Index: head/security/pwned-check/Makefile
===================================================================
--- head/security/pwned-check/Makefile	(revision 462748)
+++ head/security/pwned-check/Makefile	(revision 462749)
@@ -1,29 +1,29 @@
 # Created by: Charlie Root <se@FreeBSD.org>
 # $FreeBSD$
 
 PORTNAME=	pwned-check
-PORTVERSION=	1.0
+PORTVERSION=	2.0
 CATEGORIES=	security
 MASTER_SITES=	#
 DISTFILES=	#
 
 MAINTAINER=	se@FreeBSD.org
 COMMENT=	Check whether password is known to have been exposed in data breaches
 
 LICENSE=	BSD2CLAUSE
 
 NO_ARCH=	yes
 NO_BUILD=	yes
 WRKSRC=		${WRKDIR}/src
 
 SRC=		${.CURDIR}/src
 
 SUB_FILES=	${PORTNAME}.sh ${PORTNAME}.1 pkg-message
 
 do-install:
 	${INSTALL_SCRIPT} ${WRKDIR}/${PORTNAME}.sh ${STAGEDIR}${PREFIX}/bin/${PORTNAME}
 	${INSTALL_DATA} ${FILESDIR}/${PORTNAME}.conf.sample ${STAGEDIR}${PREFIX}/etc
 	${INSTALL_MAN} ${WRKDIR}/${PORTNAME}.1 ${STAGEDIR}${MAN1PREFIX}/man/man1
 	${MKDIR} ${STAGEDIR}/var/db/${PORTNAME}
 
 .include <bsd.port.mk>
Index: head/security/pwned-check/files/pkg-message.in
===================================================================
--- head/security/pwned-check/files/pkg-message.in	(revision 462748)
+++ head/security/pwned-check/files/pkg-message.in	(revision 462749)
@@ -1,13 +1,13 @@
 -------------------------------------------------------------------------
 This port needs a password hash database that is to be downloaded with
 the following command:
 
     pwned-check -u
 
 The database files will be installed into /var/db/pwned-check by default.
 This directory can be changed in %%PREFIX%%/etc/pwned-check.conf.
 
-The installation procedure will fetch 6 GB of compressed data and will
-temporarily need 18 GB of free space in that directory and 13 GB when
+The installation procedure will fetch 9 GB of compressed data and will
+temporarily need 40 GB of free space in that directory and 30 GB when
 the installation is complete.
 -------------------------------------------------------------------------
Index: head/security/pwned-check/files/pwned-check.1.in
===================================================================
--- head/security/pwned-check/files/pwned-check.1.in	(revision 462748)
+++ head/security/pwned-check/files/pwned-check.1.in	(revision 462749)
@@ -1,66 +1,67 @@
 .Dd October 23, 2017
 .Dt PWNED-CHECK 1
 .Os
 .Sh NAME
 .Nm pwned-check
 .Nd Check word against list of known stolen passwords.
 .Sh SYNOPSIS
 .Nm
 .Op Fl u
 .Sh DESCRIPTION
 The
 .Nm
 utility checks the passwords piped in via standard input  (one per line)
 against a huge database of passwords that are known to have been stolen
 in data breaches.
 .Pp
 SHA1 hashes of these passwords have been published at
 .Lk https://haveibeenpwned.com/
 .Pp
 If any of the checked passwords is found in the database, it is printed
 on standard output and the exit status of
 .Nm
 is set to 1.
 No output is generated for passwords not found in the database.
 .Pp
 Instead of plain passwords, SHA1 hashes of passwords may be supplied.
 Matches will be reported, but there is no provision to report the
 plain text password corresponding to a given SHA1 hash.
 .Pp
 If the option
 .Fl u
-is used, the password hash database is downloaded and initialized.
-This process will temporarily require some 18 GB of free space in the
+is used, the password hash database (9 GB compressed) is downloaded and
+initialized.
+This process will temporarily require some 40 GB of free space in the
 database directory, which is
 .Pa /var/db/pwned-check
 by default.
 This location can be changed in the configuration file, prior to starting
 the download.
 .Sh FILES
 .Bl -tag -width %%PREFIX%%/etc/pwned-check.conf
 .It Pa %%PREFIX%%/etc/pwned-check.conf
 Optional configuration file.
 .It Pa /var/db/pwned-check
 Default location of pwned password hash database.
-Needs 18 GB of free space during download, 13 GB when finished.
+Needs up to 40 GB of free space during download, 30 GB when finished.
 .El
 .Sh EXIT STATUS
 .Nm
 returns 0 if none of the passwords to check have been found in the
 pwned password database, else 1.
 .Pp
 If the
 .Fl u
 option is used to download the pwned password hashes, an exit code of 0
 indicates success, 1 failure to fetch and initialize the database.
 .Sh EXAMPLES
 Download the pwned password hash files:
 .Bd -literal -offset indent
 pwned-check -u
 .Ed
 .Pp
 Check passwords passed on standard input against pwned password database:
 .Bd -literal -offset indent
 echo badpasswd | pwned-check
 .Ed
 .\" .Sh AUTHORS
Index: head/security/pwned-check/files/pwned-check.conf.sample
===================================================================
--- head/security/pwned-check/files/pwned-check.conf.sample	(revision 462748)
+++ head/security/pwned-check/files/pwned-check.conf.sample	(revision 462749)
@@ -1,2 +1,2 @@
 DBDIR=		/var/db/pwned-check
-URLBASE=i	https://downloads.pwnedpasswords.com/passwords
+URLBASE=	https://downloads.pwnedpasswords.com/passwords
Index: head/security/pwned-check/files/pwned-check.sh.in
===================================================================
--- head/security/pwned-check/files/pwned-check.sh.in	(revision 462748)
+++ head/security/pwned-check/files/pwned-check.sh.in	(revision 462749)
@@ -1,111 +1,111 @@
 #!/bin/sh
 #
 # Copyright (c) 2017 by Stefan Esser <se@freebsd.org>
 # All rights reserved.
 #
 # Distributed under the BSD 2-clause Simplified License.
 #
 
