Upgrade wget on CentOS 5
As time progresses some of my VPS machines are starting to show their age running CentOS 5. As CentOS is based on Redhat, the
yum repositories often contain older versions of binaries with bugs that have been fixed in newer version. I recently ran into this with
wget when trying to download the latest WordPress zip file.
--2014-10-18 01:55:38-- http://wordpress.org/latest.zip Resolving wordpress.org... 220.127.116.11, 18.104.22.168 Connecting to wordpress.org|22.214.171.124|:80... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://wordpress.org/latest.zip [following] --2014-10-18 01:55:38-- https://wordpress.org/latest.zip Connecting to wordpress.org|126.96.36.199|:443... connected. ERROR: certificate common name *.wordpress.org' doesn't match requested host name wordpress.org'. To connect to wordpress.org insecurely, use `--no-check-certificate'. Unable to establish SSL connection. unzip: cannot find or open latest.zip, latest.zip.zip or latest.zip.ZIP
Turns out this is a bug in
wget 1.11 that was fixed in 1.12, but the former is what is available via
yum. There is a bug on the WordPress Trac #611 that is closed as wontfix – it has to do with the older version of wget not using the alternate name on the wildcard SSL certificate. If you want to upgrade wget on your system, you’ll need to first get the source, uninstall the existing wget with yum, and then build wget from source. You’ll probably want to jump to 1.16 since all previous versions are susceptible to CVE-2014-4877 as of this post.
Install wget from source
cd ~ wget http://ftp.gnu.org/gnu/wget/wget-1.16.tar.gz yum -y remove wget tar -xzvf wget-1.16.tar.gz cd wget-1.16 ./configure --with-ssl=openssl --with-libssl-prefix=/usr/lib64/openssl --prefix=/usr make && make install
Note: If you don’t have wget on your system at all, you can also use curl to download the source with the command
curl -O http://ftp.gnu.org/gnu/wget/wget-1.16.tar.gz.