From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.12]) by sourceware.org (Postfix) with ESMTPS id 3F08F3850425 for ; Mon, 9 Nov 2020 22:43:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 3F08F3850425 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSW.ab.ca Authentication-Results: sourceware.org; spf=none smtp.mailfrom=brian.inglis@systematicsw.ab.ca Received: from SystematicSW.ab.ca ([24.64.172.44]) by shaw.ca with ESMTP id cFt7kLkCd34axcFt8kOm6k; Mon, 09 Nov 2020 15:43:51 -0700 X-Authority-Analysis: v=2.4 cv=LvQsdlRc c=1 sm=1 tr=0 ts=5fa9c627 a=kiZT5GMN3KAWqtYcXc+/4Q==:117 a=kiZT5GMN3KAWqtYcXc+/4Q==:17 a=mDV3o1hIAAAA:8 a=k352eTEm6N1N5vw5P6gA:9 a=_FVE-zBwftR9WsbkzFJk:22 From: Brian Inglis To: Cygwin Announcements Reply-To: Cygwin Date: Mon, 09 Nov 2020 15:35:40 -0700 Message-Id: <20201109153540.35101-1-Brian.Inglis@SystematicSW.ab.ca> Subject: Updated: wget 1.20.3 X-CMAE-Envelope: MS4xfLfcenmNkQYrE/09ZZLmUilnA0JH4Rp9YpK8E44Ll+leOZbLlBd+Xr26dObWyNadL663MCJJgCiE+W78jU86+jkW4WEeDB2HsVNGytFt0BpFhpqRWMqR X+K+cGFDw2PralscMOjIqCynifz6HFHyNXuNusk9FwbGqAdQbh7+wyTnnZOACvePbFTCLPbIjPnLmpuu/4w3qSYEHey5ixaX93awEjQZMiwMNZHNc58k3svc QcL/HiA5b6ssTJltTCdntV7JMBIb4z3eY1CS80rrikw= X-Spam-Status: No, score=-6.1 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_NUMSUBJECT, KAM_SHORT, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-Mailman-Approved-At: Mon, 09 Nov 2020 23:03:19 +0000 X-BeenThere: cygwin-announce@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Read-only mailing list announcing new and updated Cygwin packages List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Nov 2020 22:43:53 -0000 The following packages have been upgraded in the Cygwin distribution: * wget 1.20.3 This was the last release of wget, unless urgent high priority security patches are required. Future development will be against the successor project wget2. GNU Wget is a file retrieval utility which can use either the HTTP, HTTPS, or FTP protocols. Wget features include the ability to work in the background while you're logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. For more information, please see the project home page. https://www.gnu.org/software/wget/ Summary of changes since last release wget 1.19.1: * fix CVE-2018-0494, CVE-2017-13089, CVE-2017-13090 * fix buffer overflow vulnerability and segfault * fixed multiple potential resource leaks, memory leaks, buffer and integer overflows * support TLSv1.3 ciphers, libpcre2 regex pattern matching * NTLM authentication retry certain cases * add new options --ciphers, --compression, --retry-on-host-error * add --[no]-netrc to control .netrc parsing including GNU extensions, fix Windows detection * fixed --xattr issues * decompress GZip'ed pages, prevent erroneous decompression with broken servers * support for HTTP 308 Permanent Redirect response * Improved IDNA 2003 compatibility * will now not create an empty wget-log file when running with -q and -b For more details see /usr/share/doc/wget/NEWS or below: * Changes in Wget 1.20.3 -- Fixed a buffer overflow vulnerability * Changes in Wget 1.20.2 -- NTLM authentication will retry under certain cases * Changes in Wget 1.20.1 -- --xattr is no longer default since it introduces privacy issues. -- --xattr saves the Referer as scheme/host/port, user/pw/path/query/fragment are no longer saved to prevent privacy issues. -- --xattr saves the Original URL without user/password to prevent privacy issues. * Changes in Wget 1.20 -- Add new option `--retry-on-host-error` to treat local errors as transient and hence Wget will retry to download the file after a brief waiting period. -- Fixed multiple potential resource leaks as found by static analysis -- Wget will now not create an empty wget-log file when running with -q and -b switches together -- When compiled using the GnuTLS >= 3.6.3, Wget now has support for TLSv1.3 -- Now there is support for using libpcre2 for regex pattern matching -- When downloading over FTP recursively, one can now use the --{accept,reject}-regex switches to fine-tune the downloaded files -- Building Wget from the git sources now requires autoconf 2.63 or above. Building from the Tarballs works as it used to. * Changes in Wget 1.19.5 -- Fix cookie injection (CVE-2018-0494) -- Enable TLS1.3 with recent OpenSSL environment -- New option --ciphers to set GnuTLS / OpenSSL ciphers directly -- Updated CSS grammar to CSS 2.2 -- Fixed several memleaks found by OSS-Fuzz -- Fixed several buffer overflows found by OSS-Fuzz -- Fixed several integer overflows found by OSS-Fuzz -- Several minor bug fixes * Changes in Wget 1.19.4 -- A major bug that caused GZip'ed pages to never be decompressed has been fixed -- Support for Content-Encoding and Transfer-Encoding have been marked as experimental and disabled by default * Changes in Wget 1.19.3 -- Prevent erroneous decompression of .gz and .tgz files with broken servers -- Added support for HTTP 308 Permanent Redirect response -- Fix a segfault in some cases where the Content-Type header is not sent -- Support OpenSSL 1.1 builds without using deprecated features -- Fix netrc file detection on Windows -- Several minor bug fixes * Changes in Wget 1.19.2 -- Fix CVE-2017-13089 (Stack overflow in HTTP protocol handling) -- Fix CVE-2017-13090 (Heap overflow in HTTP protocol handling) -- New option --compression for gzip Content-Encoding -- New option --[no]-netrc to control .netrc parsing -- Added GNU extensions to .netrc parsing -- Improved IDNA 2003 compatibility -- Fix VPATH issues -- Improved and extended the test suite -- Support Wayback Machine's X-Archive-Orig-last-modified -- Several bug fixes