head 1.12; access; symbols pkgsrc-2013Q2:1.12.0.6 pkgsrc-2013Q2-base:1.12 pkgsrc-2012Q4:1.12.0.4 pkgsrc-2012Q4-base:1.12 pkgsrc-2011Q4:1.12.0.2 pkgsrc-2011Q4-base:1.12 pkgsrc-2011Q3:1.11.0.10 pkgsrc-2011Q3-base:1.11 pkgsrc-2011Q2:1.11.0.8 pkgsrc-2011Q2-base:1.11 pkgsrc-2011Q1:1.11.0.6 pkgsrc-2011Q1-base:1.11 pkgsrc-2010Q4:1.11.0.4 pkgsrc-2010Q4-base:1.11 pkgsrc-2010Q3:1.11.0.2 pkgsrc-2009Q4:1.10.0.32 pkgsrc-2009Q4-base:1.10 pkgsrc-2008Q4:1.10.0.30 pkgsrc-2008Q4-base:1.10 pkgsrc-2008Q3:1.10.0.28 pkgsrc-2008Q3-base:1.10 cube-native-xorg:1.10.0.26 cube-native-xorg-base:1.10 pkgsrc-2008Q2:1.10.0.24 pkgsrc-2008Q2-base:1.10 pkgsrc-2008Q1:1.10.0.22 pkgsrc-2008Q1-base:1.10 pkgsrc-2007Q4:1.10.0.20 pkgsrc-2007Q4-base:1.10 pkgsrc-2007Q3:1.10.0.18 pkgsrc-2007Q3-base:1.10 pkgsrc-2007Q2:1.10.0.16 pkgsrc-2007Q2-base:1.10 pkgsrc-2007Q1:1.10.0.14 pkgsrc-2007Q1-base:1.10 pkgsrc-2006Q4:1.10.0.12 pkgsrc-2006Q4-base:1.10 pkgsrc-2006Q3:1.10.0.10 pkgsrc-2006Q3-base:1.10 pkgsrc-2006Q2:1.10.0.8 pkgsrc-2006Q2-base:1.10 pkgsrc-2006Q1:1.10.0.6 pkgsrc-2006Q1-base:1.10 pkgsrc-2005Q4:1.10.0.4 pkgsrc-2005Q4-base:1.10 pkgsrc-2005Q3:1.10.0.2 pkgsrc-2005Q3-base:1.10 pkgsrc-2005Q2:1.9.0.4 pkgsrc-2005Q2-base:1.9 pkgsrc-2005Q1:1.9.0.2 pkgsrc-2005Q1-base:1.9 pkgsrc-2004Q4:1.6.0.8 pkgsrc-2004Q4-base:1.6 pkgsrc-2004Q3:1.6.0.6 pkgsrc-2004Q3-base:1.6 pkgsrc-2004Q2:1.6.0.4 pkgsrc-2004Q2-base:1.6 pkgsrc-2004Q1:1.6.0.2 pkgsrc-2004Q1-base:1.6 pkgsrc-2003Q4:1.5.0.4 pkgsrc-2003Q4-base:1.5 netbsd-1-6-1:1.5.0.2 netbsd-1-6-1-base:1.5 netbsd-1-6:1.3.0.8 netbsd-1-6-RELEASE-base:1.3 pkgviews:1.3.0.4 pkgviews-base:1.3 buildlink2:1.3.0.2 buildlink2-base:1.3 netbsd-1-5-PATCH003:1.3; locks; strict; comment @# @; 1.12 date 2011.10.24.15.22.01; author ryoon; state dead; branches; next 1.11; 1.11 date 2010.11.23.08.22.47; author tron; state Exp; branches 1.11.2.1; next 1.10; 1.10 date 2005.07.02.15.10.23; author wiz; state dead; branches; next 1.9; 1.9 date 2005.02.09.11.42.38; author bouyer; state Exp; branches; next 1.8; 1.8 date 2005.01.30.22.59.50; author bouyer; state Exp; branches; next 1.7; 1.7 date 2005.01.25.20.07.25; author bouyer; state Exp; branches; next 1.6; 1.6 date 2003.12.08.21.44.35; author wiz; state dead; branches; next 1.5; 1.5 date 2002.12.16.11.39.01; author wiz; state Exp; branches; next 1.4; 1.4 date 2002.12.01.01.04.04; author grant; state dead; branches; next 1.3; 1.3 date 2001.07.22.15.31.54; author tron; state Exp; branches; next 1.2; 1.2 date 2000.08.16.06.38.46; author itojun; state dead; branches; next 1.1; 1.1 date 2000.03.26.14.16.46; author itojun; state Exp; branches; next ; 1.11.2.1 date 2010.11.23.08.22.47; author spz; state dead; branches; next 1.11.2.2; 1.11.2.2 date 2010.11.23.21.14.45; author spz; state Exp; branches; next ; desc @@ 1.12 log @Update to 1.13.4 * Remove ssl option, and add gnutls and openssl options. The default is openssl like before. * All security patches are included in upstream's tar ball. * Remove ac_cv_func_sigsetjmp=yes line, because not defined now. Tested on NetBSD/i386 4.0.1, 5.1 5.99.56. Changelog: * Changes in Wget 1.13.4 ** Now --version and --help work again. ** Fix a build error on solaris 10 sparc. ** Now --timestamping and --continue work well together. ** Return a network failure when FTP downloads fail and --timestamping is specified. * Changes in Wget 1.13.3 ** Support HTTP/1.1 ** Now by default the GNU TLS library for secure connections, instead of OpenSSL. ** Fix some portability issues. ** Handle properly malformed status line in a HTTP response. ** Ignore zero length domains in $no_proxy. ** Set new cookies after an authorization failure. ** Exit with failure if -k is specified and -O is not a regular file. ** Cope better with unclosed html tags. ** Print diagnostic messages to stderr, not stdout. ** Do not use an additional HEAD request when --content-disposition is used, but use directly GET. ** Report the average transfer speed correctly when multiple URL's are specified and -c influences the transferred data amount. ** GNU TLS backend works again. ** Now --timestamping and --continue works