debian/0000775000000000000000000000000013452720470007174 5ustar debian/rules0000775000000000000000000000602612275215675010270 0ustar #!/usr/bin/make -f # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 DEB_HOST_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE)) confflags= --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) else confflags= --build $(DEB_BUILD_GNU_TYPE) endif DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk CFLAGS += -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall configure-stamp: configure-udeb-stamp dh_testdir # Add here commands to configure the package. mkdir -p build cd build && CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" ../configure \ --prefix=/usr \ --mandir=\$${prefix}/share/man \ --infodir=\$${prefix}/share/info \ --sysconfdir=/etc \ --enable-ipv6 \ --with-ssl=openssl \ --with-libidn=/usr $(confflags) touch configure-stamp configure-udeb-stamp: dh_autotools-dev_updateconfig mkdir -p build-udeb cd build-udeb && CFLAGS="$(CFLAGS) -Os" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" ../configure \ --prefix=/usr \ --mandir=\$${prefix}/share/man \ --infodir=\$${prefix}/share/info \ --sysconfdir=/etc \ --enable-ipv6 \ --with-ssl=openssl \ --disable-debug \ --disable-nls \ --disable-iri $(confflags) touch configure-udeb-stamp build: build-arch build-indep build-arch: build-stamp build-udeb-stamp build-indep: build-stamp build-stamp: configure-stamp dh_testdir # Add here commands to compile the package. cd build && $(MAKE) #/usr/bin/docbook-to-man debian/wget.sgml > wget.1 cd po; make wget.pot touch build-stamp build-udeb-stamp: configure-udeb-stamp cd build-udeb && $(MAKE) touch build-udeb-stamp clean: dh_testdir dh_testroot rm -f build-stamp configure-stamp build-udeb-stamp configure-udeb-stamp # Add here commands to clean up after the build process. [ ! -f Makefile ] || $(MAKE) distclean #-$(MAKE) distclean rm -f po/*.gmo po/wget.pot po/en@boldquot.po po/en@quot.po \ doc/wget.inf* doc/stamp-vti doc/version.texi \ doc/sample.wgetrc.munged_for_texi_inclusion rm -rf build-udeb build dh_autotools-dev_restoreconfig dh_clean install: build dh_testdir dh_testroot dh_clean -k dh_installdirs # Add here commands to install the package into debian/wget. cd build && $(MAKE) install DESTDIR=$(CURDIR)/debian/wget rm -f $(CURDIR)/debian/wget/usr/share/info/dir # udeb mkdir -p debian/wget-udeb/usr/bin/ cp build-udeb/src/wget debian/wget-udeb/usr/bin/wget # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installdebconf dh_installdocs dh_installexamples dh_installman dh_installinfo -a dh_installchangelogs ChangeLog dh_link dh_strip dh_compress dh_fixperms dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/source/0000775000000000000000000000000012220016435010463 5ustar debian/source/format0000664000000000000000000000001411540460517011701 0ustar 3.0 (quilt) debian/watch0000664000000000000000000000021012202434130010201 0ustar version=3 http://ftp.gnu.org/gnu/wget/ \ (?:.*[/=]|)wget(?:[_\-]?|[_\-]v)(\d\S*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz)(?:[^\.].*)? debian/control0000664000000000000000000000341612275215231010577 0ustar Source: wget Section: web Priority: important Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Noël Köthe Build-Depends: debhelper (>> 9.0.0), gettext, texinfo, libssl-dev (>= 0.9.8k-7ubuntu4), autotools-dev, libidn11-dev, uuid-dev Standards-Version: 3.9.5 Homepage: http://www.gnu.org/software/wget/ Package: wget Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Recommends: ca-certificates Conflicts: wget-ssl Multi-Arch: foreign Description: retrieves files from the web Wget is a network utility to retrieve files from the web using HTTP(S) and FTP, the two most widely used internet protocols. It works non-interactively, so it will work in the background, after having logged off. The program supports recursive retrieval of web-authoring pages as well as FTP sites -- you can use Wget to make mirrors of archives and home pages or to travel the web like a WWW robot. . Wget works particularly well with slow or unstable connections by continuing to retrieve a document until the document is fully downloaded. Re-getting files from where it left off works on servers (both HTTP and FTP) that support it. Both HTTP and FTP retrievals can be time stamped, so Wget can see if the remote file has changed since the last retrieval and automatically retrieve the new version if it has. . Wget supports proxy servers; this can lighten the network load, speed up retrieval, and provide access behind firewalls. Package: wget-udeb XC-Package-Type: udeb Architecture: any Section: debian-installer Priority: extra Depends: ${shlibs:Depends} Description: retrieves files from the web This package provides wget.gnu binary as alternative to the limited implementation in busybox (see for example ssl support). debian/copyright0000664000000000000000000000261411740620336011130 0ustar This package was debianized by Christian Schwarz on Mon, 18 Nov 1996 00:59:57 +0100 J. Ramos Goncalves on Thu, 13 Feb 1997 23:15:18 +0000 Nicolás Lichtmaier on Sat, 18 Oct 1997 21:23:12 -0300 Noël Köthe on Mon, 18 Feb 2002 09:53:00 +0100 It was downloaded from ftp://ftp.gnu.org/gnu/wget/ Homepage: http://www.gnu.org/directory/wget.html http://www.gnu.org/software/wget/wget.html Upstream Author: Giuseppe Scrivano Copyright: (C) 2007 Free Software Foundation, Inc. Released under the terms of the GPL; see /usr/share/common-licenses/GPL-3. "In addition, as a special exception, the Free Software Foundation gives permission to link the code of its release of Wget with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version." The wget(1) manpage and the wget info page are distributed under the terms of the GNU Free Documentation License ; see /usr/share/common-licenses/GFDL-1.2 debian/compat0000664000000000000000000000000212202433404010360 0ustar 9 debian/dirs0000664000000000000000000000012211540460517010052 0ustar etc usr/bin usr/share/doc/wget usr/share/info usr/share/locale usr/share/man/man1 debian/docs0000664000000000000000000000006211540460517010044 0ustar AUTHORS ChangeLog.README MAILING-LIST NEWS README debian/wget.info0000664000000000000000000000001711540460517011014 0ustar doc/wget.info* debian/patches/0000775000000000000000000000000013452720470010623 5ustar debian/patches/CVE-2016-7098-1.patch0000664000000000000000000000314213173444310013406 0ustar Backport of: From 9ffb64ba6a8121909b01e984deddce8d096c498d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20R=C3=BChsen?= Date: Sun, 14 Aug 2016 21:04:58 +0200 Subject: Limit file mode to u=rw on temp. downloaded files * bootstrap.conf: Add gnulib modules fopen, open. * src/http.c (open_output_stream): Limit file mode to u=rw on temporary downloaded files. Reported-by: "Misra, Deapesh" Discovered by: Dawid Golunski (http://legalhackers.com) --- bootstrap.conf | 2 ++ src/http.c | 13 ++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) Index: wget-1.15/src/http.c =================================================================== --- wget-1.15.orig/src/http.c 2017-10-23 15:36:34.839313709 -0400 +++ wget-1.15/src/http.c 2017-10-23 15:37:39.919995649 -0400 @@ -39,6 +39,7 @@ as that of the covered work. */ #include #include #include +#include #include "hash.h" #include "http.h" @@ -2891,7 +2892,17 @@ read_header: open_id = 22; fp = fopen (hs->local_file, "wb", FOPEN_OPT_ARGS); #else /* def __VMS */ - fp = fopen (hs->local_file, "wb"); + if (opt.delete_after + || opt.spider /* opt.recursive is implicitely true */ + || !acceptable (hs->local_file)) + { + fp = fdopen (open (hs->local_file, O_BINARY | O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR), "wb"); + } + else + { + fp = fopen (hs->local_file, "wb"); + } + #endif /* def __VMS [else] */ } else debian/patches/series0000664000000000000000000000052413452720326012041 0ustar wget-doc-remove-usr-local-in-sample.wgetrc wget-doc-remove-usr-local-in-wget.texi wget-passive_ftp-default CVE-2014-4877.patch CVE-2016-4971.patch CVE-2016-7098-1.patch CVE-2016-7098-2.patch CVE-2016-7098-3.patch CVE-2017-6508.patch CVE-2017-13089.patch CVE-2017-13090.patch CVE-2018-0494.patch CVE-2019-5953-pre.patch CVE-2019-5953.patch debian/patches/CVE-2016-4971.patch0000664000000000000000000002516412727733415013270 0ustar Backported from: From e996e322ffd42aaa051602da182d03178d0f13e1 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 06 Jun 2016 19:20:24 +0000 Subject: ftp: understand --trust-server-names on a HTTP->FTP redirect If not --trust-server-names is used, FTP will also get the destination file name from the original url specified by the user instead of the redirected url. Closes CVE-2016-4971. * src/ftp.c (ftp_get_listing): Add argument original_url. (getftp): Likewise. (ftp_loop_internal): Likewise. Use original_url to generate the file name if --trust-server-names is not provided. (ftp_retrieve_glob): Likewise. (ftp_loop): Likewise. Signed-off-by: Giuseppe Scrivano --- Index: wget-1.15/src/ftp.c =================================================================== --- wget-1.15.orig/src/ftp.c 2016-06-14 10:46:50.309326193 +0300 +++ wget-1.15/src/ftp.c 2016-06-14 10:49:24.834606049 +0300 @@ -235,14 +235,15 @@ logputs (LOG_VERBOSE, !authoritative ? _(" (unauthoritative)\n") : "\n"); } -static uerr_t ftp_get_listing (struct url *, ccon *, struct fileinfo **); +static uerr_t ftp_get_listing (struct url *, struct url *, ccon *, struct fileinfo **); /* Retrieves a file with denoted parameters through opening an FTP connection to the server. It always closes the data connection, and closes the control connection in case of error. If warc_tmp is non-NULL, the downloaded data will be written there as well. */ static uerr_t -getftp (struct url *u, wgint passed_expected_bytes, wgint *qtyread, +getftp (struct url *u, struct url *original_url, + wgint passed_expected_bytes, wgint *qtyread, wgint restval, ccon *con, int count, FILE *warc_tmp) { int csock, dtsock, local_sock, res; @@ -988,7 +989,7 @@ bool exists = false; uerr_t res; struct fileinfo *f; - res = ftp_get_listing (u, con, &f); + res = ftp_get_listing (u, original_url, con, &f); /* Set the DO_RETR command flag again, because it gets unset when calling ftp_get_listing() and would otherwise cause an assertion failure earlier on when this function gets repeatedly called @@ -1532,7 +1533,8 @@ This loop either gets commands from con, or (if ON_YOUR_OWN is set), makes them up to retrieve the file given by the URL. */ static uerr_t -ftp_loop_internal (struct url *u, struct fileinfo *f, ccon *con, char **local_file) +ftp_loop_internal (struct url *u, struct url *original_url, struct fileinfo *f, + ccon *con, char **local_file) { int count, orig_lp; wgint restval, len = 0, qtyread = 0; @@ -1555,7 +1557,7 @@ else { /* URL-derived file. Consider "-O file" name. */ - con->target = url_file_name (u, NULL); + con->target = url_file_name (opt.trustservernames || !original_url ? u : original_url, NULL); if (!opt.output_document) locf = con->target; else @@ -1669,7 +1671,8 @@ /* If we are working on a WARC record, getftp should also write to the warc_tmp file. */ - err = getftp (u, len, &qtyread, restval, con, count, warc_tmp); + err = getftp (u, original_url, len, &qtyread, restval, con, count, + warc_tmp); if (con->csock == -1) con->st &= ~DONE_CWD; @@ -1822,7 +1825,8 @@ /* Return the directory listing in a reusable format. The directory is specifed in u->dir. */ static uerr_t -ftp_get_listing (struct url *u, ccon *con, struct fileinfo **f) +ftp_get_listing (struct url *u, struct url *original_url, ccon *con, + struct fileinfo **f) { uerr_t err; char *uf; /* url file name */ @@ -1843,7 +1847,7 @@ con->target = xstrdup (lf); xfree (lf); - err = ftp_loop_internal (u, NULL, con, NULL); + err = ftp_loop_internal (u, original_url, NULL, con, NULL); lf = xstrdup (con->target); xfree (con->target); con->target = old_target; @@ -1866,8 +1870,9 @@ return err; } -static uerr_t ftp_retrieve_dirs (struct url *, struct fileinfo *, ccon *); -static uerr_t ftp_retrieve_glob (struct url *, ccon *, int); +static uerr_t ftp_retrieve_dirs (struct url *, struct url *, + struct fileinfo *, ccon *); +static uerr_t ftp_retrieve_glob (struct url *, struct url *, ccon *, int); static struct fileinfo *delelement (struct fileinfo *, struct fileinfo **); static void freefileinfo (struct fileinfo *f); @@ -1879,7 +1884,8 @@ If opt.recursive is set, after all files have been retrieved, ftp_retrieve_dirs will be called to retrieve the directories. */ static uerr_t -ftp_retrieve_list (struct url *u, struct fileinfo *f, ccon *con) +ftp_retrieve_list (struct url *u, struct url *original_url, + struct fileinfo *f, ccon *con) { static int depth = 0; uerr_t err; @@ -2038,7 +2044,7 @@ else /* opt.retr_symlinks */ { if (dlthis) - err = ftp_loop_internal (u, f, con, NULL); + err = ftp_loop_internal (u, original_url, f, con, NULL); } /* opt.retr_symlinks */ break; case FT_DIRECTORY: @@ -2049,7 +2055,7 @@ case FT_PLAINFILE: /* Call the retrieve loop. */ if (dlthis) - err = ftp_loop_internal (u, f, con, NULL); + err = ftp_loop_internal (u, original_url, f, con, NULL); break; case FT_UNKNOWN: logprintf (LOG_NOTQUIET, _("%s: unknown/unsupported file type.