diff options
author | tron <tron> | 2010-11-23 08:22:46 +0000 |
---|---|---|
committer | tron <tron> | 2010-11-23 08:22:46 +0000 |
commit | 15f2330119925fb64d1f800700f7cf5ab49e53c6 (patch) | |
tree | ebd6d59e523a4796c7499bf8cf76399180634872 /net/wget | |
parent | 4820e0b0b64605d41f90f2e13e10f78863c052ae (diff) | |
download | pkgsrc-15f2330119925fb64d1f800700f7cf5ab49e53c6.tar.gz |
Add Debian's "wget" 1.12 backport of the fix for CVE-2010-2252.
Diffstat (limited to 'net/wget')
-rw-r--r-- | net/wget/Makefile | 3 | ||||
-rw-r--r-- | net/wget/distinfo | 8 | ||||
-rw-r--r-- | net/wget/patches/patch-aa | 65 | ||||
-rw-r--r-- | net/wget/patches/patch-ab | 21 | ||||
-rw-r--r-- | net/wget/patches/patch-ac | 18 | ||||
-rw-r--r-- | net/wget/patches/patch-ad | 27 | ||||
-rw-r--r-- | net/wget/patches/patch-ae | 18 | ||||
-rw-r--r-- | net/wget/patches/patch-af | 20 |
8 files changed, 178 insertions, 2 deletions
diff --git a/net/wget/Makefile b/net/wget/Makefile index ec0ae0ca94d..4c293792574 100644 --- a/net/wget/Makefile +++ b/net/wget/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.101 2009/10/31 02:29:14 wiz Exp $ +# $NetBSD: Makefile,v 1.102 2010/11/23 08:22:46 tron Exp $ DISTNAME= wget-1.12 +PKGREVISION= 1 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_GNU:=wget/} diff --git a/net/wget/distinfo b/net/wget/distinfo index e2888dee1fd..25ee0dc3967 100644 --- a/net/wget/distinfo +++ b/net/wget/distinfo @@ -1,5 +1,11 @@ -$NetBSD: distinfo,v 1.35 2009/10/31 02:29:14 wiz Exp $ +$NetBSD: distinfo,v 1.36 2010/11/23 08:22:46 tron Exp $ SHA1 (wget-1.12.tar.gz) = 50d4ed2441e67db7aa5061d8a4dde41ee0e94248 RMD160 (wget-1.12.tar.gz) = 232d0aa6fb36731c162d2b7374aa9ab59e671b7d Size (wget-1.12.tar.gz) = 2464747 bytes +SHA1 (patch-aa) = f3f3c4f5aac5aac9c93dcc9f9a5d4e8e438192fd +SHA1 (patch-ab) = 0c9a4ace8bd119718013efd175d00232b655cb0d +SHA1 (patch-ac) = 4a1f6c08a15d76610cd1aa5e50c165e1c43017ac +SHA1 (patch-ad) = f1c32ea0921c455fc48ec153032221e156c785a1 +SHA1 (patch-ae) = 9a17a2ecf2e73c8d678bbe3e507002a64258ce40 +SHA1 (patch-af) = eaccff4347cec71d1951624a05f36975996fb4db diff --git a/net/wget/patches/patch-aa b/net/wget/patches/patch-aa new file mode 100644 index 00000000000..e036e201973 --- /dev/null +++ b/net/wget/patches/patch-aa @@ -0,0 +1,65 @@ +$NetBSD: patch-aa,v 1.11 2010/11/23 08:22:47 tron Exp $ + +Back port of patch for CVE-2010-2252 for to version 1.12 of "wget" taken +from Debian: + +http://packages.debian.org/sid/wget +http://ftp.de.debian.org/debian/pool/main/w/wget/wget_1.12-2.1.debian.tar.gz + +--- src/http.c.orig 2009-09-22 04:02:18.000000000 +0100 ++++ src/http.c 2010-11-22 18:53:25.000000000 +0000 +@@ -2410,8 +2410,9 @@ + /* The genuine HTTP loop! This is the part where the retrieval is + retried, and retried, and retried, and... */ + uerr_t +-http_loop (struct url *u, char **newloc, char **local_file, const char *referer, +- int *dt, struct url *proxy, struct iri *iri) ++http_loop (struct url *u, struct url *original_url, char **newloc, ++ char **local_file, const char *referer, int *dt, struct url *proxy, ++ struct iri *iri) + { + int count; + bool