diff options
author | Daniel Ahlberg <aliz@gentoo.org> | 2002-12-20 16:25:14 +0000 |
---|---|---|
committer | Daniel Ahlberg <aliz@gentoo.org> | 2002-12-20 16:25:14 +0000 |
commit | 5786ac2b655b85ad8ae8e4c16bb67356c1598424 (patch) | |
tree | 654211ae4e18d9d61eeb6a1b8c1e5f784a1e8d8c /net-misc/wget | |
parent | fixed sed calls to work with <sed-4 (diff) | |
download | gentoo-2-5786ac2b655b85ad8ae8e4c16bb67356c1598424.tar.gz gentoo-2-5786ac2b655b85ad8ae8e4c16bb67356c1598424.tar.bz2 gentoo-2-5786ac2b655b85ad8ae8e4c16bb67356c1598424.zip |
Security update
Diffstat (limited to 'net-misc/wget')
-rw-r--r-- | net-misc/wget/ChangeLog | 7 | ||||
-rw-r--r-- | net-misc/wget/files/digest-wget-1.8.2-r2 | 3 | ||||
-rw-r--r-- | net-misc/wget/files/wget-1.8.2-r2-gentoo.diff | 62 | ||||
-rw-r--r-- | net-misc/wget/wget-1.8.2-r2.ebuild | 65 |
4 files changed, 136 insertions, 1 deletions
diff --git a/net-misc/wget/ChangeLog b/net-misc/wget/ChangeLog index 76f3d19df5d0..f2f7d5a0b20b 100644 --- a/net-misc/wget/ChangeLog +++ b/net-misc/wget/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-misc/wget # Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL -# $Header: /var/cvsroot/gentoo-x86/net-misc/wget/ChangeLog,v 1.8 2002/12/13 11:00:15 blizzy Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/wget/ChangeLog,v 1.9 2002/12/20 16:25:14 aliz Exp $ + +*wget-1.8.2-r2 (20 Dec 2002) + + 20 Dec 2002; Daniel Ahlberg <aliz@gentoo.org> : + Security update - added patch from RedHat. 06 Dec 2002; Rodney Rees <manson@gentoo.org> : changed sparc ~sparc keywords diff --git a/net-misc/wget/files/digest-wget-1.8.2-r2 b/net-misc/wget/files/digest-wget-1.8.2-r2 new file mode 100644 index 000000000000..39c3be4eb0af --- /dev/null +++ b/net-misc/wget/files/digest-wget-1.8.2-r2 @@ -0,0 +1,3 @@ +MD5 a2473d7a53ebaf0a1bdb06f17059e8f1 wget-1.8.2.tar.gz 1154648 +MD5 8da1e4f2991384ddbd575f4109c2ab4a wget-new-percentage-cvs-20011209.tar.gz 12196 +MD5 06e82e110d99480c8c81a7c3531c8ca5 wget-1.8.2-ipv6-debian.patch.bz2 8353 diff --git a/net-misc/wget/files/wget-1.8.2-r2-gentoo.diff b/net-misc/wget/files/wget-1.8.2-r2-gentoo.diff new file mode 100644 index 000000000000..0e6bb9e37ffc --- /dev/null +++ b/net-misc/wget/files/wget-1.8.2-r2-gentoo.diff @@ -0,0 +1,62 @@ +diff -urN wget-1.8.2/src/fnmatch.c wget-1.8.2_save/src/fnmatch.c +--- wget-1.8.2/src/fnmatch.c Sat May 18 05:05:15 2002 ++++ wget-1.8.2_save/src/fnmatch.c Fri Oct 4 14:53:40 2002 +@@ -198,6 +198,17 @@ + return (FNM_NOMATCH); + } + ++/* Return non-zero if S has a leading '/' or contains '../' */ ++int ++has_invalid_name (const char *s) ++{ ++ if (*s == '/') ++ return 1; ++ if (strstr(s, "../") != 0) ++ return 1; ++ return 0; ++} ++ + /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or + `]'). */ + int +diff -urN wget-1.8.2/src/ftp.c wget-1.8.2_save/src/ftp.c +--- wget-1.8.2/src/ftp.c Sat May 18 05:05:16 2002 ++++ wget-1.8.2_save/src/ftp.c