GNU Wget NEWS -- history of user-visible changes.
-Copyright (C) 1997-2006 Free Software Foundation, Inc.
+Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+2006, 2007, 2008, 2009 Free Software Foundation, Inc.
See the end for copying conditions.
Please send GNU Wget bug reports to <bug-wget@gnu.org>.
\f
+* Changes in Wget 1.12
+
+** Mailing list MOVED to bug-wget@gnu.org
+
+** SECURITY FIX: It had been possible to trick Wget into accepting
+SSL certificates that don't match the host name, through the trick of
+embedding NUL characters into the certs' common name.
+
+** Added support for CSS. This includes:
+ - Parsing links from CSS files, and from CSS content found in HTML
+ style tags and attributes.
+ - Supporting conversion of links found within CSS content, when
+ --convert-links is specified.
+ - Ensuring that CSS files end in the ".css" filename extension,
+ when --convert-links is specified.
+
+ CSS support in Wget is thanks to Ted Mielczarek
+ <ted.mielczarek@gmail.com>.
+
+** Added support for Internationalized Resource Identifiers (IRIs, RFC
+3987). When support is enabled (default), links with non-ASCII bytes
+are translated from their source encoding to UTF-8 before percent-encoding.
+
+ IRI support was added by Saint Xavier <wget@sxav.eu>, as his
+ project for the Google Summer of Code.
+
+** Wget now provides more sensible exit status codes when downloads
+don't proceed as expected (see the manual).
+
+** --default-page option (and associated wgetrc command) added to
+support alternative default names for index.html.
+
+** --ask-password option (and associated wgetrc command) added to
+support password prompts at the console.
+
+** The --input-file option now also handles retrieving links from
+an external file.
+
+** The output generated by the --version option now includes
+information on how it was built, and the set of configure-time options
+that were selected.
+
+** --html-extension has been renamed to --adjust-extension, to reflect
+the fact that it now also applies to CSS content..
+
+** An "ascii" specifier is now accepted by --restrict-file-names, which
+forces the percent-encoding of all non-ASCII bytes
+
+** Several previously existing, but undocumented .wgetrc options are
+now documented: save_headers, spider, and user_agent,
+auth_no_challenge, and keep_session_cookies. Also added documentation
+for the "lowercase" and "uppercase" values for --restrict-file-names, which had been present since Wget 1.11.
+\f
+* Changes in Wget 1.11.4
+
+** Fixed an issue (apparently a regression) where -O would refuse to
+download when -nc was given, even though the file didn't exist.
+
+** Fixed a situation where Wget could abort with --continue if the
+remote server gives a content-length of zero when the file exists
+locally with content.
+
+** Fixed a crash on some systems, due to Wget casting a pointer-to-long
+to a pointer-to-time_t.
+
+** Translation updates for Catalan.
+\f
+* Changes in Wget 1.11.3
+
+** Downgraded -N with -O to a warning, rather than an error.
+
+** Translation updates
+\f
+* Changes in Wget 1.11.2
+
+** Fixed a problem in authenticating over HTTPS through a proxy.
+(Regression in 1.11 over 1.10.2.)
+
+** The combination of -r or -p with -O, which was disallowed in 1.11,
+has been downgraded to a warning in 1.11.2. (-O and -N, which was never
+meaningful, is still an error.)
+
+** Further improvements to progress bar displays in non-English locales
+(too many spaces could be inserted, causing the display to scroll).
+
+** Successive invocations of Wget on FTP URLS, with --no-remove-listing
+and --continue, was causing Wget to append, rather than replace,
+information in the .listing file, and thereby download the same files
+multiple times. This has been fixed in 1.11.2.
+
+** Wget 1.11 no longer allowed ".." to persist at the beginning of URLs,
+for improved conformance with RFC 3986. However, this behavior presents
+problems for some FTP setups, and so they are now preserved again, for
+FTP URLs only.
+\f
+* Changes in Wget 1.11.1.
+
+** Interrupted downloads no longer result in renaming the file
+(regression in 1.11 over 1.10.2).
+
+** Progress bar now displays correctly in non-English locales (and a
+related assertion failure was fixed).
+
+** Wget no longer issues a GET request over HTTP for files it should
+know it's not going to download (regression in 1.11 over 1.10.2).
+
+** Added option --auth-no-challenge, to support broken pre-1.11
+authentication-before-server-challenge, which turns out to still be
+useful for some limited cases.
+
+** Documentation of accept/reject lists in the manual's "Types of
+Files" section now explains various aspects of their behavior that may
+be surprising, and notes that they may change in the future.
+
+** Documentation of --no-parents now explains how a trailing slash, or
+lack thereof, in the specified URL, will affect behavior.
+\f
* Changes in Wget 1.11.
-** Wget now saves HTTP downloads using file names specified by the
-`Content-Disposition' header. This is a standard way of specifying
-the file name used by many web dynamically generated pages.
+** Timestamping now uses the value from the most recent HTTP response,
+rather than the first one it got.
+
+** Authentication information is no longer sent as part of the Referer
+header in recursive fetches.
+
+** No authentication credentials are sent until a challenge is issued,
+for improved security. Authentication handling is still not
+RFC-compliant, as once a Basic challenge has been received, it will
+assume it can send credentials to any URL at that same host, and not
+just the ones at or below the original authenticated location.
+Credentials for Digest authentication are still never saved or issued
+automatically, and continue to require a challenge for each resource.
+
+** Added --max-redirect option, allowing the user to specify what should
+be the maximum number of HTTP redirects to follow.
-** The GnuTLS library is now also supported for https downloads.
-This is still work-in-progress. OpenSSL is still used by default; use
---with-ssl=gnutls to build with GnuTLS. OpenSSL is still required for
-NTLM authorization to work, but this should eventually change.
+** Wget now supports saving HTTP downloads using file names specified by
+the `Content-Disposition' header. This is a standard way of specifying
+the file name used by many web dynamically generated pages. However, the
+current implementation is inefficient, and known to have bugs. It is
+EXPERIMENTAL only, and not enabled by default. Use --content-disposition
+to enable it.
** The new option `--ignore-case' makes Wget ignore case when
matching files, directories, and wildcards. This affects the -X, -I,
`--passive-ftp' and your firewall disallows it, you can override them
by replacing wget with a script that execs wget "$@" --no-passive-ftp.
-** The source code has migrated from CVS to Subversion. The
-repository is available at http://svn.dotsrc.org/repo/wget/; to
-checkout the trunk to a directory named `wget', use something like
-`svn checkout http://svn.dotsrc.org/repo/wget/trunk/ wget'.
+** The source code has been migrated to Mercurial. The repositories are
+available at http://hg.addictivecode.org/. Prior to this, the source
+code was hosted on Subversion (migrated from the original CVS); you can
+still get access to older tags and branches for Wget in the Subversion
+repository at http://addictivecode.org/svn/wget/.
\f
* Changes in Wget 1.10.
projects / wget / blobdiff