\n"), @@ -2114,7 +2120,7 @@ /* We do not want to call ftp_retrieve_dirs here */ if (opt.recursive && !(opt.reclevel != INFINITE_RECURSION && depth >= opt.reclevel)) - err = ftp_retrieve_dirs (u, orig, con); + err = ftp_retrieve_dirs (u, original_url, orig, con); else if (opt.recursive) DEBUGP ((_("Will not retrieve dirs since depth is %d (max %d).\n"), depth, opt.reclevel)); @@ -2127,7 +2133,8 @@ ftp_retrieve_glob on each directory entry. The function knows about excluded directories. */ static uerr_t -ftp_retrieve_dirs (struct url *u, struct fileinfo *f, ccon *con) +ftp_retrieve_dirs (struct url *u, struct url *original_url, + struct fileinfo *f, ccon *con) { char *container = NULL; int container_size = 0; @@ -2177,7 +2184,7 @@ odir = xstrdup (u->dir); /* because url_set_dir will free u->dir. */ url_set_dir (u, newdir); - ftp_retrieve_glob (u, con, GLOB_GETALL); + ftp_retrieve_glob (u, original_url, con, GLOB_GETALL); url_set_dir (u, odir); xfree (odir); @@ -2236,14 +2243,15 @@ GLOB_GLOBALL, use globbing; if it's GLOB_GETALL, download the whole directory. */ static uerr_t -ftp_retrieve_glob (struct url *u, ccon *con, int action) +ftp_retrieve_glob (struct url *u, struct url *original_url, + ccon *con, int action) { struct fileinfo *f, *start; uerr_t res; con->cmd |= LEAVE_PENDING; - res = ftp_get_listing (u, con, &start); + res = ftp_get_listing (u, original_url, con, &start); if (res != RETROK) return res; /* First: weed out that do not conform the global rules given in @@ -2339,7 +2347,7 @@ if (start) { /* Just get everything. */ - res = ftp_retrieve_list (u, start, con); + res = ftp_retrieve_list (u, original_url, start, con); } else { @@ -2355,7 +2363,7 @@ { /* Let's try retrieving it anyway. */ con->st |= ON_YOUR_OWN; - res = ftp_loop_internal (u, NULL, con, NULL); + res = ftp_loop_internal (u, original_url, NULL, con, NULL); return res; } @@ -2375,8 +2383,8 @@ of URL. Inherently, its capabilities are limited on what can be encoded into a URL. */ uerr_t -ftp_loop (struct url *u, char **local_file, int *dt, struct url *proxy, - bool recursive, bool glob) +ftp_loop (struct url *u, struct url *original_url, char **local_file, int *dt, + struct url *proxy, bool recursive, bool glob) { ccon con; /* FTP connection */ uerr_t res; @@ -2397,16 +2405,17 @@ if (!*u->file && !recursive) { struct fileinfo *f; - res = ftp_get_listing (u, &con, &f); + res = ftp_get_listing (u, original_url, &con, &f); if (res == RETROK) { if (opt.htmlify && !opt.spider) { + struct url *url_file = opt.trustservernames ? u : original_url; char *filename = (opt.output_document ? xstrdup (opt.output_document) : (con.target ? xstrdup (con.target) - : url_file_name (u, NULL))); + : url_file_name (url_file, NULL))); res = ftp_index (filename, u, f); if (res == FTPOK && opt.verbose) { @@ -2451,11 +2460,11 @@ /* ftp_retrieve_glob is a catch-all function that gets called if we need globbing, time-stamping, recursion or preserve permissions. Its third argument is just what we really need. */ - res = ftp_retrieve_glob (u, &con, + res = ftp_retrieve_glob (u, original_url, &con, ispattern ? GLOB_GLOBALL : GLOB_GETONE); } else - res = ftp_loop_internal (u, NULL, &con, local_file); + res = ftp_loop_internal (u, original_url, NULL, &con, local_file); } if (res == FTPOK) res = RETROK; Index: wget-1.15/src/ftp.h =================================================================== --- wget-1.15.orig/src/ftp.h 2016-06-14 10:46:50.309326193 +0300 +++ wget-1.15/src/ftp.h 2016-06-14 10:46:50.305326162 +0300 @@ -152,7 +152,8 @@ }; struct fileinfo *ftp_parse_ls (const char *, const enum stype); -uerr_t ftp_loop (struct url *, char **, int *, struct url *, bool, bool); +uerr_t ftp_loop (struct url *, struct url *, char **, int *, struct url *, + bool, bool); uerr_t ftp_index (const char *, struct url *, struct fileinfo *); Index: wget-1.15/src/retr.c =================================================================== --- wget-1.15.orig/src/retr.c 2016-06-14 10:46:50.309326193 +0300 +++ wget-1.15/src/retr.c 2016-06-14 10:46:50.305326162 +0300 @@ -801,7 +801,8 @@ if (redirection_count) oldrec = glob = false; - result = ftp_loop (u, &local_file, dt, proxy_url, recursive, glob); + result = ftp_loop (u, orig_parsed, &local_file, dt, proxy_url, + recursive, glob); recursive = oldrec; /* There is a possibility of having HTTP being redirected to debian/patches/CVE-2016-7098-3.patch0000664000000000000000000000155413173444356013427 0ustar From 49af22ca94570da3fa43c98e92ec0830f786db0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20R=C3=BChsen?= Date: Wed, 7 Sep 2016 09:31:43 +0200 Subject: * src/http.c (check_file_output): Replace asprintf by aprint --- src/http.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) Index: wget-1.15/src/http.c =================================================================== --- wget-1.15.orig/src/http.c 2017-10-23 15:54:20.766499630 -0400 +++ wget-1.15/src/http.c 2017-10-23 15:54:20.742499378 -0400 @@ -2465,8 +2465,7 @@ read_header: hs->temporary = opt.delete_after || opt.spider || !acceptable (hs->local_file); if (hs->temporary) { - char *tmp = NULL; - asprintf (&tmp, "%s.tmp", hs->local_file); + char *tmp = aprintf ("%s.tmp", hs->local_file); xfree (hs->local_file); hs->local_file = tmp; } debian/patches/wget-doc-remove-usr-local-in-wget.texi0000664000000000000000000000322311621214600017756 0ustar corrects the wgetrc path from /usr/local/etc/ to /etc/wgetrc in the documentation --- a/doc/wget.texi 2011-08-06 12:22:58.000000000 +0200 +++ b/doc/wget.texi 2011-08-12 14:13:35.000000000 +0200 @@ -190,14 +190,14 @@ Most of the features are fully configurable, either through command line options, or via the initialization file @file{.wgetrc} (@pxref{Startup File}). Wget allows you to define @dfn{global} startup files -(@file{/usr/local/etc/wgetrc} by default) for site settings. You can also +(@file{/etc/wgetrc} by default) for site settings. You can also specify the location of a startup file with the --config option. @ignore @c man begin FILES @table @samp -@item /usr/local/etc/wgetrc +@item /etc/wgetrc Default location of the @dfn{global} startup file. @item .wgetrc @@ -2696,9 +2696,7 @@ @cindex location of wgetrc When initializing, Wget will look for a @dfn{global} startup file, -@file{/usr/local/etc/wgetrc} by default (or some prefix other than -@file{/usr/local}, if Wget was not installed there) and read commands -from there, if it exists. +@file{/etc/wgetrc} by default and read commands from there, if it exists. Then it will look for the user's file. If the environmental variable @code{WGETRC} is set, Wget will try to load that file. Failing that, no @@ -2708,7 +2706,7 @@ The fact that user's settings are loaded after the system-wide ones means that in case of collision user's wgetrc @emph{overrides} the -system-wide wgetrc (in @file{/usr/local/etc/wgetrc} by default). +system-wide wgetrc (in @file{//etc/wgetrc} by default). Fascist admins, away! @node Wgetrc Syntax, Wgetrc Commands, Wgetrc Location, Startup File debian/patches/wget-passive_ftp-default0000664000000000000000000000062111540460517015455 0ustar make passive-ftp the default --- a/doc/sample.wgetrc +++ b/doc/sample.wgetrc @@ -43,6 +43,7 @@ # problems supporting passive transfer. If you are in such # environment, use "passive_ftp = off" to revert to active FTP. #passive_ftp = off +passive_ftp = on # The "wait" command below makes Wget wait between every connection. # If, instead, you want Wget to wait only between retries of failed debian/patches/disable-SSLv20000664000000000000000000006017711555327475013105 0ustar If -DNO_SSLv2 is set, disable any use of SSLv2 related functionality, which is needed for building against Debian’s OpenSSL 1.0.0 that disabled SSLv2 (which was deprecated in 1996 and isn’t all that secure, so no big deal). This patch also updates most translations. Index: wget-1.12/doc/wget.texi =================================================================== --- wget-1.12.orig/doc/wget.texi 2011-04-25 17:26:47.000000000 +0000 +++ wget-1.12/doc/wget.texi 2011-04-25 17:26:47.000000000 +0000 @@ -1531,6 +1531,9 @@ choose the correct protocol version. Fortunately, such servers are quite rare. +Note that SSLv2 may not be available in your version of Wget, +because it has been deprecated since 1996. + @cindex SSL certificate, check @item --no-check-certificate Don't check the server certificate against the available certificate Index: wget-1.12/po/ca.po =================================================================== --- wget-1.12.orig/po/ca.po 2009-09-22 16:40:36.000000000 +0000 +++ wget-1.12/po/ca.po 2011-04-25 17:27:05.000000000 +0000 @@ -1530,6 +1530,14 @@ " --secure-protocol=PR selecciona el protocol segur, d'entre auto,\n" " SSLv2, SSLv3, TLSv1.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR selecciona el protocol segur, d'entre auto,\n" +" SSLv3, TLSv1.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/cs.po =================================================================== --- wget-1.12.orig/po/cs.po 2009-09-22 16:40:36.000000000 +0000 +++ wget-1.12/po/cs.po 2011-04-25 17:27:05.000000000 +0000 @@ -1490,6 +1490,15 @@ "„auto“,\n" " „SSLv2“, „SSLv3“ a „TLSv1“.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PROT vybere bezpečnostní protokol, jeden z " +"„auto“,\n" +" „SSLv3“ a „TLSv1“.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/de.po =================================================================== --- wget-1.12.orig/po/de.po 2011-04-25 17:26:47.000000000 +0000 +++ wget-1.12/po/de.po 2011-04-25 17:27:04.000000000 +0000 @@ -979,6 +979,11 @@ "%s: %s: Ungültige Einschränkung %s,\n" " verwenden Sie [unix|windows],[lowercase|uppercase],[nocontrol],[ascii].\n" +#: src/init.c:1343 +#, c-format +msgid "SSLv2 has been deprecated since 1996 and is no longer available.\n" +msgstr "SSLv2 ist seit 1996 veraltet und nun nicht mehr verfügbar.\n" + #: src/iri.c:103 #, c-format msgid "Encoding %s isn't valid\n" @@ -1520,6 +1525,14 @@ " --secure-protocol=PR Verwende als sicheres Protokoll eins aus\n" " »auto«, »SSLv2«, »SSLv3« oder »TLSv1«.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR Verwende als sicheres Protokoll eins aus\n" +" »auto«, »SSLv3« oder »TLSv1«.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/es.po =================================================================== --- wget-1.12.orig/po/es.po 2009-09-22 16:40:37.000000000 +0000 +++ wget-1.12/po/es.po 2011-04-25 17:27:05.000000000 +0000 @@ -1099,6 +1099,11 @@ " use [unix|windows],[lowercase|uppercase],[nocontrol],[ascii].\n" msgstr "" +#: src/init.c:1343 +#, c-format +msgid "SSLv2 has been deprecated since 1996 and is no longer available.\n" +msgstr "SSLv2 no est disponible porque est obsolescente desde 1996.\n" + #: src/iri.c:103 #, c-format msgid "Encoding %s isn't valid\n" Index: wget-1.12/po/et.po =================================================================== --- wget-1.12.orig/po/et.po 2009-09-22 16:40:37.000000000 +0000 +++ wget-1.12/po/et.po 2011-04-25 17:27:05.000000000 +0000 @@ -1429,6 +1429,14 @@ "SSLv2,\n" " SSLv3 ja TLSv1.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR vali turvaprotokoll, vimalikud auto,\n" +" SSLv3 ja TLSv1.