SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for wget-1.19.2-1.4.i586.rpm :
Fri Oct 27 14:00:00 2017 astiegerAATTsuse.com
- GNU wget 1.19.2:

* CVE-2017-13089: Stack overflow in HTTP protocol handling (bsc#1064715)

* CVE-2017-13090: Heap overflow in HTTP protocol handling (bsc#1064716)

* New option --compression for gzip Content-Encoding

* New option --[no]-netrc to control .netrc parsing

* Added GNU extensions to .netrc parsing

* Improved IDNA 2003 compatibility

* Fix VPATH issues

* Improved and extended the test suite

* Support Wayback Machine\'s X-Archive-Orig-last-modified

* Several bug fixes
- drop upstreamed patches:

* wget-CVE-2017-6508.patch

* wget-416-but-file-not-complete.patch
- unfuzz wget-errno-clobber.patch

Thu Sep 21 14:00:00 2017 josef.moellersAATTsuse.com
- Retry http GET when server responds with \"416 Requested Range
Not Satisfiable\" but file is not complete.
[boo#1058204, wget-416-but-file-not-complete.patch]

Tue Mar 7 13:00:00 2017 josef.moellersAATTsuse.com
- src/url.c (url_parse): Reject control characters in host part
of URL
(CVE-2017-6508, wget-CVE-2017-6508.patch, bsc#1028301)

Thu Feb 16 13:00:00 2017 josef.moellersAATTsuse.com
- Update to wget-1.19.1, mainly bug fixes

* Add support for --retry-on-http-error

* tests/WgetTests.pm: Add --no-config to wget invocation

* Fix regression in .netrc auth in src/http.c

* Fix memory leak in src/iri.c

* Remove skipping libunistring with --disable-iri

* bootstrap.conf: Add gnulib module wcwidth

* Fix include/define clash with gnulib\'s unlink module

Sat Feb 4 13:00:00 2017 astiegerAATTsuse.com
- build with libidn2 to actually support IDNA2008 - FATE#321897

Fri Feb 3 13:00:00 2017 josef.moellersAATTsuse.com
- Update to wget-1.19:

* New option --use-askpass=COMMAND. Fetch user/password by calling
an external program.

* Use IDNA2008 (+ TR46 if available) through libidn2

* When processing a Metalink header, --metalink-index= allows
to process the header\'s application/metalink4+xml files.

* When processing a Metalink file, --trust-server-names enables the
use of the destination file names specified in the Metalink file,
otherwise a safe destination file name is computed.

* When processing a Metalink file, enforce a safe destination path.
Remove any drive letter prefix under w32, i.e. \'C:D:file\'. Call
libmetalink\'s metalink_check_safe_path() to prevent absolute,
relative, or home paths:
https://tools.ietf.org/html/rfc5854#section-4.1.2.1
https://tools.ietf.org/html/rfc5854#section-4.2.8.3

* When processing a Metalink file, --directory-prefix= sets
the top of the retrieval tree to prefix for Metalink downloads.

* When processing a Metalink file, reject downloaded files which don\'t
agree with their own metalink:size value:
https://tools.ietf.org/html/rfc5854#section-4.2.16

* When processing a Metalink file, with --continue resume partially
downloaded files and keep fully downloaded files even if they fail
the verification.

* When processing a Metalink file, create the parent directories of a
\"path/file\" destination file name:
https://tools.ietf.org/html/rfc5854#section-4.1.2.1
https://tools.ietf.org/html/rfc5854#section-4.2.8.3

* On a recursive download, append a .tmp suffix to temporary files
that will be deleted after being parsed, and create them
readable/writable only by the owner.

* New make target \'check-valgrind\'

* Fix several bugs

* Fix compatibility issues

Thu Jul 28 14:00:00 2016 josef.moellersAATTsuse.com
- Save/restore errno within CLOSE_FINISH and CLOSE_INVALIDATE.
(wget-errno-clobber.patch, boo#983660)

Fri Jul 22 14:00:00 2016 dimstarAATTopensuse.org
- Update wget-libproxy.patch: use libproxy\'s px_proxy_factory_free
instead of regular free in order to ensure the module destructors
are correctly running (boo#967601).

