diff options
author | wiz <wiz@pkgsrc.org> | 2009-10-31 02:29:14 +0000 |
---|---|---|
committer | wiz <wiz@pkgsrc.org> | 2009-10-31 02:29:14 +0000 |
commit | 622ca94e089e4fc13999ff8311378a6e40ce18fd (patch) | |
tree | e5200c6833080123f81f7bdffef6aff230611300 /net | |
parent | 8d4785dd67d08a4e35ace5b53a5a9677cacb9fc6 (diff) | |
download | pkgsrc-622ca94e089e4fc13999ff8311378a6e40ce18fd.tar.gz |
Update to 1.12. Add default-on idn option (see fourth entry in ChangeLog
below).
** Mailing list MOVED to bug-wget@gnu.org
** SECURITY FIX: It had been possible to trick Wget into accepting
SSL certificates that don't match the host name, through the trick of
embedding NUL characters into the certs' common name. Fixed by Joao
Ferreira <joao@joaoff.com>.
** Added support for CSS. This includes:
- Parsing links from CSS files, and from CSS content found in HTML
style tags and attributes.
- Supporting conversion of links found within CSS content, when
--convert-links is specified.
- Ensuring that CSS files end in the ".css" filename extension,
when --convert-links is specified.
CSS support in Wget is thanks to Ted Mielczarek
<ted.mielczarek@gmail.com>.
** Added support for Internationalized Resource Identifiers (IRIs, RFC
3987). When support is enabled (requires libidn and libiconv), links
with non-ASCII bytes are translated from their source encoding to UTF-8
before percent-encoding. IRI support was added by Saint Xavier
<wget@sxav.eu>, as his project for the Google Summer of Code.
** Wget now provides more sensible exit status codes when downloads
don't proceed as expected (see the manual).
** --default-page option (and associated wgetrc command) added to
support alternative default names for index.html.
** --ask-password option (and associated wgetrc command) added to
support password prompts at the console.
** The --input-file option now also handles retrieving links from
an external file.
** The output generated by the --version option now includes
information on how it was built, and the set of configure-time options
that were selected.
** --html-extension has been renamed to --adjust-extension, to reflect
the fact that it now also applies to CSS content. --html-extension is
still acceptable, but is now deprecated.
** An "ascii" specifier is now accepted by --restrict-file-names, which
forces the percent-encoding of all non-ASCII bytes
** Several previously existing, but undocumented .wgetrc options are
now documented: save_headers, spider, and user_agent,
auth_no_challenge, and keep_session_cookies. Also added documentation
for the "lowercase" and "uppercase" values for --restrict-file-names, which had been present since Wget 1.11.
Diffstat (limited to 'net')
-rw-r--r-- | net/wget/Makefile | 5 | ||||
-rw-r--r-- | net/wget/PLIST | 6 | ||||
-rw-r--r-- | net/wget/distinfo | 9 | ||||
-rw-r--r-- | net/wget/options.mk | 14 | ||||
-rw-r--r-- | net/wget/patches/patch-aa | 65 |
5 files changed, 22 insertions, 77 deletions
diff --git a/net/wget/Makefile b/net/wget/Makefile index 80fc054d478..ec0ae0ca94d 100644 --- a/net/wget/Makefile +++ b/net/wget/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.100 2009/09/14 12:06:12 tron Exp $ +# $NetBSD: Makefile,v 1.101 2009/10/31 02:29:14 wiz Exp $ -DISTNAME= wget-1.11.4 -PKGREVISION= 1 +DISTNAME= wget-1.12 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_GNU:=wget/} diff --git a/net/wget/PLIST b/net/wget/PLIST index bfe88f2ab94..42af497bc16 100644 --- a/net/wget/PLIST +++ b/net/wget/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.14 2009/06/14 18:09:48 joerg Exp $ +@comment $NetBSD: PLIST,v 1.15 2009/10/31 02:29:14 wiz Exp $ bin/wget info/wget.info man/man1/wget.1 @@ -10,7 +10,10 @@ share/locale/cs/LC_MESSAGES/wget.mo share/locale/da/LC_MESSAGES/wget.mo share/locale/de/LC_MESSAGES/wget.mo share/locale/el/LC_MESSAGES/wget.mo +share/locale/en@boldquot/LC_MESSAGES/wget.mo +share/locale/en@quot/LC_MESSAGES/wget.mo share/locale/en_GB/LC_MESSAGES/wget.mo +share/locale/en_US/LC_MESSAGES/wget.mo share/locale/eo/LC_MESSAGES/wget.mo