Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

wget-1.20.3-3.9.2 RPM for aarch64

From OpenSuSE Leap 15.3 for aarch64

Name: wget Distribution: SUSE Linux Enterprise 15
Version: 1.20.3 Vendor: SUSE LLC <>
Release: 3.9.2 Build date: Tue Mar 31 14:17:33 2020
Group: Productivity/Networking/Web/Utilities Build host: ibs-centriq-3
Size: 806688 Source RPM: wget-1.20.3-3.9.2.src.rpm
Summary: A Tool for Mirroring FTP and HTTP Servers
Wget enables you to retrieve WWW documents or FTP files from a server.
This can be done in script files or via the command line.






* Thu Mar 12 2020
  - split lang files into separate lang package
  - add remove-env-from-shebang.patch
* Fri Apr 05 2019
  - Upgrade to GNU wget 1.20.3:
    * Finally fixed the buffer overflow vulnerability
    * obsoletes patch wget-buffer-overflow-CVE-2019-5953.patch
    [bsc#1131493, CVE-2019-5953]
* Wed Apr 03 2019
  - GNU wget 1.20.2:
    * NTLM authentication will retry under certain cases
    * Fixed a buffer overflow vulnerability
* Fri Jan 11 2019
  - Use pcre2
  - Make building more verbose
* Fri Dec 28 2018
  - GNU wget 1.20.1:
    * --xattr is no longer default since it introduces privacy issues
    * --xattr saves the Referer as scheme/host/port,
      user/pw/path/query/fragment are no longer saved to prevent
      privacy issues
    * --xattr saves the Original URL without user/password to prevent
      privacy issues
    * all of the above fix CVE-2018-20483 (bsc#1120382)
* Fri Nov 30 2018
  - Version update to 1.20:
    * Add new option `--retry-on-host-error` to treat local errors as
      transient and hence Wget will retry to download the file after
      a brief waiting period.
    * multiple potential resource leaks as found by static analysis.
    * Wget will now not create an empty wget-log file when running
      with -q and -b. switches together
    * When compiled using the GnuTLS = 3.6.3, Wget now has support
      for TLSv1.3.
    * Now there is support for using libpcre2 for regex pattern
    * When downloading over FTP recursively, one can now use the
    - -accept,reject -regex switches to fine-tune the downloaded
    * Building Wget from the git sources now requires autoconf 2.63
      or above. Building from the Tarballs works as it used to.
    [bsc#1167919, wget-ignore-void-retvalue.patch]
* Mon May 07 2018
  - GNU wget 1.19.5:
    * Fix cookie injection (CVE-2018-0494, bsc#1092061)
    * Enable TLS1.3 with recent OpenSSL environment
    * New option --ciphers to set GnuTLS / OpenSSL ciphers directly
    * Updated CSS grammar to CSS 2.2
    * Fixed several memleaks found by OSS-Fuzz
    * Fixed several buffer overflows found by OSS-Fuzz
    * Fixed several integer overflows found by OSS-Fuzz
    * Several minor bug fixes
    [bsc#1092061, CVE-2018-0494, wget-ignore-void-retvalue.patch]
* Fri Feb 16 2018
  - Original package had sources lzip compressed. Downloaded .gz
    compressed file including signature file.
* Mon Jan 22 2018
  - GNU wget 1.19.4:
    * Support for Content-Encoding and Transfer-Encoding have been
      marked as experimental and disabled by default
  - includes 1.19.3:
    * Prevent erroneous decompression of .gz and .tgz files with
      broken servers
    * Added support for HTTP 308 Permanent Redirect response
    * Fix segfault in some cases where the Content-Type header is
      not sent
    * Support OpenSSL 1.1 builds without using deprecated features
    * Several minor bug fixes
  - switch to lz release (smaller)
  - cleanup with spec-cleaner
* Fri Oct 27 2017
  - GNU wget 1.19.2:
    * CVE-2017-13089: Stack overflow in HTTP protocol handling (bsc#1064715)
    * CVE-2017-13090: Heap overflow in HTTP protocol handling (bsc#1064716)
    * New option --compression for gzip Content-Encoding
    * New option --[no]-netrc to control .netrc parsing
    * Added GNU extensions to .netrc parsing
    * Improved IDNA 2003 compatibility
    * Fix VPATH issues
    * Improved and extended the test suite
    * Support Wayback Machine's X-Archive-Orig-last-modified
    * Several bug fixes
  - drop upstreamed patches:
    * wget-CVE-2017-6508.patch
    * wget-416-but-file-not-complete.patch
  - unfuzz wget-errno-clobber.patch
* Thu Sep 21 2017
  - Retry http GET when server responds with "416 Requested Range
    Not Satisfiable" but file is not complete.
    [boo#1058204, wget-416-but-file-not-complete.patch]
* Tue Mar 07 2017
  - src/url.c (url_parse): Reject control characters in host part
    of URL
    (CVE-2017-6508, wget-CVE-2017-6508.patch, bsc#1028301)
* Thu Feb 16 2017
  - Update to wget-1.19.1, mainly bug fixes
    * Add support for --retry-on-http-error
    * tests/ Add --no-config to wget invocation
    * Fix regression in .netrc auth in src/http.c
    * Fix memory leak in src/iri.c
    * Remove skipping libunistring with --disable-iri
    * bootstrap.conf: Add gnulib module wcwidth
    * Fix include/define clash with gnulib's unlink module
* Sat Feb 04 2017
  - build with libidn2 to actually support IDNA2008 - FATE#321897
* Fri Feb 03 2017
  - Update to wget-1.19:
    * New option --use-askpass=COMMAND. Fetch user/password by calling
      an external program.
    * Use IDNA2008 (+ TR46 if available) through libidn2
    * When processing a Metalink header, --metalink-index=<number> allows
      to process the header's application/metalink4+xml files.
    * When processing a Metalink file, --trust-server-names enables the
      use of the destination file names specified in the Metalink file,
      otherwise a safe destination file name is computed.
    * When processing a Metalink file, enforce a safe destination path.
