head 1.10; access; symbols pkgsrc-2013Q2:1.10.0.6 pkgsrc-2013Q2-base:1.10 pkgsrc-2012Q4:1.10.0.4 pkgsrc-2012Q4-base:1.10 pkgsrc-2011Q4:1.10.0.2 pkgsrc-2011Q4-base:1.10 pkgsrc-2011Q3:1.9.0.10 pkgsrc-2011Q3-base:1.9 pkgsrc-2011Q2:1.9.0.8 pkgsrc-2011Q2-base:1.9 pkgsrc-2011Q1:1.9.0.6 pkgsrc-2011Q1-base:1.9 pkgsrc-2010Q4:1.9.0.4 pkgsrc-2010Q4-base:1.9 pkgsrc-2010Q3:1.9.0.2 pkgsrc-2009Q4:1.8.0.32 pkgsrc-2009Q4-base:1.8 pkgsrc-2008Q4:1.8.0.30 pkgsrc-2008Q4-base:1.8 pkgsrc-2008Q3:1.8.0.28 pkgsrc-2008Q3-base:1.8 cube-native-xorg:1.8.0.26 cube-native-xorg-base:1.8 pkgsrc-2008Q2:1.8.0.24 pkgsrc-2008Q2-base:1.8 pkgsrc-2008Q1:1.8.0.22 pkgsrc-2008Q1-base:1.8 pkgsrc-2007Q4:1.8.0.20 pkgsrc-2007Q4-base:1.8 pkgsrc-2007Q3:1.8.0.18 pkgsrc-2007Q3-base:1.8 pkgsrc-2007Q2:1.8.0.16 pkgsrc-2007Q2-base:1.8 pkgsrc-2007Q1:1.8.0.14 pkgsrc-2007Q1-base:1.8 pkgsrc-2006Q4:1.8.0.12 pkgsrc-2006Q4-base:1.8 pkgsrc-2006Q3:1.8.0.10 pkgsrc-2006Q3-base:1.8 pkgsrc-2006Q2:1.8.0.8 pkgsrc-2006Q2-base:1.8 pkgsrc-2006Q1:1.8.0.6 pkgsrc-2006Q1-base:1.8 pkgsrc-2005Q4:1.8.0.4 pkgsrc-2005Q4-base:1.8 pkgsrc-2005Q3:1.8.0.2 pkgsrc-2005Q3-base:1.8 pkgsrc-2005Q2:1.7.0.4 pkgsrc-2005Q2-base:1.7 pkgsrc-2005Q1:1.7.0.2 pkgsrc-2005Q1-base:1.7 pkgsrc-2004Q4:1.6.0.10 pkgsrc-2004Q4-base:1.6 pkgsrc-2004Q3:1.6.0.8 pkgsrc-2004Q3-base:1.6 pkgsrc-2004Q2:1.6.0.6 pkgsrc-2004Q2-base:1.6 pkgsrc-2004Q1:1.6.0.4 pkgsrc-2004Q1-base:1.6 pkgsrc-2003Q4:1.6.0.2 pkgsrc-2003Q4-base:1.6 netbsd-1-6:1.5.0.8 netbsd-1-6-RELEASE-base:1.5 pkgviews:1.5.0.4 pkgviews-base:1.5 buildlink2:1.5.0.2 buildlink2-base:1.5 netbsd-1-5-PATCH003:1.5 FreeBSD-current-1998-02-17:1.1.1.1 FREEBSD:1.1.1; locks; strict; comment @# @; 1.10 date 2011.10.24.15.22.01; author ryoon; state dead; branches; next 1.9; 1.9 date 2010.11.23.08.22.47; author tron; state Exp; branches 1.9.2.1; next 1.8; 1.8 date 2005.07.02.15.10.23; author wiz; state dead; branches; next 1.7; 1.7 date 2005.01.25.20.07.25; author bouyer; state Exp; branches; next 1.6; 1.6 date 2002.12.01.01.04.04; author grant; state dead; branches; next 1.5; 1.5 date 2001.07.22.15.31.54; author tron; state Exp; branches; next 1.4; 1.4 date 2000.08.16.06.38.46; author itojun; state dead; branches; next 1.3; 1.3 date 2000.03.26.14.16.45; author itojun; state Exp; branches; next 1.2; 1.2 date 98.02.18.09.39.42; author hubertf; state dead; branches; next 1.1; 1.1 date 98.02.17.08.07.09; author hubertf; state Exp; branches 1.1.1.1; next ; 1.9.2.1 date 2010.11.23.08.22.47; author spz; state dead; branches; next 1.9.2.2; 1.9.2.2 date 2010.11.23.21.14.45; author spz; state Exp; branches; next ; 1.1.1.1 date 98.02.17.08.07.09; author hubertf; state Exp; branches; next ; desc @@ 1.10 log @Update to 1.13.4 * Remove ssl option, and add gnutls and openssl options. The default is openssl like before. * All security patches are included in upstream's tar ball. * Remove ac_cv_func_sigsetjmp=yes line, because not defined now. Tested on NetBSD/i386 4.0.1, 5.1 5.99.56. Changelog: * Changes in Wget 1.13.4 ** Now --version and --help work again. ** Fix a build error on solaris 10 sparc. ** Now --timestamping and --continue work well together. ** Return a network failure when FTP downloads fail and --timestamping is specified. * Changes in Wget 1.13.3 ** Support HTTP/1.1 ** Now by default the GNU TLS library for secure