import wget-1.19.5-10.el8

This commit is contained in:
CentOS Sources 2020-04-24 03:55:04 +00:00 committed by Andrew Lukoshko
commit f825afa1e1
14 changed files with 2078 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/wget-1.19.5.tar.gz

1
.wget.metadata Normal file
View File

@ -0,0 +1 @@
43b3d09e786df9e8d7aa454095d4ea2d420ae41c SOURCES/wget-1.19.5.tar.gz

View File

@ -0,0 +1,172 @@
diff --git a/NEWS b/NEWS
index d23ae95..aa3247f 100644
--- a/NEWS
+++ b/NEWS
@@ -935,7 +935,7 @@ distributed with Wget.
** Compiles on pre-ANSI compilers.
-** Global wgetrc now goes to /usr/local/etc (i.e. $sysconfdir).
+** Global wgetrc now goes to /etc (i.e. $sysconfdir).
** Lots of bugfixes.
@@ -998,7 +998,7 @@ Emacs, standalone info, or converted to HTML, dvi or postscript.
** Fixed a long-standing bug, so that Wget now works over SLIP
connections.
-** You can have a system-wide wgetrc (/usr/local/lib/wgetrc by
+** You can have a system-wide wgetrc (/etc/wgetrc by
default). Settings in $HOME/.wgetrc override the global ones, of
course :-)
diff --git a/README b/README
index 692e1c6..38231c9 100644
--- a/README
+++ b/README
@@ -33,7 +33,7 @@ for socks.
Most of the features are configurable, either through command-line
options, or via initialization file .wgetrc. Wget allows you to
-install a global startup file (/usr/local/etc/wgetrc by default) for
+install a global startup file (/etc/wgetrc by default) for
site settings.
Wget works under almost all Unix variants in use today and, unlike
diff --git a/doc/sample.wgetrc b/doc/sample.wgetrc
index c0d0779..9a73ada 100644
--- a/doc/sample.wgetrc
+++ b/doc/sample.wgetrc
@@ -10,7 +10,7 @@
## Or online here:
## https://www.gnu.org/software/wget/manual/wget.html#Startup-File
##
-## Wget initialization file can reside in /usr/local/etc/wgetrc
+## Wget initialization file can reside in /etc/wgetrc
## (global, for all users) or $HOME/.wgetrc (for a single user).
##
## To use the settings in this file, you will have to uncomment them,
@@ -22,7 +22,7 @@
##
-## Global settings (useful for setting up in /usr/local/etc/wgetrc).
+## Global settings (useful for setting up in /etc/wgetrc).
## Think well before you change them, since they may reduce wget's
## functionality, and make it behave contrary to the documentation:
##
diff --git a/doc/sample.wgetrc.munged_for_texi_inclusion b/doc/sample.wgetrc.munged_for_texi_inclusion
index 3c7f2f4..521ef16 100644
--- a/doc/sample.wgetrc.munged_for_texi_inclusion
+++ b/doc/sample.wgetrc.munged_for_texi_inclusion
@@ -10,7 +10,7 @@
## Or online here:
## https://www.gnu.org/software/wget/manual/wget.html#Startup-File
##
-## Wget initialization file can reside in /usr/local/etc/wgetrc
+## Wget initialization file can reside in /etc/wgetrc
## (global, for all users) or $HOME/.wgetrc (for a single user).
##
## To use the settings in this file, you will have to uncomment them,
@@ -22,7 +22,7 @@
##
-## Global settings (useful for setting up in /usr/local/etc/wgetrc).
+## Global settings (useful for setting up in /etc/wgetrc).
## Think well before you change them, since they may reduce wget's
## functionality, and make it behave contrary to the documentation:
##
diff --git a/doc/wget.info b/doc/wget.info
index 40ce0d4..89c6652 100644
--- a/doc/wget.info
+++ b/doc/wget.info
@@ -109,7 +109,7 @@ retrieval through HTTP proxies.
• Most of the features are fully configurable, either through command
line options, or via the initialization file .wgetrc (*note
Startup File::). Wget allows you to define “global” startup files
- (/usr/local/etc/wgetrc by default) for site settings. You can
+ (/etc/wgetrc by default) for site settings. You can
also specify the location of a startup file with the config
option. To disable the reading of config files, use no-config.
If both config and no-config are given, no-config is ignored.
@@ -2825,8 +2825,8 @@ File: wget.info, Node: Wgetrc Location, Next: Wgetrc Syntax, Prev: Startup Fi
===================
When initializing, Wget will look for a “global” startup file,
-/usr/local/etc/wgetrc by default (or some prefix other than
-/usr/local, if Wget was not installed there) and read commands from
+/etc/wgetrc by default (or some prefix other than
+/etc, if Wget was not installed there) and read commands from
there, if it exists.
Then it will look for the users file. If the environmental variable
@@ -2837,7 +2837,7 @@ further attempts will be made.
The fact that users settings are loaded after the system-wide ones
means that in case of collision users wgetrc _overrides_ the
-system-wide wgetrc (in /usr/local/etc/wgetrc by default). Fascist
+system-wide wgetrc (in /etc/wgetrc by default). Fascist
admins, away!

@@ -3380,7 +3380,7 @@ its line.
## Or online here:
## https://www.gnu.org/software/wget/manual/wget.html#Startup-File
##
- ## Wget initialization file can reside in /usr/local/etc/wgetrc
+ ## Wget initialization file can reside in /etc/wgetrc
## (global, for all users) or $HOME/.wgetrc (for a single user).
##
## To use the settings in this file, you will have to uncomment them,
@@ -3392,7 +3392,7 @@ its line.
##
- ## Global settings (useful for setting up in /usr/local/etc/wgetrc).
+ ## Global settings (useful for setting up in /etc/wgetrc).
## Think well before you change them, since they may reduce wget's
## functionality, and make it behave contrary to the documentation:
##
diff --git a/doc/wget.texi b/doc/wget.texi
index eaf6b38..608d008 100644
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -190,7 +190,7 @@ gauge can be customized to your preferences.
Most of the features are fully configurable, either through command line
options, or via the initialization file @file{.wgetrc} (@pxref{Startup
File}). Wget allows you to define @dfn{global} startup files
-(@file{/usr/local/etc/wgetrc} by default) for site settings. You can also
+(@file{/etc/wgetrc} by default) for site settings. You can also
specify the location of a startup file with the --config option.
To disable the reading of config files, use --no-config.
If both --config and --no-config are given, --no-config is ignored.
@@ -199,7 +199,7 @@ If both --config and --no-config are given, --no-config is ignored.
@ignore
@c man begin FILES
@table @samp
-@item /usr/local/etc/wgetrc
+@item /etc/wgetrc
Default location of the @dfn{global} startup file.
@item .wgetrc
@@ -3154,8 +3154,8 @@ commands.
@cindex location of wgetrc
When initializing, Wget will look for a @dfn{global} startup file,
-@file{/usr/local/etc/wgetrc} by default (or some prefix other than
-@file{/usr/local}, if Wget was not installed there) and read commands
+@file{/etc/wgetrc} by default (or some prefix other than
+@file{/etc}, if Wget was not installed there) and read commands
from there, if it exists.
Then it will look for the user's file. If the environmental variable
@@ -3166,7 +3166,7 @@ If @code{WGETRC} is not set, Wget will try to load @file{$HOME/.wgetrc}.
The fact that user's settings are loaded after the system-wide ones
means that in case of collision user's wgetrc @emph{overrides} the
-system-wide wgetrc (in @file{/usr/local/etc/wgetrc} by default).
+system-wide wgetrc (in @file{/etc/wgetrc} by default).
Fascist admins, away!
@node Wgetrc Syntax, Wgetrc Commands, Wgetrc Location, Startup File

