Author: Dmitry Shachnev
Revision Date: 2015-01-13 17:51:26 UTC

* Merge with Debian experimental, remaining changes:
  - Add wget-udeb to ship wget as alternative to busybox wget.
  - Build-Depend on libssl-dev instead of libgnutls28-dev.
  - Pass --with-ssl=openssl; there's no udeb for gnutls.
  - Add a second build pass for the udeb, so we can build with -Os and
    without libidn.
  - Use dh_autotools-dev instead of custom config.{sub,guess} copy.
  - Don't build with libpsl-dev, which is in universe.
* Drop fix-openssl-implicit-decl-warning.patch, applied upstream.

Author: Dmitry Shachnev
Revision Date: 2015-01-13 17:51:26 UTC

* Merge with Debian experimental, remaining changes:
  - Add wget-udeb to ship wget as alternative to busybox wget.
  - Build-Depend on libssl-dev instead of libgnutls28-dev.
  - Pass --with-ssl=openssl; there's no udeb for gnutls.
  - Add a second build pass for the udeb, so we can build with -Os and
    without libidn.
  - Use dh_autotools-dev instead of custom config.{sub,guess} copy.
  - Don't build with libpsl-dev, which is in universe.
* Drop fix-openssl-implicit-decl-warning.patch, applied upstream.

Author: Dmitry Shachnev
Revision Date: 2015-01-13 17:51:26 UTC

* Merge with Debian experimental, remaining changes:
  - Add wget-udeb to ship wget as alternative to busybox wget.
  - Build-Depend on libssl-dev instead of libgnutls28-dev.
  - Pass --with-ssl=openssl; there's no udeb for gnutls.
  - Add a second build pass for the udeb, so we can build with -Os and
    without libidn.
  - Use dh_autotools-dev instead of custom config.{sub,guess} copy.
  - Don't build with libpsl-dev, which is in universe.
* Drop fix-openssl-implicit-decl-warning.patch, applied upstream.

Author: Marc Deslauriers
Revision Date: 2014-10-30 10:02:13 UTC

* SECURITY UPDATE: remote code execution via absolute path traversal
  vulnerability in FTP
  - debian/patches/CVE-2014-4877.patch: don't create local symlinks in
    src/init.c, check for duplicate file nodes in src/ftp.c, updated
    documentation in doc/wget.texi.
  - CVE-2014-4877

Author: Marc Deslauriers
Revision Date: 2014-10-30 10:02:13 UTC

* SECURITY UPDATE: remote code execution via absolute path traversal
  vulnerability in FTP
  - debian/patches/CVE-2014-4877.patch: don't create local symlinks in
    src/init.c, check for duplicate file nodes in src/ftp.c, updated
    documentation in doc/wget.texi.
  - CVE-2014-4877

Author: Marc Deslauriers
Revision Date: 2014-10-30 10:02:13 UTC

* SECURITY UPDATE: remote code execution via absolute path traversal
  vulnerability in FTP
  - debian/patches/CVE-2014-4877.patch: don't create local symlinks in
    src/init.c, check for duplicate file nodes in src/ftp.c, updated
    documentation in doc/wget.texi.
  - CVE-2014-4877

Author: Marc Deslauriers
Revision Date: 2014-10-30 10:02:13 UTC

* SECURITY UPDATE: remote code execution via absolute path traversal
  vulnerability in FTP
  - debian/patches/CVE-2014-4877.patch: don't create local symlinks in
    src/init.c, check for duplicate file nodes in src/ftp.c, updated
    documentation in doc/wget.texi.
  - CVE-2014-4877

Author: Marc Deslauriers
Revision Date: 2014-10-30 10:08:40 UTC

* SECURITY UPDATE: remote code execution via absolute path traversal
  vulnerability in FTP
  - debian/patches/CVE-2014-4877.patch: don't create local symlinks in
    src/init.c, check for duplicate file nodes in src/ftp.c, updated
    documentation in doc/wget.texi.
  - CVE-2014-4877

Author: Marc Deslauriers
Revision Date: 2014-10-30 10:10:03 UTC

* SECURITY UPDATE: remote code execution via absolute path traversal
  vulnerability in FTP
  - debian/patches/CVE-2014-4877.dpatch: don't create local symlinks in
    src/init.c, check for duplicate file nodes in src/ftp.c, updated
    documentation in doc/wget.texi.
  - CVE-2014-4877