well together. ** By default, on server redirects, use the original URL to get the local file name. Close CVE-2010-2252. This introduces a backward-incompatibility; any script that relies on the old behaviour must use --trust-server-names. ** Fix a problem when -k is used and some URLs are specified trough CSS. ** Convert correctly URLs that need to be encoded to local files when following links. ** Use persistent connections with proxies supporting them. ** Print the total download time as part of the summary for recursive downloads. ** Now it is possible to specify a different startup configuration file trough the --config option. ** Fix an infinite loop with the error ' has sprung into existence' on a network error and -nc is used. ** Now --adjust-extension does not modify the file extension if the file ends in .htm. ** Support HTTP/1.1 307 redirects keep request method. ** Now --no-parent doesn't fetch undesired files if HTTP and HTTPS are used by the same host on different pages. ** Do not attempt to remove the file if it is not in the accept rules but it is the output destination file. ** Introduce `show_all_dns_entries' to print all IP addresses corresponding to a DNS name when it is resolved. @ text @$NetBSD: patch-ac,v 1.11 2010/11/23 08:22:47 tron Exp $ Back port of patch for CVE-2010-2252 for to version 1.12 of "wget" taken from Debian: http://packages.debian.org/sid/wget http://ftp.de.debian.org/debian/pool/main/w/wget/wget_1.12-2.1.debian.tar.gz --- src/init.c.orig 2009-09-22 04:02:41.000000000 +0100 +++ src/init.c 2010-11-22 18:53:25.000000000 +0000 @@@@ -243,6 +243,7 @@@@ { "timeout", NULL, cmd_spec_timeout }, { "timestamping", &opt.timestamping, cmd_boolean }, { "tries", &opt.ntry, cmd_number_inf }, + { "trustservernames", &opt.trustservernames, cmd_boolean }, { "useproxy", &opt.use_proxy, cmd_boolean }, { "user", &opt.user, cmd_string }, { "useragent", NULL, cmd_spec_useragent }, @ 1.11 log @Add Debian's "wget" 1.12 backport of the fix for CVE-2010-2252. @ text @d1 1 a1 1 $NetBSD$ @ 1.11.2.1 log @file patch-ac was added on branch pkgsrc-2010Q3 on 2010-11-23 21:14:45 +0000 @ text @d1 18 @ 1.11.2.2 log @Pullup ticket 3278 - requested by tron security fixes Revisions pulled up: - pkgsrc/net/wget/Makefile 1.102 - pkgsrc/net/wget/distinfo 1.36 Files added: pkgsrc/net/wget/patches/patch-aa pkgsrc/net/wget/patches/patch-ab pkgsrc/net/wget/patches/patch-ac pkgsrc/net/wget/patches/patch-ad pkgsrc/net/wget/patches/patch-ae pkgsrc/net/wget/patches/patch-af ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Tue Nov 23 08:22:47 UTC 2010 Modified Files: pkgsrc/net/wget: Makefile distinfo Added Files: pkgsrc/net/wget/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af Log Message: Add Debian's "wget" 1.12 backport of the fix for CVE-2010-2252. To generate a diff of this commit: cvs rdiff -u -r1.101 -r1.102 pkgsrc/net/wget/Makefile cvs rdiff -u -r1.35 -r1.36 pkgsrc/net/wget/distinfo cvs rdiff -u -r0 -r1.11 pkgsrc/net/wget/patches/patch-aa \ pkgsrc/net/wget/patches/patch-ac cvs rdiff -u -r0 -r1.9 pkgsrc/net/wget/patches/patch-ab cvs rdiff -u -r0 -r1.10 pkgsrc/net/wget/patches/patch-ad cvs rdiff -u -r0 -r1.8 pkgsrc/net/wget/patches/patch-ae cvs rdiff -u -r0 -r1.6 pkgsrc/net/wget/patches/patch-af @ text @a0 18 $NetBSD: patch-ac,v 1.11 2010/11/23 08:22:47 tron Exp $ Back port of patch for CVE-2010-2252 for to version 1.12 of "wget" taken from Debian: http://packages.debian.org/sid/wget http://ftp.de.debian.org/debian/pool/main/w/wget/wget_1.12-2.1.debian.tar.gz --- src/init.c.orig 2009-09-22 04:02:41.000000000 +0100 +++ src/init.c 2010-11-22 18:53:25.000000000 +0000 @@@@ -243,6 +243,7 @@@@ { "timeout", NULL, cmd_spec_timeout }, { "timestamping", &opt.timestamping, cmd_boolean }, { "tries", &opt.ntry, cmd_number_inf }, + { "trustservernames", &opt.trustservernames, cmd_boolean }, { "useproxy", &opt.use_proxy, cmd_boolean }, { "user", &opt.user, cmd_string }, { "useragent", NULL, cmd_spec_useragent }, @ 1.10 log @Update to 1.10: * Changes in Wget 1.10. ** Downloading files larger than 2GB, sometimes referred