Mailing List Archive | ports@openbsd.org

From:: Stuart Henderson <stu@spacehopper.org>
Subject:: wget update
To:: Nam Nguyen <namn@berkeley.edu>
Cc:: ports@openbsd.org
Date:: Mon, 18 Nov 2024 20:44:49 +0000
Download raw body.
Thread
2024-11-18 20:44 Stuart Henderson:
wget update
There's a CVE in wget, https://www.openwall.com/lists/oss-security/2024/11/18/6

We're lagging quite far behind upstream's version at the moment,
is there any particular reason?

Possible diff below. Some fiddling was needed with tests; with that,
there is one failure, a diff in in contents of the index file in
testenv/Test-k.py - not sure if that's important:

-    <a href="site%3Bsub%253A.html">Site</a>
+    <a href="./site%3Bsub:.html">Site</a>



Index: Makefile
===================================================================
RCS file: /cvs/ports/net/wget/Makefile,v
diff -u -p -r1.98 Makefile
--- Makefile	17 Oct 2024 10:50:03 -0000	1.98
+++ Makefile	18 Nov 2024 20:41:59 -0000
@@ -1,8 +1,7 @@
 COMMENT =	retrieve files from the web via HTTP, HTTPS and FTP

-DISTNAME =	wget-1.21.4
+DISTNAME =	wget-1.25.0
 CATEGORIES =	net
-REVISION =	2

 HOMEPAGE =	https://www.gnu.org/software/wget/
 MAINTAINER =	Nam Nguyen <namn@openbsd.org>
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/wget/distinfo,v
diff -u -p -r1.29 distinfo
--- distinfo	28 Jul 2023 20:01:25 -0000	1.29
+++ distinfo	18 Nov 2024 20:41:59 -0000
@@ -1,2 +1,2 @@
-SHA256 (wget-1.21.4.tar.gz) = gVQvXO+4+qzDm7vGyC3tgOPkqIUFrnLqUd8nUlvN4Ew=
-SIZE (wget-1.21.4.tar.gz) = 5059591
+SHA256 (wget-1.25.0.tar.gz) = dm5IQj55NZ6jHkHbnlwolnWUen/PLv3O23JqydDaN4Q=
+SIZE (wget-1.25.0.tar.gz) = 5263736
Index: patches/patch-Makefile_in
===================================================================
RCS file: /cvs/ports/net/wget/patches/patch-Makefile_in,v
diff -u -p -r1.7 patch-Makefile_in
--- patches/patch-Makefile_in	28 Jul 2023 20:01:25 -0000	1.7
+++ patches/patch-Makefile_in	18 Nov 2024 20:41:59 -0000
@@ -1,7 +1,7 @@
 Index: Makefile.in
 --- Makefile.in.orig
 +++ Makefile.in
-@@ -1895,7 +1895,7 @@ distuninstallcheck_listfiles = find . -type f | \
+@@ -2128,7 +2128,7 @@ distuninstallcheck_listfiles = find . -type f | \
  ACLOCAL_AMFLAGS = -I m4

  # subdirectories in the distribution
Index: patches/patch-doc_wget_texi
===================================================================
RCS file: /cvs/ports/net/wget/patches/patch-doc_wget_texi,v
diff -u -p -r1.18 patch-doc_wget_texi
--- patches/patch-doc_wget_texi	11 Mar 2022 19:48:11 -0000	1.18
+++ patches/patch-doc_wget_texi	18 Nov 2024 20:41:59 -0000
@@ -19,7 +19,7 @@ Index: doc/wget.texi
  Default location of the @dfn{global} startup file.

  @item .wgetrc
-@@ -3185,9 +3185,8 @@ commands.
+@@ -3188,9 +3188,8 @@ commands.
  @cindex location of wgetrc

  When initializing, Wget will look for a @dfn{global} startup file,
@@ -31,7 +31,7 @@ Index: doc/wget.texi

  Then it will look for the user's file.  If the environmental variable
  @code{WGETRC} is set, Wget will try to load that file.  Failing that, no
-@@ -3197,7 +3196,7 @@ If @code{WGETRC} is not set, Wget will try to load @fi
+@@ -3200,7 +3199,7 @@ If @code{WGETRC} is not set, Wget will try to load @fi

