update to 1.24.5 [release 1.24.5-1mamba;Thu Oct 10 2024]

This commit is contained in:
Silvan Calarco 2024-10-11 09:40:57 +02:00
parent 02785afade
commit daab8d54a9
10 changed files with 85 additions and 364 deletions

View File

@ -1,104 +0,0 @@
OpenSSL 0.9.7 now includes ctype.h, and because OpenSSL's headers are included
after safe-ctype.h, compilation bombs out. We include ctype.h to force the
double-inclusion checks in ctype.h to be triggered when we include OpenSSL's
headers, avoiding the whole mess.
--- wget-1.8.2/src/ftp.c 2002-12-13 20:27:59.000000000 -0500
+++ wget-1.8.2/src/ftp.c 2002-12-13 20:27:54.000000000 -0500
@@ -30,6 +30,8 @@
#include <config.h>
+#include <ctype.h>
+
#include <stdio.h>
#include <stdlib.h>
#ifdef HAVE_STRING_H
--- wget-1.8.2/src/ftp-basic.c 2002-12-13 20:28:18.000000000 -0500
+++ wget-1.8.2/src/ftp-basic.c 2002-12-13 20:28:12.000000000 -0500
@@ -29,6 +29,8 @@
#include <config.h>
+#include <ctype.h>
+
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
--- wget-1.8.2/src/ftp-ls.c 2002-12-13 20:28:36.000000000 -0500
+++ wget-1.8.2/src/ftp-ls.c 2002-12-13 20:28:31.000000000 -0500
@@ -30,6 +30,8 @@
#include <config.h>
+#include <ctype.h>
+
#include <stdio.h>
#include <stdlib.h>
#ifdef HAVE_STRING_H
--- wget-1.8.2/src/http.c 2002-12-13 20:29:07.000000000 -0500
+++ wget-1.8.2/src/http.c 2002-12-13 20:29:13.000000000 -0500
@@ -30,6 +30,8 @@
#include <config.h>
+#include <ctype.h>
+
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
--- wget-1.8.2/src/retr.c 2002-12-13 20:29:49.000000000 -0500
+++ wget-1.8.2/src/retr.c 2002-12-13 20:29:55.000000000 -0500
@@ -29,6 +29,8 @@
#include <config.h>
+#include <ctype.h>
+
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
--- wget-1.8.2/src/main.c 2002-12-13 20:30:14.000000000 -0500
+++ wget-1.8.2/src/main.c 2002-12-13 20:30:17.000000000 -0500
@@ -30,6 +30,8 @@
#include <config.h>
+#include <ctype.h>
+
#include <stdio.h>
#include <stdlib.h>
#ifdef HAVE_UNISTD_H
--- wget-1.8.2/src/progress.c 2002-12-13 20:30:07.000000000 -0500
+++ wget-1.8.2/src/progress.c 2002-12-13 20:30:03.000000000 -0500
@@ -29,6 +29,8 @@
#include <config.h>
+#include <ctype.h>
+
#include <stdio.h>
#include <stdlib.h>
#ifdef HAVE_STRING_H
--- wget-1.8.2/src/recur.c 2002-12-13 20:30:46.000000000 -0500
+++ wget-1.8.2/src/recur.c 2002-12-13 20:30:43.000000000 -0500
@@ -29,6 +29,8 @@
#include <config.h>
+#include <ctype.h>
+
#include <stdio.h>
#include <stdlib.h>
#ifdef HAVE_STRING_H
--- wget-1.8.2/src/res.c 2002-12-13 20:31:02.000000000 -0500
+++ wget-1.8.2/src/res.c 2002-12-13 20:30:59.000000000 -0500
@@ -71,6 +71,8 @@
# include <config.h>
#endif
+#include <ctype.h>
+
#include <stdio.h>
#include <stdlib.h>
#ifdef HAVE_STRING_H

View File

@ -1,15 +0,0 @@
Fixes NULL pointer dereference (CVE-2006-6719) (bz #221483)
--- wget-1.10.2/src/ftp-basic.c.orig 2007-01-04 19:30:31.000000000 +0100
+++ wget-1.10.2/src/ftp-basic.c 2007-01-04 19:31:48.000000000 +0100
@@ -1038,7 +1038,9 @@ ftp_syst (int csock, enum stype *server_
first word of the server response)? */
request = strtok (NULL, " ");
- if (!strcasecmp (request, "VMS"))
+ if (request == NULL)
+ *server_type = ST_OTHER;
+ else if (!strcasecmp (request, "VMS"))
*server_type = ST_VMS;
else if (!strcasecmp (request, "UNIX"))
*server_type = ST_UNIX;

