pool/wget2
SHA256
17
0
Fork 2
Code Issues Pull Requests 1 Activity

wget 2.2.1 / 2 CVE fixes #1

Open
jengelh wants to merge 2 commits from jengelh/wget2:master into leap-16.0
pull from: jengelh/wget2:master
merge into: pool:leap-16.0
Conversation 9 Commits 2 Files Changed 6 +44 -8
6 changed files with 44 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
wget2-2.1.0.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a05dc5191c6bad9313fd6db2777a78f5527ba4774f665d5d69f5a7461b49e2e7
size 3867884

BIN
wget2-2.1.0.tar.gz.sig
View File

Binary file not shown.

BIN
wget2-2.2.1.tar.gz LFS Normal file
View File

Binary file not shown.

BIN
wget2-2.2.1.tar.gz.sig Normal file
View File

Binary file not shown.

36
wget2.changes
View File

@@ -1,3 +1,39 @@
-------------------------------------------------------------------
Wed Jan 7 08:03:14 UTC 2026 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.2.1
* Fix file overwrite issue with metalink [CVE-2025-69194]
* Fix remote buffer overflow in get_local_filename_real()
[CVE-2025-69195]
* Fix a redirect/mirror regression from 400713ca
* Use the local system timestamp when requested via
--no-use-server-timestamps
* Prevent file truncation with --no-clobber
* Improve messages about why URLs are not being followed
* Fix metalink with -O/--output-document
* Fix sorting of metalink mirrors by priority
* Add --show-progress to improve backwards compatibility to wget
* Fix buffer overflow in wget_iri_clone() after
wget_iri_set_scheme()
* Allow 'no_' prefix in config options
* Use libnghttp2 for HTTP/2 testing
* Set exit status to 8 on 403 response code
* Fix convert-links
* Fix --server-response for HTTP/1.1
-------------------------------------------------------------------
Tue Dec 30 09:53:21 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.2.0
* Don't truncate file when -c and -O are combined
* Don't log URI userinfo to logs
* Fix downloading multiple files via HTTP/2
* Support connecting with HTTP/1.0 proxies
* Ignore 1xx HTTP responses for HTTP/1.1
* Disable TCP Fast Open by default
* Fix segfault when OCSP response is missing
* Add libproxy support
-------------------------------------------------------------------
Fri Sep 1 11:56:36 UTC 2023 - Jan Engelhardt <jengelh@inai.de>

10
wget2.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package wget2
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,8 +17,8 @@
Name: wget2
%define lname libwget2
Version: 2.1.0
%define lname libwget4
Version: 2.2.1
Release: 0
Summary: A Tool for Mirroring FTP and HTTP Servers
License: GPL-3.0-or-later AND LGPL-3.0-or-later
@@ -31,6 +31,7 @@ BuildRequires: doxygen
BuildRequires: flex
BuildRequires: gettext-devel >= 0.18.1
BuildRequires: libidn2-devel >= 0.14
BuildRequires: libproxy-devel
BuildRequires: libtool >= 2.2
BuildRequires: libunistring-devel
BuildRequires: pkg-config
@@ -96,8 +97,7 @@ to build against libwget.
rm -f "%buildroot/%_bindir"/*_noinstall "%buildroot/%_libdir"/*.la
%find_lang %name
%post -n %lname -p /sbin/ldconfig
%postun -n %lname -p /sbin/ldconfig
%ldconfig_scriptlets -n %lname
%files -f %name.lang
%_bindir/wget*