View File

@ -0,0 +1,110 @@
From 2bbdfd76dab187ab29e22bed18d737f94343e629 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Tue, 4 Sep 2018 11:22:14 +0200
Subject: [PATCH] Add TLS 1.3 support for GnuTLS
* doc/wget.texi: Add "TLSv1_3" to --secure-protocol
* src/gnutls.c (set_prio_default): Use GNUTLS_TLS1_3 where needed
Wget currently allows specifying "TLSv1_3" as the parameter for
--secure-protocol option. However it is only implemented for OpenSSL
and in case wget is compiled with GnuTLS, it causes wget to abort with:
GnuTLS: unimplemented 'secure-protocol' option value 6
GnuTLS contains TLS 1.3 implementation since version 3.6.3 [1]. However
currently it must be enabled explicitly in the application of it to be
used. This will change after the draft is finalized. [2] However for
the time being, I enabled it explicitly in case "TLSv1_3" is used with
--secure-protocol.
I also fixed man page to contain "TLSv1_3" in all listings of available
parameters for --secure-protocol
[1] https://lists.gnupg.org/pipermail/gnutls-devel/2018-July/008584.html
[2] https://nikmav.blogspot.com/2018/05/gnutls-and-tls-13.html
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
doc/wget.texi | 6 +++---
src/gnutls.c | 28 ++++++++++++++++++++++++++++
2 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/doc/wget.texi b/doc/wget.texi
index 38b4a245..7ae19d8e 100644
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -1780,9 +1780,9 @@ If Wget is compiled without SSL support, none of these options are available.
@cindex SSL protocol, choose
@item --secure-protocol=@var{protocol}
Choose the secure protocol to be used. Legal values are @samp{auto},
-@samp{SSLv2}, @samp{SSLv3}, @samp{TLSv1}, @samp{TLSv1_1}, @samp{TLSv1_2}
-and @samp{PFS}. If @samp{auto} is used, the SSL library is given the
-liberty of choosing the appropriate protocol automatically, which is
+@samp{SSLv2}, @samp{SSLv3}, @samp{TLSv1}, @samp{TLSv1_1}, @samp{TLSv1_2},
+@samp{TLSv1_3} and @samp{PFS}. If @samp{auto} is used, the SSL library is
+given the liberty of choosing the appropriate protocol automatically, which is
achieved by sending a TLSv1 greeting. This is the default.
Specifying @samp{SSLv2}, @samp{SSLv3}, @samp{TLSv1}, @samp{TLSv1_1},
diff --git a/src/gnutls.c b/src/gnutls.c
index 07844c52..206d0b09 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -565,6 +565,15 @@ set_prio_default (gnutls_session_t session)
err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1", NULL);
break;
+ case secure_protocol_tlsv1_3:
+#if GNUTLS_VERSION_NUMBER >= 0x030603
+ err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0:+VERS-TLS1.3:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2", NULL);
+ break;
+#else
+ logprintf (LOG_NOTQUIET, _("Your GnuTLS version is too old to support TLS 1.3\n"));
+ return -1;
+#endif
+
case secure_protocol_pfs:
err = gnutls_priority_set_direct (session, "PFS:-VERS-SSL3.0", NULL);
if (err != GNUTLS_E_SUCCESS)
@@ -596,19 +605,38 @@ set_prio_default (gnutls_session_t session)
allowed_protocols[0] = GNUTLS_TLS1_0;
allowed_protocols[1] = GNUTLS_TLS1_1;
allowed_protocols[2] = GNUTLS_TLS1_2;
+#if GNUTLS_VERSION_NUMBER >= 0x030603
+ allowed_protocols[3] = GNUTLS_TLS1_3;
+#endif
err = gnutls_protocol_set_priority (session, allowed_protocols);
break;
case secure_protocol_tlsv1_1:
allowed_protocols[0] = GNUTLS_TLS1_1;
allowed_protocols[1] = GNUTLS_TLS1_2;
+#if GNUTLS_VERSION_NUMBER >= 0x030603
+ allowed_protocols[2] = GNUTLS_TLS1_3;
+#endif
err = gnutls_protocol_set_priority (session, allowed_protocols);
break;
case secure_protocol_tlsv1_2:
allowed_protocols[0] = GNUTLS_TLS1_2;
+#if GNUTLS_VERSION_NUMBER >= 0x030603
+ allowed_protocols[1] = GNUTLS_TLS1_3;
+#endif
+ err = gnutls_protocol_set_priority (session, allowed_protocols);
+ break;
+
+ case secure_protocol_tlsv1_3:
+#if GNUTLS_VERSION_NUMBER >= 0x030603
+ allowed_protocols[0] = GNUTLS_TLS1_3;
err = gnutls_protocol_set_priority (session, allowed_protocols);
break;
+#else
+ logprintf (LOG_NOTQUIET, _("Your GnuTLS version is too old to support TLS 1.3\n"));
+ return -1;
+#endif
default:
logprintf (LOG_NOTQUIET, _("GnuTLS: unimplemented 'secure-protocol' option value %d\n"), opt.secure_protocol);
--
2.17.1

View File

@ -0,0 +1,18 @@
diff --git a/src/iri.c b/src/iri.c
index 7dcf3ac..1c8695c 100644
--- a/src/iri.c
+++ b/src/iri.c
@@ -189,9 +189,10 @@ do_conversion (const char *tocode, const char *fromcode, char const *in_org, siz
{
tooshort++;
done = len;
- len = outlen = done + inlen * 2;
- s = xrealloc (s, outlen + 1);
- *out = s + done;
+ len = done + inlen * 2;
+ s = xrealloc (s, len + 1);
+ *out = s + done - outlen;
+ outlen += inlen * 2;
}
else /* Weird, we got an unspecified error */
{

View File

@ -0,0 +1,41 @@
From 8990d706da3e32b12debd9b8dea7b42134631770 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Fri, 10 Aug 2018 14:32:13 +0200
Subject: [PATCH] Don't limit the test suite HTTPS server to TLSv1
In Fedora, we are implementing crypto policies, in order to enhance the
security of user systems. This is done on the system level by global
configuration. It may happen that due to the active policy, only
TLSv1.2 or higher will be available in crypto libraries. While wget as
a client will by default determine the minimal TLS version supported by
both client and server, the HTTPS server implementation in testenv/
hardcodes use of TLSv1. As a result all HTTPS related tests fail in
case a more hardened crypto policy is set on the Fedora system.
This change removes the explicit TLS version setting and leaves the
determination of the minimal supported TLS version on the server and
client.
More information about Fedora change can be found here:
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
testenv/server/http/http_server.py | 1 -
1 file changed, 1 deletion(-)
diff --git a/testenv/server/http/http_server.py b/testenv/server/http/http_server.py
index 434666dd..6d8fc9e8 100644
--- a/testenv/server/http/http_server.py
+++ b/testenv/server/http/http_server.py
@@ -49,7 +49,6 @@ class HTTPSServer(StoppableHTTPServer):
'server-key.pem'))
self.socket = ssl.wrap_socket(
sock=socket.socket(self.address_family, self.socket_type),
- ssl_version=ssl.PROTOCOL_TLSv1,
certfile=CERTFILE,
keyfile=KEYFILE,
server_side=True
--
2.17.1

View File

@ -0,0 +1,116 @@
From 83c408842b80b4ed26a3fe8a61177846dda18c60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Wed, 26 Dec 2018 14:38:18 +0100
Subject: [PATCH] Don't save user/pw with --xattr
---
src/ftp.c | 2 +-
src/http.c | 4 ++--
src/xattr.c | 24 ++++++++++++++++++++----
src/xattr.h | 3 ++-
4 files changed, 25 insertions(+), 8 deletions(-)
diff --git a/src/ftp.c b/src/ftp.c
index daaae93..c02ed02 100644
--- a/src/ftp.c
+++ b/src/ftp.c
@@ -1580,7 +1580,7 @@ Error in server response, closing control connection.\n"));
#ifdef ENABLE_XATTR
if (opt.enable_xattr)
- set_file_metadata (u->url, NULL, fp);
+ set_file_metadata (u, NULL, fp);
#endif
fd_close (local_sock);
diff --git a/src/http.c b/src/http.c
index 499a43b..18e58e9 100644
--- a/src/http.c
+++ b/src/http.c
@@ -4120,9 +4120,9 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs,
if (opt.enable_xattr)
{
if (original_url != u)
- set_file_metadata (u->url, original_url->url, fp);
+ set_file_metadata (u, original_url, fp);
else
- set_file_metadata (u->url, NULL, fp);
+ set_file_metadata (u, NULL, fp);
}
#endif
diff --git a/src/xattr.c b/src/xattr.c
index 6652422..0f20fad 100644
--- a/src/xattr.c
+++ b/src/xattr.c
@@ -21,6 +21,7 @@
#include <string.h>
#include "log.h"
+#include "utils.h"
#include "xattr.h"
#ifdef USE_XATTR
@@ -57,7 +58,7 @@ write_xattr_metadata (const char *name, const char *value, FILE *fp)
#endif /* USE_XATTR */
int
-set_file_metadata (const char *origin_url, const char *referrer_url, FILE *fp)
+set_file_metadata (const struct url *origin_url, const struct url *referrer_url, FILE *fp)
{
/* Save metadata about where the file came from (requested, final URLs) to
* user POSIX Extended Attributes of retrieved file.
@@ -67,13 +68,28 @@ set_file_metadata (const char *origin_url, const char *referrer_url, FILE *fp)
* [http://0pointer.de/lennart/projects/mod_mime_xattr/].
*/
int retval = -1;
+ char *value;
if (!origin_url || !fp)
return retval;
- retval = write_xattr_metadata ("user.xdg.origin.url", escnonprint_uri (origin_url), fp);
- if ((!retval) && referrer_url)
- retval = write_xattr_metadata ("user.xdg.referrer.url", escnonprint_uri (referrer_url), fp);
+ value = url_string (origin_url, URL_AUTH_HIDE);
+ retval = write_xattr_metadata ("user.xdg.origin.url", escnonprint_uri (value), fp);
+ xfree (value);
+
+ if (!retval && referrer_url)
+ {
+ struct url u;
+
+ memset(&u, 0, sizeof(u));
+ u.scheme = referrer_url->scheme;
+ u.host = referrer_url->host;
+ u.port = referrer_url->port;
+
+ value = url_string (&u, 0);
+ retval = write_xattr_metadata ("user.xdg.referrer.url", escnonprint_uri (value), fp);
+ xfree (value);
+ }
return retval;
}
diff --git a/src/xattr.h b/src/xattr.h
index 10f3ed1..40c7a8d 100644
--- a/src/xattr.h
+++ b/src/xattr.h
@@ -16,12 +16,13 @@
along with this program; if not, see <http://www.gnu.org/licenses/>. */
#include <stdio.h>
+#include <url.h>
#ifndef _XATTR_H
#define _XATTR_H
/* Store metadata name/value attributes against fp. */
-int set_file_metadata (const char *origin_url, const char *referrer_url, FILE *fp);
+int set_file_metadata (const struct url *origin_url, const struct url *referrer_url, FILE *fp);
#if defined(__linux)
/* libc on Linux has fsetxattr (5 arguments). */
--
2.17.2

View File

@ -0,0 +1,62 @@
From 0e991351c8bd3996bfc396402a67445abcf1319e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Wed, 26 Dec 2018 13:51:48 +0100
Subject: [PATCH] Don't use extended attributes (--xattr) by default
---
doc/wget.texi | 8 ++++++++
src/init.c | 4 ----
src/main.c | 2 +-
3 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/doc/wget.texi b/doc/wget.texi
index 66edab8..d672bbf 100644
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -540,6 +540,14 @@ right NUMBER.
Set preferred location for Metalink resources. This has effect if multiple
resources with same priority are available.
+@cindex xattr
+@item --xattr
+Enable use of file system's extended attributes to save the
+original URL and the Referer HTTP header value if used.
+
+Be aware that the URL might contain private information like
+access tokens or credentials.
+
@cindex force html
@item -F
diff --git a/src/init.c b/src/init.c
index eb81ab4..800970c 100644
--- a/src/init.c
+++ b/src/init.c
@@ -509,11 +509,7 @@ defaults (void)
opt.hsts = true;
#endif
-#ifdef ENABLE_XATTR
- opt.enable_xattr = true;
-#else
opt.enable_xattr = false;
-#endif
}
/* Return the user's home directory (strdup-ed), or NULL if none is
diff --git a/src/main.c b/src/main.c
index 81db931..6ac1621 100644
--- a/src/main.c
+++ b/src/main.c
@@ -754,7 +754,7 @@ Download:\n"),
#endif
#ifdef ENABLE_XATTR
N_("\
- --no-xattr turn off storage of metadata in extended file attributes\n"),
+ --xattr turn on storage of metadata in extended file attributes\n"),
#endif
"\n",
--
2.17.2

