Update to latest upstream version due to CVE-2017-13089 CVE-2017-13090

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2017-10-27 15:01:22 +02:00 · 2017-10-27 15:01:22 +02:00 · 1d92875e38
commit 1d92875e38
parent 9100e0b29c
10 changed files with 72 additions and 628 deletions
--- a/.gitignore
+++ b/.gitignore
@ -11,3 +11,4 @@ wget-1.12.tar.bz2
 /wget-1.18.tar.xz
 /wget-1.19.tar.xz
 /wget-1.19.1.tar.xz
 /wget-1.19.2.tar.gz
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (wget-1.19.1.tar.xz) = 00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5
+SHA512 (wget-1.19.2.tar.gz) = a0f8afcc0767a8fd1acd64b1b1b27d177bc938e70cc3709c1b3faa6c1426ec926642cd8e49d292cec0268ee507683539b5152072110106de5a728a03efd8cedd
--- a/wget-1.17-path.patch
+++ b/wget-1.17-path.patch
@ -1,6 +1,42 @@
-diff -up wget-1.17/doc/sample.wgetrc.munged_for_texi_inclusion.path wget-1.17/doc/sample.wgetrc.munged_for_texi_inclusion
+diff --git a/NEWS b/NEWS
--- wget-1.17/doc/sample.wgetrc.munged_for_texi_inclusion.path	2015-11-15 15:11:06.000000000 +0100
+index 5e01a3c..88c7073 100644
-+++ wget-1.17/doc/sample.wgetrc.munged_for_texi_inclusion	2015-11-27 10:39:14.257380430 +0100
+--- a/NEWS
 +++ b/NEWS
@@ -893,7 +893,7 @@ distributed with Wget.
 ** Compiles on pre-ANSI compilers.
 -** Global wgetrc now goes to /usr/local/etc (i.e. $sysconfdir).
 +** Global wgetrc now goes to /etc (i.e. $sysconfdir).
 ** Lots of bugfixes.
@@ -956,7 +956,7 @@ Emacs, standalone info, or converted to HTML, dvi or postscript.
 ** Fixed a long-standing bug, so that Wget now works over SLIP
 connections.
 -** You can have a system-wide wgetrc (/usr/local/lib/wgetrc by
 +** You can have a system-wide wgetrc (/etc/wgetrc by
 default). Settings in $HOME/.wgetrc override the global ones, of
 course :-)
 diff --git a/README b/README
 index 61cb2aa..6c9b2fa 100644
 --- a/README
 +++ b/README
@@ -33,7 +33,7 @@ for socks.
 Most of the features are configurable, either through command-line
 options, or via initialization file .wgetrc.  Wget allows you to
 -install a global startup file (/usr/local/etc/wgetrc by default) for
 +install a global startup file (/etc/wgetrc by default) for
 site settings.
 Wget works under almost all Unix variants in use today and, unlike
 diff --git a/doc/sample.wgetrc b/doc/sample.wgetrc
 index c0d0779..9a73ada 100644
 --- a/doc/sample.wgetrc
 +++ b/doc/sample.wgetrc
@@ -10,7 +10,7 @@
 ## Or online here:
 ##   https://www.gnu.org/software/wget/manual/wget.html#Startup-File
@ -19,9 +55,10 @@ diff -up wget-1.17/doc/sample.wgetrc.munged_for_texi_inclusion.path wget-1.17/do
 ## Think well before you change them, since they may reduce wget's
 ## functionality, and make it behave contrary to the documentation:
 ##
-diff -up wget-1.17/doc/sample.wgetrc.path wget-1.17/doc/sample.wgetrc
+diff --git a/doc/sample.wgetrc.munged_for_texi_inclusion b/doc/sample.wgetrc.munged_for_texi_inclusion
--- wget-1.17/doc/sample.wgetrc.path	2015-11-09 16:24:06.000000000 +0100
+index 3c7f2f4..521ef16 100644
-+++ wget-1.17/doc/sample.wgetrc	2015-11-27 10:39:14.257380430 +0100
+--- a/doc/sample.wgetrc.munged_for_texi_inclusion
 +++ b/doc/sample.wgetrc.munged_for_texi_inclusion
@@ -10,7 +10,7 @@
 ## Or online here:
 ##   https://www.gnu.org/software/wget/manual/wget.html#Startup-File
@ -40,9 +77,10 @@ diff -up wget-1.17/doc/sample.wgetrc.path wget-1.17/doc/sample.wgetrc
 ## Think well before you change them, since they may reduce wget's
 ## functionality, and make it behave contrary to the documentation:
 ##
-diff -up wget-1.17/doc/wget.info.path wget-1.17/doc/wget.info
+diff --git a/doc/wget.info b/doc/wget.info
--- wget-1.17/doc/wget.info.path	2015-11-15 15:11:08.000000000 +0100
+index 985b614..3e9b771 100644
-+++ wget-1.17/doc/wget.info	2015-11-27 10:45:42.131452410 +0100
+--- a/doc/wget.info
 +++ b/doc/wget.info
@@ -113,7 +113,7 @@ retrieval through HTTP proxies.
