rpms/wget
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- update to wget-1.12

Browse Source 
- fixes CVE-2009-3490 wget: incorrect verification of SSL certificate with
    NUL in name
This commit is contained in:
Karsten Hopp 2009-11-17 11:35:20 +00:00
parent e024cd1937
commit 239bd5a216
5 changed files with 183 additions and 235 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
wget-1.10.1-helpfix.patch
View File

@ -1,14 +0,0 @@
--- wget-1.10.1/src/main.c.helpfix 2005-09-08 14:45:32.000000000 +0000
+++ wget-1.10.1/src/main.c 2005-09-08 14:46:49.000000000 +0000
@@ -534,9 +534,9 @@
N_("\
--no-cookies don't use cookies.\n"),
N_("\
- --load-cookies=FILE load cookies from FILE before session.\n"),
+ --load-cookies FILE load cookies from FILE before session.\n"),
N_("\
- --save-cookies=FILE save cookies to FILE after session.\n"),
+ --save-cookies FILE save cookies to FILE after session.\n"),
N_("\
--keep-session-cookies load and save session (non-permanent) cookies.\n"),
N_("\

206
wget-1.11-path.patch
View File

@ -1,206 +0,0 @@
diff -up wget-1.11/NEWS.rhpath wget-1.11/NEWS
--- wget-1.11/NEWS.rhpath 2008-01-26 10:26:56.000000000 +0100
+++ wget-1.11/NEWS 2008-01-27 00:01:56.000000000 +0100
@@ -444,7 +444,7 @@ distributed with Wget.
** Compiles on pre-ANSI compilers.
-** Global wgetrc now goes to /usr/local/etc (i.e. $sysconfdir).
+** Global wgetrc now goes to /etc (i.e. $sysconfdir).
** Lots of bugfixes.
@@ -507,7 +507,7 @@ Emacs, standalone info, or converted to
** Fixed a long-standing bug, so that Wget now works over SLIP
connections.
-** You can have a system-wide wgetrc (/usr/local/lib/wgetrc by
+** You can have a system-wide wgetrc (/etc/wgetrc by
default). Settings in $HOME/.wgetrc override the global ones, of
course :-)
diff -up wget-1.11/README.rhpath wget-1.11/README
--- wget-1.11/README.rhpath 2008-01-27 00:02:29.000000000 +0100
+++ wget-1.11/README 2008-01-27 00:02:40.000000000 +0100
@@ -33,7 +33,7 @@ for socks.
Most of the features are configurable, either through command-line
options, or via initialization file .wgetrc. Wget allows you to
-install a global startup file (/usr/local/etc/wgetrc by default) for
+install a global startup file (/etc/wgetrc by default) for
site settings.
Wget works under almost all Unix variants in use today and, unlike
diff -up wget-1.11/doc/sample.wgetrc.rhpath wget-1.11/doc/sample.wgetrc
--- wget-1.11/doc/sample.wgetrc.rhpath 2008-01-26 10:26:56.000000000 +0100
+++ wget-1.11/doc/sample.wgetrc 2008-01-27 00:01:56.000000000 +0100
@@ -7,7 +7,7 @@
## not contain a comprehensive list of commands -- look at the manual
## to find out what you can put into this file.
##
-## Wget initialization file can reside in /usr/local/etc/wgetrc
+## Wget initialization file can reside in /etc/wgetrc
## (global, for all users) or $HOME/.wgetrc (for a single user).
##
## To use the settings in this file, you will have to uncomment them,
@@ -16,7 +16,7 @@
##
-## Global settings (useful for setting up in /usr/local/etc/wgetrc).
+## Global settings (useful for setting up in /etc/wgetrc).
## Think well before you change them, since they may reduce wget's
## functionality, and make it behave contrary to the documentation:
##
diff -up wget-1.11/doc/wget.1.rhpath wget-1.11/doc/wget.1
--- wget-1.11/doc/wget.1.rhpath 2008-01-26 10:56:05.000000000 +0100
+++ wget-1.11/doc/wget.1 2008-01-27 00:01:56.000000000 +0100
@@ -1706,8 +1706,8 @@ This is a useful option, since it guaran
\&\fIbelow\fR a certain hierarchy will be downloaded.
.SH "FILES"
.IX Header "FILES"
-.IP "\fB/usr/local/etc/wgetrc\fR" 4
-.IX Item "/usr/local/etc/wgetrc"
+.IP "\fB/etc/wgetrc\fR" 4
+.IX Item "/etc/wgetrc"
Default location of the \fIglobal\fR startup file.
.IP "\fB.wgetrc\fR" 4
.IX Item ".wgetrc"
diff -up wget-1.11/doc/wget.texi.rhpath wget-1.11/doc/wget.texi
--- wget-1.11/doc/wget.texi.rhpath 2008-01-26 10:26:56.000000000 +0100
+++ wget-1.11/doc/wget.texi 2008-01-27 00:01:56.000000000 +0100
@@ -199,12 +199,12 @@ gauge can be customized to your preferen
Most of the features are fully configurable, either through command line
options, or via the initialization file @file{.wgetrc} (@pxref{Startup
File}). Wget allows you to define @dfn{global} startup files
-(@file{/usr/local/etc/wgetrc} by default) for site settings.
+(@file{/etc/wgetrc} by default) for site settings.
@ignore
@c man begin FILES
@table @samp
