Hello community, here is the log from the commit of package wget for openSUSE:Factory checked in at 2014-11-03 13:11:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/wget (Old) and /work/SRC/openSUSE:Factory/.wget.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "wget" Changes: -------- --- /work/SRC/openSUSE:Factory/wget/wget.changes 2014-06-19 13:19:41.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.wget.new/wget.changes 2014-11-03 13:11:12.000000000 +0100 @@ -1,0 +2,19 @@ +Wed Oct 29 20:37:47 UTC 2014 - andreas.stieger@gmx.de + +- GNU wget 1.16: + This release contains a fix for symlink attack which could allow + a malicious ftp server to create arbitrary files, directories or + symbolic links and set their permissions when retrieving a + directory recursively through FTP. [CVE-2014-4877] [boo#902709] + * No longer create local symbolic links by default + --retr-symlinks=no option restores previous behaviour + * Use libpsl for verifying cookie domains. + * Default progress bar output changed. + * Introduce --show-progress to force display the progress bar. + * Introduce --no-config. The wgetrc files will not be read. + * Introduce --start-pos to allow starting downloads from a specified position. + * Fix a problem with ISA Server Proxy and keep-alive connections. +- refresh wget-libproxy.patch for upstream changes +- make some dependencies only required for testsuite optional + +------------------------------------------------------------------- Old: ---- wget-1.15.tar.xz wget-1.15.tar.xz.sig New: ---- wget-1.16.tar.xz wget-1.16.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wget.spec ++++++ --- /var/tmp/diff_new_pack.wezBc2/_old 2014-11-03 13:11:13.000000000 +0100 +++ /var/tmp/diff_new_pack.wezBc2/_new 2014-11-03 13:11:13.000000000 +0100 @@ -19,7 +19,7 @@ %bcond_with regression_tests Name: wget -Version: 1.15 +Version: 1.16 Release: 0 Summary: A Tool for Mirroring FTP and HTTP Servers License: GPL-3.0+ @@ -42,10 +42,11 @@ BuildRequires: libidn-devel BuildRequires: makeinfo BuildRequires: openssl-devel +%if %{with regression_tests} # For the Testsuite BuildRequires: perl-HTTP-Daemon BuildRequires: perl-IO-Socket-SSL - +%endif BuildRequires: pkg-config BuildRequires: xz PreReq: %install_info_prereq @@ -59,7 +60,7 @@ %setup -q %patch0 %if 0%{suse_version} > 1110 -%patch1 +%patch1 -p1 %endif %patch5 -p1 %patch6 ++++++ wget-1.15.tar.xz -> wget-1.16.tar.xz ++++++ ++++ 140935 lines of diff (skipped) ++++++ wget-libproxy.patch ++++++ --- /var/tmp/diff_new_pack.wezBc2/_old 2014-11-03 13:11:14.000000000 +0100 +++ /var/tmp/diff_new_pack.wezBc2/_new 2014-11-03 13:11:14.000000000 +0100 @@ -1,11 +1,18 @@ -Index: configure.ac +--- + configure.ac | 16 ++++++++++++++++ + src/Makefile.am | 2 +- + src/retr.c | 37 +++++++++++++++++++++++++++++++++++++ + tests/Makefile.am | 1 + + 4 files changed, 55 insertions(+), 1 deletion(-) + +Index: wget-1.16/configure.ac =================================================================== ---- configure.ac.orig -+++ configure.ac -@@ -338,6 +338,22 @@ else - fi +--- wget-1.16.orig/configure.ac 2014-10-29 20:41:01.000000000 +0000 ++++ wget-1.16/configure.ac 2014-10-29 20:41:05.000000000 +0000 +@@ -366,6 +366,22 @@ else fi + +dnl +dnl libproxy support +dnl @@ -25,31 +32,24 @@ dnl ********************************************************************** dnl Checks for IPv6 dnl ********************************************************************** -Index: src/Makefile.am +Index: wget-1.16/src/Makefile.am =================================================================== ---- src/Makefile.am.orig -+++ src/Makefile.am +--- wget-1.16.orig/src/Makefile.am 2014-10-29 20:41:01.000000000 +0000 ++++ wget-1.16/src/Makefile.am 2014-10-29 20:41:05.000000000 +0000 @@ -37,7 +37,7 @@ endif # The following line is losing on some versions of make! - DEFS = @DEFS@ -DSYSTEM_WGETRC=\"$(sysconfdir)/wgetrc\" -DLOCALEDIR=\"$(localedir)\" --LIBS = @LIBICONV@ @LIBINTL@ @LIBS@ $(LIB_CLOCK_GETTIME) -+LIBS = @LIBICONV@ @LIBINTL@ @libproxy_LIBS@ @LIBS@ $(LIB_CLOCK_GETTIME) + DEFS += -DSYSTEM_WGETRC=\"$(sysconfdir)/wgetrc\" -DLOCALEDIR=\"$(localedir)\" +-LIBS += $(LIBICONV) $(LIBINTL) $(LIB_CLOCK_GETTIME) ++LIBS += $(LIBICONV) $(LIBINTL) $(libproxy_LIBS) $(LIB_CLOCK_GETTIME) EXTRA_DIST = css.l css.c css_.c build_info.c.in -Index: tests/Makefile.am +Index: wget-1.16/src/retr.c =================================================================== ---- tests/Makefile.am.orig -+++ tests/Makefile.am -@@ -37,1 +37,1 @@ --LIBS = @LIBICONV@ @LIBINTL@ @LIBS@ $(LIB_CLOCK_GETTIME) -+LIBS = @LIBICONV@ @LIBINTL@ @libproxy_LIBS@ @LIBS@ $(LIB_CLOCK_GETTIME) -Index: src/retr.c -=================================================================== ---- src/retr.c.orig -+++ src/retr.c -@@ -54,6 +54,10 @@ as that of the covered work. */ +--- wget-1.16.orig/src/retr.c 2014-10-29 20:41:01.000000000 +0000 ++++ wget-1.16/src/retr.c 2014-10-29 20:41:05.000000000 +0000 +@@ -57,6 +57,10 @@ as that of the covered work. */ #include "html-url.h" #include "iri.h" @@ -60,7 +60,7 @@ /* Total size of downloaded files. Used to enforce quota. */ SUM_SIZE_INT total_downloaded_bytes; -@@ -1182,7 +1186,40 @@ getproxy (struct url *u) +@@ -1266,7 +1270,40 @@ getproxy (struct url *u) break; } if (!proxy || !*proxy) @@ -101,5 +101,15 @@ /* Handle shorthands. `rewritten_storage' is a kludge to allow getproxy() to return static storage. */ - - +Index: wget-1.16/tests/Makefile.am +=================================================================== +--- wget-1.16.orig/tests/Makefile.am 2014-10-29 20:41:40.000000000 +0000 ++++ wget-1.16/tests/Makefile.am 2014-10-29 20:42:18.000000000 +0000 +@@ -33,6 +33,7 @@ + # Version: $(VERSION) + # + ++LIBS += $(libproxy_LIBS) + + ../src/wget$(EXEEXT): + cd ../src && $(MAKE) $(AM_MAKEFLAGS) ++++++ wget.keyring ++++++ Files /var/tmp/diff_new_pack.wezBc2/_old and /var/tmp/diff_new_pack.wezBc2/_new differ -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org