to as "large files", now works on systems that support them. This includes the majority of modern Unixes, as well as MS Windows. ** IPv6 is now supported by Wget. Unlike the experimental code in 1.9, this version supports dual-family systems. The new flags `--inet4' and `--inet6' (or `-4' and `-6' for short) force the use of IPv4 and IPv6 respectively. Note that IPv6 support has not yet been tested on Windows. ** Microsoft's proprietary "NTLM" method of HTTP authentication is now supported. This authentication method is undocumented and only used by IIS. Note that *proxy* authentication is not supported in this release; you can only authenticate to the target web site. ** Wget no longer truncates partially downloaded files when download has to start over because the server doesn't support Range. Instead, with such servers Wget now simply ignores the data up to the byte where the last attempt left off, and only then continues appending to the file. That way the downloaded file never shrinks, and download retries from servers without support for partial downloads work even when downloading to stdout. ** SSL/TLS changes: *** SSL/TLS downloads now attempt to verify the server's certificate against the recognized certificate authorities. This requires CA certificates to have been installed in a location visible to the OpenSSL library. If this is not the case, you can get the bundle yourself from a source you trust (for example, the bundle extracted from Mozilla available at http://curl.haxx.se/docs/caextract.html), and point Wget to the PEM file using the `--ca-certificate' command-line option or the corresponding `.wgetrc' command. *** Secure downloads now verify that the host name in the URL matches the "common name" in the certificate presented by the server. *** Although the above checks provide more secure downloads, they unavoidably break interoperability with some sites that worked with previous versions, particularly those using self-signed, expired, or otherwise invalid certificates. If you encounter "certificate verification" errors or complaints that "common name doesn't match requested host name" and are convinced of the site's authenticity, you can use `--no-check-certificate' to bypass both checks. *** Talking to SSL/TLS servers over proxies now actually works. Previous versions of Wget erroneously sent GET requests for https URLs. Wget 1.10 utilizes the CONNECT method designed for this purpose. *** The SSL/TLS-related options have been redesigned and, for the first time, documented in the manual. The old, undocumented, options are no longer supported. ** Passive FTP is now the default FTP transfer mode. Use `--no-passive-ftp' or specify `passive_ftp = off' in your init file to revert to the old behavior. ** The `--header' option can now be used to override generated headers. For example, `wget --header="Host: foo.bar" http://127.0.0.1' tells Wget to connect to localhost, but to specify "foo.bar" in the `Host' header. In previous versions such use of `--header' lead to duplicate headers in HTTP requests. ** The responses without headers, aka "HTTP 0.9" responses, are detected and handled. Although HTTP 0.9 has long been obsolete, it is still occasionally used, sometimes by accident. ** The progress bar is now updated regularly even when the data does not arrive from the network. ** Wget no longer preserves permissions of files retrieved by FTP by default. Anonymous FTP servers frequently use permissions like "664", which might not be what the user wants. The new option `--preserve-permissions' and the corresponding `.wgetrc' variable can be used to revert to the old behavior. ** The new option `--protocol-directories' instructs Wget to also use the protocol name as a directory component of local file names. ** Options that previously unconditionally set or unset various flags are now boolean options that can be invoked as either `--OPTION' or `--no-OPTION'. Options that required an argument "on" or "off" have also been changed this way, but they still accept the old syntax for backward compatibility. For