summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Ahlberg <aliz@gentoo.org>2002-12-20 16:25:14 +0000
committerDaniel Ahlberg <aliz@gentoo.org>2002-12-20 16:25:14 +0000
commit5786ac2b655b85ad8ae8e4c16bb67356c1598424 (patch)
tree654211ae4e18d9d61eeb6a1b8c1e5f784a1e8d8c /net-misc/wget
parentfixed sed calls to work with <sed-4 (diff)
downloadgentoo-2-5786ac2b655b85ad8ae8e4c16bb67356c1598424.tar.gz
gentoo-2-5786ac2b655b85ad8ae8e4c16bb67356c1598424.tar.bz2
gentoo-2-5786ac2b655b85ad8ae8e4c16bb67356c1598424.zip
Security update
Diffstat (limited to 'net-misc/wget')
-rw-r--r--net-misc/wget/ChangeLog7
-rw-r--r--net-misc/wget/files/digest-wget-1.8.2-r23
-rw-r--r--net-misc/wget/files/wget-1.8.2-r2-gentoo.diff62
-rw-r--r--net-misc/wget/wget-1.8.2-r2.ebuild65
4 files changed, 136 insertions, 1 deletions
diff --git a/net-misc/wget/ChangeLog b/net-misc/wget/ChangeLog
index 76f3d19df5d0..f2f7d5a0b20b 100644
--- a/net-misc/wget/ChangeLog
+++ b/net-misc/wget/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for net-misc/wget
# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
-# $Header: /var/cvsroot/gentoo-x86/net-misc/wget/ChangeLog,v 1.8 2002/12/13 11:00:15 blizzy Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/wget/ChangeLog,v 1.9 2002/12/20 16:25:14 aliz Exp $
+
+*wget-1.8.2-r2 (20 Dec 2002)
+
+ 20 Dec 2002; Daniel Ahlberg <aliz@gentoo.org> :
+ Security update - added patch from RedHat.
06 Dec 2002; Rodney Rees <manson@gentoo.org> : changed sparc ~sparc keywords
diff --git a/net-misc/wget/files/digest-wget-1.8.2-r2 b/net-misc/wget/files/digest-wget-1.8.2-r2
new file mode 100644
index 000000000000..39c3be4eb0af
--- /dev/null
+++ b/net-misc/wget/files/digest-wget-1.8.2-r2
@@ -0,0 +1,3 @@
+MD5 a2473d7a53ebaf0a1bdb06f17059e8f1 wget-1.8.2.tar.gz 1154648
+MD5 8da1e4f2991384ddbd575f4109c2ab4a wget-new-percentage-cvs-20011209.tar.gz 12196
+MD5 06e82e110d99480c8c81a7c3531c8ca5 wget-1.8.2-ipv6-debian.patch.bz2 8353
diff --git a/net-misc/wget/files/wget-1.8.2-r2-gentoo.diff b/net-misc/wget/files/wget-1.8.2-r2-gentoo.diff
new file mode 100644
index 000000000000..0e6bb9e37ffc
--- /dev/null
+++ b/net-misc/wget/files/wget-1.8.2-r2-gentoo.diff
@@ -0,0 +1,62 @@
+diff -urN wget-1.8.2/src/fnmatch.c wget-1.8.2_save/src/fnmatch.c
+--- wget-1.8.2/src/fnmatch.c Sat May 18 05:05:15 2002
++++ wget-1.8.2_save/src/fnmatch.c Fri Oct 4 14:53:40 2002
+@@ -198,6 +198,17 @@
+ return (FNM_NOMATCH);
+ }
+
++/* Return non-zero if S has a leading '/' or contains '../' */
++int
++has_invalid_name (const char *s)
++{
++ if (*s == '/')
++ return 1;
++ if (strstr(s, "../") != 0)
++ return 1;
++ return 0;
++}
++
+ /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
+ `]'). */
+ int
+diff -urN wget-1.8.2/src/ftp.c wget-1.8.2_save/src/ftp.c
+--- wget-1.8.2/src/ftp.c Sat May 18 05:05:16 2002
++++ wget-1.8.2_save/src/ftp.c Fri Oct 4 15:07:22 2002
+@@ -1551,6 +1551,8 @@
+ {
+ struct fileinfo *orig, *start;
+ uerr_t res;
++ struct fileinfo *f;
++
+
+ con->cmd |= LEAVE_PENDING;
+
+@@ -1562,8 +1564,7 @@
+ opt.accepts and opt.rejects. */
+ if (opt.accepts || opt.rejects)
+ {
+- struct fileinfo *f = orig;
+-
++ f = orig;
+ while (f)
+ {
+ if (f->type != FT_DIRECTORY && !acceptable (f->name))
+@@ -1575,6 +1576,18 @@
+ f = f->next;
+ }
+ }
++ /* Remove all files with possible harmful names */
++ f = orig;
++ while (f)
++ {
++ if (has_invalid_name(f->name))
++ {
++ logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name);
++ f = delelement (f, &start);
++ }
++ else
++ f = f->next;
++ }
+ /* Now weed out the files that do not match our globbing pattern.
