Accepting request 661869 from home:AndreasStieger:branches:network:utilities

GNU wget 1.20.1 CVE-2018-20483 (bsc#1120382) OBS-URL: https://build.opensuse.org/request/show/661869 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=93
2018-12-28 20:53:28 +00:00 · 2018-12-28 20:53:28 +00:00 · 161aa5f0fe
commit 161aa5f0fe
parent ce38b4661c
7 changed files with 1047 additions and 1206 deletions
--- a/wget-1.20.1.tar.gz
+++ b/wget-1.20.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b783b390cb571c837b392857945f5a1f00ec6b043177cc42abb8ee1b542ee1b3
+size 4392853
--- a/wget-1.20.1.tar.gz.sig
+++ b/wget-1.20.1.tar.gz.sig
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEHLJ9vJhhSy1YQWRtCDAttqJnBCgFAlwj4MMACgkQCDAttqJn
+BChfEg/+IV6d6IIG/UdNHZmw9Zx/GVKJ+kmCGBtGAWYV1/IyTqlsOHiP1d7flTHy
+oJE2OJ4tLt0v8/BOG739bRPR2CbrqDSxloIc0nxpG5aKGd7qapB/R8kDBCALoAvU
+Hn/eQalTPQ01mdlAbTt/1PZm0gg3nlKK3SQeSuS5x/TKW1VeUzAniUkV3QzWLlBI
+IMgXyJZHa9SQcs1O+z7P4Av31eUV7HFh209Sy1DB7fOoox1bplWf1vi8GiB3Fzav
+xVVgrqfIw7Y6piKGgyx91lj2/bucNzE+Uci87l0baBPedH0p8QqObVzwXfP77rd1
+lLWNWCfgjXsytalUQehIdBoNG4Axy6Xv8Fb0DsclS1mt1Vp1VD5/tZlm7657eu3a
+I/9RTDkQJ81VmTLdN4yhJi62a3EAWd378WnXzE0OTd6ORIh5Gl69bX7WL1xyh5NO
+7kI3+VUYqnQmlzxl3m2BMA0/dgGUU6UIFVSWxdWJ1X6d6IMc/TotjTTxSpQlf5jD
+78aGBDezkgrxQ/alqOXEPwsbCj+XraZ+OLwXOB/lh359g7yICDWE6ky9Cp9KeKam
+JrlQ/z8eDEIvQXPjk451LqNo694T73G2b7bC16/epUjJ9z1ftEuvefrBemBuLuzu
+5YqBcdQ3bxcC0zCoUilf0TiXUSwVS+QFpaScMmrTV2comKs/HF4=
+=ztII
+-----END PGP SIGNATURE-----
--- a/wget-1.20.tar.gz
+++ b/wget-1.20.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8a057925c74c059d9e37de63a63b450da66c5c1c8cef869a6df420b3bb45a0cf
-size 4474641
--- a/wget-1.20.tar.gz.sig
+++ b/wget-1.20.tar.gz.sig
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEa5j2N9h5xSNuJ3xcZP+QqujHCvkFAlwAcjEACgkQZP+QqujH
-Cvl1xxAAi/0j2UjNjOftXX1LFCKn+6Q5//T9iurjUZzpcLc7K7eiTSfI9TIpXzU9
-mWbvs6OiXbM8x/l4wj0gkV6OugpKBbAMagA9VT0vbFAetadWJE435U+ghruhz97e
-aKOVyTcOQNYHpHpw50bnmv2vyLCeFctE9eA6f7d88X7l27Et2QmnVyqGfhULGROX
-TFRY6LEqS5tNioL5r70j/rogf/Nb/ZEcXSWMbB/Y0Hold+IbaZn7qYtgP/lBFEGk
-UlX2mpPJuwktYGV+wJNlz0JwCbLCXsM9oTij29Kn1SujJ0QLfz43VqUbZK2vX8wu
-hRXqtqyq/GeWECQ4o/um08PEYNDW/BnucHX8/abP+I2NxVxJOSD9+LNsv1Yu2wnH
-aN9WPJ8Kts25nM0XqqUPgfPPJcuj/YNw9KBmA32VXGdP0RdsLZG2TtyNtFsUH7PQ
-OSXbUNEVuXECaRgMcZ6Jd251rOjROScBD+rSfsepfK6XsgnlweXD5LnDX6FBnigL
-P8P15VdM68jPLzwrwByDi+kjd59ojzu1Wc28WbX10K9jFx3OOy6RKJ0ULqNulNk9
-b4UXdbAmiXlDIN3FDN3fOCZzPGqcbcg21GoU2AvKfs9EKKVlIUgbxVfAcDtogn3h
-b1CetPZWgl0tPS0TaGQvnvDI1ftdUt3WoCqmXuoWeKdHnwmeqbY=
-=y9uB
-----END PGP SIGNATURE-----
--- a/wget.changes
+++ b/wget.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Dec 28 20:51:04 UTC 2018 - astieger@suse.com
+
+- GNU wget 1.20.1:
+  * --xattr is no longer default since it introduces privacy issues
+  * --xattr saves the Referer as scheme/host/port,
+    user/pw/path/query/fragment are no longer saved to prevent
+    privacy issues
+  * --xattr saves the Original URL without user/password to prevent
+    privacy issues
+  * all of the above fix CVE-2018-20483 (bsc#1120382)
+
 -------------------------------------------------------------------
 Fri Nov 30 14:02:43 UTC 2018 - josef.moellers@suse.com

