diff options
| author |   Lars Wendler <polynomial-c@gentoo.org> | 2017-03-11 20:43:33 +0100 |
|---|---|---|
| committer | Lars Wendler <polynomial-c@gentoo.org> | 2017-03-11 20:43:53 +0100 |
| commit | ae9ba23240bc2dda1b90887732451801b96117f1 (patch) | |
| tree | 0c9fde3712a0773d82dfca4f32a1c1c434aa0c34 /net-misc | |
| parent | media-video/kaffeine: Remove 2.0.8 (diff) | |
| download | gentoo-ae9ba23240bc2dda1b90887732451801b96117f1.tar.gz gentoo-ae9ba23240bc2dda1b90887732451801b96117f1.tar.bz2 gentoo-ae9ba23240bc2dda1b90887732451801b96117f1.zip | |
net-misc/wget: Security revbump to fix CRLF injection (bug #612326).
Package-Manager: Portage-2.3.4, Repoman-2.3.2
Diffstat (limited to 'net-misc')
| -rw-r--r-- | net-misc/wget/files/wget-1.19.1-CRLF_injection.patch | 37 | ||||
| -rw-r--r-- | net-misc/wget/wget-1.19.1-r1.ebuild | 105 |
2 files changed, 142 insertions, 0 deletions
diff --git a/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch b/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch new file mode 100644 index 000000000000..aa4e978cfda9 --- /dev/null +++ b/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch @@ -0,0 +1,37 @@ +From 4d729e322fae359a1aefaafec1144764a54e8ad4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de> +Date: Mon, 6 Mar 2017 10:04:22 +0100 +Subject: Fix CRLF injection in Wget host part + +* src/url.c (url_parse): Reject control characters in host part of URL + +Reported-by: Orange Tsai +--- + src/url.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/url.c b/src/url.c +index 8f8ff0b..7d36b27 100644 +--- a/src/url.c ++++ b/src/url.c +@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode) + url_unescape (u->host); + host_modified = true; + ++ /* check for invalid control characters in host name */ ++ for (p = u->host; *p; p++) ++ { ++ if (c_iscntrl(*p)) ++ { ++ url_free(u); ++ error_code = PE_INVALID_HOST_NAME; ++ goto error; ++ } ++ } ++ + /* Apply IDNA regardless of iri->utf8_encode status */ + if (opt.enable_iri && iri) + { +-- +cgit v1.0-41-gc330 + diff --git a/net-misc/wget/wget-1.19.1-r1.ebuild b/net-misc/wget/wget-1.19.1-r1.ebuild new file mode 100644 index 000000000000..af24c5f197aa --- /dev/null +++ b/net-misc/wget/wget-1.19.1-r1.ebuild @@ -0,0 +1,105 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +PYTHON_COMPAT=( python3_{4,5} ) + +inherit flag-o-matic python-any-r1 toolchain-funcs eutils + +DESCRIPTION="Network utility to retrieve files from the WWW" +HOMEPAGE="https://www.gnu.org/software/wget/" +SRC_URI="mirror://gnu/wget/${P}.tar.xz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib" +REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )" + +LIB_DEPEND="idn? ( net-dns/libidn2[static-libs(+)] ) + pcre? ( dev-libs/libpcre[static-libs(+)] ) + ssl? ( + gnutls? ( net-libs/gnutls:0=[static-libs(+)] ) + !gnutls? ( + !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) + libressl? ( dev-libs/libressl[static-libs(+)] ) + ) + ) + uuid? ( sys-apps/util-linux[static-libs(+)] ) + zlib? ( sys-libs/zlib[static-libs(+)] )" +RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )" +DEPEND="${RDEPEND} + app-arch/xz-utils + virtual/pkgconfig + static? ( ${LIB_DEPEND} ) + test? ( + ${PYTHON_DEPS} + dev-lang/perl + dev-perl/HTTP-Daemon + dev-perl/HTTP-Message + dev-perl/IO-Socket-SSL + ) + nls? ( sys-devel/gettext )" + +DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc ) + +PATCHES=( + "${FILESDIR}"/${P}-CRLF_injection.patch +) + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + epatch "${PATCHES[@]}" + + # revert some hack that breaks linking, bug #585924 + if [[ ${CHOST} == *-darwin* ]] || [[ ${CHOST} == *-solaris* ]] || [[ ${CHOST} == *-uclibc* ]]; then + sed -i \ + -e 's/^ LIBICONV=$/:/' \ + configure || die + fi +} + +src_configure() { + # fix compilation on Solaris, we need filio.h for FIONBIO as used in + # the included gnutls -- force ioctl.h to include this header + [[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1 + + if use static ; then + append-ldflags -static + tc-export PKG_CONFIG + PKG_CONFIG+=" --static" + fi + econf \ + --disable-assert \ + --disable-rpath \ + $(use_enable debug) \ + $(use_enable idn iri) \ + $(use_enable ipv6) \ + $(use_enable nls) \ + $(use_enable ntlm) \ + $(use_enable pcre) \ + $(use_enable ssl digest) \ + $(use_enable ssl opie) \ + $(use_with idn libidn) \ + $(use_with ssl ssl $(usex gnutls gnutls openssl)) \ + $(use_with uuid libuuid) \ + $(use_with zlib) +} + +src_test() { + emake check +} + +src_install() { + default + + sed -i \ + -e "s:/usr/local/etc:${EPREFIX}/etc:g" \ + "${ED}"/etc/wgetrc \ + "${ED}"/usr/share/man/man1/wget.1 \ + "${ED}"/usr/share/info/wget.info +} |