From 9a98883388974dd7176288431f3f7d3246638b04ce33850a43d93f82ee8301ad Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Fri, 10 Jun 2016 10:59:50 +0000 Subject: [PATCH] Accepting request 400890 from home:AndreasStieger:branches:network:utilities GNU wget 1.18 CVE-2016-4971 (boo#984060) OBS-URL: https://build.opensuse.org/request/show/400890 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=59 --- wget-1.17.1.tar.xz | 3 --- wget-1.17.1.tar.xz.sig | Bin 543 -> 0 bytes wget-1.18.tar.xz | 3 +++ wget-1.18.tar.xz.sig | Bin 0 -> 543 bytes wget.changes | 21 +++++++++++++++++++++ wget.spec | 10 +++++++--- 6 files changed, 31 insertions(+), 6 deletions(-) delete mode 100644 wget-1.17.1.tar.xz delete mode 100644 wget-1.17.1.tar.xz.sig create mode 100644 wget-1.18.tar.xz create mode 100644 wget-1.18.tar.xz.sig diff --git a/wget-1.17.1.tar.xz b/wget-1.17.1.tar.xz deleted file mode 100644 index 800df13..0000000 --- a/wget-1.17.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fe559b61eb9cc01635ac6206a14e02cb51591838c35fa83c7a4aacae0bdd97c9 -size 1894140 diff --git a/wget-1.17.1.tar.xz.sig b/wget-1.17.1.tar.xz.sig deleted file mode 100644 index 190160639147e78656cc871e64db89b68473732799a437000ca3ccd66ca8c1d6..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p-!U9HRgV2@obdZSvt`;p$qp5B(S2_IY$JB=a+Z=Zry- z0rlKkq|nywCOV6ku>%4s4slCJo4jpabvfT?f*_h z?Joag{fApfCB zbDo+cG$9g}D5)^ApJ^kEAKh9G1mxeP9Lr~CUrmKYYZU*TSeC|{0}PhpE%-$v_Crjn zD7-$!XJd0TVYKBrOup`53`4VY30toqqIMe-J+W?s*R*;!m?6teHTY7e=%>Sy;Uzia zu0C9^ODLm)CPvc4;*7Dj(>D&@4vj1l%!)b^a1I^X07x~Hmi+=wDcOC6^G6P>Ob$o` zARTF8$bap?8Y{YH+sov}jic`$571h}keTn|aaNe>5}PRp@?Jd-V&?pJD!+x1)dcry z5FCG902Fyn8`3ownd&Q5C3r(b{C;5q%CbE)rZxx zA)3ju%~y}Uk{%Pdj+6!P^;?J-LNwbqsuP9~JCpf1S9H+p?cPQEP6e{_C%Q_r@N|9J zrbq*TEq6=>jU2IRt5{|U%%Z0?k8Oc@MsjpOU1xYtX7gy9}JFerpLOgeFRnsVePV*pm26bxya z#A)wgSBq)_Wc1480enU&HOg&QTm)_I!LS4`71!}6!9J%} zItibt4E?8UmWiX8`{keq^tHQdQT8ZHS%2Yq(Lx1r8>+IR%A_Us&YfO{n^jV08-wl= z(meLZW!Y_t7#}8G*1wWg6I@d4p&I;o-6)=Zbxf4VwOZEl)nRtu@g+mg`yZ4!S+~(4 zzKWcs``0pK_x1c+z6%_@4;Pk0j!OISfpSI+2ub0CGb5jdCq_9q+{QIJY12W;DqLn8 z3htxH95~Mo)5}+^*@z5|LE({6Sd>ICvyq?PEXYOqtkcINP3iG)EP5t>vMaD8do1FkznHj)?|9! h1rGvWC`36O>i}y5Jiq~^_hd*9T(CxqoAX{C_jd?^0X+Z! literal 0 HcmV?d00001 diff --git a/wget.changes b/wget.changes index 14198b3..634287a 100644 --- a/wget.changes +++ b/wget.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Thu Jun 9 20:42:15 UTC 2016 - astieger@suse.com + +- GNU wget 1.18: + * On server redirects to a FTP resource, use the original URL to + get the local file name by default. CVE-2016-4971 (boo#984060) + This introduces a backward-incompatibility for HTTP->FTP + redirects and any script that relies on the old behaviour must + use --trust-server-names. + * Check the HSTS file is not world-writable before using it. + * Parse attributes on a recursive download. + * Fix problem with SNI server names having trailing dot(s) + * New options --bind-dns-address and --dns-servers. + * Convert non-ASCII URIs to the locale's codeset when creating + files. Encoding of remote files and URIs is taken from + --remote-encoding, defaulting to UTF-8. The result is that + non-ASCII URIs and files downloaded via HTTP/HTTPS and FTP will + have names on the local filesystem that correspond to their + remote names. +- build with gpgme, libcares2 + ------------------------------------------------------------------- Sat Dec 12 09:35:06 UTC 2015 - astieger@suse.com diff --git a/wget.spec b/wget.spec index f536732..900807d 100644 --- a/wget.spec +++ b/wget.spec @@ -1,7 +1,7 @@ # # spec file for package wget # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %bcond_with regression_tests Name: wget -Version: 1.17.1 +Version: 1.18 Release: 0 Summary: A Tool for Mirroring FTP and HTTP Servers License: GPL-3.0+ @@ -33,6 +33,8 @@ Patch6: wget-1.14-no-ssl-comp.patch # PATCH-FIX-OPENSUSE fix pod syntax for perl 5.18 coolo@suse.de Patch7: wget-fix-pod-syntax.diff BuildRequires: automake +BuildRequires: gpgme-devel >= 0.4.2 +BuildRequires: libcares-devel BuildRequires: libidn-devel BuildRequires: libpng-devel BuildRequires: makeinfo @@ -43,6 +45,7 @@ BuildRequires: xz PreReq: %{install_info_prereq} BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %{?suse_version} > 1110 +BuildRequires: pkg-config BuildRequires: pkgconfig(libmetalink) BuildRequires: pkgconfig(libpcre) BuildRequires: pkgconfig(libpsl) @@ -82,6 +85,7 @@ autoreconf --force %endif %configure \ --with-ssl=openssl \ + --with-cares \ --with-metalink make %{?_smp_mflags} @@ -91,7 +95,7 @@ make %{?_smp_mflags} -C tests/ check %endif %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +make %{?_smp_mflags} DESTDIR=%{buildroot} install %find_lang %{name} %post