Hello community, here is the log from the commit of package wget.3136 for openSUSE:12.3:Update checked in at 2014-11-10 17:10:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/wget.3136 (Old) and /work/SRC/openSUSE:12.3:Update/.wget.3136.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wget.3136" Changes: -------- New Changes file: --- /dev/null 2014-10-24 22:03:51.036034256 +0200 +++ /work/SRC/openSUSE:12.3:Update/.wget.3136.new/wget.changes 2014-11-10 17:10:39.000000000 +0100 @@ -0,0 +1,689 @@ +------------------------------------------------------------------- +Wed Oct 29 20:37:47 UTC 2014 - andreas.stie...@gmx.de + +- GNU wget 1.16: + This release contains a fix for symlink attack which could allow + a malicious ftp server to create arbitrary files, directories or + symbolic links and set their permissions when retrieving a + directory recursively through FTP. [CVE-2014-4877] [boo#902709] + * No longer create local symbolic links by default + --retr-symlinks=no option restores previous behaviour + * Use libpsl for verifying cookie domains. + * Default progress bar output changed. + * Introduce --show-progress to force display the progress bar. + * Introduce --no-config. The wgetrc files will not be read. + * Introduce --start-pos to allow starting downloads from a specified position. + * Fix a problem with ISA Server Proxy and keep-alive connections. +- refresh wget-libproxy.patch for upstream changes +- make some dependencies only required for testsuite optional + +------------------------------------------------------------------- +Sun Jun 8 07:19:29 UTC 2014 - andreas.stie...@gmx.de + +- Disable the testsuite + +------------------------------------------------------------------- +Tue Jan 21 15:32:00 UTC 2014 - kpet...@suse.com + +- Enabled the testsuite +- Modified libproxy.patch to include Makefile in tests/ + +------------------------------------------------------------------- +Sun Jan 19 22:02:25 UTC 2014 - andreas.stie...@gmx.de + +- GNU wget 1.15 + * Add support for --method. + * Add support for file names longer than MAX_FILE. + * Support FTP listing for the FTP Server on Windows Server 2008 R2. + * Fix a regression when -c and --content-disposition are used together. + * Support shorthand URLs in an input file. + * Fix -c with servers that don't specify a content-length. + * Add support for MD5-SESS + * Do not fail on non fatal GNU TLS alerts during handshake. + * Add support for --https-only. When used wget will follow only + * HTTPS links in recursive mode. + * Support Perfect-Forward Secrecy in --secure-protocol. + * Fix a problem with some IRI links that are not followed when contained in a + * HTML document. + * Support some FTP servers that return an empty list with "LIST -a". + * Specify Host with the HTTP CONNECT method. + * Use the correct HTTP method on a redirection. +- verify source tarball signatures +- modified patches: + * wget-1.14-openssl-no-intern.patch for upstream changes + * wget-fix-pod-syntax.diff for upstream changes + +------------------------------------------------------------------- +Thu Jun 20 13:29:01 UTC 2013 - co...@suse.com + +- add wget-fix-pod-syntax.diff to fix build with perl 5.18 + +------------------------------------------------------------------- +Thu May 2 17:50:50 UTC 2013 - p.drou...@gmail.com + +- Update to version 1.14 + + add support for content-on-error. It allows to store the HTTP + payload on 4xx or 5xx errors. + + add support for WARC files. + + fix a memory leak problem in the GNU TLS backend. + + autoreconf works again for distributed tarballs. + + print some diagnostic messages to stderr not to stdout. + + report stdout close errors. + + accept the --report-speed option. + + enable client certificates when GNU TLS is used. + + add support for TLS Server Name Indication. + + accept the arguments --accept-reject and --reject-regex. + + the GNU TLS backend honors correctly the timeout value. + + add support for RFC 2617 Digest Access Authentication. +- Drop patchs obsoleted by upstream + + wget-sni.patch + + wget-stdio.h.patch +- Rebase patchs to work with upstream + + wget-openssl-no-intern.patch > wget-1.14-openssl-no-intern.patch + + wget-no-ssl-comp.patch > wget-1.14-no-ssl-comp.patch + +------------------------------------------------------------------- +Thu May 2 09:49:33 UTC 2013 - seife+...