1 |
vapier 13/12/23 07:24:00 |
2 |
|
3 |
Added: wget-1.14-pkg-config.patch |
4 |
wget-1.14-gnutls-ssl.patch wget-1.14-wgetrc.patch |
5 |
Log: |
6 |
Add fix from upstream for gnutls/ssl connection rejections #479948 by Scott Bertilson. Document user agent issue in /etc/wgetrc wrt portage fetching #327229. Update the pkg-config patch to cover more libraries #438912. |
7 |
|
8 |
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key FB7C4156) |
9 |
|
10 |
Revision Changes Path |
11 |
1.1 net-misc/wget/files/wget-1.14-pkg-config.patch |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.14-pkg-config.patch?rev=1.1&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.14-pkg-config.patch?rev=1.1&content-type=text/plain |
15 |
|
16 |
Index: wget-1.14-pkg-config.patch |
17 |
=================================================================== |
18 |
From b97942cd6b496501b396ea3bc2710010f4591542 Mon Sep 17 00:00:00 2001 |
19 |
From: Mike Frysinger <vapier@g.o> |
20 |
Date: Mon, 21 May 2012 18:39:59 -0400 |
21 |
Subject: [PATCH] detect openssl/pcre/libuuid/zlib via pkg-config if it's |
22 |
available |
23 |
|
24 |
Newer versions of these packages ship with pkg-config files, so if we can |
25 |
detect it via those, do so. If that fails, fall back to the old methods. |
26 |
|
27 |
Signed-off-by: Mike Frysinger <vapier@g.o> |
28 |
--- |
29 |
configure.ac | 110 ++++++++++++++++++++++++++++++++++++++--------------------- |
30 |
1 file changed, 71 insertions(+), 39 deletions(-) |
31 |
|
32 |
diff --git a/configure.ac b/configure.ac |
33 |
index 873c3c9..779ff39 100644 |
34 |
--- a/configure.ac |
35 |
+++ b/configure.ac |
36 |
@@ -68,6 +68,9 @@ AC_ARG_WITH(ssl, |
37 |
AC_ARG_WITH(zlib, |
38 |
[[ --without-zlib disable zlib ]]) |
39 |
|
40 |
+AC_ARG_ENABLE(pcre, AC_HELP_STRING([--disable-pcre], |
41 |
+ [Disable PCRE style regular expressions])) |
42 |
+ |
43 |
AC_ARG_ENABLE(opie, |
44 |
[ --disable-opie disable support for opie or s/key FTP login], |
45 |
ENABLE_OPIE=$enableval, ENABLE_OPIE=yes) |
46 |
@@ -237,11 +240,25 @@ dnl |
47 |
dnl Checks for libraries. |
48 |
dnl |
49 |
|
50 |
+PKG_PROG_PKG_CONFIG |
51 |
+ |
52 |
AS_IF([test x"$with_zlib" != xno], [ |
53 |
- AC_CHECK_LIB(z, compress) |
54 |
+ PKG_CHECK_MODULES([ZLIB], zlib, [ |
55 |
+ LIBS="$ZLIB_LIBS $LIBS" |
56 |
+ CFLAGS="$ZLIB_CFLAGS $CFLAGS" |
57 |
+ ], [ |
58 |
+ AC_CHECK_LIB(z, compress) |
59 |
+ ]) |
60 |
]) |
61 |
|
62 |
AS_IF([test x"$with_ssl" = xopenssl], [ |
63 |
+ PKG_CHECK_MODULES([OPENSSL], [openssl], [ |
64 |
+ AC_MSG_NOTICE([compiling in support for SSL via OpenSSL]) |
65 |
+ AC_LIBOBJ([openssl]) |
66 |
+ LIBS="$OPENSSL_LIBS $LIBS" |
67 |
+ CFLAGS="$OPENSSL_CFLAGS -DHAVE_LIBSSL $CFLAGS" |
68 |
+ LIBSSL=" " # ntlm check below wants this |
69 |
+ ], [ |
70 |
dnl some versions of openssl use zlib compression |
71 |
AC_CHECK_LIB(z, compress) |
72 |
|
73 |
@@ -278,29 +295,29 @@ AS_IF([test x"$with_ssl" = xopenssl], [ |
74 |
;; |
75 |
esac |
76 |
|
77 |
-AS_IF([test x$ssl_found != xyes], |
78 |
-[ |
79 |
- dnl Now actually check for -lssl if it wasn't already found |
80 |