View File

@ -1,27 +0,0 @@
diff -Nru wget-1.11.4.orig/src/log.c wget-1.11.4/src/log.c
--- wget-1.11.4.orig/src/log.c 2008-04-27 06:48:23.000000000 +0200
+++ wget-1.11.4/src/log.c 2008-09-08 02:44:19.000000000 +0200
@@ -516,12 +516,19 @@
{
if (file)
{
- logfp = fopen (file, appendp ? "a" : "w");
- if (!logfp)
+ if (strcmp(file, "-"))
{
- fprintf (stderr, "%s: %s: %s\n", exec_name, file, strerror (errno));
- exit (1);
+ logfp = fopen (file, appendp ? "a" : "w");
+ if (!logfp)
+ {
+ fprintf (stderr, "%s: %s: %s\n", exec_name, file, strerror (errno));
+ exit (1);
+ }
}
+ else
+ {
+ logfp = stdout;
+ }
}
else
{

View File

@ -1,11 +0,0 @@
diff -Nru wget-1.11.4.orig/doc/sample.wgetrc wget-1.11.4/doc/sample.wgetrc
--- wget-1.11.4.orig/doc/sample.wgetrc 2008-09-08 02:36:16.000000000 +0200
+++ wget-1.11.4/doc/sample.wgetrc 2008-09-08 02:37:05.000000000 +0200
@@ -43,6 +43,7 @@
# problems supporting passive transfer. If you are in such
# environment, use "passive_ftp = off" to revert to active FTP.
#passive_ftp = off
+passive_ftp = on
# The "wait" command below makes Wget wait between every connection.
# If, instead, you want Wget to wait only between retries of failed

View File

@ -1,40 +0,0 @@
diff -Nru wget-1.13.orig/doc/wget.texi wget-1.13/doc/wget.texi
--- wget-1.13.orig/doc/wget.texi 2011-08-06 12:22:58.000000000 +0200
+++ wget-1.13/doc/wget.texi 2011-08-12 11:42:02.549749776 +0200
@@ -190,14 +190,14 @@
Most of the features are fully configurable, either through command line
options, or via the initialization file @file{.wgetrc} (@pxref{Startup
File}). Wget allows you to define @dfn{global} startup files
-(@file{/usr/local/etc/wgetrc} by default) for site settings. You can also
+(@file{/etc/wgetrc} by default) for site settings. You can also
specify the location of a startup file with the --config option.
@ignore
@c man begin FILES
@table @samp
-@item /usr/local/etc/wgetrc
+@item /etc/wgetrc
Default location of the @dfn{global} startup file.
@item .wgetrc
@@ -2696,8 +2696,8 @@
@cindex location of wgetrc
When initializing, Wget will look for a @dfn{global} startup file,
-@file{/usr/local/etc/wgetrc} by default (or some prefix other than
-@file{/usr/local}, if Wget was not installed there) and read commands
+@file{/etc/wgetrc} by default (or some prefix other than
+@file{/etc}, if Wget was not installed there) and read commands
from there, if it exists.
Then it will look for the user's file. If the environmental variable
@@ -2708,7 +2708,7 @@
The fact that user's settings are loaded after the system-wide ones
means that in case of collision user's wgetrc @emph{overrides} the
-system-wide wgetrc (in @file{/usr/local/etc/wgetrc} by default).
+system-wide wgetrc (in @file{/etc/wgetrc} by default).
Fascist admins, away!
@node Wgetrc Syntax, Wgetrc Commands, Wgetrc Location, Startup File

