Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

wget-1.19.5-lp150.1.1 RPM for ppc64le

From OpenSuSE Ports Leap 15.0 for ppc64le

Name: wget Distribution: openSUSE Leap 15.0
Version: 1.19.5 Vendor: openSUSE
Release: lp150.1.1 Build date: Tue May 15 17:46:08 2018
Group: Productivity/Networking/Web/Utilities Build host: obs-power8-05
Size: 3033336 Source RPM: wget-1.19.5-lp150.1.1.src.rpm
Summary: A Tool for Mirroring FTP and HTTP Servers
Wget enables you to retrieve WWW documents or FTP files from a server.
This can be done in script files or via the command line.






* Mon May 07 2018
  - GNU wget 1.19.5:
    * Fix cookie injection (CVE-2018-0494, bsc#1092061)
    * Enable TLS1.3 with recent OpenSSL environment
    * New option --ciphers to set GnuTLS / OpenSSL ciphers directly
    * Updated CSS grammar to CSS 2.2
    * Fixed several memleaks found by OSS-Fuzz
    * Fixed several buffer overflows found by OSS-Fuzz
    * Fixed several integer overflows found by OSS-Fuzz
    * Several minor bug fixes
    [bsc#1092061, CVE-2018-0494, wget-ignore-void-retvalue.patch]
* Fri Feb 16 2018
  - Original package had sources lzip compressed. Downloaded .gz
    compressed file including signature file.
* Mon Jan 22 2018
  - GNU wget 1.19.4:
    * Support for Content-Encoding and Transfer-Encoding have been
      marked as experimental and disabled by default
  - includes 1.19.3:
    * Prevent erroneous decompression of .gz and .tgz files with
      broken servers
    * Added support for HTTP 308 Permanent Redirect response
    * Fix segfault in some cases where the Content-Type header is
      not sent
    * Support OpenSSL 1.1 builds without using deprecated features
    * Several minor bug fixes
  - switch to lz release (smaller)
  - cleanup with spec-cleaner
* Fri Oct 27 2017
  - GNU wget 1.19.2:
    * CVE-2017-13089: Stack overflow in HTTP protocol handling (bsc#1064715)
    * CVE-2017-13090: Heap overflow in HTTP protocol handling (bsc#1064716)
    * New option --compression for gzip Content-Encoding
    * New option --[no]-netrc to control .netrc parsing
    * Added GNU extensions to .netrc parsing
    * Improved IDNA 2003 compatibility
    * Fix VPATH issues
    * Improved and extended the test suite
    * Support Wayback Machine's X-Archive-Orig-last-modified
    * Several bug fixes
  - drop upstreamed patches:
    * wget-CVE-2017-6508.patch
    * wget-416-but-file-not-complete.patch
  - unfuzz wget-errno-clobber.patch
* Thu Sep 21 2017
  - Retry http GET when server responds with "416 Requested Range
    Not Satisfiable" but file is not complete.
    [boo#1058204, wget-416-but-file-not-complete.patch]
* Tue Mar 07 2017
  - src/url.c (url_parse): Reject control characters in host part
    of URL
    (CVE-2017-6508, wget-CVE-2017-6508.patch, bsc#1028301)
* Thu Feb 16 2017
  - Update to wget-1.19.1, mainly bug fixes
    * Add support for --retry-on-http-error
    * tests/ Add --no-config to wget invocation
    * Fix regression in .netrc auth in src/http.c
    * Fix memory leak in src/iri.c
    * Remove skipping libunistring with --disable-iri
    * bootstrap.conf: Add gnulib module wcwidth
    * Fix include/define clash with gnulib's unlink module
* Sat Feb 04 2017
  - build with libidn2 to actually support IDNA2008 - FATE#321897
* Fri Feb 03 2017
  - Update to wget-1.19:
    * New option --use-askpass=COMMAND. Fetch user/password by calling
      an external program.
    * Use IDNA2008 (+ TR46 if available) through libidn2
    * When processing a Metalink header, --metalink-index=<number> allows
      to process the header's application/metalink4+xml files.
    * When processing a Metalink file, --trust-server-names enables the
      use of the destination file names specified in the Metalink file,
      otherwise a safe destination file name is computed.
    * When processing a Metalink file, enforce a safe destination path.
