From: Stuart Henderson Subject: wget update To: Nam Nguyen Cc: ports@openbsd.org Date: Mon, 18 Nov 2024 20:44:49 +0000 There's a CVE in wget, https://www.openwall.com/lists/oss-security/2024/11/18/6 We're lagging quite far behind upstream's version at the moment, is there any particular reason? Possible diff below. Some fiddling was needed with tests; with that, there is one failure, a diff in in contents of the index file in testenv/Test-k.py - not sure if that's important: - Site + Site Index: Makefile =================================================================== RCS file: /cvs/ports/net/wget/Makefile,v diff -u -p -r1.98 Makefile --- Makefile 17 Oct 2024 10:50:03 -0000 1.98 +++ Makefile 18 Nov 2024 20:41:59 -0000 @@ -1,8 +1,7 @@ COMMENT = retrieve files from the web via HTTP, HTTPS and FTP -DISTNAME = wget-1.21.4 +DISTNAME = wget-1.25.0 CATEGORIES = net -REVISION = 2 HOMEPAGE = https://www.gnu.org/software/wget/ MAINTAINER = Nam Nguyen Index: distinfo =================================================================== RCS file: /cvs/ports/net/wget/distinfo,v diff -u -p -r1.29 distinfo --- distinfo 28 Jul 2023 20:01:25 -0000 1.29 +++ distinfo 18 Nov 2024 20:41:59 -0000 @@ -1,2 +1,2 @@ -SHA256 (wget-1.21.4.tar.gz) = gVQvXO+4+qzDm7vGyC3tgOPkqIUFrnLqUd8nUlvN4Ew= -SIZE (wget-1.21.4.tar.gz) = 5059591 +SHA256 (wget-1.25.0.tar.gz) = dm5IQj55NZ6jHkHbnlwolnWUen/PLv3O23JqydDaN4Q= +SIZE (wget-1.25.0.tar.gz) = 5263736 Index: patches/patch-Makefile_in =================================================================== RCS file: /cvs/ports/net/wget/patches/patch-Makefile_in,v diff -u -p -r1.7 patch-Makefile_in --- patches/patch-Makefile_in 28 Jul 2023 20:01:25 -0000 1.7 +++ patches/patch-Makefile_in 18 Nov 2024 20:41:59 -0000 @@ -1,7 +1,7 @@ Index: Makefile.in --- Makefile.in.orig +++ Makefile.in -@@ -1895,7 +1895,7 @@ distuninstallcheck_listfiles = find . -type f | \ +@@ -2128,7 +2128,7 @@ distuninstallcheck_listfiles = find . -type f | \ ACLOCAL_AMFLAGS = -I m4 # subdirectories in the distribution Index: patches/patch-doc_wget_texi =================================================================== RCS file: /cvs/ports/net/wget/patches/patch-doc_wget_texi,v diff -u -p -r1.18 patch-doc_wget_texi --- patches/patch-doc_wget_texi 11 Mar 2022 19:48:11 -0000 1.18 +++ patches/patch-doc_wget_texi 18 Nov 2024 20:41:59 -0000 @@ -19,7 +19,7 @@ Index: doc/wget.texi Default location of the @dfn{global} startup file. @item .wgetrc -@@ -3185,9 +3185,8 @@ commands. +@@ -3188,9 +3188,8 @@ commands. @cindex location of wgetrc When initializing, Wget will look for a @dfn{global} startup file, @@ -31,7 +31,7 @@ Index: doc/wget.texi Then it will look for the user's file. If the environmental variable @code{WGETRC} is set, Wget will try to load that file. Failing that, no -@@ -3197,7 +3196,7 @@ If @code{WGETRC} is not set, Wget will try to load @fi +@@ -3200,7 +3199,7 @@ If @code{WGETRC} is not set, Wget will try to load @fi The fact that user's settings are loaded after the system-wide ones means that in case of collision user's wgetrc @emph{overrides} the Index: patches/patch-testenv_conf_expected_files_py =================================================================== RCS file: patches/patch-testenv_conf_expected_files_py diff -N patches/patch-testenv_conf_expected_files_py --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-testenv_conf_expected_files_py 18 Nov 2024 20:41:59 -0000 @@ -0,0 +1,16 @@ +in some circumstances where it's not running on the console (as is +the case when tests are run under ports infrastructure), wget writes +output to wget-log, which tests complain about as being an extra file. +skip that error. + +Index: testenv/conf/expected_files.py +--- testenv/conf/expected_files.py.orig ++++ testenv/conf/expected_files.py +@@ -34,6 +34,7 @@ class ExpectedFiles: + "common.conf", + "dirmngr.conf", + "gpg.conf", ++ "wget-log", + ]: + continue + Index: patches/patch-tests_Makefile_in =================================================================== RCS file: patches/patch-tests_Makefile_in diff -N patches/patch-tests_Makefile_in --- patches/patch-tests_Makefile_in 2 Aug 2023 08:34:55 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,27 +0,0 @@ -Our make(1) treats ./unit-tests and unit-tests as distinct targets. - -Index: tests/Makefile.in ---- tests/Makefile.in.orig -+++ tests/Makefile.in -@@ -2158,7 +2158,7 @@ AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/li - - AM_CFLAGS = $(WERROR_CFLAGS) $(WARN_CFLAGS) - CLEANFILES = *~ *.bak core core.[0-9]* --TESTS = ./unit-tests$(EXEEXT) $(PX_TESTS) -+TESTS = unit-tests$(EXEEXT) $(PX_TESTS) - TEST_EXTENSIONS = .px - PX_LOG_COMPILER = $(PERL) - AM_PX_LOG_FLAGS = -I$(srcdir) -@@ -2429,9 +2429,9 @@ recheck: all $(check_PROGRAMS) - am__force_recheck=am--force-recheck \ - TEST_LOGS="$$log_list"; \ - exit $$? --./unit-tests.log: ./unit-tests$(EXEEXT) -- @p='./unit-tests$(EXEEXT)'; \ -- b='./unit-tests'; \ -+unit-tests.log: unit-tests$(EXEEXT) -+ @p='unit-tests$(EXEEXT)'; \ -+ b='unit-tests'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ Index: patches/patch-tests_WgetTests_pm =================================================================== RCS file: patches/patch-tests_WgetTests_pm diff -N patches/patch-tests_WgetTests_pm --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-tests_WgetTests_pm 18 Nov 2024 20:41:59 -0000 @@ -0,0 +1,17 @@ +in some circumstances where it's not running on the console (as is +the case when tests are run under ports infrastructure), wget writes +output to wget-log, which tests complain about as being an extra file. +skip that error. + +Index: tests/WgetTests.pm +--- tests/WgetTests.pm.orig ++++ tests/WgetTests.pm +@@ -356,7 +356,7 @@ sub _verify_download + __dir_walk( + q{.}, + sub { +- if (!(exists $self->{_output}{$_[0]} || $self->{_existing}{$_[0]})) ++ if (!(exists $self->{_output}{$_[0]} || $self->{_existing}{$_[0]}) && $self->{_existing}{$_[0]} != 'wget-log') + { + push @unexpected_downloads, $_[0]; + } Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/net/wget/pkg/PLIST,v diff -u -p -r1.30 PLIST --- pkg/PLIST 28 Jul 2023 20:01:25 -0000 1.30 +++ pkg/PLIST 18 Nov 2024 20:41:59 -0000 @@ -50,8 +50,6 @@ share/locale/it/LC_MESSAGES/wget-gnulib. share/locale/it/LC_MESSAGES/wget.mo share/locale/ja/LC_MESSAGES/wget-gnulib.mo share/locale/ja/LC_MESSAGES/wget.mo -share/locale/ka/ -share/locale/ka/LC_MESSAGES/ share/locale/ka/LC_MESSAGES/wget-gnulib.mo share/locale/ka/LC_MESSAGES/wget.mo share/locale/ko/LC_MESSAGES/wget-gnulib.mo