Thu Jun 9 14:00:00 2016 astiegerAATTsuse.com
- GNU wget 1.18:

* On server redirects to a FTP resource, use the original URL to
get the local file name by default. CVE-2016-4971 (boo#984060)
This introduces a backward-incompatibility for HTTP->FTP
redirects and any script that relies on the old behaviour must
use --trust-server-names.

* Check the HSTS file is not world-writable before using it.

* Parse attributes on a recursive download.

* Fix problem with SNI server names having trailing dot(s)

* New options --bind-dns-address and --dns-servers.

* Convert non-ASCII URIs to the locale\'s codeset when creating
files. Encoding of remote files and URIs is taken from
- -remote-encoding, defaulting to UTF-8. The result is that
non-ASCII URIs and files downloaded via HTTP/HTTPS and FTP will
have names on the local filesystem that correspond to their
remote names.
- build with gpgme, libcares2

Sat Dec 12 13:00:00 2015 astiegerAATTsuse.com
- GNU wget 1.17.1:

* Fix compile error when IPv6 is disabled or SSL is not present

* Fix HSTS memory leak

* Fix progress output in non-C locales

* Fix SIGSEGV when -N and --content-disposition are used together

* Add --check-certificate=quiet to tell wget to not print any
warning about invalid certificates

Wed Nov 18 13:00:00 2015 astiegerAATTsuse.com
- GNU wget 1.17:

* Remove FTP passive to active fallback due to privacy concerns.
[boo#944858] CVE-2015-7665 was assigned to this problem in a
tails context

* Add support for --if-modified-since.

* Add support for metalink through --input-metalink and
- -metalink-over-http.

* Add support for HSTS through --hsts and --hsts-file.

* Add option to restrict filenames under VMS.

* Add support for --rejected-log which logs to a separate file the
reasons why URLs are being rejected and some context around it.

* Add support for FTPS.

* Do not download/save file on error when --spider enabled

* Add --convert-file-only option. This option converts only the
filename part of the URLs, leaving the rest of the URLs
untouched.
- packaging changes:

* enable metalink support (in ring1)

* use system pcre (in ring 0)

* use system libuuid (in ring 1)

* build with libpsl for cookie domain checking (new)

Mon Mar 9 13:00:00 2015 astiegerAATTsuse.com
- GNU wget 1.16.3:

* Fix a regression introduced by wget 1.16.2 that --quiet is not
really quiet anymore.

Tue Mar 3 13:00:00 2015 astiegerAATTsuse.com
- GNU wget 1.16.2:

* Allow progress bar on stderr when -o is used.

* Accept 5-digit port numbers in FTP EPSV responses.

* Support older versions of flex.

* Updated translations.
- drop wget-1.14-openssl-no-intern.patch, now upstream

Wed Dec 24 13:00:00 2014 andreas.stiegerAATTgmx.de
- GNU wget 1.16.1:

* Add --enable-assert configure option.

* Use pkg-config to check for libraries presence.

* Do not limit --secure-protocol=auto|pfs to TLSv1.0.

* Add --secure-protocol=TLSv1_1|TLSv1_2 .

* Full C89 source code compliance.

* Select and use the most secure authentication scheme with HTTP
connections.

* Fix issues with turkish locales.

* Handle 504 Gateway Timeout.

* New option --crl-file to load Certificate Revocation Lists.

* Add valgrind support to tests suite.

* Fix an off-by-one problem in the progress bar (introduced in 1.16).
- refresh wget-libproxy.patch

Wed Oct 29 13:00:00 2014 andreas.stiegerAATTgmx.de
- GNU wget 1.16:
This release contains a fix for symlink attack which could allow
a malicious ftp server to create arbitrary files, directories or
symbolic links and set their permissions when retrieving a
directory recursively through FTP. [CVE-2014-4877] [boo#902709]

* No longer create local symbolic links by default
- -retr-symlinks=no option restores previous behaviour

* Use libpsl for verifying cookie domains.

* Default progress bar output changed.

* Introduce --show-progress to force display the progress bar.

* Introduce --no-config. The wgetrc files will not be read.

* Introduce --start-pos to allow starting downloads from a specified position.