  The fact that user's settings are loaded after the system-wide ones
  means that in case of collision user's wgetrc @emph{overrides} the
Index: patches/patch-testenv_conf_expected_files_py
===================================================================
RCS file: patches/patch-testenv_conf_expected_files_py
diff -N patches/patch-testenv_conf_expected_files_py
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-testenv_conf_expected_files_py	18 Nov 2024 20:41:59 -0000
@@ -0,0 +1,16 @@
+in some circumstances where it's not running on the console (as is
+the case when tests are run under ports infrastructure), wget writes
+output to wget-log, which tests complain about as being an extra file.
+skip that error.
+
+Index: testenv/conf/expected_files.py
+--- testenv/conf/expected_files.py.orig
++++ testenv/conf/expected_files.py
+@@ -34,6 +34,7 @@ class ExpectedFiles:
+                     "common.conf",
+                     "dirmngr.conf",
+                     "gpg.conf",
++                    "wget-log",
+                 ]:
+                     continue
+
Index: patches/patch-tests_Makefile_in
===================================================================
RCS file: patches/patch-tests_Makefile_in
diff -N patches/patch-tests_Makefile_in
--- patches/patch-tests_Makefile_in	2 Aug 2023 08:34:55 -0000	1.1
+++ /dev/null	1 Jan 1970 00:00:00 -0000
@@ -1,27 +0,0 @@
-Our make(1) treats ./unit-tests and unit-tests as distinct targets.
-
-Index: tests/Makefile.in
---- tests/Makefile.in.orig
-+++ tests/Makefile.in
-@@ -2158,7 +2158,7 @@ AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/li
-
- AM_CFLAGS = $(WERROR_CFLAGS) $(WARN_CFLAGS)
- CLEANFILES = *~ *.bak core core.[0-9]*
--TESTS = ./unit-tests$(EXEEXT) $(PX_TESTS)
-+TESTS = unit-tests$(EXEEXT) $(PX_TESTS)
- TEST_EXTENSIONS = .px
- PX_LOG_COMPILER = $(PERL)
- AM_PX_LOG_FLAGS = -I$(srcdir)
-@@ -2429,9 +2429,9 @@ recheck: all $(check_PROGRAMS)
- 	        am__force_recheck=am--force-recheck \
- 	        TEST_LOGS="$$log_list"; \
- 	exit $$?
--./unit-tests.log: ./unit-tests$(EXEEXT)
--	@p='./unit-tests$(EXEEXT)'; \
--	b='./unit-tests'; \
-+unit-tests.log: unit-tests$(EXEEXT)
-+	@p='unit-tests$(EXEEXT)'; \
-+	b='unit-tests'; \
- 	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
- 	--log-file $$b.log --trs-file $$b.trs \
- 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
Index: patches/patch-tests_WgetTests_pm
===================================================================
RCS file: patches/patch-tests_WgetTests_pm
diff -N patches/patch-tests_WgetTests_pm
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-tests_WgetTests_pm	18 Nov 2024 20:41:59 -0000
@@ -0,0 +1,17 @@
+in some circumstances where it's not running on the console (as is
+the case when tests are run under ports infrastructure), wget writes
+output to wget-log, which tests complain about as being an extra file.
+skip that error.
+
+Index: tests/WgetTests.pm
+--- tests/WgetTests.pm.orig
++++ tests/WgetTests.pm
+@@ -356,7 +356,7 @@ sub _verify_download
+     __dir_walk(
+         q{.},
+         sub {
+-            if (!(exists $self->{_output}{$_[0]} || $self->{_existing}{$_[0]}))
++            if (!(exists $self->{_output}{$_[0]} || $self->{_existing}{$_[0]}) && $self->{_existing}{$_[0]} != 'wget-log')
+             {
+                 push @unexpected_downloads, $_[0];
+             }
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/wget/pkg/PLIST,v
diff -u -p -r1.30 PLIST
--- pkg/PLIST	28 Jul 2023 20:01:25 -0000	1.30
+++ pkg/PLIST	18 Nov 2024 20:41:59 -0000
@@ -50,8 +50,6 @@ share/locale/it/LC_MESSAGES/wget-gnulib.
 share/locale/it/LC_MESSAGES/wget.mo
 share/locale/ja/LC_MESSAGES/wget-gnulib.mo
 share/locale/ja/LC_MESSAGES/wget.mo
-share/locale/ka/
-share/locale/ka/LC_MESSAGES/
 share/locale/ka/LC_MESSAGES/wget-gnulib.mo
 share/locale/ka/LC_MESSAGES/wget.mo
 share/locale/ko/LC_MESSAGES/wget-gnulib.mo
2024-11-18 20:44 Stuart Henderson:
wget update