On Tue, Nov 4, 2014 at 11:58 PM, Christian Weisgerber <na...@mips.inka.de> wrote: > Here's an update of net/wget to 1.16. > > I've added the required dependencies to (successfully) run all the > regression tests. wget 1.15 would just skip most tests if the > dependencies weren't installed, but 1.16 treats them as errors. > > I think the src/Makefile.in patch can go because @LIBINTL@ includes > libiconv, i.e., @LIBICONV@ @LIBINTL@ will expand to something like > -liconv -lintl -liconv. Somebody who cares about vax may want to > double check. > > Comments, questions, ok?
works for me. Ok dcoppa@ > Index: Makefile > =================================================================== > RCS file: /cvs/ports/net/wget/Makefile,v > retrieving revision 1.63 > diff -u -p -r1.63 Makefile > --- Makefile 27 Oct 2014 15:28:39 -0000 1.63 > +++ Makefile 4 Nov 2014 22:39:22 -0000 > @@ -2,8 +2,7 @@ > > COMMENT = retrieve files from the web via HTTP, HTTPS and FTP > > -DISTNAME = wget-1.15 > -REVISION = 0 > +DISTNAME = wget-1.16 > CATEGORIES = net > > HOMEPAGE = https://www.gnu.org/software/wget/ > @@ -16,19 +15,28 @@ LIB_DEPENDS = devel/libidn \ > devel/pcre > > MASTER_SITES = ${MASTER_SITE_GNU:=wget/} > +EXTRACT_SUFX = .tar.xz > > MODULES = devel/gettext > > -FAKE_FLAGS = sysconfdir="${PREFIX}/share/examples/wget" > +TEST_DEPENDS = www/p5-HTTP-Daemon lang/python/3.4 > +# Test-proxied-https-auth.px > +TEST_DEPENDS += www/p5-HTTP-Message security/p5-IO-Socket-SSL > + > +FAKE_FLAGS = sysconfdir="${PREFIX}/share/examples/wget" > > CONFIGURE_STYLE = gnu > -CONFIGURE_ARGS = --with-ssl=openssl > +CONFIGURE_ARGS = --without-libpsl --with-ssl=openssl > CONFIGURE_ENV += CPPFLAGS="-I${LOCALBASE}/include" \ > LDFLAGS="-L${LOCALBASE}/lib" > # do not pick up libuuid from sysutils/e2fsprogs > CONFIGURE_ENV += ac_cv_header_uuid_uuid_h=no > +MODGNU_CONFIG_GUESS_DIRS=${WRKSRC}/build-aux > > pre-build: > @${SUBST_CMD} ${WRKSRC}/doc/wget.texi ${WRKSRC}/doc/sample.wgetrc > + > +pre-test: > + @ln -s ${LOCALBASE}/bin/python3.4 ${WRKDIR}/bin/python3 > > .include <bsd.port.mk> > Index: distinfo > =================================================================== > RCS file: /cvs/ports/net/wget/distinfo,v > retrieving revision 1.13 > diff -u -p -r1.13 distinfo > --- distinfo 29 Jan 2014 06:08:42 -0000 1.13 > +++ distinfo 4 Nov 2014 22:39:22 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (wget-1.15.tar.gz) = UhJr6M8b3ddTaIbnTAU619DtKqibS2MPdnhbrCFpX80= > -SIZE (wget-1.15.tar.gz) = 3417936 > +SHA256 (wget-1.16.tar.xz) = kmHdCQoXaHttwGgqJX6QqSbe8VYktlDo95mvV+XIsOc= > +SIZE (wget-1.16.tar.xz) = 1697308 > Index: patches/patch-doc_wget_texi > =================================================================== > RCS file: /cvs/ports/net/wget/patches/patch-doc_wget_texi,v > retrieving revision 1.7 > diff -u -p -r1.7 patch-doc_wget_texi > --- patches/patch-doc_wget_texi 27 Oct 2014 15:28:39 -0000 1.7 > +++ patches/patch-doc_wget_texi 4 Nov 2014 22:39:22 -0000 > @@ -1,23 +1,7 @@ > $OpenBSD: patch-doc_wget_texi,v 1.7 2014/10/27 15:28:39 jasper Exp $ > - > -Security fix for CVE-2014-4877, Arbitrary Symlink Access > -http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 > - > ---- doc/wget.texi.orig Sat Jan 4 13:49:47 2014 > -+++ doc/wget.texi Mon Oct 27 16:19:34 2014 > -@@ -10,6 +10,11 @@ > - @setchapternewpage on > - @c %**end of header > - > -+@dircategory Networking tools > -+@direntry > -+* Wget: (wget.info). A utility for network download. > -+@end direntry > -+ > - @iftex > - @c Remove this if you don't use A4 paper. > - @afourpaper > -@@ -190,14 +195,14 @@ gauge can be customized to your