Add SNI support #301312 by Andreas Nüßlein.

Package-Manager: portage-2.2_rc61/cvs/Linux x86_64
author: Mike Frysinger <vapier@gentoo.org> 2010-01-17 22:28:20 +0000
committer: Mike Frysinger <vapier@gentoo.org> 2010-01-17 22:28:20 +0000
commit: 556eaafc1c145b14a1ed068cb4dc287e8f3973b9 (patch)
tree: c607b56c9f5899e8a40c3a438564f7c472e3289a /net-misc/wget
parent: old (diff)
download: historical-556eaafc1c145b14a1ed068cb4dc287e8f3973b9.tar.gz
historical-556eaafc1c145b14a1ed068cb4dc287e8f3973b9.tar.bz2
historical-556eaafc1c145b14a1ed068cb4dc287e8f3973b9.zip
4 files changed, 231 insertions, 6 deletions
diff --git a/net-misc/wget/ChangeLog b/net-misc/wget/ChangeLog
index 00203e38868e..73cb2934ecc9 100644
--- a/net-misc/wget/ChangeLog
+++ b/net-misc/wget/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-misc/wget
-# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/wget/ChangeLog,v 1.120 2009/10/18 14:26:26 ranger Exp $
+# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/wget/ChangeLog,v 1.121 2010/01/17 22:28:20 vapier Exp $
+
+*wget-1.12-r1 (17 Jan 2010)
+
+  17 Jan 2010; Mike Frysinger <vapier@gentoo.org> +wget-1.12-r1.ebuild,
+  +files/wget-1.12-sni.patch:
+  Add SNI support #301312 by Andreas Nüßlein.
 
   18 Oct 2009; Brent Baude <ranger@gentoo.org> wget-1.12.ebuild:
   Marking wget-1.12 ppc64 for bug 286058
diff --git a/net-misc/wget/Manifest b/net-misc/wget/Manifest
index 404bae589c82..35c548693fcf 100644
--- a/net-misc/wget/Manifest
+++ b/net-misc/wget/Manifest
@@ -1,10 +1,19 @@
-AUX wget-1.11-linking.patch 4935 RMD160 4285dd7325f29ac49edd5c42853c9f09b683b844 SHA1 2ae2e3202daa7ed0c4f33bd005469ab7c558ae7d SHA256 3f3a1b6ec439ba042c3da92cca04990e71ff4894ffc04d2d52a3186194665171
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
 AUX wget-1.12-debug-tests.patch 4482 RMD160 6fe85307685aa5ff8821100b26c69f67d7290d7a SHA1 b9e9e1a805c28aec6aa5a3cff9248cddf8f08ac9 SHA256 f043466367bcf895cc03319f5f8d2397e455ced6dd045b150695689df7220f1b
 AUX wget-1.12-linking.patch 9511 RMD160 8c7a27ec67d9c4ed9eb79c525bf1bff64bfaee95 SHA1 08905ad2bbfbe23a70d84d148426b671a20b5a6d SHA256 c53933a8a64574c999be2381c5991053725f9a6651b130511ed88fdacdc66c91
+AUX wget-1.12-sni.patch 3668 RMD160 5ed79357b713028e5acf446f38f6c0e0270a00bb SHA1 4ee45dd12e8f714298b7b8393980cf9d69caa10b SHA256 6f25eaeb5760a9344625a6cbd8bb8e15a510d4a8d1d37b15a64186d85604fe89
 AUX wgetrc-ipv6 54 RMD160 62ef29e13163463d42934b2ee970e235e64249dc SHA1 35a259c6817cccd04f23c56c9fd5b915f5f0fa00 SHA256 21bae947f1f94b09d2bf50704e1a69d7e90ee59898fd512c146d24e408d1a518
-DIST wget-1.11.4.tar.bz2 954561 RMD160 c7a7791a28900b8a4abb654f72b8dbd8982879ec SHA1 a69e382c0965992b2c662e80f7040600207619d2 SHA256 8b7f52e2861b89c3ee0cc10c3665af5b705d0cb7fc00bca59a9b1e2b50e027fb
