-
wget (1.13.4-2ubuntu1.7) precise-security; urgency=medium
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2019-5953-*.patch: fix in
src/iri.c.
- CVE-2019-5953
-- <email address hidden> (Leonidas S. Barbosa) Mon, 08 Apr 2019 19:48:20 -0300
-
wget (1.13.4-2ubuntu1.4) precise-security; urgency=medium
* SECURITY UPDATE: http to ftp redirect spoofed filenames
- debian/patches/CVE-2016-4971.patch: understand --trust-server-names
on a HTTP->FTP redirect in src/ftp.*, src/retr.c.
- CVE-2016-4971
-- Marc Deslauriers <email address hidden> Tue, 14 Jun 2016 10:55:02 +0300
-
wget (1.13.4-2ubuntu1.3) precise; urgency=medium
* debian/patches/sni_support.patch: Add support for TLS SNI.
(LP: #1580700)
-- Marc Deslauriers <email address hidden> Wed, 11 May 2016 15:51:31 -0400
-
wget (1.13.4-2ubuntu1.2) precise-security; urgency=medium
* SECURITY UPDATE: remote code execution via absolute path traversal
vulnerability in FTP
- debian/patches/CVE-2014-4877.patch: don't create local symlinks in
src/init.c, check for duplicate file nodes in src/ftp.c, updated
documentation in doc/wget.texi.
- CVE-2014-4877
-- Marc Deslauriers <email address hidden> Thu, 30 Oct 2014 10:08:40 -0400
-
wget (1.13.4-2ubuntu1.1) precise; urgency=medium
[ Mark Russell ]
* debian/rules: build wget-udeb to install its binary as /usr/bin/wget
instead of /usr/bin/wget.gnu (LP: #1172101).
-- Colin Watson <email address hidden> Mon, 23 Jun 2014 16:43:44 +0100
-
wget (1.13.4-2ubuntu1) precise; urgency=low
* Merge from Debian unstable, Remaining Changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Depend on libssl-dev 0.9.8k-7ubuntu4
- Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
for it.
- Add a second build pass for the udeb, so we can build without libidn.
- d/rules: Compile with -Os and disabling NLS/DEBUGin udeb to reduce
code size.
* d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild
wget (1.13.4-2) unstable; urgency=low
* added hardened build flag. thx Moritz for the patch
closes: Bug#654908
-- Clint Byrum <email address hidden> Fri, 10 Feb 2012 17:01:43 -0800
-
wget (1.13.4-1ubuntu2) precise; urgency=low
* d/rules: Compile with -Os and disabling NLS/DEBUGin udeb to reduce
code size. (LP: #893308)
-- Clint Byrum <email address hidden> Mon, 21 Nov 2011 16:14:12 -0800
-
wget (1.13.4-1ubuntu1) precise; urgency=low
* Merge from Debian testing, remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Depend on libssl-dev 0.9.8k-7ubuntu4
- Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
for it.
- Add a second build pass for the udeb, so we can build without libidn.
wget (1.13.4-1) unstable; urgency=low
* new upstream release 1.13.4 from 2011-09-17
-- Steve Langasek <email address hidden> Tue, 01 Nov 2011 17:42:30 -0400
-
wget (1.13-1ubuntu1) precise; urgency=low
* Merge from Debian unstable, remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Depend on libssl-dev 0.9.8k-7ubuntu4 (LP: #503339)
* Dropped changes, superseded in Debian:
- Keep build dependencies in main:
+ debian/control: remove info2man build-dep
+ debian/patches/series: disable wget-infopod_generated_manpage
- Mark wget Multi-Arch: foreign, so packages that aren't of the same arch
can depend on it.
* Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb for
it.
