Hello community,
here is the log from the commit of package wget for openSUSE:Factory
checked in at Sun Oct 16 13:01:46 CEST 2011.
--------
--- openSUSE:Factory/wget/wget.changes 2011-09-23 12:50:33.000000000 +0200
+++ /mounts/work_src_done/STABLE/wget/wget.changes 2011-10-15 20:21:27.000000000 +0200
@@ -1,0 +2,15 @@
+Sat Oct 15 18:19:59 UTC 2011 - crrodriguez@opensuse.org
+
+- fix typo in sni patch , in the IPV6 case should be
+ is_valid_ipv6_address() instead of is_valid_ipv4_address()
+- Add comment to the patch referencing upstream tracker.
+
+-------------------------------------------------------------------
+Fri Oct 14 05:01:53 UTC 2011 - crrodriguez@opensuse.org
+
+- Update nosslv2 patch with the version in upstream
+- Wget now supports SNI (server name indication), patch
+ based on a 2 year old fix submitted to upstream list
+ that somehow fell through the cracks.
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
wget-sni.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ wget.spec ++++++
--- /var/tmp/diff_new_pack.5uqKhi/_old 2011-10-16 13:01:42.000000000 +0200
+++ /var/tmp/diff_new_pack.5uqKhi/_new 2011-10-16 13:01:42.000000000 +0200
@@ -30,6 +30,7 @@
# PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget
Patch1: wget-libproxy.patch
Patch2: wget-1.12-nosslv2.patch
+Patch3: wget-sni.patch
BuildRequires: libpng-devel
BuildRequires: libproxy-devel
BuildRequires: openssl-devel
@@ -47,6 +48,7 @@
%patch0
%patch1 -p1
%patch2
+%patch3
%build
./autogen.sh
++++++ wget-1.12-nosslv2.patch ++++++
--- /var/tmp/diff_new_pack.5uqKhi/_old 2011-10-16 13:01:42.000000000 +0200
+++ /var/tmp/diff_new_pack.5uqKhi/_new 2011-10-16 13:01:42.000000000 +0200
@@ -1,36 +1,7 @@
---- src/init.c.orig
-+++ src/init.c
-@@ -1331,7 +1331,9 @@ cmd_spec_secure_protocol (const char *co
- {
- static const struct decode_item choices[] = {
- { "auto", secure_protocol_auto },
-+#ifndef OPENSSL_NO_SSL2
- { "sslv2", secure_protocol_sslv2 },
-+#endif
- { "sslv3", secure_protocol_sslv3 },
- { "tlsv1", secure_protocol_tlsv1 },
- };
---- src/openssl.c.orig
-+++ src/openssl.c
-@@ -42,6 +42,7 @@ as that of the covered work. */
- #include
- #include
- #include
-+#include
-
- #include "utils.h"
- #include "connect.h"
-@@ -178,15 +179,21 @@ ssl_init ()
- SSL_load_error_strings ();
- SSLeay_add_all_algorithms ();
- SSLeay_add_ssl_algorithms ();
-+/* Load all bundled ENGINEs into memory and make them visible */
-+ ENGINE_load_builtin_engines();
-+/* Register all of them for every algorithm they collectively implement */
-+ ENGINE_register_all_complete();
-
- switch (opt.secure_protocol)
- {
+=== modified file 'src/openssl.c'
+--- src/openssl.c 2011-04-04 14:56:51 +0000
++++ src/openssl.c 2011-04-11 09:08:39 +0000
+@@ -186,9 +186,11 @@
case secure_protocol_auto:
meth = SSLv23_client_method ();
break;
@@ -42,26 +13,4 @@
case secure_protocol_sslv3:
meth = SSLv3_client_method ();
break;
---- src/options.h.orig
-+++ src/options.h
-@@ -171,7 +171,9 @@ struct options
- #ifdef HAVE_SSL
- enum {
- secure_protocol_auto,
-+#ifndef OPENSSL_NO_SSL2
- secure_protocol_sslv2,
-+#endif
- secure_protocol_sslv3,
- secure_protocol_tlsv1
- } secure_protocol; /* type of secure protocol to use. */
---- src/iri.c.orig
-+++ src/iri.c
-@@ -114,7 +114,7 @@ check_encoding_name (char *encoding)
- static bool
- open_locale_to_utf8 (void)
- {
--
-+ return true;
- }
-
- /* Try converting string str from locale to UTF-8. Return a new string
+
++++++ wget-sni.patch ++++++