* Fix a problem with ISA Server Proxy and keep-alive connections.
- refresh wget-libproxy.patch for upstream changes
- make some dependencies only required for testsuite optional

Sun Jun 8 14:00:00 2014 andreas.stiegerAATTgmx.de
- Disable the testsuite

Tue Jan 21 13:00:00 2014 kpetschAATTsuse.com
- Enabled the testsuite
- Modified libproxy.patch to include Makefile in tests/

Sun Jan 19 13:00:00 2014 andreas.stiegerAATTgmx.de
- GNU wget 1.15

* Add support for --method.

* Add support for file names longer than MAX_FILE.

* Support FTP listing for the FTP Server on Windows Server 2008 R2.

* Fix a regression when -c and --content-disposition are used together.

* Support shorthand URLs in an input file.

* Fix -c with servers that don\'t specify a content-length.

* Add support for MD5-SESS

* Do not fail on non fatal GNU TLS alerts during handshake.

* Add support for --https-only. When used wget will follow only

* HTTPS links in recursive mode.

* Support Perfect-Forward Secrecy in --secure-protocol.

* Fix a problem with some IRI links that are not followed when contained in a

* HTML document.

* Support some FTP servers that return an empty list with \"LIST -a\".

* Specify Host with the HTTP CONNECT method.

* Use the correct HTTP method on a redirection.
- verify source tarball signatures
- modified patches:

* wget-1.14-openssl-no-intern.patch for upstream changes

* wget-fix-pod-syntax.diff for upstream changes

Thu Jun 20 14:00:00 2013 cooloAATTsuse.com
- add wget-fix-pod-syntax.diff to fix build with perl 5.18

Thu May 2 14:00:00 2013 p.drouandAATTgmail.com
- Update to version 1.14
+ add support for content-on-error. It allows to store the HTTP
payload on 4xx or 5xx errors.
+ add support for WARC files.
+ fix a memory leak problem in the GNU TLS backend.
+ autoreconf works again for distributed tarballs.
+ print some diagnostic messages to stderr not to stdout.
+ report stdout close errors.
+ accept the --report-speed option.
+ enable client certificates when GNU TLS is used.
+ add support for TLS Server Name Indication.
+ accept the arguments --accept-reject and --reject-regex.
+ the GNU TLS backend honors correctly the timeout value.
+ add support for RFC 2617 Digest Access Authentication.
- Drop patchs obsoleted by upstream
+ wget-sni.patch
+ wget-stdio.h.patch
- Rebase patchs to work with upstream
+ wget-openssl-no-intern.patch > wget-1.14-openssl-no-intern.patch
+ wget-no-ssl-comp.patch > wget-1.14-no-ssl-comp.patch

Thu May 2 14:00:00 2013 seife+obsAATTb1-systems.com
- add makeinfo BuildRequires to fix build

Fri Apr 5 14:00:00 2013 idonmezAATTsuse.com
- Add Source URL, see https://en.opensuse.org/SourceUrls

Mon Nov 12 13:00:00 2012 crrodriguezAATTopensuse.org
- wget-no-ssl-comp.patch: Since the apperance of the \"CRIME attack\"
(CVE-2012-4929) HTTPS clients must not negotatiate ssl compression.

Thu Sep 27 14:00:00 2012 crrodriguezAATTopensuse.org
- Add wget-openssl-no-intern.patch to Build with OPENSSL_NO_SSL_INTERN,
which is openssl\'s poor man\'s version of visibility, to avoid breaking
applications ABI on library internal changes.

Fri Jul 27 14:00:00 2012 ajAATTsuse.de
- Fix build with missing gets declaration (glibc 2.16)

Wed Mar 21 13:00:00 2012 dimstarAATTopensuse.org
- Adjust wget-libproxy.patch: give debug output only when
opt.debug is set to non-zero values, so when -d is specified.
Fix bnc#753242.

Fri Dec 2 13:00:00 2011 cooloAATTsuse.com
- add automake as buildrequire to avoid implicit dependency

Wed Oct 19 14:00:00 2011 maxAATTsuse.com
- New version: 1.13.4:

* Now --timestamping and --continue work well together.

* Return a network failure when FTP downloads fail and
- -timestamping is specified.

* Support HTTP/1.1

* Fix some portability issues.