@b1-systems.com + +- add makeinfo BuildRequires to fix build + +------------------------------------------------------------------- +Fri Apr 5 09:51:58 UTC 2013 - idon...@suse.com + +- Add Source URL, see https://en.opensuse.org/SourceUrls + +------------------------------------------------------------------- +Mon Nov 12 02:04:05 UTC 2012 - crrodrig...@opensuse.org + +- wget-no-ssl-comp.patch: Since the apperance of the "CRIME attack" + (CVE-2012-4929) HTTPS clients must not negotatiate ssl compression. + +------------------------------------------------------------------- +Thu Sep 27 13:46:49 UTC 2012 - crrodrig...@opensuse.org + +- Add wget-openssl-no-intern.patch to Build with OPENSSL_NO_SSL_INTERN, + which is openssl's poor man's version of visibility, to avoid breaking + applications ABI on library internal changes. + +------------------------------------------------------------------- +Fri Jul 27 20:03:31 UTC 2012 - a...@suse.de + +- Fix build with missing gets declaration (glibc 2.16) + +------------------------------------------------------------------- +Wed Mar 21 19:44:53 UTC 2012 - dims...@opensuse.org + +- Adjust wget-libproxy.patch: give debug output only when + opt.debug is set to non-zero values, so when -d is specified. + Fix bnc#753242. + +------------------------------------------------------------------- +Fri Dec 2 15:59:32 UTC 2011 - co...@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Wed Oct 19 09:34:59 UTC 2011 - m...@suse.com + +- New version: 1.13.4: + * Now --timestamping and --continue work well together. + * Return a network failure when FTP downloads fail and + --timestamping is specified. + * Support HTTP/1.1 + * Fix some portability issues. + * Handle properly malformed status line in a HTTP response. + * Ignore zero length domains in $no_proxy. + * Exit with failure if -k is specified and -O is not a regular + file. + * Cope better with unclosed html tags. + * Print diagnostic messages to stderr, not stdout. + * Do not use an additional HEAD request when + --content-disposition is used, but use directly GET. + * Report the average transfer speed correctly when multiple + URLs are specified and -c influences the transferred data + amount. + * By default, on server redirects, use the original URL to get + the local file name. Close CVE-2010-2252. This introduces a + backward-incompatibility; any script that relies on the old + behaviour must use --trust-server-names. + * Fix a problem when -k is used and some URLs are specified + trough CSS. + * Convert correctly URLs that need to be encoded to local files + when following links. + * Use persistent connections with proxies supporting them. + * Print the total download time as part of the summary for + recursive downloads. + * Now it is possible to specify a different startup + configuration file trough the --config option. + * Fix an infinite loop with the error '<filename> has sprung + into existence' on a network error and -nc is used. + * Now --adjust-extension does not modify the file extension if + the file ends in .htm. + * Support HTTP/1.1 307 redirects keep request method. + * Now --no-parent doesn't fetch undesired files if HTTP and + HTTPS are used by the same host on different pages. + * Do not attempt to remove the file if it is not in the accept + rules but it is the output destination file. + * Introduce `show_all_dns_entries' to print all IP addresses + corresponding to a DNS name when it is resolved. +- Adjuct patches to the new version. +- wget-1.12-nosslv2.patch got included upstream. + +------------------------------------------------------------------- +Sat Oct 15 18:19:59 UTC 2011 - crrodrig...@opensuse.org + +- fix typo in sni patch , in the IPV6 case should be + is_valid_ipv6_address() instead of is_valid_ipv4_address() +- Add comment to the patch referencing upstream tracker. + +------------------------------------------------------------------- +Fri Oct 14 05:01:53 UTC 2011 - crrodrig...@opensuse.org + +- Update nosslv2 patch with the version in upstream +- Wget now supports SNI (server name indication), patch + based on a 2 year old fix submitted to upstream list + that somehow fell through the cracks. + +------------------------------------------------------------------- +Sat Apr 9 20:03:18 UTC 2011 - crrodrig...