2016-06-09  Giuseppe Scrivano  <gscrivan@redhat.com>

	NEWS: update

2016-06-09  Giuseppe Scrivano  <gscrivan@redhat.com>

	ftp: understand --trust-server-names on a HTTP->FTP redirect
	If not --trust-server-names is used, FTP will also get the destination
	file name from the original url specified by the user instead of the
	redirected url.  Closes CVE-2016-4971.

	* src/ftp.c (ftp_get_listing): Add argument original_url.
	(getftp): Likewise.
	(ftp_loop_internal): Likewise.  Use original_url to generate the
	file name if --trust-server-names is not provided.
	(ftp_retrieve_glob): Likewise.
	(ftp_loop): Likewise.

2016-06-07  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix warnings for --disable-iri configure flag
	* src/iri.h: Fix #define for parse_charset
	* src/html-url.c: Surround some IRI code parts by #ifdef ENABLE_IRI
	* src/http.c: Likewise
	* src/iri.h: Likewise
	* src/recur.c: Likewise
	* src/retr.c: Likewise

	Fix warning about redefinition of MAP_FAILED
	* src/sysdep.h: Removed definition of MAP_FAILED
	* src/utils.c: Check and define MAP_FAILED after including sys/mmap.h

2016-06-03  Tim Rühsen  <tim.ruehsen@gmx.de>

	Add new Test for missing scheme behavior
	* testenv/Makefile.am: Add Test-missing-scheme-retval.py
	* testenv: New file Test-missing-scheme-retval.py

	Idea and Perl implementation by Zdenek Dohnal <zdohnal@redhat.com>

2016-05-27  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fallback to pod2man without utf-8 on error
	* doc/Makefile.am: Fallback to pod2man without utf-8 on error

2016-05-26  Ander Juaristi  <ajuaristi@gmx.es>

	Correct HSTS debug message
	 * src/main.c (save_hsts): save the in-memory HSTS database to a file
	   only if something changed.
	 * src/hsts.c (struct hsts_store): new field 'changed'.
	   (hsts_match): update field 'changed' accordingly.
	   (hsts_store_entry): update field 'changed' accordingly.
	   (hsts_store_has_changed): new function.
	 * src/hsts.h (hsts_store_has_changed): new function.

	Check the HSTS file is not world-writable
	 * hsts.c (hsts_file_access_valid): check that the file is a regular
	   file, and that it's not world-writable.
	   (hsts_store_open): if the HSTS database file does not meet the
	   above requirements, disable HSTS at all.

2016-05-24  Tim Rühsen  <tim.ruehsen@gmx.de>

	Improve description of Perl libraries needed for test suite
	* README.checkout: Improve text about Perl libraries

2016-05-23  Tim Rühsen  <tim.ruehsen@gmx.de>

	Remove special handling for Emacs in progress bar code
	* src/progress.c: Remove special 'emacs' code

	Fixes #47989

2016-04-25  Jernej Simončič  <jernej|s-wget@eternallybored.org>

	Fix xsleep() for Windows (trivial change)
	* src/mswindows.c (xsleep): Fix check for number of seconds

2016-04-17  Sergio Gelato  <sergio.gelato@astro.su.se>

	More accurate log message from do_conversion()
	* src/iri.c (do_conversion): More accurate log message

2016-04-17  Tim Rühsen  <tim.ruehsen@gmx.de>

	Include sys/select.h if HAVE_LIBCARES
	* src/hosts.c: Include sys/select.h if HAVE_LIBCARES

	Reported-by: Gisle Vanem <gvanem@yahoo.no>

2016-04-17  Gisle Vanem  <gvanem@yahoo.no>

	Fix Windows gnulib/c-ares incompatibility of select()
	* src/host.c: Undef 'select' on Windows

2016-04-15  Tim Rühsen  <tim.ruehsen@gmx.de>

	Set X flags for python tests
	* testenv/*.py: Set eXecute flags

	Regression from commit 926e42d4678689195a0bbed210c6d027db7cc390

2016-04-11  Ander Juaristi  <ajuaristi@gmx.es>

	Strictly comply with RFC 6797
	 * src/hsts.c (hsts_store_entry): strictly comply with RFC 6797.

	RFC 6797 states in section 8.1 that the UA's cached information should
	only be updated if:

	    "either or both of the max-age and includeSubDomains header field
	    value tokens are conveying information different than that already
	    maintained by the UA."