View File

@ -1,94 +0,0 @@
Index: configure.ac
===================================================================
--- configure.ac.orig
+++ configure.ac
@@ -338,6 +338,22 @@ else
fi
fi
+dnl
+dnl libproxy support
+dnl
+AC_ARG_ENABLE(libproxy,
+ [ --enable-libproxy libproxy support for system wide proxy configuration])
+if test "${enable_libproxy}" != "no"
+then
+ PKG_CHECK_MODULES([libproxy], [libproxy-1.0], [enable_libproxy=yes], [enable_libproxy=no])
+fi
+if test "${enable_libproxy}" = "yes"
+then
+ AC_SUBST(libproxy_CFLAGS)
+ AC_SUBST(libproxy_LIBS)
+ AC_DEFINE([HAVE_LIBPROXY], 1, [Define when using libproxy])
+fi
+
dnl **********************************************************************
dnl Checks for IPv6
dnl **********************************************************************
Index: src/retr.c
===================================================================
--- src/retr.c.orig
+++ src/retr.c
@@ -54,6 +54,10 @@ as that of the covered work. */
#include "html-url.h"
#include "iri.h"
+#ifdef HAVE_LIBPROXY
+#include "proxy.h"
+#endif
+
/* Total size of downloaded files. Used to enforce quota. */
SUM_SIZE_INT total_downloaded_bytes;
@@ -1182,7 +1186,40 @@ getproxy (struct url *u)
break;
}
if (!proxy || !*proxy)
+#ifdef HAVE_LIBPROXY
+ {
+ pxProxyFactory *pf = px_proxy_factory_new();
+ if (!pf)
+ {
+ logprintf (LOG_VERBOSE, _("Allocating memory for libproxy failed"));
+ return NULL;
+ }
+ int i;
+ char direct[] = "direct://";
+
+ logprintf (LOG_VERBOSE, _("asking libproxy about url '%s'\n"), u->url);
+ char **proxies = px_proxy_factory_get_proxies(pf, u->url);
+ if (proxies[0])
+ {
+ char *check = NULL;
+ asprintf(&check , "%s", proxies[0]);
+ logprintf (LOG_VERBOSE, _("libproxy suggest to use '%s'\n"), check);
+ if(strcmp(check ,direct) != 0)
+ {
+ asprintf(&proxy , "%s", proxies[0]);
+ logprintf (LOG_VERBOSE, _("case 2: libproxy setting to use '%s'\n"), proxy);
+ }
+ }
+ for(i=0;proxies[i];i++) free(proxies[i]);
+ free(proxies);
+ free(pf);
+
+ if (!proxy || !*proxy)
+ return NULL;
+ }
+#else
return NULL;
+#endif
/* Handle shorthands. `rewritten_storage' is a kludge to allow
getproxy() to return static storage. */
--- src/Makefile.am.orig 2015-01-01 20:47:13.060196379 +0100
+++ src/Makefile.am 2015-01-02 01:36:25.417762869 +0100
@@ -37,7 +37,7 @@
# The following line is losing on some versions of make!
DEFS = @DEFS@ -DSYSTEM_WGETRC=\"$(sysconfdir)/wgetrc\" -DLOCALEDIR=\"$(localedir)\"
-LIBS = @LIBICONV@ @LIBINTL@ @LIBS@ $(LIB_CLOCK_GETTIME)
+LIBS = @LIBICONV@ @LIBINTL@ @LIBS@ @libproxy_LIBS@ $(LIB_CLOCK_GETTIME)
EXTRA_DIST = css.l css.c css_.c build_info.c.in

View File

@ -0,0 +1,75 @@
From ed0c7c7e0e8f7298352646b2fd6e06a11e242ace Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Sun, 2 Jun 2024 12:40:16 +0200
Subject: Properly re-implement userinfo parsing (rfc2396)
* src/url.c (url_skip_credentials): Properly re-implement userinfo parsing (rfc2396)
The reason why the implementation is based on RFC 2396, an outdated standard,
is that the whole file is based on that RFC, and mixing standard here might be
dangerous.
---
src/url.c | 40 ++++++++++++++++++++++++++++++++++------
1 file changed, 34 insertions(+), 6 deletions(-)
diff --git a/src/url.c b/src/url.c
index 69e948b..07c3bc8 100644
--- a/src/url.c
+++ b/src/url.c
@@ -41,6 +41,7 @@ as that of the covered work. */
#include "url.h"
#include "host.h" /* for is_valid_ipv6_address */
#include "c-strcase.h"
+#include "c-ctype.h"
#ifdef HAVE_ICONV
# include <iconv.h>
@@ -526,12 +527,39 @@ scheme_leading_string (enum url_scheme scheme)
static const char *
url_skip_credentials (const char *url)
{
- /* Look for '@' that comes before terminators, such as '/', '?',
- '#', or ';'. */
- const char *p = (const char *)strpbrk (url, "@/?#;");
- if (!p || *p != '@')
- return url;
- return p + 1;
+ /*
+ * This whole file implements https://www.rfc-editor.org/rfc/rfc2396 .
+ * RFC 2396 is outdated since 2005 and needs a rewrite or a thorough re-visit.
+ *
+ * The RFC says
+ * server = [ [ userinfo "@" ] hostport ]
+ * userinfo = *( unreserved | escaped | ";" | ":" | "&" | "=" | "+" | "$" | "," )
+ * unreserved = alphanum | mark
+ * mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"
+ */
+ static const char *allowed = "-_.!~*'();:&=+$,";
+
+ for (const char *p = url; *p; p++)
+ {
+ if (c_isalnum(*p))
+ continue;
+
+ if (strchr(allowed, *p))
+ continue;
+
+ if (*p == '%' && c_isxdigit(p[1]) && c_isxdigit(p[2]))
+ {
+ p += 2;
+ continue;
+ }
+
+ if (*p == '@')
+ return p + 1;
+
+ break;
+ }
+
+ return url;
}
/* Parse credentials contained in [BEG, END). The region is expected
--
cgit v1.1

