in /usr/local/etc/wgetrc ++## Wget initialization file can reside in /etc/wgetrc + ## (global, for all users) or $HOME/.wgetrc (for a single user). + ## + ## To use the settings in this file, you will have to uncomment them, +@@ -16,7 +16,7 @@ + + + ## +-## Global settings (useful for setting up in /usr/local/etc/wgetrc). ++## Global settings (useful for setting up in /etc/wgetrc). + ## Think well before you change them, since they may reduce wget's + ## functionality, and make it behave contrary to the documentation: + ## +diff -urN wget-1.12/doc/wget.info wget-1.12.patched/doc/wget.info +--- wget-1.12/doc/wget.info 2009-09-22 18:30:20.000000000 +0200 ++++ wget-1.12.patched/doc/wget.info 2009-11-17 12:28:40.000000000 +0100 +@@ -2351,8 +2351,8 @@ + =================== + + When initializing, Wget will look for a "global" startup file, +-`/usr/local/etc/wgetrc' by default (or some prefix other than +-`/usr/local', if Wget was not installed there) and read commands from ++`/etc/wgetrc' by default (or some prefix other than ++`/etc', if Wget was not installed there) and read commands from + there, if it exists. + + Then it will look for the user's file. If the environmental variable +@@ -2363,7 +2363,7 @@ + + The fact that user's settings are loaded after the system-wide ones + means that in case of collision user's wgetrc _overrides_ the +-system-wide wgetrc (in `/usr/local/etc/wgetrc' by default). Fascist ++system-wide wgetrc (in `/etc/wgetrc' by default). Fascist + admins, away! + +  +@@ -2876,7 +2876,7 @@ + ## not contain a comprehensive list of commands -- look at the manual + ## to find out what you can put into this file. + ## +- ## Wget initialization file can reside in /usr/local/etc/wgetrc ++ ## Wget initialization file can reside in /etc/wgetrc + ## (global, for all users) or $HOME/.wgetrc (for a single user). + ## + ## To use the settings in this file, you will have to uncomment them, +@@ -2885,7 +2885,7 @@ + + + ## +- ## Global settings (useful for setting up in /usr/local/etc/wgetrc). ++ ## Global settings (useful for setting up in /etc/wgetrc). + ## Think well before you change them, since they may reduce wget's + ## functionality, and make it behave contrary to the documentation: + ## +diff -urN wget-1.12/doc/wget.texi wget-1.12.patched/doc/wget.texi +--- wget-1.12/doc/wget.texi 2009-09-04 23:22:04.000000000 +0200 ++++ wget-1.12.patched/doc/wget.texi 2009-11-17 12:29:03.000000000 +0100 +@@ -2670,8 +2670,8 @@ + @cindex location of wgetrc + + When initializing, Wget will look for a @dfn{global} startup file, +-@file{/usr/local/etc/wgetrc} by default (or some prefix other than +-@file{/usr/local}, if Wget was not installed there) and read commands ++@file{/etc/wgetrc} by default (or some prefix other than ++@file{/etc}, if Wget was not installed there) and read commands + from there, if it exists. + + Then it will look for the user's file. If the environmental variable +@@ -2682,7 +2682,7 @@ + + The fact that user's settings are loaded after the system-wide ones + means that in case of collision user's wgetrc @emph{overrides} the +-system-wide wgetrc (in @file{/usr/local/etc/wgetrc} by default). ++system-wide wgetrc (in @file{/etc/wgetrc} by default). + Fascist admins, away! + + @node Wgetrc Syntax, Wgetrc Commands, Wgetrc Location, Startup File +diff -urN wget-1.12/NEWS wget-1.12.patched/NEWS +--- wget-1.12/NEWS 2009-09-22 04:53:35.000000000 +0200 ++++ wget-1.12.patched/NEWS 2009-11-17 12:30:10.000000000 +0100 +@@ -562,7 +562,7 @@ + + ** Compiles on pre-ANSI compilers. + +-** Global wgetrc now goes to /usr/local/etc (i.e. $sysconfdir). ++** Global wgetrc now goes to /etc (i.e. $sysconfdir). + + ** Lots of bugfixes. + +@@ -625,7 +625,7 @@ + ** Fixed a long-standing bug, so that Wget now works over SLIP + connections. + +-** You can have a system-wide wgetrc (/usr/local/lib/wgetrc by ++** You can have a system-wide wgetrc (/etc/wgetrc by + default). Settings in $HOME/.wgetrc override the global ones, of + course :-) + +diff -urN wget-1.12/README wget-1.12.patched/README +--- wget-1.12/README 2009-09-21 00:59:32.000000000 +0200 ++++ wget-1.12.patched/README 2009-11-17 12:30:27.000000000 +0100 +@@ -33,7 +33,7 @@ + + Most of the features are configurable, either through command-line + options, or via initialization file .wgetrc. Wget allows you to +-install a global startup file (/usr/local/etc/wgetrc by default) for ++install a global startup file (/etc/wgetrc by default) for + site settings. + + Wget works under almost all Unix variants in use today and, unlike +--- wget-1.12/doc/wget.info.start 2011-12-19 10:34:29.409272713 -0600 ++++ wget-1.12/doc/wget.info 2011-12-19 10:34:51.760129197 -0600 +@@ -113,7 +113,7 @@ + * Most of the features are fully configurable, either through + command line options, or via the initialization file `.wgetrc' + (*note Startup File::). Wget allows you to define "global" +- startup files (`/usr/local/etc/wgetrc' by default) for site ++ startup files (`/etc/wgetrc' by default) for site + settings. You can also specify the location of a startup file with + the -config option. + +--- wget-1.12/doc/wget.texi.start 2011-12-19 10:38:18.305730849 -0600 ++++ wget-1.12/doc/wget.texi 2011-12-19 10:38:49.272615753 -0600 +@@ -190,14 +190,14 @@ + Most of the features are fully configurable, either through command line + options, or via the initialization file @file{.wgetrc} (@pxref{Startup + File}). Wget allows you to define @dfn{global} startup files +-(@file{/usr/local/etc/wgetrc} by default) for site settings. You can also ++(@file{/etc/wgetrc} by default) for site settings. You can also + specify the location of a startup file with the --config option. + + + @ignore + @c man begin FILES + @table @samp +-@item /usr/local/etc/wgetrc ++@item /etc/wgetrc + Default location of the @dfn{global} startup file. + + @item .wgetrc diff --git a/SOURCES/wget-1.14-CVE-2014-4877.patch b/SOURCES/wget-1.14-CVE-2014-4877.patch new file mode 100644 index 00000000..5bca5e97 --- /dev/null +++ b/SOURCES/wget-1.14-CVE-2014-4877.patch @@ -0,0 +1,151 @@ +From 043366ac3248a58662a6fbf47a1dd688a75d0e78 Mon Sep 17 00:00:00 2001 +From: Darshit Shah +Date: Mon, 8 Sep 2014 00:41:17 +0530 +Subject: [PATCH 1/2] Fix R7-2014-15: Arbitrary Symlink Access + +Wget was susceptible to a symlink attack which could create arbitrary +files, directories or symbolic links and set their permissions when +retrieving a directory recursively through FTP. This commit changes the +default settings in Wget such that Wget no longer creates local symbolic +links, but rather traverses them and retrieves the pointed-to file in +such a retrieval. + +The old behaviour can be attained by passing the --retr-symlinks=no +option to the Wget invokation command. +--- + doc/wget.texi | 23 ++++++++++++----------- + src/init.c | 16 ++++++++++++++++ + 2 files changed, 28 insertions(+), 11 deletions(-) + +diff --git a/doc/wget.texi b/doc/wget.texi +index a31eb5e..f54e98d 100644 +--- a/doc/wget.texi ++++ b/doc/wget.texi +@@ -1883,17 +1883,18 @@ Preserve remote file permissions instead of permissions set by umask. + + @cindex symbolic links, retrieving + @item --retr-symlinks +-Usually, when retrieving @sc{ftp} directories recursively and a symbolic +-link is encountered, the linked-to file is not downloaded. Instead, a +-matching symbolic link is created on the local filesystem. The +-pointed-to file will not be downloaded unless this recursive retrieval +-would have encountered it separately and downloaded it anyway. +- +-When @samp{--retr-symlinks} is specified, however, symbolic links are +-traversed and the pointed-to files are retrieved. At this time, this +-option does not cause Wget to traverse symlinks to directories and +-recurse through them, but in the future it should be enhanced to do +-this. ++By default, when retrieving @sc{ftp} directories recursively and a symbolic link ++is encountered, the symbolic link is traversed and the pointed-to files are ++retrieved. Currently, Wget does not traverse symbolic links to directories to ++download them recursively, though this feature may be added in the future. ++ ++When @samp{--retr-symlinks=no} is specified, the linked-to file is not ++downloaded. Instead, a matching symbolic link is created on the local ++filesystem. The pointed-to file will not be retrieved unless this recursive ++retrieval would have encountered it separately and downloaded it anyway. This ++option poses a security risk where a malicious FTP Server may cause Wget to ++write to files outside of the intended directories through a specially crafted ++@sc{.listing} file. + + Note that when retrieving a file (not a directory) because it was + specified on the command-line, rather than because it was recursed to, +diff --git a/src/init.c b/src/init.c +index 93e95f8..94b6f8b 100644 +--- a/src/init.c ++++ b/src/init.c +@@ -366,6 +366,22 @@ defaults (void) + + opt.dns_cache = true; + opt.ftp_pasv = true; ++ /* 2014-09-07 Darshit Shah ++ * opt.retr_symlinks is set to true by default. Creating symbolic links on the ++ * local filesystem pose a security threat by malicious FTP Servers that ++ * server a specially crafted .listing file akin to this: ++ * ++ * lrwxrwxrwx 1 root root 33 Dec 25 2012 JoCxl6d8rFU -> / ++ * drwxrwxr-x 15 1024 106 4096 Aug 28 02:02 JoCxl6d8rFU ++ * ++ * A .listing file in this fashion makes Wget susceptiple to a symlink attack ++ * wherein the attacker is able to create arbitrary files, directories and ++ * symbolic links on the target system and even set permissions. ++ * ++ * Hence, by default Wget attempts to retrieve the pointed-to files and does ++ * not create the symbolic links locally. ++ */ ++ opt.retr_symlinks = true; + + #ifdef HAVE_SSL + opt.check_cert = true; +-- +2.1.0 + +From bfa8c9cc9937f686a4de110e49710061267f8d9e Mon Sep 17 00:00:00 2001 +From: Darshit