--- a/wget.keyring
+++ b/wget.keyring
@ -1,130 +1,4 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
-
-    <link rel="shortcut icon" type="image/x-icon" href="/assets/favicon-4c5c2eea1610835f4e55fc37c28ed6ce2c6393f9e35c4af123e20d0678030f4b.ico" />
-
-    <title>View File wget.keyring of Package wget - openSUSE Build Service</title>
-
-    <link rel="stylesheet" media="screen" href="/assets/webui/application-cdb1b8e07803dc1e38ff55c89749a23237060c82506ae446bed2179ec4334b58.css" />
-    
-
-    <script src="/assets/webui/application-8d1b474886b68c7a3de3a602c228a5a06bb62d32cd70760510aece5c1eda993b.js"></script>
-    <script>
-//<![CDATA[
-
-      
-      var _paq = _paq || [];
-      $(function() {
-        
-  $("#advanced_tabs_trigger").click(function() {
-    $("#advanced_tabs").show();
-    $("#advanced_list_item").hide();
-  });
-
-          callPiwik();
-      });
-
-//]]>
-</script>
-    <link rel="alternate" type="application/rss+xml" title="News" href="/main/news.rss" />
-    <meta name="csrf-param" content="authenticity_token" />
-<meta name="csrf-token" content="WBxmzOxhHPxgSoiveaXlBNd1OdEqJp0QbDGEI2KnV24OKCtCTRxK4QErWlyJUVbgvTQRV9Df0EhBDuxO1wXXEQ==" />
-  </head>
-  <body>
-    <div class="overlay"></div>
-
-    
-    <!-- Start: Header -->
-<div id='header'>
-<div class='container_12' id='header-content'>
-<a id="header-logo" href="/"><img class="icons-header-logo" alt="header-logo" src="/assets/s-ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629.gif" /></a>
-<ul id='global-navigation'>
-<li id='item-downloads'>
-<a href='http://en.opensuse.org/openSUSE:Browse#Downloads'>Downloads</a>
-</li>
-<li id='item-support'>
-<a href='http://en.opensuse.org/openSUSE:Browse#Support'>Support</a>
-</li>
-<li id='item-community'>
-<a href='http://en.opensuse.org/openSUSE:Browse#Community'>Community</a>
-</li>
-<li id='item-development'>
-<a href='http://en.opensuse.org/openSUSE:Browse#Development'>Development</a>
-</li>
-</ul>
-<form id="global-search-form" class="label-overlay" action="/search?name=1&amp;package=1&amp;project=1" accept-charset="UTF-8" method="post"><input name="utf8" type="hidden" value="&#x2713;" /><input type="hidden" name="authenticity_token" value="Xg+KfwbAYEzpvZjK+jpRrTCoPOvvaZ9V21He3clDEeEIO8fxp702UYjcSjkKzuJJWukUbRWQ0g32brawfOGRng==" />
-<div style='display: inline'>
-<label class='hidden' for='search'>Search</label>
-<input type="text" name="search_text" id="search" value="" />
-<input class='hidden' type='submit' value='Search'>
-</div>
-</form>
-
-
-</div>
-</div>
-
-
-    <div id="subheader" class="container_16">
-      <div id="breadcrump" class="grid_10 alpha">
-        <img title="Logo" class="icons-home_grey" alt="Logo" src="/assets/s-ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629.gif" /><a href="/">openSUSE Build Service</a>
-            &gt;
-                          <a href="/project/list_public">Projects</a>
-      </div>
-
-      <div class='grid_6 omega' style='text-align: right'>
-<a href="https://secure-www.novell.com/selfreg/jsp/createOpenSuseAccount.jsp?%22">Sign Up</a>
-|
-<a id="login-trigger" href="/session/new">Log In</a>
-<div id='login-form'>
-<form id="login_form" enctype="application/x-www-form-urlencoded" action="https://build.opensuse.org/ICSLogin/auth-up" accept-charset="UTF-8" method="post"><input name="utf8" type="hidden" value="&#x2713;" /><input type="hidden" name="authenticity_token" value="FGXNgZtmCyL9B0JfCtojsgc0BG8pTbSDTAp/F/COgzlCUYAPOhtdP5xmkKz6LpBWbXUs6dO0+dthNRd6RSwDRg==" />
-<p>
-<input type="hidden" name="context" id="context" value="default" />
-<input type="hidden" name="proxypath" id="proxypath" value="reserve" />
-<input type="hidden" name="message" id="message" value="Please log in" />
-<input type="hidden" name="url" id="url" value="/package/view_file/home:AndreasStieger:branches:network:utilities/wget/wget.keyring?rev=2" />
-<label for="username">Username</label>
-<input type="text" name="username" id="username" value="" />
-</p>
-<p>
-<label for="password">Password</label>
-<input type="password" name="password" id="password" value="" />
-</p>
-<p><input type="submit" name="commit" value="Log In" onclick="fillEmptyFields();" data-disable-with="Log In" /></p>
-<p class='slim-footer'><a id="close-login" href="#">Cancel</a></p>
-</form>
-
-</div>
-</div>
-
-    </div>
-
-
-    <div class='container_16' id='flash-messages'>
-</div>
-
-
-    <!-- this is needed for the delete confirm dialogues -->
-    <div id="dialog_wrapper" style="display: none"></div>
-
-    <!-- Start: Main Content Area -->
-    <div id="content" class="container_16 content-wrapper">
-        <div class="grid_16 box box-shadow alpha omega">
-          
-
-<div class="box-header header-tabs" id="package_tabs">
-  <ul>
-    <li id="tab-overview"><a href="/package/show/home:AndreasStieger:branches:network:utilities/wget">Overview</a></li>
-      <li id="advanced_list_item"><a href="#" id="advanced_tabs_trigger">Advanced</a></li>
-  </ul>
-</div>
-
-
-<h3>View File wget.keyring of Package wget (Project home:AndreasStieger:branches:network:utilities)</h3>
-
-<pre>-----BEGIN PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v1.2.4 (GNU/Linux)