-@item /usr/local/etc/wgetrc
+@item /etc/wgetrc
Default location of the @dfn{global} startup file.
@item .wgetrc
@@ -465,8 +465,6 @@ administrator may have chosen to compile
which case @samp{-d} will not work. Please note that compiling with
debug support is always safe---Wget compiled with the debug support will
@emph{not} print any debug info unless requested with @samp{-d}.
-@xref{Reporting Bugs}, for more information on how to use @samp{-d} for
-sending bug reports.
@cindex quiet
@item -q
@@ -909,7 +907,7 @@ When mode is set to ``windows'', Wget es
@samp{>}, and the control characters in the ranges 0--31 and 128--159.
In addition to this, Wget in Windows mode uses @samp{+} instead of
@samp{:} to separate host and port in local file names, and uses
-@samp{@@} instead of @samp{?} to separate the query portion of the file
+@samp{ @@ } instead of @samp{ ? } to separate the query portion of the file
name from the rest. Therefore, a URL that would be saved as
@samp{www.xemacs.org:4300/search.pl?input=blah} in Unix mode would be
saved as @samp{www.xemacs.org+4300/search.pl@@input=blah} in Windows
@@ -1149,7 +1147,7 @@ browser sends when communicating with th
would send in the same situation. Different browsers keep textual
cookie files in different locations:
-@table @asis
+@table @samp
@item Netscape 4.x.
The cookies are in @file{~/.netscape/cookies.txt}.
@@ -2450,9 +2448,7 @@ commands.
@cindex location of wgetrc
When initializing, Wget will look for a @dfn{global} startup file,
-@file{/usr/local/etc/wgetrc} by default (or some prefix other than
-@file{/usr/local}, if Wget was not installed there) and read commands
-from there, if it exists.
+@file{/etc/wgetrc} by default and read commands from there, if it exists.
Then it will look for the user's file. If the environmental variable
@code{WGETRC} is set, Wget will try to load that file. Failing that, no
@@ -2462,8 +2458,7 @@ If @code{WGETRC} is not set, Wget will t
The fact that user's settings are loaded after the system-wide ones
means that in case of collision user's wgetrc @emph{overrides} the
-system-wide wgetrc (in @file{/usr/local/etc/wgetrc} by default).
-Fascist admins, away!
+system-wide wgetrc (in @file{/etc/wgetrc} by default).
@node Wgetrc Syntax
@section Wgetrc Syntax
@@ -2509,7 +2504,7 @@ Most of these commands have direct comma
wgetrc command can be specified on the command line using the
@samp{--execute} switch (@pxref{Basic Startup Options}.)
-@table @asis
+@table @samp
@item accept/reject = @var{string}
Same as @samp{-A}/@samp{-R} (@pxref{Types of Files}).
diff -up wget-1.11/doc/wget.pod.rhpath wget-1.11/doc/wget.pod
--- wget-1.11/doc/wget.pod.rhpath 2008-01-26 10:56:05.000000000 +0100
+++ wget-1.11/doc/wget.pod 2008-01-27 00:01:56.000000000 +0100
@@ -1829,7 +1829,7 @@ I<below> a certain hierarchy will be dow
=over 4
-=item B</usr/local/etc/wgetrc>
+=item B</etc/wgetrc>
Default location of the I<global> startup file.
diff -up wget-1.11/doc/wget.info.rhpath wget-1.11/doc/wget.info
--- wget-1.11/doc/wget.info.rhpath 2008-01-26 10:56:04.000000000 +0100
+++ wget-1.11/doc/wget.info 2008-01-27 00:01:56.000000000 +0100
@@ -112,7 +112,7 @@ retrieval through HTTP proxies.
* Most of the features are fully configurable, either through
command line options, or via the initialization file `.wgetrc'
(*note Startup File::). Wget allows you to define "global"
- startup files (`/usr/local/etc/wgetrc' by default) for site
+ startup files (`/etc/wgetrc' by default) for site
settings.
* Finally, GNU Wget is free software. This means that everyone may
@@ -2144,9 +2144,7 @@ File: wget.info, Node: Wgetrc Location,
===================
When initializing, Wget will look for a "global" startup file,
-`/usr/local/etc/wgetrc' by default (or some prefix other than
-`/usr/local', if Wget was not installed there) and read commands from
-there, if it exists.
+`/etc/wgetrc' by default and read commands from there, if it exists.
Then it will look for the user's file. If the environmental variable
`WGETRC' is set, Wget will try to load that file. Failing that, no
@@ -2156,8 +2154,7 @@ further attempts will be made.
The fact that user's settings are loaded after the system-wide ones
means that in case of collision user's wgetrc _overrides_ the
-system-wide wgetrc (in `/usr/local/etc/wgetrc' by default). Fascist
-admins, away!
+system-wide wgetrc (in `/etc/wgetrc' by default).