    • Most of the features are fully configurable, either through command
      line options, or via the initialization file ‘.wgetrc’ (*note
@ -50,9 +88,9 @@ diff -up wget-1.17/doc/wget.info.path wget-1.17/doc/wget.info
 -     (‘/usr/local/etc/wgetrc’ by default) for site settings.  You can
 +     (‘/etc/wgetrc’ by default) for site settings.  You can
      also specify the location of a startup file with the –config
-      option.
+      option.  To disable the reading of config files, use –no-config.
- 
+      If both –config and –no-config are given, –no-config is ignored.
-@@ -2712,8 +2712,8 @@ File: wget.info,  Node: Wgetrc Location,
+@@ -2814,8 +2814,8 @@ File: wget.info,  Node: Wgetrc Location,  Next: Wgetrc Syntax,  Prev: Startup Fi
 ===================
 When initializing, Wget will look for a “global” startup file,
@ -63,7 +101,7 @@ diff -up wget-1.17/doc/wget.info.path wget-1.17/doc/wget.info
 there, if it exists.
    Then it will look for the user’s file.  If the environmental variable
-@@ -2724,7 +2724,7 @@ further attempts will be made.
+@@ -2826,7 +2826,7 @@ further attempts will be made.
    The fact that user’s settings are loaded after the system-wide ones
 means that in case of collision user’s wgetrc _overrides_ the
@ -72,7 +110,7 @@ diff -up wget-1.17/doc/wget.info.path wget-1.17/doc/wget.info
 admins, away!
-@@ -3261,7 +3261,7 @@ its line.
+@@ -3369,7 +3369,7 @@ its line.
      ## Or online here:
      ##   https://www.gnu.org/software/wget/manual/wget.html#Startup-File
      ##
@ -81,7 +119,7 @@ diff -up wget-1.17/doc/wget.info.path wget-1.17/doc/wget.info
      ## (global, for all users) or $HOME/.wgetrc (for a single user).
      ##
      ## To use the settings in this file, you will have to uncomment them,
-@@ -3273,7 +3273,7 @@ its line.
+@@ -3381,7 +3381,7 @@ its line.
      ##
@ -90,18 +128,20 @@ diff -up wget-1.17/doc/wget.info.path wget-1.17/doc/wget.info
      ## Think well before you change them, since they may reduce wget's
      ## functionality, and make it behave contrary to the documentation:
      ##
-diff -up wget-1.17/doc/wget.texi.path wget-1.17/doc/wget.texi
+diff --git a/doc/wget.texi b/doc/wget.texi
--- wget-1.17/doc/wget.texi.path	2015-11-09 16:24:17.000000000 +0100
+index 31aef52..cffdced 100644
-+++ wget-1.17/doc/wget.texi	2015-11-27 10:39:14.259380425 +0100
+--- a/doc/wget.texi
-@@ -191,14 +191,14 @@ gauge can be customized to your preferen
+++ b/doc/wget.texi
@@ -191,7 +191,7 @@ gauge can be customized to your preferences.
 Most of the features are fully configurable, either through command line
 options, or via the initialization file @file{.wgetrc} (@pxref{Startup
 File}).  Wget allows you to define @dfn{global} startup files
 -(@file{/usr/local/etc/wgetrc} by default) for site settings. You can also
 +(@file{/etc/wgetrc} by default) for site settings. You can also
 specify the location of a startup file with the --config option.
-  
+ To disable the reading of config files, use --no-config.
- 
+ If both --config and --no-config are given, --no-config is ignored.
@@ -200,7 +200,7 @@ If both --config and --no-config are given, --no-config is ignored.
 @ignore
 @c man begin FILES
 @table @samp
@ -110,7 +150,7 @@ diff -up wget-1.17/doc/wget.texi.path wget-1.17/doc/wget.texi
 Default location of the @dfn{global} startup file.
 @item .wgetrc
-@@ -3030,8 +3030,8 @@ commands.
+@@ -3143,8 +3143,8 @@ commands.
 @cindex location of wgetrc
 When initializing, Wget will look for a @dfn{global} startup file,
@ -121,7 +161,7 @@ diff -up wget-1.17/doc/wget.texi.path wget-1.17/doc/wget.texi
 from there, if it exists.
 Then it will look for the user's file.  If the environmental variable
-@@ -3042,7 +3042,7 @@ If @code{WGETRC} is not set, Wget will t
+@@ -3155,7 +3155,7 @@ If @code{WGETRC} is not set, Wget will try to load @file{$HOME/.wgetrc}.
