GNU Wget NEWS -- history of user-visible changes.
-Copyright (C) 1997, 1998, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+Copyright (C) 1997-2006 Free Software Foundation, Inc.
See the end for copying conditions.
Please send GNU Wget bug reports to <bug-wget@gnu.org>.
\f
-* Changes in Wget 1.9+.
+* Changes in Wget 1.11.
+
+** TODO file removed: we use a bugtracker now; see
+http://wget.addictivecode.org/BugTracker. Also,
+http://wget.addictivecode.org/FeatureSpecifications.
+
+** Timestamping now uses the value from the most recent HTTP response,
+rather than the first one it got.
+
+** configure.in now requires autoconf >= 2.61, rather than 2.59.
+
+** Authentication information is no longer sent as part of the Referer
+header in recursive fetches.
+
+** No authentication credentials are sent until a challenge is issued,
+for improved security. Authentication handling is still not
+RFC-compliant, as once a Basic challenge has been received, it will
+assume it can send credentials to any URL at that same host, and not
+just the ones at or below the original authenticated location.
+Credentials for Digest authentication are still never saved or issued
+automatically, and continue to require a challenge for each resource.
+
+** Added --max-redirect option, allowing the user to specify what should
+be the maximum number of HTTP redirects to follow.
+
+** Wget now saves HTTP downloads using file names specified by the
+`Content-Disposition' header. This is a standard way of specifying the
+file name used by many web dynamically generated pages. For the time
+being, Content-Disposition is not used by default, to avoid the extra
+round-trips incurred (must specify "-e contentdisposition=yes"); this
+may change in a future version.
+
+** The GnuTLS library is now also supported for https downloads.
+This is still work-in-progress. OpenSSL is still used by default; use
+--with-ssl=gnutls to build with GnuTLS. OpenSSL is still required for
+NTLM authorization to work, but this should eventually change.
+
+** The new option `--ignore-case' makes Wget ignore case when
+matching files, directories, and wildcards. This affects the -X, -I,
+-A, and -R options, as well as globbing in FTP URLs.
+
+** ETA projection is now displayed in "dot" progress output as well as
+in the default progress bar. (The dot progress is used by default when
+logging Wget's output to file using the `-o' option.)
+
+** The "lockable boolean" argument type is no longer supported. It
+was only used by the passive_ftp .wgetrc setting. If you're running
+broken scripts or Perl modules that unconditionally specify
+`--passive-ftp' and your firewall disallows it, you can override them
+by replacing wget with a script that execs wget "$@" --no-passive-ftp.
+
+** The source code has migrated from CVS to Subversion. The
+repository is available at http://svn.dotsrc.org/repo/wget/; to
+checkout the trunk to a directory named `wget', use something like
+`svn checkout http://svn.dotsrc.org/repo/wget/trunk/ wget'.
+\f
+* Changes in Wget 1.10.
-** IPv6 is now supported by Wget. Unlike the experimental code in
-1.9, this version has no problems with dual-family systems. The new
-flags `--inet4' and `--inet6' (or `-4' and `-6' for short) force the
-use of IPv4 and IPv6 respectively.
+** Downloading files larger than 2GB, sometimes referred to as "large
+files", now works on systems that support them. This includes the
+majority of modern Unixes, as well as MS Windows.
-** Talking to SSL servers over proxies now actually works.
+** IPv6 is now supported by Wget. Unlike the experimental code in
+1.9, this version supports dual-family systems. The new flags
+`--inet4' and `--inet6' (or `-4' and `-6' for short) force the use of
+IPv4 and IPv6 respectively. Note that IPv6 support has not yet been
+tested on Windows.
+
+** Microsoft's proprietary "NTLM" method of HTTP authentication is now
+supported. This authentication method is undocumented and only used
+by IIS. Note that *proxy* authentication is not supported in this
+release; you can only authenticate to the target web site.
+
+** Wget no longer truncates partially downloaded files when download
+has to start over because the server doesn't support Range. Instead,
+with such servers Wget now simply ignores the data up to the byte
+where the last attempt left off, and only then continues appending to
+the file. That way the downloaded file never shrinks, and download
+retries from servers without support for partial downloads work even
+when downloading to stdout.