- AC_LIB_HAVE_LINKFLAGS([ssl], [crypto z], [ |
81 |
- #include <openssl/ssl.h> |
82 |
- #include <openssl/x509.h> |
83 |
- #include <openssl/err.h> |
84 |
- #include <openssl/rand.h> |
85 |
- #include <openssl/des.h> |
86 |
- #include <openssl/md4.h> |
87 |
- #include <openssl/md5.h> |
88 |
- ], [SSL_library_init ()]) |
89 |
- if test x"$LIBSSL" != x |
90 |
- then |
91 |
- ssl_found=yes |
92 |
- AC_MSG_NOTICE([compiling in support for SSL via OpenSSL]) |
93 |
- AC_LIBOBJ([openssl]) |
94 |
- LIBS="$LIBSSL $LIBS" |
95 |
- elif test x"$with_ssl" != x |
96 |
- then |
97 |
- AC_MSG_ERROR([--with-ssl=openssl was given, but SSL is not available.]) |
98 |
- fi |
99 |
-]) |
100 |
+ AS_IF([test x$ssl_found != xyes], [ |
101 |
+ dnl Now actually check for -lssl if it wasn't already found |
102 |
+ AC_LIB_HAVE_LINKFLAGS([ssl], [crypto z], [ |
103 |
+#include <openssl/ssl.h> |
104 |
+#include <openssl/x509.h> |
105 |
+#include <openssl/err.h> |
106 |
+#include <openssl/rand.h> |
107 |
+#include <openssl/des.h> |
108 |
+#include <openssl/md4.h> |
109 |
+#include <openssl/md5.h> |
110 |
+ ], [SSL_library_init ()]) |
111 |
+ if test x"$LIBSSL" != x |
112 |
+ then |
113 |
+ ssl_found=yes |
114 |
+ AC_MSG_NOTICE([compiling in support for SSL via OpenSSL]) |
115 |
+ AC_LIBOBJ([openssl]) |
116 |
+ LIBS="$LIBSSL $LIBS" |
117 |
+ elif test x"$with_ssl" != x |
118 |
+ then |
119 |
+ AC_MSG_ERROR([--with-ssl=openssl was given, but SSL is not available.]) |
120 |
+ fi |
121 |
+ ]) |
122 |
+ ]) |
123 |
|
124 |
], [ |
125 |
# --with-ssl is not gnutls: check if it's no |
126 |
@@ -322,13 +322,20 @@ AS_IF([test x"$with_ssl" = xopenssl], [ |
127 |
], [ |
128 |
# --with-ssl is not gnutls: check if it's no |
129 |
AS_IF([test x"$with_ssl" != xno], [ |
130 |
- dnl Now actually check for -lssl |
131 |
+ dnl Now actually check for gnutls |
132 |
|
133 |
+ PKG_CHECK_MODULES([GNUTLS], [gnutls], [ |
134 |
+ AC_MSG_NOTICE([compiling in support for SSL via GnuTLS]) |
135 |
+ AC_LIBOBJ([gnutls]) |
136 |
+ LIBS="$GNUTLS_LIBS $LIBS" |
137 |
+ CFLAGS="$GNUTLS_CFLAGS -DHAVE_LIBGNUTLS $CFLAGS" |
138 |
+ ], [ |
139 |
+ |
140 |
+ dnl Now actually check for -lgnutls |
141 |
AC_CHECK_LIB(z, compress) |
142 |
AC_CHECK_LIB(gpg-error, gpg_err_init) |
143 |
AC_CHECK_LIB(gcrypt, gcry_control) |
144 |
|
145 |
- dnl Now actually check for -lssl |
146 |
AC_LIB_HAVE_LINKFLAGS([gnutls], [], [ |
147 |
#include <gnutls/gnutls.h> |
148 |
], [gnutls_global_init()]) |
149 |
@@ -342,6 +349,8 @@ AS_IF([test x"$with_ssl" = xopenssl], [ |
150 |
AC_MSG_ERROR([--with-ssl was given, but GNUTLS is not available.]) |
151 |
fi |
152 |
|
153 |
+ ]) |
154 |
+ |
155 |
AC_CHECK_FUNCS(gnutls_priority_set_direct) |
156 |
]) # endif: --with-ssl == no? |
157 |
]) # endif: --with-ssl == openssl? |
158 |
@@ -524,26 +541,41 @@ dnl |
159 |
dnl Check for UUID |
160 |
dnl |
161 |
|
162 |
-AC_CHECK_HEADER(uuid/uuid.h, |
163 |
- AC_CHECK_LIB(uuid, uuid_generate, |
164 |
- [LIBS="${LIBS} -luuid" |
165 |
- AC_DEFINE([HAVE_LIBUUID], 1, |
166 |
- [Define if libuuid is available.]) |
167 |
- ]) |
168 |
-) |
169 |
+AC_ARG_WITH(libuuid, AC_HELP_STRING([--without-libuuid], |
