* SECURITY UPDATE: Access to sensitive information
- debian/patches/CVE-2018-20483-*.patch: fix in
src/ftp.c, src/http.c, src/xattr.c, src/xattr.h,
src/init.c, src/main.c, doc/wget.texi.
- CVE-2018-20483
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2019-5953-*.patch: fix in
src/iri.c.
- CVE-2019-5953
* SECURITY UPDATE: Cookie injection vulnerability
- debian/patches/CVE-2018-0494.patch: fix cooking injection
in src/http.c.
- CVE-2018-0494
* No change rebuild against openssl1.1.
* Merge from Debian unstable. Remaining changes:
- Don't Build-Depend on libgnutls28-dev.
- Pass --with-ssl=openssl
- Enable parallel builds.
- debian/patches/disable-SSLv3.patch: properly detect SSLv3 being
disabled on Ubuntu because the method still exists for ABI reasons.
- debian/control: add pkg-config to Build-Depends.
* new upstream release from 2018-01-21
removed patches from 1.19.3-2
* debian/control changed Priority from important to standard see #834811
* debian/compat to 11 and removed then unneded build-depends autotools-dev
* Merge from Debian unstable. Remaining changes:
- Don't Build-Depend on libgnutls28-dev.
- Pass --with-ssl=openssl
- Enable parallel builds.
- debian/patches/disable-SSLv3.patch: properly detect SSLv3 being
disabled on Ubuntu because the method still exists for ABI reasons.
- debian/control: add pkg-config to Build-Depends.
* added upstream patches:
- 0001-Switch-off-compression-by-default.patch
- 0001--srchttpc-gethttp-Fix-bug-that-prevented-all-files-from-being-decompressed.patch
closes: Bug#887913, Bug#887910
* new upstream release from 2018-01-19
- removed upstream included patches: wget_813158fixsegfault.patch
and gnulib.git.patch
* debian/upstream/signing-key.asc added Darshit Shah
* fixed segfault with upstream patch. closes: Bug#813158, #880542
wget_813158fixsegfault.patch
* corrected debian/watch
* debian/control: updated Standard-Version to 4.1.3; no changes needed
* Merge with Debian, remaining changes:
- Don't Build-Depend on libgnutls28-dev.
- Pass --with-ssl=openssl
- Enable parallel builds.
- debian/patches/disable-SSLv3.patch: properly detect SSLv3 being
disabled on Ubuntu because the method still exists for ABI reasons.
- debian/control: add pkg-config to Build-Depends.
* Dropped changes:
- Don't build with libpsl-dev, which is in universe. (it's in main now)
* new upstream release from 2017-10-27 fixes
CVE-2017-13089/CVE-2017-13090 closes: Bug#879957
* debian/watch added opts=pgpmode=auto
* added debian/upstream/signing-key.asc
* debian/control updated Standards Version to 4.1.1 (needed change
see above)
* removed upstream included debian/patches/CVE-2017-6508
* updated debian/patches/gnulib.git.patch
* added patch from Bruno Haible <bruno@clisp.org> to
fix build on hurd-i386 (Thanks Svante!). closes: Bug#858995
* debian/control wget-udeb Priority changed from extra to optional
* debian/control: added missing build-dep pkg-config. closes: Bug#865886
thx for reporting:)
* debian/control: updated Standard-Version to 4.0.0; no changes needed
* SECURITY UPDATE: stack overflow in HTTP protocol handling
- debian/patches/CVE-2017-13089.patch: return error on negative chunk
size in src/http.c.
- CVE-2017-13089
* SECURITY UPDATE: heap overflow in HTTP protocol handling
- debian/patches/CVE-2017-13090.patch: stop processing on negative
chunk size in src/retr.c.
- CVE-2017-13090
* Merge with Debian, remaining changes:
- Don't Build-Depend on libgnutls28-dev.
- Pass --with-ssl=openssl
- Don't build with libpsl-dev, which is in universe.
- Enable parallel builds.
- debian/patches/disable-SSLv3.patch: properly detect SSLv3 being
disabled on Ubuntu because the method still exists for ABI reasons.
* debian/control: add pkg-config to Build-Depends.
* also apply the patch in 1.19.1-2 m(
* added upstream patch to fix CVE-2017-6508 closes: Bug#857073
* new upstream release from 2017-02-11 to sid
- removed wget-doc-CRLs.patch because CRLs are supported
closes: Bug#849389
* new upstream release from 2017-02-03
(upload to unstable after stretch freeze)
* removed upstream applied patches wget-openssl1.1.0.patch and
CVE-2016-7098.patch
* added patches to fix CVE-2016-7098:
files rejected by access list are kept on the disk for the duration of
HTTP connection closes: #836503
* make the build reproducible (Thanks Reiner!). closes: #833070
* Merge with Debian, remaining changes:
- Don't Build-Depend on libgnutls28-dev.
- Pass --with-ssl=openssl
- Don't build with libpsl-dev, which is in universe.
- Enable parallel builds.
* debian/patches/disable-SSLv3.patch: properly detect SSLv3 being
disabled on Ubuntu because the method still exists for ABI reasons.
* added OpenSSl 1.1.0 patch from upstream git. closes: #828599
* new upstream release from 2016-06-10
- fixed CVE-2016-4971 closes: #827003
- fixed segmentation fault when terminal width is small. closes: #823891
* debian/control: updated Standards-Version, no changes needed
* debian/changelog fixed spelling errors
* applied patch from Margarita Manterola. Thanks a lot:
- Add udeb support, taken from the work done by Colin Watson for Ubuntu
in 1.10.2-2ubuntu2 and forward.