View File

@ -0,0 +1,141 @@
From c11cc83d9ee9230f090c2400a57bbd562905d782 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 8 Oct 2018 10:42:22 +0200
Subject: [PATCH] Enable post-handshake auth under gnutls on TLS1.3
---
src/gnutls.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 96 insertions(+)
diff --git a/src/gnutls.c b/src/gnutls.c
index 206d0b09..a2c9d1c1 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -60,6 +60,11 @@ as that of the covered work. */
static int
_do_handshake (gnutls_session_t session, int fd, double timeout);
+#if GNUTLS_VERSION_NUMBER >= 0x030604
+static int
+_do_reauth (gnutls_session_t session, int fd, double timeout);
+#endif
+
static int
key_type_to_gnutls_type (enum keyfile_type type)
{
@@ -287,6 +292,14 @@ wgnutls_read_timeout (int fd, char *buf, int bufsize, void *arg, double timeout)
if ((ret = _do_handshake (ctx->session, fd, timeout)) == 0)
ret = GNUTLS_E_AGAIN; /* restart reading */
}
+#if GNUTLS_VERSION_NUMBER >= 0x030604
+ if (!timed_out && ret == GNUTLS_E_REAUTH_REQUEST)
+ {
+ DEBUGP (("GnuTLS: *** re-authentication while reading\n"));
+ if ((ret = _do_reauth (ctx->session, fd, timeout)) == 0)
+ ret = GNUTLS_E_AGAIN; /* restart reading */
+ }
+#endif
}
}
while (ret == GNUTLS_E_INTERRUPTED || (ret == GNUTLS_E_AGAIN && !timed_out));
@@ -519,6 +532,84 @@ _do_handshake (gnutls_session_t session, int fd, double timeout)
return err;
}
+#if GNUTLS_VERSION_NUMBER >= 0x030604
+static int
+_do_reauth (gnutls_session_t session, int fd, double timeout)
+{
+#ifdef F_GETFL
+ int flags = 0;
+#endif
+ int err;
+
+ if (timeout)
+ {
+#ifdef F_GETFL
+ flags = fcntl (fd, F_GETFL, 0);
+ if (flags < 0)
+ return flags;
+ if (fcntl (fd, F_SETFL, flags | O_NONBLOCK))
+ return -1;
+#else
+ /* XXX: Assume it was blocking before. */
+ const int one = 1;
+ if (ioctl (fd, FIONBIO, &one) < 0)
+ return -1;
+#endif
+ }
+
+ /* We don't stop the handshake process for non-fatal errors */
+ do
+ {
+ err = gnutls_reauth (session, 0);
+
+ if (timeout && err == GNUTLS_E_AGAIN)
+ {
+ if (gnutls_record_get_direction (session))
+ {
+ /* wait for writeability */
+ err = select_fd (fd, timeout, WAIT_FOR_WRITE);
+ }
+ else
+ {
+ /* wait for readability */
+ err = select_fd (fd, timeout, WAIT_FOR_READ);
+ }
+
+ if (err <= 0)
+ {
+ if (err == 0)
+ {
+ errno = ETIMEDOUT;
+ err = -1;
+ }
+ break;
+ }
+
+ err = GNUTLS_E_AGAIN;
+ }
+ else if (err < 0)
+ {
+ logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
+ }
+ }
+ while (err && gnutls_error_is_fatal (err) == 0);
+
+ if (timeout)
+ {
+#ifdef F_GETFL
+ if (fcntl (fd, F_SETFL, flags) < 0)
+ return -1;
+#else
+ const int zero = 0;
+ if (ioctl (fd, FIONBIO, &zero) < 0)
+ return -1;
+#endif
+ }
+
+ return err;
+}
+#endif
+
static const char *
_sni_hostname(const char *hostname)
{
@@ -655,7 +746,12 @@ ssl_connect_wget (int fd, const char *hostname, int *continue_session)
gnutls_session_t session;
int err;
+#if GNUTLS_VERSION_NUMBER >= 0x030604
+ // enable support of TLS1.3 post-handshake authentication
+ gnutls_init (&session, GNUTLS_CLIENT | GNUTLS_POST_HANDSHAKE_AUTH);
+#else
gnutls_init (&session, GNUTLS_CLIENT);
+#endif
/* We set the server name but only if it's not an IP address. */
if (! is_valid_ip_address (hostname))
--
2.17.2

View File

@ -0,0 +1,52 @@
From 706e71564cadc7192ac21efbf51b661c967f35b5 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Tue, 24 Mar 2020 13:18:40 +0100
Subject: [PATCH] Don't print message about loading crl or ca-cert files with --no-verbose
* src/gnutls.c (ssl_init): Use LOG_VERBOSE verbosity for informative
message related to loading CRL or CA certificate file.
Before change [1], wget didn't produce any output related to loading CA
certificates when --no-verbose option has been used. When --no-verbose
option is used, only error messages and basic information should get
printed. Information about loading CRL or CA certificate is probably not
a basic information. Any error when loading the CRL or CA certificate
will be still printed with --no-verbose.
Some users rely on wget not printing such information and they consider
it a regression.
Reported as https://bugzilla.redhat.com/show_bug.cgi?id=1807267
[1] http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e4a8fe84e2b813b65d91aec29298eecabe4850a5
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
src/gnutls.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/gnutls.c b/src/gnutls.c
index e95ecea..7ab1f08 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -172,7 +172,7 @@ ssl_init (void)
else
{
ncerts += rc;
- logprintf (LOG_NOTQUIET, _ ("Loaded CA certificate '%s'\n"), opt.ca_cert);
+ logprintf (LOG_VERBOSE, _ ("Loaded CA certificate '%s'\n"), opt.ca_cert);
}
}
@@ -186,7 +186,7 @@ ssl_init (void)
return false;
}
- logprintf (LOG_NOTQUIET, _ ("Loaded CRL file '%s'\n"), opt.crl_file);
+ logprintf (LOG_VERBOSE, _ ("Loaded CRL file '%s'\n"), opt.crl_file);
}
DEBUGP (("Certificates loaded: %d\n", ncerts));
--
libgit2 0.28.2