File: wget.info, Node: Wgetrc Syntax, Next: Wgetrc Commands, Prev: Wgetrc Location, Up: Startup File
@@ -2625,7 +2622,7 @@ its line.
## not contain a comprehensive list of commands -- look at the manual
## to find out what you can put into this file.
##
- ## Wget initialization file can reside in /usr/local/etc/wgetrc
+ ## Wget initialization file can reside in /etc/wgetrc
## (global, for all users) or $HOME/.wgetrc (for a single user).
##
## To use the settings in this file, you will have to uncomment them,
@@ -2634,7 +2631,7 @@ its line.
##
- ## Global settings (useful for setting up in /usr/local/etc/wgetrc).
+ ## Global settings (useful for setting up in /etc/wgetrc).
## Think well before you change them, since they may reduce wget's
## functionality, and make it behave contrary to the documentation:
##

163
wget-1.12-path.patch Normal file
View File

@ -0,0 +1,163 @@
diff -urN wget-1.12/doc/sample.wgetrc wget-1.12.patched/doc/sample.wgetrc
--- wget-1.12/doc/sample.wgetrc 2009-09-22 04:53:58.000000000 +0200
+++ wget-1.12.patched/doc/sample.wgetrc 2009-11-17 12:29:18.000000000 +0100
@@ -7,7 +7,7 @@
## not contain a comprehensive list of commands -- look at the manual
## to find out what you can put into this file.
##
-## Wget initialization file can reside in /usr/local/etc/wgetrc
+## Wget initialization file can reside in /etc/wgetrc
## (global, for all users) or $HOME/.wgetrc (for a single user).
##
## To use the settings in this file, you will have to uncomment them,
@@ -16,7 +16,7 @@
##
-## Global settings (useful for setting up in /usr/local/etc/wgetrc).
+## Global settings (useful for setting up in /etc/wgetrc).
## Think well before you change them, since they may reduce wget's
## functionality, and make it behave contrary to the documentation:
##
diff -urN wget-1.12/doc/sample.wgetrc.munged_for_texi_inclusion wget-1.12.patched/doc/sample.wgetrc.munged_for_texi_inclusion
--- wget-1.12/doc/sample.wgetrc.munged_for_texi_inclusion 2009-09-22 06:08:52.000000000 +0200
+++ wget-1.12.patched/doc/sample.wgetrc.munged_for_texi_inclusion 2009-11-17 12:29:39.000000000 +0100
@@ -7,7 +7,7 @@
## not contain a comprehensive list of commands -- look at the manual
## to find out what you can put into this file.
##
-## Wget initialization file can reside in /usr/local/etc/wgetrc
+## Wget initialization file can reside in /etc/wgetrc
## (global, for all users) or $HOME/.wgetrc (for a single user).
##
## To use the settings in this file, you will have to uncomment them,
@@ -16,7 +16,7 @@
##
-## Global settings (useful for setting up in /usr/local/etc/wgetrc).
+## Global settings (useful for setting up in /etc/wgetrc).
## Think well before you change them, since they may reduce wget's
## functionality, and make it behave contrary to the documentation:
##
diff -urN wget-1.12/doc/wget.info wget-1.12.patched/doc/wget.info
--- wget-1.12/doc/wget.info 2009-09-22 18:30:20.000000000 +0200
+++ wget-1.12.patched/doc/wget.info 2009-11-17 12:28:40.000000000 +0100
@@ -113,7 +113,7 @@
* Most of the features are fully configurable, either through
command line options, or via the initialization file `.wgetrc'
(*note Startup File::). Wget allows you to define "global"
- startup files (`/usr/local/etc/wgetrc' by default) for site
+ startup files (`/etc/wgetrc' by default) for site
settings.
* Finally, GNU Wget is free software. This means that everyone may
@@ -2351,8 +2351,8 @@
===================
When initializing, Wget will look for a "global" startup file,
-`/usr/local/etc/wgetrc' by default (or some prefix other than
-`/usr/local', if Wget was not installed there) and read commands from
+`/etc/wgetrc' by default (or some prefix other than
+`/etc', if Wget was not installed there) and read commands from
there, if it exists.
