Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/ArchiveTeam/wget-lua

Wget-AT is a modern Wget with Lua hooks, Zstandard (+dictionary) WARC compression and URL-agnostic deduplication.
https://github.com/ArchiveTeam/wget-lua

* src/hsts.c (open_hsts_test_store): Fix unlink(NULL)

35f5f79ce13e10850b6ae2e4e732e7cf64ed5438 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/hash.c: Silence UBSAN for hash functions

3cbdc67c9675b0af74a1393578ebaf9e25b3fd4b authored over 6 years ago by Tim Rühsen <[email protected]>
* fuzz/*_fuzzer.in: Update corpora from OSS-Fuzz

cdaee00259b2e43d40c84688650b1a0c945cf8c4 authored over 6 years ago by Tim Rühsen <[email protected]>
* fuzz/get_ossfuzz_corpora: Fix path

ad2471425f85a59965ba0dd3ce7dd31850d57df1 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/hsts.h: Fix header guard

ace96e4412ba820018716663f467b22eb6420be7 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/version.h: Add header guard

77286a2e0340698f81f68c9c74923a81515d27b9 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/host.c (wait_ares): Remove void assignment

Reported-by: Josef Moellers

7eff94e881b94d119ba22fc0c29edd65f4e6798b authored over 6 years ago by Tim Rühsen <[email protected]>
Update NEWS file for new release

15a39093b8751596fe87a6c1f143dff6b6a818ee authored over 6 years ago by Tim Rühsen <[email protected]>
Fix cookie injection (CVE-2018-0494)

* src/http.c (resp_new): Replace \r\n by space in continuation lines

Fixes #53763
"Malicious w...

1fc9c95ec144499e69dc8ec76dbe07799d7d82cd authored over 6 years ago by Tim Rühsen <[email protected]>
* tests/Test-https-weboftrust.px: Skip test, needs cert regen

f51936745aab064c4342eba1e049d4df45fa09f0 authored over 6 years ago by Tim Rühsen <[email protected]>
Fix make syntax-check

* cfg.mk: Add fuzzer reproducers to exception list
* po/POTFILES.in: Add src/spider.c

491c6914cb58dcbe18ce5a2cebcd8b1345243374 authored over 6 years ago by Tim Rühsen <[email protected]>
Fix HTTPS tests

* tests/Test-https-badcerts.px: Fix test return value
* tests/Test-https-crl.px: Likewise
* READ...

a6452061f878d5d94e98ccd81558871ebc55f816 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/init.c: Bring new --ciphers into right order in options array

77cf701416f1f0937943dffc27ccbc377ebbf5ee authored over 6 years ago by Tim Rühsen <[email protected]>
* doc/wget.texi: Add description for --ciphers

c4eb8632996c8e1250695cedbb26dda122bd7244 authored over 6 years ago by Ander Juaristi <[email protected]>
OpenSSL: Better seeding of PRNG

* src/openssl.c (init_prng): keep gathering entropy even though we
...

b9c4cadd84643906642e6498b4de0a1effb25856 authored over 6 years ago by Ander Juarist <[email protected]>
Enhance SSL/TLS security

This commit hardens SSL/TLS a bit more in the following ways:

* Explicitly exclude NULL authen...

744671aac6553e0212f793e3b2ce2796d1b55bce authored over 6 years ago by Ander Juaristi <[email protected]>
* src/netrc.c (parse_netrc_fp): Fix two memleaks

26a50942d8aec471be4c33298351af7abd9dd2eb authored over 6 years ago by Tim Rühsen <[email protected]>
Add new fuzzer for the .netrc parser

* fuzz/wget_netrc_fuzzer.c: New fuzzer
* fuzz/wget_netrc_fuzzer.dict: Fuzzer dictionary
* fuzz/w...

a1c90187972804b455e54fd249e0f95b6d7243f2 authored over 6 years ago by Tim Rühsen <[email protected]>
Add new fuzzer for the Set-Cookie parser

* fuzz/Makefile.am: Add wget_cookie_fuzzer
* fuzz/wget_cookie_fuzzer.c: New fuzzer
* fuzz/wget_c...

7de006bade072a8bf53d62a7d5b0bc4fdd8bfed5 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/utils.c (match_tail): Fix unsigned integer overflow

734d0aee1578694f7c5afffdc1e49ae8849f8afd authored over 6 years ago by Tim Rühsen <[email protected]>
Fix buffer overflow in CSS parser

* src/css-url.c (get_uri_string): Check input length
* fuzz/wget_css_fuzzer.repro/buffer-overflo...

