wget: Update to 1.18

Excerpt from annoncement:

"This version fixes a security vulnerability (CVE-2016-4971) present in
all old versions of wget.  The vulnerability was discovered by Dawid
Golunski which were reported to us by Beyond Security's SecuriTeam.

On a server redirect from HTTP to a FTP resource, wget would trust the
HTTP server and uses the name in the redirected URL as the destination
filename.
This behaviour was changed and now it works similarly as a redirect from
HTTP to another HTTP resource so the original name is used as
the destination file.  To keep the previous behaviour the user must
provide --trust-server-names."

Best,
Mat-backfromholidays-thias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/lfs/wget b/lfs/wget
index 20f545b76f564af73377022c658e8e40bcd96419..c22a9782e18fd93692deb2957013d24d6458f2ae 100644 (file)
--- a/lfs/wget
+++ b/lfs/wget
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.17.1
+VER        = 1.18
 
 THISAPP    = wget-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = b0d58ef4963690e71effba24c105ed52
+$(DL_FILE)_MD5 = af9ca95a4bb8ac4a9bf10aeae66fa5ec
 
 install : $(TARGET)