Author: Marc Deslauriers
Revision Date: 2014-10-30 10:10:03 UTC

* SECURITY UPDATE: remote code execution via absolute path traversal
  vulnerability in FTP
  - debian/patches/CVE-2014-4877.dpatch: don't create local symlinks in
    src/init.c, check for duplicate file nodes in src/ftp.c, updated
    documentation in doc/wget.texi.
  - CVE-2014-4877

Author: Marc Deslauriers
Revision Date: 2014-10-30 10:08:40 UTC

* SECURITY UPDATE: remote code execution via absolute path traversal
  vulnerability in FTP
  - debian/patches/CVE-2014-4877.patch: don't create local symlinks in
    src/init.c, check for duplicate file nodes in src/ftp.c, updated
    documentation in doc/wget.texi.
  - CVE-2014-4877

Author: Colin Watson
Revision Date: 2014-06-23 16:43:44 UTC

[ Mark Russell ]
debian/rules: build wget-udeb to install its binary as /usr/bin/wget
instead of /usr/bin/wget.gnu (LP: #1172101).

Author: Colin Watson
Revision Date: 2014-02-07 17:42:45 UTC

[ Colin Watson ]
* Resynchronise with Debian. Remaining changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget.
  - Build-depend on libssl-dev 0.9.8k-7ubuntu4.
  - Pass --with-ssl=openssl; there's no udeb for gnutls.
  - Add a second build pass for the udeb, so we can build with -Os and
    without libidn.
  - Use dh_autotools-dev instead of custom config.{sub,guess} copy.

[ Mark Russell ]
* debian/rules: build wget-udeb to install its binary as /usr/bin/wget
  instead of /usr/bin/wget.gnu (LP: #1172101).

Author: Colin Watson
Revision Date: 2014-02-07 17:42:45 UTC

[ Colin Watson ]
* Resynchronise with Debian. Remaining changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget.
  - Build-depend on libssl-dev 0.9.8k-7ubuntu4.
  - Pass --with-ssl=openssl; there's no udeb for gnutls.
  - Add a second build pass for the udeb, so we can build with -Os and
    without libidn.
  - Use dh_autotools-dev instead of custom config.{sub,guess} copy.

[ Mark Russell ]
* debian/rules: build wget-udeb to install its binary as /usr/bin/wget
  instead of /usr/bin/wget.gnu (LP: #1172101).

Author: Colin Watson
Revision Date: 2014-02-07 17:42:45 UTC

[ Colin Watson ]
* Resynchronise with Debian. Remaining changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget.
  - Build-depend on libssl-dev 0.9.8k-7ubuntu4.
  - Pass --with-ssl=openssl; there's no udeb for gnutls.
  - Add a second build pass for the udeb, so we can build with -Os and
    without libidn.
  - Use dh_autotools-dev instead of custom config.{sub,guess} copy.

[ Mark Russell ]
* debian/rules: build wget-udeb to install its binary as /usr/bin/wget
  instead of /usr/bin/wget.gnu (LP: #1172101).

Author: oussama
Revision Date: 2013-07-18 14:29:40 UTC

* Merge from Debian unstable. Remaining changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget
    implementation.
  - Depend on libssl-dev 0.9.8k-7ubuntu4
  - Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
    for it.
  - Add a second build pass for the udeb, so we can build without libidn.
  - d/rules: Compile with -Os and disabling NLS/DEBUG in udeb to reduce
    code size.
  - d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild

Author: oussama
Revision Date: 2013-07-18 14:29:40 UTC

* Merge from Debian unstable. Remaining changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget
    implementation.
  - Depend on libssl-dev 0.9.8k-7ubuntu4
  - Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
    for it.
  - Add a second build pass for the udeb, so we can build without libidn.
  - d/rules: Compile with -Os and disabling NLS/DEBUG in udeb to reduce
    code size.
  - d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild

Author: Clint Byrum
Revision Date: 2012-11-07 17:27:46 UTC

* Merge from Debian unstable. Remaining changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget
    implementation.
  - Depend on libssl-dev 0.9.8k-7ubuntu4
  - Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
    for it.
  - Add a second build pass for the udeb, so we can build without libidn.
  - d/rules: Compile with -Os and disabling NLS/DEBUG in udeb to reduce
    code size.
  - d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild
* new upstream release from 2012-08-07
  - Add support for content-on-error. It allows to store the HTTP
    payload on 4xx or 5xx errors. closes: #247985
  - Fix a memory leak problem in the GNU TLS backend. closes: #642563
  - Add support for TLS Server Name Indication. closes: #653267
* new alpha version 1.13.4.79-22f0 from 2012-07-14
* the former alpha problem "write error: Inappropriate ioctl
  for device" with -O - closes: #681394
* alpha version 1.13.4.59-2b1dd from 2012-05-26
* debian/control using libuuid (warc.c) Thanks Tim for the hint.
  closes: Bug#666160
* debian/ control updated Standard-Version, no changes needed
* removed upstream included patches:
  - wget-fr.po-spelling-correction
  - gnutls-client-cert

Author: Clint Byrum
Revision Date: 2012-11-07 09:11:39 UTC

* Merge from Debian unstable. Remaining changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget
    implementation.
  - Depend on libssl-dev 0.9.8k-7ubuntu4
  - Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
    for it.
  - Add a second build pass for the udeb, so we can build without libidn.
  - d/rules: Compile with -Os and disabling NLS/DEBUG in udeb to reduce
    code size.
  - d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild

Author: Clint Byrum
Revision Date: 2012-11-07 09:11:39 UTC

* Merge from Debian unstable. Remaining changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget
    implementation.
  - Depend on libssl-dev 0.9.8k-7ubuntu4
  - Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
    for it.
  - Add a second build pass for the udeb, so we can build without libidn.
  - d/rules: Compile with -Os and disabling NLS/DEBUG in udeb to reduce
    code size.
  - d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild

Author: Clint Byrum
Revision Date: 2012-06-14 22:23:55 UTC

* Merge from Debian unstable, Remaining Changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget
    implementation.
  - Depend on libssl-dev 0.9.8k-7ubuntu4
  - Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
    for it.
  - Add a second build pass for the udeb, so we can build without libidn.
  - d/rules: Compile with -Os and disabling NLS/DEBUGin udeb to reduce
    code size.
  - d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild
* Support client-side certificates when using GnuTLS. Closes: #646983
* thx Daniel for your work with the gnutls-client-cert patch
* updated Standards-Version to 3.9.3; no changes needed
* debian/copyright updated upstream author to Giuseppe Scrivano

Author: Clint Byrum
Revision Date: 2012-06-14 12:29:44 UTC

* Merge from Debian unstable, Remaining Changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget
    implementation.
  - Depend on libssl-dev 0.9.8k-7ubuntu4
  - Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
    for it.
  - Add a second build pass for the udeb, so we can build without libidn.
  - d/rules: Compile with -Os and disabling NLS/DEBUGin udeb to reduce
    code size.
  - d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild

Author: Clint Byrum
Revision Date: 2012-02-10 17:01:43 UTC

* Merge from Debian unstable, Remaining Changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget
    implementation.
  - Depend on libssl-dev 0.9.8k-7ubuntu4
  - Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
    for it.
  - Add a second build pass for the udeb, so we can build without libidn.
  - d/rules: Compile with -Os and disabling NLS/DEBUGin udeb to reduce
    code size.
* d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild

Author: Steve Langasek
Revision Date: 2011-10-19 00:00:12 UTC

releasing version 1.13-1ubuntu1

Author: Steve Langasek
Revision Date: 2011-05-17 19:46:25 UTC

* Merge from Debian unstable, remaining changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget
    implementation.
  - Keep build dependencies in main:
    + debian/control: remove info2man build-dep
    + debian/patches/series: disable wget-infopod_generated_manpage
  - Depend on libssl-dev 0.9.8k-7ubuntu4 (LP: #503339)
  - Mark wget Multi-Arch: foreign, so packages that aren't of the same arch
    can depend on it.

Author: Peter Pearse
Revision Date: 2011-05-13 14:28:36 UTC

Pass --with-ssl for cross builds.

