bug-wget
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

wget-1.25.0 released [stable]

From: Darshit Shah
Subject: wget-1.25.0 released [stable]
Date: Mon, 11 Nov 2024 16:36:47 +0100
User-agent: Mozilla Thunderbird 

I'm glad to announce wget-1.25.0, a new stable release.
GNU wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. It is a non-interactive command-line tool, so it may easily be called from scripts, cron jobs, terminals without X Window System support, etc. 

There are two breaking changes in this release.
The first and more important one is that the shorthand format for both HTTP
and FTP URLs has been entirely removed. This format was previously deprecated 
and is now no longer supported. This means invocations of the form:

```
$ wget username:password@myserver
```
will now result in a URL error. Users must use the full form:
```
$ wget http://username:password@myserver
```

The other breaking change is that input file reads are now non-blocking.
Suppose you used the following invocation
```
$ print_urls | wget -i-
```
to retrieve a list of URLs provided to Wget on stdin. Previously, wget would
attempt to read everything it could at the beginning, close stdin and retrieve all URLs. With 1.25.0, Wget will continuously keep reading from the pipe until 
the other end closes the pipe.
This feature is currently not available on Windows.

There were other minor changes and stability improvements.

There have been 46 commits by 3 people in the 35 weeks since 1.24.5.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

  Darshit Shah (13)
  Sam James (2)
  Tim Rühsen (31)

Darshit
 [on behalf of the wget maintainers]
==================================================================

Here is the GNU wget home page:
    https://gnu.org/s/wget/

For a summary of changes and contributors, see:
  https://git.sv.gnu.org/gitweb/?p=wget.git;a=shortlog;h=v1.25.0
or run this command from a git-cloned wget directory:
  git shortlog v1.24.5..v1.25.0

Here are the compressed sources:
  https://ftpmirror.gnu.org/wget/wget-1.25.0.tar.gz   (5.1MB)
  https://ftpmirror.gnu.org/wget/wget-1.25.0.tar.lz   (2.5MB)

Here are the GPG detached signatures:
  https://ftpmirror.gnu.org/wget/wget-1.25.0.tar.gz.sig
  https://ftpmirror.gnu.org/wget/wget-1.25.0.tar.lz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

  939b74b0759a2e5f57ec9ac12f5b4403fd9cf5cf  wget-1.25.0.tar.gz
  dm5IQj55NZ6jHkHbnlwolnWUen/PLv3O23JqydDaN4Q=  wget-1.25.0.tar.gz
  ca79e61fbf1d32133f60ef7c7d476b250b6da423  wget-1.25.0.tar.lz
  GSJcx1awoIj8gRSNxqQKDI8ymvf9hIPxx7L+UPTgih8=  wget-1.25.0.tar.lz

Verify the base64 SHA256 checksum with cksum -a sha256 --check
from coreutils-9.2 or OpenBSD's cksum since 2007.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify wget-1.25.0.tar.gz.sig

The signature should match the fingerprint of the following key:

  pub   rsa4096 2015-10-14 [SC]
        7845 120B 07CB D8D6 ECE5  FF2B 2A17 43ED A91A 35B6
  uid   Darshit Shah <gpg@darnir.net>
  uid   Darshit Shah <darnir@gnu.org>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

  gpg --locate-external-key gpg@darnir.net

  gpg --recv-keys 64FF90AAE8C70AF9
  wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=wget&download=1' | gpg --import - 

As a last resort to find the key, you can try the official GNU
keyring:

  wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
  gpg --keyring gnu-keyring.gpg --verify wget-1.25.0.tar.gz.sig

This release was bootstrapped with the following tools:
  Autoconf 2.72
  Automake 1.17
  Gnulib v1.0-1057-g74b6a2a738

NEWS

* Noteworthy changes in release 1.25.0 (2024-11-10) [stable]

** [Breaking change] Drop support for shorthand FTP URLs (CVE-2024-10524)

** [Breaking change] Switch to continuous reading from stdin pipes

** Reimplement user-info parsing based on RFC 2396

** Fix a build issue with libproxy and --disable-debug

Attachment: OpenPGP_0x2A1743EDA91A35B6.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]