Change logs for wget source package in Bionic

  • wget (1.19.4-1ubuntu2.2) bionic-security; urgency=medium
    
      * SECURITY UPDATE: Access to sensitive information
        - debian/patches/CVE-2018-20483-*.patch: fix in
          src/ftp.c, src/http.c, src/xattr.c, src/xattr.h,
          src/init.c, src/main.c, doc/wget.texi.
        - CVE-2018-20483
      * SECURITY UPDATE: Buffer overflow
        - debian/patches/CVE-2019-5953-*.patch: fix in
          src/iri.c.
        - CVE-2019-5953
    
     -- <email address hidden> (Leonidas S. Barbosa)  Mon, 08 Apr 2019 15:51:50 -0300
  • wget (1.19.4-1ubuntu2.1) bionic-security; urgency=medium
    
      * SECURITY UPDATE: Cookie injection vulnerability
        - debian/patches/CVE-2018-0494.patch: fix cooking injection
          in src/http.c.
        - CVE-2018-0494
    
     -- <email address hidden> (Leonidas S. Barbosa)  Tue, 08 May 2018 14:02:01 -0300
  • wget (1.19.4-1ubuntu2) bionic; urgency=high
    
      * No change rebuild against openssl1.1.
    
     -- Dimitri John Ledkov <email address hidden>  Mon, 05 Feb 2018 16:55:42 +0000
  • wget (1.19.4-1ubuntu1) bionic; urgency=low
    
      * Merge from Debian unstable.  Remaining changes:
        - Don't Build-Depend on libgnutls28-dev.
        - Pass --with-ssl=openssl
        - Enable parallel builds.
        - debian/patches/disable-SSLv3.patch: properly detect SSLv3 being
          disabled on Ubuntu because the method still exists for ABI reasons.
        - debian/control: add pkg-config to Build-Depends.
    
    wget (1.19.4-1) unstable; urgency=medium
    
      * new upstream release from 2018-01-21
        removed patches from 1.19.3-2
      * debian/control changed Priority from important to standard see #834811
      * debian/compat to 11 and removed then unneded build-depends autotools-dev
    
     -- Julian Andres Klode <email address hidden>  Mon, 05 Feb 2018 14:38:47 +0100
  • wget (1.19.3-2ubuntu1) bionic; urgency=low
    
      * Merge from Debian unstable.  Remaining changes:
        - Don't Build-Depend on libgnutls28-dev.
        - Pass --with-ssl=openssl
        - Enable parallel builds.
        - debian/patches/disable-SSLv3.patch: properly detect SSLv3 being
          disabled on Ubuntu because the method still exists for ABI reasons.
        - debian/control: add pkg-config to Build-Depends.
    
    wget (1.19.3-2) unstable; urgency=medium
    
      * added upstream patches:
        - 0001-Switch-off-compression-by-default.patch
        - 0001--srchttpc-gethttp-Fix-bug-that-prevented-all-files-from-being-decompressed.patch
          closes: Bug#887913, Bug#887910
    
    wget (1.19.3-1) unstable; urgency=medium
    
      * new upstream release from 2018-01-19
        - removed upstream included patches: wget_813158fixsegfault.patch
          and gnulib.git.patch
      * debian/upstream/signing-key.asc added Darshit Shah
    
    wget (1.19.2-2) unstable; urgency=medium
    
      * fixed segfault with upstream patch. closes: Bug#813158, #880542
        wget_813158fixsegfault.patch
      * corrected debian/watch
      * debian/control: updated Standard-Version to 4.1.3; no changes needed
    
     -- Julian Andres Klode <email address hidden>  Tue, 23 Jan 2018 16:26:53 +0100
  • wget (1.19.2-1ubuntu1) bionic; urgency=medium
    
      * Merge with Debian, remaining changes:
        - Don't Build-Depend on libgnutls28-dev.
        - Pass --with-ssl=openssl
        - Enable parallel builds.
        - debian/patches/disable-SSLv3.patch: properly detect SSLv3 being
          disabled on Ubuntu because the method still exists for ABI reasons.
        - debian/control: add pkg-config to Build-Depends.
      * Dropped changes:
        - Don't build with libpsl-dev, which is in universe. (it's in main now)
    
    wget (1.19.2-1) unstable; urgency=high
    
      * new upstream release from 2017-10-27 fixes
        CVE-2017-13089/CVE-2017-13090 closes: Bug#879957
      * debian/watch added opts=pgpmode=auto
      * added debian/upstream/signing-key.asc
      * debian/control updated Standards Version to 4.1.1 (needed change
        see above)
      * removed upstream included debian/patches/CVE-2017-6508
      * updated debian/patches/gnulib.git.patch
    
    wget (1.19.1-5) unstable; urgency=low
    
      * added patch from Bruno Haible  <email address hidden> to
        fix build on hurd-i386 (Thanks Svante!). closes: Bug#858995
      * debian/control wget-udeb Priority changed from extra to optional
    
    wget (1.19.1-4) unstable; urgency=medium
    
      * debian/control: added missing build-dep pkg-config. closes: Bug#865886
        thx for reporting:)
      * debian/control: updated Standard-Version to 4.0.0; no changes needed
    
     -- Marc Deslauriers <email address hidden>  Fri, 10 Nov 2017 08:45:48 -0500
  • wget (1.19.1-3ubuntu1.1) artful-security; urgency=medium
    
      * SECURITY UPDATE: stack overflow in HTTP protocol handling
        - debian/patches/CVE-2017-13089.patch: return error on negative chunk
          size in src/http.c.
        - CVE-2017-13089
      * SECURITY UPDATE: heap overflow in HTTP protocol handling
        - debian/patches/CVE-2017-13090.patch: stop processing on negative
          chunk size in src/retr.c.
        - CVE-2017-13090
    
     -- Marc Deslauriers <email address hidden>  Mon, 23 Oct 2017 15:17:58 -0400
  • wget (1.19.1-3ubuntu1) artful; urgency=medium
    
      * Merge with Debian, remaining changes:
        - Don't Build-Depend on libgnutls28-dev.
        - Pass --with-ssl=openssl
        - Don't build with libpsl-dev, which is in universe.
        - Enable parallel builds.
        - debian/patches/disable-SSLv3.patch: properly detect SSLv3 being
          disabled on Ubuntu because the method still exists for ABI reasons.
      * debian/control: add pkg-config to Build-Depends.
    
    wget (1.19.1-3) unstable; urgency=medium
    
      * also apply the patch in 1.19.1-2 m(
    
    wget (1.19.1-2) unstable; urgency=medium
    
      * added upstream patch to fix CVE-2017-6508 closes: Bug#857073
    
    wget (1.19.1-1) unstable; urgency=medium
    
      * new upstream release from 2017-02-11 to sid
        - removed wget-doc-CRLs.patch because CRLs are supported
          closes: Bug#849389
    
    wget (1.19-1) experimental; urgency=medium
    
      * new upstream release from 2017-02-03
        (upload to unstable after stretch freeze)
      * removed upstream applied patches wget-openssl1.1.0.patch and
          CVE-2016-7098.patch
    
    wget (1.18-4) unstable; urgency=medium
    
      * added patches to fix CVE-2016-7098:
        files rejected by access list are kept on the disk for the duration of
        HTTP connection closes: #836503
    
    wget (1.18-3) unstable; urgency=medium
    
      * make the build reproducible (Thanks Reiner!). closes: #833070
    
     -- Marc Deslauriers <email address hidden>  Wed, 03 May 2017 08:47:18 -0400