Author: Steve Langasek
Revision Date: 2011-02-20 10:58:10 UTC

releasing version 1.12-2.1ubuntu2

Author: Marc Deslauriers
Revision Date: 2010-09-03 09:19:11 UTC

* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
  - debian/patches/CVE-2010-2252.dpatch: don't use server names in
    doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
  - This update changes previous behaviour by ignoring the filename
    supplied by the server during redirects. To re-enable previous
    behaviour, see the new --trust-server-names option.
  - CVE-2010-2252

Author: Marc Deslauriers
Revision Date: 2010-09-01 10:32:54 UTC

* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
  - debian/patches/CVE-2010-2252.dpatch: don't use server names in
    doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
  - This update changes previous behaviour by ignoring the filename
    supplied by the server during redirects. To re-enable previous
    behaviour, see the new --trust-server-names option.
  - CVE-2010-2252

Author: Marc Deslauriers
Revision Date: 2010-09-01 10:32:54 UTC

* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
  - debian/patches/CVE-2010-2252.dpatch: don't use server names in
    doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
  - This update changes previous behaviour by ignoring the filename
    supplied by the server during redirects. To re-enable previous
    behaviour, see the new --trust-server-names option.
  - CVE-2010-2252

Author: Marc Deslauriers
Revision Date: 2010-09-01 11:40:38 UTC

* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
  - debian/patches/CVE-2010-2252.dpatch: don't use server names in
    doc/wget.texi, src/{http.c,init.c,main.c,options.h,retr.*}.
  - This update changes previous behaviour by ignoring the filename
    supplied by the server during redirects. To re-enable previous
    behaviour, see the new --trust-server-names option.
  - CVE-2010-2252

Author: Marc Deslauriers
Revision Date: 2010-09-01 11:40:38 UTC

* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
  - debian/patches/CVE-2010-2252.dpatch: don't use server names in
    doc/wget.texi, src/{http.c,init.c,main.c,options.h,retr.*}.
  - This update changes previous behaviour by ignoring the filename
    supplied by the server during redirects. To re-enable previous
    behaviour, see the new --trust-server-names option.
  - CVE-2010-2252

Author: Marc Deslauriers
Revision Date: 2010-09-01 11:20:17 UTC

* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
  - debian/patches/CVE-2010-2252.dpatch: don't use server names in
    doc/wget.texi, src/{http.c,init.c,main.c,options.h,retr.*}.
  - This update changes previous behaviour by ignoring the filename
    supplied by the server during redirects. To re-enable previous
    behaviour, see the new --trust-server-names option.
  - CVE-2010-2252

Author: Marc Deslauriers
Revision Date: 2010-09-01 11:20:17 UTC

* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
  - debian/patches/CVE-2010-2252.dpatch: don't use server names in
    doc/wget.texi, src/{http.c,init.c,main.c,options.h,retr.*}.
  - This update changes previous behaviour by ignoring the filename
    supplied by the server during redirects. To re-enable previous
    behaviour, see the new --trust-server-names option.
  - CVE-2010-2252

Author: Marc Deslauriers
Revision Date: 2010-09-01 11:01:02 UTC

* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
  - debian/patches/CVE-2010-2252.dpatch: don't use server names in
    doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
  - This update changes previous behaviour by ignoring the filename
    supplied by the server during redirects. To re-enable previous
    behaviour, see the new --trust-server-names option.
  - CVE-2010-2252

Author: Marc Deslauriers
Revision Date: 2010-09-01 11:01:02 UTC

* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
  - debian/patches/CVE-2010-2252.dpatch: don't use server names in
    doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
  - This update changes previous behaviour by ignoring the filename
    supplied by the server during redirects. To re-enable previous
    behaviour, see the new --trust-server-names option.
  - CVE-2010-2252

Author: Colin Watson
Revision Date: 2010-01-05 16:33:02 UTC

releasing version 1.12-1.1ubuntu2

Author: Pedro Fragoso
Revision Date: 2008-11-05 03:41:48 UTC

* Merge from Debian unstable (LP: #295181), Ubuntu remaining changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget
    implementation.

