summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wendler <polynomial-c@gentoo.org>2017-03-11 20:43:33 +0100
committerLars Wendler <polynomial-c@gentoo.org>2017-03-11 20:43:53 +0100
commitae9ba23240bc2dda1b90887732451801b96117f1 (patch)
tree0c9fde3712a0773d82dfca4f32a1c1c434aa0c34 /net-misc
parentmedia-video/kaffeine: Remove 2.0.8 (diff)
downloadgentoo-ae9ba23240bc2dda1b90887732451801b96117f1.tar.gz
gentoo-ae9ba23240bc2dda1b90887732451801b96117f1.tar.bz2
gentoo-ae9ba23240bc2dda1b90887732451801b96117f1.zip
net-misc/wget: Security revbump to fix CRLF injection (bug #612326).
Package-Manager: Portage-2.3.4, Repoman-2.3.2
Diffstat (limited to 'net-misc')
-rw-r--r--net-misc/wget/files/wget-1.19.1-CRLF_injection.patch37
-rw-r--r--net-misc/wget/wget-1.19.1-r1.ebuild105
2 files changed, 142 insertions, 0 deletions
diff --git a/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch b/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch
new file mode 100644
index 000000000000..aa4e978cfda9
--- /dev/null
+++ b/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch
@@ -0,0 +1,37 @@
+From 4d729e322fae359a1aefaafec1144764a54e8ad4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Mon, 6 Mar 2017 10:04:22 +0100
+Subject: Fix CRLF injection in Wget host part
+
+* src/url.c (url_parse): Reject control characters in host part of URL
+
+Reported-by: Orange Tsai
+---
+ src/url.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/url.c b/src/url.c
+index 8f8ff0b..7d36b27 100644
+--- a/src/url.c
++++ b/src/url.c
+@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode)
+ url_unescape (u->host);
+ host_modified = true;
+
++ /* check for invalid control characters in host name */
++ for (p = u->host; *p; p++)
++ {
++ if (c_iscntrl(*p))
++ {
++ url_free(u);
++ error_code = PE_INVALID_HOST_NAME;
++ goto error;
++ }
++ }
++
+ /* Apply IDNA regardless of iri->utf8_encode status */
+ if (opt.enable_iri && iri)
+ {
+--
+cgit v1.0-41-gc330
+
diff --git a/net-misc/wget/wget-1.19.1-r1.ebuild b/net-misc/wget/wget-1.19.1-r1.ebuild
new file mode 100644
index 000000000000..af24c5f197aa
--- /dev/null
+++ b/net-misc/wget/wget-1.19.1-r1.ebuild
@@ -0,0 +1,105 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+PYTHON_COMPAT=( python3_{4,5} )
+
+inherit flag-o-matic python-any-r1 toolchain-funcs eutils
+
+DESCRIPTION="Network utility to retrieve files from the WWW"
+HOMEPAGE="https://www.gnu.org/software/wget/"
+SRC_URI="mirror://gnu/wget/${P}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib"
+REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )"
+
+LIB_DEPEND="idn? ( net-dns/libidn2[static-libs(+)] )
+ pcre? ( dev-libs/libpcre[static-libs(+)] )
+ ssl? (
+ gnutls? ( net-libs/gnutls:0=[static-libs(+)] )
+ !gnutls? (
+ !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
+ libressl? ( dev-libs/libressl[static-libs(+)] )
+ )
+ )
+ uuid? ( sys-apps/util-linux[static-libs(+)] )
+ zlib? ( sys-libs/zlib[static-libs(+)] )"
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )"
+DEPEND="${RDEPEND}
+ app-arch/xz-utils
+ virtual/pkgconfig
+ static? ( ${LIB_DEPEND} )
+ test? (
+ ${PYTHON_DEPS}
+ dev-lang/perl
+ dev-perl/HTTP-Daemon
+ dev-perl/HTTP-Message
+ dev-perl/IO-Socket-SSL
+ )
+ nls? ( sys-devel/gettext )"
+
+DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc )
+
+PATCHES=(
+ "${FILESDIR}"/${P}-CRLF_injection.patch
+)
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+ epatch "${PATCHES[@]}"
+
+ # revert some hack that breaks linking, bug #585924
+ if [[ ${CHOST} == *-darwin* ]] || [[ ${CHOST} == *-solaris* ]] || [[ ${CHOST} == *-uclibc* ]]; then
+ sed -i \
+ -e 's/^ LIBICONV=$/:/' \
+ configure || die
+ fi
+}
+
+src_configure() {
+ # fix compilation on Solaris, we need filio.h for FIONBIO as used in
+ # the included gnutls -- force ioctl.h to include this header
+ [[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1
+
+ if use static ; then
+ append-ldflags -static
+ tc-export PKG_CONFIG
+ PKG_CONFIG+=" --static"
+ fi
+ econf \
+ --disable-assert \
+ --disable-rpath \
+ $(use_enable debug) \
+ $(use_enable idn iri) \
+ $(use_enable ipv6) \
+ $(use_enable nls) \
+ $(use_enable ntlm) \
+ $(use_enable pcre) \
+ $(use_enable ssl digest) \
+ $(use_enable ssl opie) \
+ $(use_with idn libidn) \
+ $(use_with ssl ssl $(usex gnutls gnutls openssl)) \
+ $(use_with uuid libuuid) \
+ $(use_with zlib)
+}
+
+src_test() {
+ emake check
+}
+
+src_install() {
+ default
+
+ sed -i \
+ -e "s:/usr/local/etc:${EPREFIX}/etc:g" \
+ "${ED}"/etc/wgetrc \
+ "${ED}"/usr/share/man/man1/wget.1 \
+ "${ED}"/usr/share/info/wget.info
+}