Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

wget-1.20.3-150000.3.15.1 RPM for aarch64

From OpenSuSE Leap 15.5 for aarch64

Name: wget Distribution: SUSE Linux Enterprise 15
Version: 1.20.3 Vendor: SUSE LLC <>
Release: 150000.3.15.1 Build date: Mon Nov 21 05:47:45 2022
Group: Productivity/Networking/Web/Utilities Build host: ibs-centriq-5
Size: 806697 Source RPM: wget-1.20.3-150000.3.15.1.src.rpm
Summary: A Tool for Mirroring FTP and HTTP Servers
Wget enables you to retrieve WWW documents or FTP files from a server.
This can be done in script files or via the command line.






* Tue Nov 08 2022
  - Update 0001-possibly-truncate-pathname-components.patch
    * Truncate file name even if no directory structure
    * [bsc#1204720]
* Thu May 27 2021
  - When running recursively, wget will verify the length of the whole
    URL when saving the files. This will make it overwrite files with
    truncated names, throwing the "The name is too long, ... trying to
    shorten" messages. The patch moves the length check code to a
    separate function and call it from the append_dir_structure() for each
    path element.
    [ bsc#1181173, 0001-possibly-truncate-pathname-components.patch]
* Thu Mar 12 2020
  - split lang files into separate lang package
  - add remove-env-from-shebang.patch
* Fri Apr 05 2019
  - Upgrade to GNU wget 1.20.3:
    * Finally fixed the buffer overflow vulnerability
    * obsoletes patch wget-buffer-overflow-CVE-2019-5953.patch
    [bsc#1131493, CVE-2019-5953]
* Wed Apr 03 2019
  - GNU wget 1.20.2:
    * NTLM authentication will retry under certain cases
    * Fixed a buffer overflow vulnerability
* Fri Jan 11 2019
  - Use pcre2
  - Make building more verbose
* Fri Dec 28 2018
  - GNU wget 1.20.1:
    * --xattr is no longer default since it introduces privacy issues
    * --xattr saves the Referer as scheme/host/port,
      user/pw/path/query/fragment are no longer saved to prevent
      privacy issues
    * --xattr saves the Original URL without user/password to prevent
      privacy issues
    * all of the above fix CVE-2018-20483 (bsc#1120382)
* Fri Nov 30 2018
  - Version update to 1.20:
    * Add new option `--retry-on-host-error` to treat local errors as
      transient and hence Wget will retry to download the file after
      a brief waiting period.
    * multiple potential resource leaks as found by static analysis.
    * Wget will now not create an empty wget-log file when running
      with -q and -b. switches together
    * When compiled using the GnuTLS = 3.6.3, Wget now has support
      for TLSv1.3.
    * Now there is support for using libpcre2 for regex pattern
    * When downloading over FTP recursively, one can now use the
    - -accept,reject -regex switches to fine-tune the downloaded
    * Building Wget from the git sources now requires autoconf 2.63
      or above. Building from the Tarballs works as it used to.
    [bsc#1167919, wget-ignore-void-retvalue.patch]
* Mon May 07 2018
  - GNU wget 1.19.5:
    * Fix cookie injection (CVE-2018-0494, bsc#1092061)
    * Enable TLS1.3 with recent OpenSSL environment
    * New option --ciphers to set GnuTLS / OpenSSL ciphers directly
    * Updated CSS grammar to CSS 2.2
    * Fixed several memleaks found by OSS-Fuzz
    * Fixed several buffer overflows found by OSS-Fuzz
    * Fixed several integer overflows found by OSS-Fuzz
    * Several minor bug fixes
    [bsc#1092061, CVE-2018-0494, wget-ignore-void-retvalue.patch]
* Fri Feb 16 2018
  - Original package had sources lzip compressed. Downloaded .gz
    compressed file including signature file.
* Mon Jan 22 2018
  - GNU wget 1.19.4:
    * Support for Content-Encoding and Transfer-Encoding have been
      marked as experimental and disabled by default
  - includes 1.19.3:
    * Prevent erroneous decompression of .gz and .tgz files with
      broken servers
    * Added support for HTTP 308 Permanent Redirect response
    * Fix segfault in some cases where the Content-Type header is