connections, instead of OpenSSL. ** Fix some portability issues. ** Handle properly malformed status line in a HTTP response. ** Ignore zero length domains in $no_proxy. ** Set new cookies after an authorization failure. ** Exit with failure if -k is specified and -O is not a regular file. ** Cope better with unclosed html tags. ** Print diagnostic messages to stderr, not stdout. ** Do not use an additional HEAD request when --content-disposition is used, but use directly GET. ** Report the average transfer speed correctly when multiple URL's are specified and -c influences the transferred data amount. ** GNU TLS backend works again. ** Now --timestamping and --continue works well together. ** By default, on server redirects, use the original URL to get the local file name. Close CVE-2010-2252. This introduces a backward-incompatibility; any script that relies on the old behaviour must use --trust-server-names. ** Fix a problem when -k is used and some URLs are specified trough CSS. ** Convert correctly URLs that need to be encoded to local files when following links. ** Use persistent connections with proxies supporting them. ** Print the total download time as part of the summary for recursive downloads. ** Now it is possible to specify a different startup configuration file trough the --config option. ** Fix an infinite loop with the error ' has sprung into existence' on a network error and -nc is used. ** Now --adjust-extension does not modify the file extension if the file ends in .htm. ** Support HTTP/1.1 307 redirects keep request method. ** Now --no-parent doesn't fetch undesired files if HTTP and HTTPS are used by the same host on different pages. ** Do not attempt to remove the file if it is not in the accept rules but it is the output destination file. ** Introduce `show_all_dns_entries' to print all IP addresses corresponding to a DNS name when it is resolved. @ text @$NetBSD: patch-ab,v 1.9 2010/11/23 08:22:47 tron Exp $ Back port of patch for CVE-2010-2252 for to version 1.12 of "wget" taken from Debian: http://packages.debian.org/sid/wget http://ftp.de.debian.org/debian/pool/main/w/wget/wget_1.12-2.1.debian.tar.gz --- src/http.h.orig 2009-09-04 17:31:54.000000000 +0100 +++ src/http.h 2010-11-22 18:53:25.000000000 +0000 @@@@ -33,8 +33,8 @@@@ struct url; -uerr_t http_loop (struct url *, char **, char **, const char *, int *, - struct url *, struct iri *); +uerr_t http_loop (struct url *, struct url *, char **, char **, const char *, + int *, struct url *, struct iri *); void save_cookies (void); void http_cleanup (void); time_t http_atotm (const char *); @ 1.9 log @Add Debian's "wget" 1.12 backport of the fix for CVE-2010-2252. @ text @d1 1 a1 1 $NetBSD$ @ 1.9.2.1 log @file patch-ab was added on branch pkgsrc-2010Q3 on 2010-11-23 21:14:45 +0000 @ text @d1 21 @ 1.9.2.2 log @Pullup ticket 3278 - requested by tron security fixes Revisions pulled up: - pkgsrc/net/wget/Makefile 1.102 - pkgsrc/net/wget/distinfo 1.36 Files added: pkgsrc/net/wget/patches/patch-aa pkgsrc/net/wget/patches/patch-ab pkgsrc/net/wget/patches/patch-ac pkgsrc/net/wget/patches/patch-ad pkgsrc/net/wget/patches/patch-ae pkgsrc/net/wget/patches/patch-af ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Tue Nov 23 08:22:47 UTC 2010 Modified Files: pkgsrc/net/wget: Makefile distinfo Added Files: pkgsrc/net/wget/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af Log Message: Add Debian's "wget" 1.12 backport of the fix for CVE-2010-2252. To generate a diff of this commit: cvs rdiff -u -r1.101 -r1.102 pkgsrc/net/wget/Makefile cvs rdiff -u -r1.35 -r1.36 pkgsrc/net/wget/distinfo cvs rdiff -u -r0 -r1.11 pkgsrc/net/wget/patches/patch-aa \ pkgsrc/net/wget/patches/patch-ac cvs rdiff -u -r0 -r1.9 pkgsrc/net/wget/patches/patch-ab cvs rdiff -u -r0 -r1.10 pkgsrc/net/wget/patches/patch-ad cvs rdiff -u -r0 -r1.8 pkgsrc/net/wget/patches/patch-ae cvs rdiff -u -r0 -r1.6 pkgsrc/net/wget/patches/patch-af @ text @a0 21 $NetBSD: patch-ab,v 1.9 2010/11/23 08:22:47 tron Exp $ Back port of patch for CVE-2010-2252 for to version 1.12 of "wget" taken from Debian: http://packages.debian.org/sid/wget http://ftp.de.debian.org/debian/pool/main/w/wget/wget_1.12-2.1.debian.tar.gz --- src/http.h.orig 2009-09-04 17:31:54.000000000 +0100 +++ src/http.h 2010-11-22 18:53:25.000000000 +0000 @@@@ -33,8 +33,8 @@@@ struct url; -uerr_t http_loop (struct url *, char **, char **, const char *, int *, - struct url *, struct iri *); +uerr_t http_loop (struct url *, struct url *, char **, char **, const char *, + int *, struct url *, struct iri *); void save_cookies (void); void http_cleanup (void); time_t http_atotm (const char *); @ 1.8 log @Update to 1.10: * Changes in Wget 1.10. ** Downloading files larger than 2GB, sometimes referred to as "large files", now works on systems that support them. This includes the majority of modern Unixes, as well as MS Windows. ** IPv6 is now supported by Wget. Unlike the experimental code in 1.9, this version supports dual-family systems. The new flags `--inet4' and `--inet6' (or `-4' and `-6' for short) force the use of IPv4 and IPv6 respectively. Note that IPv6 support has not yet been tested on Windows. ** Microsoft's proprietary "NTLM" method of HTTP authentication is now supported. This authentication method is undocumented and only used by IIS. Note that *proxy* authentication is not supported in this release; you can only authenticate to the target web site. ** Wget no longer truncates partially downloaded files when download has to start over because the server doesn't support Range. Instead, with such servers Wget now simply ignores the data up to the byte where the last attempt left off, and only then continues appending to the file. That way the downloaded file never shrinks, and download retries from servers without support for partial downloads work even when downloading to stdout. ** SSL/TLS changes: *** SSL/TLS downloads now attempt to verify the server's certificate against the recognized certificate authorities. This requires CA certificates to have been installed in a location visible to the OpenSSL library. If this is not the case, you can get the bundle yourself from a source you trust (for example, the bundle extracted from Mozilla available at http://curl.haxx.se/docs/caextract.html), and point Wget to the PEM file using the `--ca-certificate' command-line option or the corresponding `.wgetrc' command. *** Secure downloads now verify that the host name in the URL matches the "common name" in the certificate presented by the server. *** Although the above checks provide more secure