Author: Pedro Fragoso
Revision Date: 2008-07-01 11:58:02 UTC

* Merge from Debian unstable (LP: #249277), Ubuntu remaining changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget
    implementation.
* Modify Maintainer value to match Debian-Maintainer-Field Spec

Author: Fabio Massimo Di Nitto
Revision Date: 2007-06-18 10:20:55 UTC

* Merge from debian unstable, remaining changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget
    implementation.
  - Ubuntu Maintainer foobar.

Author: Fabio Massimo Di Nitto
Revision Date: 2007-06-18 10:20:55 UTC

* Merge from debian unstable, remaining changes:
  - Add wget-udeb to ship wget.gnu as alternative to busybox wget
    implementation.
  - Ubuntu Maintainer foobar.

Author: Fabio Massimo Di Nitto
Revision Date: 2006-12-13 11:41:09 UTC

Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.

Author: Martin Pitt
Revision Date: 2006-06-30 08:34:48 UTC

Merge to Debian unstable (only change: POT file generation).

Author: Martin Pitt
Revision Date: 2006-05-04 04:50:47 UTC

debian/rules: Generate a POT file, remove it in clean rule.

Author: Noël Köthe
Revision Date: 2005-06-26 16:46:25 UTC

* wget-fix_error--save-headers patch from upstream
  (closes: Bug#314728)
* don't pattern-match server redirects patch from upstream
  (closes: Bug#163243)
* correct de.po typos
  (closes: Bug#313883)
* wget-E_html_behind_file_counting fix problem with adding the
  numbers after the html extension
* updated Standards-Version: to 3.6.2

Author: Adam Conrad
Revision Date: 2005-03-31 03:54:54 UTC

* Added wget-el.po-update.dpatch:
  - Update Greek translation to prevent a segfault
  - Fixes Ubuntu bug #7940

Author: Noël Köthe
Revision Date: 2004-02-13 20:26:44 UTC

* made passive the default. sorry forgot again.:(
* corrected charset in de.po (thx Michael)
  (closes: Bug#225528)
* updated fr.po and corrected the requested words
  (closes: Bug#181788)
* --limit-rate is in the manpage
  (closes: Bug#222033)

Author: Marc Deslauriers
Revision Date: 2009-10-05 14:43:54 UTC

* SECURITY UPDATE: SSL certificate bypass with NULL CN byte.
  - debian/patches/security-CVE-2009-3490.dpatch: make sure there is no
    NULL in the common-name in src/openssl.c.
  - CVE-2009-3490

Author: Marc Deslauriers
Revision Date: 2009-10-05 14:43:54 UTC

* SECURITY UPDATE: SSL certificate bypass with NULL CN byte.
  - debian/patches/security-CVE-2009-3490.dpatch: make sure there is no
    NULL in the common-name in src/openssl.c.
  - CVE-2009-3490

Author: Marc Deslauriers
Revision Date: 2009-10-05 14:32:57 UTC

* SECURITY UPDATE: SSL certificate bypass with NULL CN byte.
  - debian/patches/security-CVE-2009-3490.dpatch: make sure there is no
    NULL in the common-name in src/openssl.c.
  - CVE-2009-3490

Author: Martin Pitt
Revision Date: 2005-10-14 11:21:53 UTC

* SECURITY UPDATE: Remote arbitrary code execution.
* Add debian/patches/wget-ntml-overflow:
  - src/http_ntlm.c: Make sure that the user and domain strings fit in the
    target buffer before copying them there, to avoid buffer overflow.
* CAN-2005-3185

Author: Ian Jackson
Revision Date: 2005-09-05 16:21:42 UTC

Fix for broken use of realloc in security update in
wget-filter-controls.patch.v3--multibyte-aware patch.
Fixes ubuntu bug 12604.

Author: Martin Pitt
Revision Date: 2005-06-28 10:35:59 UTC

* SECURITY UPDATE: Fix arbitrary file overwriting and code execution.
* CAN-2004-1487:
  - Prevent hosts named ".." from writing to ../.
  - Prevent "%00" truncating C strings that hold URLs.
  - Patch backported from 1.10 release.
* CAN-2004-1488:
  - Filter and escape untrusted HTTP response strings.
  - Patch backported from 1.10 release.
* CAN-2004-2014:
  - Open output files with O_EXCL and give up if that fails. This prevents
    the overwriting of arbitrary files by creating a symlink between the
    output file name determination and the actual creation.
  - Patch backported from 1.10 release.