- Added dependency on libssl-dev for the udeb, as gnutls does not provide
a udeb package.
* SECURITY UPDATE: http to ftp redirect spoofed filenames
- debian/patches/CVE-2016-4971.patch: understand --trust-server-names
on a HTTP->FTP redirect in src/ftp.*, src/retr.c.
- CVE-2016-4971
* Merge with Debian experimental, remaining changes:
- Add wget-udeb to ship wget as alternative to busybox wget.
- Build-Depend on libssl-dev instead of libgnutls28-dev.
- Pass --with-ssl=openssl; there's no udeb for gnutls.
- Add a second build pass for the udeb, so we can build with -Os and
without libidn.
- Use dh_autotools-dev instead of custom config.{sub,guess} copy.
- Don't build with libpsl-dev, which is in universe.
* Enable parallel builds.
* new upstream relase from 2015-12-11
- fixed segfault in strlen(). closes: #805673
* new upstream relase from 2015-11-16
- fixed IP address exposure in FTP code. closes: #799964
- fixed not reacting on GNUTLS_E_REHANDSHAKE closes: #797057
- make --convert-links messages more clear closes: #633703
* changed libgnutls28-dev dependency to a versioned one to fix
libnettle transition in gnutls. closes: #787942
* upload to unstable
Closing bugs from the experimental uploads since 1.16-1
Closes: #779519, #144076, #768110, #745836, #772020, #767283
* new upstream release from 2015-03-09 which fixes the --quiet regression
* debian/rules fix lintian error temporary-debhelper-file
* upstream patch to fix new bug in 1.16.2 where -q is not quiet anymore
main.c-Need-to-explicitly-disallow-show_progress-in-.patch
closes: #779519
* new upstream release from 2015-02-28 to experimental until jessie release
- Allow progress bar on stderr when -o is used. Closes: #144076
* Merge with Debian experimental, remaining changes:
- Add wget-udeb to ship wget as alternative to busybox wget.
- Build-Depend on libssl-dev instead of libgnutls28-dev.
- Pass --with-ssl=openssl; there's no udeb for gnutls.
- Add a second build pass for the udeb, so we can build with -Os and
without libidn.
- Use dh_autotools-dev instead of custom config.{sub,guess} copy.
- Don't build with libpsl-dev, which is in universe.
* Drop fix-openssl-implicit-decl-warning.patch, applied upstream.
* new upstream release from 2014-12-08 to experimental until jessie release
- fixed progress bar. closes: #768110
- new option --crl-file closes: #745836
* enabled pcre support. closes: #772020
* debian/rules hardening all. Thanks Markus for the hint
* debian/patches/wget-progressbar.patch removed
the patch results sometimes in stopping downloads so reverting it
wget: progress.c:1161: create_image: Assertion `count_cols
(bp->buffer) <= bp->width' failed.
Bug #768110 is reopend
Closes: Bug#768323
* debian/changelog mention CVE-2014-4877 in 1.16-1
* debian/patches/wget-progressbar.patch upstream commited patch
76f6fe22 to fix progressbar. Closes: #768110
* debian/patches/wget-doc-CRLs.patch document that CRLs are not checked.
Closes: #767283
* Resynchronise with Debian. Remaining changes:
- Add wget-udeb to ship wget as alternative to busybox wget.
- Build-Depend on libssl-dev instead of libgnutls28-dev.
- Pass --with-ssl=openssl; there's no udeb for gnutls.
- Add a second build pass for the udeb, so we can build with -Os and
without libidn.
- Use dh_autotools-dev instead of custom config.{sub,guess} copy.
* Don't build with Public Suffix List cookie domain checking (required
library is in universe)
- debian/control: remove libpsl-dev from Build-Depends.
* Fix openssl build
- debian/patches/fix-openssl-implicit-decl-warning.patch: added missing
include to src/openssl.c.
* new upstream release from 2014-10-27
- No longer create local symbolic links by default CVE-2014-4877
- "Poodle" do not use SSLv3 except explicitly requested CVE-2014-3566
* debian/control: Public Suffix List cookie domain checking via libpsl
Closes: #766780
* debian/control: updated Standards-Version to 3.9.6 (no changes needed)
[ Colin Watson ]
* Resynchronise with Debian. Remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget.
- Build-depend on libssl-dev 0.9.8k-7ubuntu4.
- Pass --with-ssl=openssl; there's no udeb for gnutls.
- Add a second build pass for the udeb, so we can build with -Os and
without libidn.
- Use dh_autotools-dev instead of custom config.{sub,guess} copy.
[ Mark Russell ]
* debian/rules: build wget-udeb to install its binary as /usr/bin/wget
instead of /usr/bin/wget.gnu (LP: #1172101).