Shah +Date: Mon, 8 Sep 2014 15:07:45 +0530 +Subject: [PATCH 2/2] Add checks for valid listing file in FTP + +When Wget retrieves a file through FTP, it first downloads a .listing +file and parses it for information about the files and other metadata. +Some servers may serve invalid .listing files. This patch checks for one +such known inconsistency wherein multiple lines in a listing file have +the same name. Such a filesystem is clearly not possible and hence we +eliminate duplicate entries here. + +Signed-off-by: Darshit Shah +--- + src/ftp.c | 27 +++++++++++++++++++++++++-- + 1 file changed, 25 insertions(+), 2 deletions(-) + +diff --git a/src/ftp.c b/src/ftp.c +index 2d54333..054cb61 100644 +--- a/src/ftp.c ++++ b/src/ftp.c +@@ -2211,6 +2211,29 @@ has_insecure_name_p (const char *s) + return false; + } + ++/* Test if the file node is invalid. This can occur due to malformed or ++ * maliciously crafted listing files being returned by the server. ++ * ++ * Currently, this function only tests if there are multiple entries in the ++ * listing file by the same name. However this function can be expanded as more ++ * such illegal listing formats are discovered. */ ++static bool ++is_invalid_entry (struct fileinfo *f) ++{ ++ struct fileinfo *cur; ++ cur = f; ++ char *f_name = f->name; ++ /* If the node we're currently checking has a duplicate later, we eliminate ++ * the current node and leave the next one intact. */ ++ while (cur->next) ++ { ++ cur = cur->next; ++ if (strcmp(f_name, cur->name) == 0) ++ return true; ++ } ++ return false; ++} ++ + /* A near-top-level function to retrieve the files in a directory. + The function calls ftp_get_listing, to get a linked list of files. + Then it weeds out the file names that do not match the pattern. +@@ -2248,11 +2271,11 @@ ftp_retrieve_glob (struct url *u, ccon *con, int action) + f = f->next; + } + } +- /* Remove all files with possible harmful names */ ++ /* Remove all files with possible harmful names or invalid entries. */ + f = start; + while (f) + { +- if (has_insecure_name_p (f->name)) ++ if (has_insecure_name_p (f->name) || is_invalid_entry (f)) + { + logprintf (LOG_VERBOSE, _("Rejecting %s.\n"), + quote (f->name)); +-- +2.1.0 + diff --git a/SOURCES/wget-1.14-CVE-2016-4971.patch b/SOURCES/wget-1.14-CVE-2016-4971.patch new file mode 100644 index 00000000..ae65eec6 --- /dev/null +++ b/SOURCES/wget-1.14-CVE-2016-4971.patch @@ -0,0 +1,261 @@ +diff --git a/src/ftp.c b/src/ftp.c +index 2be2c76..345718f 100644 +--- a/src/ftp.c ++++ b/src/ftp.c +@@ -234,14 +234,15 @@ print_length (wgint size, wgint start, bool authoritative) + logputs (LOG_VERBOSE, !authoritative ? _(" (unauthoritative)\n") : "\n"); + } + +-static uerr_t ftp_get_listing (struct url *, ccon *, struct fileinfo **); ++static uerr_t ftp_get_listing (struct url *, struct url *, ccon *, struct fileinfo **); + + /* Retrieves a file with denoted parameters through opening an FTP + connection to the server. It always closes the data connection, + and closes the control connection in case of error. If warc_tmp + is non-NULL, the downloaded data will be written there as well. */ + static uerr_t +-getftp (struct url *u, wgint passed_expected_bytes, wgint *qtyread, ++getftp (struct url *u, struct url *original_url, ++ wgint passed_expected_bytes, wgint *qtyread, + wgint restval, ccon *con, int count, FILE *warc_tmp) + { + int csock, dtsock, local_sock, res; +@@ -944,7 +945,7 @@ Error in server response, closing control connection.\n")); + bool exists = false; + uerr_t res; + struct fileinfo *f; +- res = ftp_get_listing (u, con, &f); ++ res = ftp_get_listing (u, original_url, con, &f); + /* Set the DO_RETR command flag again, because it gets unset when + calling ftp_get_listing() and would otherwise cause an assertion + failure earlier on when this function gets repeatedly called +@@ -1392,7 +1393,8 @@ Error in server response, closing control connection.\n")); + This loop either gets commands from con, or (if ON_YOUR_OWN is + set), makes them up to retrieve the file given by the URL. */ + static uerr_t +-ftp_loop_internal (struct url *u, struct fileinfo *f, ccon *con, char **local_file) ++ftp_loop_internal (struct url *u, struct url *original_url, struct fileinfo *f, ++ ccon *con, char **local_file) + { + int count, orig_lp; + wgint restval, len = 0, qtyread = 0; +@@ -1415,7 +1417,7 @@ ftp_loop_internal (struct url *u, struct fileinfo *f, ccon *con, char **local_fi + else + { + /* URL-derived file. Consider "-O file" name. */ +- con->target = url_file_name (u, NULL); ++ con->target = url_file_name (opt.trustservernames || !original_url ? u : original_url, NULL); + if (!opt.output_document) + locf = con->target; + else +@@ -1524,7 +1526,7 @@ ftp_loop_internal (struct url *u, struct fileinfo *f, ccon *con, char **local_fi + + /* If we are working on a WARC record, getftp should also write + to the warc_tmp file. */ +- err = getftp (u, len, &qtyread, restval, con, count, warc_tmp); ++ err = getftp (u, original_url, len, &qtyread, restval, con, count, warc_tmp); + + if (con->csock == -1) + con->st &= ~DONE_CWD; +@@ -1677,7 +1679,8 @@ Removing file due to --delete-after in ftp_loop_internal():\n")); + /* Return the directory listing in a reusable format. The directory + is specifed in u->dir. */ + static uerr_t +-ftp_get_listing (struct url *u, ccon *con, struct fileinfo **f) ++ftp_get_listing (struct url *u, struct url *original_url, ccon *con, ++ struct fileinfo **f) + { + uerr_t err; + char *uf; /* url file name */ +@@ -1698,7 +1701,7 @@ ftp_get_listing (struct url *u, ccon *con, struct fileinfo **f) + + con->target = xstrdup (lf); + xfree (lf); +- err = ftp_loop_internal (u, NULL, con, NULL); ++ err = ftp_loop_internal (u, original_url, NULL, con, NULL); + lf = xstrdup (con->target); + xfree (con->target); + con->target = old_target; +@@ -1721,8 +1724,9 @@ ftp_get_listing (struct url *u, ccon *con, struct fileinfo **f) + return err; + } + +-static uerr_t ftp_retrieve_dirs (struct url *, struct fileinfo *, ccon *); +-static uerr_t ftp_retrieve_glob (struct url *, ccon *, int); ++static uerr_t ftp_retrieve_dirs (struct url *, struct url *, ++ struct fileinfo *, ccon *); ++static uerr_t ftp_retrieve_glob (struct url *, struct url *, ccon *, int); + static struct fileinfo *delelement (struct fileinfo *, struct fileinfo **); + static void freefileinfo (struct fileinfo *f); + +@@ -1734,7 +1738,8 @@ static void freefileinfo (struct fileinfo *f); + If opt.recursive is set, after all files have been retrieved, + ftp_retrieve_dirs will be called to retrieve the directories. */ + static uerr_t +-ftp_retrieve_list (struct url *u, struct fileinfo *f, ccon *con) ++ftp_retrieve_list (struct url *u, struct url *original_url, ++ struct fileinfo *f, ccon *con) + { + static int depth = 0; + uerr_t err; +@@ -1893,7 +1898,9 @@ Already have correct symlink %s -> %s\n\n"), + else /* opt.retr_symlinks */ + { + if (dlthis) +- err = ftp_loop_internal (u, f, con, NULL); ++ { ++ err = ftp_loop_internal (u, original_url, f, con, NULL); ++ } + } /* opt.retr_symlinks */ + break; + case FT_DIRECTORY: +@@ -1904,7 +1911,9 @@ Already have correct symlink %s -> %s\n\n"), + case FT_PLAINFILE: + /* Call the retrieve loop. */ + if (dlthis) +- err = ftp_loop_internal (u, f, con, NULL); ++ { ++ err = ftp_loop_internal (u, original_url, f, con, NULL); ++ } + break; + case FT_UNKNOWN: + logprintf (LOG_NOTQUIET, _("%s: unknown/unsupported file type.\n"), +@@ -1969,7 +1978,7 @@ Already have correct symlink %s -> %s\n\n"), + /* We do not want to call ftp_retrieve_dirs here */ + if (opt.recursive && + !(opt.reclevel != INFINITE_RECURSION && depth >= opt.reclevel)) +- err = ftp_retrieve_dirs (u, orig, con); ++ err = ftp_retrieve_dirs (u, original_url, orig, con); + else if (opt.recursive) + DEBUGP ((_("Will not retrieve dirs since depth is %d (max %d).\n"), + depth, opt.reclevel)); +@@ -1982,7 +1991,8 @@ Already have correct symlink %s -> %s\n\n"), + ftp_retrieve_glob on each directory entry. The function knows + about excluded directories. */ + static uerr_t +-ftp_retrieve_dirs (struct url *u, struct fileinfo *f, ccon *con) ++ftp_retrieve_dirs (struct url *u, struct url *original_url, ++ struct fileinfo *f, ccon *con) + { + char *container = NULL; + int container_size = 0; +@@ -2032,7 +2042,7 @@ Not descending to %s as it is excluded/not-included.\n"), + odir = xstrdup (u->dir); /* because url_set_dir will free + u->dir. */ + url_set_dir (u, newdir); +- ftp_retrieve_glob (u, con, GLOB_GETALL); ++ ftp_retrieve_glob (u, original_url, con, GLOB_GETALL); + url_set_dir (u, odir); + xfree (odir); + +@@ -2091,14 +2101,15 @@ is_invalid_entry (struct fileinfo *f) + GLOB_GLOBALL, use globbing; if it's GLOB_GETALL, download the whole + directory. */ + static uerr_t +-ftp_retrieve_glob (struct url *u, ccon *con, int action) ++ftp_retrieve_glob (struct url *u, struct url *original_url, ++ ccon *con, int action) + { + struct fileinfo *f, *start; + uerr_t res; + + con->cmd |= LEAVE_PENDING; + +- res = ftp_get_listing (u, con, &start); ++ res = ftp_get_listing (u, original_url, con, &start); + if (res != RETROK) + return res; + /* First: weed out that do not conform the global rules given in +@@ -2194,7 +2205,7 @@ ftp_retrieve_glob (struct url *u, ccon *con, int action) + if (start) + { + /* Just get everything. */ +- res = ftp_retrieve_list (u, start, con); ++ res = ftp_retrieve_list (u, original_url, start, con); + } + else + { +@@ -2210,7 +2221,7 @@ ftp_retrieve_glob (struct url *u, ccon *con, int action) + { + /* Let's try retrieving it anyway. */ + con->st |= ON_YOUR_OWN; +- res = ftp_loop_internal (u, NULL, con, NULL); ++ res = ftp_loop_internal (u, original_url, NULL, con, NULL); + return res; + } + +@@ -2230,8 +2241,8 @@ ftp_retrieve_glob (struct url *u, ccon *con, int action) + of URL. Inherently, its capabilities are limited on what can be + encoded into a URL. */ + uerr_t +-ftp_loop (struct url *u, char **local_file, int *dt, struct url *proxy, +- bool recursive, bool glob) ++ftp_loop (struct url *u, struct url *original_url, char **local_file, int *dt, ++ struct url *proxy, bool recursive, bool glob) + { + ccon con; /* FTP connection */ + uerr_t res; +@@ -2252,16 +2263,17 @@ ftp_loop (struct url *u, char **local_file, int *dt, struct url *proxy, + if (!