Then it will look for the user's file. If the environmental variable
@@ -2363,7 +2363,7 @@
The fact that user's settings are loaded after the system-wide ones
means that in case of collision user's wgetrc _overrides_ the
-system-wide wgetrc (in `/usr/local/etc/wgetrc' by default). Fascist
+system-wide wgetrc (in `/etc/wgetrc' by default). Fascist
admins, away!

@@ -2876,7 +2876,7 @@
## not contain a comprehensive list of commands -- look at the manual
## to find out what you can put into this file.
##
- ## Wget initialization file can reside in /usr/local/etc/wgetrc
+ ## Wget initialization file can reside in /etc/wgetrc
## (global, for all users) or $HOME/.wgetrc (for a single user).
##
## To use the settings in this file, you will have to uncomment them,
@@ -2885,7 +2885,7 @@
##
- ## Global settings (useful for setting up in /usr/local/etc/wgetrc).
+ ## Global settings (useful for setting up in /etc/wgetrc).
## Think well before you change them, since they may reduce wget's
## functionality, and make it behave contrary to the documentation:
##
diff -urN wget-1.12/doc/wget.texi wget-1.12.patched/doc/wget.texi
--- wget-1.12/doc/wget.texi 2009-09-04 23:22:04.000000000 +0200
+++ wget-1.12.patched/doc/wget.texi 2009-11-17 12:29:03.000000000 +0100
@@ -190,12 +190,12 @@
Most of the features are fully configurable, either through command line
options, or via the initialization file @file{.wgetrc} (@pxref{Startup
File}). Wget allows you to define @dfn{global} startup files
-(@file{/usr/local/etc/wgetrc} by default) for site settings.
+(@file{/etc/wgetrc} by default) for site settings.
@ignore
@c man begin FILES
@table @samp
-@item /usr/local/etc/wgetrc
+@item /etc/wgetrc
Default location of the @dfn{global} startup file.
@item .wgetrc
@@ -2670,8 +2670,8 @@
@cindex location of wgetrc
When initializing, Wget will look for a @dfn{global} startup file,
-@file{/usr/local/etc/wgetrc} by default (or some prefix other than
-@file{/usr/local}, if Wget was not installed there) and read commands
+@file{/etc/wgetrc} by default (or some prefix other than
+@file{/etc}, if Wget was not installed there) and read commands
from there, if it exists.
Then it will look for the user's file. If the environmental variable
@@ -2682,7 +2682,7 @@
The fact that user's settings are loaded after the system-wide ones
means that in case of collision user's wgetrc @emph{overrides} the
-system-wide wgetrc (in @file{/usr/local/etc/wgetrc} by default).
+system-wide wgetrc (in @file{/etc/wgetrc} by default).
Fascist admins, away!
@node Wgetrc Syntax, Wgetrc Commands, Wgetrc Location, Startup File
diff -urN wget-1.12/NEWS wget-1.12.patched/NEWS
--- wget-1.12/NEWS 2009-09-22 04:53:35.000000000 +0200
+++ wget-1.12.patched/NEWS 2009-11-17 12:30:10.000000000 +0100
@@ -562,7 +562,7 @@
** Compiles on pre-ANSI compilers.
-** Global wgetrc now goes to /usr/local/etc (i.e. $sysconfdir).
+** Global wgetrc now goes to /etc (i.e. $sysconfdir).
** Lots of bugfixes.
@@ -625,7 +625,7 @@
** Fixed a long-standing bug, so that Wget now works over SLIP
connections.
-** You can have a system-wide wgetrc (/usr/local/lib/wgetrc by
+** You can have a system-wide wgetrc (/etc/wgetrc by
default). Settings in $HOME/.wgetrc override the global ones, of
course :-)
diff -urN wget-1.12/README wget-1.12.patched/README
--- wget-1.12/README 2009-09-21 00:59:32.000000000 +0200
+++ wget-1.12.patched/README 2009-11-17 12:30:27.000000000 +0100
@@ -33,7 +33,7 @@
Most of the features are configurable, either through command-line
options, or via initialization file .wgetrc. Wget allows you to
-install a global startup file (/usr/local/etc/wgetrc by default) for
+install a global startup file (/etc/wgetrc by default) for
site settings.
Wget works under almost all Unix variants in use today and, unlike