example, instead of `--glob=off' you can write `--no-glob'. Allowing `--no-OPTION' for every `--OPTION' and the other way around is useful because it allows the user to override non-default behavior specified via `.wgetrc'. ** The new option `--keep-session-cookies' causes `--save-cookies' to save session cookies (normally only kept in memory) along with the permanent ones. This is useful because many sites track important information, such as whether the user has authenticated, in session cookies. With this option multiple Wget runs are treated as a single browser session. ** Wget now supports the --ftp-user and --ftp-password command switches to set username and password for FTP, and the --user and --password command switches to set username and password for both FTP and HTTP. The --http-passwd and --proxy-passwd command switches have been renamed to --http-password and --proxy-password respectively, and the related http_passwd and proxy_passwd .wgetrc commands to http_password and proxy_password respectively. The login and passwd .wgetrc commands have been deprecated. * `wget -b' now works correctly under Windows. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.9 2005/02/09 11:42:38 bouyer Exp $ d3 16 a18 194 --- src/host.c.orig 2003-10-26 02:38:25.000000000 +0100 +++ src/host.c 2005-02-08 17:36:26.000000000 +0100 @@@@ -189,13 +189,15 @@@@ if (ai->ai_family == AF_INET6) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ai->ai_addr; - memcpy (al->addresses + i, &sin6->sin6_addr, 16); + memcpy (al->addresses[i].bytes, &sin6->sin6_addr, 16); + al->addresses[i].family = AF_INET6; ++i; } else if (ai->ai_family == AF_INET) { struct sockaddr_in *sin = (struct sockaddr_in *)ai->ai_addr; - map_ipv4_to_ip ((ip4_address *)&sin->sin_addr, al->addresses + i); + memcpy (al->addresses[i].bytes, &sin->sin_addr, 4); + al->addresses[i].family = AF_INET; ++i; } assert (i == cnt); @@@@ -219,8 +221,11 @@@@ al->addresses = xmalloc (count * sizeof (ip_address)); al->refcount = 1; - for (i = 0; i < count; i++) - map_ipv4_to_ip ((ip4_address *)h_addr_list[i], al->addresses + i); + for (i = 0; i < count; i++) { + memcpy (al->addresses[i].bytes, h_addr_list[i], 4); + al->addresses[i].family = AF_INET; + } + return al; } @@@@ -279,33 +284,30 @@@@ */ void wget_sockaddr_set_address (wget_sockaddr *sa, - int ip_family, unsigned short port, ip_address *addr) + unsigned short port, ip_address *addr, int family) { - if (ip_family == AF_INET) + memset (sa, 0, sizeof(*sa)); + if (family == AF_INET) { - sa->sin.sin_family = ip_family; + sa->sin.sin_family = AF_INET; sa->sin.sin_port = htons (port); if (addr == NULL) memset (&sa->sin.sin_addr, 0, sizeof(ip4_address)); else { - ip4_address addr4; - if (!map_ip_to_ipv4 (addr, &addr4)) - /* should the callers have prevented this? */ - abort (); - memcpy (&sa->sin.sin_addr, &addr4, sizeof(ip4_address)); + memcpy (&sa->sin.sin_addr, addr->bytes, sizeof(ip4_address)); } return; } #ifdef ENABLE_IPV6 - if (ip_family == AF_INET6) + if (family == AF_INET6) { - sa->sin6.sin6_family = ip_family; + sa->sin6.sin6_family = AF_INET6; sa->sin6.sin6_port = htons (port); if (addr == NULL) memset (&sa->sin6.sin6_addr, 0 , 16); else - memcpy (&sa->sin6.sin6_addr, addr, 16); + memcpy (&sa->sin6.sin6_addr, addr->bytes, 16); return; } #endif @@@@ -422,12 +424,12 @@@@ * socklen_t structure length for socket options */ socklen_t -sockaddr_len () +sockaddr_len (int family) { - if (ip_default_family == AF_INET) + if (family == AF_INET) return sizeof (struct sockaddr_in); #ifdef ENABLE_IPV6 - if (ip_default_family == AF_INET6) + if (family == AF_INET6) return sizeof (struct sockaddr_in6); #endif abort(); @@@@ -435,42 +437,6 @@@@ return 0; } -/** - * Map an IPv4 adress to the internal adress format. - */ -void -map_ipv4_to_ip (ip4_address *ipv4, ip_address *ip) -{ -#ifdef ENABLE_IPV6 - static unsigned char ipv64[12] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff}; - memcpy ((char *)ip + 12, ipv4 , 4); - memcpy ((char *)ip + 0, ipv64, 12); -#else - if ((char *)ip != (char *)ipv4) - memcpy (ip, ipv4, 4); -#endif -} - -/* Detect whether an IP adress represents an IPv4 address and, if so, - copy it to IPV4. 