2016-04-11  Ander Juaristi  <ajuaristi@gmx.es>

	Correct HSTS database file description
	 * src/hsts.c (hsts_store_dump): s/[:port]/<port>/

2016-04-11  moparisthebest  <admin@moparisthebest.com>

	Implement tests for new pinnedpubkey option
	* testenv/Makefile.am: Add new tests
	* testenv/Test-pinnedpubkey-der-https.py: New test
	* testenv/Test-pinnedpubkey-der-no-check-https.py: New Test
	* testenv/Test-pinnedpubkey-hash-https.py: New test
	* testenv/Test-pinnedpubkey-hash-no-check-fail-https.py: New test
	* testenv/Test-pinnedpubkey-pem-fail-https.py: New test
	* testenv/Test-pinnedpubkey-pem-https.py: New test
	* testenv/certs/README: How to generate public keys with openssl tool
	* testenv/certs/server-pubkey.der: New key file (DER format)
	* testenv/certs/server-pubkey.pem: New key file (PEM format)

	Implement --pinnedpubkey option to pin public keys
	* doc/wget.texi: Add description for --pinnedpubkey
	* src/gnutls.c: New function pkp_pin_peer_pubkey(),
	  (ssl_check_certificate): Check pinned cert via pkp_pin_peer_pubkey()
	* src/init.c: Add option --pinnedpubkey
	* src/main.c: Add option --pinnedpubkey
	* src/openssl.c: New function pkp_pin_peer_pubkey(),
	  (ssl_check_certificate): Check pinned cert via pkp_pin_peer_pubkey()
	* src/options.h: Add new option variable 'pinnedpubkey'
	* src/utils.c: New functions wg_pubkey_pem_to_der(), wg_pin_peer_pubkey()
	* src/utils.h: Add prototype for wg_pin_peer_pubkey()

2016-04-11  Tim Rühsen  <tim.ruehsen@gmx.de>

	Use test file name for temp working directory name
	* testenv/test/base_test.py (__init__): Use test file name for name,
	  remove 'name' parameter
	* testenv/test/http_test.py (__init__): Remove 'name' parameter
	* testenv/*.py: Remove TEST_NAME

	Using a fixed string (TEST_NAME) to build the working directory
	for testing caused random failures (or successes) when tests
	share the same TEST_NAME value. Not easy to find without digging
	into the python test suite code.
	We now use the test file name, which is unique within the test
	environment.

2016-04-11  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix testenv/Test--rejected-log.py
	* testenv/Test--rejected-log.py: Add missing tabs in expected output

	Fail python tests when post_hook errors
	* testenv/test/base_test.py (__exit__): Return self.tests_passed
	  (__test_cleanup): Set self.tests_passed to False on exception

2016-03-29  Darshit Shah  <darnir@gmail.com>

	Print the fingerprint instead of the raw pointer in debugging message
	* src/metalink.c (retrieve_from_metalink): Fix debug message to print the
	fingerprint instead of a pointer.

	* Do not delete the ChangeLog file since it is required by the Makefile
	and breaks compilation

2016-03-29  Darshit Shah  <darnir@gmail.com>

	Revert "Print the fingerprint instead of the raw pointer in debugging message"
	This reverts commit b916595168b6eb0f8868a67a9d214d5e0022871f.

2016-03-28  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fixed URLs and references in wget.texi
	* wget.texi: Replace server.com by example.com,
	  replace ftp://wuarchive.wustl.edu by https://example.com,
	  use HTTPS instead of HTTP where possible,
	  fix list archive reference,
	  remove reference to wget-notify@addictivecode.org,
	  change bugtracker URL to bugtracker on Savannah,
	  replace yoyodyne.com by example.com,
	  fix URL to VMS port

2016-03-25  Giuseppe Scrivano  <gscrivan@redhat.com>

	* metalink.c (retrieve_from_metalink): Fix typo

	Print the fingerprint instead of the raw pointer in debugging message
	* src/metalink.c (retrieve_from_metalink): Fix debug message to print the
	fingerprint instead of a pointer.

2016-03-23  Tim Rühsen  <tim.ruehsen@gmx.de>

	Add options --bind-dns-address and --dns-servers
	* README.checkout: Add description for libares
	* configure.ac: Add check for libares
	* doc/wget.texi: Add docs for the new options
	* src/build_info.c.in: Add +/-cares for --version output
	* src/host.c:
	  (merge_address_lists): New static function
	  (address_list_from_hostent): New static function
	  (wait_ares): New static function
	  (callback): New static function
	  (lookup_host): Add libares resolver code
	* src/init.c: Add new options,
	  (cleanup): Add cleanup code
	* src/main.c: Add global libares channel variable
	  (cmdline_option option_data): Add new options
	  (print_help): Add short descriptions
	  (main): Add libares init code
	* src/options.h (struct options): Add option members

	The new options allow to specify alternative DNS servers and
	an alternate packet route for the resolver packets.
	Wget has to built with libares, enabled at configure time by
	./configure --with-cares.

2016-03-16  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix SNI server names with trailing dot(s)
	* src/gnutls.c (ssl_connect_wget, ssl_check_certificate): Fix SNI server name
	* src/openssl.c (ssl_connect_wget, ssl_check_certificate): Fix SNI server name

	Fixes #47408

2016-03-10  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix links to original Robots Exclusion Standard
	* doc/wget.texi: Fix links

2016-03-05  Darshit Shah  <darnir@gmail.com>

	Fix assertion in Progress bar
	    * src/progress.c (create_image): Fix off-by-one error in assert()
	    statement for progress bar width.
	    Reported-By: Gisle Vanem <gvanem@yahoo.no>

2016-03-03  Giuseppe Scrivano  <gscrivan@redhat.com>

	src/url.c: fix make syntax-check

2016-03-03  Maks Orlovich  <morlovich@google.com>

	Parse <img srcset> attributes, they have image URLs.
	* src/convert.h: Add link_noquote_html_p to permit rewriting URLs deep
	                 inside attributes without adding extraneous quoting
	* src/convert.c (convert_links): Honor link_noquote_html_p
	* src/html_url.c (tag_handle_img): New function. Add srcset parsing.