18
wget-rh-modified.patch
View File

@ -1,6 +1,12 @@
diff -up wget-1.11.1/src/version.c.rh1 wget-1.11.1/src/version.c
--- wget-1.11.1/src/version.c.rh1 2008-03-31 11:27:06.000000000 +0200
+++ wget-1.11.1/src/version.c 2008-03-31 11:27:22.000000000 +0200
@@ -1 +1 @@
-char *version_string = "1.11.4";
+char *version_string = "1.11.4 (Red Hat modified)";
diff -urN wget-1.12/configure wget-1.12.patched/configure
--- wget-1.12/configure 2009-11-17 12:36:23.000000000 +0100
+++ wget-1.12.patched/configure 2009-09-22 18:40:13.000000000 +0200
@@ -597,7 +597,7 @@
PACKAGE_NAME='wget'
PACKAGE_TARNAME='wget'
PACKAGE_VERSION='1.12'
-PACKAGE_STRING='wget 1.12'
+PACKAGE_STRING='wget 1.12 (Red Hat modified)'
PACKAGE_BUGREPORT='bug-wget@gnu.org'
# Factoring default headers for most tests.

17
wget.spec
View File

@ -1,15 +1,13 @@
Summary: A utility for retrieving files using the HTTP or FTP protocols
Name: wget
Version: 1.11.4
Release: 5%{?dist}
Version: 1.12
Release: 1%{?dist}
License: GPLv3+
Group: Applications/Internet
Url: http://wget.sunsite.dk/
Source: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.bz2
#Source2: http://people.fedora.de/rsc/wget-1.11-de.po
Patch1: wget-rh-modified.patch
Patch2: wget-1.11-path.patch
Patch3: wget-1.10.1-helpfix.patch
Patch2: wget-1.12-path.patch
Provides: webclient
Requires(post): /sbin/install-info
Requires(preun): /sbin/install-info
@ -29,10 +27,6 @@ support for Proxy servers, and configurability.
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
#cp %{SOURCE2} $RPM_BUILD_DIR/wget-%{version}/po/de.po
#chmod a+x doc/texi2pod.pl
%build
if pkg-config openssl ; then
@ -68,6 +62,11 @@ rm -rf $RPM_BUILD_ROOT
%{_infodir}/*
%changelog
* Tue Nov 17 2009 Karsten Hopp <karsten@redhat.com> 1.12-1
- update to wget-1.12
- fixes CVE-2009-3490 wget: incorrect verification of SSL certificate
with NUL in name
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.11.4-5
- rebuilt with new openssl