pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/wget Update to 1.12. Add default-on idn option (se...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/6250cea8b68f
branches:  trunk
changeset: 401016:6250cea8b68f
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Sat Oct 31 02:29:14 2009 +0000

description:
Update to 1.12. Add default-on idn option (see fourth entry in ChangeLog
below).

** Mailing list MOVED to bug-wget%gnu.org@localhost

** SECURITY FIX: It had been possible to trick Wget into accepting
SSL certificates that don't match the host name, through the trick of
embedding NUL characters into the certs' common name. Fixed by Joao
Ferreira <joao%joaoff.com@localhost>.

** Added support for CSS. This includes:
     - Parsing links from CSS files, and from CSS content found in HTML
       style tags and attributes.
     - Supporting conversion of links found within CSS content, when
       --convert-links is specified.
     - Ensuring that CSS files end in the ".css" filename extension,
       when --convert-links is specified.

   CSS support in Wget is thanks to Ted Mielczarek
   <ted.mielczarek%gmail.com@localhost>.

** Added support for Internationalized Resource Identifiers (IRIs, RFC
3987). When support is enabled (requires libidn and libiconv), links
with non-ASCII bytes are translated from their source encoding to UTF-8
before percent-encoding.  IRI support was added by Saint Xavier
<wget%sxav.eu@localhost>, as his project for the Google Summer of Code.

** Wget now provides more sensible exit status codes when downloads
don't proceed as expected (see the manual).

** --default-page option (and associated wgetrc command) added to
support alternative default names for index.html.

** --ask-password option (and associated wgetrc command) added to
support password prompts at the console.

** The --input-file option now also handles retrieving links from
an external file.

** The output generated by the --version option now includes
information on how it was built, and the set of configure-time options
that were selected.

** --html-extension has been renamed to --adjust-extension, to reflect
the fact that it now also applies to CSS content. --html-extension is
still acceptable, but is now deprecated.

** An "ascii" specifier is now accepted by --restrict-file-names, which
forces the percent-encoding of all non-ASCII bytes

** Several previously existing, but undocumented .wgetrc options are
now documented: save_headers, spider, and user_agent,
auth_no_challenge, and keep_session_cookies. Also added documentation
for the "lowercase" and "uppercase" values for --restrict-file-names, which had been present since Wget 1.11.

diffstat:

 net/wget/Makefile         |   5 +--
 net/wget/PLIST            |   6 +++-
 net/wget/distinfo         |   9 ++---
 net/wget/options.mk       |  14 +++++++--
 net/wget/patches/patch-aa |  65 -----------------------------------------------
 5 files changed, 22 insertions(+), 77 deletions(-)

diffs (151 lines):

diff -r 3a0b12d9b808 -r 6250cea8b68f net/wget/Makefile
--- a/net/wget/Makefile Sat Oct 31 02:23:41 2009 +0000
+++ b/net/wget/Makefile Sat Oct 31 02:29:14 2009 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.100 2009/09/14 12:06:12 tron Exp $
+# $NetBSD: Makefile,v 1.101 2009/10/31 02:29:14 wiz Exp $
 
-DISTNAME=      wget-1.11.4
-PKGREVISION=   1
+DISTNAME=      wget-1.12
 CATEGORIES=    net
 MASTER_SITES=  ${MASTER_SITE_GNU:=wget/}
 
diff -r 3a0b12d9b808 -r 6250cea8b68f net/wget/PLIST
--- a/net/wget/PLIST    Sat Oct 31 02:23:41 2009 +0000
+++ b/net/wget/PLIST    Sat Oct 31 02:29:14 2009 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.14 2009/06/14 18:09:48 joerg Exp $
+@comment $NetBSD: PLIST,v 1.15 2009/10/31 02:29:14 wiz Exp $
 bin/wget
 info/wget.info
 man/man1/wget.1
@@ -10,7 +10,10 @@
 share/locale/da/LC_MESSAGES/wget.mo
 share/locale/de/LC_MESSAGES/wget.mo
 share/locale/el/LC_MESSAGES/wget.mo
+share/locale/en@boldquot/LC_MESSAGES/wget.mo
+share/locale/en@quot/LC_MESSAGES/wget.mo
 share/locale/en_GB/LC_MESSAGES/wget.mo
+share/locale/en_US/LC_MESSAGES/wget.mo
 share/locale/eo/LC_MESSAGES/wget.mo
 share/locale/es/LC_MESSAGES/wget.mo
 share/locale/et/LC_MESSAGES/wget.mo
@@ -25,6 +28,7 @@
 share/locale/id/LC_MESSAGES/wget.mo
 share/locale/it/LC_MESSAGES/wget.mo
 share/locale/ja/LC_MESSAGES/wget.mo
+share/locale/lt/LC_MESSAGES/wget.mo
 share/locale/nb/LC_MESSAGES/wget.mo
 share/locale/nl/LC_MESSAGES/wget.mo
 share/locale/pl/LC_MESSAGES/wget.mo
diff -r 3a0b12d9b808 -r 6250cea8b68f net/wget/distinfo
--- a/net/wget/distinfo Sat Oct 31 02:23:41 2009 +0000
+++ b/net/wget/distinfo Sat Oct 31 02:29:14 2009 +0000
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.34 2009/09/14 12:06:12 tron Exp $
+$NetBSD: distinfo,v 1.35 2009/10/31 02:29:14 wiz Exp $
 