got_head = false; /* used for time-stamping and filename detection */ +@@ -2457,7 +2458,8 @@ + } + else if (!opt.content_disposition) + { +- hstat.local_file = url_file_name (u); ++ hstat.local_file = ++ url_file_name (opt.trustservernames ? u : original_url); + got_name = true; + } + +@@ -2497,7 +2499,7 @@ + + /* Send preliminary HEAD request if -N is given and we have an existing + * destination file. */ +- file_name = url_file_name (u); ++ file_name = url_file_name (opt.trustservernames ? u : original_url); + if (opt.timestamping + && !opt.content_disposition + && file_exists_p (file_name)) +@@ -2852,9 +2854,9 @@ + + /* Remember that we downloaded the file for later ".orig" code. */ + if (*dt & ADDED_HTML_EXTENSION) +- downloaded_file(FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file); ++ downloaded_file (FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file); + else +- downloaded_file(FILE_DOWNLOADED_NORMALLY, hstat.local_file); ++ downloaded_file (FILE_DOWNLOADED_NORMALLY, hstat.local_file); + + ret = RETROK; + goto exit; +@@ -2885,9 +2887,9 @@ + + /* Remember that we downloaded the file for later ".orig" code. */ + if (*dt & ADDED_HTML_EXTENSION) +- downloaded_file(FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file); ++ downloaded_file (FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file); + else +- downloaded_file(FILE_DOWNLOADED_NORMALLY, hstat.local_file); ++ downloaded_file (FILE_DOWNLOADED_NORMALLY, hstat.local_file); + + ret = RETROK; + goto exit; diff --git a/net/wget/patches/patch-ab b/net/wget/patches/patch-ab new file mode 100644 index 00000000000..9e7aa959d28 --- /dev/null +++ b/net/wget/patches/patch-ab @@ -0,0 +1,21 @@ +$NetBSD: patch-ab,v 1.9 2010/11/23 08:22:47 tron Exp $ + +Back port of patch for CVE-2010-2252 for to version 1.12 of "wget" taken +from Debian: + +http://packages.debian.org/sid/wget +http://ftp.de.debian.org/debian/pool/main/w/wget/wget_1.12-2.1.debian.tar.gz + +--- src/http.h.orig 2009-09-04 17:31:54.000000000 +0100 ++++ src/http.h 2010-11-22 18:53:25.000000000 +0000 +@@ -33,8 +33,8 @@ + + struct url; + +-uerr_t http_loop (struct url *, char **, char **, const char *, int *, +- struct url *, struct iri *); ++uerr_t http_loop (struct url *, struct url *, char **, char **, const char *, ++ int *, struct url *, struct iri *); + void save_cookies (void); + void http_cleanup (void); + time_t http_atotm (const char *); diff --git a/net/wget/patches/patch-ac b/net/wget/patches/patch-ac new file mode 100644 index 00000000000..627e98e44ba --- /dev/null +++ b/net/wget/patches/patch-ac @@ -0,0 +1,18 @@ +$NetBSD: patch-ac,v 1.11 2010/11/23 08:22:47 tron Exp $ + +Back port of patch for CVE-2010-2252 for to version 1.12 of "wget" taken +from Debian: + +http://packages.debian.org/sid/wget +http://ftp.de.debian.org/debian/pool/main/w/wget/wget_1.12-2.1.debian.tar.gz + +--- src/init.c.orig 2009-09-22 04:02:41.000000000 +0100 ++++ src/init.c 2010-11-22 18:53:25.000000000 +0000 +@@ -243,6 +243,7 @@ + { "timeout", NULL, cmd_spec_timeout }, + { "timestamping", &opt.timestamping, cmd_boolean }, + { "tries", &opt.ntry, cmd_number_inf }, ++ { "trustservernames", &opt.trustservernames, cmd_boolean }, + { "useproxy", &opt.use_proxy, cmd_boolean }, + { "user", &opt.user, cmd_string }, + { "useragent", NULL, cmd_spec_useragent }, diff --git a/net/wget/patches/patch-ad b/net/wget/patches/patch-ad new file mode 100644 index 00000000000..645443ffbfc --- /dev/null +++ b/net/wget/patches/patch-ad @@ -0,0 +1,27 @@ +$NetBSD: patch-ad,v 1.10 2010/11/23 08:22:47 tron Exp $ + +Back port of patch for CVE-2010-2252 for to version 1.12 of "wget" taken +from Debian: + +http://packages.debian.org/sid/wget +http://ftp.de.debian.org/debian/pool/main/w/wget/wget_1.12-2.1.debian.tar.gz + +--- src/main.c.orig 2009-09-22 04:03:11.000000000 +0100 ++++ src/main.c 2010-11-22 18:53:25.000000000 +0000 +@@ -266,6 +266,7 @@ + { "timeout", 'T', OPT_VALUE, "timeout", -1 }, + { "timestamping", 'N', OPT_BOOLEAN, "timestamping", -1 }, + { "tries", 't', OPT_VALUE, "tries", -1 }, ++ { "trust-server-names", 0, OPT_BOOLEAN, "trustservernames", -1 }, + { "user", 0, OPT_VALUE, "user", -1 }, + { "user-agent", 'U', OPT_VALUE, "useragent", -1 }, + { "verbose", 'v', OPT_BOOLEAN, "verbose", -1 }, +@@ -675,6 +676,8 @@ + N_("\ + -I, --include-directories=LIST list of allowed directories.\n"), + N_("\ ++ --trust-server-names use the name specified by the redirection url last component.\n"), ++ N_("\ + -X, --exclude-directories=LIST list of excluded directories.\n"), + N_("\ + -np, --no-parent don't ascend to the parent directory.\n"), diff --git a/net/wget/patches/patch-ae b/net/wget/patches/patch-ae new file mode 100644 index 00000000000..05a6b04531b --- /dev/null +++ b/net/wget/patches/patch-ae @@ -0,0 +1,18 @@ +$NetBSD: patch-ae,v 1.8 2010/11/23 08:22:47 tron Exp $ + +Back port of patch for CVE-2010-2252 for to version 1.12 of "wget" taken +from Debian: + +http://packages.debian.org/sid/wget +http://ftp.de.debian.org/debian/pool/main/w/wget/wget_1.12-2.1.debian.tar.gz + +--- src/options.h.orig 2009-09-22 04:03:47.000000000 +0100 ++++ src/options.h 2010-11-22 18:53:25.000000000 +0000 +@@ -242,6 +242,7 @@ + char *encoding_remote; + char *locale; + ++ bool trustservernames; + #ifdef __VMS + int ftp_stmlf; /* Force Stream_LF format for binary FTP. */ + #endif /* def __VMS */ diff --git a/net/wget/patches/patch-af b/net/wget/patches/patch-af new file mode 100644 index 00000000000..d4179795123 --- /dev/null +++ b/net/wget/patches/patch-af @@ -0,0 +1,20 @@ +$NetBSD: patch-af,v 1.6 2010/11/23 08:22:47 tron Exp $ + +Back port of patch for CVE-2010-2252 for to version 1.12 of "wget" taken +from Debian: + +http://packages.debian.org/sid/wget +http://ftp.de.debian.org/debian/pool/main/w/wget/wget_1.12-2.1.debian.tar.gz + +--- src/retr.c.orig 2009-09-04 17:31:54.000000000 +0100 ++++ src/retr.c 2010-11-22 18:53:25.000000000 +0000 +@@ -689,7 +689,8 @@ + #endif + || (proxy_url && proxy_url->scheme == SCHEME_HTTP)) + { +- result = http_loop (u, &mynewloc, &local_file, refurl, dt, proxy_url, iri); ++ result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt, ++ proxy_url, iri); + } + else if (u->scheme == SCHEME_FTP) + { |