View File

@ -0,0 +1,376 @@
From b24351183ec574f81c729cbb3286aceaee3f03c8 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Mon, 30 Jul 2018 12:20:27 +0200
Subject: [PATCH 1/6] * src/ftp.c (getftp): Fix RESOURCE LEAK found by Coverity
Error: RESOURCE_LEAK (CWE-772):
wget-1.19.5/src/ftp.c:1493: alloc_fn: Storage is returned from allocation function "fopen".
wget-1.19.5/src/ftp.c:1493: var_assign: Assigning: "fp" = storage returned from "fopen(con->target, "wb")".
wget-1.19.5/src/ftp.c:1811: leaked_storage: Variable "fp" going out of scope leaks the storage it points to.
\# 1809| if (fp && !output_stream)
\# 1810| fclose (fp);
\# 1811|-> return err;
\# 1812| }
\# 1813|
It can happen, that "if (!output_stream || con->cmd & DO_LIST)" on line #1398 can be true, even though "output_stream != NULL". In this case a new file is opened to "fp". Later it may happen in the FTPS branch, that some error will occure and code will jump to label "exit_error". In "exit_error", the "fp" is closed only if "output_stream == NULL". However this may not be true as described earlier and "fp" leaks.
On line #1588, there is the following conditional free of "fp":
/* Close the local file. */
if (!output_stream || con->cmd & DO_LIST)
fclose (fp);
Therefore the conditional at the end of the function after "exit_error" label should be modified to:
if (fp && (!output_stream || con->cmd & DO_LIST))
fclose (fp);
This will ensure that "fp" does not leak in any case it sould be opened.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
src/ftp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ftp.c b/src/ftp.c
index 69148936..daaae939 100644
--- a/src/ftp.c
+++ b/src/ftp.c
@@ -1806,7 +1806,7 @@ Error in server response, closing control connection.\n"));
exit_error:
/* If fp is a regular file, close and try to remove it */
- if (fp && !output_stream)
+ if (fp && (!output_stream || con->cmd & DO_LIST))
fclose (fp);
return err;
}
--
2.17.1
From b8be904ac7c25387672b0aa39f7cba699bffc48e Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Mon, 30 Jul 2018 15:38:45 +0200
Subject: [PATCH 2/6] * src/http.c (check_auth): Fix RESOURCE LEAK found by
Coverity
Error: RESOURCE_LEAK (CWE-772):
wget-1.19.5/src/http.c:2434: alloc_fn: Storage is returned from allocation function "xmalloc".
wget-1.19.5/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from allocation function "malloc".
wget-1.19.5/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)".
wget-1.19.5/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p".
wget-1.19.5/src/http.c:2434: var_assign: Assigning: "auth_stat" = storage returned from "xmalloc(4UL)".
wget-1.19.5/src/http.c:2446: noescape: Resource "auth_stat" is not freed or pointed-to in "create_authorization_line".
wget-1.19.5/src/http.c:5203:70: noescape: "create_authorization_line(char const *, char const *, char const *, char const *, char const *, _Bool *, uerr_t *)" does not free or save its parameter "auth_err".
wget-1.19.5/src/http.c:2476: leaked_storage: Variable "auth_stat" going out of scope leaks the storage it points to.
\# 2474| /* Creating the Authorization header went wrong */
\# 2475| }
\# 2476|-> }
\# 2477| else
\# 2478| {
Error: RESOURCE_LEAK (CWE-772):
wget-1.19.5/src/http.c:2431: alloc_fn: Storage is returned from allocation function "url_full_path".
wget-1.19.5/src/url.c:1105:19: alloc_fn: Storage is returned from allocation function "xmalloc".
wget-1.19.5/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from allocation function "malloc".
wget-1.19.5/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)".
wget-1.19.5/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p".
wget-1.19.5/src/url.c:1105:19: var_assign: Assigning: "full_path" = "xmalloc(length + 1)".
wget-1.19.5/src/url.c:1107:3: noescape: Resource "full_path" is not freed or pointed-to in function "full_path_write".
wget-1.19.5/src/url.c:1078:47: noescape: "full_path_write(struct url const *, char *)" does not free or save its parameter "where".
wget-1.19.5/src/url.c:1110:3: return_alloc: Returning allocated memory "full_path".
wget-1.19.5/src/http.c:2431: var_assign: Assigning: "pth" = storage returned from "url_full_path(u)".
wget-1.19.5/src/http.c:2446: noescape: Resource "pth" is not freed or pointed-to in "create_authorization_line".
wget-1.19.5/src/http.c:5203:40: noescape: "create_authorization_line(char const *, char const *, char const *, char const *, char const *, _Bool *, uerr_t *)" does not free or save its parameter "path".
wget-1.19.5/src/http.c:2476: leaked_storage: Variable "pth" going out of scope leaks the storage it points to.
\# 2474| /* Creating the Authorization header went wrong */
\# 2475| }
\# 2476|-> }
\# 2477| else
\# 2478| {
Both "pth" and "auth_stat" are allocated in "check_auth()" function. These are used for creating the HTTP Authorization Request header via "create_authorization_line()" function. In case the creation went OK (auth_err == RETROK), then the memory previously allocated to "pth" and "auth_stat" is freed. However if the creation failed, then the memory is never freed and it leaks.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
src/http.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/http.c b/src/http.c
index 093be167..4e0d467a 100644
--- a/src/http.c
+++ b/src/http.c
@@ -2451,6 +2451,8 @@ check_auth (const struct url *u, char *user, char *passwd, struct response *resp
auth_stat);
auth_err = *auth_stat;
+ xfree (auth_stat);
+ xfree (pth);
if (auth_err == RETROK)
{
request_set_header (req, "Authorization", value, rel_value);
@@ -2464,8 +2466,6 @@ check_auth (const struct url *u, char *user, char *passwd, struct response *resp
register_basic_auth_host (u->host);
}
- xfree (pth);
- xfree (auth_stat);
*retry = true;
goto cleanup;
}
--
2.17.1
From dfef92bac3997b9848e86d84a843d5d7dde4fd99 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Tue, 31 Jul 2018 16:58:12 +0200
Subject: [PATCH 3/6] * src/http.c (http_loop): Fix RESOURCE LEAK found by
Coverity
Error: RESOURCE_LEAK (CWE-772):
wget-1.19.5/src/http.c:4486: alloc_fn: Storage is returned from allocation function "url_string".
wget-1.19.5/src/url.c:2248:3: alloc_fn: Storage is returned from allocation function "xmalloc".
wget-1.19.5/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from allocation function "malloc".
wget-1.19.5/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)".
wget-1.19.5/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p".
wget-1.19.5/src/url.c:2248:3: var_assign: Assigning: "result" = "xmalloc(size)".
wget-1.19.5/src/url.c:2248:3: var_assign: Assigning: "p" = "result".
wget-1.19.5/src/url.c:2250:3: noescape: Resource "p" is not freed or pointed-to in function "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
wget-1.19.5/src/url.c:2253:7: noescape: Resource "p" is not freed or pointed-to in function "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
wget-1.19.5/src/url.c:2257:11: noescape: Resource "p" is not freed or pointed-to in function "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
wget-1.19.5/src/url.c:2264:3: noescape: Resource "p" is not freed or pointed-to in function "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
wget-1.19.5/src/url.c:2270:7: identity_transfer: Passing "p" as argument 1 to function "number_to_string", which returns an offset off that argument.
wget-1.19.5/src/utils.c:1776:11: var_assign_parm: Assigning: "p" = "buffer".
wget-1.19.5/src/utils.c:1847:3: return_var: Returning "p", which is a copy of a parameter.
wget-1.19.5/src/url.c:2270:7: noescape: Resource "p" is not freed or pointed-to in function "number_to_string".
wget-1.19.5/src/utils.c:1774:25: noescape: "number_to_string(char *, wgint)" does not free or save its parameter "buffer".
wget-1.19.5/src/url.c:2270:7: var_assign: Assigning: "p" = "number_to_string(p, url->port)".
wget-1.19.5/src/url.c:2273:3: noescape: Resource "p" is not freed or pointed-to in function "full_path_write".
wget-1.19.5/src/url.c:1078:47: noescape: "full_path_write(struct url const *, char *)" does not free or save its parameter "where".
wget-1.19.5/src/url.c:2287:3: return_alloc: Returning allocated memory "result".
wget-1.19.5/src/http.c:4486: var_assign: Assigning: "hurl" = storage returned from "url_string(u, URL_AUTH_HIDE_PASSWD)".