share/locale/es/LC_MESSAGES/wget.mo share/locale/et/LC_MESSAGES/wget.mo @@ -25,6 +28,7 @@ share/locale/hu/LC_MESSAGES/wget.mo share/locale/id/LC_MESSAGES/wget.mo share/locale/it/LC_MESSAGES/wget.mo share/locale/ja/LC_MESSAGES/wget.mo +share/locale/lt/LC_MESSAGES/wget.mo share/locale/nb/LC_MESSAGES/wget.mo share/locale/nl/LC_MESSAGES/wget.mo share/locale/pl/LC_MESSAGES/wget.mo diff --git a/net/wget/distinfo b/net/wget/distinfo index 1d405716bf9..e2888dee1fd 100644 --- a/net/wget/distinfo +++ b/net/wget/distinfo @@ -1,6 +1,5 @@ -$NetBSD: distinfo,v 1.34 2009/09/14 12:06:12 tron Exp $ +$NetBSD: distinfo,v 1.35 2009/10/31 02:29:14 wiz Exp $ -SHA1 (wget-1.11.4.tar.gz) = a78a3b71fd59504df3ff3dbc0a2195a1410e9eac -RMD160 (wget-1.11.4.tar.gz) = 1cec99b073fcf64dd362977b0b88a55f8f47bbb8 -Size (wget-1.11.4.tar.gz) = 1475149 bytes -SHA1 (patch-aa) = eb8852e90ba61f2672fb2eea16f6148e27a6ee2b +SHA1 (wget-1.12.tar.gz) = 50d4ed2441e67db7aa5061d8a4dde41ee0e94248 +RMD160 (wget-1.12.tar.gz) = 232d0aa6fb36731c162d2b7374aa9ab59e671b7d +Size (wget-1.12.tar.gz) = 2464747 bytes diff --git a/net/wget/options.mk b/net/wget/options.mk index c93710150f4..de24dbc5251 100644 --- a/net/wget/options.mk +++ b/net/wget/options.mk @@ -1,12 +1,20 @@ -# $NetBSD: options.mk,v 1.4 2005/12/05 23:55:15 rillig Exp $ +# $NetBSD: options.mk,v 1.5 2009/10/31 02:29:14 wiz Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.wget -PKG_SUPPORTED_OPTIONS= inet6 ssl -PKG_SUGGESTED_OPTIONS= ssl +PKG_SUPPORTED_OPTIONS= idn inet6 ssl +PKG_SUGGESTED_OPTIONS= idn ssl .include "../../mk/bsd.options.mk" ### +### Support IDN +### +.if !empty(PKG_OPTIONS:Midn) +.include "../../devel/libidn/buildlink3.mk" +.include "../../converters/libiconv/buildlink3.mk" +.endif + +### ### Support IPv6 ### .if !empty(PKG_OPTIONS:Minet6) diff --git a/net/wget/patches/patch-aa b/net/wget/patches/patch-aa deleted file mode 100644 index b511b81d038..00000000000 --- a/net/wget/patches/patch-aa +++ /dev/null @@ -1,65 +0,0 @@ -$NetBSD: patch-aa,v 1.9 2009/09/14 12:06:13 tron Exp $ - -Fix for SA36540 (SSL certificate spoofing vulnerability) taken from here: - -http://hg.addictivecode.org/wget/mainline/rev/2d8c76a23e7d -http://hg.addictivecode.org/wget/mainline/rev/f2d2ca32fd1b - ---- src/openssl.c.orig 2008-04-27 05:48:23.000000000 +0100 -+++ src/openssl.c 2009-09-14 13:03:13.000000000 +0100 -@@ -561,9 +561,11 @@ - - Ensure that ASN1 strings from the certificate are encoded as - UTF-8 which can be meaningfully compared to HOST. */ - -+ X509_NAME *xname = X509_get_subject_name(cert); - common_name[0] = '\0'; -- X509_NAME_get_text_by_NID (X509_get_subject_name (cert), -- NID_commonName, common_name, sizeof (common_name)); -+ X509_NAME_get_text_by_NID (xname, NID_commonName, common_name, -+ sizeof (common_name)); -+ - if (!pattern_match (common_name, host)) - { - logprintf (LOG_NOTQUIET, _("\ -@@ -571,6 +573,41 @@ - severity, escnonprint (common_name), escnonprint (host)); - success = false; - } -+ else -+ { -+ /* We now determine the length of the ASN1 string. If it differs from -+ * common_name's length, then there is a \0 before the string terminates. -+ * This can be an instance of a null-prefix attack. -+ * -+ * https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike -+ * */ -+ -+ int i = -1, j; -+ X509_NAME_ENTRY *xentry; -+ ASN1_STRING *sdata; -+ -+ if (xname) { -+ for (;;) -+ { -+ j = X509_NAME_get_index_by_NID (xname, NID_commonName, i); -+ if (j == -1) break; -+ i = j; -+ } -+ } -+ -+ xentry = X509_NAME_get_entry(xname,i); -+ sdata = X509_NAME_ENTRY_get_data(xentry); -+ if (strlen (common_name) != ASN1_STRING_length (sdata)) -+ { -+ logprintf (LOG_NOTQUIET, _("\ -+%s: certificate common name is invalid (contains a NUL character).\n\ -+This may be an indication that the host is not who it claims to be\n\ -+(that is, it is not the real %s).\n"), -+ severity, escnonprint (host)); -+ success = false; -+ } -+ } -+ - - if (success) - DEBUGP (("X509 certificate successfully verified and matches host %s\n", |