78838d761f9699a6f17107a522c13cb200ae50c5 authored over 6 years ago by Tim Rühsen <[email protected]>
Fix buffer overflow in CSS parser

* src/css-url.c (get_urls_css): Check input string length
* fuzz/wget_css_fuzzer.repro/negative-...

cb47f3aaa4591b3a7f20fd30019fc4d81ecb4f4c authored over 6 years ago by Tim Rühsen <[email protected]>
Exclude fuzz corpora from tarball

* fuzz/Makefile.am: Do not include corpora in tarball
* fuzz/main.c: SKIP if corpora directory i...

acfd9b4d5670115ac4c5bd7bcf6a67edd50f97b8 authored over 6 years ago by Tim Rühsen <[email protected]>
* tests/Makefile.am: Add -I/src to AM_CPPFLAGS

ceb5d2d79465e9fcbe1335716fc9204c9cbe5128 authored over 6 years ago by Tim Rühsen <[email protected]>
Add CSS slowness reproducer (fixed)

* fuzz/wget_css_fuzzer.repro/slowness-6275836549267456: New file

This file created an extreme C...

939dbb0ebb8a1e32d9605acfa507a9fb0b749e37 authored over 6 years ago by Tim Rühsen <[email protected]>
Update CSS grammar from 1.x to 2.2

* src/css-tokens.h: Add enums and fixate values
* src/css.l: Include config.h,
ignore several ...

caa08d7470c79f8e8de4e830d4190d7284d86ae9 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/res.c (add_path): Fix memleak (parsing robots.txt)

Fixes OSS-Fuzz issue #8005.
This is a long standing bug affecting all versions <= 1.19.4.

76fb1fe6f628215a77d8f8254e2c472218158e8e authored over 6 years ago by Tim Rühsen <[email protected]>
* src/ftp-ls.c (ftp_parse_winnt_ls): Fix integer overflow

Fixes OSS-Fuzz issue #7999.
This is a long standing bug affecting all versions <= 1.19.4.

fe6d1247ad3164289657bb7c472d88cd50fcc8de authored over 6 years ago by Tim Rühsen <[email protected]>
Add new fuzzer for the URL parser

* fuzz/Makefile.am: Add wget_url_fuzzer
* fuzz/wget_url_fuzzer.c: New fuzzer
* fuzz/wget_url_fuz...

02325168caeaea008d7ab69afe8baefcf4037c55 authored over 6 years ago by Tim Rühsen <[email protected]>
Add new fuzzer for robots.txt parsing

* fuzz/Makefile.am: Add wget_robots_fuzzer
* fuzz/wget_robots_fuzzer.c: New fuzzer
* fuzz/wget_r...

93e5a97f257ddd619d15fd03c276658a65f2a527 authored over 6 years ago by Tim Rühsen <[email protected]>
* fuzz/README.md: Add CFLAGS for undefined sanitizer

36482a21eade053253e096fa502782fa009012b5 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/ftp-ls.c (ftp_parse_winnt_ls): Fix integer overflow

7ee3ad1c48c6625c99b194640d3c26fc2a68b527 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/ftp-ls.c (ftp_parse_vms_ls): Fix integer overflow by left shift

79c1f333dc11882c8c5288514aa75404341402ba authored over 6 years ago by Tim Rühsen <[email protected]>
* src/ftp-ls.c (ftp_parse_unix_ls): Fix integer overflow in date parsing

d8365b0607760d379311fbc5d5c3318e1c148446 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/ftp-ls.c (ftp_parse_winnt_ls): Fix heap-buffer-overflow

Fixes OSS-Fuzz issue #7931.
This is a long standing bug affecting all versions <= 1.19.4.

b0f802c46c286f4e07c499042ba3e3ea15c2d585 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/ftp-ls.c (ftp_parse_winnt_ls): Fix heap-buffer-overflow

Fixes OSS-Fuzz issue #7930.
This is a long standing bug affecting all versions <= 1.19.4.