 The fact that user's settings are loaded after the system-wide ones
 means that in case of collision user's wgetrc @emph{overrides} the
@ -130,36 +170,3 @@ diff -up wget-1.17/doc/wget.texi.path wget-1.17/doc/wget.texi
 Fascist admins, away!
 @node Wgetrc Syntax, Wgetrc Commands, Wgetrc Location, Startup File
 diff -up wget-1.17/NEWS.path wget-1.17/NEWS
 --- wget-1.17/NEWS.path	2015-11-15 15:14:50.000000000 +0100
 +++ wget-1.17/NEWS	2015-11-27 10:39:14.259380425 +0100
@@ -782,7 +782,7 @@ distributed with Wget.
 ** Compiles on pre-ANSI compilers.
 -** Global wgetrc now goes to /usr/local/etc (i.e. $sysconfdir).
 +** Global wgetrc now goes to /etc (i.e. $sysconfdir).
 ** Lots of bugfixes.
@@ -845,7 +845,7 @@ Emacs, standalone info, or converted to
 ** Fixed a long-standing bug, so that Wget now works over SLIP
 connections.
 -** You can have a system-wide wgetrc (/usr/local/lib/wgetrc by
 +** You can have a system-wide wgetrc (/etc/wgetrc by
 default). Settings in $HOME/.wgetrc override the global ones, of
 course :-)
 diff -up wget-1.17/README.path wget-1.17/README
 --- wget-1.17/README.path	2015-11-09 16:24:06.000000000 +0100
 +++ wget-1.17/README	2015-11-27 10:39:14.259380425 +0100
@@ -33,7 +33,7 @@ for socks.
 Most of the features are configurable, either through command-line
 options, or via initialization file .wgetrc.  Wget allows you to
 -install a global startup file (/usr/local/etc/wgetrc by default) for
 +install a global startup file (/etc/wgetrc by default) for
 site settings.
 Wget works under almost all Unix variants in use today and, unlike
--- a/wget-1.19.1-Add-command-line-option-to-disable-use-of-.netrc.patch
+++ b/wget-1.19.1-Add-command-line-option-to-disable-use-of-.netrc.patch
@ -1,139 +0,0 @@
 From 876def8ebe56d483921cf645371d277b615373e5 Mon Sep 17 00:00:00 2001
 From: Tomas Hozza <thozza@redhat.com>
 Date: Fri, 12 May 2017 19:17:32 +0200
 Subject: [PATCH 3/4] Add command line option to disable use of .netrc
 Although internally code uses option for (not) reading .netrc for
 credentials, it was not possible to turn this behavior off on command
 line. Note that it was possible to turn it off using wgetrc.
 Idea for this change came from Bruce Jerrick (bmj001@gmail.com).
 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1425097
 Signed-off-by: Tomas Hozza <thozza@redhat.com>
 ---
 doc/wget.texi                            |  6 ++++
 src/main.c                               |  3 ++
 testenv/Makefile.am                      |  1 +
 testenv/Test-auth-basic-no-netrc-fail.py | 59 ++++++++++++++++++++++++++++++++
 4 files changed, 69 insertions(+)
 create mode 100755 testenv/Test-auth-basic-no-netrc-fail.py
 diff --git a/doc/wget.texi b/doc/wget.texi
 index a2bf9dc..e4e0bf6 100644
 --- a/doc/wget.texi
 +++ b/doc/wget.texi
@@ -703,6 +703,12 @@ Before (over)writing a file, back up an existing file by adding a
 files are rotated to @samp{.2}, @samp{.3}, and so on, up to
 @var{backups} (and lost beyond that).
 +@cindex authentication credentials
 +@item --no-netrc
 +Do not try to obtain credentials from @file{.netrc} file. By default
 +@file{.netrc} file is searched for credentials in case none have been
 +passed on command line and authentication is required.