wget-1.19.5/src/http.c:4487: noescape: Resource "hurl" is not freed or pointed-to in "logprintf".
wget-1.19.5/src/http.c:4513: leaked_storage: Variable "hurl" going out of scope leaks the storage it points to.
\# 4511| {
\# 4512| printwhat (count, opt.ntry);
\# 4513|-> continue;
\# 4514| }
\# 4515| else
There are two conditional branches, which call continue, without freeing memory potentially allocated and pointed to by"hurl" pointer. In fase "!opt.verbose" is True and some of the appropriate conditions in the following if/else if construction, in which "continue" is called, are also true, then the memory allocated to "hurl" will leak.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
src/http.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/http.c b/src/http.c
index 4e0d467a..46fde6f2 100644
--- a/src/http.c
+++ b/src/http.c
@@ -4492,6 +4492,7 @@ http_loop (const struct url *u, struct url *original_url, char **newloc,
&& (hstat.statcode == 500 || hstat.statcode == 501))
{
got_head = true;
+ xfree (hurl);
continue;
}
/* Maybe we should always keep track of broken links, not just in
@@ -4510,6 +4511,7 @@ Remote file does not exist -- broken link!!!\n"));
else if (check_retry_on_http_error (hstat.statcode))
{
printwhat (count, opt.ntry);
+ xfree (hurl);
continue;
}
else
--
2.17.1
From c045cdded4e3850724d8bb3a655852948e62c0df Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Thu, 2 Aug 2018 13:49:52 +0200
Subject: [PATCH 4/6] * src/utils.c (open_stat): Fix RESOURCE LEAK found by
Coverity
Error: RESOURCE_LEAK (CWE-772):
wget-1.19.5/src/utils.c:914: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
wget-1.19.5/src/utils.c:914: var_assign: Assigning: "fd" = handle returned from "open(fname, flags, mode)".
wget-1.19.5/src/utils.c:921: noescape: Resource "fd" is not freed or pointed-to in "fstat". [Note: The source code implementation of the function has been overridden by a builtin model.]
wget-1.19.5/src/utils.c:924: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
\# 922| {
\# 923| logprintf (LOG_NOTQUIET, _("Failed to stat file %s, error: %s\n"), fname, strerror(errno));
\# 924|-> return -1;
\# 925| }
\# 926| #if !(defined(WINDOWS) || defined(__VMS))
This seems to be a real issue, since the opened file descriptor in "fd"
would leak. There is also additional check below the "fstat" call, which
closes the opened "fd".
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
src/utils.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/utils.c b/src/utils.c
index 0cb905ad..c6258083 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -921,6 +921,7 @@ open_stat(const char *fname, int flags, mode_t mode, file_stats_t *fstats)
if (fstat (fd, &fdstats) == -1)
{
logprintf (LOG_NOTQUIET, _("Failed to stat file %s, error: %s\n"), fname, strerror(errno));
+ close (fd);
return -1;
}
#if !(defined(WINDOWS) || defined(__VMS))
--
2.17.1
From 8b451f9f21cc1b00d1a08116b542fb7bd7589405 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Fri, 3 Aug 2018 16:19:20 +0200
Subject: [PATCH 5/6] * src/warc.c (warc_write_start_record): Fix potential
RESOURCE LEAK
In warc_write_start_record() function, the reutrn value of dup() is
directly used in gzdopen() call and not stored anywhere. However the
zlib documentation says that "The duplicated descriptor should be saved
to avoid a leak, since gzdopen does not close fd if it fails." [1].
This change stores the FD in a variable and closes it in case gzopen()
fails.
[1] https://www.zlib.net/manual.html
Error: RESOURCE_LEAK (CWE-772):
wget-1.19.5/src/warc.c:217: open_fn: Returning handle opened by "dup".
wget-1.19.5/src/warc.c:217: leaked_handle: Failing to save or close handle opened by "dup(fileno(warc_current_file))" leaks it.
\# 215|
\# 216| /* Start a new GZIP stream. */
\# 217|-> warc_current_gzfile = gzdopen (dup (fileno (warc_current_file)), "wb9");
\# 218| warc_current_gzfile_uncompressed_size = 0;
\# 219|
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
src/warc.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/warc.c b/src/warc.c
index 3482cf3b..5ebd04d7 100644
--- a/src/warc.c
+++ b/src/warc.c
@@ -203,6 +203,7 @@ warc_write_start_record (void)
/* Start a GZIP stream, if required. */
if (opt.warc_compression_enabled)
{
+ int dup_fd;
/* Record the starting offset of the new record. */
warc_current_gzfile_offset = ftello (warc_current_file);
@@ -214,13 +215,23 @@ warc_write_start_record (void)
fflush (warc_current_file);
/* Start a new GZIP stream. */
- warc_current_gzfile = gzdopen (dup (fileno (warc_current_file)), "wb9");
+ dup_fd = dup (fileno (warc_current_file));
+ if (dup_fd < 0)
+ {
+ logprintf (LOG_NOTQUIET,
+_("Error duplicating WARC file file descriptor.\n"));
+ warc_write_ok = false;
+ return false;
+ }
+
+ warc_current_gzfile = gzdopen (dup_fd, "wb9");
warc_current_gzfile_uncompressed_size = 0;
if (warc_current_gzfile == NULL)
{
logprintf (LOG_NOTQUIET,
_("Error opening GZIP stream to WARC file.\n"));
+ close (dup_fd);
warc_write_ok = false;
return false;
}
--
2.17.1
From 2f451dbf4e83c751f6bbba7ed26d90bf275fcbf7 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Fri, 24 Aug 2018 16:57:37 +0200
Subject: [PATCH 6/6] * src/warc.c (warc_write_cdx_record): Fix RESOURCE LEAK
found by Coverity
Error: RESOURCE_LEAK (CWE-772): - REAL ERROR
wget-1.19.5/src/warc.c:1376: alloc_fn: Storage is returned from allocation function "url_escape".
wget-1.19.5/src/url.c:284:3: alloc_fn: Storage is returned from allocation function "url_escape_1".
wget-1.19.5/src/url.c:255:3: alloc_fn: Storage is returned from allocation function "xmalloc".
wget-1.19.5/lib/xmalloc.c:41:11: alloc_fn: Storage is returned from allocation function "malloc".
wget-1.19.5/lib/xmalloc.c:41:11: var_assign: Assigning: "p" = "malloc(n)".
wget-1.19.5/lib/xmalloc.c:44:3: return_alloc: Returning allocated memory "p".
wget-1.19.5/src/url.c:255:3: var_assign: Assigning: "newstr" = "xmalloc(newlen + 1)".
wget-1.19.5/src/url.c:258:3: var_assign: Assigning: "p2" = "newstr".
wget-1.19.5/src/url.c:275:3: return_alloc: Returning allocated memory "newstr".
wget-1.19.5/src/url.c:284:3: return_alloc_fn: Directly returning storage allocated by "url_escape_1".
wget-1.19.5/src/warc.c:1376: var_assign: Assigning: "redirect_location" = storage returned from "url_escape(redirect_location)".
wget-1.19.5/src/warc.c:1381: noescape: Resource "redirect_location" is not freed or pointed-to in "fprintf".
wget-1.19.5/src/warc.c:1387: leaked_storage: Returning without freeing "redirect_location" leaks the storage that it points to.
\# 1385| fflush (warc_current_cdx_file);
\# 1386|
\# 1387|-> return true;
\# 1388| }
\# 1389|
url_escape() really returns a newly allocated memory and it leaks when the warc_write_cdx_record() returns. The memory returned from url_escape() is usually stored in a temporary variable in other parts of the project and then freed. I took the same approach.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
src/warc.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/warc.c b/src/warc.c
index 5ebd04d7..2eb74966 100644
--- a/src/warc.c
+++ b/src/warc.c
@@ -1364,6 +1364,7 @@ warc_write_cdx_record (const char *url, const char *timestamp_str,
char timestamp_str_cdx[15];
char offset_string[MAX_INT_TO_STRING_LEN(off_t)];
const char *checksum;
+ char *tmp_location = NULL;
memcpy (timestamp_str_cdx , timestamp_str , 4); /* "YYYY" "-" */
memcpy (timestamp_str_cdx + 4, timestamp_str + 5, 2); /* "mm" "-" */
@@ -1382,18 +1383,19 @@ warc_write_cdx_record (const char *url, const char *timestamp_str,
if (mime_type == NULL || strlen(mime_type) == 0)
mime_type = "-";
if (redirect_location == NULL || strlen(redirect_location) == 0)
- redirect_location = "-";
+ tmp_location = strdup ("-");
else
- redirect_location = url_escape(redirect_location);
+ tmp_location = url_escape(redirect_location);
number_to_string (offset_string, offset);
/* Print the CDX line. */
fprintf (warc_current_cdx_file, "%s %s %s %s %d %s %s - %s %s %s\n", url,
timestamp_str_cdx, url, mime_type, response_code, checksum,
- redirect_location, offset_string, warc_current_filename,
+ tmp_location, offset_string, warc_current_filename,
response_uuid);
fflush (warc_current_cdx_file);
+ free (tmp_location);
return true;
}
--
2.17.1

