Update Info

openSUSE-2020-785


Security update for axel


Type: security
Severity: moderate
Issued: 2020-06-08
Description:
This update for axel fixes the following issues:

axel was updated to 2.17.8:

* CVE-2020-13614: SSL Certificate Hostnames were not verified (boo#1172159)

* Replaced progressbar line clearing with terminal control sequence
* Fixed parsing of Content-Disposition HTTP header
* Fixed User-Agent HTTP header never being included

Update to version 2.17.7:

- Buildsystem fixes
- Fixed release date for man-pages on BSD
- Explicitly close TCP sockets on SSL connections too
- Fixed HTTP basic auth header generation
- Changed the default progress report to "alternate output mode"
- Improved English in README.md

Update to version 2.17.6:

- Fixed handling of non-recoverable HTTP errors
- Cleanup of connection setup code
- Fixed manpage reproducibility issue
- Use tracker instead of PTS from Debian

Update to version 2.17.5:

- Fixed progress indicator misalignment
- Cleaned up the wget-like progress output code
- Improved progress output flushing

Update to version 2.17.4:

- Fixed build with bionic libc (Android)
- TCP Fast Open support on Linux
- TCP code cleanup
- Removed dependency on libm
- Data types and format strings cleanup
- String handling cleanup
- Format string checking GCC attributes added
- Buildsystem fixes and improvements
- Updates to the documentation
- Updated all translations
- Fixed Footnotes in documentation
- Fixed a typo in README.md

Update to version 2.17.3:

- Builds now use canonical host triplet instead of `uname -s`
- Fixed build on Darwin / Mac OS X
- Fixed download loops caused by last byte pointer being off by one
- Fixed linking issues (i18n and posix threads)
- Updated build instructions
- Code cleanup
- Added autoconf-archive to building instructions

Update to version 2.17.2:

- Fixed HTTP request-ranges to be zero-based
- Fixed typo "too may" -> "too many"
- Replaced malloc + memset calls with calloc
- Sanitize progress bar buffer len passed to memset

Update to version 2.17.1:

- Fixed comparison error in axel_divide
- Make sure maxconns is at least 1

Update to version 2.17:

- Fixed composition of URLs in redirections
- Fixed request range calculation
- Updated all translations
- Updated build documentation
- Major code cleanup
 -  Cleanup of alternate progress output
 -  Removed global string buffers
 -  Fixed min and max macros
 -  Moved User-Agent header to conf->add_header
 -  Use integers for speed ratio and delay calculation
- Added support for parsing IPv6 literal hostname
- Fixed filename extraction from URL
- Fixed request-target message to proxy
- Handle secure protocol's schema even with SSL disabled
- Fixed Content-Disposition filename value decoding
- Strip leading hyphens in extracted filenames

This update was imported from the openSUSE:Leap:15.1:Update update project.

              

Packages


  • axel-2.17.8-bp151.4.3.1