 CFGFILE="%%PREFIX%%/etc/pwned-check.conf"
 
 [ -r "$CFGFILE" ] && . $CFGFILE
 : ${DBDIR:=/var/db/pwned-check}
 : ${URLBASE:=https://downloads.pwnedpasswords.com/passwords}
 
 # Helper functions
 progname ()
 {
     basename "$0"
 }
 
 errexit ()
 {
     echo $(progname)": $@"
     exit 1
 }
 
 usage ()
 {
     echo "usage: "$(progname)" [-u]"
     exit 2
 }
 
 # Fetch files with pwned password hashes
 fetchpwfiles ()
 {
     umask 022
     mkdir -p $DBDIR || errexit "No write permission on data directory."
     local f s_txt s_txt_7z hash
     while read f s_txt s_txt_7z hash
     do
 	local f7z="$f.7z"
 	echo "Checking '$DBDIR/$f' ..."
 	local s_txt_is=$(stat -f %z $f 2>/dev/null)
 	if [ "$s_txt_is" != "$s_txt" ]; then
 	    echo "Fetching '$DBDIR/$f' ..."
 	    fetch -S $s_txt_7z "$URLBASE/$f7z" || errexit "Could not fetch '$URLBASE/$f7z'"
 	    local hash_is=$(sha1 -q "$f7z")
 	    if [ "$hash_is" != "$hash" ]; then
 		rm -f "$f7z"
 		errexit "File '$f7z' fails SHA1 check: '$hash_is' should be '$hash'."
 	    fi
 	    tar xf $f7z
 	    local s_txt_is=$(stat -f %z $f)
 	    if [ "$s_txt_is" != "$s_txt" ]; then
 		rm -f "$f"
 		errexit "File '$f' has size $s_txt_is after decompression, should be $s_txt."
 	    fi
 	fi
 	rm -f "$f7z"
     done <<EOF
-pwned-passwords-1.0.txt      12862899504 5702869528 90d57d16a2dfe00de6cc58d0fa7882229ace4a53
-pwned-passwords-update-1.txt   574389228  262300582 00fc585efad08a4b6323f8e4196aae9207f8b09f
-pwned-passwords-update-2.txt    16791180    8000810 20318090278bbd196945025bc7bf93e99f261f9a
+pwned-passwords-2.0.txt      31603121046 9405806974 c267424e7d2bb5b10adff4d776fa14b0967bf0cc
 EOF
     echo "All data files have been successfully downloaded and extracted."
+    rm -f "$DBDIR/pwned-passwords-1.0.txt*"
+    rm -f "$DBDIR/pwned-passwords-update-?.txt*"
 }
 
 # Password lookup
 exitcode=0
 
 lookup ()
 {
     local hash="$1"
     look "$hash" pwned-passwords*.txt > /dev/null
 }
 
 checkpw ()
 {
     local pwd="$1"
     local hash=$(echo -n "$pwd" | sha1 | tr 'a-z' 'A-Z')
     if lookup "$hash"; then
 	echo "$pwd"
 	exitcode=1
     elif expr "$pwd" : '[A-Fa-f0-9]\{40\}$' > /dev/null; then
 	if lookup "$pwd"; then
 	    echo "$pwd"
 	    exitcode=1
 	fi
     fi
 }
 
 # Main program
 cd "$DBDIR" || errexit "Database directory '$DBDIR' not found."
 export LC_COLLATE=C
 
 if [ "$#" -gt 0 ]; then
     if [ "$1" = "-u" ]; then
 	fetchpwfiles
 	exit 0
     else	
 	echo "usage: "$(progname)" [-u]"
 	exit 2
     fi
 fi
 
 while read pwd
 do
     checkpw "$pwd"
 done
 
 exit $exitcode