170 |
+ [Generate UUIDs for WARC files via libuuid])) |
171 |
+AS_IF([test "X$with_libuuid" != "Xno"],[ |
172 |
+ PKG_CHECK_MODULES([UUID], uuid, [ |
173 |
+ LIBS="$UUID_LIBS $LIBS" |
174 |
+ CFLAGS="$UUID_CFLAGS $CFLAGS" |
175 |
+ ], [ |
176 |
+ AC_CHECK_HEADER(uuid/uuid.h, |
177 |
+ AC_CHECK_LIB(uuid, uuid_generate, |
178 |
+ [LIBS="${LIBS} -luuid" |
179 |
+ AC_DEFINE([HAVE_LIBUUID], 1, |
180 |
+ [Define if libuuid is available.]) |
181 |
+ ]) |
182 |
+ ) |
183 |
+ ]) |
184 |
+]) |
185 |
|
186 |
dnl |
187 |
dnl Check for PCRE |
188 |
dnl |
189 |
|
190 |
-AC_CHECK_HEADER(pcre.h, |
191 |
- AC_CHECK_LIB(pcre, pcre_compile, |
192 |
- [LIBS="${LIBS} -lpcre" |
193 |
- AC_DEFINE([HAVE_LIBPCRE], 1, |
194 |
- [Define if libpcre is available.]) |
195 |
- ]) |
196 |
-) |
197 |
- |
198 |
+AS_IF([test "X$enable_pcre" != "Xno"],[ |
199 |
+ PKG_CHECK_MODULES([PCRE], libpcre, [ |
200 |
+ LIBS="$PCRE_LIBS $LIBS" |
201 |
+ CFLAGS="$PCRE_CFLAGS $CFLAGS" |
202 |
+ ], [ |
203 |
+ AC_CHECK_HEADER(pcre.h, |
204 |
+ AC_CHECK_LIB(pcre, pcre_compile, |
205 |
+ [LIBS="${LIBS} -lpcre" |
206 |
+ AC_DEFINE([HAVE_LIBPCRE], 1, |
207 |
+ [Define if libpcre is available.]) |
208 |
+ ]) |
209 |
+ ) |
210 |
+ ]) |
211 |
+]) |
212 |
|
213 |
dnl Needed by src/Makefile.am |
214 |
AM_CONDITIONAL([IRI_IS_ENABLED], [test "X$iri" != "Xno"]) |
215 |
-- |
216 |
1.8.4.3 |
217 |
|
218 |
|
219 |
|
220 |
|
221 |
1.1 net-misc/wget/files/wget-1.14-gnutls-ssl.patch |
222 |
|
223 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.14-gnutls-ssl.patch?rev=1.1&view=markup |
224 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.14-gnutls-ssl.patch?rev=1.1&content-type=text/plain |
225 |
|
226 |
Index: wget-1.14-gnutls-ssl.patch |
227 |
=================================================================== |
228 |
https://bugs.gentoo.org/479948 |
229 |
|
230 |
From ae80fd2ec75fafdbec9895b9d973f2966209d588 Mon Sep 17 00:00:00 2001 |
231 |
From: mancha <mancha1@××××.com> |
232 |
Date: Sun, 5 May 2013 07:16:58 +0200 |
233 |
Subject: [PATCH] gnutls: do not abort on non-fatal alerts during handshake |
234 |
|
235 |
Signed-off-by: mancha <mancha1@××××.com> |
236 |
--- |
237 |
src/ChangeLog | 6 ++++++ |
238 |
src/gnutls.c | 25 ++++++++++++++++++++++--- |
239 |
2 files changed, 28 insertions(+), 3 deletions(-) |
240 |
|
241 |
2013-05-05 mancha <mancha1@××××.com> (tiny change) |
242 |
|
243 |
* gnutls.c (ssl_connect_wget): Don't abort on non-fatal alerts |
244 |
received during handshake. For example, when connecting to servers |
245 |
using TSL-SNI that send warning-level unrecognized_name alerts. |
246 |
|
247 |
diff --git a/src/gnutls.c b/src/gnutls.c |
248 |
index 769b005..54422fc 100644 |
249 |
--- a/src/gnutls.c |
250 |
+++ b/src/gnutls.c |
251 |
@@ -376,8 +376,9 @@ ssl_connect_wget (int fd, const char *hostname) |
252 |
{ |
253 |
struct wgnutls_transport_context *ctx; |
254 |
gnutls_session_t session; |
255 |
- int err; |
256 |
+ int err,alert; |
257 |
gnutls_init (&session, GNUTLS_CLIENT); |
258 |
+ const char *str; |
259 |
|
260 |
/* We set the server name but only if it's not an IP address. */ |