 +
 @cindex continue retrieval
 @cindex incomplete downloads
 @cindex resume download
 diff --git a/src/main.c b/src/main.c
 index 8e9d6e9..297499e 100644
 --- a/src/main.c
 +++ b/src/main.c
@@ -359,6 +359,7 @@ static struct cmdline_option option_data[] =
 #endif
     { "method", 0, OPT_VALUE, "method", -1 },
     { "mirror", 'm', OPT_BOOLEAN, "mirror", -1 },
 +    { "netrc", 0, OPT_BOOLEAN, "netrc", -1 },
     { "no", 'n', OPT__NO, NULL, required_argument },
     { "no-clobber", 0, OPT_BOOLEAN, "noclobber", -1 },
     { "no-config", 0, OPT_BOOLEAN, "noconfig", -1},
@@ -629,6 +630,8 @@ Download:\n"),
   -nc, --no-clobber                skip downloads that would download to\n\
                                      existing files (overwriting them)\n"),
     N_("\
 +       --no-netrc                  don't try to obtain credentials from .netrc\n"),
 +    N_("\
   -c,  --continue                  resume getting a partially-downloaded file\n"),
     N_("\
        --start-pos=OFFSET          start downloading from zero-based position OFFSET\n"),
 diff --git a/testenv/Makefile.am b/testenv/Makefile.am
 index 7104314..ef4158a 100644
 --- a/testenv/Makefile.am
 +++ b/testenv/Makefile.am
@@ -78,6 +78,7 @@ if HAVE_PYTHON3
     Test-auth-basic-netrc.py                        \
     Test-auth-basic-netrc-user-given.py             \
     Test-auth-basic-netrc-pass-given.py             \
 +    Test-auth-basic-no-netrc-fail.py                \
     Test-auth-both.py                               \
     Test-auth-digest.py                             \
     Test-auth-no-challenge.py                       \
 diff --git a/testenv/Test-auth-basic-no-netrc-fail.py b/testenv/Test-auth-basic-no-netrc-fail.py
 new file mode 100755
 index 0000000..fad15e9
 --- /dev/null
 +++ b/testenv/Test-auth-basic-no-netrc-fail.py
@@ -0,0 +1,59 @@
 +#!/usr/bin/env python3
 +from sys import exit
 +from test.http_test import HTTPTest
 +from misc.wget_file import WgetFile
 +
 +"""
 +    This test ensures that Wget will not use credentials from .netrc
 +    when --no-netrc option is specified and Basic authentication is required
 +    and fails.
 +"""
 +############# File Definitions ###############################################
 +File1 = "I am an invisble man."
 +
 +User = "Sauron"
 +Password = "TheEye"
 +
 +File1_rules = {
 +    "Authentication"    : {
 +        "Type"          : "Basic",
 +        "User"          : User,
 +        "Pass"          : Password
 +    }
 +}
 +
 +Netrc = "machine 127.0.0.1\n\tlogin {0}\n\tpassword {1}".format(User, Password)
 +
 +A_File = WgetFile ("File1", File1, rules=File1_rules)
 +Netrc_File = WgetFile (".netrc", Netrc)
 +
 +WGET_OPTIONS = "--no-netrc"
 +WGET_URLS = [["File1"]]
 +
 +Files = [[A_File]]
 +LocalFiles = [Netrc_File]
 +
 +ExpectedReturnCode = 6
 +ExpectedDownloadedFiles = [Netrc_File]
 +
 +################ Pre and Post Test Hooks #####################################
 +pre_test = {
 +    "ServerFiles"       : Files,
 +    "LocalFiles"        : LocalFiles
 +}
 +test_options = {
 +    "WgetCommands"      : WGET_OPTIONS,
 +    "Urls"              : WGET_URLS
 +}
 +post_test = {
 +    "ExpectedFiles"     : ExpectedDownloadedFiles,
 +    "ExpectedRetcode"   : ExpectedReturnCode
 +}
 +
 +err = HTTPTest (
 +                pre_hook=pre_test,
 +                test_params=test_options,
 +                post_hook=post_test
 +).begin ()
 +
 +exit (err)
 -- 
 2.7.5
--- a/wget-1.19.1-Added-tests-for-HTTP-authentication-using-credential.patch
+++ b/wget-1.19.1-Added-tests-for-HTTP-authentication-using-credential.patch
@ -1,275 +0,0 @@
 From 17960b57d51ffb19b2b20df3e53da42c555f022c Mon Sep 17 00:00:00 2001
 From: Tomas Hozza <thozza@redhat.com>
 Date: Fri, 12 May 2017 19:17:30 +0200
 Subject: [PATCH 1/4] Added tests for HTTP authentication using credentials
 from .netrc
 Getting credentials from .netrc has been broken from time to time, thus
 adding a test coverage to prevent regressions.
 Also added setting of "HOME" environment variable when executing wget,
 to make sure LocalFiles like .netrc, which are created just for the
 test, are actually used.