2016-03-01  Darshit Shah  <darnir@gmail.com>

	Sanitize value sent to memset to prevent SEGFAULT

2016-03-01  Darshit Shah  <darnir@reniac.com>

	Update documentation about bahviour of -c
	    * docs/wget.texi: -c will restart download from scratch if server
	    does not support RANGE.

	    Reported-By: David Chavez
	    http://stackoverflow.com/questions/30147332/unexpected-behavior-of-wget

2016-02-27  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix writing WARC-Target-URI value
	src/warc.c: Add function warc_write_header_uri(),
	            Use it for creating WARC-Target-URI

	Fixes #47281

2016-02-13  Darshit Shah  <darnir@gmail.com>

	Remove pointer to unused Mailing List
	    * MAILING-LISTS: Remove pointer to old, unused mailing list for bug
	    reports

2016-02-11  Tim Rühsen  <tim.ruehsen@gmx.de>

	Retain value of errno in logprintf(), logputs() even better
	* src/log.c (logprintf,logputs): Save&Restore value of errno

	Reported-by: Gisle Vanem <gvanem@yahoo.no>

2016-02-10  Tim Rühsen  <tim.ruehsen@gmx.de>

	Retain value of errno in logprintf()
	* src/log.c (logprintf): Save&Restore value of errno

	Reported-by: Gisle Vanem <gvanem@yahoo.no>

2016-02-01  Tim Rühsen  <tim.ruehsen@gmx.de>

	Set AM_SILENT_RULES to yes by default
	* configure.ac: Set AM_SILENT_RULES to yes by default

2016-02-01  Ander Juaristi  <ajuaristi@gmx.es>

	Enforce 'RejectHeader' rule in tests
	 * server/http/http_server.py (_Handler.RejectHeader): enforce
	   'RejectHeader' rule.

2015-12-20  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix Test-iri-forced-remote
	* tests/Test-iri-forced-remote.px: Fix encodings

2015-12-18  Eli Zaretskii  <eliz@gnu.org>

	Support non-ASCII URLs
	* src/url.c [HAVE_ICONV]: Include iconv.h and langinfo.h.
	(convert_fname): New function.
	[HAVE_ICONV]: Convert file name from remote encoding to local
	encoding.
	(url_file_name): Call convert_fname.
	(filechr_table): Don't consider bytes in 128..159 as control
	characters.

	* tests/Test-ftp-iri.px: Fix the expected file name to match the
	new file-name recoding.  State the remote encoding explicitly on
	the Wget command line.

	* NEWS: Mention the URI recoding when built with libiconv.

2015-12-18  Giuseppe Scrivano  <gscrivan@redhat.com>

	* NEWS: Prepare new development cycle

2015-12-17  Tim Rühsen  <tim.ruehsen@gmx.de>

	Cleanup code
	* src/iri.c (do_conversion): Code cleanup

2015-12-17  Eli Zaretskii  <eliz@gnu.org>

	Set URI encoding when redirected
	* src/retr.c (retrieve_url): Set URI on redirection

2015-12-17  Tim Rühsen  <tim.ruehsen@gmx.de>

	Remove requesting X/Open 5, POSIX 1995
	* src/sysdep.h: Remove #define _XOPEN_SOURCE 500

2015-12-16  Eli Zaretskii  <eliz@gnu.org>

	Avoid hanging on MS-Windows when invoked with --connect-timeout
	* src/connect.c (connect_to_ip) [WIN32]: Don't call fd_close if
	the connection timed out, to avoid hanging.

2015-12-15  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix iconv conversion
	* src/iri.c: Kick out the last converted character from iconv()

	Thanks to Eli Zaretskii <eliz@gnu.org> for suggesting the fix.
	Reported-by: "Andries E. Brouwer" <Andries.Brouwer@cwi.nl>

2015-12-14  Tim Rühsen  <tim.ruehsen@gmx.de>

	Let Test-k survive on CygWin and Windows
	* tests/Test-k.px: Use --restrict-file-names for CygWin/Windows
	  filename requirements.

2015-12-13  Ander Juaristi  <ajuaristi@gmx.es>

	Fix leak in HSTS code
	* src/hsts.c (hsts_store_open): close fp if open.

	Remove unused variable in ftp code
	* src/ftp.c (getftp): fix compiler warning for unused variable.

2015-12-11  Giuseppe Scrivano  <gscrivan@redhat.com>

	Tag release 1.17.1
	* NEWS: Update.
	* gnulib: sync from upstream.

