Updated core/wget

2024-11-18 22:54:00 +00:00 · 2011-02-21 12:19:08 -05:00 · 2011-02-21 12:19:08 -05:00 · a074999829
commit a074999829
parent 136049b8f7
2 changed files with 182 additions and 12 deletions
--- a/core/wget/PKGBUILD
+++ b/core/wget/PKGBUILD
@ -1,15 +1,17 @@
-# Maintainer: Mike Staszel <mikestaszel@plugboxlinux.org>
+# $Id: PKGBUILD 110501 2011-02-19 17:08:52Z angvp $
+# Maintainer: Allan McRae <allan@archlinux.org>
 # Contributor: Judd Vinet <jvinet@zeroflux.org>
+# Maintainer: Mike Staszel <mikestaszel@plugboxlinux.org>

 # Plugbox changes: ONLY added libidn and libsigsegv to depends,
-#                  Had to bump pkgrel to 3 as a result
+
+plugrel=1

 pkgname=wget
 pkgver=1.12
-pkgrel=3
-plugrel=1
+pkgrel=4
 pkgdesc="A network utility to retrieve files from the Web"
-arch=('arm')
+arch=('i686' 'x86_64')
 url="http://www.gnu.org/software/wget/wget.html"
 license=('GPL3')
 groups=('base')
@ -17,16 +19,29 @@ depends=('glibc' 'openssl' 'libidn' 'libsigsegv')
 optdepends=('ca-certificates: HTTPS downloads')
 backup=('etc/wgetrc')
 install=wget.install
-source=(ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz)
-md5sums=('141461b9c04e454dc8933c9d1f2abf83')
+source=(ftp://ftp.gnu.org/gnu/${pkgname}/${pkgname}-${pkgver}.tar.gz
+        wget-1.12-CVE-2010-2252.patch)
+md5sums=('141461b9c04e454dc8933c9d1f2abf83'
+         '2c8bc23eff98fd4efc3f96394fc8e61e')

 build() {
-  cd ${srcdir}/$pkgname-$pkgver
-  ./configure --prefix=/usr --sysconfdir=/etc
-  make || return 1
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  
+  # Fix arbitrary file overwrite via 3xx redirect (CVE-2010-2252)
+  patch -Np1 -i ../wget-1.12-CVE-2010-2252.patch
+
+  ./configure -with-ssl --prefix=/usr --sysconfdir=/etc
+  make
 }