preferences. > +--- doc/wget.texi.orig Mon Oct 27 09:18:13 2014 > ++++ doc/wget.texi Tue Nov 4 22:27:21 2014 > +@@ -190,14 +190,14 @@ gauge can be customized to your preferences. > Most of the features are fully configurable, either through command line > options, or via the initialization file @file{.wgetrc} (@pxref{Startup > File}). Wget allows you to define @dfn{global} startup files > @@ -34,36 +18,7 @@ http://git.savannah.gnu.org/cgit/wget.gi > Default location of the @dfn{global} startup file. > > @item .wgetrc > -@@ -1837,17 +1842,18 @@ Preserve remote file permissions instead of > permission > - > - @cindex symbolic links, retrieving > - @item --retr-symlinks > --Usually, when retrieving @sc{ftp} directories recursively and a symbolic > --link is encountered, the linked-to file is not downloaded. Instead, a > --matching symbolic link is created on the local filesystem. The > --pointed-to file will not be downloaded unless this recursive retrieval > --would have encountered it separately and downloaded it anyway. > -+By default, when retrieving @sc{ftp} directories recursively and a symbolic > link > -+is encountered, the symbolic link is traversed and the pointed-to files are > -+retrieved. Currently, Wget does not traverse symbolic links to directories > to > -+download them recursively, though this feature may be added in the future. > - > --When @samp{--retr-symlinks} is specified, however, symbolic links are > --traversed and the pointed-to files are retrieved. At this time, this > --option does not cause Wget to traverse symlinks to directories and > --recurse through them, but in the future it should be enhanced to do > --this. > -+When @samp{--retr-symlinks=no} is specified, the linked-to file is not > -+downloaded. Instead, a matching symbolic link is created on the local > -+filesystem. The pointed-to file will not be retrieved unless this recursive > -+retrieval would have encountered it separately and downloaded it anyway. > This > -+option poses a security risk where a malicious FTP Server may cause Wget to > -+write to files outside of the intended directories through a specially > crafted > -+@sc{.listing} file. > - > - Note that when retrieving a file (not a directory) because it was > - specified on the command-line, rather than because it was recursed to, > -@@ -2817,9 +2823,8 @@ commands. > +@@ -2864,9 +2864,8 @@ commands. > @cindex location of wgetrc > > When initializing, Wget will look for a @dfn{global} startup file, > @@ -75,7 +30,7 @@ http://git.savannah.gnu.org/cgit/wget.gi > > Then it will look for the user's file. If the environmental variable > @code{WGETRC} is set, Wget will try to load that file. Failing that, no > -@@ -2829,7 +2834,7 @@ If @code{WGETRC} is not set, Wget will try to load @fi > +@@ -2876,7 +2875,7 @@ If @code{WGETRC} is not set, Wget will try to load @fi > > The fact that user's settings are loaded after the system-wide ones > means that in case of collision user's wgetrc @emph{overrides} the > Index: patches/patch-src_Makefile_in > =================================================================== > RCS file: patches/patch-src_Makefile_in > diff -N patches/patch-src_Makefile_in > --- patches/patch-src_Makefile_in 29 Jan 2014 06:08:42 -0000 1.4 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,16 +0,0 @@ > -$OpenBSD: patch-src_Makefile_in,v 1.4 2014/01/29 06:08:42 dcoppa Exp $ > - > -Fix linking order so this works on static arches too. > -(libidn before libintl before libiconv). > - > ---- src/Makefile.in.orig Sun Jan 19 11:00:38 2014 > -+++ src/Makefile.in Mon Jan 27 13:15:20 2014 > -@@ -954,7 +954,7 @@ LIBMULTITHREAD = @LIBMULTITHREAD@ > - LIBOBJS = @LIBOBJS@ > - LIBPTH = @LIBPTH@ > - LIBPTH_PREFIX = @LIBPTH_PREFIX@ > --LIBS = @LIBICONV@ @LIBINTL@ @LIBS@ $(LIB_CLOCK_GETTIME) > -+LIBS = @LIBS@ @LIBINTL@ @LIBICONV@ $(LIB_CLOCK_GETTIME) > - LIBSOCKET = @LIBSOCKET@ > - LIBSSL = @LIBSSL@ > - LIBSSL_PREFIX = @LIBSSL_PREFIX@ > Index: patches/patch-src_init_c > =================================================================== > RCS file: patches/patch-src_init_c > diff -N patches/patch-src_init_c > --- patches/patch-src_init_c 27 Oct 2014 15:28:39 -0000 1.3 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,30 +0,0 @@ > -$OpenBSD: patch-src_init_c,v 1.3 2014/10/27 15:28:39 jasper Exp $ > - > -Security fix for CVE-2014-4877, Arbitrary Symlink Access > -http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 > - > ---- src/init.c.orig Mon Oct 27 16:13:23 2014 > -+++ src/init.c Mon Oct 27 16:15:38 2014 > -@@ -364,6 +364,22 @@ defaults (void) > - > - opt.dns_cache = true; > - opt.ftp_pasv = true; > -+ /* 2014-09-07 Darshit Shah <dar...@gmail.com> > -+ * opt.retr_symlinks is set to true by default. Creating symbolic links > on the > -+ * local filesystem pose a security threat by malicious FTP Servers that > -+ * server a specially crafted .listing file akin to this: > -+ * > -+ * lrwxrwxrwx 1 root root 33 Dec 25 2012 JoCxl6d8rFU -> / > -+ * drwxrwxr-x 15 1024 106 4096 Aug 28 02:02 JoCxl6d8rFU > -+ * > -+ * A .listing file in this fashion makes Wget susceptiple to a symlink > attack > -+ * wherein the attacker is able to create arbitrary files, directories and > -+ * symbolic links on the target system and even set permissions. > -+ * > -+ * Hence, by default Wget attempts to retrieve the pointed-to files and > does > -+ * not create the symbolic links locally. > -+ */ > -+ opt.retr_symlinks = true; > - > - #ifdef HAVE_SSL > - opt.check_cert = true; > Index: patches/patch-src_openssl_c > =================================================================== > RCS file: /cvs/ports/net/wget/patches/patch-src_openssl_c,v > retrieving revision 1.7 > diff -u -p -r1.7 patch-src_openssl_c > --- patches/patch-src_openssl_c 19 Apr 2014 12:14:15 -0000 1.7 > +++ patches/patch-src_openssl_c 4 Nov 2014 22:39:22 -0000 > @@ -1,7 +1,7 @@ > $OpenBSD: patch-src_openssl_c,v 1.7 2014/04/19 12:14:15 sthen Exp $ > ---- src/openssl.c.orig Sat Apr 19 06:12:48 2014 > -+++ src/openssl.c Sat Apr 19 06:13:18 2014 > -@@ -86,9 +86,11 @@ init_prng (void) > +--- src/openssl.c.orig Mon Oct 27 09:15:33 2014 > ++++ src/openssl.c Tue Nov 4 22:27:21 2014 > +@@ -89,9 +89,11 @@ init_prng (void) > if (RAND_status ()) > return; > > Index: patches/patch-tests_Test-stdouterr_px > =================================================================== > RCS file: patches/patch-tests_Test-stdouterr_px > diff -N patches/patch-tests_Test-stdouterr_px > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-tests_Test-stdouterr_px 4 Nov 2014 22:39:22 -0000 > @@ -0,0 +1,12 @@ > +$OpenBSD$ > +--- tests/Test-stdouterr.px.orig Mon Oct 27 09:15:33 2014 > ++++ tests/Test-stdouterr.px Tue Nov 4 23:20:32 2014 > +@@ -21,7 +21,7 @@ my %urls = ( > + ); > + > + unless(-e "/dev/full") { > +- exit 2; # skip > ++ exit 77; # skip > + } > + > + my $cmdline = $WgetTest::WGETPATH . " -c > http://localhost:{{port}}/somefile.txt -O /dev/full"; > > -- > Christian "naddy" Weisgerber na...@mips.inka.de > -- "If you try a few times and give up, you'll never get there. But if you keep at it... There's a lot of problems in the world which can really be solved by applying two or three times the persistence that other people will." -- Stewart Nelson
