| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: wget | Distribution: SUSE Linux Enterprise 15 |
| Version: 1.20.3 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 3.9.2 | Build date: Tue Mar 31 14:17:33 2020 |
| Group: Productivity/Networking/Web/Utilities | Build host: ibs-centriq-3 |
| Size: 806688 | Source RPM: wget-1.20.3-3.9.2.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: https://www.gnu.org/software/wget/ | |
| Summary: A Tool for Mirroring FTP and HTTP Servers | |
Wget enables you to retrieve WWW documents or FTP files from a server. This can be done in script files or via the command line.
GPL-3.0-or-later
* Thu Mar 12 2020 info@paolostivanin.com
- split lang files into separate lang package
- add remove-env-from-shebang.patch
* Fri Apr 05 2019 josef.moellers@suse.com
- Upgrade to GNU wget 1.20.3:
* Finally fixed the buffer overflow vulnerability
* obsoletes patch wget-buffer-overflow-CVE-2019-5953.patch
[bsc#1131493, CVE-2019-5953]
* Wed Apr 03 2019 seanlew@opensuse.org
- GNU wget 1.20.2:
* NTLM authentication will retry under certain cases
* Fixed a buffer overflow vulnerability
* Fri Jan 11 2019 mpluskal@suse.com
- Use pcre2
- Make building more verbose
* Fri Dec 28 2018 astieger@suse.com
- GNU wget 1.20.1:
* --xattr is no longer default since it introduces privacy issues
* --xattr saves the Referer as scheme/host/port,
user/pw/path/query/fragment are no longer saved to prevent
privacy issues
* --xattr saves the Original URL without user/password to prevent
privacy issues
* all of the above fix CVE-2018-20483 (bsc#1120382)
* Fri Nov 30 2018 josef.moellers@suse.com
- Version update to 1.20:
* Add new option `--retry-on-host-error` to treat local errors as
transient and hence Wget will retry to download the file after
a brief waiting period.
* multiple potential resource leaks as found by static analysis.
* Wget will now not create an empty wget-log file when running
with -q and -b. switches together
* When compiled using the GnuTLS = 3.6.3, Wget now has support
for TLSv1.3.
* Now there is support for using libpcre2 for regex pattern
matching.
* When downloading over FTP recursively, one can now use the
- -accept,reject -regex switches to fine-tune the downloaded
files.
* Building Wget from the git sources now requires autoconf 2.63
or above. Building from the Tarballs works as it used to.
[bsc#1167919, wget-ignore-void-retvalue.patch]
* Mon May 07 2018 josef.moellers@suse.com
- GNU wget 1.19.5:
* Fix cookie injection (CVE-2018-0494, bsc#1092061)
* Enable TLS1.3 with recent OpenSSL environment
* New option --ciphers to set GnuTLS / OpenSSL ciphers directly
* Updated CSS grammar to CSS 2.2
* Fixed several memleaks found by OSS-Fuzz
* Fixed several buffer overflows found by OSS-Fuzz
* Fixed several integer overflows found by OSS-Fuzz
* Several minor bug fixes
[bsc#1092061, CVE-2018-0494, wget-ignore-void-retvalue.patch]
* Fri Feb 16 2018 josef.moellers@suse.com
- Original package had sources lzip compressed. Downloaded .gz
compressed file including signature file.
* Mon Jan 22 2018 avindra@opensuse.org
- GNU wget 1.19.4:
* Support for Content-Encoding and Transfer-Encoding have been
marked as experimental and disabled by default
- includes 1.19.3:
* Prevent erroneous decompression of .gz and .tgz files with
broken servers
* Added support for HTTP 308 Permanent Redirect response
* Fix segfault in some cases where the Content-Type header is
not sent
* Support OpenSSL 1.1 builds without using deprecated features
* Several minor bug fixes
- switch to lz release (smaller)
- cleanup with spec-cleaner
* Fri Oct 27 2017 astieger@suse.com
- GNU wget 1.19.2:
* CVE-2017-13089: Stack overflow in HTTP protocol handling (bsc#1064715)
* CVE-2017-13090: Heap overflow in HTTP protocol handling (bsc#1064716)
* New option --compression for gzip Content-Encoding
* New option --[no]-netrc to control .netrc parsing
* Added GNU extensions to .netrc parsing
* Improved IDNA 2003 compatibility
* Fix VPATH issues
* Improved and extended the test suite
* Support Wayback Machine's X-Archive-Orig-last-modified
* Several bug fixes
- drop upstreamed patches:
* wget-CVE-2017-6508.patch
* wget-416-but-file-not-complete.patch
- unfuzz wget-errno-clobber.patch
* Thu Sep 21 2017 josef.moellers@suse.com
- Retry http GET when server responds with "416 Requested Range
Not Satisfiable" but file is not complete.
