diff --git a/SOURCES/lftp-4.4.8-doc-rename.patch b/SOURCES/lftp-4.4.8-doc-rename.patch new file mode 100644 index 0000000..120fbd3 --- /dev/null +++ b/SOURCES/lftp-4.4.8-doc-rename.patch @@ -0,0 +1,13 @@ +diff -up lftp-4.4.8/doc/lftp.1.doc-rename lftp-4.4.8/doc/lftp.1 +--- lftp-4.4.8/doc/lftp.1.doc-rename 2013-11-27 12:00:35.472739297 +0100 ++++ lftp-4.4.8/doc/lftp.1 2013-11-27 12:03:06.101770435 +0100 +@@ -1938,6 +1938,9 @@ of the file. + .BR xfer:verify-command \ (string) + the command to validate file integrity. The only argument is the path to + the file. ++.TP ++.BR xfer:auto-rename (boolean) ++suggested filenames provided by the server are used if user explicitly sets this option to ’on’. As this could be security risk, default is off. + + .PP + The name of a variable can be abbreviated unless it becomes diff --git a/SOURCES/lftp-4.4.8-help-exitcode.patch b/SOURCES/lftp-4.4.8-help-exitcode.patch new file mode 100644 index 0000000..35c3064 --- /dev/null +++ b/SOURCES/lftp-4.4.8-help-exitcode.patch @@ -0,0 +1,81 @@ +diff --git a/src/CmdExec.h b/src/CmdExec.h +index 752c4c7..b853742 100644 +--- a/src/CmdExec.h ++++ b/src/CmdExec.h +@@ -253,7 +253,7 @@ public: + + void ChangeSession(FileAccess *new_session); + +- void print_cmd_help(const char *cmd); ++ bool print_cmd_help(const char *cmd); + void print_cmd_index(); + + static const char *CmdByIndex(int i); +diff --git a/src/commands.cc b/src/commands.cc +index 73de31e..e361042 100644 +--- a/src/commands.cc ++++ b/src/commands.cc +@@ -2533,7 +2533,7 @@ CMD(scache) + return 0; + } + +-void CmdExec::print_cmd_help(const char *cmd) ++bool CmdExec::print_cmd_help(const char *cmd) + { + const cmd_rec *c; + int part=find_cmd(cmd,&c); +@@ -2543,30 +2543,31 @@ void CmdExec::print_cmd_help(const char *cmd) + if(c->long_desc==0 && c->short_desc==0) + { + printf(_("Sorry, no help for %s\n"),cmd); +- return; ++ return true; + } + if(c->short_desc==0 && !strchr(c->long_desc,' ')) + { + printf(_("%s is a built-in alias for %s\n"),cmd,c->long_desc); + print_cmd_help(c->long_desc); +- return; ++ return true; + } + if(c->short_desc) + printf(_("Usage: %s\n"),_(c->short_desc)); + if(c->long_desc) + printf("%s",_(c->long_desc)); +- return; ++ return true; + } + const char *a=Alias::Find(cmd); + if(a) + { + printf(_("%s is an alias to `%s'\n"),cmd,a); +- return; ++ return true; + } + if(part==0) + printf(_("No such command `%s'. Use `help' to see available commands.\n"),cmd); + else + printf(_("Ambiguous command `%s'. Use `help' to see available commands.