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/fi.po =================================================================== --- wget-1.12.orig/po/fi.po 2009-09-22 16:40:37.000000000 +0000 +++ wget-1.12/po/fi.po 2011-04-25 17:27:05.000000000 +0000 @@ -964,6 +964,11 @@ "%s: %s: Virheellinen rajoite %s,\n" " valitse [unix|windows],[lowercase|uppercase],[nocontrol],[ascii].\n" +#: src/init.c:1343 +#, c-format +msgid "SSLv2 has been deprecated since 1996 and is no longer available.\n" +msgstr "SSLv2 on ollut vanhentunut vuodesta 1996 saakka eikä ole enää käytettävissä.\n" + #: src/iri.c:103 #, c-format msgid "Encoding %s isn't valid\n" @@ -1488,6 +1493,14 @@ " --secure-protocol=PR valitse turvaprotokolla, vaihtoehdot:\n" " auto, SSLv2, SSLv3 tai TLSv1.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR valitse turvaprotokolla, vaihtoehdot:\n" +" auto, SSLv3 tai TLSv1.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/fr.po =================================================================== --- wget-1.12.orig/po/fr.po 2011-04-25 17:26:47.000000000 +0000 +++ wget-1.12/po/fr.po 2011-04-25 17:27:05.000000000 +0000 @@ -962,6 +962,11 @@ "%s : %s : restriction non valide %s,\n" " utiliser [unix|windows],[lowercase|uppercase],[nocontrol],[ascii].\n" +#: src/init.c:1343 +#, c-format +msgid "SSLv2 has been deprecated since 1996 and is no longer available.\n" +msgstr "SSLv2 est dprci depuis 1996 et n'est plus disponible.\n" + #: src/iri.c:103 #, c-format msgid "Encoding %s isn't valid\n" @@ -1515,6 +1520,15 @@ "auto, SSLv2,\n" " SSLv3 et TLSv1.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR choisir un protocole scuris PR parmi : " +"auto,\n" +" SSLv3 et TLSv1.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/ga.po =================================================================== --- wget-1.12.orig/po/ga.po 2009-09-22 16:40:37.000000000 +0000 +++ wget-1.12/po/ga.po 2011-04-25 17:27:05.000000000 +0000 @@ -1479,7 +1479,14 @@ msgstr "" " --secure-protocol=PR roghnaigh prtacal daingean: auto, SSLv2,\n" " SSLv3, n TLSv1.\n" + +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" " SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR roghnaigh prtacal daingean: auto,\n" +" SSLv3, n TLSv1.\n" #: src/main.c:588 msgid "" Index: wget-1.12/po/hr.po =================================================================== --- wget-1.12.orig/po/hr.po 2009-09-22 16:40:37.000000000 +0000 +++ wget-1.12/po/hr.po 2011-04-25 17:27:05.000000000 +0000 @@ -1450,6 +1450,14 @@ "SSLv2,\n" " SSLv3 ili TLSv1.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR izaberi sigurni protokol, jedan od auto,\n" +" SSLv3 ili TLSv1.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/hu.po =================================================================== --- wget-1.12.orig/po/hu.po 2009-09-22 16:40:37.000000000 +0000 +++ wget-1.12/po/hu.po 2011-04-25 17:27:05.000000000 +0000 @@ -1520,6 +1520,15 @@ "„auto”,\n" " „SSLv2”, „SSLv3”, és „TLSv1” egyike.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR a biztonságos protokoll kiválasztása, az " +"„auto”,\n" +" „SSLv3”, és „TLSv1” egyike.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/id.po =================================================================== --- wget-1.12.orig/po/id.po 2009-09-22 16:40:37.000000000 +0000 +++ wget-1.12/po/id.po 2011-04-25 17:27:05.000000000 +0000 @@ -1474,6 +1474,15 @@ "auto,\n" " SSLv2, SSLv3, dan TLSv1.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR pilih secure protocolm salah satu dari " +"auto,\n" +" SSLv3, dan TLSv1.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/it.po =================================================================== --- wget-1.12.orig/po/it.po 2009-09-22 16:40:38.000000000 +0000 +++ wget-1.12/po/it.po 2011-04-25 17:27:05.000000000 +0000 @@ -959,6 +959,11 @@ "%s: %s: restrizione %s non valida,\n" " usare [unix|windows],[lowercase|uppercase],[nocontrol],[ascii].\n" +#: src/init.c:1343 +#, c-format +msgid "SSLv2 has been deprecated since 1996 and is no longer available.\n" +msgstr "SSLv2 è deprecato dal 1996 e non è più disponibile.\n" + #: src/iri.c:103 #, c-format msgid "Encoding %s isn't valid\n" @@ -1491,6 +1496,14 @@ " --secure-protocol=PROT. sceglie il protocollo sicuro, uno tra auto,\n" " SSLv2, SSLv3,e TLSv1.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PROT. sceglie il protocollo sicuro, uno tra auto,\n" +" SSLv3,e TLSv1.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/ja.po =================================================================== --- wget-1.12.orig/po/ja.po 2009-09-22 16:40:38.000000000 +0000 +++ wget-1.12/po/ja.po 2011-04-25 17:27:05.000000000 +0000 @@ -1449,6 +1449,14 @@ " --secure-protocol=PR セキュアプロトコルを選択する (auto, SSLv2, " "SSLv3, TLSv1)\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR セキュアプロトコルを選択する (auto, " +"SSLv3, TLSv1)\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/lt.po =================================================================== --- wget-1.12.orig/po/lt.po 2009-09-22 16:40:38.000000000 +0000 +++ wget-1.12/po/lt.po 2011-04-25 17:27:05.000000000 +0000 @@ -1471,6 +1471,14 @@ " --secure-protocol=PR rinktis saugų protokolą: „auto“, „SSLv2“,\n" " „SSLv3“ arba „TLSv1“.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR rinktis saugų protokolą: „auto“,\n" +" „SSLv3“ arba „TLSv1“.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/nl.po =================================================================== --- wget-1.12.orig/po/nl.po 2009-09-22 16:40:38.000000000 +0000 +++ wget-1.12/po/nl.po 2011-04-25 17:27:05.000000000 +0000 @@ -962,6 +962,11 @@ "%s: %s: Ongeldige beperking '%s',\n" " gebruik [unix|windows],[lowercase|uppercase],[nocontrol],[ascii].\n" +#: src/init.c:1343 +#, c-format +msgid "SSLv2 has been deprecated since 1996 and is no longer available.\n" +msgstr "SSLv2 is in 1996 uitgefaseerd en daarom niet meer beschikbaar.\n" + #: src/iri.c:103 #, c-format msgid "Encoding %s isn't valid\n" @@ -1479,6 +1484,14 @@ " --secure-protocol=PRTCL beveiligingsprotocol PRTCL gebruiken\n" " ('auto', 'SSLv2', 'SSLv3', of 'TLSv1')\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PRTCL beveiligingsprotocol PRTCL gebruiken\n" +" ('auto', 'SSLv3', of 'TLSv1')\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/pl.po =================================================================== --- wget-1.12.orig/po/pl.po 2009-09-22 16:40:39.000000000 +0000 +++ wget-1.12/po/pl.po 2011-04-25 17:27:05.000000000 +0000 @@ -1494,6 +1494,14 @@ " --secure-protocol=PR wybiera bezpieczny protok: auto, SSLv2,\n" " SSLv3, TLSv1.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR wybiera bezpieczny protok: auto,\n" +" SSLv3, TLSv1.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/pt.po =================================================================== --- wget-1.12.orig/po/pt.po 2009-09-22 16:40:39.000000000 +0000 +++ wget-1.12/po/pt.po 2011-04-25 17:27:05.000000000 +0000 @@ -1495,6 +1495,14 @@ "SSLv2,\n" " SSLv3 ou TLSv1.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR escolher protocolo de segurança, auto,\n" +" SSLv3 ou TLSv1.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/pt_BR.po =================================================================== --- wget-1.12.orig/po/pt_BR.po 2009-09-22 16:40:39.000000000 +0000 +++ wget-1.12/po/pt_BR.po 2011-04-25 17:27:05.000000000 +0000 @@ -1559,6 +1559,15 @@ "auto\n" " (automático), SSLv2, SSLv3 e TLSv1.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR escolhe entre um protocolo de segurança: " +"auto\n" +" (automático), SSLv3 e TLSv1.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/ru.po =================================================================== --- wget-1.12.orig/po/ru.po 2009-09-22 16:40:39.000000000 +0000 +++ wget-1.12/po/ru.po 2011-04-25 17:27:04.000000000 +0000 @@ -1485,6 +1485,14 @@ " --secure-protocol=ПР выбор безопасного протокола: auto, SSLv2,\n" " SSLv3 или TLSv1.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=ПР выбор безопасного протокола: auto,\n" +" SSLv3 или TLSv1.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/sk.po =================================================================== --- wget-1.12.orig/po/sk.po 2009-09-22 16:40:39.000000000 +0000 +++ wget-1.12/po/sk.po 2011-04-25 17:27:05.000000000 +0000 @@ -1472,6 +1472,14 @@ "SSLv2,\n" " SSLv3 alebo TLSv1.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR vybrať bezpečný protokol, jeden z auto,\n" +" SSLv3 alebo TLSv1.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/sl.po =================================================================== --- wget-1.12.orig/po/sl.po 2009-09-22 16:40:39.000000000 +0000 +++ wget-1.12/po/sl.po 2011-04-25 17:27:05.000000000 +0000 @@ -1489,6 +1489,14 @@ " --secure-protocol izberi varni protokol SSL; lahko je auto,\n" " SSLv2, SSLv3 ali TLSv1\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol izberi varni protokol SSL; lahko je auto,\n" +" SSLv3 ali TLSv1\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/sv.po =================================================================== --- wget-1.12.orig/po/sv.po 2009-09-22 16:40:39.000000000 +0000 +++ wget-1.12/po/sv.po 2011-04-25 17:27:05.000000000 +0000 @@ -1469,6 +1469,14 @@ " --secure-protocol=PR välj säkert protokoll, ett av auto, SSLv2,\n" " SSLv3 och TLSv1.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR välj säkert protokoll, ett av auto,\n" +" SSLv3 och TLSv1.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/tr.po =================================================================== --- wget-1.12.orig/po/tr.po 2009-09-22 16:40:40.000000000 +0000 +++ wget-1.12/po/tr.po 2011-04-25 17:27:05.000000000 +0000 @@ -1469,6 +1469,15 @@ " auto, SSLv2, SSLv3 veya TLSv1 " "belirtilebilir.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR güvenlik protokolü belirtilir;\n" +" auto, SSLv3 veya TLSv1 " +"belirtilebilir.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/vi.po =================================================================== --- wget-1.12.orig/po/vi.po 2009-09-22 16:40:40.000000000 +0000 +++ wget-1.12/po/vi.po 2011-04-25 17:27:05.000000000 +0000 @@ -1466,6 +1466,14 @@ "SSLv2,\n" " SSLv3, và TLSv1.\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR chọn giao thức bảo mật, một trong số auto,\n" +" SSLv3, và TLSv1.\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/zh_CN.po =================================================================== --- wget-1.12.orig/po/zh_CN.po 2011-04-25 17:26:47.000000000 +0000 +++ wget-1.12/po/zh_CN.po 2011-04-25 17:27:04.000000000 +0000 @@ -1419,6 +1419,14 @@ " --secure-protocol=PR 选择安全协议,可以是 auto、SSLv2、\n" " SSLv3 或是 TLSv1 中的一个。\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR 选择安全协议,可以是 auto、\n" +" SSLv3 或是 TLSv1 中的一个。\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/po/zh_TW.po =================================================================== --- wget-1.12.orig/po/zh_TW.po 2009-09-22 16:40:40.000000000 +0000 +++ wget-1.12/po/zh_TW.po 2011-04-25 17:27:05.000000000 +0000 @@ -1407,6 +1407,14 @@ " --secure-protocol=PR 選擇安全通訊協定,可以使用 auto, SSLv2, \n" " SSLv3 或 TLSv1\n" +#: src/main.c:586 +msgid "" +" --secure-protocol=PR choose secure protocol, one of auto,\n" +" SSLv3, and TLSv1.\n" +msgstr "" +" --secure-protocol=PR 選擇安全通訊協定,可以使用 auto,\n" +" SSLv3 或 TLSv1\n" + #: src/main.c:588 msgid "" " --no-check-certificate don't validate the server's certificate.\n" Index: wget-1.12/src/init.c =================================================================== --- wget-1.12.orig/src/init.c 2011-04-25 17:26:47.000000000 +0000 +++ wget-1.12/src/init.c 2011-04-25 17:26:47.000000000 +0000 @@ -1337,6 +1337,13 @@ { "tlsv1", secure_protocol_tlsv1 }, }; int ok = decode_string (val, choices, countof (choices), place); +#ifdef NO_SSLv2 + /* do not touch choices[] so that numeric values of options stay the same */ + if (ok && *((int *)place) == secure_protocol_sslv2) { + fprintf (stderr, _("SSLv2 has been deprecated since 1996 and is no longer available.\n")); + ok = 0; + } +#endif if (!ok) fprintf (stderr, _("%s: %s: Invalid value %s.