 DIST wget-1.12.tar.bz2 1609032 RMD160 52fca690ea2b4e763a655aff36495059612fc65d SHA1 1a059b3736ef908b68acac91670f9df576d1a061 SHA256 c823d938e2f849305a101c0860229b123d7564c26470fdac9118d85e3c7dba9a
-EBUILD wget-1.11.4.ebuild 1831 RMD160 5428c5cf65e28d8200c5a296e6bd46e92fd96c07 SHA1 1adb9a5616a74f9777a0841acfa09f0568a97c36 SHA256 7ed3f3b4c61130ed7409b4ba48eaaf47adcd17b671493e816337fb45fd5a2f70
+EBUILD wget-1.12-r1.ebuild 2197 RMD160 8a93ff19e5919e2f3d420cfd11218ddc0124dbef SHA1 859ade5b0407fad232c2dae338662fe68eabb263 SHA256 dc6d7df31f6c7a0c8fac98fae9ee55f6e5e37b016202be92b474697b6c6ac6e4
 EBUILD wget-1.12.ebuild 2131 RMD160 ddce9d06f2567b31c5f4c29901d0698f3ba0125a SHA1 ea8844b0d29d60e4f096be31e72b6f8377cc3b98 SHA256 79eca735009bdb4a866854d0c076274ec806135ec77f1eaf7409aa2b4afef211
-MISC ChangeLog 18287 RMD160 96a90a1751510fee1f848d61965e8b9ad6f2bed6 SHA1 857fe9c908497ca186bf65bc8b4922bf7391ba7c SHA256 94ab74efae31e1b2544dc37f5519d96bf6a6a389b0dd473c6bdaae36b445130d
+MISC ChangeLog 18467 RMD160 3a2bb5fb3ca8ff3eaea1357263ecc8e71d083f1c SHA1 3a1061647b3a8cb153a644ce2010539b29c58e4a SHA256 dc04789464ee1c30c110f101461647cda72f473166044c3439f5f9f1c7127f18
 MISC metadata.xml 258 RMD160 67393c1bb85136bfc1cd8e1145f3e5e0efa32828 SHA1 8d60f18c79ce849b2e3b31d33cb04ef8a0d70546 SHA256 63f6de85aadabff6f0250403fd8c60a6782e62b0d953dbdae71daf62ea717716
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.14 (GNU/Linux)
+
+iF4EAREIAAYFAktTjw0ACgkQTwhj9JtAlp5D/QEAtdBBqwzgyYMnPsFe1KFQf6OQ
+qTDoEMuPqGmqmcYr9a4A/R0/y/fB1zxgIZLk4gdjZIxAcdKQeH/0V1FsESjJKcHo
+=bhpM
+-----END PGP SIGNATURE-----
diff --git a/net-misc/wget/files/wget-1.12-sni.patch b/net-misc/wget/files/wget-1.12-sni.patch
new file mode 100644
index 000000000000..14b0d1483c56
--- /dev/null
+++ b/net-misc/wget/files/wget-1.12-sni.patch
@@ -0,0 +1,133 @@
+http://bugs.gentoo.org/301312
+http://savannah.gnu.org/bugs/index.php?26786
+http://lists.gnu.org/archive/html/bug-wget/2009-03/msg00033.html
+
+--- src/gnutls.c
++++ src/gnutls.c
+@@ -45,6 +45,7 @@ as that of the covered work.  */
+ #include "connect.h"
+ #include "url.h"
+ #include "ssl.h"
++#include "host.h"
+ 
+ /* Note: some of the functions private to this file have names that
+    begin with "wgnutls_" (e.g. wgnutls_read) so that they wouldn't be
+@@ -181,7 +182,7 @@ static struct transport_implementation w
+ };
+ 
+ bool
+-ssl_connect (int fd)
++ssl_connect (int fd, const char *hostname)
+ {
+   static const int cert_type_priority[] = {
+     GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0
+@@ -189,8 +190,17 @@ ssl_connect (int fd) 
+   struct wgnutls_transport_context *ctx;
+   gnutls_session session;
+   int err;
++
+   gnutls_init (&session, GNUTLS_CLIENT);
+   gnutls_set_default_priority (session);
++