\n"),cmd); ++ return false; + } + + void CmdExec::print_cmd_index() +@@ -2610,12 +2611,14 @@ CMD(help) + { + if(args->count()>1) + { ++ exit_code=0; + for(;;) + { + const char *cmd=args->getnext(); + if(cmd==0) + break; +- parent->print_cmd_help(cmd); ++ if(!parent->print_cmd_help(cmd)) ++ exit_code=1; + } + return 0; + } +-- +2.1.0 + diff --git a/SOURCES/lftp-4.4.8-mirror302-2.patch b/SOURCES/lftp-4.4.8-mirror302-2.patch new file mode 100644 index 0000000..058fcb7 --- /dev/null +++ b/SOURCES/lftp-4.4.8-mirror302-2.patch @@ -0,0 +1,37 @@ +From 0f7273a52b4158c7193e44b128a9e54db74c7979 Mon Sep 17 00:00:00 2001 +From: "Alexander V. Lukyanov" +Date: Wed, 1 Apr 2015 16:00:52 +0300 +Subject: [PATCH] mirror: fixed redirection to a file with full URL. + +--- + src/MirrorJob.cc | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/MirrorJob.cc b/src/MirrorJob.cc +index 7f89e11..ef594bc 100644 +--- a/src/MirrorJob.cc ++++ b/src/MirrorJob.cc +@@ -660,9 +660,9 @@ void MirrorJob::HandleChdir(FileAccessRef& session, int &redirections) + char *loc=alloca_strdup(loc_c); + ParsedURL u(loc,true); + ++ bool is_file=(last_char(loc)!='/'); + if(!u.proto) + { +- bool is_file=(last_char(loc)!='/'); + FileAccess::Path new_cwd(session->GetNewCwd()); + new_cwd.Change(0,is_file,loc); + session->PathVerify(new_cwd); +@@ -671,7 +671,8 @@ void MirrorJob::HandleChdir(FileAccessRef& session, int &redirections) + } + session->Close(); // loc_c is no longer valid. + session=FA::New(&u); +- session->Chdir(u.path); ++ FileAccess::Path new_cwd(u.path,is_file,url::path_ptr(loc)); ++ session->PathVerify(new_cwd); + return; + } + } +-- +2.1.0 + diff --git a/SOURCES/lftp-4.4.8-mirror302.patch b/SOURCES/lftp-4.4.8-mirror302.patch new file mode 100644 index 0000000..c602c1b --- /dev/null +++ b/SOURCES/lftp-4.4.8-mirror302.patch @@ -0,0 +1,70 @@ +diff -Naurp lftp-4.4.8.orig/src/FileAccess.h lftp-4.4.8/src/FileAccess.h +--- lftp-4.4.8.orig/src/FileAccess.h 2013-05-27 14:05:24.000000000 +0200 ++++ lftp-4.4.8/src/FileAccess.h 2015-05-13 15:02:31.556462128 +0200 +@@ -26,6 +26,7 @@ + #include "SMTask.h" + #include "trio.h" + #include "xstring.h" ++#include "misc.h" + #include "ResMgr.h" + #include "FileSet.h" + #include "ArgV.h" +@@ -86,6 +87,7 @@ public: + void Set(const char *new_path,bool new_is_file=false,const char *new_url=0,int device_prefix_len=0); + void SetURL(const char *u) { url.set(u); } + void Change(const char *new_path,bool new_is_file=false,const char *new_path_enc=0,int device_prefix_len=0); ++ const xstring& GetDirectory() const { return is_file?dirname(path):path; } + void ExpandTilde(const Path &home); + static void Optimize(xstring& p,int dev_prefix=0); + void Optimize() { Optimize(path,device_prefix_len); } +diff -Naurp lftp-4.4.8.orig/src/MirrorJob.cc lftp-4.4.8/src/MirrorJob.cc +--- lftp-4.4.8.orig/src/MirrorJob.cc 2013-03-19 13:57:12.000000000 +0100 ++++ lftp-4.4.8/src/MirrorJob.cc 2015-05-13 15:10:58.419627179 +0200 +@@ -561,22 +561,25 @@ void MirrorJob::HandleChdir(FileAccessRe + // cd to another url. + const char *loc_c=session->GetNewLocation(); + int max_redirections=ResMgr::Query("xfer:max-redirections",0); +- if(loc_c && max_redirections>0 && last_char(loc_c)=='/') ++ if(loc_c && max_redirections>0) + { + if(++redirections>max_redirections) + goto cd_err_normal; + eprintf(_("%s: received redirection to `%s'\n"),"mirror",loc_c); + + char *loc=alloca_strdup(loc_c); +- session->Close(); // loc_c is no longer valid. +- + ParsedURL u(loc,true); + + if(!u.proto) + { +- session->Chdir(url::decode(loc)); ++ bool is_file=(last_char(loc)!