96c64a859dcd95e63a9fe15824620ae15c72c6fa authored over 6 years ago by Tim Rühsen <[email protected]>
* fuzz/wget_ftpls_fuzzer.in: Update corpora

2269cc2f1b0576fe9f72a3a59b64f691a639fcd0 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/ftp-ls.c (eat_carets): Fix heap-buffer-overflow

7d3da0853760351c7567ce4d4698c3cb64b756dc authored over 6 years ago by Tim Rühsen <[email protected]>
* src/ftp-ls.c (ftp_parse_winnt_ls): Fix memleak

2b61c461832d8746cac2ab764b6f7040f040dfdb authored over 6 years ago by Tim Rühsen <[email protected]>
* src/ftp-ls.c (ftp_parse_vms_ls): Fix heap-buffer-overflow

f0d715b264689533fbfc494476855d9b6334230e authored over 6 years ago by Tim Rühsen <[email protected]>
* src/ftp-ls.c (ftp_parse_vms_ls): Fix heap-buffer-overflow

b3ff8ce3d59a1a5991bd7f751f8348fdf168cb99 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/ftp-ls.c (ftp_parse_vms_ls): Fix memleak

c7014fbaeab9d73e108e4c74583130f8e21b5a4f authored over 6 years ago by Tim Rühsen <[email protected]>
Add new fuzzer for the FTP listing parsers

* fuzz/Makefile.am: Add wget_ftpls_fuzzer
* fuzz/wget_ftpls_fuzzer.c: New fuzzer
* fuzz/wget_ftp...

407cd5f23b2a50f315e0afbb7c8e6d2ecf99a663 authored over 6 years ago by Tim Rühsen <[email protected]>
* fuzz/run-clang.sh: Remove -detect_leaks=0 from fuzzer command line

fbc5f3736e4f13b8aa2fb6bb3ad3e67172583435 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/main.c (main): Fix memleak for fuzzing/testing

7ecfe3ef70b84180b7c3736702d0c573a336ce29 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/init.c: Fix fuzzing in case ~/.wgetrc doesn't exist

7e635d173e44385bbb38df8c110a242baa9660da authored over 6 years ago by Tim Rühsen <[email protected]>
Fix fuzzer build for C++

* fuzz/wget_css_fuzzer.c: Include wget.h outside 'extern "C"',
undef fopen_wgetrc directly aft...

e83dd5b0aa6d05680b63b01082eceb9e5f33b3e0 authored over 6 years ago by Tim Rühsen <[email protected]>
* fuzz/Makefile.am: Add -I/lib to oss-fuzz builds

0b02993e3998855299711aeed05c2e78b69faed0 authored over 6 years ago by Tim Rühsen <[email protected]>
Add new HTML parser fuzzer

* fuzz/Makefile.am: Add wget_html_fuzzer
* fuzz/wget_html_fuzzer.c: New fuzzer
* fuzz/wget_html_...

23b0275feb007742dde192ece35ea41fca52a000 authored over 6 years ago by Tim Rühsen <[email protected]>
* fuzz/wget_css_fuzzer.c: Fix build

77c31d301b015ea6334e367742e175475c77d49a authored over 6 years ago by Tim Rühsen <[email protected]>
* fuzz/wget_css_fuzzer.in/*: Update fuzzer corpora

30bd99f3f575c08056e6448e17e0d5fca45908c2 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/css-url.c (get_uri_string): Fix buffer overflow (read)

c9a091ae45087f7fb83147b577cd3b0d75af4db1 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/iri.h: Fix C++ compile error

7a5db30b013d13b5c0a186d74506ea447cdc6dd2 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/css-url.c (get_urls_css): Call yylex_destroy() to reset CSS scanner

d25d036fba06c8af9b78d3d5a16ebf0f58ed3d09 authored over 6 years ago by Tim Rühsen <[email protected]>
Add new fuzzer wget_css_fuzzer.c

* fuzz/Makefile.am: Add wget_css_fuzzer.c
* fuzz/wget_css_fuzzer.c: New fuzzer

c1a368af890339b753b541f542014d588876553d authored over 6 years ago by Tim Rühsen <[email protected]>
* src/http.c: Download and scan CSS files in spider mode

9d899d7bb75e6ec3123133be899912314bacc559 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/html-url.h: Include needed header files

ff3c7733b7b23ec1aa332a9825d7ea7917f4d235 authored over 6 years ago by Tim Rühsen <[email protected]>
* wget_options_fuzzer.in/*: Update fuzzer corpora

cc7f15a529ac1368b5bce7a9850070e5be3376b9 authored over 6 years ago by Tim Rühsen <[email protected]>
* fuzz/README.md: Add CXXFLAGS and more configure options

ae6390e6a447afdb922a21be6f8c56c1f7c6a969 authored over 6 years ago by Tim Rühsen <[email protected]>
Fix oss-fuzz issue with exit()

* src/wget.h: Define exit() as exit_wget()
* fuzz/wget_options_fuzzer.c: Implement exit_wget() a...