2015-12-11  Tim Rühsen  <tim.ruehsen@gmx.de>

	Remove ABOUT-NLS from git
	* ABOUT-NLS: Remove from repository, it will be autogenerated.
	* .gitignore: Add ABOUT-NLS and build-aux/ar-lib

2015-12-11  Jernej Simončič  <jernej|s-wget@eternallybored.org>

	* src/metalink.c: Specify 'rb' as mode to open file

2015-12-10  Ángel González  <keisial@gmail.com>

	* doc/wget.texi: add hint for self-signed certificates

2015-12-10  Ander Juaristi  <ajuaristi@gmx.es>

	Fix Coverity issues
	 * src/ftp.c (getftp): on error, close the file and attempt to remove it
	   before exiting.
	 * src/hsts.c (hsts_store_open): update modification time in the end.

2015-12-10  Darshit Shah  <darnir@gmail.com>

	Faster Travis Builds
	* contrib/travis-ci: Test under different languages only when all the
	features are enabled. This covers the maximum number of strings. For the
	other option permutations, test only in the default C locale

	Fix remaining bugs in progress bar implementation
	* src/progress.c (create_image): Ensure that the entire screen width is
	drawn everytime to prevent any artefacts from leaking through.

2015-12-09  Darshit Shah  <darnir@gmail.com>

	Add bug-wget to list of travis recipients
	* .travis.yml: Add bug-wget to list of Travis Report Recipients

	Eliminate more compiler warnings
	* src/options.h (CHECK_CERT_MODES): Remove C99 style comma after last
	value
	* src/progress.c (create_image): Do not mix statements and declarations
	* src/init.c (cmd_boolean_internal): Mark unused parameters

	Re-enable test on multibyte locale in Travis
	* .travis.yml: Use Russian locale instead of Japanese since it seems to
	be more complete
	* contrib/travis-ci: Re-enable testing on a Russian locale

	Fix progress bar assertion with multibyte locales
	* src/progress.c (bar_create): Define size of progress buffer explicitly
	  (create_image): Clean up progress bar image creation. Use memset
	  instead of for loops to create arrays of the same byte.

2015-12-06  Darshit Shah  <darnir@gmail.com>

	Introduce Travis Integration
	* .travis.yml: Configuration file for Travis-CI
	* contrib/travis-ci: Script to run on travis. Similar to check-hard but modified
	  for travis.
	* tests/valgrind-suppressions{-ssl}: Add extra suppressions to prevent a
	Valgrind False Positive errors in an old version

	Since Travis currently supports only public repositories on GitHub, the support
	for automated testing through Travis will be done using my Clone of Wget on
	GitHub at: https://github.com/darnir/wget.git
	Any commits pushed to this repository will trigger a build on Travis.

2015-12-04  Tim Rühsen  <tim.ruehsen@gmx.de>

	SKIP SSL/TLS tests if configured without it
	* testenv/Makefile.am: Set SSL_TESTS env variable
	* testenv/Test--https-crl.py, testenv/Test--https.py,
	  testenv/Test-hsts.py: Return 77 (SKIP) if SSL/TLS is not configured

2015-12-03  Tim Rühsen  <tim.ruehsen@gmx.de>

	Add Test-hsts.py to SSL_TESTS
	* testenv/Makefile.am: Add Test-hsts.py to SSL_TESTS

2015-12-03  Ygal Blum  <ygal.blum@technicolor.com>

	Fix compilation when without-ssl is selected

2015-12-03  Darshit Shah  <darnir@gmail.com>

	Include Metalink and GPG information in version
	* src/build_info.c.in: Include the presence of Metalink and GPGME features in
	the output for wget --version

2015-12-03  Giuseppe Scrivano  <gscrivan@redhat.com>

	Add --check-certificate=quiet
	* doc/wget.texi: Add documentation for  --check-certificate=quiet.
	* src/options.h (enum CHECK_CERT_MODES): New enum.
	* src/init.c (cmd_check_cert): New static function.
	(cmd_boolean_internal): Likewise.
	* src/gnutls.c (ssl_check_certificate): Handle CHECK_CERT_QUIET.
	* src/openssl.c (ssl_check_certificate): Handle CHECK_CERT_QUIET.

2015-11-24  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix regression in HTTP authentication
	* src/http.c (initialize_request): Fix wrong params to search_netrc()

	Regression introduced in commit 29850e77
	Reported-by: Axel Reinhold <axel@freakout.de>

2015-11-23  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix SIGSEGV in -N / --content-disposition combination
	* src/http.c (http_loop): Fix SIGSEGV

	Reported-by: "Schleusener, Jens" <Jens.Schleusener@t-online.de>

2015-11-20  Ander Juaristi  <ajuaristi@gmx.es>

	Fix potential NULL pointer dereference
	 * src/gnutls.c (ssl_connect_wget): check for NULL before calls