-SHA1 (wget-1.11.4.tar.gz) = a78a3b71fd59504df3ff3dbc0a2195a1410e9eac
-RMD160 (wget-1.11.4.tar.gz) = 1cec99b073fcf64dd362977b0b88a55f8f47bbb8
-Size (wget-1.11.4.tar.gz) = 1475149 bytes
-SHA1 (patch-aa) = eb8852e90ba61f2672fb2eea16f6148e27a6ee2b
+SHA1 (wget-1.12.tar.gz) = 50d4ed2441e67db7aa5061d8a4dde41ee0e94248
+RMD160 (wget-1.12.tar.gz) = 232d0aa6fb36731c162d2b7374aa9ab59e671b7d
+Size (wget-1.12.tar.gz) = 2464747 bytes
diff -r 3a0b12d9b808 -r 6250cea8b68f net/wget/options.mk
--- a/net/wget/options.mk       Sat Oct 31 02:23:41 2009 +0000
+++ b/net/wget/options.mk       Sat Oct 31 02:29:14 2009 +0000
@@ -1,12 +1,20 @@
-# $NetBSD: options.mk,v 1.4 2005/12/05 23:55:15 rillig Exp $
+# $NetBSD: options.mk,v 1.5 2009/10/31 02:29:14 wiz Exp $
 
 PKG_OPTIONS_VAR=       PKG_OPTIONS.wget
-PKG_SUPPORTED_OPTIONS= inet6 ssl
-PKG_SUGGESTED_OPTIONS= ssl
+PKG_SUPPORTED_OPTIONS= idn inet6 ssl
+PKG_SUGGESTED_OPTIONS= idn ssl
 
 .include "../../mk/bsd.options.mk"
 
 ###
+### Support IDN
+###
+.if !empty(PKG_OPTIONS:Midn)
+.include "../../devel/libidn/buildlink3.mk"
+.include "../../converters/libiconv/buildlink3.mk"
+.endif
+
+###
 ### Support IPv6
 ###
 .if !empty(PKG_OPTIONS:Minet6)
diff -r 3a0b12d9b808 -r 6250cea8b68f net/wget/patches/patch-aa
--- a/net/wget/patches/patch-aa Sat Oct 31 02:23:41 2009 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-$NetBSD: patch-aa,v 1.9 2009/09/14 12:06:13 tron Exp $
-
-Fix for SA36540 (SSL certificate spoofing vulnerability) taken from here:
-
-http://hg.addictivecode.org/wget/mainline/rev/2d8c76a23e7d
-http://hg.addictivecode.org/wget/mainline/rev/f2d2ca32fd1b
-
---- src/openssl.c.orig 2008-04-27 05:48:23.000000000 +0100
-+++ src/openssl.c      2009-09-14 13:03:13.000000000 +0100
-@@ -561,9 +561,11 @@
-      - Ensure that ASN1 strings from the certificate are encoded as
-        UTF-8 which can be meaningfully compared to HOST.  */
- 
-+  X509_NAME *xname = X509_get_subject_name(cert);
-   common_name[0] = '\0';
--  X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
--                             NID_commonName, common_name, sizeof (common_name));
-+  X509_NAME_get_text_by_NID (xname, NID_commonName, common_name,
-+                             sizeof (common_name));
-+
-   if (!pattern_match (common_name, host))
-     {
-       logprintf (LOG_NOTQUIET, _("\
-@@ -571,6 +573,41 @@
-                  severity, escnonprint (common_name), escnonprint (host));
-       success = false;
-     }
-+  else
-+    {
-+      /* We now determine the length of the ASN1 string. If it differs from
-+       * common_name's length, then there is a \0 before the string terminates.
-+       * This can be an instance of a null-prefix attack.
-+       *
-+       * https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike
-+       * */
-+
-+      int i = -1, j;
-+      X509_NAME_ENTRY *xentry;
-+      ASN1_STRING *sdata;
-+
-+      if (xname) {
-+        for (;;)
-+          {
-+            j = X509_NAME_get_index_by_NID (xname, NID_commonName, i);
-+            if (j == -1) break;
-+            i = j;
-+          }
-+      }
-+
-+      xentry = X509_NAME_get_entry(xname,i);
-+      sdata = X509_NAME_ENTRY_get_data(xentry);
-+      if (strlen (common_name) != ASN1_STRING_length (sdata)) 
-+        {
-+          logprintf (LOG_NOTQUIET, _("\
-+%s: certificate common name is invalid (contains a NUL character).\n\
-+This may be an indication that the host is not who it claims to be\n\
-+(that is, it is not the real %s).\n"),
-+                     severity, escnonprint (host));
-+          success = false;
-+        }
-+    }
-+  
- 
-   if (success)
-     DEBUGP (("X509 certificate successfully verified and matches host %s\n",



Home | Main Index | Thread Index | Old Index