Hi All, Update Wget to the latest stable version 1.19.1. This version includes the following CVE patches:
"Fix stack overflow in HTTP protocol handling (CVE-2017-13089)" http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f "Fix heap overflow in HTTP protocol handling (CVE-2017-13090)" http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba 1.19.1 provide only .tar.lz and tar.gz. Since we don't support *.lz, I have decided to *.gz Also please find attached a diff for -stable. Ok? Feedback? Best regards, Rafael Sadowski Index: Makefile =================================================================== RCS file: /cvs/ports/net/wget/Makefile,v retrieving revision 1.72 diff -u -p -u -p -r1.72 Makefile --- Makefile 22 Feb 2017 02:49:25 -0000 1.72 +++ Makefile 31 Oct 2017 10:54:50 -0000 @@ -2,7 +2,7 @@ COMMENT = retrieve files from the web via HTTP, HTTPS and FTP -DISTNAME = wget-1.19.1 +DISTNAME = wget-1.19.2 CATEGORIES = net HOMEPAGE = https://www.gnu.org/software/wget/ @@ -17,7 +17,7 @@ LIB_DEPENDS = converters/libunistring \ net/libpsl MASTER_SITES = ${MASTER_SITE_GNU:=wget/} -EXTRACT_SUFX = .tar.xz +EXTRACT_SUFX = .tar.gz MODULES = devel/gettext Index: distinfo =================================================================== RCS file: /cvs/ports/net/wget/distinfo,v retrieving revision 1.19 diff -u -p -u -p -r1.19 distinfo --- distinfo 22 Feb 2017 02:49:25 -0000 1.19 +++ distinfo 31 Oct 2017 10:54:50 -0000 @@ -1,2 +1,2 @@ -SHA256 (wget-1.19.1.tar.xz) = DJULlnGIEiKk04WwE8lgTpioAl0ZiFKd/KDpNhd0TNI= -SIZE (wget-1.19.1.tar.xz) = 2111756 +SHA256 (wget-1.19.2.tar.gz) = T0pnO21GbvpQ+/unlr2EpGriTjcPpWLt5bIatTwRqSA= +SIZE (wget-1.19.2.tar.gz) = 4349267 Index: patches/patch-doc_wget_texi =================================================================== RCS file: /cvs/ports/net/wget/patches/patch-doc_wget_texi,v retrieving revision 1.12 diff -u -p -u -p -r1.12 patch-doc_wget_texi --- patches/patch-doc_wget_texi 22 Feb 2017 02:49:25 -0000 1.12 +++ patches/patch-doc_wget_texi 31 Oct 2017 10:54:50 -0000 @@ -1,24 +1,8 @@ $OpenBSD: patch-doc_wget_texi,v 1.12 2017/02/22 02:49:25 danj Exp $ ---- doc/wget.texi.orig Sat Feb 11 05:45:22 2017 -+++ doc/wget.texi Sat Feb 11 16:46:13 2017 -@@ -191,14 +191,14 @@ gauge can be customized to your preferences. - Most of the features are fully configurable, either through command line - options, or via the initialization file @file{.wgetrc} (@pxref{Startup - File}). Wget allows you to define @dfn{global} startup files --(@file{/usr/local/etc/wgetrc} by default) for site settings. You can also -+(@file{${SYSCONFDIR}/wgetrc} by default) for site settings. You can also - specify the location of a startup file with the --config option. - - - @ignore - @c man begin FILES - @table @samp --@item /usr/local/etc/wgetrc -+@item ${SYSCONFDIR}/wgetrc - Default location of the @dfn{global} startup file. - - @item .wgetrc -@@ -3113,9 +3113,8 @@ commands. +Index: doc/wget.texi +--- doc/wget.texi.orig ++++ doc/wget.texi +@@ -3143,9 +3143,8 @@ commands. @cindex location of wgetrc When initializing, Wget will look for a @dfn{global} startup file, @@ -30,7 +14,7 @@ $OpenBSD: patch-doc_wget_texi,v 1.12 201 Then it will look for the user's file. If the environmental variable @code{WGETRC} is set, Wget will try to load that file. Failing that, no -@@ -3125,7 +3124,7 @@ If @code{WGETRC} is not set, Wget will try to load @fi +@@ -3155,7 +3154,7 @@ If @code{WGETRC} is not set, Wget will try to load @fi The fact that user's settings are loaded after the system-wide ones means that in case of collision user's wgetrc @emph{overrides} the
