GNU Wget NEWS -- history of user-visible changes.
-Copyright (C) 2005 Free Software Foundation, Inc.
+Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+2006, 2007, 2008, 2009 Free Software Foundation, Inc.
See the end for copying conditions.
Please send GNU Wget bug reports to <bug-wget@gnu.org>.
\f
+* Changes in Wget 1.12
+
+** Mailing list MOVED to bug-wget@gnu.org
+
+** SECURITY FIX: It had been possible to trick Wget into accepting
+SSL certificates that don't match the host name, through the trick of
+embedding NUL characters into the certs' common name.
+
+** Added support for CSS. This includes:
+ - Parsing links from CSS files, and from CSS content found in HTML
+ style tags and attributes.
+ - Supporting conversion of links found within CSS content, when
+ --convert-links is specified.
+ - Ensuring that CSS files end in the ".css" filename extension,
+ when --convert-links is specified.
+
+ CSS support in Wget is thanks to Ted Mielczarek
+ <ted.mielczarek@gmail.com>.
+
+** Added support for Internationalized Resource Identifiers (IRIs, RFC
+3987). When support is enabled (default), links with non-ASCII bytes
+are translated from their source encoding to UTF-8 before percent-encoding.
+
+ IRI support was added by Saint Xavier <wget@sxav.eu>, as his
+ project for the Google Summer of Code.
+
+** Wget now provides more sensible exit status codes when downloads
+don't proceed as expected (see the manual).
+
+** --default-page option (and associated wgetrc command) added to
+support alternative default names for index.html.
+
+** --ask-password option (and associated wgetrc command) added to
+support password prompts at the console.
+
+** The --input-file option now also handles retrieving links from
+an external file.
+
+** The output generated by the --version option now includes
+information on how it was built, and the set of configure-time options
+that were selected.
+
+** --html-extension has been renamed to --adjust-extension, to reflect
+the fact that it now also applies to CSS content..
+
+** An "ascii" specifier is now accepted by --restrict-file-names, which
+forces the percent-encoding of all non-ASCII bytes
+
+** Several previously existing, but undocumented .wgetrc options are
+now documented: save_headers, spider, and user_agent,
+auth_no_challenge, and keep_session_cookies. Also added documentation
+for the "lowercase" and "uppercase" values for --restrict-file-names, which had been present since Wget 1.11.
+\f
+* Changes in Wget 1.11.4
+
+** Fixed an issue (apparently a regression) where -O would refuse to
+download when -nc was given, even though the file didn't exist.
+
+** Fixed a situation where Wget could abort with --continue if the
+remote server gives a content-length of zero when the file exists
+locally with content.
+
+** Fixed a crash on some systems, due to Wget casting a pointer-to-long
+to a pointer-to-time_t.
+
+** Translation updates for Catalan.
+\f
+* Changes in Wget 1.11.3
+
+** Downgraded -N with -O to a warning, rather than an error.
+
+** Translation updates
+\f
+* Changes in Wget 1.11.2
+
+** Fixed a problem in authenticating over HTTPS through a proxy.
+(Regression in 1.11 over 1.10.2.)
+
+** The combination of -r or -p with -O, which was disallowed in 1.11,
+has been downgraded to a warning in 1.11.2. (-O and -N, which was never
+meaningful, is still an error.)
+
+** Further improvements to progress bar displays in non-English locales
+(too many spaces could be inserted, causing the display to scroll).
+
+** Successive invocations of Wget on FTP URLS, with --no-remove-listing
+and --continue, was causing Wget to append, rather than replace,
+information in the .listing file, and thereby download the same files
+multiple times. This has been fixed in 1.11.2.
+
+** Wget 1.11 no longer allowed ".." to persist at the beginning of URLs,
+for improved conformance with RFC 3986. However, this behavior presents
+problems for some FTP setups, and so they are now preserved again, for
+FTP URLs only.
+\f
+* Changes in Wget 1.11.1.
+
+** Interrupted downloads no longer result in renaming the file
+(regression in 1.11 over 1.10.2).
+
+** Progress bar now displays correctly in non-English locales (and a
+related assertion failure was fixed).
+
+** Wget no longer issues a GET request over HTTP for files it should
+know it's not going to download (regression in 1.11 over 1.10.2).
+
+** Added option --auth-no-challenge, to support broken pre-1.11
+authentication-before-server-challenge, which turns out to still be
+useful for some limited cases.
+
+** Documentation of accept/reject lists in the manual's "Types of
+Files" section now explains various aspects of their behavior that may
+be surprising, and notes that they may change in the future.
+
+** Documentation of --no-parents now explains how a trailing slash, or
+lack thereof, in the specified URL, will affect behavior.
+\f
+* Changes in Wget 1.11.
+
+** Timestamping now uses the value from the most recent HTTP response,
+rather than the first one it got.
+
+** Authentication information is no longer sent as part of the Referer
+header in recursive fetches.
+
+** No authentication credentials are sent until a challenge is issued,
+for improved security. Authentication handling is still not
+RFC-compliant, as once a Basic challenge has been received, it will
+assume it can send credentials to any URL at that same host, and not
+just the ones at or below the original authenticated location.
+Credentials for Digest authentication are still never saved or issued
+automatically, and continue to require a challenge for each resource.