2015-11-20  Giuseppe Scrivano  <gscrivan@redhat.com>

	* configure.ac: change gettext version to 0.18.1

2015-11-19  Ikey Doherty  <michael.i.doherty@intel.com>

	configure.ac: Use correct gettext version

2015-11-19  Tim Rühsen  <tim.ruehsen@openmediasystem.de>

	Fix HSTS memory issue + test code issue
	* src/hsts.c (hsts_find_entry): Fix freeing memory
	  (hsts_remove_entry): Remove freeing host member
	  (hsts_match): Free host member here
	  (hsts_store_entry): Free host member here
	  (test_url_rewrite): Fix 'created' value
	  (test_hsts_read_database): Fix 'created' value

	Reported-by: Dagobert Michelsen <dam@opencsw.org>

2015-11-17  Tim Rühsen  <tim.ruehsen@gmx.de>

	Include errno.h instead of sys/errno.h (Solaris issue)
	* src/metalink.c: Include errno.h instead of sys/errno.h

	Reported-by: Dagobert Michelsen <dam@opencsw.org>

2015-11-17  Darshit Shah  <darnir@gmail.com>

	Fix compile error when IPv6 is disabled
	* src/ftp-basic.c: The code for the new FTPS functionality was unintentionally
	inside a #ifdef IPV6 block. Move the code around so that it is defined even when
	IPV6 isn't used

	Use gnulib module flock to provide function
	* bootstrap.conf: Use module flock from gnulib to provide it on other platforms
	such as Windows.

2015-11-16  Darshit Shah  <darnir@gmail.com>

	Eliminate NDEBUG redefined warnings
	* src/wget.h: Define NDEBUG only if it hasn't been defined before

2015-11-15  Giuseppe Scrivano  <gscrivan@redhat.com>

	NEWS: prepare new release cycle

	Prepare release 1.17
	* gnulib: sync with upstream.
	* NEWS: Update.
	* src/main.c: Change the copyright year.

2015-11-03  Tim Rühsen  <tim.ruehsen@gmx.de>

	Document combination of -nc and -O
	Fixes #46359

2015-11-03  Tim Rühsen  <tim.ruehsen@gmx.de>

	Do not download/save file on error when --spider enabled
	* src/http.c (gethttp,http_loop):
	  Do not download/save file on error when --spider is enabled and not
	  working recursive.

	Reported-by: Сковорода Никита Андреевич chalkerx@gmail.com
	Fixes #45821

2015-10-27  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix URL conversion for colons in filenames
	* src/convert.c (construct_relative): Prepend './' to filename
	* tests/Test-k.px: Amend test to succeed

2015-10-15  Tim Rühsen  <tim.ruehsen@gmx.de>

	Adjust indentation of --no-use-server-timestamps in help output
	* src/main.c: Adjust indentation of --no-use-server-timestamps

2015-10-13  Ander Juaristi  <ajuaristi@gmx.es>

	Added --convert-file-only option
	 * src/convert.c (convert_links_in_hashtable, convert_links):
	   test for CO_CONVERT_BASENAME_ONLY.
	   (convert_basename): new function.
	 * src/convert.h: new constant CO_CONVERT_BASENAME_ONLY.
	 * src/init.c, src/main.c, src/options.h: new option "--convert-file-only".
	 * doc/wget.texi: updated documentation.

	 Reviewed-by: Gabriel Somlo <somlo@cmu.edu>

2015-10-12  Darshit Shah  <darnir@gmail.com>

	Fix Test-ftp-pasv-not-supported.px
	    * tests/Test-ftp-pasv-not-supported.px: We do *NOT* expect any
	    downloaded files. Also, do not negate the Test response.

	    The test originally expected a downloaded file, but this is not
	    true. As a result, the test would fail and return exit code 1. This
	    was presumably the reason why the test result was negated before
	    returning to the shell. Fix this issue, so that the test runs
	    correctly without any hacks.

2015-10-12  Darshit Shah  <darnir@gmail.com>

	Fix make distcheck failures in Perl SSL Tests
	    * tests/Makefile.am: Add valgrind-suppressions-ssl to EXTRA_DIST
	    * tests/Test-proxied-https-auth-keepalive.px: Find valgrind in
	    correct path during make distcheck
	    * tests/Test-proxied-https-auth.px: Same

2015-10-12  christian fafard  <cfaf@hotmail.com>

	Skip HTTPS perl tests if IO::Socket::SSL not installed
	* tests/Test-proxied-https-auth-keepalive.px: Skip test if perl module
	  IO::Socket::SSL is not installed (trivial change).
	* tests/Test-proxied-https-auth.px: Skip test if perl module
	  IO::Socket::SSL is not installed (trivial change).

2015-10-09  Ander Juaristi  <ajuaristi@gmx.es>

	Fix potential race condition
	 * src/hsts.c (hsts_read_database): get an open file handle
	   instead of a file name.
	   (hsts_store_dump): get an open file handle
	   instead of a file name.
	   (hsts_store_open): open the file and pass the open file handle.
	   (hsts_store_save): lock the file before the read-merge-dump
	   process.

	 Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

2015-10-09  Ander Juaristi  <ajuaristi@gmx.es>

	Fix HSTS merge bug
	 * src/hsts.c (hsts_store_merge): call hsts_new_entry() if the entry
	   does not exist in the database.