 package() {
-  cd ${srcdir}/$pkgname-$pkgver
-  make DESTDIR=${pkgdir} install
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  make DESTDIR="${pkgdir}" install
+  
+  cat > "$pkgdir/etc/wgetrc" <<EOF
+
+# default root certs location
+ca_certificate=/etc/ssl/certs/ca-certificates.crt
+EOF
+
 }
--- a/core/wget/wget-1.12-CVE-2010-2252.patch
+++ b/core/wget/wget-1.12-CVE-2010-2252.patch
@ -0,0 +1,155 @@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget~/doc/wget.texi wget/doc/wget.texi
+--- wget~/doc/wget.texi	2010-09-05 15:32:44.000000000 +0200
+++ wget/doc/wget.texi	2010-09-05 15:32:44.000000000 +0200
+@@ -1487,6 +1487,13 @@
+ @code{Content-Disposition} headers to describe what the name of a
+ downloaded file should be.
+ 
+@cindex Trust server names
+@item --trust-server-names
+
+If this is set to on, on a redirect the last component of the
+redirection URL will be used as the local file name.  By default it is
+used the last component in the original URL.
+
+ @cindex authentication
+ @item --auth-no-challenge
+ 
+@@ -2797,6 +2804,10 @@
+ Turn on recognition of the (non-standard) @samp{Content-Disposition}
+ HTTP header---if set to @samp{on}, the same as @samp{--content-disposition}.
+ 
+@item trust_server_names = on/off
+If set to on, use the last component of a redirection URL for the local
+file name.
+
+ @item continue = on/off
+ If set to on, force continuation of preexistent partially retrieved
+ files.  See @samp{-c} before setting it.
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget~/src/http.c wget/src/http.c
+--- wget~/src/http.c	2010-09-05 15:30:22.000000000 +0200
+++ wget/src/http.c	2010-09-05 15:32:44.000000000 +0200
+@@ -2410,8 +2410,9 @@
+ /* The genuine HTTP loop!  This is the part where the retrieval is
+    retried, and retried, and retried, and...  */
+ uerr_t
+-http_loop (struct url *u, char **newloc, char **local_file, const char *referer,
+-           int *dt, struct url *proxy, struct iri *iri)
+http_loop (struct url *u, struct url *original_url, char **newloc,
+           char **local_file, const char *referer, int *dt, struct url *proxy,
+           struct iri *iri)
+ {
+   int count;
+   bool got_head = false;         /* used for time-stamping and filename detection */
+@@ -2457,7 +2458,8 @@
+     }
+   else if (!opt.content_disposition)
+     {
+-      hstat.local_file = url_file_name (u);
+      hstat.local_file =
+        url_file_name (opt.trustservernames ? u : original_url);
+       got_name = true;
+     }
+ 
+@@ -2497,7 +2499,7 @@
+ 
+   /* Send preliminary HEAD request if -N is given and we have an existing
+    * destination file. */
+-  file_name = url_file_name (u);
+  file_name = url_file_name (opt.trustservernames ? u : original_url);
+   if (opt.timestamping
+       && !opt.content_disposition
+       && file_exists_p (file_name))
+@@ -2852,9 +2854,9 @@
+ 
+           /* Remember that we downloaded the file for later ".orig" code. */
+           if (*dt & ADDED_HTML_EXTENSION)
+-            downloaded_file(FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
+            downloaded_file (FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
+           else
+-            downloaded_file(FILE_DOWNLOADED_NORMALLY, hstat.local_file);
+            downloaded_file (FILE_DOWNLOADED_NORMALLY, hstat.local_file);
+ 
+           ret = RETROK;
+           goto exit;
+@@ -2885,9 +2887,9 @@
+ 
+               /* Remember that we downloaded the file for later ".orig" code. */
+               if (*dt & ADDED_HTML_EXTENSION)
+-                downloaded_file(FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
+                downloaded_file (FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
+               else
+-                downloaded_file(FILE_DOWNLOADED_NORMALLY, hstat.local_file);
+                downloaded_file (FILE_DOWNLOADED_NORMALLY, hstat.local_file);
+ 
+               ret = RETROK;
+               goto exit;
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget~/src/http.h wget/src/http.h
+--- wget~/src/http.h	2010-09-05 15:30:22.000000000 +0200
+++ wget/src/http.h	2010-09-05 15:32:44.000000000 +0200
+@@ -33,8 +33,8 @@
+ 
+ struct url;
+ 
+-uerr_t http_loop (struct url *, char **, char **, const char *, int *,
+-		  struct url *, struct iri *);
+uerr_t http_loop (struct url *, struct url *, char **, char **, const char *,
+                  int *, struct url *, struct iri *);
+ void save_cookies (void);
+ void http_cleanup (void);
+ time_t http_atotm (const char *);
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget~/src/init.c wget/src/init.c
+--- wget~/src/init.c	2010-09-05 15:30:22.000000000 +0200
+++ wget/src/init.c	2010-09-05 15:32:44.000000000 +0200
+@@ -243,6 +243,7 @@
+   { "timeout",          NULL,                   cmd_spec_timeout },
+   { "timestamping",     &opt.timestamping,      cmd_boolean },
+   { "tries",            &opt.ntry,              cmd_number_inf },
+  { "trustservernames", &opt.trustservernames,  cmd_boolean },
+   { "useproxy",         &opt.use_proxy,         cmd_boolean },
+   { "user",             &opt.user,              cmd_string },
+   { "useragent",        NULL,                   cmd_spec_useragent },
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget~/src/main.c wget/src/main.c
+--- wget~/src/main.c	2010-09-05 15:30:22.000000000 +0200
+++ wget/src/main.c	2010-09-05 15:32:44.000000000 +0200
+@@ -266,6 +266,7 @@
+     { "timeout", 'T', OPT_VALUE, "timeout", -1 },
+     { "timestamping", 'N', OPT_BOOLEAN, "timestamping", -1 },
+     { "tries", 't', OPT_VALUE, "tries", -1 },
+    { "trust-server-names", 0, OPT_BOOLEAN, "trustservernames", -1 },
+     { "user", 0, OPT_VALUE, "user", -1 },
+     { "user-agent", 'U', OPT_VALUE, "useragent", -1 },
+     { "verbose", 'v', OPT_BOOLEAN, "verbose", -1 },
+@@ -675,6 +676,8 @@
+     N_("\
+   -I,  --include-directories=LIST  list of allowed directories.\n"),
+     N_("\
+  --trust-server-names  use the name specified by the redirection url last component.\n"),
+    N_("\
+   -X,  --exclude-directories=LIST  list of excluded directories.\n"),
+     N_("\
+   -np, --no-parent                 don't ascend to the parent directory.\n"),
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget~/src/options.h wget/src/options.h
+--- wget~/src/options.h	2010-09-05 15:30:22.000000000 +0200
+++ wget/src/options.h	2010-09-05 15:32:44.000000000 +0200
+@@ -242,6 +242,7 @@
+   char *encoding_remote;
+   char *locale;
+ 
+  bool trustservernames;
+ #ifdef __VMS
+   int ftp_stmlf;                /* Force Stream_LF format for binary FTP. */
+ #endif /* def __VMS */
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget~/src/retr.c wget/src/retr.c
+--- wget~/src/retr.c	2010-09-05 15:30:22.000000000 +0200
+++ wget/src/retr.c	2010-09-05 15:32:44.000000000 +0200
+@@ -689,7 +689,8 @@
+ #endif
+       || (proxy_url && proxy_url->scheme == SCHEME_HTTP))
+     {
+-      result = http_loop (u, &mynewloc, &local_file, refurl, dt, proxy_url, iri);
+      result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt,
+                          proxy_url, iri);
+     }
+   else if (u->scheme == SCHEME_FTP)
+     {