*u->file && !recursive) + { + struct fileinfo *f; +- res = ftp_get_listing (u, &con, &f); ++ res = ftp_get_listing (u, original_url, &con, &f); + + if (res == RETROK) + { + if (opt.htmlify && !opt.spider) + { ++ struct url *url_file = opt.trustservernames ? u : original_url; + char *filename = (opt.output_document + ? xstrdup (opt.output_document) + : (con.target ? xstrdup (con.target) +- : url_file_name (u, NULL))); ++ : url_file_name (url_file, NULL))); + res = ftp_index (filename, u, f); + if (res == FTPOK && opt.verbose) + { +@@ -2306,11 +2318,13 @@ ftp_loop (struct url *u, char **local_file, int *dt, struct url *proxy, + /* ftp_retrieve_glob is a catch-all function that gets called + if we need globbing, time-stamping, recursion or preserve + permissions. Its third argument is just what we really need. */ +- res = ftp_retrieve_glob (u, &con, ++ res = ftp_retrieve_glob (u, original_url, &con, + ispattern ? GLOB_GLOBALL : GLOB_GETONE); + } + else +- res = ftp_loop_internal (u, NULL, &con, local_file); ++ { ++ res = ftp_loop_internal (u, original_url, NULL, &con, local_file); ++ } + } + if (res == FTPOK) + res = RETROK; +diff --git a/src/ftp.h b/src/ftp.h +index be00d88..2abc9c0 100644 +--- a/src/ftp.h ++++ b/src/ftp.h +@@ -129,7 +129,8 @@ enum wget_ftp_fstatus + }; + + struct fileinfo *ftp_parse_ls (const char *, const enum stype); +-uerr_t ftp_loop (struct url *, char **, int *, struct url *, bool, bool); ++uerr_t ftp_loop (struct url *, struct url *, char **, int *, struct url *, ++ bool, bool); + + uerr_t ftp_index (const char *, struct url *, struct fileinfo *); + +diff --git a/src/retr.c b/src/retr.c +index 66624dc..21fad56 100644 +--- a/src/retr.c ++++ b/src/retr.c +@@ -794,7 +794,8 @@ retrieve_url (struct url * orig_parsed, const char *origurl, char **file, + if (redirection_count) + oldrec = glob = false; + +- result = ftp_loop (u, &local_file, dt, proxy_url, recursive, glob); ++ result = ftp_loop (u, orig_parsed, &local_file, dt, proxy_url, ++ recursive, glob); + recursive = oldrec; + + /* There is a possibility of having HTTP being redirected to diff --git a/SOURCES/wget-1.14-CVE-2017-13089.patch b/SOURCES/wget-1.14-CVE-2017-13089.patch new file mode 100644 index 00000000..4f043648 --- /dev/null +++ b/SOURCES/wget-1.14-CVE-2017-13089.patch @@ -0,0 +1,18 @@ +@@ -, +, @@ + (CVE-2017-13089) +--- + src/http.c | 3 +++ + 1 file changed, 3 insertions(+) +--- a/src/http.c ++++ a/src/http.c +@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked) + remaining_chunk_size = strtol (line, &endl, 16); + xfree (line); + ++ if (remaining_chunk_size < 0) ++ return false; ++ + if (remaining_chunk_size == 0) + { + line = fd_read_line (fd); +-- diff --git a/SOURCES/wget-1.14-CVE-2017-13090.patch b/SOURCES/wget-1.14-CVE-2017-13090.patch new file mode 100644 index 00000000..634625fd --- /dev/null +++ b/SOURCES/wget-1.14-CVE-2017-13090.patch @@ -0,0 +1,21 @@ +@@ -, +, @@ + (CVE-2017-13090) +--- + src/retr.c | 6 ++++++ + 1 file changed, 6 insertions(+) +--- a/src/retr.c ++++ a/src/retr.c +@@ -378,6 +378,12 @@ fd_read_body (const char *downloaded_filename, int fd, FILE *out, wgint toread, + remaining_chunk_size = strtol (line, &endl, 16); + xfree (line); + ++ if (remaining_chunk_size < 0) ++ { ++ ret = -1; ++ break; ++ } ++ + if (remaining_chunk_size == 0) + { + ret = 0; +-- diff --git a/SOURCES/wget-1.14-CVE-2018-0494.patch b/SOURCES/wget-1.14-CVE-2018-0494.patch new file mode 100644 index 00000000..25f9a3d2 --- /dev/null +++ b/SOURCES/wget-1.14-CVE-2018-0494.patch @@ -0,0 +1,43 @@ +diff --git a/src/http.c b/src/http.c +index b45c404..aa4fd25 100644 +--- a/src/http.c ++++ b/src/http.c +@@ -605,9 +605,9 @@ struct response { + resp_header_*. */ + + static struct response * +-resp_new (const char *head) ++resp_new (char *head) + { +- const char *hdr; ++ char *hdr; + int count, size; + + struct response *resp = xnew0 (struct response); +@@ -636,15 +636,23 @@ resp_new (const char *head) + break; + + /* Find the end of HDR, including continuations. */ +- do ++ for (;;) + { +- const char *end = strchr (hdr, '\n'); ++ char *end = strchr (hdr, '\n'); ++ + if (end) + hdr = end + 1; + else + hdr += strlen (hdr); ++ ++ if (*hdr != ' ' && *hdr != '\t') ++ break; ++ ++ // continuation, transform \r and \n into spaces ++ *end = ' '; ++ if (end > head && end[-1] == '\r') ++ end[-1] = ' '; + } +- while (*hdr == ' ' || *hdr == '\t'); + } + DO_REALLOC (resp->headers, size, count + 1, const char *); + resp->headers[count] = NULL; diff --git a/SOURCES/wget-1.14-Fix-deadcode-and-possible-NULL-use.patch b/SOURCES/wget-1.14-Fix-deadcode-and-possible-NULL-use.patch new file mode 100644 index 00000000..20c4f339 --- /dev/null +++ b/SOURCES/wget-1.14-Fix-deadcode-and-possible-NULL-use.patch @@ -0,0 +1,47 @@ +From 613d8639c48b950f76d132b70d27e518ba6d6891 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Fri, 26 Apr 2013 14:42:30 +0200 +Subject: [PATCH] Fix using deadcode and possible use of NULL pointer + +Fix for deadcode in unique_create() so that "opened_name" parameter is +always initialized to a valid string or NULL when returning from +function. + +Fix for redirect_output() so that "logfile" is not blindly used in +fprintf() call and checked if it is not NULL. + +Signed-off-by: Tomas Hozza +--- + src/log.c | 2 +- + src/utils.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/log.c b/src/log.c +index 0185df1..4f93a21 100644 +--- a/src/log.c ++++ b/src/log.c +@@ -871,7 +871,7 @@ redirect_output (void) + can do but disable printing completely. */ + fprintf (stderr, _("\n%s received.\n"), redirect_request_signal_name); + fprintf (stderr, _("%s: %s; disabling logging.\n"), +- logfile, strerror (errno)); ++ (logfile) ? logfile : DEFAULT_LOGFILE, strerror (errno)); + inhibit_logging = true; + } + save_context_p = false; +diff --git a/src/utils.c b/src/utils.c +index 567dc35..7cc942f 100644 +--- a/src/utils.c ++++ b/src/utils.c +@@ -703,7 +703,7 @@ unique_create (const char *name, bool binary, char **opened_name) + xfree (uname); + uname = unique_name (name, false); + } +- if (opened_name && fp != NULL) ++ if (opened_name) + { + if (fp) + *opened_name = uname; +-- +1.8.1.4 + diff --git a/SOURCES/wget-1.14-add-openssl-tlsv11-tlsv12-support.patch b/SOURCES/wget-1.14-add-openssl-tlsv11-tlsv12-support.patch new file mode 100644 index 00000000..634cb97a --- /dev/null +++ b/SOURCES/wget-1.14-add-openssl-tlsv11-tlsv12-support.patch @@ -0,0 +1,122 @@ +diff --git a/doc/wget.texi b/doc/wget.texi +index 118fce9..3bd8dd7 100644 +--- a/doc/wget.texi ++++ b/doc/wget.texi +@@ -1555,16 +1555,17 @@ without SSL support, none of these options are available. + @cindex SSL protocol, choose + @item --secure-protocol=@var{protocol} + Choose the secure protocol to be used. Legal values are @samp{auto}, +-@samp{SSLv2}, @samp{SSLv3}, and @samp{TLSv1}. If @samp{auto} is used, +-the SSL library is given the liberty of choosing the appropriate +-protocol automatically, which is achieved by sending an SSLv2 greeting +-and announcing support for SSLv3 and TLSv1. This is the default. +- +-Specifying @samp{SSLv2}, @samp{SSLv3}, or @samp{TLSv1} forces the use +-of the corresponding protocol. This is useful when talking to old and +-buggy SSL server implementations that make it hard for OpenSSL to +-choose the correct protocol version. Fortunately, such servers are +-quite rare. ++@samp{SSLv2}, @samp{SSLv3}, @samp{TLSv1}, @samp{TLSv1_1} and ++@samp{TLSv1_2}. If @samp{auto} is used, the SSL library is given the ++liberty of choosing the appropriate protocol automatically, which is ++achieved by sending a SSLv2 greeting and announcing support for SSLv3 ++and TLSv1. This is the default. ++ ++Specifying @samp{SSLv2}, @samp{SSLv3}, @samp{TLSv1}, @samp{TLSv1_1} or ++@samp{TLSv1_2} forces the use of the corresponding protocol. This is ++useful when talking to old and buggy SSL server implementations that ++make it hard for the underlying SSL library to choose the correct ++protocol version. Fortunately, such servers are quite rare. + + @cindex SSL certificate, check + @item --no-check-certificate +diff --git a/src/init.c b/src/init.c +index 4cee677..f160bec 100644 +--- a/src/init.c ++++ b/src/init.c +@@ -1488,6 +1488,8 @@ cmd_spec_secure_protocol (const char *com, const char *val, void *place) + { "sslv2", secure_protocol_sslv2 }, + { "sslv3", secure_protocol_sslv3 }, + { "tlsv1", secure_protocol_tlsv1 }, ++ { "tlsv1_1", secure_protocol_tlsv1_1 }, ++ { "tlsv1_2", secure_protocol_tlsv1_2 }, + }; + int ok = decode_string (val, choices, countof (choices), place); + if (!ok) +diff --git a/src/main.c b/src/main.c +index 9cbad9f..3d50dad 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -625,7 +625,7 @@ HTTP options:\n"), + HTTPS (SSL/TLS) options:\n"), + N_("\ + --secure-protocol=PR choose secure protocol, one of auto, SSLv2,\n\ +- SSLv3, and TLSv1.\n"), ++ SSLv3, TLSv1, TLSv1_1 and TLSv1_2.\n"), + N_("\ + --no-check-certificate don't validate the server's certificate.