Updated: wget 1.20.3-2

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Updated: wget 1.20.3-2

Brian Inglis
The following packages have been upgraded in the Cygwin distribution:

* wget 1.20.3-2

This release cleans up inconsistencies between x86 and x86_64 build outputs.
This will be the last release of wget, unless high priority security patches
are required. Future development will be against the successor project wget2.

GNU Wget is a file retrieval utility which can use the HTTP, HTTPS, or
FTP protocols. Wget features include the ability to work in the
background while you're logged out, recursive retrieval of directories,
file name wildcard matching, remote file timestamp storage and
comparison, use of Rest with FTP servers and Range with HTTP servers to
retrieve files over slow or unstable connections, support for Proxy
servers, and configurability.

For more information, please see the project home page.

        https://www.gnu.org/software/wget/

Summary of changes since last release wget 1.19.1:

* clean up inconsistencies between x86 and x86_64 builds
* fix CVE-2018-0494, CVE-2017-13089, CVE-2017-13090
* fix multiple potential resource leaks, memory leaks, buffer and
  integer overflows and segfaults
* fix --xattr issues
* support TLSv1.3 ciphers, libpcre2 regex pattern matching, HTTP 308
  Permanent Redirect response
* improve IDNA 2003 compatibility
* NTLM authentication retry certain cases
* add new options --ciphers, --compression,  --retry-on-host-error, add
  --[no]-netrc to control .netrc parsing including GNU extensions, and
  fix Windows .netrc detection
* decompress GZip'ed pages, and prevent erroneous decompression with
  broken servers
* do not create an empty wget-log file when running with -q and -b

For more details see /usr/share/doc/wget/NEWS or below:

* Changes in Wget 1.20.3

--  Fixed a buffer overflow vulnerability

* Changes in Wget 1.20.2

--  NTLM authentication will retry under certain cases

* Changes in Wget 1.20.1

--  --xattr is no longer default since it introduces privacy issues.
--  --xattr saves the Referer as scheme/host/port, user/pw/path/query/fragment
   are no longer saved to prevent privacy issues.
--  --xattr saves the Original URL without user/password to prevent
   privacy issues.

* Changes in Wget 1.20

--  Add new option `--retry-on-host-error` to treat local errors as transient
    and hence Wget will retry to download the file after a brief waiting period.
--  Fixed multiple potential resource leaks as found by static analysis
--  Wget will now not create an empty wget-log file when running with -q and -b
    switches together
--  When compiled using the GnuTLS >= 3.6.3, Wget now has support for TLSv1.3
--  Now there is support for using libpcre2 for regex pattern matching
--  When downloading over FTP recursively, one can now use the
    --{accept,reject}-regex switches to fine-tune the downloaded files
--  Building Wget from the git sources now requires autoconf 2.63 or above.
    Building from the Tarballs works as it used to.

* Changes in Wget 1.19.5

--  Fix cookie injection (CVE-2018-0494)
--  Enable TLS1.3 with recent OpenSSL environment
--  New option --ciphers to set GnuTLS / OpenSSL ciphers directly
--  Updated CSS grammar to CSS 2.2
--  Fixed several memleaks found by OSS-Fuzz
--  Fixed several buffer overflows found by OSS-Fuzz
--  Fixed several integer overflows found by OSS-Fuzz
--  Several minor bug fixes

* Changes in Wget 1.19.4

--  A major bug that caused GZip'ed pages to never be decompressed has been fixed
--  Support for Content-Encoding and Transfer-Encoding have been marked as
    experimental and disabled by default

* Changes in Wget 1.19.3

--  Prevent erroneous decompression of .gz and .tgz files with broken servers
--  Added support for HTTP 308 Permanent Redirect response
--  Fix a segfault in some cases where the Content-Type header is not sent
--  Support OpenSSL 1.1 builds without using deprecated features
--  Fix netrc file detection on Windows
--  Several minor bug fixes


* Changes in Wget 1.19.2

--  Fix CVE-2017-13089 (Stack overflow in HTTP protocol handling)
--  Fix CVE-2017-13090 (Heap overflow in HTTP protocol handling)
--  New option --compression for gzip Content-Encoding
--  New option --[no]-netrc to control .netrc parsing
--  Added GNU extensions to .netrc parsing
--  Improved IDNA 2003 compatibility
--  Fix VPATH issues
--  Improved and extended the test suite
--  Support Wayback Machine's X-Archive-Orig-last-modified
--  Several bug fixes