* Add a second build pass for the udeb, so we can build without libidn.
wget (1.13-1) unstable; urgency=low
* new upstream release 1.13 from 2011-08-09
- updated wget-doc-remove-usr-local-in-wget.texi,
wget-fr.po-spelling-correction,
- removed wget-de.po-remove-double-quote-signs (latest de.po),
CVE-2010-2252 (included upstream), wget-zh_CN.po-translation-correction,
fix-paramter-spelling-error-in-wget.texi, refresh-pofiles
- disabled disable-SSLv2 for the first upload
see https://savannah.gnu.org/bugs/?33840
- includes latest po files. closes: Bug#607198
- bugs fixed with this release by upstream:
-- IDN support: wget www.köln.de works:) closes: Bug#542145
-- wildcard documentation of -X
closes: Bug#215128
-- wget -O - $URL says `-' saved but there is no file -
closes: Bug#353326
-- 'wget -c -N' ignores timestamps
closes: Bug#402001
-- missing a check for Subject Alternative Name (TLS cert.)
closes: Bug#409938
-- wget segfaults when server returns empty HTTP response code
closes: Bug#563872
-- wget: -A/-R vs. -O
closes: Bug#565942
-- Unterminated C string in http_atotm()
closes: Bug#581817
-- don't use PATH_MAX (FTBFS on hurd)
closes: Bug#595538
-- info page points to not documented --cookies option
closes: Bug#597468
-- SIGPIPE signal: wget over ssh orphans itself on ctrl+c
closes: Bug#598731
-- wget --backup-converted does not work
closes: Bug#624675
-- --adjust-extension renames .htm files
closes: Bug#626438
-- wget: Invalid russian translation
closes: Bug#502218
-- wget: shows only first 3 IP addresses of hostname
closes: Bug#612450
* debian/control correct spelling in description. closes: Bug#635241
* debian/control replace libssl-dev by libgnutls-dev in build dependency
wget (1.12-5) unstable; urgency=low
* minor update on patch CVE-2010-2252 to mention former option
name --use-server-file-name. closes: #602008
* debian/control minor name change Noèl -> Noël ;)
wget (1.12-4) unstable; urgency=low
* acknowledge NMUs. Thanks for your work Thorsten and Filippo
closes: #622032 #614373
* updated Standards-Version: to 3.9.2 without changes
* fixed lintian warning:
- debian-rules-missing-recommended-target
* debian/control add Multi-Arch: foreign
closes: #614203
* removing wget-infopod_generated_manpage to get the old/upstream
provided manpage and no the infopage as manpage. See 1.11.4-4
where it were changed. This will return some errors (incomplete
sentences, some missing parts) which are caused by texi2pod.
closes: #633702 #627468 #589993 #545091
* debian/control added libidn11-dev Build-Dep to get IDN support
closes: #536692 #542145
* debian/control changed FTP and HTTP to uppercase in the description
closes: #596358
* exit status is documented in the manpage. closes #179710
* --follow-ftp example in manpage made more accurate. closes #512578
-- Steve Langasek <email address hidden> Wed, 19 Oct 2011 00:00:09 +0000
-
wget (1.12-3.1ubuntu1) oneiric; urgency=low
* Merge from Debian unstable, remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Keep build dependencies in main:
+ debian/control: remove info2man build-dep
+ debian/patches/series: disable wget-infopod_generated_manpage
- Depend on libssl-dev 0.9.8k-7ubuntu4 (LP: #503339)
- Mark wget Multi-Arch: foreign, so packages that aren't of the same arch
can depend on it.
wget (1.12-3.1) unstable; urgency=low
* Non-maintainer upload.
* debian/rules: move updating config.{guess,sub} from the clean
target to the config.status target to avoid unnecessarily
generating patch files with their content (these files are
now simply removed by the clean target)
* debian/patches/debian-changes-1.12-2: drop accordingly
* debian/patches/disable-SSLv2: new; debian/rules: pass the
new flag -DNO_SSLv2 to configure (Closes: #622032)
* debian/rules: clean away _all_ files changed during build;
debian/patches/refresh-pofiles: regenerate all pofiles, which
will also be done during package build (these changes are made
to keep the package buildable twice in a row)
* Add missing B-D on autotools-dev
wget (1.12-3) unstable; urgency=low
* Upload by Noèl Köthe <email address hidden>;
* Convert all dpatch-based patches to quilt-based ones, thus fixing the
bug reported by Lucas Nussbaum (closes: #614373).
* Add one more patch fixing a typo in doc/wget.texi.
-- Steve Langasek <email address hidden> Tue, 17 May 2011 19:46:25 +0000