\n"), + N_("\ +diff --git a/src/openssl.c b/src/openssl.c +index b3c31ce..141a8a3 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -40,6 +40,9 @@ as that of the covered work. */ + #include + #include + #include ++#if OPENSSL_VERSION_NUMBER >= 0x00907000 ++#include ++#endif + + #include "utils.h" + #include "connect.h" +@@ -176,6 +179,12 @@ ssl_init (void) + goto error; + } + ++#if OPENSSL_VERSION_NUMBER >= 0x00907000 ++ OPENSSL_load_builtin_modules(); ++ ENGINE_load_builtin_engines(); ++ CONF_modules_load_file(NULL, NULL, ++ CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE); ++#endif + SSL_library_init (); + SSL_load_error_strings (); + SSLeay_add_all_algorithms (); +@@ -197,6 +206,21 @@ ssl_init (void) + case secure_protocol_tlsv1: + meth = TLSv1_client_method (); + break; ++#if OPENSSL_VERSION_NUMBER >= 0x10001000 ++ case secure_protocol_tlsv1_1: ++ meth = TLSv1_1_client_method (); ++ break; ++ case secure_protocol_tlsv1_2: ++ meth = TLSv1_2_client_method (); ++ break; ++#else ++ case secure_protocol_tlsv1_1: ++ logprintf (LOG_NOTQUIET, _("Your OpenSSL version is too old to support TLSv1.1\n")); ++ goto error; ++ case secure_protocol_tlsv1_2: ++ logprintf (LOG_NOTQUIET, _("Your OpenSSL version is too old to support TLSv1.2\n")); ++ goto error; ++#endif + default: + abort (); + } +diff --git a/src/options.h b/src/options.h +index 326123a..575e647 100644 +--- a/src/options.h ++++ b/src/options.h +@@ -200,7 +200,9 @@ struct options + secure_protocol_auto, + secure_protocol_sslv2, + secure_protocol_sslv3, +- secure_protocol_tlsv1 ++ secure_protocol_tlsv1, ++ secure_protocol_tlsv1_1, ++ secure_protocol_tlsv1_2 + } secure_protocol; /* type of secure protocol to use. */ + bool check_cert; /* whether to validate the server's cert */ + char *cert_file; /* external client certificate to use. */ diff --git a/SOURCES/wget-1.14-add_missing_options_doc.patch b/SOURCES/wget-1.14-add_missing_options_doc.patch new file mode 100644 index 00000000..f4066090 --- /dev/null +++ b/SOURCES/wget-1.14-add_missing_options_doc.patch @@ -0,0 +1,27 @@ +From 8dc52c6eaa1993d140a52bc0627e436efd9870d0 Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Sun, 28 Apr 2013 22:41:24 +0200 +Subject: [PATCH] doc: add documentation for --accept-regex and --reject-regex + +--- + doc/wget.texi | 4 ++++ + 1 files changed, 4 insertions(+) + +diff --git a/doc/wget.texi b/doc/wget.texi +index fed188a..039f700 100644 +--- a/doc/wget.texi ++++ b/doc/wget.texi +@@ -2049,6 +2049,10 @@ any of the wildcard characters, @samp{*}, @samp{?}, @samp{[} or + @samp{]}, appear in an element of @var{acclist} or @var{rejlist}, + it will be treated as a pattern, rather than a suffix. + ++@item --accept-regex @var{urlregex} ++@itemx --reject-regex @var{urlregex} ++Specify a regular expression to accept or reject the complete URL. ++ + @item -D @var{domain-list} + @itemx --domains=@var{domain-list} + Set domains to be followed. @var{domain-list} is a comma-separated list +-- +1.8.1.4 + diff --git a/SOURCES/wget-1.14-digest-auth-qop-segfault-fix.patch b/SOURCES/wget-1.14-digest-auth-qop-segfault-fix.patch new file mode 100644 index 00000000..0679c13d --- /dev/null +++ b/SOURCES/wget-1.14-digest-auth-qop-segfault-fix.patch @@ -0,0 +1,22 @@ +diff --git a/src/http.c b/src/http.c +index 5ee1c93..b45c404 100644 +--- a/src/http.c ++++ b/src/http.c +@@ -3728,7 +3728,7 @@ digest_authentication_encode (const char *au, const char *user, + md5_finish_ctx (&ctx, hash); + dump_hash (a2buf, hash); + +- if (!strcmp(qop,"auth")) ++ if (qop && !strcmp(qop,"auth")) + { + /* RFC 2617 Digest Access Authentication */ + /* generate random hex string */ +@@ -3776,7 +3776,7 @@ digest_authentication_encode (const char *au, const char *user, + + res = xmalloc (res_size); + +- if (!strcmp(qop,"auth")) ++ if (qop && !strcmp (qop, "auth")) + { + snprintf (res, res_size, "Digest "\ + "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\""\ diff --git a/SOURCES/wget-1.14-doc-missing-opts-and-fix-preserve-permissions.patch b/SOURCES/wget-1.14-doc-missing-opts-and-fix-preserve-permissions.patch new file mode 100644 index 00000000..7bc67c00 --- /dev/null +++ b/SOURCES/wget-1.14-doc-missing-opts-and-fix-preserve-permissions.patch @@ -0,0 +1,61 @@ +From c78caecbb4209ce2e36a587497cf1d6b350e513a Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Thu, 11 Jul 2013 15:52:28 +0000 +Subject: Document missing options and fix --preserve-permissions + +Added documentation for --regex-type and --preserve-permissions +options. + +Fixed --preserve-permissions to work properly also if downloading a +single file from FTP. + +Signed-off-by: Tomas Hozza +--- +diff --git a/doc/wget.texi b/doc/wget.texi +index 710f0ac..5054382 100644 +--- a/doc/wget.texi ++++ b/doc/wget.texi +@@ -1816,6 +1816,10 @@ in some rare firewall configurations, active FTP actually works when + passive FTP doesn't. If you suspect this to be the case, use this + option, or set @code{passive_ftp=off} in your init file. + ++@cindex file permissions ++@item --preserve-permissions ++Preserve remote file permissions instead of permissions set by umask. ++ + @cindex symbolic links, retrieving + @item --retr-symlinks + Usually, when retrieving @sc{ftp} directories recursively and a symbolic +@@ -2057,6 +2061,11 @@ it will be treated as a pattern, rather than a suffix. + @itemx --reject-regex @var{urlregex} + Specify a regular expression to accept or reject the complete URL. + ++@item --regex-type @var{regextype} ++Specify the regular expression type. Possible types are @samp{posix} or ++@samp{pcre}. Note that to be able to use @samp{pcre} type, wget has to be ++compiled with libpcre support. ++ + @item -D @var{domain-list} + @itemx --domains=@var{domain-list} + Set domains to be followed. @var{domain-list} is a comma-separated list +diff --git a/src/ftp.c b/src/ftp.c +index 9b3d81c..1fe2bac 100644 +--- a/src/ftp.c ++++ b/src/ftp.c +@@ -2285,11 +2285,11 @@ ftp_loop (struct url *u, char **local_file, int *dt, struct url *proxy, + file_part = u->path; + ispattern = has_wildcards_p (file_part); + } +- if (ispattern || recursive || opt.timestamping) ++ if (ispattern || recursive || opt.timestamping || opt.preserve_perm) + { + /* ftp_retrieve_glob is a catch-all function that gets called +- if we need globbing, time-stamping or recursion. Its +- third argument is just what we really need. */ ++ if we need globbing, time-stamping, recursion or preserve ++ permissions. Its third argument is just what we really need. */ + res = ftp_retrieve_glob (u, &con, + ispattern ? GLOB_GLOBALL : GLOB_GETONE); + } +-- +cgit v0.9.0.2 diff --git a/SOURCES/wget-1.14-document-backups.patch b/SOURCES/wget-1.14-document-backups.patch new file mode 100644 index 00000000..eac0ad4b --- /dev/null +++ b/SOURCES/wget-1.14-document-backups.patch @@ -0,0 +1,60 @@ +From 44ba49b31f4ea515f8a6ef2642a34c0fd2024b90 Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Tue, 9 Jul 2013 00:50:30 +0200 +Subject: [PATCH] doc: document --backups + +--- + doc/wget.texi | 15 ++++++++++++--- + src/main.c | 3 +++ + 2 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/doc/wget.texi b/doc/wget.texi +index 5054382..7a1670e 100644 +--- a/doc/wget.texi ++++ b/doc/wget.texi +@@ -630,6 +630,13 @@ Note that when @samp{-nc} is specified, files with the suffixes + @samp{.html} or @samp{.htm} will be loaded from the local disk and + parsed as if they had been retrieved from the Web. + ++@cindex backing up files ++@item --backups=@var{backups} ++Before (over)writing a file, back up an existing file by adding a ++@samp{.1} suffix (@samp{_1} on VMS) to the file name. Such backup ++files are rotated to @samp{.2}, @samp{.3}, and so on, up to ++@var{backups} (and lost beyond that). ++ + @cindex continue retrieval + @cindex incomplete downloads + @cindex resume download +@@ -2882,9 +2889,11 @@ enables it). + Enable/disable saving pre-converted files with the suffix + @samp{.orig}---the same as @samp{-K} (which enables it). + +-@c @item backups = @var{number} +-@c #### Document me! +-@c ++@item backups = @var{number} ++Use up to @var{number} backups for a file. Backups are rotated by ++adding an incremental counter that starts at @samp{1}. The default is ++@samp{0}. ++ + @item base = @var{string} + Consider relative @sc{url}s in input files (specified via the + @samp{input} command or the @samp{--input-file}/@samp{-i} option, +diff --git a/src/main.c b/src/main.c +index c895c4e..8ce0eb3 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -714,6 +714,9 @@ Recursive download:\n"), + N_("\ + -k, --convert-links make links in downloaded HTML or CSS point to\n\ + local files.\n"), ++ N_("\ ++ --backups=N before writing file X, rotate up to N backup files.\n"), ++ + #ifdef __VMS + N_("\ + -K, --backup-converted before converting file X, back up as X_orig.\n"), +-- +1.8.3.1 + diff --git a/SOURCES/wget-1.14-fix-backups-to-work-as-documented.patch b/SOURCES/wget-1.14-fix-backups-to-work-as-documented.patch new file mode 100644 index 00000000..799a7a15 --- /dev/null +++ b/SOURCES/wget-1.14-fix-backups-to-work-as-documented.patch @@ -0,0 +1,80 @@ +From c52bbad9e4bad1393a9d6ba37e600d388f5ab419 Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Wed, 10 Jul 2013 20:59:34 +0200 +Subject: [PATCH] Make --backups work as documented + +--- + src/http.c | 6 ------ + src/options.h | 2 +- + src/url.c | 3 ++- + src/url.h | 6 ++++++ + 4 files changed, 9 insertions(+), 8 deletions(-) + +diff --git a/src/http.c b/src/http.c +index 9f274dc..b0c782b 100644 +--- a/src/http.c ++++ b/src/http.c +@@ -1641,12 +1641,6 @@ read_response_body (struct http_stat *hs, int sock, FILE *fp, wgint contlen, + } while (0) + #endif /* def __VMS [else] */ + +-/* The flags that allow clobbering the file (opening with "wb"). +- Defined here to avoid repetition later. #### This will require +- rework. */ +-#define ALLOW_CLOBBER (opt.noclobber || opt.always_rest || opt.timestamping \ +- || opt.dirstruct || opt.output_document) +- + /* Retrieve a document through HTTP protocol. It recognizes status + code, and correctly handles redirections. It closes the network + socket. If it receives an error from the functions below it, it +diff --git a/src/options.h b/src/options.h +index ed38617..0a10c9b 100644 +--- a/src/options.h ++++ b/src/options.h +@@ -166,7 +166,7 @@ struct options + bool timestamping; /* Whether to use time-stamping. */ + + bool backup_converted; /* Do we save pre-converted files as *.orig? */ +- bool backups; /* Are numeric backups made? */ ++ int backups; /* Are numeric backups made? */ + + char *useragent; /* User-Agent string, which can be set + to something other than Wget. */ +diff --git a/src/url.c b/src/url.c +index 5e2b9a3..bf9d697 100644 +--- a/src/url.c ++++ b/src/url.c +@@ -1669,11 +1669,12 @@ url_file_name (const struct url *u, char *replaced_filename) + 2) Retrieval with regetting. + 3) Timestamping is used. + 4) Hierarchy is built. ++ 5) Backups are specified. + + The exception is the case when file does exist and is a + directory (see `mkalldirs' for explanation). */ + +- if ((opt.noclobber || opt.always_rest || opt.timestamping || opt.dirstruct) ++ if (ALLOW_CLOBBER + && !