downloads, they unavoidably break interoperability with some sites that worked with previous versions, particularly those using self-signed, expired, or otherwise invalid certificates. If you encounter "certificate verification" errors or complaints that "common name doesn't match requested host name" and are convinced of the site's authenticity, you can use `--no-check-certificate' to bypass both checks. *** Talking to SSL/TLS servers over proxies now actually works. Previous versions of Wget erroneously sent GET requests for https URLs. Wget 1.10 utilizes the CONNECT method designed for this purpose. *** The SSL/TLS-related options have been redesigned and, for the first time, documented in the manual. The old, undocumented, options are no longer supported. ** Passive FTP is now the default FTP transfer mode. Use `--no-passive-ftp' or specify `passive_ftp = off' in your init file to revert to the old behavior. ** The `--header' option can now be used to override generated headers. For example, `wget --header="Host: foo.bar" http://127.0.0.1' tells Wget to connect to localhost, but to specify "foo.bar" in the `Host' header. In previous versions such use of `--header' lead to duplicate headers in HTTP requests. ** The responses without headers, aka "HTTP 0.9" responses, are detected and handled. Although HTTP 0.9 has long been obsolete, it is still occasionally used, sometimes by accident. ** The progress bar is now updated regularly even when the data does not arrive from the network. ** Wget no longer preserves permissions of files retrieved by FTP by default. Anonymous FTP servers frequently use permissions like "664", which might not be what the user wants. The new option `--preserve-permissions' and the corresponding `.wgetrc' variable can be used to revert to the old behavior. ** The new option `--protocol-directories' instructs Wget to also use the protocol name as a directory component of local file names. ** Options that previously unconditionally set or unset various flags are now boolean options that can be invoked as either `--OPTION' or `--no-OPTION'. Options that required an argument "on" or "off" have also been changed this way, but they still accept the old syntax for backward compatibility. For example, instead of `--glob=off' you can write `--no-glob'. Allowing `--no-OPTION' for every `--OPTION' and the other way around is useful because it allows the user to override non-default behavior specified via `.wgetrc'. ** The new option `--keep-session-cookies' causes `--save-cookies' to save session cookies (normally only kept in memory) along with the permanent ones. This is useful because many sites track important information, such as whether the user has authenticated, in session cookies. With this option multiple Wget runs are treated as a single browser session. ** Wget now supports the --ftp-user and --ftp-password command switches to set username and password for FTP, and the --user and --password command switches to set username and password for both FTP and HTTP. The --http-passwd and --proxy-passwd command switches have been renamed to --http-password and --proxy-password respectively, and the related http_passwd and proxy_passwd .wgetrc commands to http_password and proxy_password respectively. The login and passwd .wgetrc commands have been deprecated. * `wget -b' now works correctly under Windows. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.7 2005/01/25 20:07:25 bouyer Exp $ d3 19 a21 101 --- src/ftp-basic.c.orig Sat Nov 8 20:17:55 2003 +++ src/ftp-basic.c Sun Jan 23 22:20:35 2005 @@@@ -267,7 +267,7 @@@@ /* Setting port to 0 lets the system choose a free port. */ port = 0; - err = bindport (&port, ip_default_family); + err = bindport (&port, AF_INET6); if (err != BINDOK) /* Bind the port. */ return err; @@@@ -275,7 +275,8 @@@@ if (!conaddr (RBUF_FD (rbuf), &in_addr)) /* Huh? This is not BINDERR! */ return BINDERR; - inet_ntop (AF_INET6, &in_addr, ipv6, sizeof (ipv6)); + inet_ntop (AF_INET6, in_addr.bytes, ipv6, sizeof (ipv6)); + in_addr.family = AF_INET6; /* Construct the argument of EPRT (of the form |2|IPv6.ascii|PORT.ascii|). */ bytes = alloca (3 + strlen (ipv6) + 1 + numdigit (port) + 1 + 1); @@@@ -319,8 +320,6 @@@@ char bytes[6 * 4 +1]; ip_address in_addr; - ip4_address in_addr_4; - unsigned char *in_addr4_ptr = (unsigned char *)&in_addr_4; int nwritten; unsigned short port; @@@@ -347,16 +346,14 @@@@ if (!conaddr (RBUF_FD (rbuf), &in_addr)) /* Huh? This is not BINDERR! */ return BINDERR; - if (!map_ip_to_ipv4 (&in_addr, &in_addr_4)) - return BINDERR; /* Construct the argument of PORT (of the form a,b,c,d,e,f). Port is unsigned short so (unsigned) (port & 0xff000) >> 8 is the same like port >> 8 */ sprintf (bytes, "%d,%d,%d,%d,%d,%d", - in_addr4_ptr[0], in_addr4_ptr[1], in_addr4_ptr[2], in_addr4_ptr[3], - port >> 8, port & 0xff); + in_addr.bytes[0], in_addr.bytes[1], in_addr.bytes[2], + in_addr.bytes[3], port >> 8, port & 0xff); /* Send PORT request. */ request = ftp_request ("PORT", bytes); nwritten = iwrite (RBUF_FD (rbuf), request, strlen (request)); @@@@ -426,10 +423,12 @@@@ switch(remote.sa.sa_family) { case AF_INET6: - memcpy (addr, &remote.sin6.sin6_addr, 16); + memcpy (&addr->bytes[0], &remote.sin6.sin6_addr, 16); + addr->family = AF_INET6; break; case AF_INET: - map_ipv4_to_ip ((ip4_address *)&ipv4_sock->sin_addr, addr); + memcpy (&addr->bytes[0], &remote.sin.sin_addr, 4); + addr->family = AF_INET; break; default: abort(); @@@@ -454,15 +453,12 @@@@ unsigned char addr4[4]; #ifdef ENABLE_IPV6 - if (ip_default_family == AF_INET6) - { err = ftp_epsv (rbuf, addr, port, "2"); /* try IPv6 with EPSV */ if (FTPOK == err) return FTPOK; err = ftp_epsv (rbuf, addr, port, "1"); /* try IPv4 with EPSV */ if (FTPOK == err) return FTPOK; - } #endif /* Form the request. */ request = ftp_request ("PASV", NULL); @@@@ -505,9 +501,8 @@@@ return FTPINVPASV; } } - - /* Eventually make an IPv4 in IPv6 adress if needed */ - map_ipv4_to_ip ((ip4_address *)addr4, addr); + memcpy(addr->bytes, addr4, 4); + addr->family = AF_INET; *port=0; for (; ISDIGIT (*s); s++) @@@@ -526,7 +521,7 @@@@ port2 = (*s - '0') + 10 * port2; *port = (*port) * 256 + port2; } - xfree (respline); + xfree (respline); return FTPOK; } @ 1.7 log @ipv6-mapped ipv4 addresses aren't enabled by default on NetBSD, and probably others OS as well. Patch wget so that it won't try to use ipv6-mapped ipv4 addresses, but uses INET4 socket sockets instead. Bump pkgrev. Fix issues with v6-enabled wget reported on tech-pkg. @ text @d1 1 a1 1 $NetBSD: $ @ 1.6 log @USE_PKGLOCALEDIR. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.5 2001/07/22 15:31:54 tron Exp $ d3 100 a102 12 --- po/Makefile.in.in.orig Thu Apr 12 14:25:22 2001 +++ po/Makefile.in.in Sun Jul 22 17:21:13 2001 @@@@ -21,8 +21,8 @@@@ prefix = @@prefix@@ exec_prefix = @@exec_prefix@@ datadir = $(prefix)/@@DATADIRNAME@@ -localedir = $(datadir)/locale -gnulocaledir = $(prefix)/share/locale +localedir = $(prefix)/$(PKGLOCALEDIR)/locale +gnulocaledir = $(prefix)/$(PKGLOCALEDIR)/locale gettextsrcdir = $(prefix)/share/gettext/po subdir = po @ 1.5 log @Make sure that locale files get installed into the right directory under Solaris. @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @use latest IPv6 patch from kame (now supports IPv6 FTP properly). patches/patch-?? contain IPv6 patches only, switch to PATCHFILES. @ text @d1 14 a14 62 $NetBSD: patch-ab,v 1.3 2000/03/26 14:16:45 itojun Exp $ --- src/connect.c.orig Sun Mar 29 23:28:15 1998 +++ src/connect.c Fri Sep 24 15:49:42 1999 @@@@ -62,6 +62,59 @@@@ uerr_t make_connection (int *sock, char *hostname, unsigned short port) { +#ifdef INET6 + struct sockaddr_storage sock_name; + struct sockaddr_in *sin; + struct sockaddr_in6 *sin6; + size_t socksize; + + /* + * Get internet address of the host. We can do it either by calling + * ngethostbyname, or by calling store_hostaddress, from host.c. + * storehostaddress is better since it caches calls to + * gethostbyname. + */ + if (!store_hostaddress (&sock_name, hostname)) + return HOSTERR; + + /* Set port and protocol */ + switch (sock_name.ss_family) { + case AF_INET: + sin = (struct sockaddr_in *) &sock_name; + sin->sin_family = AF_INET; +#ifdef HAVE_SOCKADDR_SA_LEN + sin->sin_len = sizeof (struct sockaddr_in); +#endif + sin->sin_port = htons (port); + socksize = sizeof (struct sockaddr_in); + break; + case AF_INET6: + sin6 = (struct sockaddr_in6 *) &sock_name; + sin6->sin6_family = AF_INET6; +#ifdef HAVE_SOCKADDR_SA_LEN + sin6->sin6_len = sizeof (struct sockaddr_in6); +#endif + sin6->sin6_port = htons (port); + socksize = sizeof (struct sockaddr_in6); + break; + default: + return HOSTERR; + } + /* Make an internet socket, stream type. */ + if ((*sock = socket (sock_name.ss_family, SOCK_STREAM, 0)) == -1) + return CONSOCKERR; + + /* Connect the socket to the remote host. */ + if (connect (*sock, (struct sockaddr *) &sock_name, socksize)) + { + if (errno == ECONNREFUSED) + return CONREFUSED; + else + return CONERROR; + } + DEBUGP (("Created fd %d.\n", *sock)); + return NOCONERROR; +#else /* !INET6 */ struct sockaddr_in sock_name; /* struct hostent *hptr; */ a15 8 @@@@ -97,6 +150,7 @@@@ } DEBUGP (("Created fd %d.\n", *sock)); return NOCONERROR; +#endif /* INET6 */ } /* Bind the local port PORT. This does all the necessary work, which @ 1.3 log @bring in IPv6 support. PR8489. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Not needed for NetBSD. @ text @d1 71 a71 11 --- config.h.in.orig Tue Apr 22 13:23:45 1997 +++ config.h.in Sun Aug 31 11:52:08 1997 @@@@ -188,7 +188,7 @@@@ char *strtok(); char *strdup(); #ifdef HAVE_STRPTIME -char *strptime(); +const char *strptime(); #endif /* HAVE_STRPTIME */ void *memcpy(); #endif /* STDC_HEADERS */ @ 1.1 log @Initial revision @ text @@ 1.1.1.1 log @Retrieve files from the 'net via HTTP and FTP. Imported from FreeBSD on request by Perry. :) @ text @@