 Signed-off-by: Tomas Hozza <thozza@redhat.com>
 ---
 testenv/Makefile.am                         |  3 ++
 testenv/Test-auth-basic-netrc-pass-given.py | 68 +++++++++++++++++++++++++++++
 testenv/Test-auth-basic-netrc-user-given.py | 68 +++++++++++++++++++++++++++++
 testenv/Test-auth-basic-netrc.py            | 66 ++++++++++++++++++++++++++++
 testenv/test/base_test.py                   |  2 +-
 5 files changed, 206 insertions(+), 1 deletion(-)
 create mode 100755 testenv/Test-auth-basic-netrc-pass-given.py
 create mode 100755 testenv/Test-auth-basic-netrc-user-given.py
 create mode 100755 testenv/Test-auth-basic-netrc.py
 diff --git a/testenv/Makefile.am b/testenv/Makefile.am
 index 3febec7..7104314 100644
 --- a/testenv/Makefile.am
 +++ b/testenv/Makefile.am
@@ -75,6 +75,9 @@ if HAVE_PYTHON3
   TESTS = Test-504.py                               \
     Test-auth-basic-fail.py                         \
     Test-auth-basic.py                              \
 +    Test-auth-basic-netrc.py                        \
 +    Test-auth-basic-netrc-user-given.py             \
 +    Test-auth-basic-netrc-pass-given.py             \
     Test-auth-both.py                               \
     Test-auth-digest.py                             \
     Test-auth-no-challenge.py                       \
 diff --git a/testenv/Test-auth-basic-netrc-pass-given.py b/testenv/Test-auth-basic-netrc-pass-given.py
 new file mode 100755
 index 0000000..43dfe34
 --- /dev/null
 +++ b/testenv/Test-auth-basic-netrc-pass-given.py
@@ -0,0 +1,68 @@
 +#!/usr/bin/env python3
 +from sys import exit
 +from test.http_test import HTTPTest
 +from misc.wget_file import WgetFile
 +
 +"""
 +    This test ensures Wget uses credentials from .netrc for Basic Authorization Negotiation.
 +    In this case we test that .netrc credentials are used in case only
 +    password is given on the command line.
 +    Also, we ensure that Wget saves the host after a successful auth and
 +    doesn't wait for a challenge the second time.
 +"""
 +############# File Definitions ###############################################
 +File1 = "I am an invisble man."
 +File2 = "I too am an invisible man."
 +
 +User = "Sauron"
 +Password = "TheEye"
 +
 +File1_rules = {
 +    "Authentication"    : {
 +        "Type"          : "Basic",
 +        "User"          : User,
 +        "Pass"          : Password
 +    }
 +}
 +File2_rules = {
 +    "ExpectHeader"      : {
 +        "Authorization" : "Basic U2F1cm9uOlRoZUV5ZQ=="
 +    }
 +}
 +
 +Netrc = "machine 127.0.0.1\n\tlogin {0}".format(User)
 +
 +A_File = WgetFile ("File1", File1, rules=File1_rules)
 +B_File = WgetFile ("File2", File2, rules=File2_rules)
 +Netrc_File = WgetFile (".netrc", Netrc)
 +
 +WGET_OPTIONS = "--password={0}".format(Password)
 +WGET_URLS = [["File1", "File2"]]
 +
 +Files = [[A_File, B_File]]
 +LocalFiles = [Netrc_File]
 +
 +ExpectedReturnCode = 0
 +ExpectedDownloadedFiles = [A_File, B_File, Netrc_File]
 +
 +################ Pre and Post Test Hooks #####################################
 +pre_test = {
 +    "ServerFiles"       : Files,
 +    "LocalFiles"        : LocalFiles
 +}
 +test_options = {
 +    "WgetCommands"      : WGET_OPTIONS,
 +    "Urls"              : WGET_URLS
 +}
 +post_test = {
 +    "ExpectedFiles"     : ExpectedDownloadedFiles,
 +    "ExpectedRetcode"   : ExpectedReturnCode
 +}
 +
 +err = HTTPTest (
 +                pre_hook=pre_test,
 +                test_params=test_options,
 +                post_hook=post_test
 +).begin ()
 +
 +exit (err)
 diff --git a/testenv/Test-auth-basic-netrc-user-given.py b/testenv/Test-auth-basic-netrc-user-given.py
 new file mode 100755
 index 0000000..57b6148
 --- /dev/null
 +++ b/testenv/Test-auth-basic-netrc-user-given.py
@@ -0,0 +1,68 @@
 +#!/usr/bin/env python3
 +from sys import exit
 +from test.http_test import HTTPTest
 +from misc.wget_file import WgetFile
 +
 +"""
 +    This test ensures Wget uses credentials from .netrc for Basic Authorization Negotiation.
 +    In this case we test that .netrc credentials are used in case only
 +    user login is given on the command line.
 +    Also, we ensure that Wget saves the host after a successful auth and
 +    doesn't wait for a challenge the second time.
 +"""
 +############# File Definitions ###############################################
 +File1 = "I am an invisble man."
 +File2 = "I too am an invisible man."