261 |
if (! is_valid_ip_address (hostname)) |
262 |
@@ -440,10 +441,28 @@ ssl_connect_wget (int fd, const char *hostname) |
263 |
return false; |
264 |
} |
265 |
|
266 |
- err = gnutls_handshake (session); |
267 |
+ /* We don't stop the handshake process for non-fatal errors */ |
268 |
+ do |
269 |
+ { |
270 |
+ err = gnutls_handshake (session); |
271 |
+ if (err < 0) |
272 |
+ { |
273 |
+ logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err)); |
274 |
+ if (err == GNUTLS_E_WARNING_ALERT_RECEIVED || |
275 |
+ err == GNUTLS_E_FATAL_ALERT_RECEIVED) |
276 |
+ { |
277 |
+ alert = gnutls_alert_get (session); |
278 |
+ str = gnutls_alert_get_name (alert); |
279 |
+ if (str == NULL) |
280 |
+ str = "(unknown)"; |
281 |
+ logprintf (LOG_NOTQUIET, "GnuTLS: received alert [%d]: %s\n", alert, str); |
282 |
+ } |
283 |
+ } |
284 |
+ } |
285 |
+ while (err == GNUTLS_E_WARNING_ALERT_RECEIVED && gnutls_error_is_fatal (err) == 0); |
286 |
+ |
287 |
if (err < 0) |
288 |
{ |
289 |
- logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err)); |
290 |
gnutls_deinit (session); |
291 |
return false; |
292 |
} |
293 |
-- |
294 |
1.8.4.3 |
295 |
|
296 |
|
297 |
|
298 |
|
299 |
1.1 net-misc/wget/files/wget-1.14-wgetrc.patch |
300 |
|
301 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.14-wgetrc.patch?rev=1.1&view=markup |
302 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.14-wgetrc.patch?rev=1.1&content-type=text/plain |
303 |
|
304 |
Index: wget-1.14-wgetrc.patch |
305 |
=================================================================== |
306 |
link to the man manual pages |
307 |
|
308 |
document user agent issue vs portage fetching |
309 |
https://bugs.gentoo.org/327229 |
310 |
|
311 |
--- a/doc/sample.wgetrc |
312 |
+++ b/doc/sample.wgetrc |
313 |
@@ -5,7 +5,10 @@ |
314 |
## You can use this file to change the default behaviour of wget or to |
315 |
## avoid having to type many many command-line options. This file does |
316 |
## not contain a comprehensive list of commands -- look at the manual |
317 |
-## to find out what you can put into this file. |
318 |
+## to find out what you can put into this file. You can find this here: |
319 |
+## $ info wget.info 'Startup File' |
320 |
+## Or online here: |
321 |
+## https://www.gnu.org/software/wget/manual/wget.html#Startup-File |
322 |
## |
323 |
## Wget initialization file can reside in /usr/local/etc/wgetrc |
324 |
## (global, for all users) or $HOME/.wgetrc (for a single user). |
325 |
@@ -14,6 +15,11 @@ |
326 |
## as well as change them, in most cases, as the values on the |
327 |
## commented-out lines are the default values (e.g. "off"). |
328 |
|
329 |
+## You should not modify user_agent in the global config file. Instead, |
330 |
+## keep that in your ~/.wgetrc file. If you really want to modify it |
331 |
+## globally, make sure you set a custom FETCHCOMMAND in your package |
332 |
+## manager because you will randomly break fetching with some servers. |
333 |
+ |
334 |
|
335 |
## |
336 |
## Global settings (useful for setting up in /usr/local/etc/wgetrc). |