diff --git a/wget-1.13.4.tar.bz2 b/wget-1.13.4.tar.bz2
deleted file mode 100644
index abbdb87..0000000
--- a/wget-1.13.4.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f76518dfd7bcde41b7762df5cc5516bc8a178f122811aba18a64993fb9458881
-size 1931885
diff --git a/wget-1.14-no-ssl-comp.patch b/wget-1.14-no-ssl-comp.patch
new file mode 100644
index 0000000..9773cb9
--- /dev/null
+++ b/wget-1.14-no-ssl-comp.patch
@@ -0,0 +1,13 @@
+--- src/openssl.c.orig
++++ src/openssl.c
+@@ -241,7 +241,9 @@
+   /* The OpenSSL library can handle renegotiations automatically, so
+      tell it to do so.  */
+   SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY);
+-
++#ifdef SSL_OP_NO_COMPRESSION
++  SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
++#endif
+   return true;
+ 
+  error:
diff --git a/wget-openssl-no-intern.patch b/wget-1.14-openssl-no-intern.patch
similarity index 81%
rename from wget-openssl-no-intern.patch
rename to wget-1.14-openssl-no-intern.patch
index 85f20f6..ceb7f58 100644
--- a/wget-openssl-no-intern.patch
+++ b/wget-1.14-openssl-no-intern.patch
@@ -1,6 +1,6 @@
 --- src/openssl.c.orig
 +++ src/openssl.c
-@@ -29,6 +29,7 @@ Corresponding Source for a non-source fo
+@@ -29,6 +29,7 @@
  shall include the source code for the parts of OpenSSL used as well
  as that of the covered work.  */
  
@@ -8,7 +8,7 @@
  #include "wget.h"
  
  #include <assert.h>
-@@ -429,7 +430,7 @@ ssl_connect_wget (int fd, const char *ho
+@@ -425,7 +426,7 @@
    if (!SSL_set_fd (conn, FD_TO_SOCKET (fd)))
      goto error;
    SSL_set_connect_state (conn);
diff --git a/wget-1.14.tar.xz b/wget-1.14.tar.xz
new file mode 100644
index 0000000..73f4e16
--- /dev/null
+++ b/wget-1.14.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1761d7f7c6a2ad6c8d494d239c53f0c17126efb6449ada16dee3a66d87a4147b
+size 1584060
diff --git a/wget-no-ssl-comp.patch b/wget-no-ssl-comp.patch
deleted file mode 100644
index 82b13fa..0000000
--- a/wget-no-ssl-comp.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- src/openssl.c.orig
-+++ src/openssl.c
-@@ -248,6 +248,10 @@ ssl_init ()
-   /* Keep memory usage as low as possible */
-   SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
- #endif
-+#ifdef SSL_OP_NO_COMPRESSION
-+  SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
-+#endif
-+
-   return true;
- 
-  error:
diff --git a/wget-sni.patch b/wget-sni.patch
deleted file mode 100644
index 5b7fcf4..0000000
--- a/wget-sni.patch
+++ /dev/null
@@ -1,127 +0,0 @@
---- src/host.c
-+++ src/host.c
-@@ -914,3 +914,19 @@ host_cleanup (void)
-       host_name_addresses_map = NULL;
-     }
- }
-+
-+/* Determine whether or not a hostname is an IP address that we recognise. */
-+bool
-+is_ip_address (const char *name)
-+{
-+  const char *endp;
-+
-+  endp = name + strlen(name);
-+  if (is_valid_ipv4_address(name, endp))
-+    return true;
-+#ifdef ENABLE_IPV6
-+  if (is_valid_ipv6_address(name, endp))
-+    return true;
-+#endif
-+  return false;
-+}
---- src/host.h
-+++ src/host.h
-@@ -102,5 +102,5 @@ bool accept_domain (struct url *);
- bool sufmatch (const char **, const char *);
- 
- void host_cleanup (void);
--
-+bool is_ip_address(const char *);
- #endif /* HOST_H */
---- src/http.c
-+++ src/http.c
-@@ -1909,7 +1909,7 @@ gethttp (struct url *u, struct http_stat
- 
-       if (conn->scheme == SCHEME_HTTPS)
-         {
--          if (!ssl_connect_wget (sock))
-+          if (!ssl_connect_wget (sock, u->host))
-             {
-               fd_close (sock);
-               return CONSSLERR;
---- src/openssl.c
-+++ src/openssl.c
-@@ -40,12 +40,12 @@ as that of the covered work.  */
- #include <openssl/x509v3.h>
- #include <openssl/err.h>
- #include <openssl/rand.h>
--
-+#include <openssl/engine.h>
- #include "utils.h"
- #include "connect.h"
- #include "url.h"
- #include "ssl.h"
--
-+#include "host.h"
- #ifdef WINDOWS
- # include <w32sock.h>
- #endif
-@@ -175,11 +175,15 @@ ssl_init ()
-                  _("Could not seed PRNG; consider using --random-file.\n"));
-       goto error;
-     }
--
-+  OPENSSL_config(NULL);
-   SSL_library_init ();
-   SSL_load_error_strings ();
-   SSLeay_add_all_algorithms ();
-   SSLeay_add_ssl_algorithms ();
-+ /* Load all bundled ENGINEs into memory and make them visible */
-+  ENGINE_load_builtin_engines();
-+ /* Register all of them for every algorithm they collectively implement */
-+  ENGINE_register_all_complete();
- 
-   switch (opt.secure_protocol)
-     {
-@@ -239,7 +243,10 @@ ssl_init ()
-   /* The OpenSSL library can handle renegotiations automatically, so
-      tell it to do so.  */
-   SSL_CTX_set_mode (ssl_ctx, SSL_MODE_AUTO_RETRY);
--
-+#ifdef SSL_MODE_RELEASE_BUFFERS
-+  /* Keep memory usage as low as possible */
-+  SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
-+#endif
-   return true;
- 
-  error:
-@@ -393,7 +400,7 @@ static struct transport_implementation o
-    Returns true on success, false on failure.  */
- 
- bool
--ssl_connect_wget (int fd)
-+ssl_connect_wget (int fd, const char *hostname)
- {
-   SSL *conn;
-   struct openssl_transport_context *ctx;
-@@ -404,6 +411,18 @@ ssl_connect_wget (int fd)
-   conn = SSL_new (ssl_ctx);
-   if (!conn)
-     goto error;
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
-+  /* If the SSL library was build with support for ServerNameIndication
-+     then use it whenever we have a hostname.  If not, don't, ever. */
-+  if (!is_ip_address(hostname))
-+    {
-+      if (!SSL_set_tlsext_host_name(conn, hostname)) {
-+   DEBUGP (("Failed to set TLS server-name indication."));
-+   goto error;
-+      }
-+    }
-+#endif
- #ifndef FD_TO_SOCKET
- # define FD_TO_SOCKET(X) (X)
- #endif
---- src/ssl.h
-+++ src/ssl.h
-@@ -33,7 +33,7 @@ as that of the covered work.  */
- #define GEN_SSLFUNC_H
- 
- bool ssl_init (void);
--bool ssl_connect_wget (int);
-+bool ssl_connect_wget (int, const char *);
- bool ssl_check_certificate (int, const char *);
- 
- #endif /* GEN_SSLFUNC_H */
diff --git a/wget-stdio.h.patch b/wget-stdio.h.patch
deleted file mode 100644
index 5ad4d93..0000000
--- a/wget-stdio.h.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Index: wget-1.13.4/lib/stdio.in.h
-===================================================================
---- wget-1.13.4.orig/lib/stdio.in.h
-+++ wget-1.13.4/lib/stdio.in.h
-@@ -694,10 +694,12 @@ _GL_CXXALIAS_SYS (gets, char *, (char *s
- #  undef gets
- # endif
- _GL_CXXALIASWARN (gets);
-+# if HAVE_RAW_DECL_GETS
- /* It is very rare that the developer ever has full control of stdin,
-    so any use of gets warrants an unconditional warning.  Assume it is
-    always declared, since it is required by C89.  */
- _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
-+# endif
- #endif
- 
- 
diff --git a/wget.changes b/wget.changes
index 7c83453..3299c99 100644
--- a/wget.changes
+++ b/wget.changes
@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Thu May  2 17:50:50 UTC 2013 - p.drouand@gmail.com
+
+- Update to version 1.14
+  + add support for content-on-error.  It allows to store the HTTP
+    payload on 4xx or 5xx errors.
+  + add support for WARC files.
+  + fix a memory leak problem in the GNU TLS backend.
+  + autoreconf works again for distributed tarballs.
+  + print some diagnostic messages to stderr not to stdout.
+  + report stdout close errors.
+  + accept the --report-speed option.
+  + enable client certificates when GNU TLS is used.
+  + add support for TLS Server Name Indication.
+  + accept the arguments --accept-reject and --reject-regex.
+  + the GNU TLS backend honors correctly the timeout value.
+  + add support for RFC 2617 Digest Access Authentication.
+- Drop patchs obsoleted by upstream
+  + wget-sni.patch
+  + wget-stdio.h.patch
+- Rebase patchs to work with upstream
+  + wget-openssl-no-intern.patch > wget-1.14-openssl-no-intern.patch
+  + wget-no-ssl-comp.patch > wget-1.14-no-ssl-comp.patch
+
 -------------------------------------------------------------------
 Thu May  2 09:49:33 UTC 2013 - seife+obs@b1-systems.com
 
