SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for wget-1.19.5-lp150.2.3.1.x86_64.rpm :

* Wed Jan 09 2019 josef.moellersAATTsuse.com- Do not store sensitive data in a d/l-ed file\'s metadata [ bad-metadata-CVE-2018-20483.patch, CVE-2018-20483, bsc#1120382 ]
* Mon May 07 2018 josef.moellersAATTsuse.com- GNU wget 1.19.5:
* Fix cookie injection (CVE-2018-0494, bsc#1092061)
* Enable TLS1.3 with recent OpenSSL environment
* New option --ciphers to set GnuTLS / OpenSSL ciphers directly
* Updated CSS grammar to CSS 2.2
* Fixed several memleaks found by OSS-Fuzz
* Fixed several buffer overflows found by OSS-Fuzz
* Fixed several integer overflows found by OSS-Fuzz
* Several minor bug fixes [bsc#1092061, CVE-2018-0494, wget-ignore-void-retvalue.patch]
* Fri Feb 16 2018 josef.moellersAATTsuse.com- Original package had sources lzip compressed. Downloaded .gz compressed file including signature file.
* Mon Jan 22 2018 avindraAATTopensuse.org- GNU wget 1.19.4:
* Support for Content-Encoding and Transfer-Encoding have been marked as experimental and disabled by default- includes 1.19.3:
* Prevent erroneous decompression of .gz and .tgz files with broken servers
* Added support for HTTP 308 Permanent Redirect response
* Fix segfault in some cases where the Content-Type header is not sent
* Support OpenSSL 1.1 builds without using deprecated features
* Several minor bug fixes- switch to lz release (smaller)- cleanup with spec-cleaner
* Fri Oct 27 2017 astiegerAATTsuse.com- GNU wget 1.19.2:
* CVE-2017-13089: Stack overflow in HTTP protocol handling (bsc#1064715)
* CVE-2017-13090: Heap overflow in HTTP protocol handling (bsc#1064716)
* New option --compression for gzip Content-Encoding
* New option --[no]-netrc to control .netrc parsing
* Added GNU extensions to .netrc parsing
* Improved IDNA 2003 compatibility
* Fix VPATH issues
* Improved and extended the test suite
* Support Wayback Machine\'s X-Archive-Orig-last-modified
* Several bug fixes- drop upstreamed patches:
* wget-CVE-2017-6508.patch
* wget-416-but-file-not-complete.patch- unfuzz wget-errno-clobber.patch
* Thu Sep 21 2017 josef.moellersAATTsuse.com- Retry http GET when server responds with \"416 Requested Range Not Satisfiable\" but file is not complete. [boo#1058204, wget-416-but-file-not-complete.patch]
* Tue Mar 07 2017 josef.moellersAATTsuse.com- src/url.c (url_parse): Reject control characters in host part of URL (CVE-2017-6508, wget-CVE-2017-6508.patch, bsc#1028301)
* Thu Feb 16 2017 josef.moellersAATTsuse.com- Update to wget-1.19.1, mainly bug fixes
* Add support for --retry-on-http-error
* tests/WgetTests.pm: Add --no-config to wget invocation
* Fix regression in .netrc auth in src/http.c
* Fix memory leak in src/iri.c
* Remove skipping libunistring with --disable-iri
* bootstrap.conf: Add gnulib module wcwidth
* Fix include/define clash with gnulib\'s unlink module
* Sat Feb 04 2017 astiegerAATTsuse.com- build with libidn2 to actually support IDNA2008 - FATE#321897
* Fri Feb 03 2017 josef.moellersAATTsuse.com- Update to wget-1.19:
* New option --use-askpass=COMMAND. Fetch user/password by calling an external program.
* Use IDNA2008 (+ TR46 if available) through libidn2
* When processing a Metalink header, --metalink-index= allows to process the header\'s application/metalink4+xml files.
* When processing a Metalink file, --trust-server-names enables the use of the destination file names specified in the Metalink file, otherwise a safe destination file name is computed.
* When processing a Metalink file, enforce a safe destination path. Remove any drive letter prefix under w32, i.e. \'C:D:file\'. Call libmetalink\'s metalink_check_safe_path() to prevent absolute, relative, or home paths: https://tools.ietf.org/html/rfc5854#section-4.1.2.1 https://tools.ietf.org/html/rfc5854#section-4.2.8.3
* When processing a Metalink file, --directory-prefix= sets the top of the retrieval tree to prefix for Metalink downloads.