* new upstream release from 2014-01-19
Wget: fails with long file names in URLs Closes: #672131
Wget omits Host header for CONNECT Closes: #699337
Wget: Inaccurate catalan translation Closes: #697081
Cannot write to ... (Success) Closes: #716938
Regression: write error on wget -c for already fully retrieved file
Closes: #696700
wget: NTLM not supported Closes: #718262
wget --no-check-certificate does check certificate in certain conditions
Closes: #686837
* debian/control updated Standard-Version; no changes needed
* debian/rules fix configure option --with-libidn Closes: #728735
* 1.15 alpha version from 2013-11-02
- removed patches which are included now upstream:
wget-doc-fixitemx2item.patch
wget-doc-remove2.nv.patch
wget-doc-texi2pod_fixperl5.18change.patch
- included fixes for
Wget: fails with long file names in URLs Closes: #672131
Wget omits Host header for CONNECT Closes: #699337
Wget: Inaccurate catalan translation Closes: #697081
Cannot write to ... (Success) Closes: #716938
Regression: write error on wget -c for already fully retrieved file
Closes: #696700
wget: NTLM not supported Closes: #718262
wget --no-check-certificate does check certificate in certain conditions
Closes: #686837
* debian/control add Recommends ca-certificates to get
https URLs working. Closes: #712540
* debian/rules fix lintian warning dh-clean-k-is-deprecated
* Merge from Debian unstable, remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget.
- Build-depend on libssl-dev 0.9.8k-7ubuntu4
- Pass --with-ssl=openssl; there's no udeb for gnutls.
- Add a second build pass for the udeb, so we can build
with -Os and without libidn.
* Use dh_autotools-dev instead of custom config.{sub,guess} copy.
* fix manpage building error "Expected text after =item, not a number"
with texi2man.pl patch from upstream git:
http://git.savannah.gnu.org/cgit/wget.git/diff/?id=7f43748544f26008d0dd337704f02a6ed3200aaf
Closes: #724191
* build with GNUTLS 3.2 (libgnutls28-dev) to fix some https problems.
closes: #707555, #652480
* debian/watch from bartm added. Thank you!
* debian/control,rules switch to compact 9 and using system buildflags
* Merge from Debian unstable. Remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Depend on libssl-dev 0.9.8k-7ubuntu4
- Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
for it.
- Add a second build pass for the udeb, so we can build without libidn.
- d/rules: Compile with -Os and disabling NLS/DEBUG in udeb to reduce
code size.
- d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild
* fix changed Texinfo 5 itemx vs item behaviour
with patch wget-doc-fixitemx2item.patch
closes: #711028
* remove second -nv in manpage wget-doc-remove2.nv.patch
closes: #704085
* debian/control updated Standards-Version, no changes needed
* Merge from Debian unstable. Remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Depend on libssl-dev 0.9.8k-7ubuntu4
- Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
for it.
- Add a second build pass for the udeb, so we can build without libidn.
- d/rules: Compile with -Os and disabling NLS/DEBUG in udeb to reduce
code size.
- d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild
* new upstream release from 2012-08-07
- Add support for content-on-error. It allows to store the HTTP
payload on 4xx or 5xx errors. closes: #247985
- Fix a memory leak problem in the GNU TLS backend. closes: #642563
- Add support for TLS Server Name Indication. closes: #653267
* new alpha version 1.13.4.79-22f0 from 2012-07-14
* the former alpha problem "write error: Inappropriate ioctl
for device" with -O - closes: #681394
* alpha version 1.13.4.59-2b1dd from 2012-05-26
* debian/control using libuuid (warc.c) Thanks Tim for the hint.
closes: Bug#666160
* debian/ control updated Standard-Version, no changes needed
* removed upstream included patches:
- wget-fr.po-spelling-correction
- gnutls-client-cert
* Merge from Debian unstable, Remaining Changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Depend on libssl-dev 0.9.8k-7ubuntu4
- Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
for it.
- Add a second build pass for the udeb, so we can build without libidn.
- d/rules: Compile with -Os and disabling NLS/DEBUGin udeb to reduce
code size.
- d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild
[ Daniel Kahn Gillmor ]
* Support client-side certificates when using GnuTLS. Closes: #646983
[ Noël Köthe ]
* thx Daniel for your work with the gnutls-client-cert patch
* updated Standards-Version to 3.9.3; no changes needed
* debian/copyright updated upstream author to Giuseppe Scrivano
* Merge from Debian unstable, Remaining Changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Depend on libssl-dev 0.9.8k-7ubuntu4
- Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
for it.
- Add a second build pass for the udeb, so we can build without libidn.
- d/rules: Compile with -Os and disabling NLS/DEBUGin udeb to reduce
code size.
* d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild
* added hardened build flag. thx Moritz for the patch
closes: Bug#654908
* d/rules: Compile with -Os and disabling NLS/DEBUGin udeb to reduce
code size. (LP: #893308)
* Merge from Debian testing, remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Depend on libssl-dev 0.9.8k-7ubuntu4
- Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
for it.
- Add a second build pass for the udeb, so we can build without libidn.
* new upstream release 1.13.4 from 2011-09-17
* Merge from Debian unstable, remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Depend on libssl-dev 0.9.8k-7ubuntu4 (LP: #503339)
* Dropped changes, superseded in Debian:
- Keep build dependencies in main:
+ debian/control: remove info2man build-dep
+ debian/patches/series: disable wget-infopod_generated_manpage
- Mark wget Multi-Arch: foreign, so packages that aren't of the same arch
can depend on it.
* Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb for
it.
* Add a second build pass for the udeb, so we can build without libidn.