@opensuse.org + +- SSLv2 is being disabled in openSSL, allow painless obsoletion. +- Support IDN. + +------------------------------------------------------------------- +Sun Aug 15 16:37:02 CEST 2010 - dims...@opensuse.org + +- Update to version 1.12: + + SECURITY FIX: It had been possible to trick Wget into accepting ++++ 492 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.wget.3136.new/wget.changes New: ---- wget-1.14-no-ssl-comp.patch wget-1.14-openssl-no-intern.patch wget-1.16.tar.xz wget-1.16.tar.xz.sig wget-fix-pod-syntax.diff wget-libproxy.patch wget.changes wget.keyring wget.spec wgetrc.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wget.spec ++++++ # # spec file for package wget # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %bcond_with regression_tests Name: wget Version: 1.16 Release: 0 Summary: A Tool for Mirroring FTP and HTTP Servers License: GPL-3.0+ Group: Productivity/Networking/Web/Utilities Url: https://www.gnu.org/software/wget/ Source: https://ftp.gnu.org/gnu/wget/%name-%version.tar.xz Source1: https://ftp.gnu.org/gnu/wget/%name-%version.tar.xz.sig Source2: https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=wget&download=1#/wget.keyring Patch0: wgetrc.patch Patch1: wget-libproxy.patch Patch5: wget-1.14-openssl-no-intern.patch Patch6: wget-1.14-no-ssl-comp.patch # PATCH-FIX-OPENSUSE fix pod syntax for perl 5.18 co...@suse.de Patch7: wget-fix-pod-syntax.diff BuildRequires: libpng-devel %if 0%{suse_version} > 1110 BuildRequires: libproxy-devel %endif BuildRequires: automake BuildRequires: libidn-devel BuildRequires: makeinfo BuildRequires: openssl-devel %if %{with regression_tests} # For the Testsuite BuildRequires: perl-HTTP-Daemon BuildRequires: perl-IO-Socket-SSL %endif BuildRequires: pkg-config BuildRequires: xz PreReq: %install_info_prereq BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Wget enables you to retrieve WWW documents or FTP files from a server. This can be done in script files or via the command line. %prep %setup -q %patch0 %if 0%{suse_version} > 1110 %patch1 -p1 %endif %patch5 -p1 %patch6 %patch7 -p1 %build %if 0%{suse_version} > 1110 # only wget-libproxy.patch needs this autoreconf --force %endif %configure --with-ssl=openssl make %{?_smp_mflags} %check %if %{with regression_tests} make -C tests/ check %endif %install %makeinstall %find_lang %{name} %post %install_info --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz %postun %install_info_delete --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz %files -f %{name}.lang %defattr(-,root,root) %doc AUTHORS COPYING NEWS README MAILING-LIST %doc doc/sample.wgetrc util/rmold.pl %{_mandir}/*/wget* %{_infodir}/wget* %config(noreplace) %{_sysconfdir}/wgetrc %{_bindir}/* %changelog ++++++ wget-1.14-no-ssl-comp.patch ++++++ --- src/openssl.c.orig +++ src/openssl.c @@ -241,7 +241,9 @@ /* The OpenSSL library can handle renegotiations automatically, so tell it to do so. */ SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY); - +#ifdef SSL_OP_NO_COMPRESSION + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION); +#endif return true; error: ++++++ wget-1.14-openssl-no-intern.patch ++++++ --- src/openssl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Index: wget-1.15/src/openssl.c =================================================================== --- wget-1.15.orig/src/openssl.c 2014-01-19 21:35:59.000000000 +0000 +++ wget-1.15/src/openssl.c 2014-01-19 21:37:27.000000000 +0000 @@ -29,6 +29,7 @@ Corresponding Source for a non-source fo shall include the source code for the parts of OpenSSL used as well as that of the covered work. */ +#define OPENSSL_NO_SSL_INTERN #include "wget.h" #include <assert.h> @@ -479,7 +480,7 @@ ssl_connect_wget (int fd, const char *ho DEBUGP (("SSL handshake timed out.\n")); goto timeout; } - if (scwt_ctx.result <= 0 || conn->state != SSL_ST_OK) + if (scwt_ctx.result <= 0 || SSL_get_state(conn) != SSL_ST_OK) goto error; ctx = xnew0 (struct openssl_transport_context); ++++++ wget-fix-pod-syntax.diff ++++++ --- doc/texi2pod.