ubuntu/+source/wget:ubuntu/trusty-security

Last commit made on 2019-04-09
Get this branch:
git clone -b ubuntu/trusty-security https://git.launchpad.net/ubuntu/+source/wget
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-security
Repository:
lp:ubuntu/+source/wget

Recent commits

aebaabf... by Leonidas S. Barbosa on 2019-04-08

Import patches-unapplied version 1.15-1ubuntu1.14.04.5 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1ac66bae109d93c4ad13e0788276a1361483e23c

New changelog entries:
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-5953-*.patch: fix in
      src/iri.c.
    - CVE-2019-5953

1ac66ba... by Leonidas S. Barbosa on 2018-05-08

Import patches-unapplied version 1.15-1ubuntu1.14.04.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: a0ac3bb9be07b6337b252b30c927c5e0a3092a19

New changelog entries:
  * SECURITY UPDATE: Cookie injection vulnerability
    - debian/patches/CVE-2018-0494.patch: fix cooking injection
      in src/http.c.
    - CVE-2018-0494

a0ac3bb... by Marc Deslauriers on 2017-10-23

Import patches-unapplied version 1.15-1ubuntu1.14.04.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: ba00a7c42c179194c1f634597f8646802ecac39c

New changelog entries:
  * SECURITY UPDATE: race condition leading to access list bypass
    - debian/patches/CVE-2016-7098-1.patch: limit file mode in src/http.c.
    - debian/patches/CVE-2016-7098-2.patch: add .tmp to temp files in
      src/http.c.
    - debian/patches/CVE-2016-7098-3.patch: replace asprintf by aprint in
      src/http.c.
    - CVE-2016-7098
  * SECURITY UPDATE: CRLF injection in url_parse
    - debian/patches/CVE-2017-6508.patch: check for invalid control
      characters in src/url.c.
    - CVE-2017-6508
  * SECURITY UPDATE: stack overflow in HTTP protocol handling
    - debian/patches/CVE-2017-13089.patch: return error on negative chunk
      size in src/http.c.
    - CVE-2017-13089
  * SECURITY UPDATE: heap overflow in HTTP protocol handling
    - debian/patches/CVE-2017-13090.patch: stop processing on negative
      chunk size in src/retr.c.
    - CVE-2017-13090

ba00a7c... by Marc Deslauriers on 2016-06-14

Import patches-unapplied version 1.15-1ubuntu1.14.04.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 01b603e6ff01078f315cb9f6708a0cdef07f1e83

New changelog entries:
  * SECURITY UPDATE: http to ftp redirect spoofed filenames
    - debian/patches/CVE-2016-4971.patch: understand --trust-server-names
      on a HTTP->FTP redirect in src/ftp.*, src/retr.c.
    - CVE-2016-4971

01b603e... by Marc Deslauriers on 2014-10-30

Import patches-unapplied version 1.15-1ubuntu1.14.04.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: a547e92eab309ae56a0563d876e288570cbc728e

New changelog entries:
  * SECURITY UPDATE: remote code execution via absolute path traversal
    vulnerability in FTP
    - debian/patches/CVE-2014-4877.patch: don't create local symlinks in
      src/init.c, check for duplicate file nodes in src/ftp.c, updated
      documentation in doc/wget.texi.
    - CVE-2014-4877

a547e92... by Colin Watson on 2014-02-07

Import patches-unapplied version 1.15-1ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 48273f5418c0c8050bf05f401685e5bf03f7110d

New changelog entries:
  [ Colin Watson ]
  * Resynchronise with Debian. Remaining changes:
    - Add wget-udeb to ship wget.gnu as alternative to busybox wget.
    - Build-depend on libssl-dev 0.9.8k-7ubuntu4.
    - Pass --with-ssl=openssl; there's no udeb for gnutls.
    - Add a second build pass for the udeb, so we can build with -Os and
      without libidn.
    - Use dh_autotools-dev instead of custom config.{sub,guess} copy.
  [ Mark Russell ]
  * debian/rules: build wget-udeb to install its binary as /usr/bin/wget
    instead of /usr/bin/wget.gnu (LP: #1172101).

48273f5... by Noël Köthe on 2014-01-20

Import patches-unapplied version 1.15-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2abde726747e27a31ba4ba541d2c6d704bf2892a

New changelog entries:
  * new upstream release from 2014-01-19
      Wget: fails with long file names in URLs Closes: #672131
      Wget omits Host header for CONNECT Closes: #699337
      Wget: Inaccurate catalan translation Closes: #697081
      Cannot write to ... (Success) Closes: #716938
      Regression: write error on wget -c for already fully retrieved file
      Closes: #696700
      wget: NTLM not supported Closes: #718262
      wget --no-check-certificate does check certificate in certain conditions
      Closes: #686837
  * debian/control updated Standard-Version; no changes needed

2abde72... by Noël Köthe on 2013-11-08

Import patches-unapplied version 1.14.96.38327-2 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 14e54fee1458de190a49d224851142268e13d1ef

New changelog entries:
  * debian/rules fix configure option --with-libidn Closes: #728735

14e54fe... by Noël Köthe on 2013-11-08

Import patches-unapplied version 1.14.96.38327-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: e7dbb085d10be8f831196d1d57ea31aa3316a263

New changelog entries:
  * 1.15 alpha version from 2013-11-02
    - removed patches which are included now upstream:
      wget-doc-fixitemx2item.patch
      wget-doc-remove2.nv.patch
      wget-doc-texi2pod_fixperl5.18change.patch
    - included fixes for
      Wget: fails with long file names in URLs Closes: #672131
      Wget omits Host header for CONNECT Closes: #699337
      Wget: Inaccurate catalan translation Closes: #697081
      Cannot write to ... (Success) Closes: #716938
      Regression: write error on wget -c for already fully retrieved file
      Closes: #696700
      wget: NTLM not supported Closes: #718262
      wget --no-check-certificate does check certificate in certain conditions
      Closes: #686837
  * debian/control add Recommends ca-certificates to get
    https URLs working. Closes: #712540
  * debian/rules fix lintian warning dh-clean-k-is-deprecated

e7dbb08... by Noël Köthe on 2013-09-23

Import patches-unapplied version 1.14-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 891886f3fceb9741c69069b66b1a67d0b29bf0e5

New changelog entries:
  * fix manpage building error "Expected text after =item, not a number"
    with texi2man.pl patch from upstream git:
    http://git.savannah.gnu.org/cgit/wget.git/diff/?id=7f43748544f26008d0dd337704f02a6ed3200aaf
    Closes: #724191