+
+** Added --max-redirect option, allowing the user to specify what should
+be the maximum number of HTTP redirects to follow.
+
+** Wget now supports saving HTTP downloads using file names specified by
+the `Content-Disposition' header. This is a standard way of specifying
+the file name used by many web dynamically generated pages. However, the
+current implementation is inefficient, and known to have bugs. It is
+EXPERIMENTAL only, and not enabled by default. Use --content-disposition
+to enable it.
+
+** The new option `--ignore-case' makes Wget ignore case when
+matching files, directories, and wildcards. This affects the -X, -I,
+-A, and -R options, as well as globbing in FTP URLs.
+
+** ETA projection is now displayed in "dot" progress output as well as
+in the default progress bar. (The dot progress is used by default when
+logging Wget's output to file using the `-o' option.)
+
+** The "lockable boolean" argument type is no longer supported. It
+was only used by the passive_ftp .wgetrc setting. If you're running
+broken scripts or Perl modules that unconditionally specify
+`--passive-ftp' and your firewall disallows it, you can override them
+by replacing wget with a script that execs wget "$@" --no-passive-ftp.
+
+** The source code has been migrated to Mercurial. The repositories are
+available at http://hg.addictivecode.org/. Prior to this, the source
+code was hosted on Subversion (migrated from the original CVS); you can
+still get access to older tags and branches for Wget in the Subversion
+repository at http://addictivecode.org/svn/wget/.
+\f
* Changes in Wget 1.10.
-** Downloading files greater than 2GB, also known as "large files",
-now works on systems that support them. This includes most modern
-Unix variants, as well as Windows.
+** Downloading files larger than 2GB, sometimes referred to as "large
+files", now works on systems that support them. This includes the
+majority of modern Unixes, as well as MS Windows.
** IPv6 is now supported by Wget. Unlike the experimental code in
-1.9, this version has no problems with dual-family systems. The new
-flags `--inet4' and `--inet6' (or `-4' and `-6' for short) force the
-use of IPv4 and IPv6 respectively. Unfortunately the IPv6 support
-still does not work on Windows.
-
-** Talking to SSL servers over proxies now actually works. Previous
-versions of Wget erroneously sent GET requests for SSL URLs. Wget
-1.10 utilizes the CONNECT method designed for this purpose.
+1.9, this version supports dual-family systems. The new flags
+`--inet4' and `--inet6' (or `-4' and `-6' for short) force the use of
+IPv4 and IPv6 respectively. Note that IPv6 support has not yet been
+tested on Windows.
** Microsoft's proprietary "NTLM" method of HTTP authentication is now
supported. This authentication method is undocumented and only used
retries from servers without support for partial downloads work even
when downloading to stdout.
+** SSL/TLS changes:
+
+*** SSL/TLS downloads now attempt to verify the server's certificate
+against the recognized certificate authorities. This requires CA
+certificates to have been installed in a location visible to the
+OpenSSL library. If this is not the case, you can get the bundle
+yourself from a source you trust (for example, the bundle extracted
+from Mozilla available at http://curl.haxx.se/docs/caextract.html),
+and point Wget to the PEM file using the `--ca-certificate'
+command-line option or the corresponding `.wgetrc' command.
+
+*** Secure downloads now verify that the host name in the URL matches
+the "common name" in the certificate presented by the server.
+
+*** Although the above checks provide more secure downloads, they
+unavoidably break interoperability with some sites that worked with
+previous versions, particularly those using self-signed, expired, or
+otherwise invalid certificates. If you encounter "certificate
+verification" errors or complaints that "common name doesn't match
+requested host name" and are convinced of the site's authenticity, you
+can use `--no-check-certificate' to bypass both checks.
+
+*** Talking to SSL/TLS servers over proxies now actually works.
+Previous versions of Wget erroneously sent GET requests for https
+URLs. Wget 1.10 utilizes the CONNECT method designed for this
+purpose.
+
+*** The SSL/TLS-related options have been redesigned and, for the
+first time, documented in the manual. The old, undocumented, options
+are no longer supported.
+
** Passive FTP is now the default FTP transfer mode. Use
`--no-passive-ftp' or specify `passive_ftp = off' in your init file to
revert to the old behavior.
** The new option `--protocol-directories' instructs Wget to also use
the protocol name as a directory component of local file names.
-** Many options that previously unconditionally set or unset various
-flags are now boolean options that can be invoked as either `--OPTION'
-or `--no-OPTION'. Options that required an argument "on" or "off"
-have also been changed this way, but they still accept the old syntax
-for backward compatibility. For example, instead of `--glob=off' you
-can write `--no-glob'.
+** Options that previously unconditionally set or unset various flags
+are now boolean options that can be invoked as either `--OPTION' or
+`--no-OPTION'. Options that required an argument "on" or "off" have
+also been changed this way, but they still accept the old syntax for
+backward compatibility. For example, instead of `--glob=off' you can
+write `--no-glob'.
Allowing `--no-OPTION' for every `--OPTION' and the other way around
is useful because it allows the user to override non-default behavior
----------------------------------------------------------------------
Copyright information:
-Copyright (C) 2005 Free Software Foundation, Inc.
+Copyright (C) 1997-2005 Free Software Foundation, Inc.
Permission is granted to anyone to make or distribute verbatim
copies of this document as received, in any medium, provided that
projects / wget / blobdiff