++  /* We set the server name but only if it's not an IP address. */
++  if (!is_ip_address(hostname))
++    {
++      gnutls_server_name_set (session, GNUTLS_NAME_DNS,
++         hostname, strlen(hostname));
++    }
++
+   gnutls_certificate_type_set_priority (session, cert_type_priority);
+   gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, credentials);
+   gnutls_transport_set_ptr (session, (gnutls_transport_ptr) fd);
+--- src/host.c
++++ src/host.c
+@@ -904,3 +904,19 @@ host_cleanup (void)
+       host_name_addresses_map = NULL;
+     }
+ }
++
++/* Determine whether or not a hostname is an IP address that we recognise. */
++bool
++is_ip_address (const char *name)
++{
++  const char *endp;
++
++  endp = name + strlen(name);
++  if (is_valid_ipv4_address(name, endp))
++    return true;
++#ifdef ENABLE_IPV6
++  if (is_valid_ipv4_address(name, endp))
++    return true;
++#endif
++  return false;
++}
+--- src/host.h
++++ src/host.h
+@@ -102,4 +102,6 @@ bool sufmatch (const char **, const char
+ 
+ void host_cleanup (void);
+ 
++bool is_ip_address(const char *);
++
+ #endif /* HOST_H */
+--- src/http.c
++++ src/http.c
+@@ -1762,7 +1762,7 @@ gethttp (struct url *u, struct http_stat
+ 
+       if (conn->scheme == SCHEME_HTTPS)
+         {
+-          if (!ssl_connect_wget (sock))
++          if (!ssl_connect_wget (sock, u->host))
+             {
+               fd_close (sock);
+               return CONSSLERR;
+--- src/openssl.c
++++ src/openssl.c
+@@ -47,6 +47,7 @@ as that of the covered work.  */
+ #include "connect.h"
+ #include "url.h"
+ #include "ssl.h"
++#include "host.h"
+ 
+ /* Application-wide SSL context.  This is common to all SSL
+    connections.  */
+@@ -390,7 +391,7 @@ static struct transport_implementation o
+    Returns true on success, false on failure.  */
+
+ bool
+-ssl_connect_wget (int fd)
++ssl_connect_wget (int fd, const char *hostname)
+ {
+   SSL *conn;
+   struct openssl_transport_context *ctx;
+@@ -401,6 +402,19 @@ ssl_connect (int fd)
+   conn = SSL_new (ssl_ctx);
+   if (!conn)
+     goto error;
++
++#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
++  /* If the SSL library was build with support for ServerNameIndication
++     then use it whenever we have a hostname.  If not, don't, ever. */
++  if (!is_ip_address(hostname))
++    {
++      if (!SSL_set_tlsext_host_name(conn, hostname)) {
++       DEBUGP (("Failed to set TLS server-name indication."));
++       goto error;
++      }
++    }
++#endif
++
+   if (!SSL_set_fd (conn, fd))
+     goto error;
+   SSL_set_connect_state (conn);
+--- src/ssl.h
++++ src/ssl.h
+@@ -33,7 +33,7 @@ as that of the covered work.  */
+ #define GEN_SSLFUNC_H
+ 
+ bool ssl_init (void);
+-bool ssl_connect_wget (int);
++bool ssl_connect_wget (int, const char *);
+ bool ssl_check_certificate (int, const char *);