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: wget-1.15/doc/texi2pod.pl =================================================================== --- wget-1.15.orig/doc/texi2pod.pl 2014-01-19 21:41:04.000000000 +0000 +++ wget-1.15/doc/texi2pod.pl 2014-01-19 21:41:31.000000000 +0000 @@ -294,7 +294,7 @@ while(<$inf>) { $_ = "\n=item C<$thing>\n"; } else { # Entity escapes prevent munging by the <> processing below. - $_ = "\n=item $ic\<$thing\>\n"; + $_ = "\n=item Z<>$ic\<$thing\>\n"; } } else { $_ = "\n=item $ic\n"; ++++++ wget-libproxy.patch ++++++ --- configure.ac | 16 ++++++++++++++++ src/Makefile.am | 2 +- src/retr.c | 37 +++++++++++++++++++++++++++++++++++++ tests/Makefile.am | 1 + 4 files changed, 55 insertions(+), 1 deletion(-) Index: wget-1.16/configure.ac =================================================================== --- wget-1.16.orig/configure.ac 2014-10-29 20:41:01.000000000 +0000 +++ wget-1.16/configure.ac 2014-10-29 20:41:05.000000000 +0000 @@ -366,6 +366,22 @@ else fi +dnl +dnl libproxy support +dnl +AC_ARG_ENABLE(libproxy, + [ --enable-libproxy libproxy support for system wide proxy configuration]) +if test "${enable_libproxy}" != "no" +then + PKG_CHECK_MODULES([libproxy], [libproxy-1.0], [enable_libproxy=yes], [enable_libproxy=no]) +fi +if test "${enable_libproxy}" = "yes" +then + AC_SUBST(libproxy_CFLAGS) + AC_SUBST(libproxy_LIBS) + AC_DEFINE([HAVE_LIBPROXY], 1, [Define when using libproxy]) +fi + dnl ********************************************************************** dnl Checks for IPv6 dnl ********************************************************************** Index: wget-1.16/src/Makefile.am =================================================================== --- wget-1.16.orig/src/Makefile.am 2014-10-29 20:41:01.000000000 +0000 +++ wget-1.16/src/Makefile.am 2014-10-29 20:41:05.000000000 +0000 @@ -37,7 +37,7 @@ endif # The following line is losing on some versions of make! DEFS += -DSYSTEM_WGETRC=\"$(sysconfdir)/wgetrc\" -DLOCALEDIR=\"$(localedir)\" -LIBS += $(LIBICONV) $(LIBINTL) $(LIB_CLOCK_GETTIME) +LIBS += $(LIBICONV) $(LIBINTL) $(libproxy_LIBS) $(LIB_CLOCK_GETTIME) EXTRA_DIST = css.l css.c css_.c build_info.c.in Index: wget-1.16/src/retr.c =================================================================== --- wget-1.16.orig/src/retr.c 2014-10-29 20:41:01.000000000 +0000 +++ wget-1.16/src/retr.c 2014-10-29 20:41:05.000000000 +0000 @@ -57,6 +57,10 @@ as that of the covered work. */ #include "html-url.h" #include "iri.h" +#ifdef HAVE_LIBPROXY +#include "proxy.h" +#endif + /* Total size of downloaded files. Used to enforce quota. */ SUM_SIZE_INT total_downloaded_bytes; @@ -1266,7 +1270,40 @@ getproxy (struct url *u) break; } if (!proxy || !*proxy) +#ifdef HAVE_LIBPROXY + { + pxProxyFactory *pf = px_proxy_factory_new(); + if (!pf) + { + debug_logprintf (_("Allocating memory for libproxy failed")); + return NULL; + } + int i; + char direct[] = "direct://"; + + debug_logprintf (_("asking libproxy about url '%s'\n"), u->url); + char **proxies = px_proxy_factory_get_proxies(pf, u->url); + if (proxies[0]) + { + char *check = NULL; + asprintf(&check , "%s", proxies[0]); + debug_logprintf (_("libproxy suggest to use '%s'\n"), check); + if(strcmp(check ,direct) != 0) + { + asprintf(&proxy , "%s", proxies[0]); + debug_logprintf (_("case 2: libproxy setting to use '%s'\n"), proxy); + } + } + for(i=0;proxies[i];i++) free(proxies[i]); + free(proxies); + free(pf); + + if (!proxy || !*proxy) + return NULL; + } +#else return NULL; +#endif /* Handle shorthands. `rewritten_storage' is a kludge to allow getproxy() to return static storage. */ Index: wget-1.16/tests/Makefile.am =================================================================== --- wget-1.16.orig/tests/Makefile.am 2014-10-29 20:41:40.000000000 +0000 +++ wget-1.16/tests/Makefile.am 2014-10-29 20:42:18.000000000 +0000 @@ -33,6 +33,7 @@ # Version: $(VERSION) # +LIBS += $(libproxy_LIBS) ../src/wget$(EXEEXT): cd ../src && $(MAKE) $(AM_MAKEFLAGS) ++++++ wgetrc.patch ++++++ Index: doc/sample.wgetrc =================================================================== --- doc/sample.wgetrc.orig +++ doc/sample.wgetrc @@ -114,6 +114,9 @@ # To try ipv6 addresses first: #prefer-family = IPv6 +# +# Let the DNS resolver decide whether to prefer IPv4 or IPv6 +prefer-family = none # Set default IRI support state #iri = off -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
