[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
wget-1.24.5 released [stable]
From: |
Darshit Shah |
Subject: |
wget-1.24.5 released [stable] |
Date: |
Sun, 10 Mar 2024 15:51:03 +0100 |
User-agent: |
Mozilla Thunderbird |
This is to announce wget-1.24.5, a stable release.
This is another relative slow release with minor bug fixes. The main one
being a correction in how subdomains of Top-Level Domains (TLDs) are
treated when checking for suffixes during HSTS lookups. This is a very
low criticality vulnerability that has now been patched.
There have been 33 commits by 6 people in the 43 weeks since 1.21.4.
See the NEWS below for a brief summary.
Thanks to everyone who has contributed!
The following people contributed changes to this release:
Christian Weisgerber (1)
Darshit Shah (20)
Jan Palus (1)
Jan-Michael Brummer (1)
Tim Rühsen (9)
Yaakov Selkowitz (1)
Darshit Shah
[on behalf of the wget maintainers]
==================================================================
Here is the GNU wget home page:
https://gnu.org/s/wget/
For a summary of changes and contributors, see:
https://git.sv.gnu.org/gitweb/?p=wget.git;a=shortlog;h=v1.24.5
or run this command from a git-cloned wget directory:
git shortlog v1.21.4..v1.24.5
Here are the compressed sources:
https://ftpmirror.gnu.org/wget/wget-1.24.5.tar.gz (5.0MB)
https://ftpmirror.gnu.org/wget/wget-1.24.5.tar.lz (2.5MB)
Here are the GPG detached signatures:
https://ftpmirror.gnu.org/wget/wget-1.24.5.tar.gz.sig
https://ftpmirror.gnu.org/wget/wget-1.24.5.tar.lz.sig
Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html
Here are the SHA1 and SHA256 checksums:
62525de6f09486942831ca2e352ae6802fc2c3dd wget-1.24.5.tar.gz
+i3DW6tRhOy8Rqnvg97yqqo/TJ88l9S9GdywfU2mN94= wget-1.24.5.tar.gz
01659f427c2e90c7c943805db69ea00f5da79b07 wget-1.24.5.tar.lz
V6EHFR5O+U/flK/+z6xZiWPzcvEyk+2cdAMhBTkLNu4= wget-1.24.5.tar.lz
Verify the base64 SHA256 checksum with cksum -a sha256 --check
from coreutils-9.2 or OpenBSD's cksum since 2007.
Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:
gpg --verify wget-1.24.5.tar.gz.sig
The signature should match the fingerprint of the following key:
pub rsa4096 2015-10-14 [SC]
7845 120B 07CB D8D6 ECE5 FF2B 2A17 43ED A91A 35B6
uid Darshit Shah <gpg@darnir.net>
uid Darshit Shah <darnir@gnu.org>
If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.
gpg --locate-external-key gpg@darnir.net
gpg --recv-keys 64FF90AAE8C70AF9
wget -q -O-
'https://savannah.gnu.org/project/release-gpgkeys.php?group=wget&download=1'
| gpg --import -
As a last resort to find the key, you can try the official GNU
keyring:
wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify wget-1.24.5.tar.gz.sig
This release was bootstrapped with the following tools:
Autoconf 2.72
Automake 1.16.5
Gnulib v0.1-7211-gd15237a22b
NEWS
* Noteworthy changes in release 1.24.5 (2024-03-10) [stable]
** Fix how subdomain matches are checked for HSTS.
Fixes a minor issue where cookies may be leaked to the wrong domain
** Wget will now also parse the srcset attribute in <source> HTML tags
** Support reading fetchmail style "user" and "passwd" fields from netrc
** In some cases, prevent the confusing "Cannot write to... (success)"
error messages
** Support extremely fast download speeds (TB/s).
Previously this would cause Wget to crash when printing the speed
** Improve portability on OpenBSD to run the test suite
** Ensure that CSS URLs are corectly quoted (Bug: 64082)
OpenPGP_0x2A1743EDA91A35B6.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
- wget-1.24.5 released [stable],
Darshit Shah <=