* new upstream release 1.13 from 2011-08-09
- updated wget-doc-remove-usr-local-in-wget.texi,
wget-fr.po-spelling-correction,
- removed wget-de.po-remove-double-quote-signs (latest de.po),
CVE-2010-2252 (included upstream), wget-zh_CN.po-translation-correction,
fix-paramter-spelling-error-in-wget.texi, refresh-pofiles
- disabled disable-SSLv2 for the first upload
see https://savannah.gnu.org/bugs/?33840
- includes latest po files. closes: Bug#607198
- bugs fixed with this release by upstream:
-- IDN support: wget www.köln.de works:) closes: Bug#542145
-- wildcard documentation of -X
closes: Bug#215128
-- wget -O - $URL says `-' saved but there is no file -
closes: Bug#353326
-- 'wget -c -N' ignores timestamps
closes: Bug#402001
-- missing a check for Subject Alternative Name (TLS cert.)
closes: Bug#409938
-- wget segfaults when server returns empty HTTP response code
closes: Bug#563872
-- wget: -A/-R vs. -O
closes: Bug#565942
-- Unterminated C string in http_atotm()
closes: Bug#581817
-- don't use PATH_MAX (FTBFS on hurd)
closes: Bug#595538
-- info page points to not documented --cookies option
closes: Bug#597468
-- SIGPIPE signal: wget over ssh orphans itself on ctrl+c
closes: Bug#598731
-- wget --backup-converted does not work
closes: Bug#624675
-- --adjust-extension renames .htm files
closes: Bug#626438
-- wget: Invalid russian translation
closes: Bug#502218
-- wget: shows only first 3 IP addresses of hostname
closes: Bug#612450
* debian/control correct spelling in description. closes: Bug#635241
* debian/control replace libssl-dev by libgnutls-dev in build dependency
* minor update on patch CVE-2010-2252 to mention former option
name --use-server-file-name. closes: #602008
* debian/control minor name change Noèl -> Noël ;)
* acknowledge NMUs. Thanks for your work Thorsten and Filippo
closes: #622032 #614373
* updated Standards-Version: to 3.9.2 without changes
* fixed lintian warning:
- debian-rules-missing-recommended-target
* debian/control add Multi-Arch: foreign
closes: #614203
* removing wget-infopod_generated_manpage to get the old/upstream
provided manpage and no the infopage as manpage. See 1.11.4-4
where it were changed. This will return some errors (incomplete
sentences, some missing parts) which are caused by texi2pod.
closes: #633702 #627468 #589993 #545091
* debian/control added libidn11-dev Build-Dep to get IDN support
closes: #536692 #542145
* debian/control changed FTP and HTTP to uppercase in the description
closes: #596358
* exit status is documented in the manpage. closes #179710
* --follow-ftp example in manpage made more accurate. closes #512578
* Merge from Debian unstable, remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Keep build dependencies in main:
+ debian/control: remove info2man build-dep
+ debian/patches/series: disable wget-infopod_generated_manpage
- Depend on libssl-dev 0.9.8k-7ubuntu4 (LP: #503339)
- Mark wget Multi-Arch: foreign, so packages that aren't of the same arch
can depend on it.
* Non-maintainer upload.
* debian/rules: move updating config.{guess,sub} from the clean
target to the config.status target to avoid unnecessarily
generating patch files with their content (these files are
now simply removed by the clean target)
* debian/patches/debian-changes-1.12-2: drop accordingly
* debian/patches/disable-SSLv2: new; debian/rules: pass the
new flag -DNO_SSLv2 to configure (Closes: #622032)
* debian/rules: clean away _all_ files changed during build;
debian/patches/refresh-pofiles: regenerate all pofiles, which
will also be done during package build (these changes are made
to keep the package buildable twice in a row)
* Add missing B-D on autotools-dev
* Upload by Noèl Köthe <noel@debian.org>;
* Convert all dpatch-based patches to quilt-based ones, thus fixing the
bug reported by Lucas Nussbaum (closes: #614373).
* Add one more patch fixing a typo in doc/wget.texi.
* Mark wget Multi-Arch: foreign, so packages that aren't of the same arch
can depend on it.
* Merge from debian unstable (LP: #403070), remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Keep build dependencies in main:
+ debian/control: remove info2man build-dep
+ debian/patches/00list: disable wget-infopod_generated_manpage.dpatch
- Depend on libssl-dev 0.9.8k-7ubuntu4 (LP: #503339)
* Dropped changes:
- SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
+ debian/patches/CVE-2010-2252.dpatch: don't use server names in
doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
+ This update changes previous behaviour by ignoring the filename
supplied by the server during redirects. To re-enable previous
behaviour, see the new --trust-server-names option.
+ CVE-2010-2252: fixed in debian
* Non-maintainer upload by the Security Team.
* Fixed CVE-2010-2252: use of server provided file name might lead to
overwriting arbitrary files. Thanks to Marc Deslauriers and the Ubuntu
Security team (Closes: #590296)
* acknoledge NMUs. Thanks for your work/help Matt and Anthony
closes: #574185
* debian/source/format switched to dpkg-source 3.0 (quilt) format
* Non-maintainer upload.
* Revised po/zh_CN.po based on
http://translationproject.org/PO-files/zh_CN/wget-1.12-pre6.zh_CN.po
to correct mistranslation of " eta " etc. closes: Bug#570528
* Revised po/de.po to removed extraneous doubled quote signs in German
locale. closes: Bug#571704
* debian/control updated Standards-Version to 3.8.4, no changes
* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
- debian/patches/CVE-2010-2252.dpatch: don't use server names in
doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
- This update changes previous behaviour by ignoring the filename
supplied by the server during redirects. To re-enable previous
behaviour, see the new --trust-server-names option.