\n"), exec_name, com, quote (val)); return ok; Index: wget-1.12/src/main.c =================================================================== --- wget-1.12.orig/src/main.c 2011-04-25 17:26:47.000000000 +0000 +++ wget-1.12/src/main.c 2011-04-25 17:26:47.000000000 +0000 @@ -583,9 +583,15 @@ #ifdef HAVE_SSL N_("\ HTTPS (SSL/TLS) options:\n"), +#ifndef NO_SSLv2 N_("\ --secure-protocol=PR choose secure protocol, one of auto, SSLv2,\n\ SSLv3, and TLSv1.\n"), +#else + N_("\ + --secure-protocol=PR choose secure protocol, one of auto,\n\ + SSLv3, and TLSv1.\n"), +#endif N_("\ --no-check-certificate don't validate the server's certificate.\n"), N_("\ Index: wget-1.12/src/openssl.c =================================================================== --- wget-1.12.orig/src/openssl.c 2009-09-22 15:24:45.000000000 +0000 +++ wget-1.12/src/openssl.c 2011-04-25 17:26:47.000000000 +0000 @@ -184,9 +184,11 @@ case secure_protocol_auto: meth = SSLv23_client_method (); break; +#ifndef NO_SSLv2 case secure_protocol_sslv2: meth = SSLv2_client_method (); break; +#endif case secure_protocol_sslv3: meth = SSLv3_client_method (); break; debian/patches/CVE-2017-6508.patch0000664000000000000000000000177413173442571013264 0ustar commit 4d729e322fae359a1aefaafec1144764a54e8ad4 Author: Tim Rühsen Date: Mon Mar 6 10:04:22 2017 +0100 Fix CRLF injection in Wget host part * src/url.c (url_parse): Reject control characters in host part of URL Reported-by: Orange Tsai Index: wget-1.15/src/url.c =================================================================== --- wget-1.15.orig/src/url.c 2017-10-23 15:39:35.713208652 -0400 +++ wget-1.15/src/url.c 2017-10-23 15:39:35.713208652 -0400 @@ -888,6 +888,17 @@ url_parse (const char *url, int *error, url_unescape (u->host); host_modified = true; + /* check for invalid control characters in host name */ + for (p = u->host; *p; p++) + { + if (c_iscntrl(*p)) + { + url_free(u); + error_code = PE_INVALID_HOST_NAME; + goto error; + } + } + /* Apply IDNA regardless of iri->utf8_encode status */ if (opt.enable_iri && iri) { debian/patches/CVE-2018-0494.patch0000664000000000000000000000340713274353507013260 0ustar From 1fc9c95ec144499e69dc8ec76dbe07799d7d82cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20R=C3=BChsen?= Date: Fri, 27 Apr 2018 10:41:56 +0200 Subject: Fix cookie injection (CVE-2018-0494) * src/http.c (resp_new): Replace \r\n by space in continuation lines Fixes #53763 "Malicious website can write arbitrary cookie entries to cookie jar" HTTP header parsing left the \r\n from continuation line intact. The Set-Cookie code didn't check and could be tricked to write \r\n into the cookie jar, allowing a server to generate cookies at will. --- src/http.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) Index: wget-1.15/src/http.c =================================================================== --- wget-1.15.orig/src/http.c +++ wget-1.15/src/http.c @@ -599,9 +599,9 @@ struct response { resp_header_*. */ static struct response * -resp_new (const char *head) +resp_new (char *head) { - const char *hdr; + char *hdr; int count, size; struct response *resp = xnew0 (struct response); @@ -630,15 +630,23 @@ resp_new (const char *head) break; /* Find the end of HDR, including continuations. */ - do + for (;;) { - const char *end = strchr (hdr, '\n'); + char *end = strchr (hdr, '\n'); + if (end) hdr = end + 1; else hdr += strlen (hdr); + + if (*hdr != ' ' && *hdr != '\t') + break; + + // continuation, transform \r and \n into spaces + *end = ' '; + if (end > head && end[-1] == '\r') + end[-1] = ' '; } - while (*hdr == ' ' || *hdr == '\t'); } DO_REALLOC (resp->headers, size, count + 1, const char *); resp->headers[count] = NULL; debian/patches/wget-doc-remove-usr-local-in-sample.wgetrc0000664000000000000000000000144112267274445020637 0ustar corrects the wgetrc path from /usr/local/etc/ to /etc/wgetrc in the sample wgetrc --- a/doc/sample.wgetrc +++ b/doc/sample.wgetrc @@ -10,7 +10,7 @@ ## Or online here: ## https://www.gnu.org/software/wget/manual/wget.html#Startup-File ## -## Wget initialization file can reside in /usr/local/etc/wgetrc +## Wget initialization file can reside in /etc/wgetrc ## (global, for all users) or $HOME/.wgetrc (for a single user). ## ## To use the settings in this file, you will have to uncomment them, @@ -19,7 +19,7 @@ ## -## Global settings (useful for setting up in /usr/local/etc/wgetrc). +## Global settings (useful for setting up in /etc/wgetrc). ## Think well before you change them, since they may reduce wget's ## functionality, and make it behave contrary to the documentation: ## debian/patches/CVE-2016-7098-2.patch0000664000000000000000000000520213173444320013407 0ustar Backport of: From 690c47e3b18c099843cdf557a0425d701fca4957 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Sun, 21 Aug 2016 15:21:44 +0200 Subject: Append .tmp to temporary files * src/http.c (struct http_stat): Add `temporary` flag. (check_file_output): Append .tmp to temporary files. (open_output_stream): Refactor condition to use hs->temporary instead. Reported-by: "Misra, Deapesh" Discovered by: Dawid Golunski (http://legalhackers.com) --- NEWS | 6 ++++++ src/http.c | 14 +++++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) #Index: wget-1.18/NEWS #=================================================================== #--- wget-1.18.orig/NEWS 2017-10-23 15:24:48.071905989 -0400 #+++ wget-1.18/NEWS 2017-10-23 15:24:48.067905947 -0400 #@@ -7,6 +7,12 @@ See the end for copying conditions. # # Please send GNU Wget bug reports to . # #+* Changes in Wget X.Y.Z #+ #+* On a recursive download, append a .tmp suffix to temporary files #+ that will be deleted after being parsed, and create them #+ readable/writable only by the owner. #+ # * Changes in Wget 1.18 # # * By default, on server redirects to a FTP resource, use the original Index: wget-1.15/src/http.c =================================================================== --- wget-1.15.orig/src/http.c 2017-10-23 15:38:08.268292652 -0400 +++ wget-1.15/src/http.c 2017-10-23 15:38:37.972603836 -0400 @@ -1451,6 +1451,7 @@ struct http_stat wgint orig_file_size; /* size of file to compare for time-stamping */ time_t orig_file_tstamp; /* time-stamp of file to compare for * time-stamping */ + bool temporary; /* downloading a temporary file */ }; static void @@ -2461,6 +2462,15 @@ read_header: } } + hs->temporary = opt.delete_after || opt.spider || !acceptable (hs->local_file); + if (hs->temporary) + { + char *tmp = NULL; + asprintf (&tmp, "%s.tmp", hs->local_file); + xfree (hs->local_file); + hs->local_file = tmp; + } + /* TODO: perform this check only once. */ if (!hs->existence_checked && file_exists_p (hs->local_file)) { @@ -2892,9 +2902,7 @@ read_header: open_id = 22; fp = fopen (hs->local_file, "wb", FOPEN_OPT_ARGS); #else /* def __VMS */ - if (opt.delete_after - || opt.spider /* opt.recursive is implicitely true */ - || !acceptable (hs->local_file)) + if (hs->temporary) { fp = fdopen (open (hs->local_file, O_BINARY | O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR), "wb"); } debian/patches/CVE-2017-13090.patch0000664000000000000000000000232013173442611013315 0ustar From 28925c37b72867c0819799c6f35caf9439080f83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20R=C3=BChsen?= Date: Fri, 20 Oct 2017 15:15:47 +0200 Subject: [PATCH 2/2] Fix heap overflow in HTTP protocol handling (CVE-2017-13090) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * src/retr.c (fd_read_body): Stop processing on negative chunk size Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint Reported-by: Juhani Eronen from Finnish National Cyber Security Centre --- src/retr.c | 6 ++++++ 1 file changed, 6 insertions(+) Index: wget-1.15/src/retr.c =================================================================== --- wget-1.15.orig/src/retr.c 2017-10-23 15:39:51.565374682 -0400 +++ wget-1.15/src/retr.c 2017-10-23 15:39:51.561374639 -0400 @@ -317,6 +317,12 @@ fd_read_body (int fd, FILE *out, wgint t remaining_chunk_size = strtol (line, &endl, 16); xfree (line); + if (remaining_chunk_size < 0) + { + ret = -1; + break; + } + if (remaining_chunk_size == 0) { ret = 0; debian/patches/CVE-2019-5953-pre.patch0000664000000000000000000000201313452720311014027 0ustar From cbbeca2af4962a648a2373b35cf8e497e11d90fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20R=C3=BChsen?= Date: Thu, 17 Dec 2015 17:41:32 +0100 Subject: [PATCH] Cleanup code * src/iri.c (do_conversion): Code cleanup --- src/iri.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) Index: wget-1.15/src/iri.c =================================================================== --- wget-1.15.orig/src/iri.c +++ wget-1.15/src/iri.c @@ -183,16 +183,10 @@ do_conversion (iconv_t cd, char *in, siz } else if (errno == E2BIG) /* Output buffer full */ { - char *new; - tooshort++; done = len; - outlen = done + inlen * 2; - new = xmalloc (outlen + 1); - memcpy (new, s, done); - xfree (s); - s = new; - len = outlen; + len = outlen = done + inlen * 2; + s = xrealloc (s, outlen + 1); *out = s + done; } else /* Weird, we got an unspecified error */ debian/patches/CVE-2014-4877.patch0000664000000000000000000001177212424442756013272 0ustar Description: fix remote code execution via absolute path traversal vulnerability in FTP Origin: upstream, http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 Origin: upstream, http://git.savannah.gnu.org/cgit/wget.git/commit/?id=69c45cba4382fcaabe3d86876bd5463dc34f442c Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766981 Index: wget-1.15/doc/wget.texi =================================================================== --- wget-1.15.orig/doc/wget.texi 2014-10-30 09:52:31.000000000 -0400 +++ wget-1.15/doc/wget.texi 2014-10-30 10:01:57.266485116 -0400 @@ -1837,17 +1837,18 @@ @cindex symbolic links, retrieving @item --retr-symlinks -Usually, when retrieving @sc{ftp} directories recursively and a symbolic -link is encountered, the linked-to file is not downloaded. Instead, a -matching symbolic link is created on the local filesystem. The -pointed-to file will not be downloaded unless this recursive retrieval -would have encountered it separately and downloaded it anyway. +By default, when retrieving @sc{ftp} directories recursively and a symbolic link +is encountered, the symbolic link is traversed and the pointed-to files are +retrieved. Currently, Wget does not traverse symbolic links to directories to +download them recursively, though this feature may be added in the future. -When @samp{--retr-symlinks} is specified, however, symbolic links are -traversed and the pointed-to files are retrieved. At this time, this -option does not cause Wget to traverse symlinks to directories and -recurse through them, but in the future it should be enhanced to do -this. +When @samp{--retr-symlinks=no} is specified, the linked-to file is not +downloaded. Instead, a matching symbolic link is created on the local +filesystem. The pointed-to file will not be retrieved unless this recursive +retrieval would have encountered it separately and downloaded it anyway. This +option poses a security risk where a malicious FTP Server may cause Wget to +write to files outside of the intended directories through a specially crafted +@sc{.listing} file. Note that when retrieving a file (not a directory) because it was specified on the command-line, rather than because it was recursed to, Index: wget-1.15/src/ftp.c =================================================================== --- wget-1.15.orig/src/ftp.c 2014-01-04 07:49:47.000000000 -0500 +++ wget-1.15/src/ftp.c 2014-10-30 10:02:00.150419536 -0400 @@ -2203,6 +2203,29 @@ return false; } +/* Test if the file node is invalid. This can occur due to malformed or + * maliciously crafted listing files being returned by the server. + * + * Currently, this function only tests if there are multiple entries in the + * listing file by the same name. However this function can be expanded as more + * such illegal listing formats are discovered. */ +static bool +is_invalid_entry (struct fileinfo *f) +{ + struct fileinfo *cur; + cur = f; + char *f_name = f->name; + /* If the node we're currently checking has a duplicate later, we eliminate + * the current node and leave the next one intact. */ + while (cur->next) + { + cur = cur->next; + if (strcmp(f_name, cur->name) == 0) + return true; + } + return false; +} + /* A near-top-level function to retrieve the files in a directory. The function calls ftp_get_listing, to get a linked list of files. Then it weeds out the file names that do not match the pattern. @@ -2240,11 +2263,11 @@ f = f->next; } } - /* Remove all files with possible harmful names */ + /* Remove all files with possible harmful names or invalid entries. */ f = start; while (f) { - if (has_insecure_name_p (f->name)) + if (has_insecure_name_p (f->name) || is_invalid_entry (f)) { logprintf (LOG_VERBOSE, _("Rejecting %s.