* Handle properly malformed status line in a HTTP response.

* Ignore zero length domains in $no_proxy.

* Exit with failure if -k is specified and -O is not a regular
file.

* Cope better with unclosed html tags.

* Print diagnostic messages to stderr, not stdout.

* Do not use an additional HEAD request when
- -content-disposition is used, but use directly GET.

* Report the average transfer speed correctly when multiple
URLs are specified and -c influences the transferred data
amount.

* By default, on server redirects, use the original URL to get
the local file name. Close CVE-2010-2252. This introduces a
backward-incompatibility; any script that relies on the old
behaviour must use --trust-server-names.

* Fix a problem when -k is used and some URLs are specified
trough CSS.

* Convert correctly URLs that need to be encoded to local files
when following links.

* Use persistent connections with proxies supporting them.

* Print the total download time as part of the summary for
recursive downloads.

* Now it is possible to specify a different startup
configuration file trough the --config option.

* Fix an infinite loop with the error \' has sprung
into existence\' on a network error and -nc is used.

* Now --adjust-extension does not modify the file extension if
the file ends in .htm.

* Support HTTP/1.1 307 redirects keep request method.

* Now --no-parent doesn\'t fetch undesired files if HTTP and
HTTPS are used by the same host on different pages.

* Do not attempt to remove the file if it is not in the accept
rules but it is the output destination file.

* Introduce `show_all_dns_entries\' to print all IP addresses
corresponding to a DNS name when it is resolved.
- Adjuct patches to the new version.
- wget-1.12-nosslv2.patch got included upstream.

Sat Oct 15 14:00:00 2011 crrodriguezAATTopensuse.org
- fix typo in sni patch , in the IPV6 case should be
is_valid_ipv6_address() instead of is_valid_ipv4_address()
- Add comment to the patch referencing upstream tracker.

Fri Oct 14 14:00:00 2011 crrodriguezAATTopensuse.org
- Update nosslv2 patch with the version in upstream
- Wget now supports SNI (server name indication), patch
based on a 2 year old fix submitted to upstream list
that somehow fell through the cracks.

Sat Apr 9 14:00:00 2011 crrodriguezAATTopensuse.org
- SSLv2 is being disabled in openSSL, allow painless obsoletion.
- Support IDN.

Sun Aug 15 14:00:00 2010 dimstarAATTopensuse.org
- Update to version 1.12:
+ SECURITY FIX: It had been possible to trick Wget into accepting
SSL certificates that don\'t match the host name, through the
trick of embedding NUL characters into the certs\' common name
+ Added support for CSS. This includes:
- Parsing links from CSS files, and from CSS content found in
HTML style tags and attributes.
- Supporting conversion of links found within CSS content, when
- -convert-links is specified.
- Ensuring that CSS files end in the \".css\" filename extension,
when --convert-links is specified.
+ Added support for Internationalized Resource Identifiers
+ Wget now provides more sensible exit status codes when
downloads don\'t proceed as expected
+ --default-page option (and associated wgetrc command) added to
support alternative default names for index.html.
+ --ask-password option (and associated wgetrc command) added to
support password prompts at the console.
+ The --input-file option now also handles retrieving links from
an external file.
+ The output generated by the --version option now includes
information on how it was built, and the set of configure-time
options that were selected.
+ --html-extension has been renamed to --adjust-extension, to
reflect the fact that it now also applies to CSS content
+ An \"ascii\" specifier is now accepted by --restrict-file-names,
which forces the percent-encoding of all non-ASCII bytes
+ Several previously existing, but undocumented .wgetrc options
are now documented.
- Drop upstream fixed wget-nullcerts.patch.
- Minor spec-cleanups using spec-cleaner
- Use smp_mflags
- Add libproxy-devel BuildRequires and enable libproxy support
using wget-libproxy.patch.
- Add pkg-config BuildRequire to succeed with the bootstrap on
openSUSE < 11.3.

Wed Dec 16 13:00:00 2009 jengelhAATTmedozas.de
- Enable parallel building

Tue Aug 11 14:00:00 2009 maxAATTsuse.de
- Fix vulnerability against SSL certificates with a zero byte in
the common name field (wget-nullcerts.patch, bnc#528298).


  
ICM