- CVE-2010-2252
* Rebuild against libssl-dev 0.9.8k-7ubuntu4 to fix wget-udeb dependencies
(LP: #503339).
* Merge from debian testing, remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
* Keep build dependencies in main:
- debian/control: remove info2man build-dep
- debian/patches/00list: disable wget-infopod_generated_manpage.dpatch
* Non-maintainer upload.
* debian/rules remove usr/share/info/dir after installing closes: Bug#550217
* new upstream release from 2009-09-22
- fix CVE-2009-3490 "does not properly handle a '\0' character in a
domain name in the Common Name field of an X.509 certificate"
closes: Bug#549293
- updated config.{guess,sub} closes: Bug#528642
- remove IPv4 precedence from wget closes: Bug#481064
- support for IDN/IRI domains closes: Bug#405127
- fix output of non-verbose spider mode closes: Bug#338326
- fix --delete-after leaves robots.txt lying around
closes: Bug#288716
- fix misleading error message when using -O -
closes: Bug#250670
* debian/control updated Standards-Version to 3.8.3, no changes
* [17c7ed7] debian/copyright wget.texi is licensed under GFDL 1.2
(fixes lintian warning about non-versioned GFDL)
* [2ae02e0] debian/control debian/compat raising debhelper version to
5 (lintian warning)
* [a17c14f] debian/control added misc:Depends dependency (debhelper; lintian
warning)
* [2e68922] generating the pod from the info file now with info2pod to
have a complete documentation instead of the former one with broken
sentences. closes: Bug#326622
- wget: Data missing in man page. closes: Bug#175810
- wget: man page --no-proxy truncated. closes: Bug#347988
- wget: manpage incomplete. closes: Bug#218292
* updated Standards-Version (no changes needed)
* removed unneeded groff build dependency
* added O2 optimization. closes: Bug#415421
* remove unneded 00template file
* wget.info will be generated
* generate .pot file
* SECURITY UPDATE: SSL certificate bypass with NULL CN byte.
- debian/patches/security-CVE-2009-3490.dpatch: make sure there is no
NULL in the common-name in src/openssl.c.
- CVE-2009-3490
* Merge from Debian unstable (LP: #295181), Ubuntu remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
* debian/copyright added missing GFDL notice
(closes: #498145) Thanks Mike
* Merge from Debian unstable (LP: #249277), Ubuntu remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
* Modify Maintainer value to match Debian-Maintainer-Field Spec
* new upstream release from 2008-06-30
- fixed "Combination of -nc and -O options fails download"
(closes: #486647)
* debian/control: updated to Standards-Version: 3.8.0
* Merge from debian unstable, remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
* new upstream release from 2008-05-29
* debian/rules: added cross build support (closes: Bug#451285)
* Merge from debian unstable, remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
* new upstream release from 2008-05-01
- "The combination of -r or -p with -O, which was disallowed
in 1.11, has been downgraded to a warning in 1.11.2."
(closes: #475475)
* removed debian/patches/wget-de.po-spelling-correction
which was fixed by the upstream translation team
* new upstream release from 2008-03-24
* debian/control added Homepage field
* new upstream release fixes
- http server returns negative size (closes: #456259)
- documented feature --ignore-case is now there;)
(closes: #471499 #434700)
- Content-Disposition header (closes: #203241)
- many FTP 220 responses at once (closes: #407571)
- seg fault on amd64 (closes: #412586)
- outdated experimantal version (closes: #441738)
- HTTP and --contine (closes: #378691)
* corrected wget-de.po-spelling-correction
* no TODO file anymore, removed from debian/docs
* updated Standards-Version to 3.7.3
* updated debian/copyright to GPL v3
* Merge from debian unstable, remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Ubuntu Maintainer foobar.
* Generate a POT file (thanks Martin)
(closes: Bug#376075)
* added missing -O2 optimization
(closes: Bug#415421)
* removed unneeded groff build-dep
(closes: Bug#399478)
* corrected lintian warning debian-rules-sets-DH_COMPAT
* Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
* Merge to Debian unstable (only change: POT file generation).
* updating wget.texi from upstream svn (r2167)
this GFDL doc has the invariant sections removed
(closes: Bug#323099)
* updated Standards-Version to 3.7.2
* debian/rules: Generate a POT file, remove it in clean rule.