\n"), quote (f->name)); Index: wget-1.15/src/init.c =================================================================== --- wget-1.15.orig/src/init.c 2014-01-04 07:49:47.000000000 -0500 +++ wget-1.15/src/init.c 2014-10-30 10:01:57.266485116 -0400 @@ -364,6 +364,22 @@ opt.dns_cache = true; opt.ftp_pasv = true; + /* 2014-09-07 Darshit Shah + * opt.retr_symlinks is set to true by default. Creating symbolic links on the + * local filesystem pose a security threat by malicious FTP Servers that + * server a specially crafted .listing file akin to this: + * + * lrwxrwxrwx 1 root root 33 Dec 25 2012 JoCxl6d8rFU -> / + * drwxrwxr-x 15 1024 106 4096 Aug 28 02:02 JoCxl6d8rFU + * + * A .listing file in this fashion makes Wget susceptiple to a symlink attack + * wherein the attacker is able to create arbitrary files, directories and + * symbolic links on the target system and even set permissions. + * + * Hence, by default Wget attempts to retrieve the pointed-to files and does + * not create the symbolic links locally. + */ + opt.retr_symlinks = true; #ifdef HAVE_SSL opt.check_cert = true; debian/patches/CVE-2017-13089.patch0000664000000000000000000000223713173442603013335 0ustar From 3dbc2e06ad487862c2fcc64d4891ff8aeb254bad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20R=C3=BChsen?= Date: Fri, 20 Oct 2017 10:59:38 +0200 Subject: [PATCH 1/2] Fix stack overflow in HTTP protocol handling (CVE-2017-13089) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * src/http.c (skip_short_body): Return error on negative chunk size Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint Reported-by: Juhani Eronen from Finnish National Cyber Security Centre --- src/http.c | 3 +++ 1 file changed, 3 insertions(+) Index: wget-1.15/src/http.c =================================================================== --- wget-1.15.orig/src/http.c 2017-10-23 15:39:45.461310751 -0400 +++ wget-1.15/src/http.c 2017-10-23 15:39:45.445310583 -0400 @@ -945,6 +945,9 @@ skip_short_body (int fd, wgint contlen, remaining_chunk_size = strtol (line, &endl, 16); xfree (line); + if (remaining_chunk_size < 0) + return false; + if (remaining_chunk_size == 0) { line = fd_read_line (fd); debian/patches/CVE-2019-5953.patch0000664000000000000000000000153313452720326013257 0ustar From 692d5c5215de0db482c252492a92fc424cc6a97c Mon Sep 17 00:00:00 2001 From: Tim Ruehsen Date: Fri, 5 Apr 2019 11:50:44 +0200 Subject: Fix a buffer overflow vulnerability * src/iri.c(do_conversion): Reallocate the output buffer to a larger size if it is already full diff --git a/src/iri.c b/src/iri.c index f4db38f..da9dc7f 100644 --- a/src/iri.c +++ b/src/iri.c @@ -185,9 +185,10 @@ do_conversion (iconv_t cd, char *in, size_t inlen, char **out) { tooshort++; done = len; - len = outlen = done + inlen * 2; - s = xrealloc (s, outlen + 1); - *out = s + done; + len = done + inlen * 2; + s = xrealloc (s, len + 1); + *out = s + done - outlen; + outlen += inlen * 2; } else /* Weird, we got an unspecified error */ { debian/changelog0000664000000000000000000014725613452720371011065 0ustar wget (1.15-1ubuntu1.14.04.5) trusty-security; urgency=medium * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2019-5953-*.patch: fix in src/iri.c. - CVE-2019-5953 -- Leonidas S. Barbosa Mon, 08 Apr 2019 16:28:33 -0300 wget (1.15-1ubuntu1.14.04.4) trusty-security; urgency=medium * SECURITY UPDATE: Cookie injection vulnerability - debian/patches/CVE-2018-0494.patch: fix cooking injection in src/http.c. - CVE-2018-0494 -- Leonidas S. Barbosa Tue, 08 May 2018 13:59:12 -0300 wget (1.15-1ubuntu1.14.04.3) trusty-security; urgency=medium * SECURITY UPDATE: race condition leading to access list bypass - debian/patches/CVE-2016-7098-1.patch: limit file mode in src/http.c. - debian/patches/CVE-2016-7098-2.patch: add .tmp to temp files in src/http.c. - debian/patches/CVE-2016-7098-3.patch: replace asprintf by aprint in src/http.c. - CVE-2016-7098 * SECURITY UPDATE: CRLF injection in url_parse - debian/patches/CVE-2017-6508.patch: check for invalid control characters in src/url.c. - CVE-2017-6508 * SECURITY UPDATE: stack overflow in HTTP protocol handling - debian/patches/CVE-2017-13089.patch: return error on negative chunk size in src/http.c. - CVE-2017-13089 * SECURITY UPDATE: heap overflow in HTTP protocol handling - debian/patches/CVE-2017-13090.patch: stop processing on negative chunk size in src/retr.c. - CVE-2017-13090 -- Marc Deslauriers Mon, 23 Oct 2017 15:39:58 -0400 wget (1.15-1ubuntu1.14.04.2) trusty-security; urgency=medium * SECURITY UPDATE: http to ftp redirect spoofed filenames - debian/patches/CVE-2016-4971.patch: understand --trust-server-names on a HTTP->FTP redirect in src/ftp.*, src/retr.c. - CVE-2016-4971 -- Marc Deslauriers Tue, 14 Jun 2016 10:50:13 +0300 wget (1.15-1ubuntu1.14.04.1) trusty-security; urgency=medium * SECURITY UPDATE: remote code execution via absolute path traversal vulnerability in FTP - debian/patches/CVE-2014-4877.patch: don't create local symlinks in src/init.c, check for duplicate file nodes in src/ftp.c, updated documentation in doc/wget.texi. - CVE-2014-4877 -- Marc Deslauriers Thu, 30 Oct 2014 10:02:13 -0400 wget (1.15-1ubuntu1) trusty; urgency=medium [ Colin Watson ] * Resynchronise with Debian. Remaining changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget. - Build-depend on libssl-dev 0.9.8k-7ubuntu4. - Pass --with-ssl=openssl; there's no udeb for gnutls. - Add a second build pass for the udeb, so we can build with -Os and without libidn. - Use dh_autotools-dev instead of custom config.{sub,guess} copy. [ Mark Russell ] * debian/rules: build wget-udeb to install its binary as /usr/bin/wget instead of /usr/bin/wget.gnu (LP: #1172101). -- Colin Watson Fri, 07 Feb 2014 17:42:45 +0000 wget (1.15-1) unstable; urgency=medium * new upstream release from 2014-01-19 Wget: fails with long file names in URLs Closes: #672131 Wget omits Host header for CONNECT Closes: #699337 Wget: Inaccurate catalan translation Closes: #697081 Cannot write to ... (Success) Closes: #716938 Regression: write error on wget -c for already fully retrieved file Closes: #696700 wget: NTLM not supported Closes: #718262 wget --no-check-certificate does check certificate in certain conditions Closes: #686837 * debian/control updated Standard-Version; no changes needed -- Noël Köthe Mon, 20 Jan 2014 20:17:54 +0100 wget (1.14.96.38327-2) experimental; urgency=low * debian/rules fix configure option --with-libidn Closes: #728735 -- Noël Köthe Fri, 08 Nov 2013 12:58:42 +0100 wget (1.14.96.38327-1) experimental; urgency=low * 1.15 alpha version from 2013-11-02 - removed patches which are included now upstream: wget-doc-fixitemx2item.patch wget-doc-remove2.nv.patch wget-doc-texi2pod_fixperl5.18change.patch - included fixes for Wget: fails with long file names in URLs Closes: #672131 Wget omits Host header for CONNECT Closes: #699337 Wget: Inaccurate catalan translation Closes: #697081 Cannot write to ... (Success) Closes: #716938 Regression: write error on wget -c for already fully retrieved file Closes: #696700 wget: NTLM not supported Closes: #718262 wget --no-check-certificate does check certificate in certain conditions Closes: #686837 * debian/control add Recommends ca-certificates to get https URLs working. Closes: #712540 * debian/rules fix lintian warning dh-clean-k-is-deprecated -- Noël Köthe Fri, 08 Nov 2013 08:14:32 +0100 wget (1.14-5ubuntu1) trusty; urgency=low * Merge from Debian unstable, remaining changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget. - Build-depend on libssl-dev 0.9.8k-7ubuntu4 - Pass --with-ssl=openssl; there's no udeb for gnutls. - Add a second build pass for the udeb, so we can build with -Os and without libidn. * Use dh_autotools-dev instead of custom config.{sub,guess} copy. -- Adam Conrad Tue, 10 Dec 2013 23:53:45 -0700 wget (1.14-4) unstable; urgency=low * fix manpage building error "Expected text after =item, not a number" with texi2man.pl patch from upstream git: http://git.savannah.gnu.org/cgit/wget.git/diff/?id=7f43748544f26008d0dd337704f02a6ed3200aaf Closes: #724191 -- Noël Köthe Mon, 23 Sep 2013 12:37:59 +0200 wget (1.14-3) experimental; urgency=low * build with GNUTLS 3.2 (libgnutls28-dev) to fix some https problems. closes: #707555, #652480 * debian/watch from bartm added. Thank you! * debian/control,rules switch to compact 9 and using system buildflags -- Noël Köthe Tue, 13 Aug 2013 15:35:05 +0200 wget (1.14-2ubuntu1) saucy; urgency=low * Merge from Debian unstable. Remaining changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. - Depend on libssl-dev 0.9.8k-7ubuntu4 - Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb for it. - Add a second build pass for the udeb, so we can build without libidn. - d/rules: Compile with -Os and disabling NLS/DEBUG in udeb to reduce code size. - d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild -- Oussama Bounaim Thu, 18 Jul 2013 14:29:40 +0100 wget (1.14-2) unstable; urgency=low * fix changed Texinfo 5 itemx vs item behaviour with patch wget-doc-fixitemx2item.patch closes: #711028 * remove second -nv in manpage wget-doc-remove2.nv.patch closes: #704085 * debian/control updated Standards-Version, no changes needed -- Noël Köthe Tue, 04 Jun 2013 10:58:22 +0200 wget (1.14-1ubuntu1) raring; urgency=low * Merge from Debian unstable. Remaining changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. - Depend on libssl-dev 0.9.8k-7ubuntu4 - Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb for it. - Add a second build pass for the udeb, so we can build without libidn. - d/rules: Compile with -Os and disabling NLS/DEBUG in udeb to reduce code size. - d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild -- Clint Byrum Wed, 07 Nov 2012 09:11:39 -0800 wget (1.14-1) unstable; urgency=low * new upstream release from 2012-08-07 - Add support for content-on-error. It allows to store the HTTP payload on 4xx or 5xx errors. closes: #247985 - Fix a memory leak problem in the GNU TLS backend. closes: #642563 - Add support for TLS Server Name Indication. closes: #653267 -- Noël Köthe Tue, 07 Aug 2012 11:09:50 +0200 wget (1.13.4.79-1) experimental; urgency=low * new alpha version 1.13.4.79-22f0 from 2012-07-14 * the former alpha problem "write error: Inappropriate ioctl for device" with -O - closes: #681394 -- Noël Köthe Mon, 16 Jul 2012 21:21:07 +0200 wget (1.13.4.59-1) experimental; urgency=low * alpha version 1.13.4.59-2b1dd from 2012-05-26 * debian/control using libuuid (warc.c) Thanks Tim for the hint. closes: Bug#666160 * debian/ control updated Standard-Version, no changes needed * removed upstream included patches: - wget-fr.po-spelling-correction - gnutls-client-cert -- Noël Köthe Mon, 09 Jul 2012 17:12:56 +0200 wget (1.13.4-3ubuntu1) quantal; urgency=low * Merge from Debian unstable, Remaining Changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. - Depend on libssl-dev 0.9.8k-7ubuntu4 - Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb for it. - Add a second build pass for the udeb, so we can build without libidn. - d/rules: Compile with -Os and disabling NLS/DEBUGin udeb to reduce code size. - d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild -- Clint Byrum Thu, 14 Jun 2012 12:29:44 -0700 wget (1.13.4-3) unstable; urgency=low [ Daniel Kahn Gillmor ] * Support client-side certificates when using GnuTLS. Closes: #646983 [ Noël Köthe ] * thx Daniel for your work with the gnutls-client-cert patch * updated Standards-Version to 3.9.3; no changes needed * debian/copyright updated upstream author to Giuseppe