 +
 +User = "Sauron"
 +Password = "TheEye"
 +
 +File1_rules = {
 +    "Authentication"    : {
 +        "Type"          : "Basic",
 +        "User"          : User,
 +        "Pass"          : Password
 +    }
 +}
 +File2_rules = {
 +    "ExpectHeader"      : {
 +        "Authorization" : "Basic U2F1cm9uOlRoZUV5ZQ=="
 +    }
 +}
 +
 +Netrc = "machine 127.0.0.1\n\tlogin {0}\n\tpassword {1}".format(User, Password)
 +
 +A_File = WgetFile ("File1", File1, rules=File1_rules)
 +B_File = WgetFile ("File2", File2, rules=File2_rules)
 +Netrc_File = WgetFile (".netrc", Netrc)
 +
 +WGET_OPTIONS = "--user={0}".format(User)
 +WGET_URLS = [["File1", "File2"]]
 +
 +Files = [[A_File, B_File]]
 +LocalFiles = [Netrc_File]
 +
 +ExpectedReturnCode = 0
 +ExpectedDownloadedFiles = [A_File, B_File, Netrc_File]
 +
 +################ Pre and Post Test Hooks #####################################
 +pre_test = {
 +    "ServerFiles"       : Files,
 +    "LocalFiles"        : LocalFiles
 +}
 +test_options = {
 +    "WgetCommands"      : WGET_OPTIONS,
 +    "Urls"              : WGET_URLS
 +}
 +post_test = {
 +    "ExpectedFiles"     : ExpectedDownloadedFiles,
 +    "ExpectedRetcode"   : ExpectedReturnCode
 +}
 +
 +err = HTTPTest (
 +                pre_hook=pre_test,
 +                test_params=test_options,
 +                post_hook=post_test
 +).begin ()
 +
 +exit (err)
 diff --git a/testenv/Test-auth-basic-netrc.py b/testenv/Test-auth-basic-netrc.py
 new file mode 100755
 index 0000000..5710fe7
 --- /dev/null
 +++ b/testenv/Test-auth-basic-netrc.py
@@ -0,0 +1,66 @@
 +#!/usr/bin/env python3
 +from sys import exit
 +from test.http_test import HTTPTest
 +from misc.wget_file import WgetFile
 +
 +"""
 +    This test ensures Wget uses credentials from .netrc for Basic Authorization Negotiation.
 +    In this case we test that .netrc credentials are used in case no user
 +    login and no password is given on the command line.
 +    Also, we ensure that Wget saves the host after a successful auth and
 +    doesn't wait for a challenge the second time.
 +"""
 +############# File Definitions ###############################################
 +File1 = "I am an invisble man."
 +File2 = "I too am an invisible man."
 +
 +User = "Sauron"
 +Password = "TheEye"
 +
 +File1_rules = {
 +    "Authentication"    : {
 +        "Type"          : "Basic",
 +        "User"          : User,
 +        "Pass"          : Password
 +    }
 +}
 +File2_rules = {
 +    "ExpectHeader"      : {
 +        "Authorization" : "Basic U2F1cm9uOlRoZUV5ZQ=="
 +    }
 +}
 +
 +Netrc = "machine 127.0.0.1\n\tlogin {0}\n\tpassword {1}".format(User, Password)
 +
 +A_File = WgetFile ("File1", File1, rules=File1_rules)
 +B_File = WgetFile ("File2", File2, rules=File2_rules)
 +Netrc_File = WgetFile (".netrc", Netrc)
 +
 +WGET_URLS = [["File1", "File2"]]
 +
 +Files = [[A_File, B_File]]
 +LocalFiles = [Netrc_File]
 +
 +ExpectedReturnCode = 0
 +ExpectedDownloadedFiles = [A_File, B_File, Netrc_File]
 +
 +################ Pre and Post Test Hooks #####################################
 +pre_test = {
 +    "ServerFiles"       : Files,
 +    "LocalFiles"        : LocalFiles
 +}
 +test_options = {
 +    "Urls"              : WGET_URLS
 +}
 +post_test = {
 +    "ExpectedFiles"     : ExpectedDownloadedFiles,
 +    "ExpectedRetcode"   : ExpectedReturnCode
 +}
 +
 +err = HTTPTest (
 +                pre_hook=pre_test,
 +                test_params=test_options,
 +                post_hook=post_test
 +).begin ()
 +
 +exit (err)
 diff --git a/testenv/test/base_test.py b/testenv/test/base_test.py
 index b0087e9..bb706d8 100644
 --- a/testenv/test/base_test.py
 +++ b/testenv/test/base_test.py
@@ -102,7 +102,7 @@ class BaseTest:
             time.sleep(float(os.getenv("SERVER_WAIT")))
         try:
 -            ret_code = call(params)
 +            ret_code = call(params, env={"HOME": os.getcwd()})
         except FileNotFoundError:
             raise TestFailed("The Wget Executable does not exist at the "
                              "expected path.")
