OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 23-Jan-2003 14:51:17
Branch: OPENPKG_1_1_SOLID Handle: 2003012313511600
Added files: (Branch: OPENPKG_1_1_SOLID)
openpkg-src/wget wget.patch
Modified files: (Branch: OPENPKG_1_1_SOLID)
openpkg-src/wget wget.spec
Log:
SA-2003.007-wget; CAN-2002-1344; fix unsupported SSL autodetection
Summary:
Revision Changes Path
1.1.6.1 +82 -0 openpkg-src/wget/wget.patch
1.22.2.2 +4 -1 openpkg-src/wget/wget.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/wget/wget.patch
============================================================================
$ cvs diff -u -r0 -r1.1.6.1 wget.patch
--- /dev/null 2003-01-23 14:51:17.000000000 +0100
+++ wget.patch 2003-01-23 14:51:17.000000000 +0100
@@ -0,0 +1,82 @@
+--- src/fnmatch.c.orig 2002/05/18 03:05:15 1.2.2.1
++++ src/fnmatch.c 2003/01/11 19:53:31 1.2.2.2
+@@ -35,6 +35,11 @@
+
+ #include <errno.h>
+ #include "wget.h"
++#ifdef HAVE_STRING_H
++# include <string.h>
++#else
++# include <strings.h>
++#endif /* HAVE_STRING_H */
+ #include "fnmatch.h"
+
+ /* Match STRING against the filename pattern PATTERN, returning zero
+@@ -196,6 +201,19 @@
+ return (0);
+
+ return (FNM_NOMATCH);
++}
++
++/* Return non-zero if S has a leading '/' or contains '../' */
++int
++has_insecure_name_p (const char *s)
++{
++ if (*s == '/')
++ return 1;
++
++ if (strstr(s, "../") != 0)
++ return 1;
++
++ return 0;
+ }
+
+ /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
+--- src/ftp.c.orig 2002/05/18 03:05:16 1.52.2.1
++++ src/ftp.c 2003/01/11 19:53:31 1.52.2.2
+@@ -1549,7 +1549,7 @@
+ static uerr_t
+ ftp_retrieve_glob (struct url *u, ccon *con, int action)
+ {
+- struct fileinfo *orig, *start;
++ struct fileinfo *f, *orig, *start;
+ uerr_t res;
+
+ con->cmd |= LEAVE_PENDING;
+@@ -1562,8 +1562,7 @@
+ opt.accepts and opt.rejects. */
+ if (opt.accepts || opt.rejects)
+ {
+- struct fileinfo *f = orig;
+-
++ f = orig;
+ while (f)
+ {
+ if (f->type != FT_DIRECTORY && !acceptable (f->name))
+@@ -1575,13 +1574,25 @@
+ f = f->next;
+ }
+ }
++ /* Remove all files with possible harmful names */
++ f = orig;
++ while (f)
++ {
++ if (has_insecure_name_p(f->name))
++ {
++ logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name);
++ f = delelement (f, &start);
++ }
++ else
++ f = f->next;
++ }
+ /* Now weed out the files that do not match our globbing pattern.
+ If we are dealing with a globbing pattern, that is. */
+ if (*u->file && (action == GLOBALL || action == GETONE))
+ {
+ int matchres = 0;
+- struct fileinfo *f = start;
+
++ f = start;
+ while (f)
+ {
+ matchres = fnmatch (u->file, f->name, 0);
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/wget/wget.spec
============================================================================
$ cvs diff -u -r1.22.2.1 -r1.22.2.2 wget.spec
--- openpkg-src/wget/wget.spec 26 Aug 2002 19:55:31 -0000 1.22.2.1
+++ openpkg-src/wget/wget.spec 23 Jan 2003 13:51:16 -0000 1.22.2.2
@@ -33,10 +33,11 @@
Group: Web
License: GPL
Version: 1.8.2
-Release: 1.1.0
+Release: 1.1.1
# list of sources
Source0: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.gz
+Patch0: wget.patch
# build information
Prefix: %{l_prefix}
@@ -54,6 +55,7 @@
%prep
%setup -q
+ %patch -p0
%build
CC="%{l_cc}" \
@@ -61,6 +63,7 @@
./configure \
--prefix=%{l_prefix} \
--sysconfdir=%{l_prefix}/etc/wget \
+ --without-ssl \
--disable-nls
%{l_make} %{l_mflags -O}
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
