OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 23-Jan-2003 14:51:17 Branch: OPENPKG_1_1_SOLID Handle: 2003012313511600 Added files: (Branch: OPENPKG_1_1_SOLID) openpkg-src/wget wget.patch Modified files: (Branch: OPENPKG_1_1_SOLID) openpkg-src/wget wget.spec Log: SA-2003.007-wget; CAN-2002-1344; fix unsupported SSL autodetection Summary: Revision Changes Path 1.1.6.1 +82 -0 openpkg-src/wget/wget.patch 1.22.2.2 +4 -1 openpkg-src/wget/wget.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/wget/wget.patch ============================================================================ $ cvs diff -u -r0 -r1.1.6.1 wget.patch --- /dev/null 2003-01-23 14:51:17.000000000 +0100 +++ wget.patch 2003-01-23 14:51:17.000000000 +0100 @@ -0,0 +1,82 @@ +--- src/fnmatch.c.orig 2002/05/18 03:05:15 1.2.2.1 ++++ src/fnmatch.c 2003/01/11 19:53:31 1.2.2.2 +@@ -35,6 +35,11 @@ + + #include <errno.h> + #include "wget.h" ++#ifdef HAVE_STRING_H ++# include <string.h> ++#else ++# include <strings.h> ++#endif /* HAVE_STRING_H */ + #include "fnmatch.h" + + /* Match STRING against the filename pattern PATTERN, returning zero +@@ -196,6 +201,19 @@ + return (0); + + return (FNM_NOMATCH); ++} ++ ++/* Return non-zero if S has a leading '/' or contains '../' */ ++int ++has_insecure_name_p (const char *s) ++{ ++ if (*s == '/') ++ return 1; ++ ++ if (strstr(s, "../") != 0) ++ return 1; ++ ++ return 0; + } + + /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or +--- src/ftp.c.orig 2002/05/18 03:05:16 1.52.2.1 ++++ src/ftp.c 2003/01/11 19:53:31 1.52.2.2 +@@ -1549,7 +1549,7 @@ + static uerr_t + ftp_retrieve_glob (struct url *u, ccon *con, int action) + { +- struct fileinfo *orig, *start; ++ struct fileinfo *f, *orig, *start; + uerr_t res; + + con->cmd |= LEAVE_PENDING; +@@ -1562,8 +1562,7 @@ + opt.accepts and opt.rejects. */ + if (opt.accepts || opt.rejects) + { +- struct fileinfo *f = orig; +- ++ f = orig; + while (f) + { + if (f->type != FT_DIRECTORY && !acceptable (f->name)) +@@ -1575,13 +1574,25 @@ + f = f->next; + } + } ++ /* Remove all files with possible harmful names */ ++ f = orig; ++ while (f) ++ { ++ if (has_insecure_name_p(f->name)) ++ { ++ logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name); ++ f = delelement (f, &start); ++ } ++ else ++ f = f->next; ++ } + /* Now weed out the files that do not match our globbing pattern. + If we are dealing with a globbing pattern, that is. */ + if (*u->file && (action == GLOBALL || action == GETONE)) + { + int matchres = 0; +- struct fileinfo *f = start; + ++ f = start; + while (f) + { + matchres = fnmatch (u->file, f->name, 0); @@ . patch -p0 <<'@@ .' Index: openpkg-src/wget/wget.spec ============================================================================ $ cvs diff -u -r1.22.2.1 -r1.22.2.2 wget.spec --- openpkg-src/wget/wget.spec 26 Aug 2002 19:55:31 -0000 1.22.2.1 +++ openpkg-src/wget/wget.spec 23 Jan 2003 13:51:16 -0000 1.22.2.2 @@ -33,10 +33,11 @@ Group: Web License: GPL Version: 1.8.2 -Release: 1.1.0 +Release: 1.1.1 # list of sources Source0: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.gz +Patch0: wget.patch # build information Prefix: %{l_prefix} @@ -54,6 +55,7 @@ %prep %setup -q + %patch -p0 %build CC="%{l_cc}" \ @@ -61,6 +63,7 @@ ./configure \ --prefix=%{l_prefix} \ --sysconfdir=%{l_prefix}/etc/wget \ + --without-ssl \ --disable-nls %{l_make} %{l_mflags -O} @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]