From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] wget: Update to 1.18
Date: Tue, 14 Jun 2016 12:33:00 +0200
Message-ID: <20160614103300.4660-1-matthias.fischer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8659537154425483994=="
List-Id: <development.lists.ipfire.org>

--===============8659537154425483994==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Excerpt from annoncement:

"This version fixes a security vulnerability (CVE-2016-4971) present in
all old versions of wget.  The vulnerability was discovered by Dawid
Golunski which were reported to us by Beyond Security's SecuriTeam.

On a server redirect from HTTP to a FTP resource, wget would trust the
HTTP server and uses the name in the redirected URL as the destination
filename.
This behaviour was changed and now it works similarly as a redirect from
HTTP to another HTTP resource so the original name is used as
the destination file.  To keep the previous behaviour the user must
provide --trust-server-names."

Best,
Mat-backfromholidays-thias

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/wget | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/wget b/lfs/wget
index 20f545b..c22a978 100644
--- a/lfs/wget
+++ b/lfs/wget
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.17.1
+VER        = 1.18
 
 THISAPP    = wget-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = b0d58ef4963690e71effba24c105ed52
+$(DL_FILE)_MD5 = af9ca95a4bb8ac4a9bf10aeae66fa5ec
 
 install : $(TARGET)
 
-- 
2.9.0


--===============8659537154425483994==--