(file_exists_p (fname) && !file_non_directory_p (fname))) + { + unique = fname; +diff --git a/src/url.h b/src/url.h +index b7f4366..cd3782b 100644 +--- a/src/url.h ++++ b/src/url.h +@@ -47,6 +47,12 @@ as that of the covered work. */ + #define DEFAULT_FTP_PORT 21 + #define DEFAULT_HTTPS_PORT 443 + ++/* The flags that allow clobbering the file (opening with "wb"). ++ Defined here to avoid repetition later. #### This will require ++ rework. */ ++#define ALLOW_CLOBBER (opt.noclobber || opt.always_rest || opt.timestamping \ ++ || opt.dirstruct || opt.output_document || opt.backups > 0) ++ + /* Specifies how, or whether, user auth information should be included + * in URLs regenerated from URL parse structures. */ + enum url_auth_mode { +-- +1.8.3.1 + diff --git a/SOURCES/wget-1.14-fix-double-free-of-iri-orig_url.patch b/SOURCES/wget-1.14-fix-double-free-of-iri-orig_url.patch new file mode 100644 index 00000000..9ad8195d --- /dev/null +++ b/SOURCES/wget-1.14-fix-double-free-of-iri-orig_url.patch @@ -0,0 +1,29 @@ +From bdf2764457bef7c33be289b889ddf6df91773296 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Wed, 10 Jul 2013 13:23:37 +0200 +Subject: [PATCH] Set iri->orig_url to NULL after free. + +Set iri->orig_url to NULL after free to prevent double +free in retrieve_url() and iri_free() when using IRI +and downloading site that redirects itself. + +Signed-off-by: Tomas Hozza +--- + src/retr.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/retr.c b/src/retr.c +index 6204839..66624dc 100644 +--- a/src/retr.c ++++ b/src/retr.c +@@ -838,6 +838,7 @@ retrieve_url (struct url * orig_parsed, const char *origurl, char **file, + iri->utf8_encode = opt.enable_iri; + set_content_encoding (iri, NULL); + xfree_null (iri->orig_url); ++ iri->orig_url = NULL; + + /* Now, see if this new location makes sense. */ + newloc_parsed = url_parse (mynewloc, &up_error_code, iri, true); +-- +1.8.3.1 + diff --git a/SOURCES/wget-1.14-fix-synchronization-in-Test-proxied-https-auth.patch b/SOURCES/wget-1.14-fix-synchronization-in-Test-proxied-https-auth.patch new file mode 100644 index 00000000..b0a3f874 --- /dev/null +++ b/SOURCES/wget-1.14-fix-synchronization-in-Test-proxied-https-auth.patch @@ -0,0 +1,164 @@ +From 082e7194605e99f0e50f8909fcaf10adee747cc8 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Fri, 5 May 2017 13:46:11 +0200 +Subject: [PATCH] Fix client/server synchronization in + Test-proxied-https-auth.px test + +Combination of upstream commits vithout adding support for Valgrind: +3eff3ad69a46364475e1f4abdf9412cfa87e3d6c +2303793a626158627bdb2ac255e0f58697682b24 + +Signed-off-by: Tomas Hozza +--- + tests/Test-proxied-https-auth.px | 82 +++++++++++++++++++++++----------------- + 1 file changed, 48 insertions(+), 34 deletions(-) + +diff --git a/tests/Test-proxied-https-auth.px b/tests/Test-proxied-https-auth.px +index 1de5357..e1a6c44 100755 +--- a/tests/Test-proxied-https-auth.px ++++ b/tests/Test-proxied-https-auth.px +@@ -1,4 +1,6 @@ + #!/usr/bin/env perl ++# Simulate a tunneling proxy to a HTTPS URL that needs authentication. ++# Use two connections (Connection: close) + + use strict; + use warnings; +@@ -39,31 +41,33 @@ sub get_request { + } + + sub do_server { +- my $alrm = alarm 10; +- ++ my ($synch_callback) = @_; + my $s = $SOCKET; + my $conn; + my $rqst; + my $rspn; ++ ++ my %options = ( ++ SSL_server => 1, ++ SSL_passwd_cb => sub { return "Hello"; }); ++ $options{SSL_cert_file} = $cert_path if ($cert_path); ++ $options{SSL_key_file} = $key_path if ($key_path); ++ my @options = %options; ++ ++ # sync with the parent ++ $synch_callback->(); ++ ++ # Simulate a HTTPS proxy server with tunneling. ++ + for my $expect_inner_auth (0, 1) { + $conn = $s->accept; + $rqst = $conn->get_request; +- +- # TODO: expect no auth the first time, request it, expect it the second +- # time. +- + die "Method not CONNECT\n" if ($rqst->method ne 'CONNECT'); + $rspn = HTTP::Response->new(200, 'OK'); + $conn->send_response($rspn); + +- my %options = ( +- SSL_server => 1, +- SSL_passwd_cb => sub { return "Hello"; }); +- +- $options{SSL_cert_file} = $cert_path if ($cert_path); +- $options{SSL_key_file} = $key_path if ($key_path); +- +- my @options = %options; ++ # Now switch from plain to SSL (for simulating a transparent tunnel ++ # to an HTTPS server). + + $conn = IO::Socket::SSL->new_from_fd($conn->fileno, @options) + or die "Couldn't initiate SSL"; +@@ -74,14 +78,10 @@ sub do_server { + unless ($expect_inner_auth) { + die "Early proxied auth\n" if $rqst->header('Authorization'); + +- # TODO: handle non-persistent connection here. + $rspn = HTTP::Response->new(401, 'Unauthorized', [ + 'WWW-Authenticate' => 'Basic realm="gondor"', + Connection => 'close' + ]); +- $rspn->protocol('HTTP/1.0'); +- print $rspn->as_string; +- print $conn $rspn->as_string; + } else { + die "No proxied auth\n" unless $rqst->header('Authorization'); + +@@ -89,41 +89,55 @@ sub do_server { + 'Content-Type' => 'text/plain', + 'Connection' => 'close', + ], "foobarbaz\n"); +- $rspn->protocol('HTTP/1.0'); +- print "=====\n"; +- print $rspn->as_string; +- print "\n=====\n"; +- print $conn $rspn->as_string; + } ++ ++ $rspn->protocol('HTTP/1.0'); ++ print STDERR "=====\n"; ++ print STDERR $rspn->as_string; ++ print STDERR "\n=====\n"; ++ print $conn $rspn->as_string; ++ + $conn->close; + } ++ + undef $conn; + undef $s; +- alarm $alrm; + } + + sub fork_server { +- my $pid = fork; +- die "Couldn't fork" if ($pid < 0); +- return $pid if $pid; ++ pipe(FROM_CHILD, TO_PARENT) or die "Cannot create pipe!"; ++ select((select(TO_PARENT), $| = 1)[0]); ++ ++ my $pid = fork(); ++ if ($pid < 0) { ++ die "Cannot fork"; ++ } elsif ($pid == 0) { ++ # child ++ close FROM_CHILD; ++ do_server(sub { print TO_PARENT "SYNC\n"; close TO_PARENT }); ++ exit 0; ++ } else { ++ # parent ++ close TO_PARENT; ++ chomp(my $line = ); ++ close FROM_CHILD; ++ } + +- &do_server; +- exit; ++ return $pid; + } + +-system ('rm -f needs-auth.txt'); ++unlink "needs-auth.txt"; + my $pid = &fork_server; + +-sleep 1; + my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee" + . " --password=Dodgson -e https_proxy=localhost:{{port}}" + . " --no-check-certificate" + . " https://no.such.domain/needs-auth.txt"; + $cmdline =~ s/{{port}}/$SOCKET->sockport()/e; + +-my $code = system($cmdline); +-system ('rm -f needs-auth.txt'); ++my $code = system($cmdline . " 2>&1") >> 8; ++unlink "needs-auth.txt"; + + warn "Got code: $code\n" if $code; + kill ('TERM', $pid); +-exit ($code >> 8); ++exit ($code != 0); +-- +2.7.4 + diff --git a/SOURCES/wget-1.14-manpage-tex5.patch b/SOURCES/wget-1.14-manpage-tex5.patch new file mode 100644 index 00000000..49728fcf --- /dev/null +++ b/SOURCES/wget-1.14-manpage-tex5.patch @@ -0,0 +1,55 @@ +From a2a34ad8e09117041761fa96830f289aa6e67042 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Fri, 22 Feb 2013 12:29:37 +0100 +Subject: [PATCH] Fix @itemx issue when building doc + +@itemx should be used ONLY for second and subsequent item(s). + +Signed-off-by: Tomas Hozza +--- + doc/wget.texi | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/doc/wget.texi b/doc/wget.texi +index c1fc82f..3768156 100644 +--- a/doc/wget.texi ++++ b/doc/wget.texi +@@ -876,7 +876,7 @@ recommendation to block many unrelated users from a web site due to the + actions of one. + + @cindex proxy +-@itemx --no-proxy ++@item --no-proxy + Don't use proxies, even if the appropriate @code{*_proxy} environment + variable is defined. + +@@ -977,7 +977,7 @@ are outside the range of @sc{ascii} characters (that is, greater than + whose encoding does not match the one used locally. + + @cindex IPv6 +-@itemx -4 ++@item -4 + @itemx --inet4-only + @itemx -6 + @itemx --inet6-only +@@ -3094,7 +3094,7 @@ display properly---the same as @samp{-p}. + Change setting of passive @sc{ftp}, equivalent to the + @samp{--passive-ftp} option. + +-@itemx password = @var{string} ++@item password = @var{string} + Specify password @var{string} for both @sc{ftp} and @sc{http} file retrieval. + This command can be overridden using the @samp{ftp_password} and + @samp{http_password} command for @sc{ftp} and @sc{http} respectively. +@@ -3605,7 +3605,7 @@ In addition to the environment variables, proxy location and settings + may be specified from within Wget itself. + + @table @samp +-@itemx --no-proxy ++@item --no-proxy + @itemx proxy = on/off + This option and the corresponding command may be used to suppress the + use of proxy, even if the appropriate environment variables are set. +-- +1.8.1.2 + diff --git a/SOURCES/wget-1.14-rh1147572.patch b/SOURCES/wget-1.14-rh1147572.patch new file mode 100644 index 00000000..f3785ddd --- /dev/null +++ b/SOURCES/wget-1.14-rh1147572.patch @@ -0,0 +1,26 @@ +From 798f554773baf1adca376500ca120a992e6d7492 Mon Sep 17 00:00:00 2001 +From: Tim Ruehsen +Date: Tue, 28 Aug 2012 16:38:21 +0200 +Subject: [PATCH] remove -nv from --report-speed in doc/wget.texi + +--- + doc/wget.texi | 3 +-- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/doc/wget.texi