View File

@ -0,0 +1,28 @@
commit fd85ac9cc623847e9d94d9f9241ab34e2c146cbf
Author: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Date: Thu Oct 25 17:39:52 2018 -0300
* src/host.c (sufmatch): Fix dot-prefixed domain matching
Current sufmatch does not match when domain is dot-prefixed.
The example of no_proxy in man (.mit.edu) does use a dot-prefixed
domain.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Copyright-paperwork-exempt: Yes
diff --git a/src/host.c b/src/host.c
index b42cd6e8..2bf848f3 100644
--- a/src/host.c
+++ b/src/host.c
@@ -1033,8 +1033,9 @@ sufmatch (const char **list, const char *what)
/* Domain or subdomain match
* k == -1: exact match
* k >= 0 && what[k] == '.': subdomain match
+ * k >= 0 && list[i][0] == '.': dot-prefixed subdomain match
*/
- if (j == -1 && (k == -1 || what[k] == '.'))
+ if (j == -1 && (k == -1 || what[k] == '.' || list[i][0] == '.'))
return true;
}

View File

@ -0,0 +1,285 @@
From dea0f6272889adcff846144fff5714c076067b16 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Thu, 7 Nov 2019 12:46:15 +0100
Subject: [PATCH 1/3] testenv: HTTPTest.begin() should return exit value
* testenv/test/http_test.py: Ensure that HTTPTest.begin() always retuns a value
Previously the HTTPTest.begin() method always returned None. However this is not consistent with the begin() implementation of the parent class (BaseTest). This change ensures that HTTPTest.begin() returns a value.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
testenv/test/http_test.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/testenv/test/http_test.py b/testenv/test/http_test.py
index fef0c2ef..462ac6e7 100644
--- a/testenv/test/http_test.py
+++ b/testenv/test/http_test.py
@@ -42,7 +42,7 @@ class HTTPTest(BaseTest):
print_green("Test Passed.")
else:
self.tests_passed = False
- super(HTTPTest, self).begin()
+ return super(HTTPTest, self).begin()
def instantiate_server_by(self, protocol):
server = {HTTP: HTTPd,
--
2.21.0
From 7fba12cf25ff7cc352f0f5df7d91670df7035823 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Thu, 7 Nov 2019 13:01:44 +0100
Subject: [PATCH 2/3] testenv: Allow definition of environment variables for
wget execuion
* testenv/README: Added description for new EnvironmentVariable hook
* testenv/conf/environment_variable.py: Added implementation of EnvironmentVariable hook
* testenv/test/base_test.py: Modified exec_wget() to enable use of EnvironmentVariable hook
Added new test hook called EnvironmentVariables, for defining environment variables when wget is executed in tests. This is handy for testing environment variables, which are accepted by wget.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
testenv/README | 3 +++
testenv/conf/environment_variables.py | 14 ++++++++++++++
testenv/test/base_test.py | 6 +++++-
3 files changed, 22 insertions(+), 1 deletion(-)
create mode 100644 testenv/conf/environment_variables.py
diff --git a/testenv/README b/testenv/README
index aca8cdda..d4fabddd 100644
--- a/testenv/README
+++ b/testenv/README
@@ -224,6 +224,9 @@ executed. The currently supported options are:
file. While all Download URL's are passed to Urls, a notable exception is
when in-url authentication is used. In such a case, the URL is specified in
the WgetCommands string.
+ * EnvironmentVariables: A dictionary with key-value items, which will be
+ defined as environment variables during the execution of wget command in
+ test.
Post-Test Hooks:
================================================================================
diff --git a/testenv/conf/environment_variables.py b/testenv/conf/environment_variables.py
new file mode 100644
index 00000000..323c051c
--- /dev/null
+++ b/testenv/conf/environment_variables.py
@@ -0,0 +1,14 @@
+from conf import hook
+
+""" Test Option: EnvironmentVariables
+This hook is used to define environment variables used for execution of wget
+command in test."""
+
+
+@hook(alias='EnvironmentVariables')
+class URLs:
+ def __init__(self, envs):
+ self.envs = envs
+
+ def __call__(self, test_obj):
+ test_obj.envs.update(**self.envs)
diff --git a/testenv/test/base_test.py b/testenv/test/base_test.py
index dbf4678f..04a6f748 100644
--- a/testenv/test/base_test.py
+++ b/testenv/test/base_test.py
@@ -51,6 +51,7 @@ class BaseTest:
self.wget_options = ''
self.urls = []
+ self.envs = dict()
self.tests_passed = True
self.ready = False
@@ -97,12 +98,15 @@ class BaseTest:
cmd_line = self.gen_cmd_line()
params = shlex.split(cmd_line)
print(params)
+ envs = {"HOME": os.getcwd()}
+ envs.update(**self.envs)
+ print(envs)
if os.getenv("SERVER_WAIT"):
time.sleep(float(os.getenv("SERVER_WAIT")))
try:
- ret_code = call(params, env={"HOME": os.getcwd()})
+ ret_code = call(params, env=envs)
except FileNotFoundError:
raise TestFailed("The Wget Executable does not exist at the "
"expected path.")
--
2.21.0
From 0d50becc19ba07f34157b2842ca97675cc95fc1a Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Thu, 7 Nov 2019 13:11:30 +0100
Subject: [PATCH 3/3] testenv: Add test for handling of no_proxy environment
variable
* testenv/Test-no_proxy-env.py: Added new test for no_proxy env
Added new test with 5 cases, which are testing various combinations of no_proxy environment variable definition and requested URLs
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
testenv/Test-no_proxy-env.py | 142 +++++++++++++++++++++++++++++++++++
1 file changed, 142 insertions(+)
create mode 100755 testenv/Test-no_proxy-env.py
diff --git a/testenv/Test-no_proxy-env.py b/testenv/Test-no_proxy-env.py
new file mode 100755
index 00000000..ea7f38c4
--- /dev/null
+++ b/testenv/Test-no_proxy-env.py
@@ -0,0 +1,142 @@
+#!/usr/bin/env python3
+from sys import exit
+from test.http_test import HTTPTest
+from test.base_test import HTTP
+from misc.wget_file import WgetFile
+
+"""
+ This test ensures, that domains with and without leftmost dot defined in
+ no_proxy environment variable are accepted by wget. The idea is to use
+ non-existing proxy server address and detect whether files are downloaded
+ when proxy settings are omitted based on no_proxy environment variable
+ value.
+
+ current wget's behavior:
+ - "no_proxy=.mit.edu"
+ - will match the domain and subdomains e.g. "www.mit.edu" or "www.subdomain.mit.edu" (Case #4)
+ - will NOT match the host "mit.edu" (Case #3)
+ - "no_proxy=mit.edu"
+ - will match the domain and subdomains e.g. "www.mit.edu" or "www.subdomain.mit.edu" (Case #2)
+ - will match the host "mit.edu" (Case #1)
+ - downside: can not match only the host
+"""
+# File Definitions
+File1 = "Would you like some Tea?"
+File2 = "With lemon or cream?"
+
+A_File = WgetFile ("File1", File1)
+B_File = WgetFile ("File2", File2)
+
+WGET_URLS = [["File1", "File2"]]
+WGET_ENVS = {
+ "http_proxy": "nonexisting.localhost:8080",
+ "no_proxy": "working1.localhost,.working2.localhost"
+}
+
+Servers = [HTTP]
+Files = [[A_File, B_File]]
+
+ExpectedReturnCodeWorking = 0
+ExpectedReturnCodeNotWorking = 4 # network error (non-existing proxy address)
+
+ExpectedDownloadedFilesWorking = [A_File, B_File]
+
+# Pre and Post Test Hooks
+test_options = {
+ "Urls" : WGET_URLS,
+ "EnvironmentVariables": WGET_ENVS
+}
+post_test_working = {
+ "ExpectedFiles" : ExpectedDownloadedFilesWorking,
+ "ExpectedRetcode" : ExpectedReturnCodeWorking
+}
+post_test_not_working = {
+ "ExpectedRetcode" : ExpectedReturnCodeNotWorking
+}
+
+# Case #1:
+# - Requested domain matches exactly the domain definition in no_proxy.
+# - Domain definition in no_proxy is NOT dot-prefixed
+# Expected result: proxy settings don't apply and files are downloaded.
+pre_case_1 = {
+ "ServerFiles" : Files,
+ "Domains" : ["working1.localhost"]
+}
+
+err_case_1 = HTTPTest (
+ pre_hook=pre_case_1,
+ test_params=test_options,
+ post_hook=post_test_working,
+ protocols=Servers
+).begin ()
+
+# Case #2:
+# - Requested domain is sub-domain of a domain definition in no_proxy.
+# - Domain definition in no_proxy is NOT dot-prefixed
+# Expected result: proxy settings don't apply and files are downloaded.
+pre_case_2 = {
+ "ServerFiles" : Files,
+ "Domains" : ["www.working1.localhost"]
+}
+
+err_case_2 = HTTPTest (
+ pre_hook=pre_case_2,
+ test_params=test_options,
+ post_hook=post_test_working,
+ protocols=Servers
+).begin ()
+
+# Case #3:
+# - Requested domain matches exactly the domain definition in no_proxy,
+# except for the leftmost dot (".") in no_proxy domain definition.
+# - Domain definition in no_proxy IS dot-prefixed
+# Expected result: proxy settings apply and files are downloaded. This is
+# due to the mismatch in leftmost dot.
+# NOTE: This is inconsistent with curl's behavior, but has less drawbacks.
+pre_case_3 = {
+ "ServerFiles" : Files,
+ "Domains" : ["working2.localhost"]
+}
+
+err_case_3 = HTTPTest (
+ pre_hook=pre_case_3,
+ test_params=test_options,
+ post_hook=post_test_not_working,
+ protocols=Servers
+).begin ()
+
+# Case #4:
+# - Requested domain is sub-domain of a domain definition in no_proxy.
+# - Domain definition in no_proxy IS dot-prefixed
+# Expected result: proxy settings don't apply and files are downloaded.
+pre_case_4 = {
+ "ServerFiles" : Files,
+ "Domains" : ["www.working2.localhost"]
+}
+
+err_case_4 = HTTPTest (
+ pre_hook=pre_case_4,
+ test_params=test_options,
+ post_hook=post_test_working,
+ protocols=Servers
+).begin ()
+
+# Case #5
+# - Requested domain does not match a domain definition in no_proxy.
+# - Requested domain is NOT sub-domain of a domain definition in no_proxy.
+# Expected result: proxy settings apply and files are NOT downloaded due to
+# network error when using proxy with non-existing URL.
+pre_case_5 = {
+ "ServerFiles" : Files,
+ "Domains" : ["www.example.localhost"]
+}
+
+err_case_5 = HTTPTest (
+ pre_hook=pre_case_5,
+ test_params=test_options,
+ post_hook=post_test_not_working,
+ protocols=Servers
+).begin ()
+
+# Combine error codes from all test cases
+exit (max(err_case_1, err_case_2, err_case_3, err_case_4, err_case_5))
--
2.21.0

