Accepting request 400890 from home:AndreasStieger:branches:network:utilities

GNU wget 1.18 CVE-2016-4971 (boo#984060) OBS-URL: https://build.opensuse.org/request/show/400890 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=59
2016-06-10 10:59:50 +00:00 · 2016-06-10 10:59:50 +00:00 · 9a98883388
commit 9a98883388
parent a6daed35e4
6 changed files with 31 additions and 6 deletions
--- a/wget-1.17.1.tar.xz
+++ b/wget-1.17.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fe559b61eb9cc01635ac6206a14e02cb51591838c35fa83c7a4aacae0bdd97c9
-size 1894140
--- a/wget-1.17.1.tar.xz.sig
+++ b/wget-1.17.1.tar.xz.sig
--- a/wget-1.18.tar.xz
+++ b/wget-1.18.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b5b55b75726c04c06fe253daec9329a6f1a3c0c1878e3ea76ebfebc139ea9cc1
+size 1922376
--- a/wget-1.18.tar.xz.sig
+++ b/wget-1.18.tar.xz.sig
--- a/wget.changes
+++ b/wget.changes
@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Thu Jun  9 20:42:15 UTC 2016 - astieger@suse.com
+
+- GNU wget 1.18:
+  * On server redirects to a FTP resource, use the original URL to
+    get the local file name by default. CVE-2016-4971 (boo#984060)
+    This introduces a backward-incompatibility for HTTP->FTP
+    redirects and any script that relies on the old  behaviour must
+    use --trust-server-names.
+  * Check the HSTS file is not world-writable before using it.
+  * Parse <img srcset> attributes on a recursive download.
+  * Fix problem with SNI server names having trailing dot(s)
+  * New options --bind-dns-address and --dns-servers.
+  * Convert non-ASCII URIs to the locale's codeset when creating
+    files. Encoding of remote files and URIs is taken from
+    --remote-encoding, defaulting to UTF-8.  The result is that
+    non-ASCII URIs and files downloaded via HTTP/HTTPS and FTP will
+    have names on the local filesystem that correspond to their
+    remote names.
+- build with gpgme, libcares2
+
 -------------------------------------------------------------------
 Sat Dec 12 09:35:06 UTC 2015 - astieger@suse.com

--- a/wget.spec
+++ b/wget.spec
@ -1,7 +1,7 @@
 #
 # spec file for package wget
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@

 %bcond_with	regression_tests
 Name:           wget
-Version:        1.17.1
+Version:        1.18
 Release:        0
 Summary:        A Tool for Mirroring FTP and HTTP Servers
 License:        GPL-3.0+
@ -33,6 +33,8 @@ Patch6:         wget-1.14-no-ssl-comp.patch
 # PATCH-FIX-OPENSUSE fix pod syntax for perl 5.18 coolo@suse.de
 Patch7:         wget-fix-pod-syntax.diff
 BuildRequires:  automake
+BuildRequires:  gpgme-devel >= 0.4.2
+BuildRequires:  libcares-devel
 BuildRequires:  libidn-devel
 BuildRequires:  libpng-devel
 BuildRequires:  makeinfo
@ -43,6 +45,7 @@ BuildRequires:  xz
 PreReq:         %{install_info_prereq}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if %{?suse_version} > 1110
+BuildRequires:  pkg-config
 BuildRequires:  pkgconfig(libmetalink)
 BuildRequires:  pkgconfig(libpcre)
 BuildRequires:  pkgconfig(libpsl)
@ -82,6 +85,7 @@ autoreconf --force
 %endif
 %configure \
 	--with-ssl=openssl \
+	--with-cares \
 	--with-metalink
 make %{?_smp_mflags}

@ -91,7 +95,7 @@ make %{?_smp_mflags} -C tests/ check
 %endif

 %install
-make DESTDIR=%{buildroot} install %{?_smp_mflags}
+make %{?_smp_mflags} DESTDIR=%{buildroot} install
 %find_lang %{name}

 %post