* new upstream release which fixes a NTLM Buffer Overflow Vulnerability
* rebuild against libssl 0.9.8
* 1.10.1 release from 2005-08-17
* 1.10.1beta1 release
* remove all patches included in this version from patches/
- wget-dont_pattern_match_server_redirects
- wget-E_html_behind_file_counting
- wget-fix_error--save-headers
* fixed assertion fails when manually setting cookies problem
(closes: Bug#316033)
* fixed --non-verbose in --help/documentation discrepancy
(closes: Bug#313091)
* fixed Internationalization is incomplete - only translation provided
(closes: Bug#148583)
* fixed Priority to important (from override)
* wget-fix_error--save-headers patch from upstream
(closes: Bug#314728)
* don't pattern-match server redirects patch from upstream
(closes: Bug#163243)
* correct de.po typos
(closes: Bug#313883)
* wget-E_html_behind_file_counting fix problem with adding the
numbers after the html extension
* updated Standards-Version: to 3.6.2
* new upstream release yippie;)
* using now dpatch for package changes
* long awaited large file system (LFS) is included
(closes: Bug#240281)
(closes: Bug#181634)
(closes: Bug#263455)
(closes: Bug#282413)
* double slash problem fixed
(closes: Bug#184415)
* length of body is now checked
(closes: Bug#271265)
* Crashes when parsing malformed directory listings from
FTP server fixed
(closes: Bug#279901)
* fixes ~ unsafe character
(closes: Bug#301624)
* fixed commas in directory names
(closes: Bug#215134)
* incorrect indication in the man page is now corrected
(closes: Bug#222695)
* fixed --limit-rate disabled when retrying a download
(closes: Bug#232276)
* --no-http-keep-alive option now in the doc
(closes: Bug#290887)
* fixed recursion breaks on <link> tag
(closes: Bug#310416)
* added (error) messages for syntax errors in .wgetrc
(closes: Bug#182523)
* fixed http basic auth fails if (empty) password is not specified
(closes: Bug#184463)
* removed @ chars in manpage
(closes: Bug#228437)
* added EXAMPLES section to the manpage
(closes: Bug#261526)
* added --retry-connrefused to manpage
(closes: Bug#268861)
* corrected paths of wgetrc
(closes: Bug#308171)
* reenabled ipv6 support
(closes: Bug#288385)
* ca.po from 2005-04-28 12:13+0200
(closes: Bug#296182)
* fixed https CONNECT proxying
(closes: Bug#284550)
* fixed --limit-rate option is ignored when resizing the xterm
(closes: Bug#153652)
* fixed -m sets atimet to remote mtime
(closes: Bug#32712)
* reverted symlink patch from Adam
(closes: Bug#310318)
* applied backported patch from Hrvoje Niksic/upstream from wget 1.10
to fix symlink attack (CAN-2004-2014)
(closes: #308622)
* added missing CAN numbers to -11 changelog
(http://lists.debian.org/debian-release/2005/05/msg00385.html)
* Non-maintainer upload.
* Fix symlink attack (CAN-2004-2014) (closes: #308622)
* Removed erroneous chmod 0600 on target file in ftp.c. This is not needed.
There is a reason that we have a umask.
* going back to -8 status to have minimal changes to current
sarge version
* backported fixes from Hrvoje Niksic/upstream from wget 1.10
cvs version (thanks a lot Hrvoje Niksic!):
- adds the filtering of control chars
CAN-2004-1488
(closes: Bug#261755)
- prevents hosts named ".." from writing to ../. and
prevents "%00" truncating C strings that hold URLs
CAN-2004-1487
(closes: Bug#284875)
* removed unneeded texi2html build-dep
(closes: Bug#305425)
* stupid forgotten dpatch build-dep
(closes: Bug#279256)
* back to dpatch again because this version will not go into sarge.;)
* removed dpatch again because release team doesn't want
such substantial changes
(closes: Bug#274810)
* using dpatch to make it easier to maintain all the applied
patches
* removed README.build because its all now in the patched
* added patch from Jan Minar <jjminar fastmail.fm> which corrects
his own patch to have it multibyte aware
(Thanks again a lot for your help Jan!)
(closes: Bug#271931)
(closes: Bug#272889)
* added patch from Jan Minar <jjminar fastmail.fm> which corrects
the parsing/filtering of answer from servers (CAN-2004-0912)
(Thanks a lot for your help Jan!)
(closes: Bug#261755)
* documenting incompatibility of -k and -O
(closes: Bug#197916)
* made passive the default. sorry forgot again.:(
* corrected charset in de.po (thx Michael)
(closes: Bug#225528)
* updated fr.po and corrected the requested words
(closes: Bug#181788)
* --limit-rate is in the manpage
(closes: Bug#222033)
* disabled ipv6 again because its broken on ipv4 only
there is a better implementation in the cvs (try wget-cvs
from experimental)
(closes: Bug#223205)
* removed -D_LARGEFILE_SOURCE from CFLAGS because upstream
told me it makes problems.
* ipv6 were disabled by default. reenabled it.
* correct charset of german locale
(closes: Bug#221516)
* corrected upstream name and E-mail address in debian/copyright
* corrected path of config file in /etc/wgetrc
(closes: Bug#219989)
* fixed wget urldecodes twice a filename
(closes: Bug#218022)
* fixed erroneously uses absolute path names
(closes: Bug#215159)
* new upstream release from 2003-10-22
* problem with invalid command line were fixed
(closes: Bug#173597)
* msecs >= 0 / the problem when the clock changed
during a dowmload were fixed
(closes: Bug#150522)
* "wget -O - url >> foo overwrites foo" problem is fixed
(closes: Bug#182398)
* "wget [1]+" is fixed now
(closes: Bug#178430)
* the 307 code were added today to the cvs
(closes: Bug#202825)
* cookie download has been fixed
(closes: Bug#195878)
* spelling error in manpage were fixed
(closes: Bug#193358)
* "`Please' undeclared (first use in this function)" warnings
are fixed in 1.9. explanation from author:
"This problem no longer exists in the 1.9 code base, because
the erroris no longer being thrown. (It caused problems when
a library includeincluded <ctype.h>, which under glibc does
some very heavypreprocessor magic.)Anyway, thanks for the patch."
