--- a/components/wget/patches/CVE-2010-2252.patch Wed Feb 20 20:58:17 2013 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,131 +0,0 @@
-diff -rcu wget-1.12.orig/doc/wget.texi wget-1.12/doc/wget.texi
---- wget-1.12.orig/doc/wget.texi Fri Sep 4 14:22:04 2009
-+++ wget-1.12/doc/wget.texi Tue Feb 15 03:26:00 2011
-@@ -1487,6 +1487,13 @@
- @code{Content-Disposition} headers to describe what the name of a
- downloaded file should be.
-
-+@cindex Trust server names
-+@item --trust-server-names
-+
-+If this is set to on, on a redirect the last component of the
-+redirection URL will be used as the local file name. By default it is
-+used the last component in the original URL.
-+
- @cindex authentication
- @item --auth-no-challenge
-
-@@ -2799,6 +2806,10 @@
- Turn on recognition of the (non-standard) @samp{Content-Disposition}
- HTTP header---if set to @samp{on}, the same as @samp{--content-disposition}.
-
-+@item trust_server_names = on/off
-+If set to on, use the last component of a redirection URL for the local
-+file name.
-+
- @item continue = on/off
- If set to on, force continuation of preexistent partially retrieved
- files. See @samp{-c} before setting it.
-diff -rcu wget-1.12.orig/src/http.c wget-1.12/src/http.c
---- wget-1.12.orig/src/http.c Mon Sep 21 20:02:18 2009
-+++ wget-1.12/src/http.c Tue Feb 15 03:26:00 2011
-@@ -2410,8 +2410,9 @@
- /* The genuine HTTP loop! This is the part where the retrieval is
- retried, and retried, and retried, and... */
- uerr_t
--http_loop (struct url *u, char **newloc, char **local_file, const char *referer,
-- int *dt, struct url *proxy, struct iri *iri)
-+http_loop (struct url *u, struct url *original_url, char **newloc,
-+ char **local_file, const char *referer, int *dt, struct url *proxy,
-+ struct iri *iri)
- {
- int count;
- bool got_head = false; /* used for time-stamping and filename detection */
-@@ -2457,7 +2458,8 @@
- }
- else if (!opt.content_disposition)
- {
-- hstat.local_file = url_file_name (u);
-+ hstat.local_file =
-+ url_file_name (opt.trustservernames ? u : original_url);
- got_name = true;
- }
-
-@@ -2497,7 +2499,7 @@
-
- /* Send preliminary HEAD request if -N is given and we have an existing
- * destination file. */
-- file_name = url_file_name (u);
-+ file_name = url_file_name (opt.trustservernames ? u : original_url);
- if (opt.timestamping
- && !opt.content_disposition
- && file_exists_p (file_name))
-diff -rcu wget-1.12.orig/src/http.h wget-1.12/src/http.h
---- wget-1.12.orig/src/http.h Fri Sep 4 09:31:54 2009
-+++ wget-1.12/src/http.h Tue Feb 15 03:26:00 2011
-@@ -33,8 +33,8 @@
-
- struct url;
-
--uerr_t http_loop (struct url *, char **, char **, const char *, int *,
-- struct url *, struct iri *);
-+uerr_t http_loop (struct url *, struct url *, char **, char **, const char *,
-+ int *, struct url *, struct iri *);
- void save_cookies (void);
- void http_cleanup (void);
- time_t http_atotm (const char *);
-diff -rcu wget-1.12.orig/src/init.c wget-1.12/src/init.c
---- wget-1.12.orig/src/init.c Mon Sep 21 20:02:41 2009
-+++ wget-1.12/src/init.c Tue Feb 15 03:26:00 2011
-@@ -243,6 +243,7 @@
- { "timeout", NULL, cmd_spec_timeout },
- { "timestamping", &opt.timestamping, cmd_boolean },
- { "tries", &opt.ntry, cmd_number_inf },
-+ { "trustservernames", &opt.trustservernames, cmd_boolean },
- { "useproxy", &opt.use_proxy, cmd_boolean },
- { "user", &opt.user, cmd_string },
- { "useragent", NULL, cmd_spec_useragent },
-diff -rcu wget-1.12.orig/src/main.c wget-1.12/src/main.c
---- wget-1.12.orig/src/main.c Mon Sep 21 20:03:11 2009
-+++ wget-1.12/src/main.c Tue Feb 15 03:26:00 2011