      Remove any drive letter prefix under w32, i.e. 'C:D:file'.  Call
      libmetalink's metalink_check_safe_path() to prevent absolute,
      relative, or home paths:
    * When processing a Metalink file, --directory-prefix=<prefix> sets
      the top of the retrieval tree to prefix for Metalink downloads.
    * When processing a Metalink file, reject downloaded files which don't
      agree with their own metalink:size value:
    * When processing a Metalink file, with --continue resume partially
      downloaded files and keep fully downloaded files even if they fail
      the verification.
    * When processing a Metalink file, create the parent directories of a
      "path/file" destination file name:
    * On a recursive download, append a .tmp suffix to temporary files
      that will be deleted after being parsed, and create them
      readable/writable only by the owner.
    * New make target 'check-valgrind'
    * Fix several bugs
    * Fix compatibility issues
* Thu Jul 28 2016
  - Save/restore errno within CLOSE_FINISH and CLOSE_INVALIDATE.
    (wget-errno-clobber.patch, boo#983660)
* Fri Jul 22 2016
  - Update wget-libproxy.patch: use libproxy's px_proxy_factory_free
    instead of regular free in order to ensure the module destructors
    are correctly running (boo#967601).
* Thu Jun 09 2016
  - GNU wget 1.18:
    * On server redirects to a FTP resource, use the original URL to
      get the local file name by default. CVE-2016-4971 (boo#984060)
      This introduces a backward-incompatibility for HTTP->FTP
      redirects and any script that relies on the old  behaviour must
      use --trust-server-names.
    * Check the HSTS file is not world-writable before using it.
    * Parse <img srcset> attributes on a recursive download.
    * Fix problem with SNI server names having trailing dot(s)
    * New options --bind-dns-address and --dns-servers.
    * Convert non-ASCII URIs to the locale's codeset when creating
      files. Encoding of remote files and URIs is taken from
    - -remote-encoding, defaulting to UTF-8.  The result is that
      non-ASCII URIs and files downloaded via HTTP/HTTPS and FTP will
      have names on the local filesystem that correspond to their
      remote names.
  - build with gpgme, libcares2
* Sat Dec 12 2015
  - GNU wget 1.17.1:
    * Fix compile error when IPv6 is disabled or SSL is not present
    * Fix HSTS memory leak
    * Fix progress output in non-C locales
    * Fix SIGSEGV when -N and --content-disposition are used together
    * Add --check-certificate=quiet to tell wget to not print any
      warning about invalid certificates
* Wed Nov 18 2015
  - GNU wget 1.17:
    * Remove FTP passive to active fallback due to privacy concerns.
      [boo#944858] CVE-2015-7665 was assigned to this problem in a
      tails context
    * Add support for --if-modified-since.
    * Add support for metalink through --input-metalink and
    - -metalink-over-http.
    * Add support for HSTS through --hsts and --hsts-file.
    * Add option to restrict filenames under VMS.
    * Add support for --rejected-log which logs to a separate file the
      reasons why URLs are being rejected and some context around it.
    * Add support for FTPS.
    * Do not download/save file on error when --spider enabled
    * Add --convert-file-only option. This option converts only the
      filename part of the URLs, leaving the rest of the URLs
  - packaging changes:
    * enable metalink support (in ring1)
    * use system pcre (in ring 0)
    * use system libuuid (in ring 1)
    * build with libpsl for cookie domain checking (new)
* Mon Mar 09 2015
  - GNU wget 1.16.3:
    * Fix a regression introduced by wget 1.16.2 that --quiet is not
      really quiet anymore.
* Tue Mar 03 2015
  - GNU wget 1.16.2:
    * Allow progress bar on stderr when -o is used.
    * Accept 5-digit port numbers in FTP EPSV responses.
    * Support older versions of flex.
    * Updated translations.
  - drop wget-1.14-openssl-no-intern.patch, now upstream
* Wed Dec 24 2014
  - GNU wget 1.16.1:
    * Add --enable-assert configure option.
    * Use pkg-config to check for libraries presence.
    * Do not limit --secure-protocol=auto|pfs to TLSv1.0.
    * Add --secure-protocol=TLSv1_1|TLSv1_2 .
    * Full C89 source code compliance.
    * Select and use the most secure authentication scheme with HTTP
    * Fix issues with turkish locales.
    * Handle 504 Gateway Timeout.