675
SPECS/wget.spec Normal file
View File

@ -0,0 +1,675 @@
Summary: A utility for retrieving files using the HTTP or FTP protocols
Name: wget
Version: 1.19.5
Release: 10%{?dist}
License: GPLv3+
Group: Applications/Internet
Url: http://www.gnu.org/software/wget/
Source: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.gz
Patch1: wget-1.17-path.patch
Patch2: wget-1.19.5-Don-t-limit-the-test-suite-HTTPS-server-to-TLSv1.patch
Patch3: wget-1.19.5-covscan-important-issues.patch
Patch4: wget-1.19.5-Add-TLS-1.3-support-for-GnuTLS.patch
Patch5: wget-1.19.5-Enable-post-handshake-auth-under-gnutls-on-TLS1.3.patch
Patch6: wget-1.19.5-Dont-use-extended-attributes---xattr-by-default.patch
Patch7: wget-1.19.5-Dont-save-userpw-with---xattr.patch
# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17
Patch8: wget-1.19.5-CVE-2019-5953.patch
# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=fd85ac9cc623847e9d94d9f9241ab34e2c146cbf
Patch9: wget-1.19.5-no_proxy-dot-prefix.patch
Patch10: wget-1.19.5-no_proxy-tests.patch
# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=706e71564cadc7192ac21efbf51b661c967f35b5
Patch11: wget-1.19.5-ca-cert-too-verbose.patch
Provides: webclient
Provides: bundled(gnulib)
Requires(post): /sbin/install-info
Requires(preun): /sbin/install-info
# needed for test suite
BuildRequires: perl-HTTP-Daemon, python3
BuildRequires: gnutls-devel, pkgconfig, texinfo, gettext, autoconf, libidn2-devel, libuuid-devel, perl-podlators, libpsl-devel, libmetalink-devel, gpgme-devel, gcc, zlib-devel
%description
GNU Wget is a file retrieval utility which can use either the HTTP or
FTP protocols. Wget features include the ability to work in the
background while you are logged out, recursive retrieval of
directories, file name wildcard matching, remote file timestamp
storage and comparison, use of Rest with FTP servers and Range with
HTTP servers to retrieve files over slow or unstable connections,
support for Proxy servers, and configurability.
%prep
%setup -q
# modify the package string
sed -i "s|\(PACKAGE_STRING='wget .*\)'|\1 (Red Hat modified)'|" configure
grep "PACKAGE_STRING='wget .* (Red Hat modified)'" configure || exit 1
%patch1 -p1 -b .path
%patch2 -p1 -b .tlsv1_testsuite
%patch3 -p1 -b .covscan_imp_issues
%patch4 -p1 -b .tls1_3
%patch5 -p1 -b .post_auth_tls13
%patch6 -p1 -b .no_xattr_by_default
%patch7 -p1 -b .no_userpw_in_xattr
%patch8 -p1 -b .CVE-2019-5953
%patch9 -p1 -b .no_proxy-dot-prefix
%patch10 -p1 -b .no_proxy-test
%patch11 -p1 -b .too_verbose
%build
%configure \
--with-ssl=gnutls \
--with-libpsl \
--enable-largefile \
--enable-opie \
--enable-digest \
--enable-ntlm \
--enable-nls \
--enable-ipv6 \
--disable-rpath \
--with-metalink
make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT CFLAGS="$RPM_OPT_FLAGS"
rm -f $RPM_BUILD_ROOT/%{_infodir}/dir
%find_lang %{name}
%check
make check
%post
/sbin/install-info %{_infodir}/wget.info.gz %{_infodir}/dir || :
%preun
if [ "$1" = 0 ]; then
/sbin/install-info --delete %{_infodir}/wget.info.gz %{_infodir}/dir || :
fi
%clean
rm -rf $RPM_BUILD_ROOT
%files -f %{name}.lang
%defattr(-,root,root)
%doc AUTHORS MAILING-LIST NEWS README COPYING doc/sample.wgetrc
%config(noreplace) %{_sysconfdir}/wgetrc
%{_mandir}/man1/wget.*
%{_bindir}/wget
%{_infodir}/*
%changelog
* Tue Mar 31 2020 Tomas Hozza <thozza@redhat.com> - 1.19.5-10
- Fix wget being too verbose when using --no-verbose and --ca-certificate (#1807267)
* Thu Nov 21 2019 Tomáš Hozza <thozza@redhat.com> - 1.19.5-9
- Fix issue with dot-prefixed domain names in no_proxy ENV (#1763702)
* Sun Apr 07 2019 Tomas Hozza <thozza@redhat.com> - 1.19.5-8
- Fix CVE-2019-5953 (#1696736)
* Thu Jan 10 2019 Tomas Hozza <thozza@redhat.com> - 1.19.5-7
- Fix information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)
* Fri Oct 12 2018 Tomas Hozza <thozza@redhat.com> - 1.19.5-6
- Enable post handshake auth under gnutls on TLS1.3 (#1636903)
* Wed Oct 03 2018 Tomas Hozza <thozza@redhat.com> - 1.19.5-5
- Allow specification of TLSv1_3 in --secure-protocol option (#1623997)
* Wed Aug 29 2018 Tomas Hozza <thozza@redhat.com> - 1.19.5-4
- Add zlib-devel to BuildRequires to enable compression of WARC files (#1623004)
* Mon Aug 27 2018 Tomas Hozza <thozza@redhat.com> - 1.19.5-3
- Fixed resource leaks found by Coverity (#1602729)
* Fri Aug 10 2018 Tomas Hozza <thozza@redhat.com> - 1.19.5-2
- Fix FTBFS due to test suite HTTPS server forcing use of TLSv1 (#1611753)
* Wed May 09 2018 Tomas Hozza <thozza@redhat.com> - 1.19.5-1
- Update to 1.19.5 fixing CVE-2018-0494
* Thu Apr 26 2018 Tomas Hozza <thozza@redhat.com> - 1.19.4-3
- Added gcc as an explicit BuildRequires
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.19.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Jan 22 2018 Tomas Hozza <thozza@redhat.com> - 1.19.4-1
- Update to the latest upstream version
- Fix issue with decompressing with broken web servers (#1532233)
* Fri Dec 08 2017 Tomas Hozza <thozza@redhat.com> - 1.19.2-2
- Fix segfault when calling strchr in http.c (#1511562)
* Fri Oct 27 2017 Tomas Hozza <thozza@redhat.com> - 1.19.2-1
- Update to latest upstream version due to CVE-2017-13089 CVE-2017-13090
* Mon Oct 09 2017 Troy Dawson <tdawson@redhat.com> - 1.19.1-6
- Fix FTBFS (#1499876)
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.19.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.19.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Wed May 31 2017 Tomas Hozza <thozza@redhat.com> - 1.19.1-3
- Fixed use of .netrc (#1425097)
* Fri May 12 2017 Tomas Hozza <thozza@redhat.com> - 1.19.1-2
- Fix CVE-2017-6508 (#1429986)
* Thu Feb 16 2017 Tomas Hozza <thozza@redhat.com> - 1.19.1-1
- New upstream version 1.19.1 (#1421398)
* Fri Feb 10 2017 Tomas Hozza <thozza@redhat.com> - 1.19-1
- New upstream version 1.19 (#1419013)
- Use libidn2 instead of libidn (new upstream default)
* Tue Jul 26 2016 Tomas Hozza <thozza@redhat.com> - 1.18-2
- Switched openssl to gnutls for crypto
* Tue Jun 14 2016 Tomas Hozza <thozza@redhat.com> - 1.18-1
- Update to 1.18
* Wed May 18 2016 Filip Čáp <cap.filip.dev@gmail.com> - 1.17.1-4
- Added metalink support (#1321334)
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.17.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Mon Feb 01 2016 Adam Williamson <awilliam@redhat.com> - 1.17.1-2
- rebuild for new libpsl
* Mon Dec 14 2015 Tomas Hozza <thozza@redhat.com> - 1.17.1-1
- Update to 1.17.1
* Fri Nov 27 2015 Tomas Hozza <thozza@redhat.com> - 1.17-1
- Updated to 1.17 + added some additional upstream fixes
- Fixed hardening of wget executable (#1281829)
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.16.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Tue Mar 10 2015 Tomas Hozza <thozza@redhat.com> - 1.16.3-1
- update to 1.16.3
* Wed Mar 04 2015 Tomas Hozza <thozza@redhat.com> - 1.16.2-1
- update to 1.16.2
* Mon Jan 12 2015 Tomas Hozza <thozza@redhat.com> - 1.16.1-3
- Fix wget to accept 5 digit port numbers in epsv responses over ipv6 (#1180777)
* Tue Dec 16 2014 Tomas Hozza <thozza@redhat.com> - 1.16.1-2
- build wget with libpsl support (#1123616)
- Fix NULL pointer dereference in FTP code (#1169022)
* Thu Dec 11 2014 Tomas Hozza <thozza@redhat.com> - 1.16.1-1
- update to 1.16.1
* Tue Nov 18 2014 Tomas Hozza <thozza@redhat.com> - 1.16-3
- Fix the progress bar issue (#1159643)
* Mon Nov 03 2014 Jakub Čajka <jcajka@redhat.com> - 1.16-2
- fix failing tests idn-cmd-utf8 and idn-robots-utf8
- re-enabled tests
* Fri Oct 31 2014 Tomas Hozza <thozza@redhat.com> - 1.16-1
- update to 1.16
- fixes CVE-2014-4877
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.15-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Jan 22 2014 Tomas Hozza <thozza@redhat.com> - 1.15-1
- Update to 1.15
- Drop merged patches
* Mon Oct 21 2013 Tomas Hozza <thozza@redhat.com> - 1.14-11
- run test suite during the build
* Thu Oct 10 2013 Tomas Hozza <thozza@redhat.com> - 1.14-10
- remove excessive line for '-nv' option in the manpage (#1017106)
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.14-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jul 15 2013 Tomas Hozza <thozza@redhat.com> - 1.14-8
- Fix deadcode and possible use of NULL in vprintf (#913153)
- Add documentation for --regex-type and --preserve-permissions
- Fix --preserve-permissions to work as documented (and expected)
- Fix bug when authenticating using user:password@url syntax (#912358)
- Document and fix --backups option
* Wed Jul 10 2013 Tomas Hozza <thozza@redhat.com> - 1.14-7
- Fix double free of iri->orig_url (#981778)
* Mon Jun 24 2013 Tomas Hozza <thozza@redhat.com> - 1.14-6
- add missing options accept-regex and reject-regex to man page
- fix errors in texi2pod introduced in Perl-5.18
* Fri Feb 22 2013 Tomas Hozza <thozza@redhat.com> - 1.14-5
- Added BuildRequires: perl-podlators for pod2man
- Patched manpage to silent new Tex errors
- Resolves: (#914571)
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.14-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Oct 11 2012 Tomas Hozza <thozza@redhat.com> 1.14-3
- Added libuuid-devel to BuildRequires to use libuuid functions
in "src/warc.c" functions (#865421)
* Wed Oct 10 2012 Tomas Hozza <thozza@redhat.com> 1.14-2
- Added libidn-devel to BuildRequires to support IDN domains (#680394)
* Thu Aug 09 2012 Karsten Hopp <karsten@redhat.com> 1.14-1
- Update to wget-1.14
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.13.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue May 29 2012 Karsten Hopp <karsten@redhat.com> 1.13.4-4
- fix timeout if http server doesn't answer to SSL handshake (#860727)
* Tue May 15 2012 Karsten Hopp <karsten@redhat.com> 1.13.4-3
- add virtual provides per https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.13.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Fri Dec 16 2011 Jon Ciesla <limburgher@gmail.com> - 1.13.4-1
- New upstream, BZ 730286.
- Modified path patch.
- subjectAltNames patch upstreamed.
- Specified openssl at config time.
* Thu Jun 23 2011 Volker Fröhlich <volker27@gmx.at> - 1.12-4
- Applied patch to accept subjectAltNames in X509 certificates (#674186)
- New URL (#658969)
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Nov 18 2009 Karsten Hopp <karsten@redhat.com> 1.12-2
- don't provide /usr/share/info/dir
* Tue Nov 17 2009 Karsten Hopp <karsten@redhat.com> 1.12-1
- update to wget-1.12
- fixes CVE-2009-3490 wget: incorrect verification of SSL certificate
with NUL in name
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.11.4-5
- rebuilt with new openssl
* Mon Jul 27 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> 1.11.4-2
- rebuild with new openssl
* Wed Aug 13 2008 Karsten Hopp <karsten@redhat.com> 1.11.4-1
- update