-@@ -266,6 +266,7 @@
- { "timeout", 'T', OPT_VALUE, "timeout", -1 },
- { "timestamping", 'N', OPT_BOOLEAN, "timestamping", -1 },
- { "tries", 't', OPT_VALUE, "tries", -1 },
-+ { "trust-server-names", 0, OPT_BOOLEAN, "trustservernames", -1 },
- { "user", 0, OPT_VALUE, "user", -1 },
- { "user-agent", 'U', OPT_VALUE, "useragent", -1 },
- { "verbose", 'v', OPT_BOOLEAN, "verbose", -1 },
-@@ -675,6 +676,8 @@
- N_("\
- -I, --include-directories=LIST list of allowed directories.\n"),
- N_("\
-+ --trust-server-names use the name specified by the redirection url last component.\n"),
-+ N_("\
- -X, --exclude-directories=LIST list of excluded directories.\n"),
- N_("\
- -np, --no-parent don't ascend to the parent directory.\n"),
-diff -rcu wget-1.12.orig/src/options.h wget-1.12/src/options.h
---- wget-1.12.orig/src/options.h Mon Sep 21 20:03:47 2009
-+++ wget-1.12/src/options.h Tue Feb 15 03:26:00 2011
-@@ -242,6 +242,7 @@
- char *encoding_remote;
- char *locale;
-
-+ bool trustservernames;
- #ifdef __VMS
- int ftp_stmlf; /* Force Stream_LF format for binary FTP. */
- #endif /* def __VMS */
-diff -rcu wget-1.12.orig/src/retr.c wget-1.12/src/retr.c
---- wget-1.12.orig/src/retr.c Fri Sep 4 09:31:54 2009
-+++ wget-1.12/src/retr.c Tue Feb 15 03:26:00 2011
-@@ -689,7 +689,8 @@
- #endif
- || (proxy_url && proxy_url->scheme == SCHEME_HTTP))
- {
-- result = http_loop (u, &mynewloc, &local_file, refurl, dt, proxy_url, iri);
-+ result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt,
-+ proxy_url, iri);
- }
- else if (u->scheme == SCHEME_FTP)
- {
--- a/components/wget/patches/wgetrc.patch Wed Feb 20 20:58:17 2013 -0800
+++ b/components/wget/patches/wgetrc.patch Thu Feb 21 02:20:51 2013 -0800
@@ -18,15 +18,18 @@
## Think well before you change them, since they may reduce wget's
## functionality, and make it behave contrary to the documentation:
##
---- wget-1.12/doc/wget.texi.orig Fri Feb 4 07:28:46 2011
-+++ wget-1.12/doc/wget.texi Fri Feb 4 07:31:24 2011
-@@ -190,12 +190,12 @@
+--- wget-1.14/doc/wget.texi Sat Aug 4 01:41:52 2012
++++ wget-1.14/doc/wget.texi Thu Feb 7 02:34:48 2013
+@@ -190,7 +190,7 @@
Most of the features are fully configurable, either through command line
options, or via the initialization file @file{.wgetrc} (@pxref{Startup
File}). Wget allows you to define @dfn{global} startup files
--(@file{/usr/local/etc/wgetrc} by default) for site settings.
-+(@file{/etc/wgetrc} by default) for site settings.
+-(@file{/usr/local/etc/wgetrc} by default) for site settings. You can also
++(@file{/etc/wgetrc} by default) for site settings. You can also
+ specify the location of a startup file with the --config option.
+
+@@ -197,7 +197,7 @@
@ignore
@c man begin FILES
@table @samp
@@ -35,3 +38,23 @@
Default location of the @dfn{global} startup file.
@item .wgetrc
+@@ -2746,8 +2746,8 @@
+ @cindex location of wgetrc
+
+ When initializing, Wget will look for a @dfn{global} startup file,
+-@file{/usr/local/etc/wgetrc} by default (or some prefix other than
+-@file{/usr/local}, if Wget was not installed there) and read commands
++@file{/etc/wgetrc} by default
++and read commands
+ from there, if it exists.
+
+ Then it will look for the user's file. If the environmental variable
+@@ -2758,7 +2758,7 @@
+
+ The fact that user's settings are loaded after the system-wide ones
+ means that in case of collision user's wgetrc @emph{overrides} the
+-system-wide wgetrc (in @file{/usr/local/etc/wgetrc} by default).
++system-wide wgetrc (in @file{/etc/wgetrc} by default).
+ Fascist admins, away!
+
+ @node Wgetrc Syntax, Wgetrc Commands, Wgetrc Location, Startup File