diff --git a/wget.spec b/wget.spec
index 1f64edc..217ed87 100644
--- a/wget.spec
+++ b/wget.spec
@@ -17,20 +17,18 @@
 
 
 Name:           wget
-Version:        1.13.4
+Version:        1.14
 Release:        0
 Summary:        A Tool for Mirroring FTP and HTTP Servers
 License:        GPL-3.0+
 Group:          Productivity/Networking/Web/Utilities
 Url:            http://www.gnu.org/software/wget/
-Source:         http://ftp.gnu.org/gnu/wget/%name-%version.tar.bz2
+Source:         http://ftp.gnu.org/gnu/wget/%name-%version.tar.xz
 Patch0:         wgetrc.patch
 # PATCH-FEATURE-UPSTREAM wget-libproxy.patch dimstar@opensuse.org -- Add libproxy support to wget
 Patch1:         wget-libproxy.patch
-Patch3:         wget-sni.patch
-Patch4:         wget-stdio.h.patch
-Patch5:         wget-openssl-no-intern.patch
-Patch6:         wget-no-ssl-comp.patch
+Patch5:         wget-1.14-openssl-no-intern.patch
+Patch6:         wget-1.14-no-ssl-comp.patch
 BuildRequires:  libpng-devel
 %if 0%{suse_version} > 1110
 BuildRequires:  libproxy-devel
@@ -40,6 +38,7 @@ BuildRequires:  libidn-devel
 BuildRequires:  makeinfo
 BuildRequires:  openssl-devel
 BuildRequires:  pkg-config
+BuildRequires:  xz
 PreReq:         %install_info_prereq
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -53,8 +52,6 @@ This can be done in script files or via the command line.
 %if 0%{suse_version} > 1110
 %patch1
 %endif
-%patch3
-%patch4 -p1
 %patch5
 %patch6