https://savannah.gnu.org/bugs/?func=detailitem&item_id=26786
=== modified file 'src/host.c'
--- src/host.c.orig
+++ src/host.c
@@ -904,3 +904,19 @@ host_cleanup (void)
host_name_addresses_map = NULL;
}
}
+
+/* Determine whether or not a hostname is an IP address that we recognise. */
+bool
+is_ip_address (const char *name)
+{
+ const char *endp;
+
+ endp = name + strlen(name);
+ if (is_valid_ipv4_address(name, endp))
+ return true;
+#ifdef ENABLE_IPV6
+ if (is_valid_ipv6_address(name, endp))
+ return true;
+#endif
+ return false;
+}
--- src/host.h.orig
+++ src/host.h
@@ -101,5 +101,5 @@ bool accept_domain (struct url *);
bool sufmatch (const char **, const char *);
void host_cleanup (void);
-
+bool is_ip_address(const char *);
#endif /* HOST_H */
--- src/http.c.orig
+++ src/http.c
@@ -1762,7 +1762,7 @@ gethttp (struct url *u, struct http_stat
if (conn->scheme == SCHEME_HTTPS)
{
- if (!ssl_connect_wget (sock))
+ if (!ssl_connect_wget (sock, u->host))
{
fd_close (sock);
return CONSSLERR;
--- src/openssl.c.orig
+++ src/openssl.c
@@ -42,12 +42,12 @@ as that of the covered work. */
#include
#include
#include
-
+#include
#include "utils.h"
#include "connect.h"
#include "url.h"
#include "ssl.h"
-
+#include "host.h"
/* Application-wide SSL context. This is common to all SSL
connections. */
static SSL_CTX *ssl_ctx;
@@ -173,11 +173,15 @@ ssl_init ()
_("Could not seed PRNG; consider using --random-file.\n"));
goto error;
}
-
+ OPENSSL_config(NULL);
SSL_library_init ();
SSL_load_error_strings ();
SSLeay_add_all_algorithms ();
SSLeay_add_ssl_algorithms ();
+ /* Load all bundled ENGINEs into memory and make them visible */
+ ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+ ENGINE_register_all_complete();
switch (opt.secure_protocol)
{
@@ -237,7 +241,10 @@ ssl_init ()
/* The OpenSSL library can handle renegotiations automatically, so
tell it to do so. */
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY);
-
+#ifdef SSL_MODE_RELEASE_BUFFERS
+ /* Keep memory usage as low as possible */
+ SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
return true;
error:
@@ -392,7 +399,7 @@ static struct transport_implementation o
Returns true on success, false on failure. */
bool
-ssl_connect_wget (int fd)
+ssl_connect_wget (int fd, const char *hostname)
{
SSL *conn;
struct openssl_transport_context *ctx;
@@ -403,6 +410,18 @@ ssl_connect_wget (int fd)
conn = SSL_new (ssl_ctx);
if (!conn)
goto error;
+
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+ /* If the SSL library was build with support for ServerNameIndication
+ then use it whenever we have a hostname. If not, don't, ever. */
+ if (!is_ip_address(hostname))
+ {
+ if (!SSL_set_tlsext_host_name(conn, hostname)) {
+ DEBUGP (("Failed to set TLS server-name indication."));
+ goto error;
+ }
+ }
+#endif
if (!SSL_set_fd (conn, fd))
goto error;
SSL_set_connect_state (conn);
--- src/ssl.h.orig
+++ src/ssl.h
@@ -33,7 +33,7 @@ as that of the covered work. */
#define GEN_SSLFUNC_H
bool ssl_init (void);
-bool ssl_connect_wget (int);
+bool ssl_connect_wget (int, const char *);
bool ssl_check_certificate (int, const char *);
#endif /* GEN_SSLFUNC_H */
--- src/iri.c.orig
+++ src/iri.c
@@ -114,7 +114,7 @@ check_encoding_name (char *encoding)
static bool
open_locale_to_utf8 (void)
{
-
+ return true;
}
/* Try converting string str from locale to UTF-8. Return a new string
continue with "q"...
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org