From: "Yaakov (Cygwin/X)" <yselkowitz@users.sourceforge.net>
To: cygwin-apps <cygwin-apps@cygwin.com>
Subject: SECURITY: wget
Date: Sun, 16 Oct 2011 18:04:00 -0000 [thread overview]
Message-ID: <1318788264.7624.3.camel@YAAKOV04> (raw)
[-- Attachment #1: Type: text/plain, Size: 224 bytes --]
Eric,
wget-1.12 is vulnerable to CVE-2010-2252; please update to the latest
upstream release (1.13.4) to fix. While you're at it, may I suggest
adding the attached patch to fix the documented location of wgetrc.
Yaakov
[-- Attachment #2: 1.13.4-sysconfdir.patch --]
[-- Type: text/x-patch, Size: 2411 bytes --]
--- origsrc/wget-1.13.4/doc/sample.wgetrc 2011-01-01 06:12:33.000000000 -0600
+++ src/wget-1.13.4/doc/sample.wgetrc 2011-10-15 23:11:23.836908900 -0500
@@ -7,7 +7,7 @@
## not contain a comprehensive list of commands -- look at the manual
## to find out what you can put into this file.
##
-## Wget initialization file can reside in /usr/local/etc/wgetrc
+## Wget initialization file can reside in /etc/wgetrc
## (global, for all users) or $HOME/.wgetrc (for a single user).
##
## To use the settings in this file, you will have to uncomment them,
@@ -16,7 +16,7 @@
##
-## Global settings (useful for setting up in /usr/local/etc/wgetrc).
+## Global settings (useful for setting up in /etc/wgetrc).
## Think well before you change them, since they may reduce wget's
## functionality, and make it behave contrary to the documentation:
##
--- origsrc/wget-1.13.4/doc/wget.texi 2011-08-06 05:22:58.000000000 -0500
+++ src/wget-1.13.4/doc/wget.texi 2011-10-15 23:11:00.686468500 -0500
@@ -190,14 +190,14 @@ gauge can be customized to your preferen
Most of the features are fully configurable, either through command line
options, or via the initialization file @file{.wgetrc} (@pxref{Startup
File}). Wget allows you to define @dfn{global} startup files
-(@file{/usr/local/etc/wgetrc} by default) for site settings. You can also
+(@file{/etc/wgetrc} by default) for site settings. You can also
specify the location of a startup file with the --config option.
@ignore
@c man begin FILES
@table @samp
-@item /usr/local/etc/wgetrc
+@item /etc/wgetrc
Default location of the @dfn{global} startup file.
@item .wgetrc
@@ -2696,7 +2696,7 @@ commands.
@cindex location of wgetrc
When initializing, Wget will look for a @dfn{global} startup file,
-@file{/usr/local/etc/wgetrc} by default (or some prefix other than
+@file{/etc/wgetrc} by default (or some prefix other than
@file{/usr/local}, if Wget was not installed there) and read commands
from there, if it exists.
@@ -2708,7 +2708,7 @@ If @code{WGETRC} is not set, Wget will t
The fact that user's settings are loaded after the system-wide ones
means that in case of collision user's wgetrc @emph{overrides} the
-system-wide wgetrc (in @file{/usr/local/etc/wgetrc} by default).
+system-wide wgetrc (in @file{/etc/wgetrc} by default).
Fascist admins, away!
@node Wgetrc Syntax, Wgetrc Commands, Wgetrc Location, Startup File
next reply other threads:[~2011-10-16 18:04 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-16 18:04 Yaakov (Cygwin/X) [this message]
2011-10-17 21:45 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1318788264.7624.3.camel@YAAKOV04 \
--to=yselkowitz@users.sourceforge.net \
--cc=cygwin-apps@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).