b/doc/wget.texi +index 7efdc72..400debe 100644 +--- a/doc/wget.texi ++++ b/doc/wget.texi +@@ -479,8 +479,7 @@ Turn off verbose without being completely quiet (use @samp{-q} for + that), which means that error messages and basic information still get + printed. + +-@item -nv +-@itemx --report-speed=@var{type} ++@item --report-speed=@var{type} + Output bandwidth as @var{type}. The only accepted value is @samp{bits}. + + @cindex input-file +-- +1.9.3 + diff --git a/SOURCES/wget-1.14-rh1203384.patch b/SOURCES/wget-1.14-rh1203384.patch new file mode 100644 index 00000000..9f3ba42e --- /dev/null +++ b/SOURCES/wget-1.14-rh1203384.patch @@ -0,0 +1,30 @@ +From aed7d4163a9e2083d294a9471e1347ab13d6f2ab Mon Sep 17 00:00:00 2001 +From: Pavel Mateja +Date: Sat, 2 Nov 2013 11:27:58 +0100 +Subject: [PATCH] http: specify Host when CONNECT is used. + +--- + src/http.c | 7 +++---- + 2 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/http.c b/src/http.c +index dbfcdfb..8917fa5 100644 +--- a/src/http.c ++++ b/src/http.c +@@ -2013,10 +2013,9 @@ gethttp (struct url *u, struct http_stat *hs, int *dt, struct url *proxy, + the regular request below. */ + proxyauth = NULL; + } +- /* Examples in rfc2817 use the Host header in CONNECT +- requests. I don't see how that gains anything, given +- that the contents of Host would be exactly the same as +- the contents of CONNECT. */ ++ request_set_header (connreq, "Host", ++ aprintf ("%s:%d", u->host, u->port), ++ rel_value); + + write_error = request_send (connreq, sock, 0); + request_free (connreq); +-- +2.1.0 + diff --git a/SOURCES/wget-1.14-set_sock_to_-1_if_no_persistent_conn.patch b/SOURCES/wget-1.14-set_sock_to_-1_if_no_persistent_conn.patch new file mode 100644 index 00000000..9ee37e8f --- /dev/null +++ b/SOURCES/wget-1.14-set_sock_to_-1_if_no_persistent_conn.patch @@ -0,0 +1,32 @@ +From 8760123cee87e07a276b8b13ef48ada3a490ad47 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Thu, 11 Jul 2013 11:22:43 +0000 +Subject: Set sock variable to -1 if no persistent conn exists + +Wget should set sock variable to -1 if no persistent +connection exists. Function persistent_available_p() +tests persistent connection but if test_socket_open() +fails it closes the socket but will not set sock variable +to -1. After returning from persistent_available_p() +it is possible that sock has still value of already +closed connection. + +Signed-off-by: Tomas Hozza +--- +diff --git a/src/http.c b/src/http.c +index 669f0fe..a693355 100644 +--- a/src/http.c ++++ b/src/http.c +@@ -1983,6 +1983,10 @@ gethttp (struct url *u, struct http_stat *hs, int *dt, struct url *proxy, + exec_name, quote (relevant->host)); + return HOSTERR; + } ++ else if (sock != -1) ++ { ++ sock = -1; ++ } + } + + if (sock < 0) +-- +cgit v0.9.0.2 diff --git a/SOURCES/wget-1.14-sslreadtimeout.patch b/SOURCES/wget-1.14-sslreadtimeout.patch new file mode 100644 index 00000000..03c29fc9 --- /dev/null +++ b/SOURCES/wget-1.14-sslreadtimeout.patch @@ -0,0 +1,105 @@ +diff -up wget-1.14/src/openssl.c.ssltimeout wget-1.14/src/openssl.c +--- wget-1.14/src/openssl.c.ssltimeout 2012-08-09 14:30:14.987964706 +0200 ++++ wget-1.14/src/openssl.c 2012-08-09 14:44:05.467660741 +0200 +@@ -256,19 +256,42 @@ struct openssl_transport_context { + char *last_error; /* last error printed with openssl_errstr */ + }; + +-static int +-openssl_read (int fd, char *buf, int bufsize, void *arg) +-{ +- int ret; +- struct openssl_transport_context *ctx = arg; ++struct openssl_read_args { ++ int fd; ++ struct openssl_transport_context *ctx; ++ char *buf; ++ int bufsize; ++ int retval; ++}; ++ ++static void openssl_read_callback(void *arg) { ++ struct openssl_read_args *args = (struct openssl_read_args *) arg; ++ struct openssl_transport_context *ctx = args->ctx; + SSL *conn = ctx->conn; ++ char *buf = args->buf; ++ int bufsize = args->bufsize; ++ int ret; ++ + do + ret = SSL_read (conn, buf, bufsize); +- while (ret == -1 +- && SSL_get_error (conn, ret) == SSL_ERROR_SYSCALL ++ while (ret == -1 && SSL_get_error (conn, ret) == SSL_ERROR_SYSCALL + && errno == EINTR); ++ args->retval = ret; ++} + +- return ret; ++static int ++openssl_read (int fd, char *buf, int bufsize, void *arg) ++{ ++ struct openssl_read_args args; ++ args.fd = fd; ++ args.buf = buf; ++ args.bufsize = bufsize; ++ args.ctx = (struct openssl_transport_context*) arg; ++ ++ if (run_with_timeout(opt.read_timeout, openssl_read_callback, &args)) { ++ return -1; ++ } ++ return args.retval; + } + + static int +@@ -386,6 +409,18 @@ static struct transport_implementation o + openssl_peek, openssl_errstr, openssl_close + }; + ++struct scwt_context { ++ SSL *ssl; ++ int result; ++}; ++ ++static void ++ssl_connect_with_timeout_callback(void *arg) ++{ ++ struct scwt_context *ctx = (struct scwt_context *)arg; ++ ctx->result = SSL_connect(ctx->ssl); ++} ++ + /* Perform the SSL handshake on file descriptor FD, which is assumed + to be connected to an SSL server. The SSL handle provided by + OpenSSL is registered with the file descriptor FD using +@@ -398,6 +433,7 @@ bool + ssl_connect_wget (int fd, const char *hostname) + { + SSL *conn; ++ struct scwt_context scwt_ctx; + struct openssl_transport_context *ctx; + + DEBUGP (("Initiating SSL handshake.\n")); +@@ -425,7 +461,14 @@ ssl_connect_wget (int fd, const char *ho + if (!SSL_set_fd (conn, FD_TO_SOCKET (fd))) + goto error; + SSL_set_connect_state (conn); +- if (SSL_connect (conn) <= 0 || conn->state != SSL_ST_OK) ++ ++ scwt_ctx.ssl = conn; ++ if (run_with_timeout(opt.read_timeout, ssl_connect_with_timeout_callback, ++ &scwt_ctx)) { ++ DEBUGP (("SSL handshake timed out.\n")); ++ goto timeout; ++ } ++ if (scwt_ctx.result <= 0 || conn->state != SSL_ST_OK) + goto error; + + ctx = xnew0 (struct openssl_transport_context); +@@ -441,6 +484,7 @@ ssl_connect_wget (int fd, const char *ho + error: + DEBUGP (("SSL handshake failed.\n")); + print_errors (); ++ timeout: + if (conn) + SSL_free (conn); + return false; diff --git a/SOURCES/wget-1.14-support-non-ASCII-characters.patch b/SOURCES/wget-1.14-support-non-ASCII-characters.patch new file mode 100644 index 00000000..7ffd5a40 --- /dev/null +++ b/SOURCES/wget-1.14-support-non-ASCII-characters.patch @@ -0,0 +1,154 @@ +From 0a33fa22c597234ab133f63127b4a5e00cf048b9 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Mon, 20 Jun 2016 12:10:38 +0200 +Subject: [PATCH] Support non-ASCII characters + +Upstream commit 59b920874daa565a1323ffa1e756e80493190686 + +Signed-off-by: Tomas Hozza +--- + src/url.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++++-- + tests/Test-ftp-iri.px | 4 +-- + 2 files changed, 87 insertions(+), 4 deletions(-) + +diff --git a/src/url.c b/src/url.c +index 6bca719..d0d9e27 100644 +--- a/src/url.c ++++ b/src/url.c +@@ -42,6 +42,11 @@ as that of the covered work. */ + #include "url.h" + #include "host.h" /* for is_valid_ipv6_address */ + ++#if HAVE_ICONV ++#include ++#include ++#endif ++ + #ifdef __VMS + #include "vms.h" + #endif /* def __VMS */ +@@ -1335,8 +1340,8 @@ UWC, C, C, C, C, C, C, C, /* NUL SOH STX ETX EOT ENQ ACK BEL */ + 0, 0, 0, 0, 0, 0, 0, 0, /* p q r s t u v w */ + 0, 0, 0, 0, W, 0, 0, C, /* x y z { | } ~ DEL */ + +- C, C, C, C, C, C, C, C, C, C, C, C, C, C, C, C, /* 128-143 */ +- C, C, C, C, C, C, C, C, C, C, C, C, C, C, C, C, /* 144-159 */ ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 128-143 */ ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 144-159 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + +@@ -1456,6 +1461,82 @@ append_uri_pathel (const char *b, const char *e, bool escaped, + TAIL_INCR (dest, outlen); + } + ++static char * ++convert_fname (const char *fname) ++{ ++ char *converted_fname = (char *)fname; ++#if HAVE_ICONV ++ const char *from_encoding = opt.encoding_remote; ++ const char *to_encoding = opt.locale; ++ iconv_t cd; ++ size_t len, done, inlen, outlen; ++ char *s; ++ const char *orig_fname = fname;; ++ ++ /* Defaults for remote and local encodings. */ ++ if (!from_encoding) ++ from_encoding = "UTF-8"; ++ if (!to_encoding) ++ to_encoding = nl_langinfo (CODESET); ++ ++ cd = iconv_open (to_encoding, from_encoding); ++ if (cd == (iconv_t)(-1)) ++ logprintf (LOG_VERBOSE, _("Conversion from %s to %s isn't supported\n"), ++ quote (from_encoding), quote (to_encoding)); ++ else ++ { ++ inlen = strlen (fname); ++ len = outlen = inlen * 2; ++ converted_fname = s = xmalloc (outlen + 1); ++ done = 0; ++ ++ for (;;) ++ { ++ if (iconv (cd, &fname, &inlen, &s, &outlen) != (size_t)(-1) ++ && iconv (cd, NULL, NULL, &s, &outlen) != (size_t)(-1)) ++ { ++ *(converted_fname + len - outlen - done) = '\0'; ++ iconv_close(cd); ++ DEBUGP (("Converted file name '%s' (%s) -> '%s' (%s)\n", ++ orig_fname, from_encoding, converted_fname, to_encoding)); ++ xfree (orig_fname); ++ return converted_fname; ++ } ++ ++ /* Incomplete or invalid multibyte sequence */ ++ if (errno == EINVAL || errno == EILSEQ) ++ { ++ logprintf (LOG_VERBOSE, ++ _("Incomplete or invalid multibyte sequence encountered\n")); ++ xfree (converted_fname); ++ converted_fname = (char *)orig_fname; ++ break; ++ } ++ else if (errno == E2BIG) /* Output buffer full */ ++ { ++ done = len; ++ len = outlen = done + inlen * 2; ++ converted_fname = xrealloc (converted_fname, outlen + 1); ++ s = converted_fname + done; ++ } ++ else /* Weird, we got an unspecified error */ ++ { ++ logprintf (LOG_VERBOSE, _("Unhandled errno %d\n"), errno); ++ xfree (converted_fname); ++ converted_fname = (char *)orig_fname; ++ break; ++ } ++ } ++ DEBUGP (("Failed to convert file name '%s' (%s) -> '?' (%s)\n", ++ orig_fname, from_encoding, to_encoding)); ++ } ++ ++ iconv_close(cd); ++#endif ++ ++ return converted_fname; ++} ++ + /* Append to DEST the directory structure that corresponds the + directory part of URL's path. For example, if the URL is + http://server/dir1/dir2/file, this appends "/dir1/dir2". +@@ -1582,6 +1663,8 @@ url_file_name (const struct url *u, char *replaced_filename) + + fname = fnres.base; + ++ fname = convert_fname (fname); ++ + /* Check the cases in which the unique extensions are not used: + 1) Clobbering is turned off (-nc). + 2) Retrieval with regetting. +diff --git a/tests/Test-ftp-iri.px b/tests/Test-ftp-iri.px +index a4b7fe1..24ac467 100755 +--- a/tests/Test-ftp-iri.px ++++ b/tests/Test-ftp-iri.px +@@ -26,12 +26,12 @@ my %urls = ( + }, + ); + +-my $cmdline = $WgetTest::WGETPATH . " --local-encoding=iso-8859-1 -S ftp://localhost:{{port}}/fran${ccedilla_l1}ais.txt"; ++my $cmdline = $WgetTest::WGETPATH . " --local-encoding=iso-8859-1 --remote-encoding=utf-8 -S ftp://localhost:{{port}}/fran${ccedilla_l1}ais.txt"; + + my $expected_error_code = 0; + + my %expected_downloaded_files = ( +- "fran${ccedilla_u8}ais.txt" => { ++ "fran${ccedilla_l1}ais.txt" => { + content => $francais, + }, + ); +-- +2.5.5 + diff --git a/SOURCES/wget-1.14-texi2pod_error_perl518.patch b/SOURCES/wget-1.14-texi2pod_error_perl518.patch new file mode 100644 index 00000000..13427a05 --- /dev/null +++ b/SOURCES/wget-1.14-texi2pod_error_perl518.patch @@ -0,0 +1,25 @@ +From 7f43748544f26008d0dd337704f02a6ed3200aaf Mon Sep 17 00:00:00 2001 +From: Dave Reisner +Date: Mon, 17 Jun 2013 23:31:46 +0530 +Subject: [PATCH] Fix error in texi2pod intriduced with Perl 5.18 + +--- + doc/texi2pod.pl | 2 +- + 1 files changed, 1 insertions(+), 1 deletion(-) + +diff --git a/doc/texi2pod.pl b/doc/texi2pod.pl +index 86c4b18..9db6de1 100755 +--- a/doc/texi2pod.pl ++++ b/doc/texi2pod.pl +@@ -291,7 +291,7 @@ while(<$inf>) { + if (defined $1) { + my $thing = $1; + if ($ic =~ /\@asis/) { +- $_ = "\n=item $thing\n"; ++ $_ = "\n=item C<$thing>\n"; + } else { + # Entity escapes prevent munging by the <> processing below. + $_ = "\n=item $ic\<$thing\>\n"; +-- +1.8.1.4 + diff --git a/SOURCES/wget-rh-modified.patch b/SOURCES/wget-rh-modified.patch new file mode 100644 index 00000000..b9d528f0 --- /dev/null +++ b/SOURCES/wget-rh-modified.patch @@ -0,0 +1,11 @@ +--- configure~ 2011-09-13 03:15:38.000000000 -0500 ++++ configure 2011-12-16 09:19:34.574773958 -0600 +@@ -561,7 +561,7 @@ + PACKAGE_NAME='wget' + PACKAGE_TARNAME='wget' + PACKAGE_VERSION='1.14' +-PACKAGE_STRING='wget 1.14' ++PACKAGE_STRING='wget 1.14 (Red Hat modified)' + PACKAGE_BUGREPORT='bug-wget@gnu.org' + PACKAGE_URL='' + diff --git a/SPECS/wget.spec b/SPECS/wget.spec new file mode 100644 index 00000000..a3b091af --- /dev/null +++ b/SPECS/wget.spec @@ -0,0 +1,590 @@ +Summary: A utility for retrieving files using the HTTP or FTP protocols +Name: wget +Version: 1.14 +Release: 18%{?dist} +License: GPLv3+ +Group: Applications/Internet +Url: http://www.gnu.org/software/wget/ +Source: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.xz + +Patch1: wget-rh-modified.patch +Patch2: wget-1.12-path.patch +Patch3: wget-1.14-sslreadtimeout.patch +Patch4: wget-1.14-manpage-tex5.patch +Patch5: wget-1.14-add_missing_options_doc.patch +Patch6: wget-1.14-texi2pod_error_perl518.patch +Patch7: wget-1.14-fix-double-free-of-iri-orig_url.patch +Patch8: wget-1.14-Fix-deadcode-and-possible-NULL-use.patch +Patch9: wget-1.14-doc-missing-opts-and-fix-preserve-permissions.patch +Patch10: wget-1.14-set_sock_to_-1_if_no_persistent_conn.patch +Patch11: wget-1.14-document-backups.patch +Patch12: wget-1.14-fix-backups-to-work-as-documented.patch +Patch13: wget-1.14-CVE-2014-4877.patch +Patch14: wget-1.14-rh1203384.patch +Patch15: wget-1.14-rh1147572.patch +Patch16: wget-1.14-CVE-2016-4971.patch +# needed because fix for CVE-2016-4971 changes default behavior +# and the file is not saved in correct encoding. This caused the +# Test-ftp-iri-fallback test to fail. This additional change makes +# Test-ftp-iri-fallback test pass again. +Patch17: wget-1.14-support-non-ASCII-characters.patch +Patch18: wget-1.14-add-openssl-tlsv11-tlsv12-support.patch +# Fix for randomly failing unit test +# combination of upstream commits without the support for Valgrind +# commit 3eff3ad69a46364475e1f4abdf9412cfa87e3d6c +# commit 2303793a626158627bdb2ac255e0f58697682b24 +Patch19: wget-1.14-fix-synchronization-in-Test-proxied-https-auth.patch +Patch20: wget-1.14-CVE-2017-13089.patch +Patch21: wget-1.14-CVE-2017-13090.patch +# Partial backport without setting the default algorithm +# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e9cc8b2f7c4678b832ad56f7119bba86a8db08ef +Patch22: wget-1.14-digest-auth-qop-segfault-fix.patch +# https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd +Patch23: wget-1.14-CVE-2018-0494.patch + +Provides: webclient +Provides: bundled(gnulib) +Requires(post): /sbin/install-info +Requires(preun): /sbin/install-info +BuildRequires: openssl-devel, pkgconfig, texinfo, gettext, autoconf, libidn-devel, libuuid-devel, perl-podlators +# dependencies for the test suite +BuildRequires: perl-libwww-perl +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +%description +GNU Wget is a file retrieval utility which can use either the HTTP or +FTP protocols. Wget features include the ability to work in the +background while you are logged out, recursive retrieval of +directories, file name wildcard matching, remote file timestamp +storage and comparison, use of Rest with FTP servers and Range with +HTTP servers to retrieve files over slow or unstable connections, +support for Proxy servers, and configurability. + +%prep +%setup -q +%patch1 -p0 +%patch2 -p1 +%patch3 -p1 -b .sslreadtimeout +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 -b .tls11_tls12 +%patch19 -p1 -b .test_synch_fix +%patch20 -p1 -b .CVE-2017-13089 +%patch21 -p1 -b .CVE-2017-13090 +%patch22 -p1 -b .digest-auth-segfault +%patch23 -p1 -b .CVE-2018-0494 + +%build +if pkg-config openssl ; then + CPPFLAGS=`pkg-config --cflags openssl`; export CPPFLAGS + LDFLAGS=`pkg-config --libs openssl`; export LDFLAGS +fi +%configure --with-ssl=openssl --enable-largefile --enable-opie --enable-digest --enable-ntlm --enable-nls --enable-ipv6 --disable-rpath +make %{?_smp_mflags} + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT CFLAGS="$RPM_OPT_FLAGS" +rm -f $RPM_BUILD_ROOT/%{_infodir}/dir + +%find_lang %{name} + +%post +/sbin/install-info %{_infodir}/wget.info.gz %{_infodir}/dir || : + +%preun +if [ "$1" = 0 ]; then + /sbin/install-info --delete %{_infodir}/wget.info.gz %{_infodir}/dir || : +fi + +%clean +rm -rf $RPM_BUILD_ROOT + +%check +make check + +%files -f %{name}.lang +%defattr(-,root,root) +%doc AUTHORS MAILING-LIST NEWS README COPYING doc/sample.wgetrc +%config(noreplace) %{_sysconfdir}/wgetrc +%{_mandir}/man1/wget.* +%{_bindir}/wget +%{_infodir}/* + +%changelog +* Wed May 09 2018 Tomas Hozza - 1.14-18 +- Fix CVE-2018-0494 (#1576106) + +* Mon Apr 23 2018 Tomas Hozza - 1.14-17 +- Fix segfault when Digest Authentication header is missing 'qop' part (#1545310) + +* Tue Oct 24 2017 Tomas Hozza - 1.14-16 +- Fixed various security flaws (CVE-2017-13089, CVE-2017-13090) + +* Fri May 05 2017 Tomas Hozza - 1.14-15 +- Added TLSv1_1 and TLSv1_2 as secure-protocol values to help (#1439811) +- Fixed synchronization in randomly failing unit test Test-proxied-https-auth (#1448440) + +* Wed Apr 12 2017 Tomas Hozza - 1.14-14 +- TLS v1.1 and v1.2 can now be specified with --secure-protocol option (#1439811) + +* Mon Jun 20 2016 Tomas Hozza - 1.14-13 +- Fix CVE-2016-4971 (#1345778) +- Added support for non-ASCII URLs (Related: CVE-2016-4971) + +* Mon Mar 21 2016 Tomas Hozza - 1.14-12 +- Fix wget to include Host header on CONNECT as required by HTTP 1.1 (#1203384) +- Run internal test suite during build (#1295846) +- Fix -nv being documented as synonym for two options (#1147572) + +* Fri Oct 24 2014 Tomas Hozza - 1.14-11 +- Fix CVE-2014-4877 wget: FTP symlink arbitrary filesystem access (#1156136) + +* Fri Jan 24 2014 Daniel Mach - 1.14-10 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 1.14-9 +- Mass rebuild 2013-12-27 + +* Mon Jul 15 2013 Tomas Hozza - 1.14-8 +- Fix deadcode and possible use of NULL in vprintf (#913153) +- Add documentation for --regex-type and --preserve-permissions +- Fix --preserve-permissions to work as documented (and expected) +- Fix bug when authenticating using user:password@url syntax (#912358) +- Document and fix --backups option + +* Wed Jul 10 2013 Tomas Hozza - 1.14-7 +- Fix double free of iri->orig_url (#981778) + +* Mon Jun 24 2013 Tomas Hozza - 1.14-6 +- add missing options accept-regex and reject-regex to man page +- fix errors in texi2pod introduced in Perl-5.18 + +* Fri Feb 22 2013 Tomas Hozza - 1.14-5 +- Added BuildRequires: perl-podlators for pod2man +- Patched manpage to silent new Tex errors +- Resolves: (#914571) + +* Fri Feb 15 2013 Fedora Release Engineering - 1.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Oct 11 2012 Tomas Hozza 1.14-3 +- Added libuuid-devel to BuildRequires to use libuuid functions + in "src/warc.c" functions (#865421) + +* Wed Oct 10 2012 Tomas Hozza 1.14-2 +- Added libidn-devel to BuildRequires to support IDN domains (#680394) + +* Thu Aug 09 2012 Karsten Hopp 1.14-1 +- Update to wget-1.14 + +* Sun Jul 22 2012 Fedora Release Engineering - 1.13.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue May 29 2012 Karsten Hopp 1.13.4-4 +- fix timeout if http server doesn't answer to SSL handshake (#860727) + +* Tue May 15 2012 Karsten Hopp 1.13.4-3 +- add virtual provides per https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries + +* Sat Jan 14 2012 Fedora Release Engineering - 1.13.