 -- 
 2.7.5
--- a/wget-1.19.1-CVE-2017-6508.patch
+++ b/wget-1.19.1-CVE-2017-6508.patch
@ -1,37 +0,0 @@
 From 4d729e322fae359a1aefaafec1144764a54e8ad4 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
 Date: Mon, 6 Mar 2017 10:04:22 +0100
 Subject: [PATCH] Fix CRLF injection in Wget host part
 * src/url.c (url_parse): Reject control characters in host part of URL
 Reported-by: Orange Tsai
 ---
 src/url.c | 11 +++++++++++
 1 file changed, 11 insertions(+)
 diff --git a/src/url.c b/src/url.c
 index 8f8ff0b..7d36b27 100644
 --- a/src/url.c
 +++ b/src/url.c
@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode)
       url_unescape (u->host);
       host_modified = true;
 +      /* check for invalid control characters in host name */
 +      for (p = u->host; *p; p++)
 +        {
 +          if (c_iscntrl(*p))
 +            {
 +              url_free(u);
 +              error_code = PE_INVALID_HOST_NAME;
 +              goto error;
 +            }
 +        }
 +
       /* Apply IDNA regardless of iri->utf8_encode status */
       if (opt.enable_iri && iri)
         {
 -- 
 2.7.4
--- a/wget-1.19.1-Fix-two-Metalink-tests-if-HOME-is-changed.patch
+++ b/wget-1.19.1-Fix-two-Metalink-tests-if-HOME-is-changed.patch
@ -1,30 +0,0 @@
 From 5d4ada1b7b0b79f8053f3d6ffddda2e2c66d9dce Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
 Date: Tue, 16 May 2017 10:24:52 +0200
 Subject: [PATCH 4/4] Fix two Metalink tests if $HOME is changed
 * conf/expected_files.py (gen_local_fs_snapshot): Skip processing
  of 'pubring.kbx'
 ---
 testenv/conf/expected_files.py | 5 +++++
 1 file changed, 5 insertions(+)
 diff --git a/testenv/conf/expected_files.py b/testenv/conf/expected_files.py
 index 5362771..4e3ace9 100644
 --- a/testenv/conf/expected_files.py
 +++ b/testenv/conf/expected_files.py
@@ -24,6 +24,11 @@ class ExpectedFiles:
         snapshot = {}
         for parent, dirs, files in os.walk('.'):
             for name in files:
 +                # pubring.kbx will be created by libgpgme if $HOME doesn't contain the .gnupg directory.
 +					 # setting $HOME to CWD (in base_test.py) breaks two Metalink tests, so we skip this file here.
 +                if name == 'pubring.kbx':
 +                    continue
 +
                 f = {'content': ''}
                 file_path = os.path.join(parent, name)
                 with open(file_path) as fp:
 -- 
 2.7.5
--- a/wget-1.19.1-Fixed-getting-of-credentials-from-.netrc.patch
+++ b/wget-1.19.1-Fixed-getting-of-credentials-from-.netrc.patch
@ -1,38 +0,0 @@
 From f8c3df1f40f09dd61078436614d06e7ad818536e Mon Sep 17 00:00:00 2001
 From: Tomas Hozza <thozza@redhat.com>
 Date: Fri, 12 May 2017 19:17:31 +0200
 Subject: [PATCH 2/4] Fixed getting of credentials from .netrc
 There seemed to be a copy&paste error in http.c code, which decides
 whether to get credentials from .netrc. In ftp.c "user" and "pass"
 variables are char*, while in http.c, these are char**. For this reason
 they should be dereferenced when determining if password and user login
 is set to some value.
 Also since both variables are dereferenced on lines above the changed
 code, it does not really make sense to check if they are NULL.
 This patch is based on fix from Bruce Jerrick <bmj001@gmail.com>.
 Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=1425097
 Signed-off-by: Tomas Hozza <thozza@redhat.com>
 ---
 src/http.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/http.c b/src/http.c
 index 8b77a10..323f559 100644
 --- a/src/http.c
 +++ b/src/http.c
@@ -1900,7 +1900,7 @@ initialize_request (const struct url *u, struct http_stat *hs, int *dt, struct u
     *passwd = NULL;
   /* Check for ~/.netrc if none of the above match */
 -  if (opt.netrc && (!user || (!passwd || !*passwd)))
 +  if (opt.netrc && (!*user || !*passwd))
     search_netrc (u->host, (const char **) user, (const char **) passwd, 0);
   /* We only do "site-wide" authentication with "global" user/password
 -- 
 2.7.5
--- a/wget-1.19.1-skip-failing-https-tests.patch
+++ b/wget-1.19.1-skip-failing-https-tests.patch
@ -1,21 +0,0 @@
 diff --git a/testenv/Makefile.am b/testenv/Makefile.am
 index ef4158a..a534e77 100644
 --- a/testenv/Makefile.am
 +++ b/testenv/Makefile.am
@@ -96,16 +96,12 @@ if HAVE_PYTHON3
     Test-cookie.py                                  \
     Test-Head.py                                    \
     Test-hsts.py                                    \
 -    Test--https.py                                  \
     Test--https-crl.py                              \
     Test-missing-scheme-retval.py                   \
     Test-O.py                                       \
 -    Test-pinnedpubkey-der-https.py                  \
     Test-pinnedpubkey-der-no-check-https.py         \
 -    Test-pinnedpubkey-hash-https.py                 \
     Test-pinnedpubkey-hash-no-check-fail-https.py   \
     Test-pinnedpubkey-pem-fail-https.py             \
 -    Test-pinnedpubkey-pem-https.py                  \
     Test-Post.py                                    \
     Test-recursive-basic.py                         \
     Test-recursive-include.py                       \
--- a/wget.spec
+++ b/wget.spec
@ -1,27 +1,13 @@
 Summary: A utility for retrieving files using the HTTP or FTP protocols
 Name: wget
-Version: 1.19.1
+Version: 1.19.2
-Release: 6%{?dist}
+Release: 1%{?dist}
 License: GPLv3+
 Group: Applications/Internet
 Url: http://www.gnu.org/software/wget/
-Source: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.xz
+Source: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.gz
 Patch1: wget-1.17-path.patch
 # http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
 Patch2: wget-1.19.1-CVE-2017-6508.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1425097
 # 4 upstream commits total
 # http://git.savannah.gnu.org/cgit/wget.git/commit/?id=17960b57d51ffb19b2b20df3e53da42c555f022c
 Patch3: wget-1.19.1-Added-tests-for-HTTP-authentication-using-credential.patch
 # http://git.savannah.gnu.org/cgit/wget.git/commit/?id=f8c3df1f40f09dd61078436614d06e7ad818536e
 Patch4: wget-1.19.1-Fixed-getting-of-credentials-from-.netrc.patch
 # http://git.savannah.gnu.org/cgit/wget.git/commit/?id=876def8ebe56d483921cf645371d277b615373e5
 patch5: wget-1.19.1-Add-command-line-option-to-disable-use-of-.netrc.patch
 # http://git.savannah.gnu.org/cgit/wget.git/commit/?id=5d4ada1b7b0b79f8053f3d6ffddda2e2c66d9dce
 Patch6: wget-1.19.1-Fix-two-Metalink-tests-if-HOME-is-changed.patch
 # http://lists.gnu.org/archive/html/bug-wget/2017-06/msg00009.html
 Patch7: wget-1.19.1-skip-failing-https-tests.patch
 Provides: webclient
 Provides: bundled(gnulib) 
@ -29,10 +15,7 @@ Requires(post): /sbin/install-info
 Requires(preun): /sbin/install-info
 # needed for test suite
 BuildRequires: perl-HTTP-Daemon, python3
-BuildRequires: gnutls-devel, pkgconfig, texinfo, gettext, autoconf, libidn2-devel, libuuid-devel, perl-podlators, libpsl-devel, libmetalink-devel
+BuildRequires: gnutls-devel, pkgconfig, texinfo, gettext, autoconf, libidn2-devel, libuuid-devel, perl-podlators, libpsl-devel, libmetalink-devel, gpgme-devel
 # needed because of added test in Patch3. Need to remove this after rebase
 BuildRequires: automake
 BuildRequires: gpgme-devel
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 %description
@ -52,18 +35,8 @@ sed -i "s|\(PACKAGE_STRING='wget .*\)'|\1 (Red Hat modified)'|" configure
 grep "PACKAGE_STRING='wget .* (Red Hat modified)'" configure || exit 1
 %patch1 -p1 -b .path
 %patch2 -p1 -b .CVE-2017-6508
 %patch3 -p1 -b .netrc_1
 %patch4 -p1 -b .netrc_2
 %patch5 -p1 -b .netrc_3
 %patch6 -p1 -b .netrc_4
 %patch7 -p1 -b .failing-tests
 sed -i 's|/{{port|/{\\{port|' tests/*.{pm,px}
 %build
 aclocal
 autoreconf
 %configure \
    --with-ssl=gnutls \
    --with-libpsl \
@ -108,6 +81,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_infodir}/*
 %changelog
 * Fri Oct 27 2017 Tomas Hozza <thozza@redhat.com> - 1.19.2-1
 - Update to latest upstream version due to CVE-2017-13089 CVE-2017-13090
 * Mon Oct 09 2017 Troy Dawson <tdawson@redhat.com> - 1.19.1-6
 - Fix FTBFS (#1499876)
`@ -1 +1 @@`
	`SHA512 (wget-1.19.1.tar.xz) = 00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5`	`SHA512 (wget-1.19.2.tar.gz) = a0f8afcc0767a8fd1acd64b1b1b27d177bc938e70cc3709c1b3faa6c1426ec926642cd8e49d292cec0268ee507683539b5152072110106de5a728a03efd8cedd`