From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.138]) by sourceware.org (Postfix) with ESMTPS id 95BBC39ACC57 for ; Thu, 19 Nov 2020 19:17:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 95BBC39ACC57 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSW.ab.ca Authentication-Results: sourceware.org; spf=none smtp.mailfrom=brian.inglis@systematicsw.ab.ca Received: from SystematicSW.ab.ca ([24.64.172.44]) by shaw.ca with ESMTP id fpQfkEwCybYg3fpQgkDXS9; Thu, 19 Nov 2020 12:17:14 -0700 X-Authority-Analysis: v=2.4 cv=Q4RsX66a c=1 sm=1 tr=0 ts=5fb6c4ba a=kiZT5GMN3KAWqtYcXc+/4Q==:117 a=kiZT5GMN3KAWqtYcXc+/4Q==:17 a=mDV3o1hIAAAA:8 a=k352eTEm6N1N5vw5P6gA:9 a=_FVE-zBwftR9WsbkzFJk:22 From: Brian Inglis To: Cygwin Announcements Reply-To: Cygwin Date: Thu, 19 Nov 2020 12:14:59 -0700 Message-Id: <20201119121459.51815-1-Brian.Inglis@SystematicSW.ab.ca> Subject: Updated: wget 1.20.3-2 X-CMAE-Envelope: MS4xfExL2Vb8RyiZ7W/Syw7d349Y1w+wfiR6oZvH8/t5TAIpBuRYPAkhHC6TsF3QsvhCew6PK1NQyS7DNj5rGBFKnODvQHhEic1JAlUCEdk+0qVR6zx3k3J4 UFZJmcLriegtLSDpwplxYtW6znJVin5vnCsyJMMRGXkxaYpUv8DK5rxWxT32XQFRx9Rxa4/UwFx9Nw7XrR1AAhd6Wx6rAMMPFRCWoofgMMT6z+8HE4EYsfAW 3MeOj5dj52GQPhXfs1h2zb3f4DLN5VLKXIW+VxeDygE= X-Spam-Status: No, score=-5.9 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_NUMSUBJECT, KAM_SHORT, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-Mailman-Approved-At: Thu, 19 Nov 2020 20:10:20 +0000 X-BeenThere: cygwin-announce@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Read-only mailing list announcing new and updated Cygwin packages List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Nov 2020 19:17:17 -0000 The following packages have been upgraded in the Cygwin distribution: * wget 1.20.3-2 This release cleans up inconsistencies between x86 and x86_64 build outputs. This will be the last release of wget, unless high priority security patches are required. Future development will be against the successor project wget2. GNU Wget is a file retrieval utility which can use the HTTP, HTTPS, or FTP protocols. Wget features include the ability to work in the background while you're logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. For more information, please see the project home page. https://www.gnu.org/software/wget/ Summary of changes since last release wget 1.19.1: * clean up inconsistencies between x86 and x86_64 builds * fix CVE-2018-0494, CVE-2017-13089, CVE-2017-13090 * fix multiple potential resource leaks, memory leaks, buffer and integer overflows and segfaults * fix --xattr issues * support TLSv1.3 ciphers, libpcre2 regex pattern matching, HTTP 308 Permanent Redirect response * improve IDNA 2003 compatibility * NTLM authentication retry certain cases * add new options --ciphers, --compression, --retry-on-host-error, add --[no]-netrc to control .netrc parsing including GNU extensions, and fix Windows .netrc detection * decompress GZip'ed pages, and prevent erroneous decompression with broken servers * do not create an empty wget-log file when running with -q and -b For more details see /usr/share/doc/wget/NEWS or below: * Changes in Wget 1.20.3 -- Fixed a buffer overflow vulnerability * Changes in Wget 1.20.2 -- NTLM authentication will retry under certain cases * Changes in Wget 1.20.1 -- --xattr is no longer default since it introduces privacy issues. -- --xattr saves the Referer as scheme/host/port, user/pw/path/query/fragment are no longer saved to prevent privacy issues. -- --xattr saves the Original URL without user/password to prevent privacy issues. * Changes in Wget 1.20 -- Add new option `--retry-on-host-error` to treat local errors as transient and hence Wget will retry to download the file after a brief waiting period. -- Fixed multiple potential resource leaks as found by static analysis -- Wget will now not create an empty wget-log file when running with -q and -b switches together -- When compiled using the GnuTLS >= 3.6.3, Wget now has support for TLSv1.3 -- Now there is support for using libpcre2 for regex pattern matching -- When downloading over FTP recursively, one can now use the --{accept,reject}-regex switches to fine-tune the downloaded files -- Building Wget from the git sources now requires autoconf 2.63 or above. Building from the Tarballs works as it used to. * Changes in Wget 1.19.5 -- Fix cookie injection (CVE-2018-0494) -- Enable TLS1.3 with recent OpenSSL environment -- New option --ciphers to set GnuTLS / OpenSSL ciphers directly -- Updated CSS grammar to CSS 2.2 -- Fixed several memleaks found by OSS-Fuzz -- Fixed several buffer overflows found by OSS-Fuzz -- Fixed several integer overflows found by OSS-Fuzz -- Several minor bug fixes * Changes in Wget 1.19.4 -- A major bug that caused GZip'ed pages to never be decompressed has been fixed -- Support for Content-Encoding and Transfer-Encoding have been marked as experimental and disabled by default * Changes in Wget 1.19.3 -- Prevent erroneous decompression of .gz and .tgz files with broken servers -- Added support for HTTP 308 Permanent Redirect response -- Fix a segfault in some cases where the Content-Type header is not sent -- Support OpenSSL 1.1 builds without using deprecated features -- Fix netrc file detection on Windows -- Several minor bug fixes * Changes in Wget 1.19.2 -- Fix CVE-2017-13089 (Stack overflow in HTTP protocol handling) -- Fix CVE-2017-13090 (Heap overflow in HTTP protocol handling) -- New option --compression for gzip Content-Encoding -- New option --[no]-netrc to control .netrc parsing -- Added GNU extensions to .netrc parsing -- Improved IDNA 2003 compatibility -- Fix VPATH issues -- Improved and extended the test suite -- Support Wayback Machine's X-Archive-Orig-last-modified -- Several bug fixes