='/'); ++ FileAccess::Path new_cwd(session->GetNewCwd()); ++ new_cwd.Change(0,is_file,loc); ++ session->PathVerify(new_cwd); ++ session->Roll(); + return; + } ++ session->Close(); // loc_c is no longer valid. + session=FA::New(&u); + session->Chdir(u.path); + return; +@@ -680,7 +683,7 @@ int MirrorJob::Do() + if(source_session->IsOpen()) + return m; + +- source_dir.set(source_session->GetCwd()); ++ source_dir.set(source_session->GetCwd().GetDirectory()); + + pre_MAKE_TARGET_DIR: + { +@@ -763,7 +766,7 @@ int MirrorJob::Do() + return m; + create_target_dir=false; + +- target_dir.set(target_session->GetCwd()); ++ target_dir.set(target_session->GetCwd().GetDirectory()); + + pre_GETTING_LIST_INFO: + set_state(GETTING_LIST_INFO); diff --git a/SOURCES/lftp-4.4.8-overwrite.patch b/SOURCES/lftp-4.4.8-overwrite.patch new file mode 100644 index 0000000..2b384c5 --- /dev/null +++ b/SOURCES/lftp-4.4.8-overwrite.patch @@ -0,0 +1,12 @@ +diff -up lftp-4.4.8/src/FileCopy.cc.overwrite lftp-4.4.8/src/FileCopy.cc +--- lftp-4.4.8/src/FileCopy.cc.overwrite 2013-11-28 10:42:18.374656024 +0100 ++++ lftp-4.4.8/src/FileCopy.cc 2013-11-28 10:42:58.224631188 +0100 +@@ -1414,7 +1414,7 @@ int FileCopyPeerFDStream::Do() + { + const char *new_name=dir_file(dirname(stream->full_name),suggested_filename); + struct stat st; +- if(lstat(new_name,&st)==-1 && errno==ENOENT) { ++ if((lstat(new_name,&st)==-1 && errno==ENOENT) || ResMgr::QueryBool("xfer:clobber",0)) { + debug((5,"copy: renaming `%s' to `%s'\n",stream->full_name.get(),suggested_filename.get())); + if(rename(stream->full_name,new_name)==-1) + debug((3,"rename(%s, %s): %s\n",stream->full_name.get(),new_name,strerror(errno))); diff --git a/SOURCES/lftp-4.4.8-ssl-tls-restrict.patch b/SOURCES/lftp-4.4.8-ssl-tls-restrict.patch new file mode 100644 index 0000000..d8f0dcb --- /dev/null +++ b/SOURCES/lftp-4.4.8-ssl-tls-restrict.patch @@ -0,0 +1,91 @@ +diff -Naurp lftp-4.4.8.orig/doc/lftp.1 lftp-4.4.8/doc/lftp.1 +--- lftp-4.4.8.orig/doc/lftp.1 2015-05-13 11:31:55.000000000 +0200 ++++ lftp-4.4.8/doc/lftp.1 2015-05-13 16:34:46.648020240 +0200 +@@ -1865,6 +1865,14 @@ when true, use Server Name Indication (S + if set to yes, then verify server's certificate to be signed by a known + Certificate Authority and not be on Certificate Revocation List. + .TP ++.BR ssl:priority " (string)" ++free form priority string for GnuTLS. If built with OpenSSL the understood ++values are \fI+\fP or \fI-\fP followed by SSL3.0, TLS1.0, TLS1.1 or TLS1.2, ++separated by \fI:\fP. Example: ++.Ds ++set ssl:priority "NORMAL:-SSL3.0:-TLS1.0:-TLS1.1:+TLS1.2" ++.De ++.TP + .BR torrent:ip " (ipv4 address)" + IP address to send to the tracker. Specify it if you are using an HTTP