* When processing a Metalink file, reject downloaded files which don\'t agree with their own metalink:size value: https://tools.ietf.org/html/rfc5854#section-4.2.16
* When processing a Metalink file, with --continue resume partially downloaded files and keep fully downloaded files even if they fail the verification.
* When processing a Metalink file, create the parent directories of a \"path/file\" destination file name: https://tools.ietf.org/html/rfc5854#section-4.1.2.1 https://tools.ietf.org/html/rfc5854#section-4.2.8.3
* On a recursive download, append a .tmp suffix to temporary files that will be deleted after being parsed, and create them readable/writable only by the owner.
* New make target \'check-valgrind\'
* Fix several bugs
* Fix compatibility issues
* Thu Jul 28 2016 josef.moellersAATTsuse.com- Save/restore errno within CLOSE_FINISH and CLOSE_INVALIDATE. (wget-errno-clobber.patch, boo#983660)
* Fri Jul 22 2016 dimstarAATTopensuse.org- Update wget-libproxy.patch: use libproxy\'s px_proxy_factory_free instead of regular free in order to ensure the module destructors are correctly running (boo#967601).
* Thu Jun 09 2016 astiegerAATTsuse.com- GNU wget 1.18:
* On server redirects to a FTP resource, use the original URL to get the local file name by default. CVE-2016-4971 (boo#984060) This introduces a backward-incompatibility for HTTP->FTP redirects and any script that relies on the old behaviour must use --trust-server-names.
* Check the HSTS file is not world-writable before using it.
* Parse attributes on a recursive download.
* Fix problem with SNI server names having trailing dot(s)
* New options --bind-dns-address and --dns-servers.
* Convert non-ASCII URIs to the locale\'s codeset when creating files. Encoding of remote files and URIs is taken from - -remote-encoding, defaulting to UTF-8. The result is that non-ASCII URIs and files downloaded via HTTP/HTTPS and FTP will have names on the local filesystem that correspond to their remote names.- build with gpgme, libcares2
* Sat Dec 12 2015 astiegerAATTsuse.com- GNU wget 1.17.1:
* Fix compile error when IPv6 is disabled or SSL is not present
* Fix HSTS memory leak
* Fix progress output in non-C locales
* Fix SIGSEGV when -N and --content-disposition are used together
* Add --check-certificate=quiet to tell wget to not print any warning about invalid certificates
* Wed Nov 18 2015 astiegerAATTsuse.com- GNU wget 1.17:
* Remove FTP passive to active fallback due to privacy concerns. [boo#944858] CVE-2015-7665 was assigned to this problem in a tails context
* Add support for --if-modified-since.
* Add support for metalink through --input-metalink and - -metalink-over-http.
* Add support for HSTS through --hsts and --hsts-file.
* Add option to restrict filenames under VMS.
* Add support for --rejected-log which logs to a separate file the reasons why URLs are being rejected and some context around it.
* Add support for FTPS.
* Do not download/save file on error when --spider enabled
* Add --convert-file-only option. This option converts only the filename part of the URLs, leaving the rest of the URLs untouched.- packaging changes:
* enable metalink support (in ring1)
* use system pcre (in ring 0)
* use system libuuid (in ring 1)
* build with libpsl for cookie domain checking (new)
* Mon Mar 09 2015 astiegerAATTsuse.com- GNU wget 1.16.3:
* Fix a regression introduced by wget 1.16.2 that --quiet is not really quiet anymore.
* Tue Mar 03 2015 astiegerAATTsuse.com- GNU wget 1.16.2:
* Allow progress bar on stderr when -o is used.
* Accept 5-digit port numbers in FTP EPSV responses.
* Support older versions of flex.
* Updated translations.- drop wget-1.14-openssl-no-intern.patch, now upstream
* Wed Dec 24 2014 andreas.stiegerAATTgmx.de- GNU wget 1.16.1:
* Add --enable-assert configure option.
* Use pkg-config to check for libraries presence.
* Do not limit --secure-protocol=auto|pfs to TLSv1.0.
* Add --secure-protocol=TLSv1_1|TLSv1_2 .
* Full C89 source code compliance.
* Select and use the most secure authentication scheme with HTTP connections.
* Fix issues with turkish locales.