    * New option --crl-file to load Certificate Revocation Lists.
    * Add valgrind support to tests suite.
    * Fix an off-by-one problem in the progress bar (introduced in 1.16).
  - refresh wget-libproxy.patch
* Wed Oct 29 2014
  - GNU wget 1.16:
    This release contains a fix for symlink attack which could allow
    a malicious ftp server to create arbitrary files, directories or
    symbolic links and set their permissions when retrieving a
    directory recursively through FTP. [CVE-2014-4877] [boo#902709]
    * No longer create local symbolic links by default
    - -retr-symlinks=no option restores previous behaviour
    * Use libpsl for verifying cookie domains.
    * Default progress bar output changed.
    * Introduce --show-progress to force display the progress bar.
    * Introduce --no-config.  The wgetrc files will not be read.
    * Introduce --start-pos to allow starting downloads from a specified position.
    * Fix a problem with ISA Server Proxy and keep-alive connections.
  - refresh wget-libproxy.patch for upstream changes
  - make some dependencies only required for testsuite optional
* Sun Jun 08 2014
  - Disable the testsuite
* Tue Jan 21 2014
  - Enabled the testsuite
  - Modified libproxy.patch to include Makefile in tests/
* Sun Jan 19 2014
  - GNU wget 1.15
    * Add support for --method.
    * Add support for file names longer than MAX_FILE.
    * Support FTP listing for the FTP Server on Windows Server 2008 R2.
    * Fix a regression when -c and --content-disposition are used together.
    * Support shorthand URLs in an input file.
    * Fix -c with servers that don't specify a content-length.
    * Add support for MD5-SESS
    * Do not fail on non fatal GNU TLS alerts during handshake.
    * Add support for --https-only.  When used wget will follow only
    * HTTPS links in recursive mode.
    * Support Perfect-Forward Secrecy in --secure-protocol.
    * Fix a problem with some IRI links that are not followed when contained in a
    * HTML document.
    * Support some FTP servers that return an empty list with "LIST -a".
    * Specify Host with the HTTP CONNECT method.
    * Use the correct HTTP method on a redirection.
  - verify source tarball signatures
  - modified patches:
    * wget-1.14-openssl-no-intern.patch for upstream changes
    * wget-fix-pod-syntax.diff for upstream changes
* Thu Jun 20 2013
  - add wget-fix-pod-syntax.diff to fix build with perl 5.18
* Thu May 02 2013
  - Update to version 1.14
    + add support for content-on-error.  It allows to store the HTTP
      payload on 4xx or 5xx errors.
    + add support for WARC files.
    + fix a memory leak problem in the GNU TLS backend.
    + autoreconf works again for distributed tarballs.
    + print some diagnostic messages to stderr not to stdout.
    + report stdout close errors.
    + accept the --report-speed option.
    + enable client certificates when GNU TLS is used.
    + add support for TLS Server Name Indication.
    + accept the arguments --accept-reject and --reject-regex.
    + the GNU TLS backend honors correctly the timeout value.
    + add support for RFC 2617 Digest Access Authentication.
  - Drop patchs obsoleted by upstream
    + wget-sni.patch
    + wget-stdio.h.patch
  - Rebase patchs to work with upstream
    + wget-openssl-no-intern.patch > wget-1.14-openssl-no-intern.patch
    + wget-no-ssl-comp.patch > wget-1.14-no-ssl-comp.patch
* Thu May 02 2013
  - add makeinfo BuildRequires to fix build
* Fri Apr 05 2013
  - Add Source URL, see
* Mon Nov 12 2012
  - wget-no-ssl-comp.patch: Since the apperance of the "CRIME attack"
    (CVE-2012-4929) HTTPS clients must not negotatiate ssl compression.
* Thu Sep 27 2012
  - Add wget-openssl-no-intern.patch to Build with OPENSSL_NO_SSL_INTERN,
    which is openssl's poor man's version of visibility, to avoid breaking
    applications ABI on library internal changes.
* Fri Jul 27 2012
  - Fix build with missing gets declaration (glibc 2.16)
* Wed Mar 21 2012
  - Adjust wget-libproxy.patch: give debug output only when
    opt.debug is set to non-zero values, so when -d is specified.
    Fix bnc#753242.
* Fri Dec 02 2011
  - add automake as buildrequire to avoid implicit dependency
* Wed Oct 19 2011
  - New version: 1.13.4:
    * Now --timestamping and --continue work well together.