proxy. + .TP +diff -Naurp lftp-4.4.8.orig/src/lftp_ssl.cc lftp-4.4.8/src/lftp_ssl.cc +--- lftp-4.4.8.orig/src/lftp_ssl.cc 2013-03-19 13:55:58.000000000 +0100 ++++ lftp-4.4.8/src/lftp_ssl.cc 2015-05-13 17:41:43.752418022 +0200 +@@ -270,10 +270,20 @@ lftp_ssl_gnutls::lftp_ssl_gnutls(int fd1 + + gnutls_transport_set_ptr(session,(gnutls_transport_ptr_t)fd); + +- // hack for some ftp servers +- const char *auth=ResMgr::Query("ftp:ssl-auth", hostname); +- if(auth && !strncmp(auth, "SSL", 3)) +- gnutls_priority_set_direct(session, "NORMAL:+SSL3.0:-TLS1.0:-TLS1.1:-TLS1.2",0); ++ const char *priority=ResMgr::Query("ssl:priority", 0); ++ if(priority && *priority) ++ { ++ int res = gnutls_priority_set_direct(session, priority, 0); ++ if(res != GNUTLS_E_SUCCESS) ++ Log::global->Format(0,"gnutls_priority_set_direct(`%s'): %s\n",priority,gnutls_strerror(res)); ++ } ++ else ++ { ++ // hack for some ftp servers ++ const char *auth=ResMgr::Query("ftp:ssl-auth", hostname); ++ if(auth && !strncmp(auth, "SSL", 3)) ++ gnutls_priority_set_direct(session, "NORMAL:+SSL3.0:-TLS1.0:-TLS1.1:-TLS1.2",0); ++ } + + if(h && ResMgr::QueryBool("ssl:use-sni",h)) { + if(gnutls_server_name_set(session, GNUTLS_NAME_DNS, h, xstrlen(h)) < 0) +@@ -771,7 +781,32 @@ lftp_ssl_openssl_instance::lftp_ssl_open + #else + SSLeay_add_ssl_algorithms(); + ssl_ctx=SSL_CTX_new(SSLv23_client_method()); +- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL|SSL_OP_NO_TICKET|SSL_OP_NO_SSLv2); ++ long options=SSL_OP_ALL|SSL_OP_NO_TICKET|SSL_OP_NO_SSLv2; ++ const char *priority=ResMgr::Query("ssl:priority", 0); ++ if(priority && *priority) ++ { ++ static const struct ssl_option { ++ const char name[8]; ++ long option; ++ } opt_table[] ={ ++ {"-SSL3.0",SSL_OP_NO_SSLv3}, ++ {"-TLS1.0",SSL_OP_NO_TLSv1}, ++ {"-TLS1.1",SSL_OP_NO_TLSv1_1}, ++ {"-TLS1.2",SSL_OP_NO_TLSv1_2}, ++ {"",0} ++ }; ++ char *to_parse=alloca_strdup(priority); ++ for(char *ptr=strtok(to_parse,":"); ptr; ptr=strtok(NULL,":")) { ++ for(const ssl_option *opt=opt_table; opt->name[0]; opt++) { ++ if(!strcmp(ptr,opt->name)) { ++ options|=opt->option; ++ Log::global->Format(9,"ssl: applied %s option\n",ptr); ++ break; ++ } ++ } ++ } ++ } ++ SSL_CTX_set_options(ssl_ctx, options); + SSL_CTX_set_cipher_list(ssl_ctx, "ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH"); + SSL_CTX_set_verify(ssl_ctx,SSL_VERIFY_PEER,lftp_ssl_openssl::verify_callback); + // SSL_CTX_set_default_passwd_cb(ssl_ctx,lftp_ssl_passwd_callback); +diff -Naurp lftp-4.4.8.orig/src/resource.cc lftp-4.4.8/src/resource.cc +--- lftp-4.4.8.orig/src/resource.cc 2013-03-19 14:00:36.000000000 +0100 ++++ lftp-4.4.8/src/resource.cc 2015-05-13 17:57:40.885954120 +0200 +@@ -354,6 +354,7 @@ static ResType lftp_vars[] = { + {"ssl:check-hostname", "yes", ResMgr::BoolValidate,0}, + {"ssl:verify-certificate", "yes", ResMgr::BoolValidate,0}, + {"ssl:use-sni", "yes", ResMgr::BoolValidate,0}, ++ {"ssl:priority", "", 0,0}, + # if