	When merging the existing HSTS database on disk with the one on memory,
	the entries that were on disk but not on memory were ignored. Thus,
	only the existing entries were merged. This behavior was only triggered
	when more than one Wget processes were using the same HSTS database
	simultaneously. This commit fixes the bug by adding the new entries
	to the on-memory database if they were not found there.

2015-09-28  Giuseppe Scrivano  <gscrivan@redhat.com>

	testenv/Test--rejected-log.py: Remove trailing white spaces

2015-09-28  Tim Rühsen  <tim.ruehsen@gmx.de>

	Handle TLS rehandshakes in GnuTLS code
	* src/gnutls.c: New static function _do_handshake()
	* src/gnutls.c (wgnutls_read_timeout): Handle rehandshake
	* src/gnutls.c (wgnutls_write): Handle rehandshake
	* src/gnutls.c (ssl_connect_wget): Move handshake code into _do_handshake()

	Fixes #46061

2015-09-22  Darshit Shah  <darnir@gmail.com>

	Add tests for missing qop in digest auth
	    * testenv/test-auth-both.py: Add qop parameter for digest auth
	    * testenv/test-auth-digest.py: Same
	    * testenv/conf/authentication.py: Support additional parameters for
	    authentication
	    * testenv/servers/http/http_server.py: Same

	Do not test for impossible qop value
	    * http.c (digest_authentication_encode): Wget already errors out if
	    qop != "auth". Then it makes no sense to test for qop == "auth-int"
	    later on. Currently, Wget does not support the "auth-int" qop value
	    and till nobidy requests, it may remain so.

2015-09-22  Darshit Shah  <darnir@gmail.com>

	Fix #46024. Support RFC 2069 Digest Authentication
	    * http.c (digest_authentication_encode): Some servers are still
	    using the obsolete RFC 2069 Digest Authentication. Allow Digest
	    authentication without the qop parameter for this.

	    Reported-by: Andreas Longwitz  <longwitz@incore.de>

2015-09-21  Darshit Shah  <darnir@gmail.com>

	Revert "Disable progress bar when wget is backgrounded (trivial patch)"
	This reverts commit e6247325633d7d0007906f88d573a3bfa37307a7.

2015-09-20  Giuseppe Scrivano  <gscrivan@redhat.com>

	NEWS: cite FTPS support

2015-09-14  Ander Juaristi  <ajuaristi@gmx.es>

	Added support for FTPS
	 * doc/wget.texi: updated documentation to reflect the new FTPS functionality.
	 * src/ftp-basic.c (ftp_greeting): new function to read the server's greeting.
	   (ftp_login): greeting code was previously here. Moved to ftp_greeting to
	   support FTPS implicit mode.
	   (ftp_auth): wrapper around the AUTH TLS command.
	   (ftp_ccc): wrapper around the CCC command.
	   (ftp_pbsz): wrapper around the PBSZ command.
	   (ftp_prot): wraooer around the PROT command.
	 * src/ftp.c (get_ftp_greeting): new static function.
	   (init_control_ssl_connection): new static function to start SSL/TLS on the
	   control channel.
	   (getftp): added hooks to support FTPS commands (RFCs 2228 and 4217).
	   (ftp_loop_internal): test for new FTPS error codes.
	 * src/ftp.h: new enum 'prot_level' with available FTPS protection levels +
	   prototypes of previous functions. New flag for enum 'wget_ftp_fstatus' to track
	   whether the data channel has some security mechanism enabled or not.
	 * src/gnutls.c (struct wgnutls_transport_context): new field 'session_data'.
	   (wgnutls_close): free GnuTLS session data before exiting.
	   (ssl_connect_wget): save/resume SSL/TLS session.
	 * src/http.c (establish_connection): refactor ssl_connect_wget call.
	   (metalink_from_http): take into account SCHEME_FTPS as well.
	 * src/init.c, src/main.c, src/options.h: new command line/wgetrc options.
	   (main): in recursive downloads, check for SCHEME_FTPS as well.
	 * src/openssl.c (struct openssl_transport_context): new field 'sess'.
	   (ssl_connect_wget): save/resume SSL/TLS session.
	 * src/retr.c (retrieve_url): check new scheme SCHEME_FTPS.
	 * src/ssl.h (ssl_connect_wget): refactor. New parameter of type 'int *'.
	 * src/url.c. src/url.h: new scheme SCHEME_FTPS.
	 * src/wget.h: new FTPS error codes.
	 * src/metalink.h: support FTPS scheme.

2015-09-10  Christian Neukirchen  <chneukirchen@gmail.com>

	Disable progress bar when wget is backgrounded (trivial patch)
	* src/progress.c (create_image): progress only when in foreground

	Sometimes I start wget, but the remote site is too slow, so I rather
	want to run it in background, however when I simply use job control
	for that, wget will keep spewing the progress bar all over my
	terminal.  I have found the SIGHUP/SIGUSR1 feature to redirect output
	to a log file, but I think the following small patch is even more
	useful, since the progress bar will simply resume when wget is
	foregrounded again (also, the final message is still printed to the
	terminal in any case):

2015-09-04  Hubert Tarasiuk  <hubert.tarasiuk@gmail.com>

	Add information about libmetalink and GnuPG
	* README.checkout: Optional dependencies and URL references.