3ae58dae139f61f64fe055e9376ca2225423fce5 authored over 6 years ago by Tim Rühsen <[email protected]>
* fuzz/wget_options_fuzzer.c: Declare fopen_* as C functions

bb03572c2a9088dbdc1461806d8759de278e3f2e authored over 6 years ago by Tim Rühsen <[email protected]>
Fix fopen/stdin issues with fuzzing

* fuzz/wget_options_fuzzer.c: Add fopen_wget() and fopen_wgetrc()
* src/utils.c: Use fopen_wgetr...

66b416b6cd10fb0e8f78b9c91879248fbb01f88d authored over 6 years ago by Tim Rühsen <[email protected]>
* configure.ac: AC_DEFINE FUZZING if --enable-fuzzing was given

fdd86aada972d498047f83a519e25bd4849341a9 authored over 6 years ago by Tim Rühsen <[email protected]>
* fuzz/wget_options_fuzzer.c: Write fuzzer crash reports

ce90ed78b62e475685cead09a294023c825e14d1 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/log.c: Don't check_redirect_output() when fuzzing

3c4a6506a557e839ae64994174db349575fe3117 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/main.c (promt_for_password): Avoid getpass() when fuzzing

fbb4cd231eee67e845c5f8f1d606ce2a4c146982 authored over 6 years ago by Tim Rühsen <[email protected]>
Fix double fclose() with -d while fuzzing

* src/ftp.c (ftp_loop_internal): Set warc_tmp to NULL after ffclose()
* src/init.c (cleanup): Se...

3ceb6e563003fdf159c6838442c420961be76561 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/main.c (main): Don't background if TESTING

eaf167aaaa52309824ce047f66b8920b0caaefb9 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/init.c (initialize): Return error, don't exit()

7d5de64fc9871139e0e1e9381c93b1ba71960611 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/init.c (cmd_use_askpass): Return false on error

70042265be0d2053431e999e1c8ee7d237643781 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/utils.c (compile_posix_regex): Hard-code string to regcomp

regcomp() may be too cpu + memory intensive for fuzzing.
See https://sourceware.org/glibc/wiki/S...

64758655c4ef8bc83dd3aae87c8972988a2c2434 authored over 6 years ago by Tim Rühsen <[email protected]>
Fix 2 more memleaks

* src/init.c (initialize): Use global var for wgetrc filename
* src/iri.c (find_locale): Return ...

e737c4b10ea1e228fdca13e91a012d412b2ae74e authored over 6 years ago by Tim Rühsen <[email protected]>
* src/init.c (cleanup): Set output_stream to NULL after closing

05a8c064e91a15dc0e2fecf5e49ed63235375ab3 authored over 6 years ago by Tim Rühsen <[email protected]>
Fix homedir memory leaks

* src/hsts.c: Use opt.homedir
* src/init.c: Likewise
* src/main.c: Likewise
* src/netrc.c: Likew...

01002a168a1a4c9a24315e54fc70c346cc97a799 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/main.c (main): Free opt.encoding_remote properly

73fd57585c2452df42a17f8b82028502200f6497 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/host.c (wait_ares): Free ptimer

7963260e76adbb4787b7dfcd307a6dd2621a4255 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/init.c (cleanup): Free regex objects properly

99a7039deff95001ff30cceba78a93d2c5109f54 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/main.c (save_hsts): Free hsts_store after closing

15ef79f808bd5513cc15e1b017c3c6d68afb46e6 authored over 6 years ago by Tim Rühsen <[email protected]>
Use strtol() instead of selfmade function

* src/init.c (cmd_number): Use strtol() instead of selfmade function
* bootstrap.conf: Add strto...