+ 
+ #endif /* GEN_SSLFUNC_H */
diff --git a/net-misc/wget/wget-1.12-r1.ebuild b/net-misc/wget/wget-1.12-r1.ebuild
new file mode 100644
index 000000000000..62240bc17f84
--- /dev/null
+++ b/net-misc/wget/wget-1.12-r1.ebuild
@@ -0,0 +1,77 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/wget/wget-1.12-r1.ebuild,v 1.1 2010/01/17 22:28:20 vapier Exp $
+
+inherit eutils flag-o-matic
+
+DESCRIPTION="Network utility to retrieve files from the WWW"
+HOMEPAGE="http://www.gnu.org/software/wget/"
+SRC_URI="mirror://gnu/wget/${P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE="debug idn ipv6 nls ntlm ssl static"
+
+RDEPEND="idn? ( net-dns/libidn )
+	ssl? ( >=dev-libs/openssl-0.9.6b )"
+DEPEND="${RDEPEND}
+	nls? ( sys-devel/gettext )"
+
+pkg_setup() {
+	if ! use ssl && use ntlm ; then
+		elog "USE=ntlm requires USE=ssl, so disabling ntlm support due to USE=-ssl"
+	fi
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}"/${PN}-1.12-linking.patch
+	epatch "${FILESDIR}"/${PN}-1.12-sni.patch #301312
+	epatch "${FILESDIR}"/${P}-debug-tests.patch #286173
+}
+
+src_compile() {
+	# openssl-0.9.8 now builds with -pthread on the BSD's
+	use elibc_FreeBSD && use ssl && append-ldflags -pthread
+
+	use static && append-ldflags -static
+	econf \
+		--disable-rpath \
+		$(use_with ssl) $(use_enable ssl opie) $(use_enable ssl digest) \
+		$(use_enable idn iri) \
+		$(use_enable ipv6) \
+		$(use_enable nls) \
+		$(use ssl && use_enable ntlm) \
+		$(use_enable debug) \
+		|| die
+	emake || die
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die
+	dodoc AUTHORS ChangeLog* MAILING-LIST NEWS README
+	dodoc doc/sample.wgetrc
+
+	use ipv6 && cat "${FILESDIR}"/wgetrc-ipv6 >> "${D}"/etc/wgetrc
+
+	sed -i \
+		-e 's:/usr/local/etc:/etc:g' \
+		"${D}"/etc/wgetrc \
+		"${D}"/usr/share/man/man1/wget.1 \
+		"${D}"/usr/share/info/wget.info
+}
+
+pkg_preinst() {
+	ewarn "The /etc/wget/wgetrc file has been relocated to /etc/wgetrc"
+	if [[ -e ${ROOT}/etc/wget/wgetrc ]] ; then
+		if [[ -e ${ROOT}/etc/wgetrc ]] ; then
+			ewarn "You have both /etc/wget/wgetrc and /etc/wgetrc ... you should delete the former"
+		else
+			einfo "Moving /etc/wget/wgetrc to /etc/wgetrc for you"
+			mv "${ROOT}"/etc/wget/wgetrc "${ROOT}"/etc/wgetrc
+			rmdir "${ROOT}"/etc/wget 2>/dev/null
+		fi
+	fi
+}
author	Mike Frysinger <vapier@gentoo.org>	2010-01-17 22:28:20 +0000
committer	Mike Frysinger <vapier@gentoo.org>	2010-01-17 22:28:20 +0000
commit	556eaafc1c145b14a1ed068cb4dc287e8f3973b9 (patch)
tree	c607b56c9f5899e8a40c3a438564f7c472e3289a /net-misc/wget
parent	old (diff)
download	historical-556eaafc1c145b14a1ed068cb4dc287e8f3973b9.tar.gz historical-556eaafc1c145b14a1ed068cb4dc287e8f3973b9.tar.bz2 historical-556eaafc1c145b14a1ed068cb4dc287e8f3973b9.zip