USE_OPENSSL + {"ssl:ca-path", "", ResMgr::DirReadable,ResMgr::NoClosure}, + {"ssl:crl-path", "", ResMgr::DirReadable,ResMgr::NoClosure}, diff --git a/SPECS/lftp.spec b/SPECS/lftp.spec index bb61248..1ba1e63 100644 --- a/SPECS/lftp.spec +++ b/SPECS/lftp.spec @@ -1,7 +1,7 @@ Summary: A sophisticated file transfer program Name: lftp Version: 4.4.8 -Release: 3%{?dist} +Release: 7%{?dist} License: GPLv3+ Group: Applications/Internet Source0: ftp://ftp.yar.ru/lftp/lftp-%{version}.tar.xz @@ -11,6 +11,12 @@ BuildRequires: ncurses-devel, gnutls-devel, pkgconfig, readline-devel, gettext Patch1: lftp-4.0.9-date_fmt.patch Patch2: lftp-4.2.0-man.patch +Patch3: lftp-4.4.8-overwrite.patch +Patch4: lftp-4.4.8-doc-rename.patch +Patch5: lftp-4.4.8-help-exitcode.patch +Patch6: lftp-4.4.8-mirror302.patch +Patch7: lftp-4.4.8-ssl-tls-restrict.patch +Patch8: lftp-4.4.8-mirror302-2.patch %description LFTP is a sophisticated ftp/http file transfer program. Like bash, it has job @@ -32,6 +38,12 @@ Utility scripts for use with lftp. %patch1 -p1 -b .date_fmt %patch2 -p1 -b .man +%patch3 -p1 -b .overwrite +%patch4 -p1 -b .doc_rename +%patch5 -p1 -b .help_exitcode +%patch6 -p1 -b .mirror302 +%patch7 -p1 -b .ssl_tls_restrict +%patch8 -p1 -b .mirror302-2 #sed -i.rpath -e '/lftp_cv_openssl/s|-R.*lib||' configure sed -i.norpath -e \ @@ -94,6 +106,24 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon Jun 15 2015 Luboš Uhliarik - 4.4.8-7 +- Fixed issue with absolute URL locations in mirror mode +- Related: #1181580 + +* Wed May 13 2015 Luboš Uhliarik - 4.4.8-6 +- Fix lftp does not follow http redirect (302) in mirror mode (#1181580) +- Fix lftp exists randomly when "cmd:fail-exit" is set (#1193984) +- Added RFE - lftp configurations for restricting each SSL/TLS + version (#1182987) +- Fixed bogus dates of this SPEC + +* Tue May 12 2015 Lubos Uhliarik - 4.4.8-5 +- Fix option xfer:auto-rename not documented (#1035229) + +* Tue May 12 2015 Lubos Uhliarik - 4.4.8-4 +- Fix lftp to overwrite filename when auto-rename and clobber + are enabled (#1035264) + * Fri Jan 24 2014 Daniel Mach - 4.4.8-3 - Mass rebuild 2014-01-24 @@ -118,7 +148,7 @@ rm -rf $RPM_BUILD_ROOT * Mon Oct 01 2012 Jiri Skala - 4.4.0-1 - updated to latest upstream 4.4.0 -* Sun Jul 21 2012 Jiri Skala - 4.3.8-1 +* Sat Jul 21 2012 Jiri Skala - 4.3.8-1 - updated to latest upstream 4.3.8 * Thu Jul 19 2012 Fedora Release Engineering - 4.3.7-2 @@ -276,7 +306,7 @@ rm -rf $RPM_BUILD_ROOT - fix core dumping when html tag has its argument empty - use own libtool -* Tue Dec 13 2007 Martin Nagy - 3.5.14-3 +* Thu Dec 13 2007 Martin Nagy - 3.5.14-3 - Fixed coredumping when downloading (#414051) * Tue Dec 04 2007 Martin Nagy - 3.5.14-2.1 @@ -491,7 +521,7 @@ rm -rf $RPM_BUILD_ROOT * Fri Feb 22 2002 Nalin Dahyabhai 2.4.9-1 - update to 2.4.9 -* Mon Jan 23 2002 Nalin Dahyabhai 2.4.8-1 +* Wed Jan 23 2002 Nalin Dahyabhai 2.4.8-1 - update to 2.4.8 * Wed Jan 09 2002 Tim Powers 2.4.0-3