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Dec 16 2011 Jon Ciesla - 1.13.4-1 +- New upstream, BZ 730286. +- Modified path patch. +- subjectAltNames patch upstreamed. +- Specified openssl at config time. + +* Thu Jun 23 2011 Volker Fröhlich - 1.12-4 +- Applied patch to accept subjectAltNames in X509 certificates (#674186) +- New URL (#658969) + +* Mon Feb 07 2011 Fedora Release Engineering - 1.12-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Nov 18 2009 Karsten Hopp 1.12-2 +- don't provide /usr/share/info/dir + +* Tue Nov 17 2009 Karsten Hopp 1.12-1 +- update to wget-1.12 +- fixes CVE-2009-3490 wget: incorrect verification of SSL certificate + with NUL in name + +* Fri Aug 21 2009 Tomas Mraz - 1.11.4-5 +- rebuilt with new openssl + +* Mon Jul 27 2009 Fedora Release Engineering - 1.11.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 1.11.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sun Jan 18 2009 Tomas Mraz 1.11.4-2 +- rebuild with new openssl + +* Wed Aug 13 2008 Karsten Hopp 1.11.4-1 +- update + +* Wed Jun 04 2008 Karsten Hopp 1.11.3-1 +- wget-1.11.3, downgrades the combination of the -N and -O options + to a warning instead of an error + +* Fri May 09 2008 Karsten Hopp 1.11.2-1 +- wget-1.11.2, fixes #179962 + +* Mon Mar 31 2008 Karsten Hopp 1.11.1-1 +- update to bugfix release 1.11.1, fixes p.e. #433606 + +* Tue Feb 19 2008 Fedora Release Engineering - 1.11-2 +- Autorebuild for GCC 4.3 + +* Tue Dec 04 2007 Karsten Hopp 1.10.2-17 +- rebuild to pick up new openssl SONAME + +* Mon Aug 27 2007 Karsten Hopp 1.10.2-16 +- fix license tag +- rebuild + +* Mon Feb 12 2007 Karsten Hopp 1.10.2-15 +- fix discarding of expired cookies +- escape non-printable characters +- drop to11 patch for now (#223754, #227853, #227498) + +* Mon Feb 05 2007 Karsten Hopp 1.10.2-14 +- shut up rpmlint, even though xx isn't a macro + +* Mon Feb 05 2007 Karsten Hopp 1.10.2-13 +- merge review changes (#226538) + - use version/release/... in buildroot tag + - remove BR perl + - use SMP flags + - use make install instead of %%makeinstall + - include copy of license + - use Requires(post)/Requires(preun) + - use optflags + - remove trailing dot from summary + - change tabs to spaces + +* Thu Jan 18 2007 Karsten Hopp 1.10.2-12 +- don't abort (un)install scriptlets when _excludedocs is set (Ville Skyttä) + +* Wed Jan 10 2007 Karsten Hopp 1.10.2-11 +- add fix for CVE-2006-6719 + +* Fri Dec 08 2006 Karsten Hopp 1.10.2-10 +- fix repeated downloads (Tomas Heinrich, #186195) + +* Thu Dec 07 2006 Karsten Hopp 1.10.2-9 +- add distflag, rebuild + +* Thu Dec 07 2006 Karsten Hopp 1.10.2-8 +- Resolves: #218211 + fix double free corruption + +* Sun Oct 01 2006 Jesse Keating - 1.10.2-7 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Mon Sep 25 2006 Karsten Hopp 1.10.2-6 +- fix resumed downloads (#205723) + +* Wed Jul 12 2006 Jesse Keating - 1.10.2-5.1 +- rebuild + +* Thu Jun 29 2006 Karsten Hopp 1.10.2-5 +- updated german translations from Robert Scheck + +* Tue Jun 27 2006 Karsten Hopp 1.10.2-4 +- upstream patches + +* Fri Feb 10 2006 Jesse Keating - 1.10.2-3.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 1.10.2-3.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Thu Nov 10 2005 Tomas Mraz 1.10.2-3 +- rebuilt against new openssl + +* Tue Oct 25 2005 Karsten Hopp 1.10.2-2 +- use %%{_sysconfdir} (#171555) + +* Sat Oct 15 2005 Florian La Roche +- 1.10.2 + +* Thu Sep 08 2005 Karsten Hopp 1.10.1-7 +- fix builtin help of --load-cookies / --save-cookies (#165408) + +* Wed Sep 07 2005 Karsten Hopp 1.10.1-6 +- convert changelog to UTF-8 (#159585) + +* Mon Sep 05 2005 Karsten Hopp 1.10.1-5 +- update +- drop patches which are already in the upstream sources + +* Wed Jul 13 2005 Karsten Hopp 1.10-5 +- update german translation + +* Mon Jul 11 2005 Karsten Hopp 1.10-4 +- update german translation (Robert Scheck) + +* Tue Jul 05 2005 Karsten Hopp 1.10-3 +- fix minor documentation bug +- fix --no-cookies crash + +* Mon Jul 04 2005 Karsten Hopp 1.10-2 +- update to wget-1.10 + - drop passive-ftp patch, already in 1.10 + - drop CVS patch + - drop LFS patch, similar fix in 1.10 + - drop protdir patch, similar fix in 1.10 + - drop actime patch, already in 1.10 + +* Wed Mar 02 2005 Karsten Hopp 1.9.1-22 +- build with gcc-4 + +* Wed Feb 02 2005 Karsten Hopp 1.9.1-21 +- remove old copy of the manpage (#146875, #135597) +- fix garbage in manpage (#117519) + +* Tue Feb 01 2005 Karsten Hopp 1.9.1-20 +- texi2pod doesn't handle texinfo xref's. rewrite some lines so that + the man page doesn't have incomplete sentences anymore (#140470) + +* Mon Jan 31 2005 Karsten Hopp 1.9.1-19 +- Don't set actime to access time of the remote file or tmpwatch might + remove the file again (#146440). Set it to the current time instead. + timestamping checks only modtime, so this should be ok. + +* Thu Jan 20 2005 Karsten Hopp 1.9.1-18 +- add support for --protocol-directories option as documented + in the man page (Ville Skyttä, #145571) + +* Wed Sep 29 2004 Karsten Hopp 1.9.1-17 +- additional LFS patch from Leonid Petrov to fix file lengths in + http downloads + +* Thu Sep 16 2004 Karsten Hopp 1.9.1-16 +- more fixes + +* Tue Sep 14 2004 Karsten Hopp 1.9.1-15 +- added strtol fix from Leonid Petrov, reenable LFS + +* Tue Sep 14 2004 Karsten Hopp 1.9.1-14 +- buildrequires gettext (#132519) + +* Wed Sep 01 2004 Karsten Hopp 1.9.1-13 +- disable LFS patch for now, it breaks normal downloads (123524#c15) + +* Tue Aug 31 2004 Karsten Hopp 1.9.1-12 +- move largefile stuff inside the configure script, it didn't + get appended to CFLAGS + +* Tue Aug 31 2004 Karsten Hopp 1.9.1-11 +- rebuild + +* Tue Aug 31 2004 Karsten Hopp 1.9.1-10 +- fix patch + +* Sun Aug 29 2004 Karsten Hopp 1.9.1-9 +- more cleanups of the manpage (#117519) + +* Fri Aug 27 2004 Karsten Hopp 1.9.1-8 +- rebuild + +* Fri Aug 27 2004 Karsten Hopp 1.9.1-7 +- clean up manpage (#117519) +- buildrequire texinfo (#123780) +- LFS patch, based on wget-LFS-20040630.patch from Leonid Petrov + (#123524, #124628, #115348) + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Thu Mar 11 2004 Karsten Hopp 1.9.1-3 +- fix documentation (#117517) + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Fri Nov 28 2003 Karsten Hopp 1.9.1-3 +- update to -stable CVS +- document the passive ftp default + +* Fri Nov 28 2003 Karsten Hopp 1.9.1-2 +- add patch from -stable CVS + +* Fri Nov 28 2003 Karsten Hopp 1.9.1-1 +- update to 1.9.1 +- remove obsolete patches + +* Mon Aug 04 2003 Karsten Hopp 1.8.2-15.3 +- fix variable usage + +* Tue Jul 22 2003 Nalin Dahyabhai 1.8.2-15.2 +- rebuild + +* Wed Jun 25 2003 Karsten Hopp 1.8.2-15.1 +- rebuilt + +* Wed Jun 25 2003 Karsten Hopp 1.8.2-15 +- default to passive-ftp (#97996) + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Wed Jun 04 2003 Karsten Hopp 1.8.2-13 +- rebuild + +* Wed Jun 04 2003 Karsten Hopp 1.8.2-12 +- merge debian patch for long URLs +- cleanup filename patch + +* Sun May 11 2003 Karsten Hopp 1.8.2-11 +- rebuild + +* Sun May 11 2003 Karsten Hopp 1.8.2-10 +- upstream fix off-by-one error + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Jan 7 2003 Nalin Dahyabhai 1.8.2-8 +- rebuild + +* Fri Dec 13 2002 Nalin Dahyabhai +- use openssl pkg-config data, if present +- don't bomb out when building with newer openssl + +* Thu Dec 12 2002 Tim Powers 1.8.2-7 +- rebuild on all arches + +* Tue Nov 19 2002 Tim Powers +- rebuild on all arches + +* Fri Oct 4 2002 Karsten Hopp 1.8.2-5 +- fix directory traversal bug + +* Wed Jul 24 2002 Trond Eivind Glomsrød 1.8.2-3 +- Don't segfault when downloading URLs A-B-A (A-A-B worked) #49859 + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Wed May 29 2002 Florian La Roche +- update to 1.8.2 (bug-fix release) + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Mon Apr 29 2002 Florian La Roche +- remove s390 patch, not needed anymore + +* Wed Feb 27 2002 Trond Eivind Glomsrød 1.8.1-4 +- Rebuild + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Fri Dec 28 2001 Florian La Roche +- add hack to not link against libmd5, even if available + +* Fri Dec 28 2001 Florian La Roche +- update to 1.8.1 + +* Thu Dec 13 2001 Florian La Roche +- update to 1.8 +- also include md5global to get it compile + +* Sun Nov 18 2001 Florian La Roche +- update to 1.7.1 + +* Wed Sep 5 2001 Phil Knirsch 1.7-3 +- Added va_args patch required for S390. + +* Mon Sep 3 2001 Trond Eivind Glomsrød 1.7-2 +- Configure with ssl support (duh - #53116) +- s/Copyright/License/ + +* Wed Jun 6 2001 Trond Eivind Glomsrød +- 1.7 +- Require perl for building (to get man pages) +- Don't include the Japanese po file, it's now included +- Use %%{_tmppath} +- no patches necessary +- Make /etc/wgetrc noreplace +- More docs + +* Tue Jan 30 2001 Trond Eivind Glomsrød +- Norwegian isn't a iso-8859-2 locale, neither is Danish. + This fixes #15025. +- langify + +* Sat Jan 6 2001 Bill Nottingham +- escape %%xx characters before fnmatch (#23475, patch from alane@geeksrus.net) + +* Fri Jan 5 2001 Bill Nottingham +- update to 1.6, fix patches accordingly (#23412) +- fix symlink patch (#23411) + +* Mon Dec 18 2000 Yukihiro Nakai +- Add Japanese and Korean Resources + +* Tue Aug 1 2000 Bill Nottingham +- setlocale for LC_CTYPE too, or else all the translations think their + characters are unprintable. + +* Thu Jul 13 2000 Prospector +- automatic rebuild + +* Sun Jun 11 2000 Bill Nottingham +- build in new environment + +* Mon Jun 5 2000 Bernhard Rosenkraenzer +- FHS compliance + +* Thu Feb 3 2000 Bill Nottingham +- handle compressed man pages + +* Thu Aug 26 1999 Jeff Johnson +- don't permit chmod 777 on symlinks (#4725). + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 4) + +* Fri Dec 18 1998 Bill Nottingham +- build for 6.0 tree +- add Provides + +* Sat Oct 10 1998 Cristian Gafton +- strip binaries +- version 1.5.3 + +* Sat Jun 27 1998 Jeff Johnson +- updated to 1.5.2 + +* Thu Apr 30 1998 Cristian Gafton +- modified group to Applications/Networking + +* Wed Apr 22 1998 Cristian Gafton +- upgraded to 1.5.0 +- they removed the man page from the distribution (Duh!) and I added it back + from 1.4.5. Hey, removing the man page is DUMB! + +* Fri Nov 14 1997 Cristian Gafton +- first build against glibc