[boo#1058204, wget-416-but-file-not-complete.patch]
* Tue Mar 07 2017 josef.moellers@suse.com
- src/url.c (url_parse): Reject control characters in host part
of URL
(CVE-2017-6508, wget-CVE-2017-6508.patch, bsc#1028301)
* Thu Feb 16 2017 josef.moellers@suse.com
- Update to wget-1.19.1, mainly bug fixes
* Add support for --retry-on-http-error
* tests/WgetTests.pm: Add --no-config to wget invocation
* Fix regression in .netrc auth in src/http.c
* Fix memory leak in src/iri.c
* Remove skipping libunistring with --disable-iri
* bootstrap.conf: Add gnulib module wcwidth
* Fix include/define clash with gnulib's unlink module
* Sat Feb 04 2017 astieger@suse.com
- build with libidn2 to actually support IDNA2008 - FATE#321897
* Fri Feb 03 2017 josef.moellers@suse.com
- Update to wget-1.19:
* New option --use-askpass=COMMAND. Fetch user/password by calling
an external program.
* Use IDNA2008 (+ TR46 if available) through libidn2
* When processing a Metalink header, --metalink-index=<number> allows
to process the header's application/metalink4+xml files.
* When processing a Metalink file, --trust-server-names enables the
use of the destination file names specified in the Metalink file,
otherwise a safe destination file name is computed.
* When processing a Metalink file, enforce a safe destination path.
Remove any drive letter prefix under w32, i.e. 'C:D:file'. Call
libmetalink's metalink_check_safe_path() to prevent absolute,
relative, or home paths:
https://tools.ietf.org/html/rfc5854#section-4.1.2.1
https://tools.ietf.org/html/rfc5854#section-4.2.8.3
* When processing a Metalink file, --directory-prefix=<prefix> sets
the top of the retrieval tree to prefix for Metalink downloads.
* When processing a Metalink file, reject downloaded files which don't
agree with their own metalink:size value:
https://tools.ietf.org/html/rfc5854#section-4.2.16
* When processing a Metalink file, with --continue resume partially
downloaded files and keep fully downloaded files even if they fail
the verification.
* When processing a Metalink file, create the parent directories of a
"path/file" destination file name:
https://tools.ietf.org/html/rfc5854#section-4.1.2.1
https://tools.ietf.org/html/rfc5854#section-4.2.8.3
* On a recursive download, append a .tmp suffix to temporary files
that will be deleted after being parsed, and create them
readable/writable only by the owner.
* New make target 'check-valgrind'
* Fix several bugs
* Fix compatibility issues
* Thu Jul 28 2016 josef.moellers@suse.com
- Save/restore errno within CLOSE_FINISH and CLOSE_INVALIDATE.
(wget-errno-clobber.patch, boo#983660)
* Fri Jul 22 2016 dimstar@opensuse.org
- Update wget-libproxy.patch: use libproxy's px_proxy_factory_free
instead of regular free in order to ensure the module destructors
are correctly running (boo#967601).
* Thu Jun 09 2016 astieger@suse.com
- GNU wget 1.18:
* On server redirects to a FTP resource, use the original URL to
get the local file name by default. CVE-2016-4971 (boo#984060)
This introduces a backward-incompatibility for HTTP->FTP
redirects and any script that relies on the old behaviour must
use --trust-server-names.
* Check the HSTS file is not world-writable before using it.
* Parse <img srcset> attributes on a recursive download.
* Fix problem with SNI server names having trailing dot(s)
* New options --bind-dns-address and --dns-servers.
