Home Explore Help
Sign In
openpkg
/
openpkg-packages
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0
Browse Source

include security patches

Ralf S. Engelschall 23 years ago
parent
1902d15aec
commit
8004c8e426
2 changed files with 92 additions and 1 deletions
Split View Show Diff Stats
  1. 89 0
      wget/wget.patch
  2. 3 1
      wget/wget.spec

+ 89 - 0
wget/wget.patch
View File 

@@ -0,0 +1,89 @@
 
+diff -urN wget-1.8.2/src/fnmatch.c wget-1.8.2_save/src/fnmatch.c
 
+--- wget-1.8.2/src/fnmatch.c	Sat May 18 05:05:15 2002
 
++++ wget-1.8.2_save/src/fnmatch.c	Fri Oct  4 14:53:40 2002
 
+@@ -198,6 +198,17 @@
 
+   return (FNM_NOMATCH);
 
+ }
 
+ 
++/* Return non-zero if S has a leading '/'  or contains '../' */
 
++int
 
++has_invalid_name (const char *s)
 
++{
 
++	if (*s == '/')
 
++		return 1;
 
++	if (strstr(s, "../") != 0)
 
++		return 1;
 
++	return 0;
 
++}
 
++
 
+ /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
 
+    `]').  */
 
+ int
 
+diff -urN wget-1.8.2/src/ftp.c wget-1.8.2_save/src/ftp.c
 
+--- wget-1.8.2/src/ftp.c	Sat May 18 05:05:16 2002
 
++++ wget-1.8.2_save/src/ftp.c	Fri Oct  4 15:07:22 2002
 
+@@ -1551,6 +1551,8 @@
 
+ {
 
+   struct fileinfo *orig, *start;
 
+   uerr_t res;
 
++  struct fileinfo *f;
 
++
 
+ 
+   con->cmd |= LEAVE_PENDING;
 
+ 
+@@ -1562,8 +1564,7 @@
 
+      opt.accepts and opt.rejects.  */
 
+   if (opt.accepts || opt.rejects)
 
+     {
 
+-      struct fileinfo *f = orig;
 
+-
 
++	f = orig;
 
+       while (f)
 
+ 	{
 
+ 	  if (f->type != FT_DIRECTORY && !acceptable (f->name))
 
+@@ -1575,6 +1576,18 @@
 
+ 	    f = f->next;
 
+ 	}
 
+     }
 
++  /* Remove all files with possible harmful names */
 
++  f = orig;
 
++  while (f)
 
++  {
 
++     if (has_invalid_name(f->name))
 
++     {
 
++	  logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name);
 
++	  f = delelement (f, &start);
 
++     }
 
++     else
 
++	  f = f->next;
 
++  }
 
+   /* Now weed out the files that do not match our globbing pattern.
 
+      If we are dealing with a globbing pattern, that is.  */
 
+   if (*u->file && (action == GLOBALL || action == GETONE))
 
+--- wget-1.8.2/src/url.c.fpons	2002-09-04 16:16:52.000000000 +0200
 
++++ wget-1.8.2/src/url.c	2002-09-04 16:32:14.000000000 +0200
 
+@@ -499,14 +499,18 @@
 
+ int
 
+ url_skip_uname (const char *url)
 
+ {
 
+-  const char *p;
 
++  const char *p, *pp;
 
+ 
+-  /* Look for '@' that comes before '/' or '?'. */
 
+-  p = (const char *)strpbrk (url, "/?@");
 
+-  if (!p || *p != '@')
 
+-    return 0;
 
++  /* Look for last '@' that comes before '/' or '?'. */
 
++  pp = url;
 
++  while ((p = (const char *)strpbrk (pp, "/?@")) != NULL) {
 
++    if (*p != '@')
 
++      break;
 
++    /* Found '@' character so go on with possible next '@'. */
 
++    pp = p + 1;
 
++  }
 
+ 
+-  return p - url + 1;
 
++  return pp != url ? pp - url: 0;
 
+ }
 
+ 
+ static int

+ 3 - 1
wget/wget.spec
View File 

@@ -33,10 +33,11 @@ Distribution: OpenPKG [BASE]
 
 Group:        Web
 
 License:      GPL
 
 Version:      1.8.2
 
-Release:      20021206
 
+Release:      20021216
 
 
 #   list of sources
 
 Source0:      ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.gz
 
+Patch0:       wget.patch
 
 
 #   build information
 
 Prefix:       %{l_prefix}
 
@@ -54,6 +55,7 @@ AutoReqProv:  no
 
 
 %prep
 
     %setup -q
 
+    %patch -p1
 
 
 %build
 
     CC="%{l_cc}" \