0 is returned on failure. - This operation always succeeds when Wget is compiled without IPv6. - If IPV4 is NULL, don't copy, just detect. */ - -int -map_ip_to_ipv4 (ip_address *ip, ip4_address *ipv4) -{ -#ifdef ENABLE_IPV6 - static unsigned char ipv64[12] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff}; - if (0 != memcmp (ip, ipv64, 12)) - return 0; - if (ipv4) - memcpy (ipv4, (char *)ip + 12, 4); -#else - if (ipv4) - memcpy (ipv4, (char *)ip, 4); -#endif - return 1; -} /* Versions of gethostbyname and getaddrinfo that support timeout. */ @@@@ -559,17 +525,16 @@@@ pretty_print_address (ip_address *addr) { #ifdef ENABLE_IPV6 - ip4_address addr4; static char buf[128]; - if (map_ip_to_ipv4 (addr, &addr4)) - return inet_ntoa (*(struct in_addr *)&addr4); - - if (!inet_ntop (AF_INET6, addr, buf, sizeof (buf))) - return ""; - return buf; + if (addr->family == AF_INET6) + { + if (!inet_ntop (AF_INET6, addr->bytes, buf, sizeof (buf))) + return ""; + return buf; + } #endif - return inet_ntoa (*(struct in_addr *)addr); + return inet_ntoa (*(struct in_addr *)addr->bytes); } /* Add host name HOST with the address ADDR_TEXT to the cache. @@@@ -601,23 +566,27 @@@@ lookup_host (const char *host, int silent) { struct address_list *al = NULL; - uint32_t addr_ipv4; ip_address addr; + uint32_t addr4; /* First, try to check whether the address is already a numeric address. */ #ifdef ENABLE_IPV6 - if (inet_pton (AF_INET6, host, &addr) > 0) - return address_list_from_single (&addr); + if (inet_pton (AF_INET6, host, addr.bytes) > 0) + { + addr.family = AF_INET6; + return address_list_from_single (&addr); + } #endif - addr_ipv4 = (uint32_t)inet_addr (host); - if (addr_ipv4 != (uint32_t)-1) + addr4 = (uint32_t)inet_addr (host); + memcpy(addr.bytes, &addr4, 4); + addr.family = AF_INET; + if (addr4 != (uint32_t)-1) { /* ADDR is defined to be in network byte order, which is what this returns, so we can just copy it to STORE_IP. */ - map_ipv4_to_ip ((ip4_address *)&addr_ipv4, &addr); return address_list_from_single (&addr); } @ 1.9 log @Apply fix from Bryan J. Phillippe in pkg/29279: zero out struct sockaddr before using it. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.8 2005/01/30 22:59:50 bouyer Exp $ @ 1.8 log @Use uint32_t instead of u_int32_t. Should fix PR pkg/29146. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.7 2005/01/25 20:07:25 bouyer Exp $ d3 2 a4 2 --- src/host.c.orig Sun Oct 26 02:38:25 2003 +++ src/host.c Sun Jan 23 21:23:28 2005 d37 1 a37 1 @@@@ -279,33 +284,29 @@@@ d45 1 d79 1 a79 1 @@@@ -422,12 +423,12 @@@@ d95 1 a95 1 @@@@ -435,42 +436,6 @@@@ d138 1 a138 1 @@@@ -559,17 +524,16 @@@@ d163 1 a163 1 @@@@ -601,23 +565,27 @@@@ @ 1.7 log @ipv6-mapped ipv4 addresses aren't enabled by default on NetBSD, and probably others OS as well. Patch wget so that it won't try to use ipv6-mapped ipv4 addresses, but uses INET4 socket sockets instead. Bump pkgrev. Fix issues with v6-enabled wget reported on tech-pkg. @ text @d1 1 a1 1 $NetBSD: $ d168 1 a168 1 + u_int32_t addr4; @ 1.6 log @Update to 1.9.1: * Wget 1.9.1 is a bugfix release with no user-visible changes. * Changes in Wget 1.9. ** It is now possible to specify that POST method be used for HTTP requests. For example, `wget --post-data="id=foo&data=bar" URL' will send a POST request with the specified contents. ** IPv6 support is available, although it's still experimental. ** The `--timeout' option now also affects DNS lookup and establishing the TCP connection. Previously it only affected reading and writing data. Those three timeouts can be set separately using `--dns-timeout', `--connection-timeout', and `--read-timeout', respectively. ** Download speed shown by the progress bar is based on the data recently read, rather than the average speed of the entire download. The ETA projection is still based on the overall average. ** It is now possible to connect to FTP servers through FWTK firewalls. Set ftp_proxy to an FTP URL, and Wget will automatically log on to the