+
+** SSL/TLS changes:
+
+*** SSL/TLS downloads now attempt to verify the server's certificate
+against the recognized certificate authorities. This requires CA
+certificates to have been installed in a location visible to the
+OpenSSL library. If this is not the case, you can get the bundle
+yourself from a source you trust (for example, the bundle extracted
+from Mozilla available at http://curl.haxx.se/docs/caextract.html),
+and point Wget to the PEM file using the `--ca-certificate'
+command-line option or the corresponding `.wgetrc' command.
+
+*** Secure downloads now verify that the host name in the URL matches
+the "common name" in the certificate presented by the server.
+
+*** Although the above checks provide more secure downloads, they
+unavoidably break interoperability with some sites that worked with
+previous versions, particularly those using self-signed, expired, or
+otherwise invalid certificates. If you encounter "certificate
+verification" errors or complaints that "common name doesn't match
+requested host name" and are convinced of the site's authenticity, you
+can use `--no-check-certificate' to bypass both checks.
+
+*** Talking to SSL/TLS servers over proxies now actually works.
+Previous versions of Wget erroneously sent GET requests for https
+URLs. Wget 1.10 utilizes the CONNECT method designed for this
+purpose.
+
+*** The SSL/TLS-related options have been redesigned and, for the
+first time, documented in the manual. The old, undocumented, options
+are no longer supported.
+
+** Passive FTP is now the default FTP transfer mode. Use
+`--no-passive-ftp' or specify `passive_ftp = off' in your init file to
+revert to the old behavior.
** The `--header' option can now be used to override generated
headers. For example, `wget --header="Host: foo.bar"
** The new option `--protocol-directories' instructs Wget to also use
the protocol name as a directory component of local file names.
-** Many options that previously unconditionally set or unset various
-flags are now boolean options that can be invoked as either `--OPTION'
-or `--no-OPTION'. Options that required an argument "on" or "off"
-have also been changed this way, but they still accept the old syntax
-for backward compatibility. For example, instead of `--glob=off' you
-can write `--no-glob'.
+** Options that previously unconditionally set or unset various flags
+are now boolean options that can be invoked as either `--OPTION' or
+`--no-OPTION'. Options that required an argument "on" or "off" have
+also been changed this way, but they still accept the old syntax for
+backward compatibility. For example, instead of `--glob=off' you can
+write `--no-glob'.
-Allowing `--no-OPTION' for every `--OPTION' is useful because it
-allows the user to override non-default behavior specified via
-`.wgetrc'.
+Allowing `--no-OPTION' for every `--OPTION' and the other way around
+is useful because it allows the user to override non-default behavior
+specified via `.wgetrc'.
** The new option `--keep-session-cookies' causes `--save-cookies' to
-save session cookies along with the permanent ones. This is useful on
-sites that require you to log in before you can access some pages.
-With this option, multiple Wget runs will be treated as a single
+save session cookies (normally only kept in memory) along with the
+permanent ones. This is useful because many sites track important
+information, such as whether the user has authenticated, in session
+cookies. With this option multiple Wget runs are treated as a single
browser session.
+
+** Wget now supports the --ftp-user and --ftp-password command
+switches to set username and password for FTP, and the --user and
+--password command switches to set username and password for both FTP
+and HTTP. The --http-passwd and --proxy-passwd command switches have
+been renamed to --http-password and --proxy-password respectively, and
+the related http_passwd and proxy_passwd .wgetrc commands to
+http_password and proxy_password respectively. The login and passwd
+.wgetrc commands have been deprecated.
+
+* `wget -b' now works correctly under Windows.
\f
* Wget 1.9.1 is a bugfix release with no user-visible changes.
\f
even in the face of refused connections, which are otherwise
considered a fatal error.
-** The new option `--dns-cache=off' may be used to prevent Wget from
+** The new option `--no-dns-cache' may be used to prevent Wget from
caching DNS lookups.
** Wget no longer escapes characters in local file names based on
----------------------------------------------------------------------
Copyright information:
-Copyright (C) 1997, 1998, 2000, 2001, 2003 Free Software Foundation, Inc.
+Copyright (C) 1997-2005 Free Software Foundation, Inc.
Permission is granted to anyone to make or distribute verbatim
copies of this document as received, in any medium, provided that