      not sent
    * Support OpenSSL 1.1 builds without using deprecated features
    * Several minor bug fixes
  - switch to lz release (smaller)
  - cleanup with spec-cleaner
* Fri Oct 27 2017
  - GNU wget 1.19.2:
    * CVE-2017-13089: Stack overflow in HTTP protocol handling (bsc#1064715)
    * CVE-2017-13090: Heap overflow in HTTP protocol handling (bsc#1064716)
    * New option --compression for gzip Content-Encoding
    * New option --[no]-netrc to control .netrc parsing
    * Added GNU extensions to .netrc parsing
    * Improved IDNA 2003 compatibility
    * Fix VPATH issues
    * Improved and extended the test suite
    * Support Wayback Machine's X-Archive-Orig-last-modified
    * Several bug fixes
  - drop upstreamed patches:
    * wget-CVE-2017-6508.patch
    * wget-416-but-file-not-complete.patch
  - unfuzz wget-errno-clobber.patch
* Thu Sep 21 2017
  - Retry http GET when server responds with "416 Requested Range
    Not Satisfiable" but file is not complete.
    [boo#1058204, wget-416-but-file-not-complete.patch]
* Tue Mar 07 2017
  - src/url.c (url_parse): Reject control characters in host part
    of URL
    (CVE-2017-6508, wget-CVE-2017-6508.patch, bsc#1028301)
* Thu Feb 16 2017
  - Update to wget-1.19.1, mainly bug fixes
    * Add support for --retry-on-http-error
    * tests/ Add --no-config to wget invocation
    * Fix regression in .netrc auth in src/http.c
    * Fix memory leak in src/iri.c
    * Remove skipping libunistring with --disable-iri
    * bootstrap.conf: Add gnulib module wcwidth
    * Fix include/define clash with gnulib's unlink module
* Sat Feb 04 2017
  - build with libidn2 to actually support IDNA2008 - FATE#321897
* Fri Feb 03 2017
  - Update to wget-1.19:
    * New option --use-askpass=COMMAND. Fetch user/password by calling
      an external program.
    * Use IDNA2008 (+ TR46 if available) through libidn2
    * When processing a Metalink header, --metalink-index=<number> allows
      to process the header's application/metalink4+xml files.
    * When processing a Metalink file, --trust-server-names enables the
      use of the destination file names specified in the Metalink file,
      otherwise a safe destination file name is computed.
    * When processing a Metalink file, enforce a safe destination path.
      Remove any drive letter prefix under w32, i.e. 'C:D:file'.  Call
      libmetalink's metalink_check_safe_path() to prevent absolute,
      relative, or home paths:
    * When processing a Metalink file, --directory-prefix=<prefix> sets
      the top of the retrieval tree to prefix for Metalink downloads.
    * When processing a Metalink file, reject downloaded files which don't
      agree with their own metalink:size value:
    * When processing a Metalink file, with --continue resume partially
      downloaded files and keep fully downloaded files even if they fail
      the verification.
    * When processing a Metalink file, create the parent directories of a
      "path/file" destination file name:
    * On a recursive download, append a .tmp suffix to temporary files
      that will be deleted after being parsed, and create them
      readable/writable only by the owner.
    * New make target 'check-valgrind'
    * Fix several bugs
    * Fix compatibility issues
* Thu Jul 28 2016
  - Save/restore errno within CLOSE_FINISH and CLOSE_INVALIDATE.
    (wget-errno-clobber.patch, boo#983660)
* Fri Jul 22 2016
  - Update wget-libproxy.patch: use libproxy's px_proxy_factory_free
    instead of regular free in order to ensure the module destructors
    are correctly running (boo#967601).
* Thu Jun 09 2016
  - GNU wget 1.18:
    * On server redirects to a FTP resource, use the original URL to
      get the local file name by default. CVE-2016-4971 (boo#984060)
      This introduces a backward-incompatibility for HTTP->FTP
      redirects and any script that relies on the old  behaviour must
      use --trust-server-names.