+ If we are dealing with a globbing pattern, that is. */
+ if (*u->file && (action == GLOBALL || action == GETONE))
diff --git a/net-misc/wget/wget-1.8.2-r2.ebuild b/net-misc/wget/wget-1.8.2-r2.ebuild
new file mode 100644
index 000000000000..985974731315
--- /dev/null
+++ b/net-misc/wget/wget-1.8.2-r2.ebuild
@@ -0,0 +1,65 @@
+# Copyright 1999-2002 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/wget/wget-1.8.2-r2.ebuild,v 1.1 2002/12/20 16:25:14 aliz Exp $
+
+IUSE="ssl nls static ipv6"
+
+NPVER=20011209
+S=${WORKDIR}/${P}
+DESCRIPTION="Network utility to retrieve files from the WWW"
+HOMEPAGE="http://www.cg.tuwien.ac.at/~prikryl/wget.html"
+SRC_URI="ftp://prep.ai.mit.edu/gnu/wget/${P}.tar.gz
+ ftp://gatekeeper.dec.com/pub/GNU/wget/${P}.tar.gz
+ http://www.biscom.net/~cade/away/wget-new-percentage/wget-new-percentage-cvs-${NPVER}.tar.gz
+ ipv6? mirror://gentoo/${P}-ipv6-debian.patch.bz2"
+
+RDEPEND="ssl? ( >=dev-libs/openssl-0.9.6b )"
+DEPEND="nls? ( sys-devel/gettext )"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="x86 ppc sparc alpha"
+
+src_unpack() {
+ unpack ${A}
+
+ cd ${S}
+ patch -p1 < ${FILESDIR}/${PF}-gentoo.diff || die
+
+ cd ${S}/src
+ patch -p0 < ${WORKDIR}/wget-new-percentage/wnp-20011208-2.diff || die
+
+ if use ipv6
+ then
+ cd ${S}
+ patch -p1 < ${WORKDIR}/${P}-ipv6-debian.patch || die
+ fi
+}
+
+src_compile() {
+ local myconf
+ use nls || myconf="--disable-nls"
+ use ssl && myconf="${myconf} --with-ssl"
+ use ssl || myconf="${myconf} --without-ssl --disable-opie --disable-digest"
+ [ -z "$DEBUG" ] && myconf="${myconf} --disable-debug"
+ use ssl && CFLAGS="${CFLAGS} -I/usr/include/openssl"
+ ./configure --prefix=/usr --sysconfdir=/etc/wget \
+ --infodir=/usr/share/info --mandir=usr/share/man $myconf || die
+ if use static; then
+ make LDFLAGS="--static" || die
+ else
+ make || die
+ fi
+}
+
+src_install() {
+ if use build; then
+ insinto /usr
+ dobin ${S}/src/wget
+ return
+ fi
+ make prefix=${D}/usr sysconfdir=${D}/etc/wget \
+ mandir=${D}/usr/share/man infodir=${D}/usr/share/info install || die
+ dodoc AUTHORS COPYING ChangeLog MACHINES MAILING-LIST NEWS README TODO
+ dodoc doc/sample.wgetrc
+}