This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
SECURITY: wget
- From: "Yaakov (Cygwin/X)" <yselkowitz at users dot sourceforge dot net>
- To: cygwin-apps <cygwin-apps at cygwin dot com>
- Date: Sun, 16 Oct 2011 13:04:18 -0500
- Subject: SECURITY: wget
Eric,
wget-1.12 is vulnerable to CVE-2010-2252; please update to the latest
upstream release (1.13.4) to fix. While you're at it, may I suggest
adding the attached patch to fix the documented location of wgetrc.
Yaakov
--- origsrc/wget-1.13.4/doc/sample.wgetrc 2011-01-01 06:12:33.000000000 -0600
+++ src/wget-1.13.4/doc/sample.wgetrc 2011-10-15 23:11:23.836908900 -0500
@@ -7,7 +7,7 @@
## not contain a comprehensive list of commands -- look at the manual
## to find out what you can put into this file.
##
-## Wget initialization file can reside in /usr/local/etc/wgetrc
+## Wget initialization file can reside in /etc/wgetrc
## (global, for all users) or $HOME/.wgetrc (for a single user).
##
## To use the settings in this file, you will have to uncomment them,
@@ -16,7 +16,7 @@
##
-## Global settings (useful for setting up in /usr/local/etc/wgetrc).
+## Global settings (useful for setting up in /etc/wgetrc).
## Think well before you change them, since they may reduce wget's
## functionality, and make it behave contrary to the documentation:
##
--- origsrc/wget-1.13.4/doc/wget.texi 2011-08-06 05:22:58.000000000 -0500
+++ src/wget-1.13.4/doc/wget.texi 2011-10-15 23:11:00.686468500 -0500
@@ -190,14 +190,14 @@ gauge can be customized to your preferen
Most of the features are fully configurable, either through command line
options, or via the initialization file @file{.wgetrc} (@pxref{Startup
File}). Wget allows you to define @dfn{global} startup files
-(@file{/usr/local/etc/wgetrc} by default) for site settings. You can also
+(@file{/etc/wgetrc} by default) for site settings. You can also
specify the location of a startup file with the --config option.
@ignore
@c man begin FILES
@table @samp
-@item /usr/local/etc/wgetrc
+@item /etc/wgetrc
Default location of the @dfn{global} startup file.
@item .wgetrc
@@ -2696,7 +2696,7 @@ commands.
@cindex location of wgetrc
When initializing, Wget will look for a @dfn{global} startup file,
-@file{/usr/local/etc/wgetrc} by default (or some prefix other than
+@file{/etc/wgetrc} by default (or some prefix other than
@file{/usr/local}, if Wget was not installed there) and read commands
from there, if it exists.
@@ -2708,7 +2708,7 @@ If @code{WGETRC} is not set, Wget will t
The fact that user's settings are loaded after the system-wide ones
means that in case of collision user's wgetrc @emph{overrides} the
-system-wide wgetrc (in @file{/usr/local/etc/wgetrc} by default).
+system-wide wgetrc (in @file{/etc/wgetrc} by default).
Fascist admins, away!
@node Wgetrc Syntax, Wgetrc Commands, Wgetrc Location, Startup File