* Convert non-ASCII URIs to the locale's codeset when creating
files. Encoding of remote files and URIs is taken from
- -remote-encoding, defaulting to UTF-8. The result is that
non-ASCII URIs and files downloaded via HTTP/HTTPS and FTP will
have names on the local filesystem that correspond to their
remote names.
- build with gpgme, libcares2
* Sat Dec 12 2015 astieger@suse.com
- GNU wget 1.17.1:
* Fix compile error when IPv6 is disabled or SSL is not present
* Fix HSTS memory leak
* Fix progress output in non-C locales
* Fix SIGSEGV when -N and --content-disposition are used together
* Add --check-certificate=quiet to tell wget to not print any
warning about invalid certificates
* Wed Nov 18 2015 astieger@suse.com
- GNU wget 1.17:
* Remove FTP passive to active fallback due to privacy concerns.
[boo#944858] CVE-2015-7665 was assigned to this problem in a
tails context
* Add support for --if-modified-since.
* Add support for metalink through --input-metalink and
- -metalink-over-http.
* Add support for HSTS through --hsts and --hsts-file.
* Add option to restrict filenames under VMS.
* Add support for --rejected-log which logs to a separate file the
reasons why URLs are being rejected and some context around it.
* Add support for FTPS.
* Do not download/save file on error when --spider enabled
* Add --convert-file-only option. This option converts only the
filename part of the URLs, leaving the rest of the URLs
untouched.
- packaging changes:
* enable metalink support (in ring1)
* use system pcre (in ring 0)
* use system libuuid (in ring 1)
* build with libpsl for cookie domain checking (new)
* Mon Mar 09 2015 astieger@suse.com
- GNU wget 1.16.3:
* Fix a regression introduced by wget 1.16.2 that --quiet is not
really quiet anymore.
* Tue Mar 03 2015 astieger@suse.com
- GNU wget 1.16.2:
* Allow progress bar on stderr when -o is used.
* Accept 5-digit port numbers in FTP EPSV responses.
* Support older versions of flex.
* Updated translations.
- drop wget-1.14-openssl-no-intern.patch, now upstream
* Wed Dec 24 2014 andreas.stieger@gmx.de
- GNU wget 1.16.1:
* Add --enable-assert configure option.
* Use pkg-config to check for libraries presence.
* Do not limit --secure-protocol=auto|pfs to TLSv1.0.
* Add --secure-protocol=TLSv1_1|TLSv1_2 .
* Full C89 source code compliance.
* Select and use the most secure authentication scheme with HTTP
connections.
* Fix issues with turkish locales.
* Handle 504 Gateway Timeout.
* New option --crl-file to load Certificate Revocation Lists.
* Add valgrind support to tests suite.
* Fix an off-by-one problem in the progress bar (introduced in 1.16).
- refresh wget-libproxy.patch
* Wed Oct 29 2014 andreas.stieger@gmx.de
- GNU wget 1.16:
This release contains a fix for symlink attack which could allow
a malicious ftp server to create arbitrary files, directories or
symbolic links and set their permissions when retrieving a
directory recursively through FTP. [CVE-2014-4877] [boo#902709]
* No longer create local symbolic links by default
- -retr-symlinks=no option restores previous behaviour
* Use libpsl for verifying cookie domains.
* Default progress bar output changed.
* Introduce --show-progress to force display the progress bar.
* Introduce --no-config. The wgetrc files will not be read.
* Introduce --start-pos to allow starting downloads from a specified position.
* Fix a problem with ISA Server Proxy and keep-alive connections.
- refresh wget-libproxy.patch for upstream changes
- make some dependencies only required for testsuite optional
/etc/wgetrc /usr/bin/wget /usr/share/doc/packages/wget /usr/share/doc/packages/wget/AUTHORS /usr/share/doc/packages/wget/MAILING-LIST /usr/share/doc/packages/wget/NEWS /usr/share/doc/packages/wget/README /usr/share/doc/packages/wget/rmold.pl /usr/share/doc/packages/wget/sample.wgetrc /usr/share/info/wget.info.gz /usr/share/licenses/wget /usr/share/licenses/wget/COPYING /usr/share/man/man1/wget.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 13:54:43 2024