From patchwork Fri Dec 28 04:16:35 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matthias Fischer <matthias.fischer@ipfire.org>
X-Patchwork-Id: 2008
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256
	bits)) (Client CN "mail01.ipfire.org",
	Issuer "Let's Encrypt Authority X3" (verified OK))
	by web07.i.ipfire.org (Postfix) with ESMTPS id ABC358ABDCA
	for <patchwork@web07.i.ipfire.org>;
	Thu, 27 Dec 2018 17:16:43 +0000 (GMT)
Received: from mail01.i.ipfire.org (localhost [IPv6:::1])
	by mail01.ipfire.org (Postfix) with ESMTP id B55D8220D083;
	Thu, 27 Dec 2018 17:16:42 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801;
	t=1545931002;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	message-id:message-id:to:to:cc:mime-version:content-type:
	content-transfer-encoding:in-reply-to:references:list-id:
	list-unsubscribe:list-subscribe:list-post;
	bh=FirBlc4Z66BcGShbuFfUf6wPw3QK8jDSennItnHGmzI=;
	b=stFrdA6ecP7dEZoQUvYf0huOcmH+8M2cSVhjWewALou/NIATjYZvrB0I0q1w7ss1FylKXR
	lLgHsQiRTQ+FwyhkeHbtNfZUF6F5xkKXC6Kj66PosapGZe8F12JlGp6HjID+D58LZiOCtO
	3T5vkVw8Qm1uV4ZW4xnJcgJ9DIipNEY2aTIsilW4or3wSEhTOfmcJuFhU4KDc7HyZwGVuq
	EEcOs0Xva6BEPG21Aj4Kxt2lCybk9aWDYyx2hQyJ4FNH49P9NvoVeqjwsOTpfA5H32I4SJ
	DGumwW54mqV0e3ZZpIKnDOupG8CeUeThuk7/Vhtm7WGim3S3+WVgDWH4U8comg==
Received: from Devel.localdomain (p4FF5633E.dip0.t-ipconnect.de
	[79.245.99.62])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (Client did not present a certificate)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4E4A22131705
	for <development@lists.ipfire.org>;
	Thu, 27 Dec 2018 17:16:39 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801;
	t=1545930999;
	h=from:from:sender:reply-to:subject:subject:date:date:
	message-id:message-id:to:to:cc:mime-version:content-type:
	content-transfer-encoding:in-reply-to:references;
	bh=FirBlc4Z66BcGShbuFfUf6wPw3QK8jDSennItnHGmzI=;
	b=RgmkrmStraYYUIvJ3MZXnZiquQlM2TsniCuzwsMEKqvrHhouS/k6iCvM6zeowFVybYXt7D
	KJHFnv2J879+5otVPGGt6JHz/HS4P5VGmgAn4vcqorYdNdP1so7xP8Z5IbAlZDwRGw9RjC
	kGXz77wRiDm0/35OwyZFgKvmbvdfYt9KhSUs/2Qz2bEELUdryzgiB+CCSLpw6s/FC5Bqdy
	KuDYOvCUVdHF64No+b8sCCnp0BjfZN0GCdSPM+c4tLj15iB18xZK0qdbTUD3lqs5R6//ZQ
	QkcDSqab7jXpVfgyIa4D0Ke31NSNxfHHweZuB2vkebVHudw2v2Yu2TstGHTqCw==
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] wget: Update to 1.20.1
Date: Thu, 27 Dec 2018 18:16:35 +0100
Message-Id: <20181227171635.18783-1-matthias.fischer@ipfire.org>
X-Mailer: git-send-email 2.18.0
Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=mfischer
	smtp.mailfrom=matthias.fischer@ipfire.org
X-Spamd-Result: default: False [0.73 / 11.00]; ARC_NA(0.00)[];
	FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
	MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[];
	NEURAL_SPAM(2.83)[0.944,0]; RCPT_COUNT_ONE(0.00)[1];
	DKIM_SIGNED(0.00)[]; MID_CONTAINS_FROM(1.00)[];
	RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+];
	ASN(0.00)[asn:3320, ipnet:79.192.0.0/10, country:DE];
	RCVD_TLS_ALL(0.00)[]; BAYES_HAM(-3.00)[100.00%]
X-Spam-Status: No, score=0.73
X-Rspamd-Server: mail01.i.ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
	<mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <https://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
	<mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Hi,

This is a bugfix release:

"due to some privacy issues in default settings of Wget, we introduce
this bugfix release.

The --xattr option (saving original URL and Referer into extended file
attributes) was introduced and enabled by default since Wget 1.19.
It possibly saved - possibly unrecognized by the user - credentials,
access tokes etc that were included in the requested URL.

We changed three details as a countermeasure, see below in the NEWS section.

With Best Regards, Tim

...

NEWS

* Changes in Wget 1.20.1

** --xattr is no longer default since it introduces privacy issues.

** --xattr saves the Referer as scheme/host/port,
user/pw/path/query/fragment
   are no longer saved to prevent privacy issues.

   ** --xattr saves the Original URL without user/password to prevent
      privacy issues."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
 lfs/wget | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/wget b/lfs/wget
index 5ccb0029f..b8c83d10d 100644
--- a/lfs/wget
+++ b/lfs/wget
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.20
+VER        = 1.20.1
 
 THISAPP    = wget-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 9f1515d083b769e9ff7642ce6016518e
+$(DL_FILE)_MD5 = f6ebe9c7b375fc9832fb1b2028271fb7
 
 install : $(TARGET)