    * Return a network failure when FTP downloads fail and
    - -timestamping is specified.
    * Support HTTP/1.1
    * Fix some portability issues.
    * Handle properly malformed status line in a HTTP response.
    * Ignore zero length domains in $no_proxy.
    * Exit with failure if -k is specified and -O is not a regular
    * Cope better with unclosed html tags.
    * Print diagnostic messages to stderr, not stdout.
    * Do not use an additional HEAD request when
    - -content-disposition is used, but use directly GET.
    * Report the average transfer speed correctly when multiple
      URLs are specified and -c influences the transferred data
    * By default, on server redirects, use the original URL to get
      the local file name. Close CVE-2010-2252.  This introduces a
      backward-incompatibility; any script that relies on the old
      behaviour must use --trust-server-names.
    * Fix a problem when -k is used and some URLs are specified
      trough CSS.
    * Convert correctly URLs that need to be encoded to local files
      when following links.
    * Use persistent connections with proxies supporting them.
    * Print the total download time as part of the summary for
      recursive downloads.
    * Now it is possible to specify a different startup
      configuration file trough the --config option.
    * Fix an infinite loop with the error '<filename> has sprung
      into existence' on a network error and -nc is used.
    * Now --adjust-extension does not modify the file extension if
      the file ends in .htm.
    * Support HTTP/1.1 307 redirects keep request method.
    * Now --no-parent doesn't fetch undesired files if HTTP and
      HTTPS are used by the same host on different pages.
    * Do not attempt to remove the file if it is not in the accept
      rules but it is the output destination file.
    * Introduce `show_all_dns_entries' to print all IP addresses
      corresponding to a DNS name when it is resolved.
  - Adjuct patches to the new version.
  - wget-1.12-nosslv2.patch got included upstream.
* Sat Oct 15 2011
  - fix typo in sni patch , in the IPV6 case should be
    is_valid_ipv6_address() instead of is_valid_ipv4_address()
  - Add comment to the patch referencing upstream tracker.
* Fri Oct 14 2011
  -  Update nosslv2 patch with the version in upstream
  -  Wget now supports SNI (server name indication), patch
    based on a 2 year old fix submitted to upstream list
    that somehow fell through the cracks.
* Sat Apr 09 2011
  - SSLv2 is being disabled in openSSL, allow painless obsoletion.
  - Support IDN.
* Sun Aug 15 2010
  - Update to version 1.12:
    + SECURITY FIX: It had been possible to trick Wget into accepting
      SSL certificates that don't match the host name, through the
      trick of embedding NUL characters into the certs' common name
    + Added support for CSS. This includes:
    - Parsing links from CSS files, and from CSS content found in
      HTML style tags and attributes.
    - Supporting conversion of links found within CSS content, when
    - -convert-links is specified.
    - Ensuring that CSS files end in the ".css" filename extension,
      when --convert-links is specified.
    + Added support for Internationalized Resource Identifiers
    + Wget now provides more sensible exit status codes when
      downloads don't proceed as expected
    + --default-page option (and associated wgetrc command) added to
      support alternative default names for index.html.
    + --ask-password option (and associated wgetrc command) added to
      support password prompts at the console.
    + The --input-file option now also handles retrieving links from
      an external file.
    + The output generated by the --version option now includes
      information on how it was built, and the set of configure-time
      options that were selected.
    + --html-extension has been renamed to --adjust-extension, to
      reflect the fact that it now also applies to CSS content
    + An "ascii" specifier is now accepted by --restrict-file-names,
      which forces the percent-encoding of all non-ASCII bytes
    + Several previously existing, but undocumented .wgetrc options
      are now documented.
  - Drop upstream fixed wget-nullcerts.patch.
  - Minor spec-cleanups using spec-cleaner
  - Use smp_mflags
  - Add libproxy-devel BuildRequires and enable libproxy support
    using wget-libproxy.patch.
  - Add pkg-config BuildRequire to succeed with the bootstrap on
    openSUSE < 11.3.
* Wed Dec 16 2009
  - Enable parallel building
* Tue Aug 11 2009
  - Fix vulnerability against SSL certificates with a zero byte in
    the common name field (wget-nullcerts.patch, bnc#528298).



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 9 10:26:55 2021