2015-09-02  Hubert Tarasiuk  <hubert.tarasiuk@gmail.com>

	Do not free Metalink structure if not initialized
	* src/main.c (main): Move metalink_delete to the conditional block.

2015-09-01  Ander Juaristi  <ajuaristi@gmx.es>

	Updated HSTS documentation
	 * doc/wget.texi: updated HSTS documentation.

	   Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

2015-09-01  Ander Juaristi  <ajuaristi@gmx.es>

	Extra debug traces for HSTS.
	 * src/main.c (load_hsts, save_hsts): added DEBUGP() calls to signal
	   reads and saves of the HSTS database file.

2015-08-31  Darshit Shah  <darnir@gmail.com>

	Fix coding style violation in last commit
	    * http.c (test_parse_range_header): Declare loop variable
	    explicitly. Not in gnu99 standard.

2015-08-30  Darshit Shah  <darnir@gmail.com>

	Add unit test for parse_content_range() method
	    * http.c (test_parse_range_header): New function to test the
	    function for parsing the HTTP/1.1 Content-Range header.
	    * test.[ch]: Same
	    * http.c (parse_content_range): Fix parsing code. Fail on scenarios
	    mentioned in rfc 7233.

2015-08-30  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix null pointer dereference
	* src/metalink.c (gpg_skip_verification):
	  Check output_stream before fclose

	Fix leaks found by Coverity
	* src/http.c (parse_strict_transport_security): Free c_max_age
	             (open_output_stream): Fix indentation
	* src/iri.c (locale_to_utf8): Free new

2015-08-29  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix two leaks foudn by Coverity
	* src/http.c (gethttp): Do not leak 'message'.
	* src/main.c (format_and_print_line): Do not leak 'line_dup'.

	Fix resource leak discovered by Coverity
	* src/retr.c (retrieve_url): Don't leak local_file.

2015-08-29  Darshit Shah  <darnir@gmail.com>

	Fix memory leaks in unit-test
	    * hsts.c (get_hsts_store_filename): Free the homedir value
	    (close_hsts_test_store): Actually free the store struct too
	    (test_hsts_new_entry): Pass store to close_hsts_test_store()
	    (test_hsts_url_rewrite_superdomain): Same
	    (test_hsts_url_rewrite_congruent): Same
	    (test_hsts_read_database): Same and homedir and store filename
	    * http.c (test_parse_content_disposition): Free the returned
	    filename
	    * url.c (test_append_uri_pathel): Free allocated string

	Fix mixed-indentation in http.c
	    * http.c: Fix mix indentation. Visual change only.

2015-08-27  Tim Rühsen  <tim.ruehsen@gmx.de>

	Suppress debug output when strings may contain password
	* iri.c (do_conversion): Do not print out converted strings if they
	  contain an '@'. That could be an URL with embedded password.

	Fixes #45825

2015-08-26  Ander Juaristi  <ajuaristi@gmx.es>

	Fix resource leak.
	 * src/http.c (parse_strict_transport_security): Freed memory to avoid resource leak.
	   Comply with GNU coding style.

2015-08-22  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix typo in NEWS
	* NEWS: Change typo --accept-reject into --accept-regex

	Reported-by: grarpamp <grarpamp@gmail.com>

2015-08-21  Jookia  <166291@gmail.com>

	Clarify that links are being converted.
	* src/convert.c: Add 'links in' after 'Converted %d' and 'Converting %s'.

	Removed useless TODOs.
	 * testenv/Test--reject-log.py: Remove TODOs.

2015-08-15  Miquel Llobet  <mllobet.cm@gmail.com>

	Fixed #44516 -o- not logging to stdout
	src/log.c (log_init): check for hypen on filename, set stdout

2015-08-15  Daniele Calore  <daniele.calore@tin.it>

	Fix #40426: Allow -r -O- only if FILE is regular
	    * main.c: added check of "-r -O FILE" option combination
	    allow only if FILE is a regular file (bug #40426)

2015-08-15  Darshit Shah  <darnir@gmail.com>

	Fix var name conflicts with math.h and wingdi.h
	    * src/recur.c (reject_reason): Rename all enum members to WG_RR_xx.
	    * src/recur.c (retrieve_tree, download_child,
	    write_reject_log_reason): Same

2015-08-14  Tim Rühsen  <tim.ruehsen@gmx.de>

	Let bootstrap/autoreconf work without GPGME installed
	* configure.ac: Check for existance of AM_PATH_GPGME

2015-08-11  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix IP address exposure in FTP code
	* src/ftp.c (getftp): Do not use PORT when PASV fails.
	* tests/FTPServer.px: Add pasv_not_supported server flag.
	* tests/Makefile.am: Add Test-ftp-pasv-not-supported.px
	* tests/Test-ftp-pasv-not-supported.px: New test

	Fix IP address exposure when automatically falling back from
	passive mode to active mode (using the PORT command). A behavior that
	may be used to expose a client's privacy even when using a proxy.