(closes: Bug#208697)
* "unsafe" characters problem fixed
(closes: Bug#114432)
* multi download of the same file problem is fixed
(closes: Bug#210224)
* limit rate problem with 1k is fixed
(closes: Bug#214317)
* window size is set automatical now. if this isn't enough pleas tell me.
(closes: Bug#149075)
* support now --post-data=action=brush_teeth (just an example)
(closes: Bug#132699)
* correct documentation: removed not needed parenthesized subsentence
(closes: Bug#217230)
* 1.9 changed the "--tries" documentation and its now correct
(closes: Bug#217227)
* spaces in ftp password works now
(closes: Bug#212642)
* updated Standards-Version
* converted changelog, control and copyrigh to utf-8
* added patch from Philip Stadermann to fix segfault when
downloading from ftp with this command:
wget --passive-ftp --limit-rate 32k -r -nc -l 50 \
-X */binary-alpha,*/binary-powerpc,*/source,*/incoming \
-R alpha.deb,powerpc.deb,diff.gz,.dsc,.orig.tar.gz \
ftp://ftp.gwdg.de/pub/x11/kde/stable/3.1.4/Debian
thx Philip
* added --tries default to documentation
(closes: Bug#181150)
* changed one line description of wget from "GNU Wget Manual" to
"commandline tool for retrieving files using HTTP, HTTPS and FTP"
(closes: Bug#187455)
* updated Standards-Version
* upload for rebuild on m68k
* rebuild against libssl0.9.7
* fixed Directory Traversal Vulnerabilities security
problem described in
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html
(closes: Bug#172603)
woody is handled by the security team and will follow soon.
* updated config.guess and config.sub for mips/mipsel
(closes: Bug#172457)
* applied patch from Baruch Even <baruch@d.o> to fix
seg fault with special url line reported by
Stefano Zacchiroli <zack@d.o>. Thanks!!
* applied ipv6 patch from Fabio Massimo Di Nitto
(closes: Bug#162046)
* removed debian/conffile because /etc/wgetrc ist included
by debhelper
(closes: Bug#155789)
* added largefile support patch from Eduard Bloch
(closes: Bug#137989)
* corrected .netrc parsing bug
(closes: Bug#152990)
* corrected wgetrc path in /etc/wgetrc
(closes: Bug#148575)
* forgot to add ssl build-deps;
add libssl-dev and texi2html to build-depends
(closes: Bug#148481)
* new upstream 1.8.2 from 2002-05-26
* added OpenSSL exception to debian/copyright
* wget has now an OpenSSL exception and crypto into main
is allowed so this version is build with https: support
* upstream fixed problem with segfault when using wrong
URLs
(closes: Bug#139059)
(closes: Bug#140076)
* upstream documented --limit-rate
(closes: Bug#147009)
* passive_ftp = on in /etc/wgetrc
(closes: Bug#105278)
* --reject option in the dosumentation has now a link to
"Types of Files" where pattern is described.
(closes: Bug#135498)
* added upstream patch to correct wrong return
(closes: Bug#117774)
* since 1.8x you can use .netrc to store machine dependant
accounts
(closes: Bug#114366)
* upstream provided a patch for the documentation which
warns of passwords in process list
(closes: Bug#106361)
* addedpatch from Junichi Uekawa, which gives out a warning
when using -np, to have no broken option potato -> woody
(closes: Bug#140564)
* corrected some typos in description
(closes: Bug#137512)
* removed texi2html (not needed anymore)
(closes: Bug#135497)
* closing fixed problem in v 1.8.1
(closes: Bug#61433)
* added texinfo to Build-Deps
(closes: Bug#134830)
* fixed problem with wget info page
(closes: Bug#134855)
* corrected parsing of .netrc
(closes: Bug#134463)
* will close the fixed bugs of wget tomorrow
* if crypto will be allowed in main,I will remove wget-ssl
and compile wget with ssl support
* corrected references to global config file in manpage
(closes: Bug#133701)
* added an upstream patch to make DO_REALLOC_FROM_ALLOCA
in wget.h work
* added an upstream patch to correct quotations of : and @
in username and password
(closes: Bug#88314)
* added an upstream patch to correct handling of
<meta http-equiv=Refresh> (without "a content")
* took the package
* corrected dependencies. Sorry.
* NMU
with help from Guillaume Morin <gemorin@debian.org>
* new upstream version
(closes: Bug#123878)
* updated description with description from homepage
* closing Bugs checked by Guillaume Morin <gemorin@debian.org>:
Thanks to him for this work.
(closes: Bug#43857)
(closes: Bug#48727)
(closes: Bug#58899)
(closes: Bug#117898)
(closes: Bug#117970)
(closes: Bug#119838)
(closes: Bug#130281)
* It now exits with non-zero status if an unkwnown option was given
(closes:Bug#108334).
* Added updated Japanese translation contributed by
Hiroyuki YAMAMORI <h-yamamo@db3.so-net.ne.jp> (closes:Bug#116197).
* Non-maintainer upload
* Incorporate drow's patch. Uses __va_copy() to prevent segfaults on
powerpc due to by-reference passing of va_list's.
(closes:Bug#109348)
* It now calls daemon(3) when working in the background (-b). This makes
wget close stdin/stdout/stderr and puts the background process in a new
session. This made ssh hang when one started `wget -b' and logged out.
* Minor fix to Spanish translation.
* Made it print numbers using the proper locale symbols for the decimal
separator and thousands grouping.
* New upstream release (closes:Bug#102424,Bug#100154).