Scrivano -- Noël Köthe Mon, 09 Apr 2012 19:38:36 +0200 wget (1.13.4-2ubuntu1) precise; urgency=low * Merge from Debian unstable, Remaining Changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. - Depend on libssl-dev 0.9.8k-7ubuntu4 - Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb for it. - Add a second build pass for the udeb, so we can build without libidn. - d/rules: Compile with -Os and disabling NLS/DEBUGin udeb to reduce code size. * d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild -- Clint Byrum Fri, 10 Feb 2012 17:01:43 -0800 wget (1.13.4-2) unstable; urgency=low * added hardened build flag. thx Moritz for the patch closes: Bug#654908 -- Noël Köthe Fri, 13 Jan 2012 16:31:57 +0100 wget (1.13.4-1ubuntu2) precise; urgency=low * d/rules: Compile with -Os and disabling NLS/DEBUGin udeb to reduce code size. (LP: #893308) -- Clint Byrum Mon, 21 Nov 2011 16:14:12 -0800 wget (1.13.4-1ubuntu1) precise; urgency=low * Merge from Debian testing, remaining changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. - Depend on libssl-dev 0.9.8k-7ubuntu4 - Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb for it. - Add a second build pass for the udeb, so we can build without libidn. -- Steve Langasek Tue, 01 Nov 2011 17:42:30 -0400 wget (1.13.4-1) unstable; urgency=low * new upstream release 1.13.4 from 2011-09-17 -- Noël Köthe Fri, 21 Oct 2011 17:43:13 +0200 wget (1.13-1ubuntu1) precise; urgency=low * Merge from Debian unstable, remaining changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. - Depend on libssl-dev 0.9.8k-7ubuntu4 (LP: #503339) * Dropped changes, superseded in Debian: - Keep build dependencies in main: + debian/control: remove info2man build-dep + debian/patches/series: disable wget-infopod_generated_manpage - Mark wget Multi-Arch: foreign, so packages that aren't of the same arch can depend on it. * Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb for it. * Add a second build pass for the udeb, so we can build without libidn. -- Steve Langasek Wed, 19 Oct 2011 00:00:09 +0000 wget (1.13-1) unstable; urgency=low * new upstream release 1.13 from 2011-08-09 - updated wget-doc-remove-usr-local-in-wget.texi, wget-fr.po-spelling-correction, - removed wget-de.po-remove-double-quote-signs (latest de.po), CVE-2010-2252 (included upstream), wget-zh_CN.po-translation-correction, fix-paramter-spelling-error-in-wget.texi, refresh-pofiles - disabled disable-SSLv2 for the first upload see https://savannah.gnu.org/bugs/?33840 - includes latest po files. closes: Bug#607198 - bugs fixed with this release by upstream: -- IDN support: wget www.köln.de works:) closes: Bug#542145 -- wildcard documentation of -X closes: Bug#215128 -- wget -O - $URL says `-' saved but there is no file - closes: Bug#353326 -- 'wget -c -N' ignores timestamps closes: Bug#402001 -- missing a check for Subject Alternative Name (TLS cert.) closes: Bug#409938 -- wget segfaults when server returns empty HTTP response code closes: Bug#563872 -- wget: -A/-R vs. -O closes: Bug#565942 -- Unterminated C string in http_atotm() closes: Bug#581817 -- don't use PATH_MAX (FTBFS on hurd) closes: Bug#595538 -- info page points to not documented --cookies option closes: Bug#597468 -- SIGPIPE signal: wget over ssh orphans itself on ctrl+c closes: Bug#598731 -- wget --backup-converted does not work closes: Bug#624675 -- --adjust-extension renames .htm files closes: Bug#626438 -- wget: Invalid russian translation closes: Bug#502218 -- wget: shows only first 3 IP addresses of hostname closes: Bug#612450 * debian/control correct spelling in description. closes: Bug#635241 * debian/control replace libssl-dev by libgnutls-dev in build dependency -- Noël Köthe Tue, 12 Aug 2011 15:34:52 +0200 wget (1.12-5) unstable; urgency=low * minor update on patch CVE-2010-2252 to mention former option name --use-server-file-name. closes: #602008 * debian/control minor name change Noèl -> Noël ;) -- Noël Köthe Sat, 23 Jul 2011 16:21:11 +0200 wget (1.12-4) unstable; urgency=low * acknowledge NMUs. Thanks for your work Thorsten and Filippo closes: #622032 #614373 * updated Standards-Version: to 3.9.2 without changes * fixed lintian warning: - debian-rules-missing-recommended-target * debian/control add Multi-Arch: foreign closes: #614203 * removing wget-infopod_generated_manpage to get the old/upstream provided manpage and no the infopage as manpage. See 1.11.4-4 where it were changed. This will return some errors (incomplete sentences, some missing parts) which are caused by texi2pod. closes: #633702 #627468 #589993 #545091 * debian/control added libidn11-dev Build-Dep to get IDN support closes: #536692 #542145 * debian/control changed FTP and HTTP to uppercase in the description closes: #596358 * exit status is documented in the manpage. closes #179710 * --follow-ftp example in manpage made more accurate. closes #512578 -- Noèl Köthe Fri, 22 Jul 2011 10:22:53 +0200 wget (1.12-3.1ubuntu1) oneiric; urgency=low * Merge from Debian unstable, remaining changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. - Keep build dependencies in main: + debian/control: remove info2man build-dep + debian/patches/series: disable wget-infopod_generated_manpage - Depend on libssl-dev 0.9.8k-7ubuntu4 (LP: #503339) - Mark wget Multi-Arch: foreign, so packages that aren't of the same arch can depend on it. -- Steve Langasek Tue, 17 May 2011 19:46:25 +0000 wget (1.12-3.1) unstable; urgency=low * Non-maintainer upload. * debian/rules: move updating config.{guess,sub} from the clean target to the config.status target to avoid unnecessarily generating patch files with their content (these files are now simply removed by the clean target) * debian/patches/debian-changes-1.12-2: drop accordingly * debian/patches/disable-SSLv2: new; debian/rules: pass the new flag -DNO_SSLv2 to configure (Closes: #622032) * debian/rules: clean away _all_ files changed during build; debian/patches/refresh-pofiles: regenerate all pofiles, which will also be done during package build (these changes are made to keep the package buildable twice in a row) * Add missing B-D on autotools-dev -- Thorsten Glaser Mon, 25 Apr 2011 17:28:39 +0000 wget (1.12-3) unstable; urgency=low * Upload by Noèl Köthe ; * Convert all dpatch-based patches to quilt-based ones, thus fixing the bug reported by Lucas Nussbaum (closes: #614373). * Add one more patch fixing a typo in doc/wget.texi. -- Filippo Rusconi Thu, 17 Mar 2011 20:28:53 +0100 wget (1.12-2.1ubuntu2) natty; urgency=low * Mark wget Multi-Arch: foreign, so packages that aren't of the same arch can depend on it. -- Steve Langasek Sun, 20 Feb 2011 02:58:07 -0800 wget (1.12-2.1ubuntu1) natty; urgency=low * Merge from debian unstable (LP: #403070), remaining changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. - Keep build dependencies in main: + debian/control: remove info2man build-dep + debian/patches/00list: disable wget-infopod_generated_manpage.dpatch - Depend on libssl-dev 0.9.8k-7ubuntu4 (LP: #503339) * Dropped changes: - SECURITY UPDATE: arbitrary file overwrite via 3xx redirect + debian/patches/CVE-2010-2252.dpatch: don't use server names in doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}. + This update changes previous behaviour by ignoring the filename supplied by the server during redirects. To re-enable previous behaviour, see the new --trust-server-names option. + CVE-2010-2252: fixed in debian -- Lorenzo De Liso Tue, 02 Nov 2010 15:17:29 +0100 wget (1.12-2.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fixed CVE-2010-2252: use of server provided file name might lead to overwriting arbitrary files. Thanks to Marc Deslauriers and the Ubuntu Security team (Closes: #590296) -- Giuseppe Iuculano Sun, 05 Sep 2010 15:33:19 +0200 wget (1.12-2) unstable; urgency=low * acknoledge NMUs. Thanks for your work/help Matt and Anthony closes: #574185 * debian/source/format switched to dpkg-source 3.0 (quilt) format -- Noèl Köthe Fri, 09 Apr 2010 22:50:22 +0200 wget (1.12-1.2) unstable; urgency=low * Non-maintainer upload. * Revised po/zh_CN.po based on http://translationproject.org/PO-files/zh_CN/wget-1.12-pre6.zh_CN.po to correct mistranslation of " eta " etc. closes: Bug#570528 * Revised po/de.po to removed extraneous doubled quote signs in German locale. closes: Bug#571704 * debian/control updated Standards-Version to 3.8.4, no changes -- Anthony Fok Wed, 17 Mar 2010 06:19:26 +0800 wget (1.12-1.1ubuntu3) maverick; urgency=low * SECURITY UPDATE: arbitrary file overwrite via 3xx redirect - debian/patches/CVE-2010-2252.dpatch: don't use server names in doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}. - This update changes previous behaviour by ignoring the filename supplied by the server during redirects. To re-enable previous behaviour, see the new --trust-server-names option. - CVE-2010-2252 -- Marc Deslauriers Fri, 03 Sep 2010 09:19:11 -0400 wget (1.12-1.1ubuntu2) lucid; urgency=low * Rebuild against libssl-dev 0.9.8k-7ubuntu4 to fix wget-udeb dependencies (LP: #503339). -- Colin Watson Tue, 05 Jan 2010 16:31:46 +0000 wget (1.12-1.1ubuntu1) lucid; urgency=low * Merge from debian testing, remaining changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. * Keep build dependencies in main: - debian/control: remove info2man build-dep - debian/patches/00list: disable wget-infopod_generated_manpage.dpatch -- Marc Deslauriers Sat, 12 Dec 2009 08:15:59 -0500 wget (1.12-1.1) unstable; urgency=low * Non-maintainer upload. * debian/rules remove usr/share/info/dir after installing closes: Bug#550217 -- Matt Kraai Sun, 25 Oct 2009 16:59:51 -0700 wget (1.12-1) unstable; urgency=low * new upstream release from 2009-09-22 - fix CVE-2009-3490 "does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate" closes: Bug#549293 - updated config.{guess,sub} closes: Bug#528642 - remove IPv4 precedence from wget closes: Bug#481064 - support for IDN/IRI domains closes: Bug#405127 - fix output of non-verbose spider mode closes: Bug#338326 - fix --delete-after leaves robots.txt lying around closes: Bug#288716 - fix misleading error message when using -O - closes: Bug#250670 * debian/control updated Standards-Version to 3.8.3, no changes -- Noèl Köthe Tue, 06 Oct 2009 21:00:30 +0200 wget (1.11.4-4) unstable; urgency=low * [17c7ed7] debian/copyright wget.texi is licensed under GFDL 1.2 (fixes lintian warning about non-versioned GFDL) * [2ae02e0] debian/control debian/compat raising debhelper version to 5 (lintian warning) * [a17c14f] debian/control added misc:Depends dependency (debhelper; lintian warning) * [2e68922] generating the pod from the info file now with info2pod to have a complete documentation instead of the former one with broken sentences. closes: Bug#326622 - wget: Data missing in man page. closes: Bug#175810 - wget: man page --no-proxy truncated. closes: Bug#347988 - wget: manpage incomplete. closes: Bug#218292 -- Noèl Köthe Wed, 22 Jul 2009 16:53:54 +0200 wget (1.11.4-3) unstable; urgency=low * updated Standards-Version (no changes needed) * removed unneeded groff build dependency * added O2 optimization. closes: Bug#415421 * remove unneded 00template file * wget.info will be generated * generate .pot file -- Noèl Köthe Tue, 21 Jul 2009 21:56:21 +0200 wget (1.11.4-2ubuntu2) karmic; urgency=low * SECURITY UPDATE: SSL certificate bypass with NULL CN byte. - debian/patches/security-CVE-2009-3490.dpatch: make sure there is no NULL in the common-name in src/openssl.c. - CVE-2009-3490 -- Marc Deslauriers Mon, 05 Oct 2009 14:32:57 -0400 wget (1.11.4-2ubuntu1) jaunty; urgency=low * Merge from Debian unstable (LP: #295181), Ubuntu remaining changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. -- Pedro Fragoso Wed, 05 Nov 2008 03:41:48 +0000 wget (1.11.4-2) unstable; urgency=low * debian/copyright added missing GFDL notice (closes: #498145) Thanks Mike -- Noèl Köthe Sun, 07 Sep 2008 22:13:29 +0200 wget (1.11.4-1ubuntu1) intrepid; urgency=low * Merge from Debian unstable (LP: #249277), Ubuntu remaining changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. * Modify Maintainer value to match Debian-Maintainer-Field Spec -- Pedro Fragoso Tue, 01 Jul 2008 11:58:02 +0100 wget (1.11.4-1) unstable; urgency=low * new upstream release from 2008-06-30 - fixed "Combination of -nc and -O options fails download" (closes: #486647) * debian/control: updated to Standards-Version: 3.8.0 -- Noèl Köthe Mon, 30 Jun 2008 21:50:41 +0200 wget (1.11.3-1ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. -- Michael Vogt Mon, 09 Jun 2008 17:15:56 +0200 wget (1.11.3-1) unstable; urgency=low * new upstream release from 2008-05-29 * debian/rules: added cross build support (closes: Bug#451285) -- Noèl Köthe Fri, 06 Jun 2008 22:13:19 +0200 wget (1.11.2-1ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. -- Michael Vogt Tue, 27 May 2008 11:49:54 +0200 wget (1.11.2-1) unstable; urgency=low * new upstream release from 2008-05-01 - "The combination of -r or -p with -O, which was disallowed in 1.11, has been downgraded to a warning in 1.11.2." (closes: #475475) * removed debian/patches/wget-de.po-spelling-correction which was fixed by the upstream translation team -- Noèl Köthe Thu, 01 May 2008 14:43:35 +0200 wget (1.11.1-1) unstable; urgency=low * new upstream release from 2008-03-24 * debian/control added Homepage field -- Noèl Köthe Tue, 25 Mar 2008 11:52:56 +0100 wget (1.11-1) unstable; urgency=low * new upstream release fixes - http server returns negative size (closes: #456259) - documented feature --ignore-case is now there;) (closes: #471499 #434700) - Content-Disposition header (closes: #203241) - many FTP 220 responses at once (closes: #407571) - seg fault on amd64 (closes: #412586) - outdated experimantal version (closes: #441738) - HTTP and --contine (closes: #378691) * corrected wget-de.po-spelling-correction * no TODO file anymore, removed from debian/docs * updated Standards-Version to 3.7.3 * updated debian/copyright to GPL v3 -- Noèl Köthe Wed, 19 Mar 2008 14:20:22 +0100 wget (1.10.2-3ubuntu1) gutsy; urgency=low * Merge from debian unstable, remaining changes: - Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. - Ubuntu Maintainer foobar. -- Fabio M. Di Nitto Mon, 18 Jun 2007 10:20:55 +0200 wget (1.10.2-3) unstable; urgency=low * Generate a POT file (thanks Martin) (closes: Bug#376075) * added missing -O2 optimization (closes: Bug#415421) * removed unneeded groff build-dep (closes: Bug#399478) * corrected lintian warning debian-rules-sets-DH_COMPAT -- Noèl Köthe Sat, 16 Jun 2007 13:19:56 +0200 wget (1.10.2-2ubuntu2) feisty; urgency=low * Add wget-udeb to ship wget.gnu as alternative to busybox wget implementation. -- Fabio M. Di Nitto Wed, 13 Dec 2006 11:41:09 +0100 wget (1.10.2-2ubuntu1) edgy; urgency=low * Merge to Debian unstable (only change: POT file generation). -- Martin Pitt Fri, 30 Jun 2006 08:34:48 +0200 wget (1.10.2-2) unstable; urgency=medium * updating wget.texi from upstream svn (r2167) this GFDL doc has the invariant sections removed (closes: Bug#323099) * updated Standards-Version to 3.7.2 -- Noèl Köthe Wed, 28 Jun 2006 18:12:56 +0200 wget (1.10.2-1ubuntu1) dapper; urgency=low * debian/rules: Generate a POT file, remove it in clean rule. -- Martin Pitt Thu, 4 May 2006 04:50:47 +0200 wget (1.10.2-1) unstable; urgency=high * new upstream release which fixes a NTLM Buffer Overflow Vulnerability -- Noèl Köthe Thu, 13 Oct 2005 16:59:03 +0200 wget (1.10.1-2) unstable; urgency=low * rebuild against libssl 0.9.8 -- Noèl Köthe Fri, 07 Oct 2005 10:00:19 +0200 wget (1.10.1-1) unstable; urgency=low * 1.10.1 release from 2005-08-17 -- Noèl Köthe Fri, 19 Aug 2005 21:35:51 +0200 wget (1.10-3+1.10.1beta1) unstable; urgency=medium * 1.10.1beta1 release * remove all patches included in this version from patches/ - wget-dont_pattern_match_server_redirects - wget-E_html_behind_file_counting - wget-fix_error--save-headers * fixed assertion fails when manually setting cookies problem (closes: Bug#316033) * fixed --non-verbose in --help/documentation discrepancy (closes: Bug#313091) * fixed Internationalization is incomplete - only translation provided (closes: Bug#148583) * fixed Priority to important (from override) -- Noèl Köthe Thu, 07 Jul 2005 23:36:39 +0200 wget (1.10-2) unstable; urgency=medium * wget-fix_error--save-headers patch from upstream (closes: Bug#314728) * don't pattern-match server redirects patch from upstream (closes: Bug#163243) * correct de.po typos (closes: Bug#313883) * wget-E_html_behind_file_counting fix problem with adding the numbers after the html extension * updated Standards-Version: to 3.6.2 -- Noèl Köthe Sun, 26 Jun 2005 16:46:25 +0200 wget (1.10-1) unstable; urgency=low * new upstream release *yippie*;) * using now dpatch for package changes * long awaited large file system (LFS) is included (closes: Bug#240281) (closes: Bug#181634) (closes: Bug#263455) (closes: Bug#282413) * double slash problem fixed (closes: Bug#184415) * length of body is now checked (closes: Bug#271265) * Crashes when parsing malformed directory listings from FTP server fixed (closes: Bug#279901) * fixes ~ unsafe character (closes: Bug#301624) * fixed commas in directory names (closes: Bug#215134) * incorrect indication in the man page is now corrected (closes: Bug#222695) * fixed --limit-rate disabled when retrying a download (closes: Bug#232276) * --no-http-keep-alive option now in the doc (closes: Bug#290887) * fixed recursion breaks on tag (closes: Bug#310416) * added (error) messages for syntax errors in .wgetrc (closes: Bug#182523) * fixed http basic auth fails if (empty) password is not specified (closes: Bug#184463) * removed @ chars in manpage (closes: Bug#228437) * added EXAMPLES section to the manpage (closes: Bug#261526) * added --retry-connrefused to manpage (closes: Bug#268861) * corrected paths of wgetrc (closes: Bug#308171) * reenabled ipv6 support (closes: Bug#288385) * ca.po from 2005-04-28 12:13+0200 (closes: Bug#296182) * fixed https CONNECT proxying (closes: Bug#284550) * fixed --limit-rate option is ignored when resizing the xterm (closes: Bug#153652) * fixed -m sets atimet to remote mtime (closes: Bug#32712) -- Noèl Köthe Thu, 09 Jun 2005 23:28:23 +0200 wget (1.9.1-12) unstable; urgency=high * reverted symlink patch from Adam (closes: Bug#310318) * applied backported patch from Hrvoje Niksic/upstream from wget 1.10 to fix symlink attack (CAN-2004-2014) (closes: #308622) * added missing CAN numbers to -11 changelog (http://lists.debian.org/debian-release/2005/05/msg00385.html) -- Noèl Köthe Mon, 23 May 2005 15:30:01 +0200 wget (1.9.1-11.1) unstable; urgency=high * Non-maintainer upload. * Fix symlink attack (CAN-2004-2014) (closes: #308622) * Removed erroneous chmod 0600 on target file in ftp.c. This is not needed. There is a reason that we have a umask. -- Adam Majer Sat, 20 May 2005 00:26:53 -0500 wget (1.9.1-11) unstable; urgency=high * going back to -8 status to have minimal changes to current sarge version * backported fixes from Hrvoje Niksic/upstream from wget 1.10 cvs version (thanks alot Hrvoje Niksic!): - adds the filtering of control chars CAN-2004-1488 (closes: Bug#261755) - prevents hosts named ".." from writing to ../. and prevents "%00" truncating C strings that hold URLs CAN-2004-1487 (closes: Bug#284875) * removed unneeded texi2html build-dep (closes: Bug#305425) -- Noèl Köthe Thu, 05 May 2005 22:58:58 +0200 wget (1.9.1-10) unstable; urgency=low * stupid forgotten dpatch build-dep (closes: Bug#279256) -- Noèl Köthe Mon, 01 Nov 2004 21:03:25 +0100 wget (1.9.1-9) unstable; urgency=low * back to dpatch again because this version will not go into sarge.;) -- Noèl Köthe Mon, 01 Nov 2004 15:56:55 +0100 wget (1.9.1-8) unstable; urgency=low * removed dpatch again because release team doesn't want such substantial changes (closes: Bug#274810) -- Noèl Köthe Mon, 04 Oct 2004 19:58:57 +0200 wget (1.9.1-7) unstable; urgency=low * using dpatch to make it easier to maintain all the applied patches * removed README.build because its all now in the patched -- Noèl Köthe Sat, 02 Oct 2004 11:06:39 +0200 wget (1.9.1-6) unstable; urgency=high * added patch from Jan Minar which corrects his own patch to have it multibyte aware (Thanks again alot for your help Jan!) (closes: Bug#271931) (closes: Bug#272889) -- Noèl Köthe Sat, 02 Oct 2004 10:10:55 +0200 wget (1.9.1-5) unstable; urgency=high * added patch from Jan Minar which corrects the parsing/filtering of answer from servers (CAN-2004-0912) (Thanks alot for your help Jan!) (closes: Bug#261755) * documenting incompatibility of -k and -O (closes: Bug#197916) -- Noèl Köthe Mon, 13 Sep 2004 22:55:58 +0200 wget (1.9.1-4) unstable; urgency=low * made passive the default. sorry forgot again.:( * corrected charset in de.po (thx Michael) (closes: Bug#225528) * updated fr.po and corrected the requested words (closes: Bug#181788) * --limit-rate is in the manpage (closes: Bug#222033) -- Noèl Köthe Fri, 13 Feb 2004 20:26:44 +0100 wget (1.9.1-3) unstable; urgency=low * disabled ipv6 again because its broken on ipv4 only there is a better implementation in the cvs (try wget-cvs from experimental) (closes: Bug#223205) * removed -D_LARGEFILE_SOURCE from CFLAGS because upstream told me it makes problems. -- Noèl Köthe Sun, 7 Dec 2003 15:50:00 +0100 wget (1.9.1-2) unstable; urgency=low * ipv6 were disabled by default. reenabled it. * correct charset of german locale (closes: Bug#221516) -- Noèl Köthe Sat, 6 Dec 2003 13:38:00 +0100 wget (1.9.1-1) unstable; urgency=low * corrected upstream name and E-mail address in debian/copyright * corrected path of config file in /etc/wgetrc (closes: Bug#219989) * fixed wget urldecodes twice a filename (closes: Bug#218022) * fixed erroneously uses absolute path names (closes: Bug#215159) -- Noèl Köthe Thu, 14 Nov 2003 21:23:00 +0100 wget (1.9-1) unstable; urgency=low * new upstream release from 2003-10-22 * problem with invalid command line were fixed (closes: Bug#173597) * msecs >= 0 / the problem when the clock changed during a dowmload were fixed (closes: Bug#150522) * "wget -O - url >> foo overwrites foo" problem is fixed (closes: Bug#182398) * "wget [1]+" is fixed now (closes: Bug#178430) * the 307 code were added today to the cvs (closes: Bug#202825) * cookie download has been fixed (closes: Bug#195878) * spelling error in manpage were fixed (closes: Bug#193358) * "`Please' undeclared (first use in this function)" warnings are fixed in 1.9. explanation from author: "This problem no longer exists in the 1.9 code base, because the erroris no longer being thrown. (It caused problems when a library includeincluded , which under glibc does some *very* heavypreprocessor magic.)Anyway, thanks for the patch." (closes: Bug#208697) * "unsafe" characters problem fixed (closes: Bug#114432) * multi download of the same file problem is fixed (closes: Bug#210224) * limit rate problem with 1k is fixed (closes: Bug#214317) * window size is set automatical now. if this isn't enough pleas tell me. (closes: Bug#149075) * support now --post-data=action=brush_teeth (just an example) (closes: Bug#132699) * correct documentation: removed not needed parenthesized subsentence (closes: Bug#217230) * 1.9 changed the "--tries" documentation and its now correct (closes: Bug#217227) * spaces in ftp password works now (closes: Bug#212642) * updated Standards-Version -- Noèl Köthe Thu, 25 Oct 2003 15:02:00 +0200 wget (1.8.2-12) unstable; urgency=low * converted changelog, control and copyrigh to utf-8 * added patch from Philip Stadermann to fix segfault when downloading from ftp with this command: wget --passive-ftp --limit-rate 32k -r -nc -l 50 \ -X */binary-alpha,*/binary-powerpc,*/source,*/incoming \ -R alpha.deb,powerpc.deb,diff.gz,.dsc,.orig.tar.gz \ ftp://ftp.gwdg.de/pub/x11/kde/stable/3.1.4/Debian thx Philip -- Noèl Köthe Tue, 14 Oct 2003 22:49:00 +0200 wget (1.8.2-11) unstable; urgency=low * added --tries default to documentation (closes: Bug#181150) * changed one line description of wget from "GNU Wget Manual" to "commandline tool for retrieving files using HTTP, HTTPS and FTP" (closes: Bug#187455) * updated Standards-Version -- Noel Koethe Mon, 25 Aug 2003 22:50:00 +0200 wget (1.8.2-10) unstable; urgency=low * upload for rebuild on m68k -- Noel Koethe Mon, 17 Mar 2003 23:22:00 +0100 wget (1.8.2-9) unstable; urgency=low * rebuild against libssl0.9.7 -- Noel Koethe Thu, 30 Jan 2003 