diff --git a/net/wget/Makefile b/net/wget/Makefile
index bd0586882b0..d0bb00b7059 100644
--- a/net/wget/Makefile
+++ b/net/wget/Makefile
@@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.33 2002/05/15 17:42:25 espie Exp $
+# $OpenBSD: Makefile,v 1.34 2002/12/10 18:37:24 brad Exp $
 
 COMMENT=	"retrieve files from the 'net via HTTP and FTP"
 
 DISTNAME=	wget-1.7
+PKGNAME=	${DISTNAME}p1
 CATEGORIES=	net
-NEED_VERSION=	1.460
 MASTER_SITES=	${MASTER_SITE_GNU:=wget/}
 MASTER_SITES0=	ftp://ftp.kame.net/pub/kame/misc/
 
@@ -34,6 +34,8 @@ CONFIGURE_ENV=	CPPFLAGS="-I${LOCALBASE}/include" \
 
 post-patch:
 	@cd ${WRKSRC}; touch configure
+
+pre-build:
 	@mv -f ${WRKSRC}/doc/wget.texi ${WRKSRC}/doc/wget.texi.bak
 	@sed -e s#/usr/local/etc#${SYSCONFDIR}#g \
 	     -e s#/usr/local#${PREFIX}#g \
diff --git a/net/wget/patches/patch-src_fnmatch_c b/net/wget/patches/patch-src_fnmatch_c
new file mode 100644
index 00000000000..5da55bc4f56
--- /dev/null
+++ b/net/wget/patches/patch-src_fnmatch_c
@@ -0,0 +1,21 @@
+$OpenBSD: patch-src_fnmatch_c,v 1.1 2002/12/10 18:37:24 brad Exp $
+--- src/fnmatch.c.orig	Tue Dec 10 13:06:09 2002
++++ src/fnmatch.c	Tue Dec 10 13:07:23 2002
+@@ -188,6 +188,17 @@ fnmatch (const char *pattern, const char
+   return (FNM_NOMATCH);
+ }
+ 
++/* Return non-zero if S has a leading '/'  or contains '../' */
++int
++has_invalid_name (const char *s)
++{
++	if (*s == '/')
++		return 1;
++	if (strstr(s, "../") != 0)
++		return 1;
++	return 0;
++}
++
+ /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
+    `]').  */
+ int
diff --git a/net/wget/patches/patch-src_ftp_c b/net/wget/patches/patch-src_ftp_c
new file mode 100644
index 00000000000..3da2f4186d7
--- /dev/null
+++ b/net/wget/patches/patch-src_ftp_c
@@ -0,0 +1,40 @@
+$OpenBSD: patch-src_ftp_c,v 1.1 2002/12/10 18:37:24 brad Exp $
+--- src/ftp.c.orig	Tue Dec 10 13:08:00 2002
++++ src/ftp.c	Tue Dec 10 13:16:22 2002
+@@ -1637,6 +1637,7 @@ ftp_retrieve_glob (struct urlinfo *u, cc
+ {
+   struct fileinfo *orig, *start;
+   uerr_t res;
++  struct fileinfo *f;
+ 
+   con->cmd |= LEAVE_PENDING;
+ 
+@@ -1648,8 +1649,7 @@ ftp_retrieve_glob (struct urlinfo *u, cc
+      opt.accepts and opt.rejects.  */
+   if (opt.accepts || opt.rejects)
+     {
+-      struct fileinfo *f = orig;
+-
++      f = orig;
+       while (f)
+ 	{
+ 	  if (f->type != FT_DIRECTORY && !acceptable (f->name))
+@@ -1661,6 +1661,18 @@ ftp_retrieve_glob (struct urlinfo *u, cc
+ 	    f = f->next;
+ 	}
+     }
++  /* Remove all files with possible harmful names */
++  f = orig;
++  while (f)
++  {
++     if (has_invalid_name(f->name))
++     {
++	logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name);
++	f = delelement (f, &start);
++     }
++     else
++	f = f->next;
++  }
+   /* Now weed out the files that do not match our globbing pattern.
+      If we are dealing with a globbing pattern, that is.  */
+   if (*u->file && (action == GLOBALL || action == GETONE))