79385a29fd27a35e2a18d14122248867570cbb6e authored over 6 years ago by Tim Rühsen <[email protected]>
* src/hsts.c (hsts_hash_func): Allow integer overflow

55da9f71f0a1a9cfa18857277b9a2a048df5e3fa authored over 6 years ago by Tim Rühsen <[email protected]>
* init.c (cmd_spec_mirror): Fix uninitialzed stack variable

bec9816f40d89c1b0081e1cd588bd8562e628310 authored over 6 years ago by Tim Rühsen <[email protected]>
Add OSS-Fuzz infrastruture

* Makefile.am: Add fuzz/ to SUBDIRS
* cfg.mk: Fix 'make syntax-check'
* configure.ac: Add --enab...

a4402120ad7f788d6ce7311fa8bdca6d1ba851b7 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/init.c (cleanup): Free more variables

b86294e1c9a81e90aa943e1e7f0cd48e60fa6177 authored over 6 years ago by Tim Rühsen <[email protected]>
* wget_options_fuzzer.in: Add corpora directory

7e1e5f39593766f6bc9897ecc7ebaf8c6cc33458 authored over 6 years ago by Tim Rühsen <[email protected]>
* fuzz/wget_options_fuzzer.c: Suppress error messages from wget

4a6336d5518075d4f11f849120a11289882056cc authored over 6 years ago by Tim Rühsen <[email protected]>
* src/utils.c (fopen_stat): Early return to allow fuzzing/fmemopen

328438e69bc924c9aa1af1974a30389ba84dbcb5 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/init.c (initialize): Free mem before exit()

36f029d2f00d5f5b72978333deca669d33dc0807 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/init.c (cmd_bytes_sum): Fix integer over- and underflow

e0860dd1ff306abacb3780ddc6cf169cb588f328 authored over 6 years ago by Tim Rühsen <[email protected]>
* src/init.c (cleanup): Never call cleanup() twice

d7e3acb2cc4508e48ab423a9ecc5c186005d959a authored over 6 years ago by Tim Rühsen <[email protected]>
Move unit-test code to tests/

* src/Makefile.am: Remove test.c and test.h
* src/test.c: Rename to tests/unit-tests.c
* src/tes...

de54c970b2fb492bd25b2787397550a5cf42921a authored almost 7 years ago by Tim Rühsen <[email protected]>
* src/main.c: Rename main() -> main_wget() for unit tests

3e84963e84667b21ba794cbd84c8a1ae70f73894 authored almost 7 years ago by Tim Rühsen <[email protected]>
Fix some issues found by 'infer'

f56f970bc2b0df1d26ebd6a0a86083b37017cd70 authored almost 7 years ago by Tim Rühsen <[email protected]>
* src/openssl.c: Fix build for OpenSSL 1.1.0 without TLS1_3_VERSION

0b54043d17da7315f79eb778abbb0c405cf6fff4 authored almost 7 years ago by Tim Rühsen <[email protected]>
Add docs for --secure-protocol=TLSv1_3

* doc/wget.texi: Likewise

040106b3e2faf60bc15c86a8a360cda342ca5e6a authored almost 7 years ago by Tim Rühsen <[email protected]>
Add TLS1.3 support for OpenSSL build

* src/init.c: Add 'tlsv1_3 for --secure-protocol
* src/openssl.c (ssl_init): Enable TLS1.3 if po...

fde8cefd13b35adfd18f8b3469db76b81ae38176 authored almost 7 years ago by Loganaden Velvindron <[email protected]>
* src/main.c: Add help text for --retry-on-http-error

Reported-by: Giovanni Tirloni

ba2b0654b41208208d474d3b3485c01f471204aa authored almost 7 years ago by Tim Rühsen <[email protected]>
* src/url.c (convert_fname): Fix invalid free on iconv_open() failure

Reported-by: Volkmar Klatt

375bfa98dc2c6cdba3993018283671556094bb93 authored almost 7 years ago by Tim Rühsen <[email protected]>
* src/mswindows.c: Fix prototype of fork_to_background()

Reported-by: Gisle Vanem

bea54e0da4b48f3d1ee506c41a14e6a570a16bdf authored almost 7 years ago by Tim Rühsen <[email protected]>
Fix warning to not print binary IP address

* tests/Test-https-badcerts.px: Likewise
* tests/Test-https-clientcert.px: Likewise
* tests/Test...

98ec26cc6da0892b6ca7c0f02b10191d8c73f607 authored almost 7 years ago by Tim Rühsen <[email protected]>
Fix logging in background mode

* ../src/main.c: Re-init logfile if changed for background mode
* ../src/utils.c: fork_to_backgr...

c722973212547aa812cd818279e3fb989fb38dd4 authored almost 7 years ago by Tim Rühsen <[email protected]>