* Handle 504 Gateway Timeout.
* New option --crl-file to load Certificate Revocation Lists.
* Add valgrind support to tests suite.
* Fix an off-by-one problem in the progress bar (introduced in 1.16).- refresh wget-libproxy.patch
* Wed Oct 29 2014 andreas.stiegerAATTgmx.de- GNU wget 1.16: This release contains a fix for symlink attack which could allow a malicious ftp server to create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP. [CVE-2014-4877] [boo#902709]
* No longer create local symbolic links by default - -retr-symlinks=no option restores previous behaviour
* Use libpsl for verifying cookie domains.
* Default progress bar output changed.
* Introduce --show-progress to force display the progress bar.
* Introduce --no-config. The wgetrc files will not be read.
* Introduce --start-pos to allow starting downloads from a specified position.
* Fix a problem with ISA Server Proxy and keep-alive connections.- refresh wget-libproxy.patch for upstream changes- make some dependencies only required for testsuite optional
* Sun Jun 08 2014 andreas.stiegerAATTgmx.de- Disable the testsuite
* Tue Jan 21 2014 kpetschAATTsuse.com- Enabled the testsuite- Modified libproxy.patch to include Makefile in tests/
* Sun Jan 19 2014 andreas.stiegerAATTgmx.de- GNU wget 1.15
* Add support for --method.
* Add support for file names longer than MAX_FILE.
* Support FTP listing for the FTP Server on Windows Server 2008 R2.
* Fix a regression when -c and --content-disposition are used together.
* Support shorthand URLs in an input file.
* Fix -c with servers that don\'t specify a content-length.
* Add support for MD5-SESS
* Do not fail on non fatal GNU TLS alerts during handshake.
* Add support for --https-only. When used wget will follow only
* HTTPS links in recursive mode.
* Support Perfect-Forward Secrecy in --secure-protocol.
* Fix a problem with some IRI links that are not followed when contained in a
* HTML document.
* Support some FTP servers that return an empty list with \"LIST -a\".
* Specify Host with the HTTP CONNECT method.
* Use the correct HTTP method on a redirection.- verify source tarball signatures- modified patches:
* wget-1.14-openssl-no-intern.patch for upstream changes
* wget-fix-pod-syntax.diff for upstream changes
* Thu Jun 20 2013 cooloAATTsuse.com- add wget-fix-pod-syntax.diff to fix build with perl 5.18
* Thu May 02 2013 p.drouandAATTgmail.com- Update to version 1.14 + add support for content-on-error. It allows to store the HTTP payload on 4xx or 5xx errors. + add support for WARC files. + fix a memory leak problem in the GNU TLS backend. + autoreconf works again for distributed tarballs. + print some diagnostic messages to stderr not to stdout. + report stdout close errors. + accept the --report-speed option. + enable client certificates when GNU TLS is used. + add support for TLS Server Name Indication. + accept the arguments --accept-reject and --reject-regex. + the GNU TLS backend honors correctly the timeout value. + add support for RFC 2617 Digest Access Authentication.- Drop patchs obsoleted by upstream + wget-sni.patch + wget-stdio.h.patch- Rebase patchs to work with upstream + wget-openssl-no-intern.patch > wget-1.14-openssl-no-intern.patch + wget-no-ssl-comp.patch > wget-1.14-no-ssl-comp.patch
* Thu May 02 2013 seife+obsAATTb1-systems.com- add makeinfo BuildRequires to fix build
* Fri Apr 05 2013 idonmezAATTsuse.com- Add Source URL, see https://en.opensuse.org/SourceUrls
* Mon Nov 12 2012 crrodriguezAATTopensuse.org- wget-no-ssl-comp.patch: Since the apperance of the \"CRIME attack\" (CVE-2012-4929) HTTPS clients must not negotatiate ssl compression.
* Thu Sep 27 2012 crrodriguezAATTopensuse.org- Add wget-openssl-no-intern.patch to Build with OPENSSL_NO_SSL_INTERN, which is openssl\'s poor man\'s version of visibility, to avoid breaking applications ABI on library internal changes.
* Fri Jul 27 2012 ajAATTsuse.de- Fix build with missing gets declaration (glibc 2.16)
* Wed Mar 21 2012 dimstarAATTopensuse.org- Adjust wget-libproxy.patch: give debug output only when opt.debug is set to non-zero values, so when -d is specified. Fix bnc#753242.
