Security update for axel (moderate)

An update that fixes one vulnerability is now available.

Description:

This update for axel fixes the following issues:

axel was updated to 2.17.8:

• CVE-2020-13614: SSL Certificate Hostnames were not verified (boo#1172159)

• Replaced progressbar line clearing with terminal control sequence

• Fixed parsing of Content-Disposition HTTP header

• Fixed User-Agent HTTP header never being included

Update to version 2.17.7:

• Buildsystem fixes
• Fixed release date for man-pages on BSD
• Explicitly close TCP sockets on SSL connections too
• Fixed HTTP basic auth header generation
• Changed the default progress report to “alternate output mode”
• Improved English in README.md

Update to version 2.17.6:

• Fixed handling of non-recoverable HTTP errors
• Cleanup of connection setup code
• Fixed manpage reproducibility issue
• Use tracker instead of PTS from Debian

Update to version 2.17.5:

• Fixed progress indicator misalignment
• Cleaned up the wget-like progress output code
• Improved progress output flushing

Update to version 2.17.4:

• Fixed build with bionic libc (Android)
• TCP Fast Open support on Linux
• TCP code cleanup
• Removed dependency on libm
• Data types and format strings cleanup
• String handling cleanup
• Format string checking GCC attributes added
• Buildsystem fixes and improvements
• Updates to the documentation
• Updated all translations
• Fixed Footnotes in documentation
• Fixed a typo in README.md

Update to version 2.17.3:

• Builds now use canonical host triplet instead of uname -s
• Fixed build on Darwin / Mac OS X
• Fixed download loops caused by last byte pointer being off by one
• Fixed linking issues (i18n and posix threads)
• Updated build instructions
• Code cleanup
• Added autoconf-archive to building instructions

Update to version 2.17.2:

• Fixed HTTP request-ranges to be zero-based
• Fixed typo “too may” -> “too many”
• Replaced malloc + memset calls with calloc
• Sanitize progress bar buffer len passed to memset

Update to version 2.17.1:

• Fixed comparison error in axel_divide
• Make sure maxconns is at least 1

Update to version 2.17:

• Fixed composition of URLs in redirections
• Fixed request range calculation
• Updated all translations
• Updated build documentation
• Major code cleanup
  - Cleanup of alternate progress output
  - Removed global string buffers
  - Fixed min and max macros
  - Moved User-Agent header to conf->add_header
  - Use integers for speed ratio and delay calculation
• Added support for parsing IPv6 literal hostname
• Fixed filename extraction from URL
• Fixed request-target message to proxy
• Handle secure protocol’s schema even with SSL disabled
• Fixed Content-Disposition filename value decoding
• Strip leading hyphens in extracted filenames

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.1:

  zypper in -t patch openSUSE-2020-778=1