Hi All,
Update Wget to the latest stable version 1.19.1. This version includes
the following CVE patches:
"Fix stack overflow in HTTP protocol handling (CVE-2017-13089)"
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f
"Fix heap overflow in HTTP protocol handling (CVE-2017-13090)"
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba
1.19.1 provide only .tar.lz and tar.gz. Since we don't support *.lz, I
have decided to *.gz
Also please find attached a diff for -stable.
Ok? Feedback?
Best regards,
Rafael Sadowski
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/wget/Makefile,v
retrieving revision 1.72
diff -u -p -u -p -r1.72 Makefile
--- Makefile 22 Feb 2017 02:49:25 -0000 1.72
+++ Makefile 31 Oct 2017 10:54:50 -0000
@@ -2,7 +2,7 @@
COMMENT = retrieve files from the web via HTTP, HTTPS and FTP
-DISTNAME = wget-1.19.1
+DISTNAME = wget-1.19.2
CATEGORIES = net
HOMEPAGE = https://www.gnu.org/software/wget/
@@ -17,7 +17,7 @@ LIB_DEPENDS = converters/libunistring \
net/libpsl
MASTER_SITES = ${MASTER_SITE_GNU:=wget/}
-EXTRACT_SUFX = .tar.xz
+EXTRACT_SUFX = .tar.gz
MODULES = devel/gettext
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/wget/distinfo,v
retrieving revision 1.19
diff -u -p -u -p -r1.19 distinfo
--- distinfo 22 Feb 2017 02:49:25 -0000 1.19
+++ distinfo 31 Oct 2017 10:54:50 -0000
@@ -1,2 +1,2 @@
-SHA256 (wget-1.19.1.tar.xz) = DJULlnGIEiKk04WwE8lgTpioAl0ZiFKd/KDpNhd0TNI=
-SIZE (wget-1.19.1.tar.xz) = 2111756
+SHA256 (wget-1.19.2.tar.gz) = T0pnO21GbvpQ+/unlr2EpGriTjcPpWLt5bIatTwRqSA=
+SIZE (wget-1.19.2.tar.gz) = 4349267
Index: patches/patch-doc_wget_texi
===================================================================
RCS file: /cvs/ports/net/wget/patches/patch-doc_wget_texi,v
retrieving revision 1.12
diff -u -p -u -p -r1.12 patch-doc_wget_texi
--- patches/patch-doc_wget_texi 22 Feb 2017 02:49:25 -0000 1.12
+++ patches/patch-doc_wget_texi 31 Oct 2017 10:54:50 -0000
@@ -1,24 +1,8 @@
$OpenBSD: patch-doc_wget_texi,v 1.12 2017/02/22 02:49:25 danj Exp $
---- doc/wget.texi.orig Sat Feb 11 05:45:22 2017
-+++ doc/wget.texi Sat Feb 11 16:46:13 2017
-@@ -191,14 +191,14 @@ gauge can be customized to your preferences.
- Most of the features are fully configurable, either through command line
- options, or via the initialization file @file{.wgetrc} (@pxref{Startup
- File}). Wget allows you to define @dfn{global} startup files
--(@file{/usr/local/etc/wgetrc} by default) for site settings. You can also
-+(@file{${SYSCONFDIR}/wgetrc} by default) for site settings. You can also
- specify the location of a startup file with the --config option.
-
-
- @ignore
- @c man begin FILES
- @table @samp
--@item /usr/local/etc/wgetrc
-+@item ${SYSCONFDIR}/wgetrc
- Default location of the @dfn{global} startup file.
-
- @item .wgetrc
-@@ -3113,9 +3113,8 @@ commands.
+Index: doc/wget.texi
+--- doc/wget.texi.orig
++++ doc/wget.texi
+@@ -3143,9 +3143,8 @@ commands.
@cindex location of wgetrc
When initializing, Wget will look for a @dfn{global} startup file,
@@ -30,7 +14,7 @@ $OpenBSD: patch-doc_wget_texi,v 1.12 201
Then it will look for the user's file. If the environmental variable
@code{WGETRC} is set, Wget will try to load that file. Failing that, no
-@@ -3125,7 +3124,7 @@ If @code{WGETRC} is not set, Wget will try to load @fi
+@@ -3155,7 +3154,7 @@ If @code{WGETRC} is not set, Wget will try to load @fi
The fact that user's settings are loaded after the system-wide ones
means that in case of collision user's wgetrc @emph{overrides} the
No comments:
Post a Comment