Fri Oct 4 15:07:22 2002 +@@ -1551,6 +1551,8 @@ + { + struct fileinfo *orig, *start; + uerr_t res; ++ struct fileinfo *f; ++ + + con->cmd |= LEAVE_PENDING; + +@@ -1562,8 +1564,7 @@ + opt.accepts and opt.rejects. */ + if (opt.accepts || opt.rejects) + { +- struct fileinfo *f = orig; +- ++ f = orig; + while (f) + { + if (f->type != FT_DIRECTORY && !acceptable (f->name)) +@@ -1575,6 +1576,18 @@ + f = f->next; + } + } ++ /* Remove all files with possible harmful names */ ++ f = orig; ++ while (f) ++ { ++ if (has_invalid_name(f->name)) ++ { ++ logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name); ++ f = delelement (f, &start); ++ } ++ else ++ f = f->next; ++ } + /* Now weed out the files that do not match our globbing pattern. + If we are dealing with a globbing pattern, that is. */ + if (*u->file && (action == GLOBALL || action == GETONE)) diff --git a/net-misc/wget/wget-1.8.2-r2.ebuild b/net-misc/wget/wget-1.8.2-r2.ebuild new file mode 100644 index 000000000000..985974731315 --- /dev/null +++ b/net-misc/wget/wget-1.8.2-r2.ebuild @@ -0,0 +1,65 @@ +# Copyright 1999-2002 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/wget/wget-1.8.2-r2.ebuild,v 1.1 2002/12/20 16:25:14 aliz Exp $ + +IUSE="ssl nls static ipv6" + +NPVER=20011209 +S=${WORKDIR}/${P} +DESCRIPTION="Network utility to retrieve files from the WWW" +HOMEPAGE="http://www.cg.tuwien.ac.at/~prikryl/wget.html" +SRC_URI="ftp://prep.ai.mit.edu/gnu/wget/${P}.tar.gz + ftp://gatekeeper.dec.com/pub/GNU/wget/${P}.tar.gz + http://www.biscom.net/~cade/away/wget-new-percentage/wget-new-percentage-cvs-${NPVER}.tar.gz + ipv6? mirror://gentoo/${P}-ipv6-debian.patch.bz2" + +RDEPEND="ssl? ( >=dev-libs/openssl-0.9.6b )" +DEPEND="nls? ( sys-devel/gettext )" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="x86 ppc sparc alpha" + +src_unpack() { + unpack ${A} + + cd ${S} + patch -p1 < ${FILESDIR}/${PF}-gentoo.diff || die + + cd ${S}/src + patch -p0 < ${WORKDIR}/wget-new-percentage/wnp-20011208-2.diff || die + + if use ipv6 + then + cd ${S} + patch -p1 < ${WORKDIR}/${P}-ipv6-debian.patch || die + fi +} + +src_compile() { + local myconf + use nls || myconf="--disable-nls" + use ssl && myconf="${myconf} --with-ssl" + use ssl || myconf="${myconf} --without-ssl --disable-opie --disable-digest" + [ -z "$DEBUG" ] && myconf="${myconf} --disable-debug" + use ssl && CFLAGS="${CFLAGS} -I/usr/include/openssl" + ./configure --prefix=/usr --sysconfdir=/etc/wget \ + --infodir=/usr/share/info --mandir=usr/share/man $myconf || die + if use static; then + make LDFLAGS="--static" || die + else + make || die + fi +} + +src_install() { + if use build; then + insinto /usr + dobin ${S}/src/wget + return + fi + make prefix=${D}/usr sysconfdir=${D}/etc/wget \ + mandir=${D}/usr/share/man infodir=${D}/usr/share/info install || die + dodoc AUTHORS COPYING ChangeLog MACHINES MAILING-LIST NEWS README TODO + dodoc doc/sample.wgetrc +} |