* Fri Dec 02 2011 cooloAATTsuse.com- add automake as buildrequire to avoid implicit dependency
* Wed Oct 19 2011 maxAATTsuse.com- New version: 1.13.4:
* Now --timestamping and --continue work well together.
* Return a network failure when FTP downloads fail and - -timestamping is specified.
* Support HTTP/1.1
* Fix some portability issues.
* Handle properly malformed status line in a HTTP response.
* Ignore zero length domains in $no_proxy.
* Exit with failure if -k is specified and -O is not a regular file.
* Cope better with unclosed html tags.
* Print diagnostic messages to stderr, not stdout.
* Do not use an additional HEAD request when - -content-disposition is used, but use directly GET.
* Report the average transfer speed correctly when multiple URLs are specified and -c influences the transferred data amount.
* By default, on server redirects, use the original URL to get the local file name. Close CVE-2010-2252. This introduces a backward-incompatibility; any script that relies on the old behaviour must use --trust-server-names.
* Fix a problem when -k is used and some URLs are specified trough CSS.
* Convert correctly URLs that need to be encoded to local files when following links.
* Use persistent connections with proxies supporting them.
* Print the total download time as part of the summary for recursive downloads.
* Now it is possible to specify a different startup configuration file trough the --config option.
* Fix an infinite loop with the error \' has sprung into existence\' on a network error and -nc is used.
* Now --adjust-extension does not modify the file extension if the file ends in .htm.
* Support HTTP/1.1 307 redirects keep request method.
* Now --no-parent doesn\'t fetch undesired files if HTTP and HTTPS are used by the same host on different pages.
* Do not attempt to remove the file if it is not in the accept rules but it is the output destination file.
* Introduce `show_all_dns_entries\' to print all IP addresses corresponding to a DNS name when it is resolved.- Adjuct patches to the new version.- wget-1.12-nosslv2.patch got included upstream.
* Sat Oct 15 2011 crrodriguezAATTopensuse.org- fix typo in sni patch , in the IPV6 case should be is_valid_ipv6_address() instead of is_valid_ipv4_address()- Add comment to the patch referencing upstream tracker.
* Fri Oct 14 2011 crrodriguezAATTopensuse.org- Update nosslv2 patch with the version in upstream- Wget now supports SNI (server name indication), patch based on a 2 year old fix submitted to upstream list that somehow fell through the cracks.
* Sat Apr 09 2011 crrodriguezAATTopensuse.org- SSLv2 is being disabled in openSSL, allow painless obsoletion.- Support IDN.
* Sun Aug 15 2010 dimstarAATTopensuse.org- Update to version 1.12: + SECURITY FIX: It had been possible to trick Wget into accepting SSL certificates that don\'t match the host name, through the trick of embedding NUL characters into the certs\' common name + Added support for CSS. This includes: - Parsing links from CSS files, and from CSS content found in HTML style tags and attributes. - Supporting conversion of links found within CSS content, when - -convert-links is specified. - Ensuring that CSS files end in the \".css\" filename extension, when --convert-links is specified. + Added support for Internationalized Resource Identifiers + Wget now provides more sensible exit status codes when downloads don\'t proceed as expected + --default-page option (and associated wgetrc command) added to support alternative default names for index.html. + --ask-password option (and associated wgetrc command) added to support password prompts at the console. + The --input-file option now also handles retrieving links from an external file. + The output generated by the --version option now includes information on how it was built, and the set of configure-time options that were selected. + --html-extension has been renamed to --adjust-extension, to reflect the fact that it now also applies to CSS content + An \"ascii\" specifier is now accepted by --restrict-file-names, which forces the percent-encoding of all non-ASCII bytes + Several previously existing, but undocumented .wgetrc options are now documented.- Drop upstream fixed wget-nullcerts.patch.- Minor spec-cleanups using spec-cleaner- Use smp_mflags- Add libproxy-devel BuildRequires and enable libproxy support using wget-libproxy.patch.- Add pkg-config BuildRequire to succeed with the bootstrap on openSUSE < 11.3.
* Wed Dec 16 2009 jengelhAATTmedozas.de- Enable parallel building
* Tue Aug 11 2009 maxAATTsuse.de- Fix vulnerability against SSL certificates with a zero byte in the common name field (wget-nullcerts.patch, bnc#528298).
  
ICM