12:02:00 +0100 wget (1.8.2-8) unstable; urgency=high * fixed Directory Traversal Vulnerabilities security problem described in http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html (closes: Bug#172603) woody is handled by the security team and will follow soon. -- Noel Koethe Wed, 11 Dec 2002 12:21:00 +0100 wget (1.8.2-7) unstable; urgency=low * updated config.guess and config.sub for mips/mipsel (closes: Bug#172457) -- Noel Koethe Tue, 10 Dec 2002 13:02:00 +0100 wget (1.8.2-6) unstable; urgency=high * applied patch from Baruch Even to fix seg fault with special url line reported by Stefano Zacchiroli . Thanks!! * applied ipv6 patch from Fabio Massimo Di Nitto (closes: Bug#162046) -- Noel Koethe Tue, 3 Dec 2002 10:38:00 +0100 wget (1.8.2-5) unstable; urgency=low * removed debian/conffile because /etc/wgetrc ist included by debhelper (closes: Bug#155789) * added largefile support patch from Eduard Bloch (closes: Bug#137989) -- Noel Koethe Sat, 24 Aug 2002 23:29:00 +0200 wget (1.8.2-4) unstable; urgency=high * corrected .netrc parsing bug (closes: Bug#152990) -- Noel Koethe Mon, 15 Jul 2002 08:30:00 +0200 wget (1.8.2-3) unstable; urgency=low * corrected wgetrc path in /etc/wgetrc (closes: Bug#148575) -- Noel Koethe Thu, 30 May 2002 21:00:00 +0200 wget (1.8.2-2) unstable; urgency=low * forgot to add ssl build-deps; add libssl-dev and texi2html to build-depends (closes: Bug#148481) -- Noel Koethe Wed, 26 May 2002 15:54:00 +0200 wget (1.8.2-1) unstable; urgency=low * new upstream 1.8.2 from 2002-05-26 * added OpenSSL exception to debian/copyright * wget has now an OpenSSL exception and crypto into main is allowed so this version is build with https: support * upstream fixed problem with segfault when using wrong URLs (closes: Bug#139059) (closes: Bug#140076) * upstream documented --limit-rate (closes: Bug#147009) * passive_ftp = on in /etc/wgetrc (closes: Bug#105278) * --reject option in the dosumentation has now a link to "Types of Files" where pattern is described. (closes: Bug#135498) * added upstream patch to correct wrong return (closes: Bug#117774) * since 1.8x you can use .netrc to store machine dependant accounts (closes: Bug#114366) -- Noel Koethe Wed, 26 May 2002 07:29:00 +0200 wget (1.8.1-6) unstable; urgency=medium * upstream provided a patch for the documentation which warns of passwords in process list (closes: Bug#106361) * addedpatch from Junichi Uekawa, which gives out a warning when using -np, to have no broken option potato -> woody (closes: Bug#140564) -- Noel Koethe Sun, 14 Apr 2002 16:06:00 +0200 wget (1.8.1-5) unstable; urgency=low * corrected some typos in description (closes: Bug#137512) -- Noel Koethe Fri, 29 Mar 2002 13:49:00 +0100 wget (1.8.1-4) unstable; urgency=low * removed texi2html (not needed anymore) (closes: Bug#135497) * closing fixed problem in v 1.8.1 (closes: Bug#61433) -- Noel Koethe Tue, 26 Feb 2002 13:29:00 +0100 wget (1.8.1-3) unstable; urgency=low * added texinfo to Build-Deps (closes: Bug#134830) * fixed problem with wget info page (closes: Bug#134855) -- Noel Koethe Wed, 20 Feb 2002 10:35:00 +0100 wget (1.8.1-2) unstable; urgency=medium * corrected parsing of .netrc (closes: Bug#134463) * will close the fixed bugs of wget tomorrow * if crypto will be allowed in main,I will remove wget-ssl and compile wget with ssl support * corrected references to global config file in manpage (closes: Bug#133701) * added an upstream patch to make DO_REALLOC_FROM_ALLOCA in wget.h work * added an upstream patch to correct quotations of : and @ in username and password (closes: Bug#88314) * added an upstream patch to correct handling of (without "a content") -- Noel Koethe Tue, 19 Feb 2002 10:12:00 +0100 wget (1.8.1-1) unstable; urgency=low * took the package -- Noel Koethe Mon, 18 Feb 2002 09:40:00 +0100 wget (1.8.1-0.2) unstable; urgency=low * corrected dependencies. Sorry. -- Noel Koethe Fri, 8 Feb 2002 00:02:00 +0100 wget (1.8.1-0.1) unstable; urgency=low * NMU with help from Guillaume Morin * new upstream version (closes: Bug#123878) * updated description with description from homepage * closing Bugs checked by Guillaume Morin : Thanks to him for this work. (closes: Bug#43857) (closes: Bug#48727) (closes: Bug#58899) (closes: Bug#117898) (closes: Bug#117970) (closes: Bug#119838) (closes: Bug#130281) -- Noel Koethe Fri, 8 Feb 2002 16:23:00 +0100 wget (1.7-3) unstable; urgency=low * It now exits with non-zero status if an unkwnown option was given (closes:Bug#108334). * Added updated Japanese translation contributed by Hiroyuki YAMAMORI (closes:Bug#116197). -- Nicolás Lichtmaier Sun, 21 Oct 2001 18:02:53 -0300 wget (1.7-2.1) unstable; urgency=low * Non-maintainer upload * Incorporate drow's patch. Uses __va_copy() to prevent segfaults on powerpc due to by-reference passing of va_list's. (closes:Bug#109348) -- Michael Weber Tue, 25 Sep 2001 05:40:17 -0400 wget (1.7-2) unstable; urgency=low * It now calls daemon(3) when working in the background (-b). This makes wget close stdin/stdout/stderr and puts the background process in a new session. This made ssh hang when one started `wget -b' and logged out. * Minor fix to Spanish translation. * Made it print numbers using the proper locale symbols for the decimal separator and thousands grouping. -- Nicolás Lichtmaier Sat, 11 Aug 2001 15:22:16 -0300 wget (1.7-1) unstable; urgency=low * New upstream release (closes:Bug#102424,Bug#100154). * The manpage is now automatically generated from the texinfo source. I've readded the EXAMPLES section to it. Configuration file options and conceptual descriptions are only in the info docs for now (so this closes:Bug#97484, which was about an error in the documented startup options) and... * In the new manpage -U is documented (closes:Bug#92663). * Passive_ftp option not in manpage, but there are no more config options there! (closes:Bug#97982). * It now correctly prints accented characters (closes:Bug#97582). * Added build-depends for perl, since wget now uses pod2man. * Merged the new upstream Spanish translation with my old one. * Fixed a message in http.c so it can be translated properly. -- Nicolás Lichtmaier Tue, 7 Aug 2001 10:01:29 -0300 wget (1.6-2) unstable; urgency=low * Really updated Spanish messages. * Fixed SIGSEGV when doing: wget -nv -r --passive-ftp '#asda:asdasd' (closes:Bug#81536). -- Nicolás Lichtmaier Tue, 27 Feb 2001 23:42:54 -0300 wget (1.6-1) unstable; urgency=low * New upstream release (closes:Bug#81130). * This version seems to properly converts HTML entities (closes:Bug#65790). * Now supports non-compliant redirections with a relative URL in their Location: headers (closes:Bug#62431,Bug#64449). * It now longer converts // in URLs to / outside of the path area of the URL (closes:Bug#61386). * Updated Spanish translation. * Updated manpage to 1.6 version. * Merged previous Debian patches to this new release. * The sort version of the --cache option was missing from the getopt invocation, now -C works (closes:Bug#67106). * Added `setlocale (LC_CTYPE, "")' to enable the display of non-ASCII characters in localized messages. -- Nicolás Lichtmaier Sun, 25 Feb 2001 23:56:47 -0300 wget (1.5.3-7) unstable; urgency=low * Fixes to German translation contributed by Jonathan Picht (closes:Bug#80841). * Added build-time dependency on gettext. -- Nicolás Lichtmaier Sun, 31 Dec 2000 17:25:05 -0300 wget (1.5.3-6) unstable; urgency=low * Updated Spanish messages with contribution from Carlos Horny . * Added groff as a build-dependency (closes:Bug#72471). -- Nicolás Lichtmaier Sun, 1 Oct 2000 19:03:16 -0300 wget (1.5.3-5) unstable; urgency=low * Changed fix for not including for the upstream version, just to keep the code similar. * Selected patches from the upstream CVS 'eternal beta' version. * Fixed small memory leak. * Why does it free memory allocated with alloca()? Fixed. * Follow " Sun, 24 Sep 2000 01:22:00 -0300 wget (1.5.3-4) unstable; urgency=low * Do not add :80 to Host header to cope with broken HTTP servers (closes:Bug#39346). * Added Build-Depends header. * Uses standard texi2html from the Debian package. -- Nicolás Lichtmaier Mon, 28 Aug 2000 00:40:04 -0300 wget (1.5.3-3) unstable; urgency=low * Added --base option to info documentation with text taken from the manpage. Uhm.. someone needs to keep this info file upto-date with the manpage... perhaps I should remove the info docs.. =) =) (closes: Bug#39808). * Added Janapese messages from ja-tans package (closes:Bug#43847). * Added `--cut-dirs' to manpage (closes:Bug#42129). * Moved docs under /usr/share. * Updated `Standards-Version' to 3.0.1. * Added call to dh_clean, it was generating repeating maintainer scripts without that! =). * Updated copyright file. * Removed redundant menu entry (closes:Bug#42510). -- Nicolás Lichtmaier Sun, 10 Oct 1999 06:04:32 -0300 wget (1.5.3-2) unstable; urgency=low * Updated maintainer address. * Switched to debhelper. * Added doc-base support (closes: #31165). * Added define needed to get strptime prototype. * Added the AUTHORS file to /usr/doc/wget. -- Nicolás Lichtmaier Sun, 20 Jun 1999 18:33:01 -0300 wget (1.5.3-1.1) frozen unstable; urgency=high * fix bug #33624 (of severity 'Important' for security reasons). -- Vincent Renardias Sat, 20 Feb 1999 22:49:00 +0100 wget (1.5.3-1) unstable; urgency=low * Uses src/ChangeLog as upstream changelog. * Added `SHELL=/bin/bash' to debian/rules. * Changed references to /usr/local/etc/wgetrc to /etc/wgetrc. * New upstream release, fixes bug #26989. -- Nicolás Lichtmaier Sat, 26 Sep 1998 08:06:22 -0300 wget (1.5.1-1) unstable; urgency=low * Stripped .note and .comment sections from binary. * Added a short disclaimer to manpage. There will probably be more changes when I have the time. * Really changed maintainer now. * New upstream release. -- Nicolás Lichtmaier Sun, 17 May 1998 01:18:18 -0300 wget (1.5.0-2) unstable; urgency=low * Updated manpage. * Improved an error message. -- Nicolás Lichtmaier Sun, 26 Apr 1998 11:04:42 -0300 wget (1.5.0-1) unstable; urgency=low * Readded manpage (removed upstream, needs updating). * Moved html to html subdir and updated menu file. * Updated copyright file. * Taken over by me =). * New upstream release. -- Nicolás Lichtmaier Mon, 20 Apr 1998 23:19:00 -0300 wget (1.4.5-0.1) unstable; urgency=low * Register html documentation with dwww. * Fixed location of config file (bugs #13722, #11359). * Fixed `*.info' installation. * Removed useless README.debian. * Removed generated html files from diff. * Built with libc6. * Keep files' date. * Added AUTHOR information to copyright file. * Added MAILING-LIST, TODO and ChangeLog (as changelog.gz) to installed documentation. * Many packaging fixes. * New upstream release (non-maintainer upload), fixes bugs #9865,#10421. -- Nicolás Lichtmaier Sat, 18 Oct 1997 21:23:12 -0300 wget (1.4.4-6) frozen unstable; urgency=low * Closes bug #8370: applied small patch by the upstream author * Hrvoje Niksic . * Patch sent to me by Barak Pearlmutter . -- J. Ramos Goncalves Fri, 28 Mar 1997 14:38:42 +0000 wget (1.4.4-5) frozen unstable; urgency=low * Closes bug #8335: wget man page was referring to /usr/local/lib/wgetrc * instead of /etc/wgetrc (corrected also for the html documentation). -- J. Ramos Goncalves Wed, 26 Mar 1997 15:15:12 +0000 wget (1.4.4-4) unstable; urgency=low * Closed bug #7977: corrected md5sum for files README, README.debian, * changelog.Debian, and buildinfo.Debian. -- J. Ramos Goncalves Mon, 10 Mar 1997 10:32:10 +0000 wget (1.4.4-3) unstable; urgency=low * Closed bug #7868: size of the *.html document is not against the * policy. * Bug #7865 fixed: withdrawn unnecessary message in postint. -- J. Ramos Goncalves Thu, 06 Mar 1997 23:12:20 +0000 wget (1.4.4-2) unstable; urgency=low * Bug #7768 fixed: wget.info gets installed now. -- J. Ramos Goncalves Sun, 02 Mar 1997 23:38:25 +0000 wget (1.4.4-1) unstable; urgency=low * New upstream version. -- J. Ramos Goncalves Tue, 25 Feb 1997 01:02:00 +0000 wget (1.4.3-1) unstable; urgency=low * New upstream version. * New maintainer. -- J. Ramos Goncalves Thu, 13 Feb 1997 23:15:18 +0000 wget (1.4.0-1) unstable; urgency=low * Initial Release. -- Christian Schwarz Mon, 18 Nov 1996 00:59:57 +0100