From 0ceb7df7de1de7003d33ad6cd264681b11d1048727cfe344f079431c46ea56cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Wed, 4 Dec 2024 09:29:00 +0100 Subject: [PATCH] Sync from SUSE:SLFO:Main wget revision 37ec7b90613c7626dd79e392a58571e8 --- properly-re-implement-userinfo-parsing.patch | 74 -------------------- wget-1.24.5.tar.gz | 3 - wget-1.24.5.tar.gz.sig | 17 ----- wget-1.25.0.tar.gz | 3 + wget-1.25.0.tar.gz.sig | 17 +++++ wget.changes | 18 +++++ wget.spec | 13 ++-- 7 files changed, 44 insertions(+), 101 deletions(-) delete mode 100644 properly-re-implement-userinfo-parsing.patch delete mode 100644 wget-1.24.5.tar.gz delete mode 100644 wget-1.24.5.tar.gz.sig create mode 100644 wget-1.25.0.tar.gz create mode 100644 wget-1.25.0.tar.gz.sig diff --git a/properly-re-implement-userinfo-parsing.patch b/properly-re-implement-userinfo-parsing.patch deleted file mode 100644 index 37cd38c..0000000 --- a/properly-re-implement-userinfo-parsing.patch +++ /dev/null @@ -1,74 +0,0 @@ -From ed0c7c7e0e8f7298352646b2fd6e06a11e242ace Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Tim=20R=C3=BChsen?= -Date: Sun, 2 Jun 2024 12:40:16 +0200 -Subject: Properly re-implement userinfo parsing (rfc2396) - -* src/url.c (url_skip_credentials): Properly re-implement userinfo parsing (rfc2396) - -The reason why the implementation is based on RFC 2396, an outdated standard, -is that the whole file is based on that RFC, and mixing standard here might be -dangerous. ---- - src/url.c | 40 ++++++++++++++++++++++++++++++++++------ - 1 file changed, 34 insertions(+), 6 deletions(-) - -diff --git a/src/url.c b/src/url.c -index 69e948b..07c3bc8 100644 ---- a/src/url.c -+++ b/src/url.c -@@ -41,6 +41,7 @@ as that of the covered work. */ - #include "url.h" - #include "host.h" /* for is_valid_ipv6_address */ - #include "c-strcase.h" -+#include "c-ctype.h" - - #ifdef HAVE_ICONV - # include -@@ -526,12 +527,39 @@ scheme_leading_string (enum url_scheme scheme) - static const char * - url_skip_credentials (const char *url) - { -- /* Look for '@' that comes before terminators, such as '/', '?', -- '#', or ';'. */ -- const char *p = (const char *)strpbrk (url, "@/?#;"); -- if (!p || *p != '@') -- return url; -- return p + 1; -+ /* -+ * This whole file implements https://www.rfc-editor.org/rfc/rfc2396 . -+ * RFC 2396 is outdated since 2005 and needs a rewrite or a thorough re-visit. -+ * -+ * The RFC says -+ * server = [ [ userinfo "@" ] hostport ] -+ * userinfo = *( unreserved | escaped | ";" | ":" | "&" | "=" | "+" | "$" | "," ) -+ * unreserved = alphanum | mark -+ * mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")" -+ */ -+ static const char *allowed = "-_.!~*'();:&=+$,"; -+ -+ for (const char *p = url; *p; p++) -+ { -+ if (c_isalnum(*p)) -+ continue; -+ -+ if (strchr(allowed, *p)) -+ continue; -+ -+ if (*p == '%' && c_isxdigit(p[1]) && c_isxdigit(p[2])) -+ { -+ p += 2; -+ continue; -+ } -+ -+ if (*p == '@') -+ return p + 1; -+ -+ break; -+ } -+ -+ return url; - } - - /* Parse credentials contained in [BEG, END). The region is expected --- -cgit v1.1 diff --git a/wget-1.24.5.tar.gz b/wget-1.24.5.tar.gz deleted file mode 100644 index 9bb2568..0000000 --- a/wget-1.24.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fa2dc35bab5184ecbc46a9ef83def2aaaa3f4c9f3c97d4bd19dcb07d4da637de -size 5182521 diff --git a/wget-1.24.5.tar.gz.sig b/wget-1.24.5.tar.gz.sig deleted file mode 100644 index 72efada..0000000 --- a/wget-1.24.5.tar.gz.sig +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJDBAABCAAtFiEEa5j2N9h5xSNuJ3xcZP+QqujHCvkFAmXtv7QPHGdwZ0BkYXJu -aXIubmV0AAoJEGT/kKroxwr59lwQAKCzs/wa9PmMW4MgcUKXMwixoysi/kl4zwTO -V7W3JN80YRyf2kG/wPu6//JmYgeUXwY0x9XbbfwmCsopmCXsXWJlD6BswOrZi+34 -BFmQOQImfUYurKjA9N/ZiZbCl8i+/WiEW/kRHJ3TCiZ578JAy+H16pM2EJbv/jkE -/FBW2gAyNcsu7pGCcv9DjdwJEGySvKklKmv6l/uA9l6wBX8/DqdmjjnMN3YaXot+ -2HpWZeEDnMhT3++MAYbpPVF76OWTFoyE9WBbPbs2uci75vsghwyF9PLmyqxBRNoE -SGpY18DXrx01eXUiXYd5DUNkkFQReWRaMxkURijTgXVvebiXJ4b3Updr5Ds5j6vb -adCgyf4zj8hbd41T+an/e3u51D+6+M+jjBGmL0gY/edixZMVb9lS8FiUBD9rjvpe -VlNZWOS3C7Wr7iwq39t0R6sZc9GjnxokmcS+xCM3FBLpSg/jOJ0P+WIgVxyScuHa -sLcQk0laXWcDwfOzPSjFSEMtDvt4NANhCMxHOi0dh5L+n+KFvFIS9R1mlyKmdLCo -O72NS+Ks9zgSLebapGPFutvZlp6mB98f4YWhOyJR3VkfdHrtlWfq9EvofMM+KpB9 -0bKt+eDvIpkbMhUisAtjE0OwpTSZa1pBogwF3Zwjvb+baGD51EPbh4Al8XlQ8ONE -9obMVikI -=qpKJ ------END PGP SIGNATURE----- diff --git a/wget-1.25.0.tar.gz b/wget-1.25.0.tar.gz new file mode 100644 index 0000000..d4cc6d1 --- /dev/null +++ b/wget-1.25.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:766e48423e79359ea31e41db9e5c289675947a7fcf2efdcedb726ac9d0da3784 +size 5263736 diff --git a/wget-1.25.0.tar.gz.sig b/wget-1.25.0.tar.gz.sig new file mode 100644 index 0000000..ff3011b --- /dev/null +++ b/wget-1.25.0.tar.gz.sig @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJDBAABCAAtFiEEa5j2N9h5xSNuJ3xcZP+QqujHCvkFAmcxJnYPHGRhcm5pckBn +bnUub3JnAAoJEGT/kKroxwr528sP/2zIABlSq1MwfnKm72+ViZUF+Htd1ctJJBdv +7YDO3kUSv9cL+vJHl5/bksRT5btzVBBV8uN87AjUrB/eAwskBhbteNhTMNe0O990 +st+qpHcH2b/KT0tdMXYT57W5iIv3SIMpDhEHWP6uzTr4YC2T3j22LHO3Ytm30XeM +XFAaHLxLCioAyVf+Im/oDrSW+tl882ubL7D23nBkT8Lh2R7XtBTvWof17YPBpkdY +KADgG2qSKFi08nCCMJ/k8nC0jsTrANkOC+34Zvp6ri5N9MzPKLOCLumSfwCdyeO/ +vTGDJDE+Gvo130KUxnXTm7/goaUMaRiwIuPnTHc4+20NWWejZUaVfOYqiSqiNr9l +IncvZskH3SqTuygtUTlXKEZePUQ27Cf9AiylEkEzMNb6qMHBiMX6Ql9JQzEocQP9 +mhP4VaauBKidqADhyDNLLSmyaHuw1nC4oXydQDR5EJ1mNpXPjzd/0p5MjQjwYAOW ++NKMF9+iraTl6wELNGB1BkU3Ya1hFVqFe7KvDy5Hk1JO6Fualq4E26S/iEuIZZ/R +KEpyqDj4w26OjuMWY5n3M26QGaKiyKpyB0vEtsrMpwwcn+Ue/QVSVXNLTYHNnN9H +NrkxPgDFixRyz4aCFOw4cu+pjz6zxeBOJ9sJZ+zajx6JUz6bC7v0CQ/TDmqAct3Y +ujdCG5mL +=FQTL +-----END PGP SIGNATURE----- diff --git a/wget.changes b/wget.changes index e36ae18..7a67cba 100644 --- a/wget.changes +++ b/wget.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Tue Nov 12 09:22:09 UTC 2024 - Valentin Lefebvre + +- GNU wget 1.25.0: + * New testcase for pathconf truncation + * Fix libproxy build with --disable-debug + * [BREAKING CHANGE] Support continious reading from stdin pipes + * Properly re-implement userinfo parsing (rfc2396) + * init: fix -Warray-bounds in setval_internal_tilde + * Fix build error on MingW with `G_GETFL` and `F_SETFL` flags + * Fix returning uninitialized variable + * Fix a static analysis false positive + * [BREAKING CHANGE] Fix CVE-2024-10524 (drop support for shorthand URLs) + (bsc#1233256) +- Remove committed patches + * properly-re-implement-userinfo-parsing.patch +- Renumber patches + ------------------------------------------------------------------- Wed Sep 11 17:22:46 UTC 2024 - Valentin Lefebvre diff --git a/wget.spec b/wget.spec index 02b3fe6..0f6283e 100644 --- a/wget.spec +++ b/wget.spec @@ -19,7 +19,7 @@ %bcond_with regression_tests Name: wget -Version: 1.24.5 +Version: 1.25.0 Release: 0 Summary: A Tool for Mirroring FTP and HTTP Servers License: GPL-3.0-or-later @@ -30,13 +30,12 @@ Source1: https://ftp.gnu.org/gnu/wget/%{name}-%{version}.tar.gz.sig # From https://savannah.gnu.org/project/release-gpgkeys.php?group=wget&download=1 Source2: %{name}.keyring Patch0: wgetrc.patch -Patch6: wget-1.14-no-ssl-comp.patch +Patch1: wget-1.14-no-ssl-comp.patch # PATCH-FIX-OPENSUSE fix pod syntax for perl 5.18 coolo@suse.de -Patch7: wget-fix-pod-syntax.diff -Patch8: wget-errno-clobber.patch -Patch9: remove-env-from-shebang.patch -Patch10: wget-do-not-propagate-credentials.patch -Patch11: properly-re-implement-userinfo-parsing.patch +Patch2: wget-fix-pod-syntax.diff +Patch3: wget-errno-clobber.patch +Patch4: remove-env-from-shebang.patch +Patch5: wget-do-not-propagate-credentials.patch BuildRequires: gpgme-devel >= 0.4.2 BuildRequires: libcares-devel BuildRequires: libidn2-devel