proxy as "username@@host". ** The new option `--retry-connrefused' makes Wget retry downloads even in the face of refused connections, which are otherwise considered a fatal error. ** The new option `--dns-cache=off' may be used to prevent Wget from caching DNS lookups. ** Wget no longer escapes characters in local file names based on whether they're appropriate in URLs. Escaping can still occur for nonprintable characters or for '/', but no longer for frequent characters such as space. You can use the new option --restrict-file-names to relax or strengthen these rules, which can be useful if you dislike the default or if you're downloading to non-native partitions. ** Handling of HTML comments has been dumbed down to conform to what users expect and other browsers do: instead of being treated as SGML declaration, a comment is terminated at the first occurrence of "-->". Use `--strict-comments' to revert to the old behavior. ** Wget now correctly handles relative URIs that begin with "//", such as "//img.foo.com/foo.jpg". ** Boolean options in `.wgetrc' and on the command line now accept values "yes" and "no" along with the traditional "on" and "off". ** It is now possible to specify decimal values for timeouts, waiting periods, and download rate. For instance, `--wait=0.5' now works as expected, as does `--dns-timeout=0.5' and even `--limit-rate=2.5k'. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.5 2002/12/16 11:39:01 wiz Exp $ d3 93 a95 4 --- src/fnmatch.c.orig Sat May 18 05:05:15 2002 +++ src/fnmatch.c @@@@ -198,6 +198,17 @@@@ fnmatch (const char *pattern, const char return (FNM_NOMATCH); d98 98 a195 14 +/* Return non-zero if S has a leading '/' or contains '../' */ +int +has_invalid_name (const char *s) +{ + if (*s == '/') + return 1; + if (strstr(s, "../") != 0) + return 1; + return 0; +} + /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or `]'). */ int @ 1.5 log @Update to 1.8.2, with the recently discovered security problem already fixed (patches from RedHat RPM). Note: this package does not support IPv6 any longer, since no updated IPv6 patch for wget-1.8.2 exists (to my knowledge). The next major wget release is expected to contain IPv6 support. Uservisible changes since 1.7: ** A new progress indicator is now available and used by default. You can choose the progress bar type with `--progress=TYPE'. Two types are available, "bar" (the new default), and "dot" (the old dotted indicator). You can permanently revert to the old progress indicator by putting `progress = dot' in your `.wgetrc'. ** You can limit the download rate of the retrieval using the `--limit-rate' option. For example, `wget --limit-rate=15k URL' will tell Wget not to download the body of the URL faster than 15 kilobytes per second. ** Recursive retrieval and link conversion have been revamped: *** Wget now traverses links breadth-first. This makes the calculation of depth much more reliable than before. Also, recursive downloads are faster and consume *significantly* less memory than before. *** Links are converted only when the entire retrieval is complete. This is the only safe thing to do, as only then is it known what URLs have been downloaded. *** BASE tags are handled correctly when converting links. Since Wget already resolves when resolving handling URLs, link conversion now makes the BASE tags point to an empty string. *** HTML anchors are now handled correctly. Links to an anchor in the same document (), which used to confuse Wget, are now converted correctly. *** When in page-requisites (-p) mode, no-parent (-np) is ignored when retrieving for inline images, stylesheets, and other documents needed to display the page. *** Page-requisites (-p) mode now works with frames. In other words, `wget -p URL-THAT-USES-FRAMES' will now download the frame HTML files, and all the files that they need to be displayed properly. ** `--base' now works conjunction with `--input-file', providing a base for each URL and thereby allowing the URLs in the file to be relative. ** If a host has more than one IP address, Wget uses the other addresses when accessing the first one fails. ** Host directories now contain port information if the URL is at a non-standard port. ** Wget now supports the robots.txt directives specified in . ** URL parser has been fixed, especially the infamous overzealous quoting. Wget no longer dequotes reserved characters, e.g. `%3F' is no longer translated to `?', nor `%2B' to `+'. Unsafe characters which are not reserved are still escaped, of course. ** No more than 20 successive redirections are allowed. @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @USE_PKGLOCALEDIR. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.3 2001/07/22 15:31:54 tron Exp $ d3 5 a7 10 --- src/Makefile.in.orig Thu Apr 12 14:25:22 2001 +++ src/Makefile.in Sun Jul 22 17:21:51 2001 @@@@ -33,7 +33,7 @@@@ exec_prefix = @@exec_prefix@@ bindir = @@bindir@@ sysconfdir = @@sysconfdir@@ -localedir = $(prefix)/share/locale +localedir = $(prefix)/$(PKGLOCALEDIR)/locale DESTDIR = d9 14 @ 1.3 log @Make sure that locale files get installed into the right directory under Solaris. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @use latest IPv6 patch from kame (now supports IPv6 FTP properly). patches/patch-?? contain IPv6 patches only, switch to PATCHFILES. @ text @d1 10 a10 6 $NetBSD: patch-ac,v 1.1 2000/03/26 14:16:46 itojun Exp $ --- src/host.c.orig Mon Sep 21 18:55:42 1998 +++ src/host.c Fri Sep 24 15:49:42 1999 @@@@ -75,12 +75,58 @@@@ static struct host *add_hlist PARAMS ((struct host *, const char *, const char *, int)); d12 1 a12 53 +#ifdef INET6 +/* + * The same as gethostbyname2, but supports internet addresses of the + * form `N.N.N.N' and 'X:X:X:X:X:X:X:X'. + * + * Return the pointer of struct hostent on successful finding of the + * hostname, NULL pointer otherwise. + */ +struct hostent * +ngethostbyname2 (const char *name, int af) +{ + struct hostent *hp = (struct hostent *) NULL; + char *addr; + size_t socksize; + + /* Support only 2 types address family */ + if (af != AF_INET6 && af != AF_INET) + return (struct hostent *) NULL; + + hp = gethostbyname2(name, af); + if (!hp) { + if (inet_pton(af, name, addr) != -1) { + switch (af) { + case AF_INET: + socksize = sizeof (struct sockaddr_in); + break; + case AF_INET6: + socksize = sizeof (struct sockaddr_in6); + break; + } + hp = gethostbyaddr(addr, socksize, af); + } + } + return hp; +} +#endif /* INET6 */ + /* The same as gethostbyname, but supports internet addresses of the form `N.N.N.N'. */ struct hostent * ngethostbyname (const char *name) { struct hostent *hp; +#ifdef INET6 + const int af[] = { AF_INET, AF_INET6 }; + int i; + + for (i = 0; i < 2; i++) + if ((hp = ngethostbyname2(name, af[i])) != NULL) + return hp; + return (struct hostent *) NULL; +#else unsigned long addr; a13 194 addr = (unsigned long)inet_addr (name); @@@@ -89,6 +135,7 @@@@ else hp = gethostbyname (name); return hp; +#endif } /* Search for HOST in the linked list L, by hostname. Return the @@@@ -117,11 +164,159 @@@@ return NULL; } -/* Store the address of HOSTNAME, internet-style, to WHERE. First - check for it in the host list, and (if not found), use - ngethostbyname to get it. +#ifdef INET6 +int +convert_hostaddress(int af, const char *hostname, void *address) +{ + struct host *t; + int valid; + + valid = inet_pton(af, hostname, address); + if (valid == -1 || valid == 0) { + /* If it is not of that form, try to find it in the cache. */ + t = search_host (hlist, hostname); + if (t) + valid = inet_pton(af, t->realname, address); + if (valid != -1 && valid != 0) + return 1; + } else + return 1; + return 0; +} + +/* + * Store the address of HOSTNAME, internet-style, to WHERE. First + * check for it in the host list, and (if not found), use + * ngethostbyname to get it. + * + * Return 1 on successful finding of the hostname, 0 otherwise. + */ +int +store_hostaddress (struct sockaddr_storage *where, const char *hostname) +{ + struct host *t; + struct addrinfo hints, *res; + union { + struct in_addr in; + struct in6_addr in6; + } addr_un; + struct sockaddr_in *sin; + struct sockaddr_in6 *sin6; + char *addr_s; + char