2015-08-07  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix C89 compliancy in HSTS test code
	* src/hsts.c (test_hsts_new_entry):
	  Move variable assignment before code

	Fix C89 compliancy in latest code
	* src/recur.c: Declare variables before code
	  (write_reject_log_url):
	    Use const keyword where appropriate
	    Use the 'default' switch statement
	    Use xfree() instead of free()
	    Renamed variable f -> fp
	  (write_reject_log_reason):
	    Use const keyword where appropriate
	    Use the 'default' switch statement
	    Renamed variable f -> fp
	    Renamed variable r -> reason

2015-08-07  Tim Rühsen  <tim.ruehsen@gmx.de>

	Remove redundant definition of _GNU_SOURCE
	* src/warc.c: Remove definition of _GNU_SOURCE

	_GNU_SOURCE is already defined in config.h

2015-08-07  Giuseppe Scrivano  <gscrivan@redhat.com>

	NEWS: update

2015-08-07  Jookia  <166291@gmail.com>

	Rewrite the --rejected-log test using the new framework.
	 * tests/Test--rejected-log.px: Remove old test.
	 * testenv/Test--rejected-log.py: Create new test.

	Replace variables before comparing expected files.
	* expected_files.py: Use formatted_content instead of file.content.

2015-08-06  Jookia  <166291@gmail.com>

	Add option to write URL rejections to a tab-delimited CSV log.
	 * main.c: Add "--rejected-log" option.
	 * init.c: Add "rejectedlog" command.
	 * options.h: Add "rejected_log" parameter string.
	 * wget.texi: Add brief documentation on new --rejected-log option.
	 * recur.c: Optionally log details of URLs not traversed.
	   Add reject_reason enum.
	   (download_child_p -> download_child): Return a reject_reason.
	   (descend_redirect_p -> descend_redirect): Return a reject_reason.
	   (retrieve_tree): Support logging reasons for rejection.
	   Add write_reject_log_header that writes a CSV format header to a file.
	   Add write_reject_log_url that writes a url struct to a file in CSV format.
	   Add write_reject_log_reason that writes the URL and parent URL as well as the
	   rejection reason to a CSV file.
	 * Test--rejected-log.px: Add a basic test for the --rejected-log command.
	 * tests/Makefile.am: Run Test--rejected-log.px.

	This allows you to figure out why URLs are being rejected and some context
	around it. CSV is used as the output format since it can be used easily parsed,
	it's delimited by tabs instead of commas to allow using all (quoted) URL
	characters and includes column names which may be used for compatibility.

2015-08-04  Tim Rühsen  <tim.ruehsen@gmx.de>

	Fix memory leak in HSTS code
	* src/main.c (get_hsts_database): Free 'home' variable

	void uninitialized variable in metalink code
	* src/metalink.c: Init retr_err with METALINK_MISSING_RESOURCE
	* src/wget.h: Add enum METALINK_MISSING_RESOURCE

2015-07-24  Darshit Shah  <darnir@gmail.com>

	Fix function name collision with OpenSSL library
	    * src/utils.[ch], src/http.c, src/metalink.c: Rename function
	    hex_to_string() to wg_hex_to_string sine it collides with a
	    similarly named function in OpenSSL Library.

	Fix configure options for metalink
	    * configure.ac: Ensure metalink support can be properly disabled

2015-07-22  Alex Henrie  <alexhenrie24@gmail.com>

	Make the filename marquee a proper marquee
	* src/progress.c: Start the marquee in the middle of the available space
	  and do not restart it until all of the text has scrolled out of view.

2015-07-20  Giuseppe Scrivano  <gscrivan@redhat.com>

	NEWS: cite HSTS

	Fix metalink tests
	testenv/Test-metalink-http.py: initialize HTTP test server
	testenv/Test-metalink-xml.py: initialize HTTP test server

2015-07-20  Ander Juaristi  <ajuaristi@gmx.es>

	Enhancements in testsuite engine + new HSTS test.
	 * testenv/Makefile.am: added new test 'Test-hsts.py'.
	 * testenv/Test-hsts.py: new test for HSTS.
	 * testenv/conf/domains.py: new hook to override domain list.
	 * testenv/test/base_test.py: (__init__): new optional parameter
	   for tests 'req_protocols'.
	   (get_domain_addr): set the instance variables 'addr' and 'port'.
	   Return address as an array (domain, port) instead of string.
	   (gen_cmd_line): take into account domain and port.
	 * testenv/test/http_test.py (__init__): new optional parameter
	   'req_protocols'.
	   (setup): new function. Call to server_setup() decoupled from
	   begin() and moved here.
	   (begin): call to superclass to maintain backward compatibility.
	   Removed call to server_setup().

	This patch adds a new parameter to the test suite called 'req_protocols',