* Wed Jun 04 2008 Karsten Hopp <karsten@redhat.com> 1.11.3-1
- wget-1.11.3, downgrades the combination of the -N and -O options
to a warning instead of an error
* Fri May 09 2008 Karsten Hopp <karsten@redhat.com> 1.11.2-1
- wget-1.11.2, fixes #179962
* Mon Mar 31 2008 Karsten Hopp <karsten@redhat.com> 1.11.1-1
- update to bugfix release 1.11.1, fixes p.e. #433606
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.11-2
- Autorebuild for GCC 4.3
* Tue Dec 04 2007 Karsten Hopp <karsten@redhat.com> 1.10.2-17
- rebuild to pick up new openssl SONAME
* Mon Aug 27 2007 Karsten Hopp <karsten@redhat.com> 1.10.2-16
- fix license tag
- rebuild
* Mon Feb 12 2007 Karsten Hopp <karsten@redhat.com> 1.10.2-15
- fix discarding of expired cookies
- escape non-printable characters
- drop to11 patch for now (#223754, #227853, #227498)
* Mon Feb 05 2007 Karsten Hopp <karsten@redhat.com> 1.10.2-14
- shut up rpmlint, even though xx isn't a macro
* Mon Feb 05 2007 Karsten Hopp <karsten@redhat.com> 1.10.2-13
- merge review changes (#226538)
- use version/release/... in buildroot tag
- remove BR perl
- use SMP flags
- use make install instead of %%makeinstall
- include copy of license
- use Requires(post)/Requires(preun)
- use optflags
- remove trailing dot from summary
- change tabs to spaces
* Thu Jan 18 2007 Karsten Hopp <karsten@redhat.com> 1.10.2-12
- don't abort (un)install scriptlets when _excludedocs is set (Ville Skyttä)
* Wed Jan 10 2007 Karsten Hopp <karsten@redhat.com> 1.10.2-11
- add fix for CVE-2006-6719
* Fri Dec 08 2006 Karsten Hopp <karsten@redhat.com> 1.10.2-10
- fix repeated downloads (Tomas Heinrich, #186195)
* Thu Dec 07 2006 Karsten Hopp <karsten@redhat.com> 1.10.2-9
- add distflag, rebuild
* Thu Dec 07 2006 Karsten Hopp <karsten@redhat.com> 1.10.2-8
- Resolves: #218211
fix double free corruption
* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 1.10.2-7
- rebuilt for unwind info generation, broken in gcc-4.1.1-21
* Mon Sep 25 2006 Karsten Hopp <karsten@redhat.de> 1.10.2-6
- fix resumed downloads (#205723)
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.10.2-5.1
- rebuild
* Thu Jun 29 2006 Karsten Hopp <karsten@redhat.de> 1.10.2-5
- updated german translations from Robert Scheck
* Tue Jun 27 2006 Karsten Hopp <karsten@redhat.de> 1.10.2-4
- upstream patches
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.10.2-3.2.1
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.10.2-3.2
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
* Thu Nov 10 2005 Tomas Mraz <tmraz@redhat.com> 1.10.2-3
- rebuilt against new openssl
* Tue Oct 25 2005 Karsten Hopp <karsten@redhat.de> 1.10.2-2
- use %%{_sysconfdir} (#171555)
* Sat Oct 15 2005 Florian La Roche <laroche@redhat.com>
- 1.10.2
* Thu Sep 08 2005 Karsten Hopp <karsten@redhat.de> 1.10.1-7
- fix builtin help of --load-cookies / --save-cookies (#165408)
* Wed Sep 07 2005 Karsten Hopp <karsten@redhat.de> 1.10.1-6
- convert changelog to UTF-8 (#159585)
* Mon Sep 05 2005 Karsten Hopp <karsten@redhat.de> 1.10.1-5
- update
- drop patches which are already in the upstream sources
* Wed Jul 13 2005 Karsten Hopp <karsten@redhat.de> 1.10-5
- update german translation
* Mon Jul 11 2005 Karsten Hopp <karsten@redhat.de> 1.10-4
- update german translation (Robert Scheck)
* Tue Jul 05 2005 Karsten Hopp <karsten@redhat.de> 1.10-3
- fix minor documentation bug
- fix --no-cookies crash
* Mon Jul 04 2005 Karsten Hopp <karsten@redhat.de> 1.10-2
- update to wget-1.10
- drop passive-ftp patch, already in 1.10
- drop CVS patch
- drop LFS patch, similar fix in 1.10
- drop protdir patch, similar fix in 1.10
- drop actime patch, already in 1.10
* Wed Mar 02 2005 Karsten Hopp <karsten@redhat.de> 1.9.1-22
- build with gcc-4
* Wed Feb 02 2005 Karsten Hopp <karsten@redhat.de> 1.9.1-21
- remove old copy of the manpage (#146875, #135597)
- fix garbage in manpage (#117519)
* Tue Feb 01 2005 Karsten Hopp <karsten@redhat.de> 1.9.1-20
- texi2pod doesn't handle texinfo xref's. rewrite some lines so that
the man page doesn't have incomplete sentences anymore (#140470)
* Mon Jan 31 2005 Karsten Hopp <karsten@redhat.de> 1.9.1-19
- Don't set actime to access time of the remote file or tmpwatch might
remove the file again (#146440). Set it to the current time instead.
timestamping checks only modtime, so this should be ok.
* Thu Jan 20 2005 Karsten Hopp <karsten@redhat.de> 1.9.1-18
- add support for --protocol-directories option as documented
in the man page (Ville Skyttä, #145571)
* Wed Sep 29 2004 Karsten Hopp <karsten@redhat.de> 1.9.1-17
- additional LFS patch from Leonid Petrov to fix file lengths in
http downloads
* Thu Sep 16 2004 Karsten Hopp <karsten@redhat.de> 1.9.1-16
- more fixes
* Tue Sep 14 2004 Karsten Hopp <karsten@redhat.de> 1.9.1-15
- added strtol fix from Leonid Petrov, reenable LFS
* Tue Sep 14 2004 Karsten Hopp <karsten@redhat.de> 1.9.1-14
- buildrequires gettext (#132519)
* Wed Sep 01 2004 Karsten Hopp <karsten@redhat.de> 1.9.1-13
- disable LFS patch for now, it breaks normal downloads (123524#c15)
* Tue Aug 31 2004 Karsten Hopp <karsten@redhat.de> 1.9.1-12
- move largefile stuff inside the configure script, it didn't
get appended to CFLAGS
* Tue Aug 31 2004 Karsten Hopp <karsten@redhat.de> 1.9.1-11
- rebuild
* Tue Aug 31 2004 Karsten Hopp <karsten@redhat.de> 1.9.1-10
- fix patch
* Sun Aug 29 2004 Karsten Hopp <karsten@redhat.de> 1.9.1-9
- more cleanups of the manpage (#117519)
* Fri Aug 27 2004 Karsten Hopp <karsten@redhat.de> 1.9.1-8
- rebuild
* Fri Aug 27 2004 Karsten Hopp <karsten@redhat.de> 1.9.1-7
- clean up manpage (#117519)
- buildrequire texinfo (#123780)
- LFS patch, based on wget-LFS-20040630.patch from Leonid Petrov
(#123524, #124628, #115348)
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Thu Mar 11 2004 Karsten Hopp <karsten@redhat.de> 1.9.1-3
- fix documentation (#117517)
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Fri Nov 28 2003 Karsten Hopp <karsten@redhat.de> 1.9.1-3
- update to -stable CVS
- document the passive ftp default
* Fri Nov 28 2003 Karsten Hopp <karsten@redhat.de> 1.9.1-2
- add patch from -stable CVS
* Fri Nov 28 2003 Karsten Hopp <karsten@redhat.de> 1.9.1-1
- update to 1.9.1
- remove obsolete patches
* Mon Aug 04 2003 Karsten Hopp <karsten@redhat.de> 1.8.2-15.3
- fix variable usage
* Tue Jul 22 2003 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-15.2
- rebuild
* Wed Jun 25 2003 Karsten Hopp <karsten@redhat.de> 1.8.2-15.1
- rebuilt
* Wed Jun 25 2003 Karsten Hopp <karsten@redhat.de> 1.8.2-15
- default to passive-ftp (#97996)
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Wed Jun 04 2003 Karsten Hopp <karsten@redhat.de> 1.8.2-13
- rebuild
* Wed Jun 04 2003 Karsten Hopp <karsten@redhat.de> 1.8.2-12
- merge debian patch for long URLs
- cleanup filename patch
* Sun May 11 2003 Karsten Hopp <karsten@redhat.de> 1.8.2-11
- rebuild
* Sun May 11 2003 Karsten Hopp <karsten@redhat.de> 1.8.2-10
- upstream fix off-by-one error
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
- rebuilt
* Tue Jan 7 2003 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-8
- rebuild
* Fri Dec 13 2002 Nalin Dahyabhai <nalin@redhat.com>
- use openssl pkg-config data, if present
- don't bomb out when building with newer openssl
* Thu Dec 12 2002 Tim Powers <timp@redhat.com> 1.8.2-7
- rebuild on all arches
* Tue Nov 19 2002 Tim Powers <timp@redhat.com>
- rebuild on all arches
* Fri Oct 4 2002 Karsten Hopp <karsten@redhat.de> 1.8.2-5
- fix directory traversal bug
* Wed Jul 24 2002 Trond Eivind Glomsrød <teg@redhat.com> 1.8.2-3
- Don't segfault when downloading URLs A-B-A (A-A-B worked) #49859
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Wed May 29 2002 Florian La Roche <Florian.LaRoche@redhat.de>
- update to 1.8.2 (bug-fix release)
* Thu May 23 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Mon Apr 29 2002 Florian La Roche <Florian.LaRoche@redhat.de>
- remove s390 patch, not needed anymore
* Wed Feb 27 2002 Trond Eivind Glomsrød <teg@redhat.com> 1.8.1-4
- Rebuild
* Wed Jan 09 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Fri Dec 28 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- add hack to not link against libmd5, even if available
* Fri Dec 28 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- update to 1.8.1
* Thu Dec 13 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- update to 1.8
- also include md5global to get it compile
* Sun Nov 18 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- update to 1.7.1
* Wed Sep 5 2001 Phil Knirsch <phil@redhat.de> 1.7-3
- Added va_args patch required for S390.
* Mon Sep 3 2001 Trond Eivind Glomsrød <teg@redhat.com> 1.7-2
- Configure with ssl support (duh - #53116)
- s/Copyright/License/
* Wed Jun 6 2001 Trond Eivind Glomsrød <teg@redhat.com>
- 1.7
- Require perl for building (to get man pages)
- Don't include the Japanese po file, it's now included
- Use %%{_tmppath}
- no patches necessary
- Make /etc/wgetrc noreplace
- More docs
* Tue Jan 30 2001 Trond Eivind Glomsrød <teg@redhat.com>
- Norwegian isn't a iso-8859-2 locale, neither is Danish.
This fixes #15025.
- langify
* Sat Jan 6 2001 Bill Nottingham <notting@redhat.com>
- escape %%xx characters before fnmatch (#23475, patch from alane@geeksrus.net)
* Fri Jan 5 2001 Bill Nottingham <notting@redhat.com>
- update to 1.6, fix patches accordingly (#23412)
- fix symlink patch (#23411)
* Mon Dec 18 2000 Yukihiro Nakai <ynakai@redhat.com>
- Add Japanese and Korean Resources
* Tue Aug 1 2000 Bill Nottingham <notting@redhat.com>
- setlocale for LC_CTYPE too, or else all the translations think their
characters are unprintable.
* Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
* Sun Jun 11 2000 Bill Nottingham <notting@redhat.com>
- build in new environment
* Mon Jun 5 2000 Bernhard Rosenkraenzer <bero@redhat.com>
- FHS compliance
* Thu Feb 3 2000 Bill Nottingham <notting@redhat.com>
- handle compressed man pages
* Thu Aug 26 1999 Jeff Johnson <jbj@redhat.com>
- don't permit chmod 777 on symlinks (#4725).
* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
- auto rebuild in the new build environment (release 4)
* Fri Dec 18 1998 Bill Nottingham <notting@redhat.com>
- build for 6.0 tree
- add Provides
* Sat Oct 10 1998 Cristian Gafton <gafton@redhat.com>
- strip binaries
- version 1.5.3
* Sat Jun 27 1998 Jeff Johnson <jbj@redhat.com>
- updated to 1.5.2
* Thu Apr 30 1998 Cristian Gafton <gafton@redhat.com>
- modified group to Applications/Networking
* Wed Apr 22 1998 Cristian Gafton <gafton@redhat.com>
- upgraded to 1.5.0
- they removed the man page from the distribution (Duh!) and I added it back
from 1.4.5. Hey, removing the man page is DUMB!
* Fri Nov 14 1997 Cristian Gafton <gafton@redhat.com>
- first build against glibc