 mQGiBEKfV3cRBACjA0ffG1qq1WtSD22wPpC6A4XnOJ/rICQMB/CvTv1K21a0oAi+
@ -1138,49 +1012,3 @@ w0kgZHrl3IoFnIHt2PlXQ+k//H9Q8lzQOBM01CUIQtMAPe5LybprgrKV5SAQ6IYc
 xQ==
 =pljZ
 -----END PGP PUBLIC KEY BLOCK-----
-</pre>
-
-        </div>
-    </div>
-    <!-- End: Main Content Area -->
-
-    <div style="clear: both;"></div>
-
-    <div id="footer" class="container_12">
-
-      <div class="grid_3">
-        <strong class="grey-medium spacer1">Locations</strong>
-        <ul>
-          <li><a href="/project">Projects</a></li>
-          <li><a class="search-link" href="/search">Search</a></li>
-        </ul>
-      </div>
-
-      <div class="grid_3">
-        <strong class="grey-medium spacer1">Help</strong>
-        <ul>
-              <li><a href="http://openbuildservice.org/">Open Build Service</a></li>
-              <li><a href="http://openbuildservice.org/help/manuals/">OBS Manuals</a></li>
-              <li><a href="http://en.opensuse.org/Portal:Build_service">openSUSEs OBS Portal</a></li>
-              <li><a href="http://openbuildservice.org/support/">Reporting a Bug</a></li>
-        </ul>
-      </div>
-
-      <div class="grid_3">
-        <strong class="grey-medium spacer1">Contact</strong>
-        <ul>
-               <li><a href="http://lists.opensuse.org/opensuse-buildservice/">Mailing List</a></li>
-               <li><a href="http://forums.opensuse.org/forumdisplay.php/692-Open-Build-Service-%28OBS%29">Forums</a></li>
-               <li><a href="irc://irc.opensuse.org/opensuse-buildservice">Chat (IRC)</a></li>
-               <li><a href="http://twitter.com/OBShq">Twitter</a></li>
-        </ul>
-      </div>
-      <div class="clear"></div>
-      <div id="footer-legal" class="grid_12">
-        <p>
-          <a href="http://openbuildservice.org">Open Build Service (OBS)</a> is an <a href="http://www.opensuse.org">openSUSE project</a>.
-        </p>
-      </div>
-    </div>
-  </body>
-</html>
--- a/wget.spec
+++ b/wget.spec
@ -12,18 +12,18 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


 %bcond_with	regression_tests
 Name:           wget
-Version:        1.20
+Version:        1.20.1
 Release:        0
 Summary:        A Tool for Mirroring FTP and HTTP Servers
-License:        GPL-3.0+
+License:        GPL-3.0-or-later
 Group:          Productivity/Networking/Web/Utilities
-Url:            https://www.gnu.org/software/wget/
+URL:            https://www.gnu.org/software/wget/
 Source:         https://ftp.gnu.org/gnu/wget/%{name}-%{version}.tar.gz
 Source1:        https://ftp.gnu.org/gnu/wget/%{name}-%{version}.tar.gz.sig
 Source2:        https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=wget&download=1#/wget.keyring
@ -105,7 +105,8 @@ make %{?_smp_mflags} -C tests/ check
 %install_info_delete --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz

 %files -f %{name}.lang
-%doc AUTHORS COPYING NEWS README MAILING-LIST
+%license COPYING
+%doc AUTHORS NEWS README MAILING-LIST
 %doc doc/sample.wgetrc util/rmold.pl
 %{_mandir}/*/wget*
 %{_infodir}/wget*