      Remove any drive letter prefix under w32, i.e. 'C:D:file'.  Call
      libmetalink's metalink_check_safe_path() to prevent absolute,
      relative, or home paths:
    * When processing a Metalink file, --directory-prefix=<prefix> sets
      the top of the retrieval tree to prefix for Metalink downloads.
    * When processing a Metalink file, reject downloaded files which don't
      agree with their own metalink:size value:
    * When processing a Metalink file, with --continue resume partially
      downloaded files and keep fully downloaded files even if they fail
      the verification.
    * When processing a Metalink file, create the parent directories of a
      "path/file" destination file name:
    * On a recursive download, append a .tmp suffix to temporary files
      that will be deleted after being parsed, and create them
      readable/writable only by the owner.
    * New make target 'check-valgrind'
    * Fix several bugs
    * Fix compatibility issues
* Thu Jul 28 2016
  - Save/restore errno within CLOSE_FINISH and CLOSE_INVALIDATE.
    (wget-errno-clobber.patch, boo#983660)
* Fri Jul 22 2016
  - Update wget-libproxy.patch: use libproxy's px_proxy_factory_free
    instead of regular free in order to ensure the module destructors
    are correctly running (boo#967601).
* Thu Jun 09 2016
  - GNU wget 1.18:
    * On server redirects to a FTP resource, use the original URL to
      get the local file name by default. CVE-2016-4971 (boo#984060)
      This introduces a backward-incompatibility for HTTP->FTP
      redirects and any script that relies on the old  behaviour must
      use --trust-server-names.
    * Check the HSTS file is not world-writable before using it.
    * Parse <img srcset> attributes on a recursive download.
    * Fix problem with SNI server names having trailing dot(s)
    * New options --bind-dns-address and --dns-servers.
    * Convert non-ASCII URIs to the locale's codeset when creating
      files. Encoding of remote files and URIs is taken from
    - -remote-encoding, defaulting to UTF-8.  The result is that
      non-ASCII URIs and files downloaded via HTTP/HTTPS and FTP will
      have names on the local filesystem that correspond to their
      remote names.
  - build with gpgme, libcares2
* Sat Dec 12 2015
  - GNU wget 1.17.1:
    * Fix compile error when IPv6 is disabled or SSL is not present
    * Fix HSTS memory leak
    * Fix progress output in non-C locales
    * Fix SIGSEGV when -N and --content-disposition are used together
    * Add --check-certificate=quiet to tell wget to not print any
      warning about invalid certificates
* Wed Nov 18 2015
  - GNU wget 1.17:
    * Remove FTP passive to active fallback due to privacy concerns.
      [boo#944858] CVE-2015-7665 was assigned to this problem in a
      tails context
    * Add support for --if-modified-since.
    * Add support for metalink through --input-metalink and
    - -metalink-over-http.
    * Add support for HSTS through --hsts and --hsts-file.
    * Add option to restrict filenames under VMS.
    * Add support for --rejected-log which logs to a separate file the
      reasons why URLs are being rejected and some context around it.
    * Add support for FTPS.
    * Do not download/save file on error when --spider enabled
    * Add --convert-file-only option. This option converts only the
      filename part of the URLs, leaving the rest of the URLs
  - packaging changes:
    * enable metalink support (in ring1)
    * use system pcre (in ring 0)
    * use system libuuid (in ring 1)
    * build with libpsl for cookie domain checking (new)
* Mon Mar 09 2015
  - GNU wget 1.16.3:
    * Fix a regression introduced by wget 1.16.2 that --quiet is not
      really quiet anymore.
* Tue Mar 03 2015
  - GNU wget 1.16.2:
    * Allow progress bar on stderr when -o is used.
    * Accept 5-digit port numbers in FTP EPSV responses.
    * Support older versions of flex.
    * Updated translations.
  - drop wget-1.14-openssl-no-intern.patch, now upstream
* Wed Dec 24 2014
  - GNU wget 1.16.1:
    * Add --enable-assert configure option.
    * Use pkg-config to check for libraries presence.
    * Do not limit --secure-protocol=auto|pfs to TLSv1.0.
    * Add --secure-protocol=TLSv1_1|TLSv1_2 .
    * Full C89 source code compliance.
    * Select and use the most secure authentication scheme with HTTP
    * Fix issues with turkish locales.
    * Handle 504 Gateway Timeout.
    * New option --crl-file to load Certificate Revocation Lists.
    * Add valgrind support to tests suite.
    * Fix an off-by-one problem in the progress bar (introduced in 1.16).
  - refresh wget-libproxy.patch
* Wed Oct 29 2014
  - GNU wget 1.16:
    This release contains a fix for symlink attack which could allow
    a malicious ftp server to create arbitrary files, directories or
    symbolic links and set their permissions when retrieving a
    directory recursively through FTP. [CVE-2014-4877] [boo#902709]
    * No longer create local symbolic links by default
    - -retr-symlinks=no option restores previous behaviour
    * Use libpsl for verifying cookie domains.
    * Default progress bar output changed.
    * Introduce --show-progress to force display the progress bar.
    * Introduce --no-config.  The wgetrc files will not be read.
    * Introduce --start-pos to allow starting downloads from a specified position.
    * Fix a problem with ISA Server Proxy and keep-alive connections.
  - refresh wget-libproxy.patch for upstream changes
  - make some dependencies only required for testsuite optional



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Sep 9 15:01:10 2023