Hi,
This is a bugfix release:
"due to some privacy issues in default settings of Wget, we introduce
this bugfix release.
The --xattr option (saving original URL and Referer into extended file
attributes) was introduced and enabled by default since Wget 1.19.
It possibly saved - possibly unrecognized by the user - credentials,
access tokes etc that were included in the requested URL.
We changed three details as a countermeasure, see below in the NEWS section.
With Best Regards, Tim
...
NEWS
* Changes in Wget 1.20.1
** --xattr is no longer default since it introduces privacy issues.
** --xattr saves the Referer as scheme/host/port,
user/pw/path/query/fragment
are no longer saved to prevent privacy issues.
** --xattr saves the Original URL without user/password to prevent
privacy issues."
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
lfs/wget | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/wget b/lfs/wget
index 5ccb0029f..b8c83d10d 100644
--- a/lfs/wget
+++ b/lfs/wget
@@ -24,7 +24,7 @@
include Config
-VER = 1.20
+VER = 1.20.1
THISAPP = wget-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9f1515d083b769e9ff7642ce6016518e
+$(DL_FILE)_MD5 = f6ebe9c7b375fc9832fb1b2028271fb7
install : $(TARGET)
--
2.18.0