Hello community, here is the log from the commit of package wget for openSUSE:Factory checked in at 2017-11-03 16:21:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/wget (Old) and /work/SRC/openSUSE:Factory/.wget.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wget" Fri Nov 3 16:21:23 2017 rev:50 rq:537227 version:1.19.2 Changes: -------- --- /work/SRC/openSUSE:Factory/wget/wget.changes 2017-10-25 18:00:51.813841269 +0200 +++ /work/SRC/openSUSE:Factory/.wget.new/wget.changes 2017-11-03 16:21:37.187265122 +0100 @@ -1,0 +2,19 @@ +Fri Oct 27 16:05:55 UTC 2017 - [email protected] + +- GNU wget 1.19.2: + * CVE-2017-13089: Stack overflow in HTTP protocol handling (bsc#1064715) + * CVE-2017-13090: Heap overflow in HTTP protocol handling (bsc#1064716) + * New option --compression for gzip Content-Encoding + * New option --[no]-netrc to control .netrc parsing + * Added GNU extensions to .netrc parsing + * Improved IDNA 2003 compatibility + * Fix VPATH issues + * Improved and extended the test suite + * Support Wayback Machine's X-Archive-Orig-last-modified + * Several bug fixes +- drop upstreamed patches: + * wget-CVE-2017-6508.patch + * wget-416-but-file-not-complete.patch +- unfuzz wget-errno-clobber.patch + +------------------------------------------------------------------- Old: ---- wget-1.19.1.tar.xz wget-1.19.1.tar.xz.sig wget-416-but-file-not-complete.patch wget-CVE-2017-6508.patch New: ---- wget-1.19.2.tar.gz wget-1.19.2.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wget.spec ++++++ --- /var/tmp/diff_new_pack.lu8i3X/_old 2017-11-03 16:21:38.275225525 +0100 +++ /var/tmp/diff_new_pack.lu8i3X/_new 2017-11-03 16:21:38.279225380 +0100 @@ -1,7 +1,7 @@ # # spec file for package wget # -# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,14 +18,14 @@ %bcond_with regression_tests Name: wget -Version: 1.19.1 +Version: 1.19.2 Release: 0 Summary: A Tool for Mirroring FTP and HTTP Servers License: GPL-3.0+ Group: Productivity/Networking/Web/Utilities Url: https://www.gnu.org/software/wget/ -Source: https://ftp.gnu.org/gnu/wget/%{name}-%{version}.tar.xz -Source1: https://ftp.gnu.org/gnu/wget/%{name}-%{version}.tar.xz.sig +Source: https://ftp.gnu.org/gnu/wget/%{name}-%{version}.tar.gz +Source1: https://ftp.gnu.org/gnu/wget/%{name}-%{version}.tar.gz.sig Source2: https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=wget&download=1#/wget.keyring Patch0: wgetrc.patch Patch1: wget-libproxy.patch @@ -33,8 +33,6 @@ # PATCH-FIX-OPENSUSE fix pod syntax for perl 5.18 [email protected] Patch7: wget-fix-pod-syntax.diff Patch8: wget-errno-clobber.patch -Patch9: wget-CVE-2017-6508.patch -Patch10: wget-416-but-file-not-complete.patch BuildRequires: automake BuildRequires: gpgme-devel >= 0.4.2 BuildRequires: libcares-devel @@ -81,8 +79,6 @@ %patch6 %patch7 -p1 %patch8 -p1 -%patch9 -p1 -%patch10 -p1 %build %if 0%{?suse_version} > 1110 ++++++ wget-errno-clobber.patch ++++++ --- /var/tmp/diff_new_pack.lu8i3X/_old 2017-11-03 16:21:38.315224070 +0100 +++ /var/tmp/diff_new_pack.lu8i3X/_new 2017-11-03 16:21:38.319223924 +0100 @@ -1,8 +1,8 @@ -Index: wget-1.18/src/http.c +Index: wget-1.19.2/src/http.c =================================================================== ---- wget-1.18.orig/src/http.c -+++ wget-1.18/src/http.c -@@ -1516,6 +1516,7 @@ persistent_available_p (const char *host +--- wget-1.19.2.orig/src/http.c 2017-10-26 17:30:08.000000000 +0200 ++++ wget-1.19.2/src/http.c 2017-10-27 17:59:48.659093393 +0200 +@@ -1524,6 +1524,7 @@ persistent_available_p (const char *host active, registered connection". */ #define CLOSE_FINISH(fd) do { \ @@ -10,7 +10,7 @@ if (!keep_alive) \ { \ if (pconn_active && (fd) == pconn.socket) \ -@@ -1524,14 +1525,17 @@ persistent_available_p (const char *host +@@ -1532,14 +1533,17 @@ persistent_available_p (const char *host fd_close (fd); \ fd = -1; \ } \ @@ -27,4 +27,4 @@ + errno = errno_sav; \ } while (0) - struct http_stat + typedef enum ++++++ wget.keyring ++++++ Binary files /var/tmp/diff_new_pack.lu8i3X/_old and /var/tmp/diff_new_pack.lu8i3X/_new differ
