From: Matthias Fischer Date: Tue, 14 Jun 2016 10:33:00 +0000 (+0200) Subject: wget: Update to 1.18 X-Git-Tag: v2.19-core104~57^2~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e072f094e6fcb20a718caaef91ba9766258e2377;p=ipfire-2.x.git wget: Update to 1.18 Excerpt from annoncement: "This version fixes a security vulnerability (CVE-2016-4971) present in all old versions of wget. The vulnerability was discovered by Dawid Golunski which were reported to us by Beyond Security's SecuriTeam. On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename. This behaviour was changed and now it works similarly as a redirect from HTTP to another HTTP resource so the original name is used as the destination file. To keep the previous behaviour the user must provide --trust-server-names." Best, Mat-backfromholidays-thias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer --- diff --git a/lfs/wget b/lfs/wget index 20f545b76f..c22a9782e1 100644 --- a/lfs/wget +++ b/lfs/wget @@ -24,7 +24,7 @@ include Config -VER = 1.17.1 +VER = 1.18 THISAPP = wget-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = b0d58ef4963690e71effba24c105ed52 +$(DL_FILE)_MD5 = af9ca95a4bb8ac4a9bf10aeae66fa5ec install : $(TARGET)