* The manpage is now automatically generated from the texinfo source.
I've readded the EXAMPLES section to it. Configuration file options
and conceptual descriptions are only in the info docs for now (so
this closes:Bug#97484, which was about an error in the documented startup
options) and...
* In the new manpage -U is documented (closes:Bug#92663).
* Passive_ftp option not in manpage, but there are no more config
options there! (closes:Bug#97982).
* It now correctly prints accented characters (closes:Bug#97582).
* Added build-depends for perl, since wget now uses pod2man.
* Merged the new upstream Spanish translation with my old one.
* Fixed a message in http.c so it can be translated properly.
* Really updated Spanish messages.
* Fixed SIGSEGV when doing: wget -nv -r --passive-ftp '#asda:asdasd'
(closes:Bug#81536).
* New upstream release (closes:Bug#81130).
* This version seems to properly converts HTML entities
(closes:Bug#65790).
* Now supports non-compliant redirections with a relative URL in their
Location: headers (closes:Bug#62431,Bug#64449).
* It now longer converts // in URLs to / outside of the path area of the
URL (closes:Bug#61386).
* Updated Spanish translation.
* Updated manpage to 1.6 version.
* Merged previous Debian patches to this new release.
* The sort version of the --cache option was missing from the getopt
invocation, now -C works (closes:Bug#67106).
* Added `setlocale (LC_CTYPE, "")' to enable the display of non-ASCII
characters in localized messages.
* Fixes to German translation contributed by
Jonathan Picht <jonathan.picht@web.de> (closes:Bug#80841).
* Added build-time dependency on gettext.
* Updated Spanish messages with contribution from
Carlos Horny <angus@quovadis.com.ar>.
* Added groff as a build-dependency (closes:Bug#72471).
* Changed fix for not including for the upstream version, just to keep the
code similar.
* Selected patches from the upstream CVS 'eternal beta' version.
* Fixed small memory leak.
* Why does it free memory allocated with alloca()? Fixed.
* Follow "<link href=" and "<script src=" (closes:Bug#69162,Bug#37273).
* Follows correctly links with two '#' markers. The fix was completelly
broken upstream.
* Function store_hostaddress in host.c wasn't 64 bit clean. Better
fix than upstream's: Use the proper 32 bit type for the IPv4 address
instead of using whatever the architecture has as an `unsigned long'
and adding "sizeof (unsigned long) - 4" to the pointer (eew!).
Replace obsolete function inet_addr with inet_aton.
* Started Spanish translation. It's incomplete, but it will improve.
* Do not add :80 to Host header to cope with broken HTTP servers
(closes:Bug#39346).
* Added Build-Depends header.
* Uses standard texi2html from the Debian package.
* Added --base option to info documentation with text taken from the
manpage. Uhm.. someone needs to keep this info file upto-date with the
manpage... perhaps I should remove the info docs.. =) =)
(closes: Bug#39808).
* Added Janapese messages from ja-tans package (closes:Bug#43847).
* Added `--cut-dirs' to manpage (closes:Bug#42129).
* Moved docs under /usr/share.
* Updated `Standards-Version' to 3.0.1.
* Added call to dh_clean, it was generating repeating maintainer scripts
without that! =).
* Updated copyright file.
* Removed redundant menu entry (closes:Bug#42510).
* Updated maintainer address.
* Switched to debhelper.
* Added doc-base support (closes: #31165).
* Added define needed to get strptime prototype.
* Added the AUTHORS file to /usr/doc/wget.
* fix bug #33624 (of severity 'Important' for security reasons).
* Uses src/ChangeLog as upstream changelog.
* Added `SHELL=/bin/bash' to debian/rules.
* Changed references to /usr/local/etc/wgetrc to /etc/wgetrc.
* New upstream release, fixes bug #26989.
* Stripped .note and .comment sections from binary.
* Added a short disclaimer to manpage. There will probably be more
changes when I have the time.
* Really changed maintainer now.
* New upstream release.
* Updated manpage.
* Improved an error message.
* Readded manpage (removed upstream, needs updating).
* Moved html to html subdir and updated menu file.
* Updated copyright file.
* Taken over by me =).
* New upstream release.
* Register html documentation with dwww.
* Fixed location of config file (bugs #13722, #11359).
* Fixed `*.info' installation.
* Removed useless README.debian.
* Removed generated html files from diff.
* Built with libc6.
* Keep files' date.
* Added AUTHOR information to copyright file.
* Added MAILING-LIST, TODO and ChangeLog (as changelog.gz) to installed
documentation.
* Many packaging fixes.
* New upstream release (non-maintainer upload), fixes bugs #9865,#10421.
* Closes bug #8370: applied small patch by the upstream author
* Hrvoje Niksic <hniksic@srce.hr>.
* Patch sent to me by Barak Pearlmutter <bap@cs.unm.edu>.
* Closes bug #8335: wget man page was referring to /usr/local/lib/wgetrc
* instead of /etc/wgetrc (corrected also for the html documentation).
* Closed bug #7977: corrected md5sum for files README, README.debian,
* changelog.Debian, and buildinfo.Debian.
* Closed bug #7868: size of the *.html document is not against the
* policy.
* Bug #7865 fixed: withdrawn unnecessary message in postint.
* Bug #7768 fixed: wget.info gets installed now.
* New upstream version.
* New upstream version.
* New maintainer.
* Initial Release.