addr_st[INET6_ADDRSTRLEN]; + int af, valid ,i, err; + int family; + const int afs[] = { AF_INET6, AF_INET }; +#define MAX_AF 2 - Return 1 on successful finding of the hostname, 0 otherwise. */ + if (opt.inet) + family = AF_INET; + else if (opt.inet6) + family = AF_INET6; + else + family = 0; + /* + * If the address is of the form d.d.d.d, there will be no trouble + * with it. + */ + if (!family) { + for (i = 0; i < MAX_AF; i++) { + valid = convert_hostaddress(afs[i], hostname, &addr_un); + af = afs[i]; + } + } else { + valid = convert_hostaddress(family, hostname, &addr_un); + af = family; + } + /* If we have the numeric address, just store it. */ + if (valid) { + /* This works on both little and big endian architecture, as + * inet_addr returns the address in the proper order. It + * appears to work on 64-bit machines too. + */ + switch (af) { + case AF_INET: + sin = (struct sockaddr_in *) where; + memcpy(&sin->sin_addr, &addr_un.in, sizeof(struct in_addr)); + sin->sin_family = AF_INET; + return 1; + case AF_INET6: + sin6 = (struct sockaddr_in6 *) where; + memcpy(&sin6->sin6_addr, &addr_un.in6, sizeof(struct in6_addr)); + sin6->sin6_family = AF_INET6; + return 1; + default: + return 0; + } + } + /* + * Since all else has failed, let's try gethostbyname2(). Note that + * we use gethostbyname2() rather than ngethostbyname2(), because we + * *know* the address is not numerical. + */ + bzero(&hints, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = 0; + if (!family) { + hints.ai_family = AF_UNSPEC; + } else { + hints.ai_family = family; + } + err = getaddrinfo(hostname, NULL, &hints, &res); + if (err) { + fprintf(stderr, "%s: %s\n", hostname, gai_strerror(err)); + return 0; + } + /* + * Copy the address of the host to socket description. + */ + switch (res->ai_family) { + case AF_INET: + sin = (struct sockaddr_in *) where; + memcpy(&sin->sin_addr, &((struct sockaddr_in *)res->ai_addr)->sin_addr, sizeof (struct in_addr)); + sin->sin_family = AF_INET; + memcpy (&addr_un.in.s_addr, &((struct sockaddr_in *)res->ai_addr)->sin_addr, sizeof (addr_un.in)); + inet_ntop(AF_INET, &addr_un.in, addr_st, sizeof (struct in_addr)); + STRDUP_ALLOCA (addr_s, addr_st); + freeaddrinfo(res); + break; + case AF_INET6: + sin6 = (struct sockaddr_in6 *) where; + memcpy(&sin6->sin6_addr, &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr, sizeof (struct in6_addr)); + sin6->sin6_family = AF_INET6; + memcpy (&addr_un.in6, &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr, sizeof (addr_un.in6)); + inet_ntop(AF_INET6, &addr_un.in6, addr_st, sizeof (struct in6_addr)); + STRDUP_ALLOCA (addr_s, addr_st); + freeaddrinfo(res); + break; + default: + freeaddrinfo(res); + return 0; + } + /* + * Now that we're here, we could as well cache the hostname for + * future use, as in realhost(). First, we have to look for it by + * address to know if it's already in the cache by another name. + */ + /* + * Originally, we copied to in.s_addr, but it appears to be missing + * on some systems. + */ + t = search_address (hlist, addr_s); + if (t) /* Found in the list, as realname. */ + { + /* Set the default, 0 quality. */ + hlist = add_hlist (hlist, hostname, addr_s, 0); + return 1; + } + /* Since this is really the first time this host is encountered, + * set quality to 1. + */ + hlist = add_hlist (hlist, hostname, addr_s, 1); + return 1; +} +#undef MAX_AF +#else /* INET6 */ int store_hostaddress (unsigned char *where, const char *hostname) { @@@@ -131,8 +326,10 @@@@ struct in_addr in; char *inet_s; - /* If the address is of the form d.d.d.d, there will be no trouble - with it. */ + /* + * If the address is of the form d.d.d.d, there will be no trouble + * with it. + */ addr = (unsigned long)inet_addr (hostname); if ((int)addr == -1) { @@@@ -178,6 +375,7 @@@@ hlist = add_hlist (hlist, hostname, inet_s, 1); return 1; } +#endif /* INET6 */ /* Add a host to the host list. The list is sorted by addresses. For equal addresses, the entries with quality should bubble towards the @ 1.1 log @bring in IPv6 support. PR8489. @ text @d1 1 a1 1 $NetBSD$ @