    * Check the HSTS file is not world-writable before using it.
    * Parse <img srcset> attributes on a recursive download.
    * Fix problem with SNI server names having trailing dot(s)
    * New options --bind-dns-address and --dns-servers.
    * Convert non-ASCII URIs to the locale's codeset when creating
      files. Encoding of remote files and URIs is taken from
    - -remote-encoding, defaulting to UTF-8.  The result is that
      non-ASCII URIs and files downloaded via HTTP/HTTPS and FTP will
      have names on the local filesystem that correspond to their
      remote names.
  - build with gpgme, libcares2
* Sat Dec 12 2015
  - GNU wget 1.17.1:
    * Fix compile error when IPv6 is disabled or SSL is not present
    * Fix HSTS memory leak
    * Fix progress output in non-C locales
    * Fix SIGSEGV when -N and --content-disposition are used together
    * Add --check-certificate=quiet to tell wget to not print any
      warning about invalid certificates
* Wed Nov 18 2015
  - GNU wget 1.17:
    * Remove FTP passive to active fallback due to privacy concerns.
      [boo#944858] CVE-2015-7665 was assigned to this problem in a
      tails context
    * Add support for --if-modified-since.
    * Add support for metalink through --input-metalink and
    - -metalink-over-http.
    * Add support for HSTS through --hsts and --hsts-file.
    * Add option to restrict filenames under VMS.
    * Add support for --rejected-log which logs to a separate file the
      reasons why URLs are being rejected and some context around it.
    * Add support for FTPS.
    * Do not download/save file on error when --spider enabled
    * Add --convert-file-only option. This option converts only the
      filename part of the URLs, leaving the rest of the URLs
  - packaging changes:
    * enable metalink support (in ring1)
    * use system pcre (in ring 0)
    * use system libuuid (in ring 1)
    * build with libpsl for cookie domain checking (new)
* Mon Mar 09 2015
  - GNU wget 1.16.3:
    * Fix a regression introduced by wget 1.16.2 that --quiet is not
      really quiet anymore.
* Tue Mar 03 2015
  - GNU wget 1.16.2:
    * Allow progress bar on stderr when -o is used.
    * Accept 5-digit port numbers in FTP EPSV responses.
    * Support older versions of flex.
    * Updated translations.
  - drop wget-1.14-openssl-no-intern.patch, now upstream
* Wed Dec 24 2014
  - GNU wget 1.16.1:
    * Add --enable-assert configure option.
    * Use pkg-config to check for libraries presence.
    * Do not limit --secure-protocol=auto|pfs to TLSv1.0.
    * Add --secure-protocol=TLSv1_1|TLSv1_2 .
    * Full C89 source code compliance.
    * Select and use the most secure authentication scheme with HTTP
    * Fix issues with turkish locales.
    * Handle 504 Gateway Timeout.
    * New option --crl-file to load Certificate Revocation Lists.
    * Add valgrind support to tests suite.
    * Fix an off-by-one problem in the progress bar (introduced in 1.16).
  - refresh wget-libproxy.patch
* Wed Oct 29 2014
  - GNU wget 1.16:
    This release contains a fix for symlink attack which could allow
    a malicious ftp server to create arbitrary files, directories or
    symbolic links and set their permissions when retrieving a
    directory recursively through FTP. [CVE-2014-4877] [boo#902709]
    * No longer create local symbolic links by default
    - -retr-symlinks=no option restores previous behaviour
    * Use libpsl for verifying cookie domains.
    * Default progress bar output changed.
    * Introduce --show-progress to force display the progress bar.
    * Introduce --no-config.  The wgetrc files will not be read.
    * Introduce --start-pos to allow starting downloads from a specified position.
    * Fix a problem with ISA Server Proxy and keep-alive connections.
  - refresh wget-libproxy.patch for upstream changes
  - make some dependencies only required for testsuite optional



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Sep 9 20:32:17 2023