View File

@ -1,14 +0,0 @@
--- wget-1.9.1/src/retr.c 2003-10-11 15:57:11.000000000 +0200
+++ wget-1.9.1/src/retr.c.patched 2004-03-01 17:19:23.000000000 +0100
@@ -288,7 +288,10 @@
{
double dlrate;
- assert (msecs >= 0);
+ /* fix msec for machines with non ordinal clock */
+ if (msecs < 0)
+ msecs = 0;
+
assert (bytes >= 0);
if (msecs == 0)

View File

@ -1,45 +0,0 @@
--- wget-1.9.1/src/http.c
+++ wget-1.9.1/src/http.c
@@ -1479,6 +1479,7 @@
/* Open the local file. */
if (!opt.dfp)
{
+ sanitize_path(*hs->local_file);
mkalldirs (*hs->local_file);
if (opt.backups)
rotate_backups (*hs->local_file);
--- wget-1.9.1/src/utils.c
+++ wget-1.9.1/src/utils.c
@@ -554,6 +554,22 @@
#endif
}
+
+char *
+sanitize_path(char *path)
+{
+ char *str = NULL;
+
+ /* evilhost/.bashrc and evilhost/.. */
+ while ((str = strstr(path, "/.")) != NULL)
+ str[1] = '_';
+ /* .bashrc */
+ if (*path == '.')
+ *path = '_';
+ return path;
+}
+
+
/* Returns 0 if PATH is a directory, 1 otherwise (any kind of file).
Returns 0 on error. */
int
--- wget-1.9.1/src/utils.h
+++ wget-1.9.1/src/utils.h
@@ -75,6 +75,7 @@
int make_directory PARAMS ((const char *));
char *unique_name PARAMS ((const char *, int));
char *file_merge PARAMS ((const char *, const char *));
+char *sanitize_path PARAMS ((char *));
int acceptable PARAMS ((const char *));
int accdir PARAMS ((const char *s, enum accd));

View File

@ -1,8 +1,6 @@
%define with_ssl 1
Name: wget Name: wget
Version: 1.21.2 Version: 1.24.5
Release: 2mamba Release: 1mamba
Epoch: 1 Epoch: 1
Summary: A utility for retrieving files using the HTTP or FTP protocols Summary: A utility for retrieving files using the HTTP or FTP protocols
Group: Applications/Networking Group: Applications/Networking
@ -11,16 +9,8 @@ Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it> Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: http://ftp.gnu.org/gnu/wget/ URL: http://ftp.gnu.org/gnu/wget/
Source: http://ftp.gnu.org/gnu/wget/%{name}-%{version}.tar.gz Source: http://ftp.gnu.org/gnu/wget/%{name}-%{version}.tar.gz
Patch0: %{name}-1.8.2-msec.patch Patch0: wget-1.24.5-CVE-2024-38428.patch
Patch1: %{name}-1.11.4-passive_ftp.patch
Patch2: %{name}-1.13-etc.patch
Patch3: %{name}-1.11.4-logstdout.patch
Patch4: %{name}-1.9.1-can-2004-1487_1488.patch
Patch5: %{name}-1.10-ctype.patch
Patch6: %{name}-1.10.2-CVE-2006-6719.patch
Patch7: wget-1.16.1-libproxy.patch
License: GPL License: GPL
Requires(post): %{__install_info}
## AUTOBUILDREQ-BEGIN ## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel BuildRequires: glibc-devel
BuildRequires: libgnutls-devel BuildRequires: libgnutls-devel
@ -44,6 +34,8 @@ Wget features include the ability to work in the background while you're logged
%prep %prep
%setup -q %setup -q
%patch 0 -p1 -b .CVE-2024-38428
cat >> doc/sample.wgetrc <<EOF cat >> doc/sample.wgetrc <<EOF
# default root certs location # default root certs location
@ -69,10 +61,11 @@ EOF
%install %install
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" [ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
%makeinstall %makeinstall
#install -m755 util/rmold.pl %{buildroot}%{_bindir}/rmold
%find_lang %{name} --all-name %find_lang %{name} --all-name
rm -f %{buildroot}%{_infodir}/dir
%clean %clean
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" [ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
@ -92,6 +85,9 @@ exit 0
%doc AUTHORS COPYING %doc AUTHORS COPYING
%changelog %changelog
* Thu Oct 10 2024 Silvan Calarco <silvan.calarco@mambasoft.it> 1.24.5-1mamba
- update to 1.24.5
* Sun Nov 28 2021 Silvan Calarco <silvan.calarco@mambasoft.it> 1.21.2-2mamba * Sun Nov 28 2021 Silvan Calarco <silvan.calarco@mambasoft.it> 1.21.2-2mamba
- added ca-certificates setting to wgetrc and configure options from Fedora to fix SSL support - added ca-certificates setting to wgetrc and configure options from Fedora to fix SSL support