[PATCH] wget: Update to 1.18

Matthias Fischer matthias.fischer at ipfire.org
Tue Jun 14 12:33:00 CEST 2016

Excerpt from annoncement:

"This version fixes a security vulnerability (CVE-2016-4971) present in
all old versions of wget.  The vulnerability was discovered by Dawid
Golunski which were reported to us by Beyond Security's SecuriTeam.

On a server redirect from HTTP to a FTP resource, wget would trust the
HTTP server and uses the name in the redirected URL as the destination
This behaviour was changed and now it works similarly as a redirect from
HTTP to another HTTP resource so the original name is used as
the destination file.  To keep the previous behaviour the user must
provide --trust-server-names."


Signed-off-by: Matthias Fischer <matthias.fischer at ipfire.org>
 lfs/wget | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/wget b/lfs/wget
index 20f545b..c22a978 100644
--- a/lfs/wget
+++ b/lfs/wget
@@ -24,7 +24,7 @@
 include Config
-VER        = 1.17.1
+VER        = 1.18
 THISAPP    = wget-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
-$(DL_FILE)_MD5 = b0d58ef4963690e71effba24c105ed52
+$(DL_FILE)_MD5 = af9ca95a4bb8ac4a9bf10aeae66fa5ec
 install : $(TARGET)

More information about the Development mailing list