[gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/

Sat, 11 Mar 2017 11:45:05 -0800 

commit:     ae9ba23240bc2dda1b90887732451801b96117f1
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 11 19:43:33 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Mar 11 19:43:53 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae9ba232

net-misc/wget: Security revbump to fix CRLF injection (bug #612326).

Package-Manager: Portage-2.3.4, Repoman-2.3.2

 .../wget/files/wget-1.19.1-CRLF_injection.patch    |  37 ++++++++
 net-misc/wget/wget-1.19.1-r1.ebuild                | 105 +++++++++++++++++++++
 2 files changed, 142 insertions(+)

diff --git a/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch 
b/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch
new file mode 100644
index 00000000000..aa4e978cfda
--- /dev/null
+++ b/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch
@@ -0,0 +1,37 @@
+From 4d729e322fae359a1aefaafec1144764a54e8ad4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <[email protected]>
+Date: Mon, 6 Mar 2017 10:04:22 +0100
+Subject: Fix CRLF injection in Wget host part
+
+* src/url.c (url_parse): Reject control characters in host part of URL
+
+Reported-by: Orange Tsai
+---
+ src/url.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/url.c b/src/url.c
+index 8f8ff0b..7d36b27 100644
+--- a/src/url.c
++++ b/src/url.c
+@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, 
bool percent_encode)
+       url_unescape (u->host);
+       host_modified = true;
+ 
++      /* check for invalid control characters in host name */
++      for (p = u->host; *p; p++)
++        {
++          if (c_iscntrl(*p))
++            {
++              url_free(u);
++              error_code = PE_INVALID_HOST_NAME;
++              goto error;
++            }
++        }
++
+       /* Apply IDNA regardless of iri->utf8_encode status */
+       if (opt.enable_iri && iri)
+         {
+-- 
+cgit v1.0-41-gc330
+

diff --git a/net-misc/wget/wget-1.19.1-r1.ebuild 
b/net-misc/wget/wget-1.19.1-r1.ebuild
new file mode 100644
index 00000000000..af24c5f197a
--- /dev/null
+++ b/net-misc/wget/wget-1.19.1-r1.ebuild
@@ -0,0 +1,105 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+PYTHON_COMPAT=( python3_{4,5} )
+
+inherit flag-o-matic python-any-r1 toolchain-funcs eutils
+
+DESCRIPTION="Network utility to retrieve files from the WWW"
+HOMEPAGE="https://www.gnu.org/software/wget/";
+SRC_URI="mirror://gnu/wget/${P}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux 
~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint 
~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib"
+REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )"
+
+LIB_DEPEND="idn? ( net-dns/libidn2[static-libs(+)] )
+       pcre? ( dev-libs/libpcre[static-libs(+)] )
+       ssl? (
+               gnutls? ( net-libs/gnutls:0=[static-libs(+)] )
+               !gnutls? (
+                       !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
+                       libressl? ( dev-libs/libressl[static-libs(+)] )
+               )
+       )
+       uuid? ( sys-apps/util-linux[static-libs(+)] )
+       zlib? ( sys-libs/zlib[static-libs(+)] )"
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )"
+DEPEND="${RDEPEND}
+       app-arch/xz-utils
+       virtual/pkgconfig
+       static? ( ${LIB_DEPEND} )
+       test? (
+               ${PYTHON_DEPS}
+               dev-lang/perl
+               dev-perl/HTTP-Daemon
+               dev-perl/HTTP-Message
+               dev-perl/IO-Socket-SSL
+       )
+       nls? ( sys-devel/gettext )"
+
+DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc )
+
+PATCHES=(
+       "${FILESDIR}"/${P}-CRLF_injection.patch
+)
+
+pkg_setup() {
+       use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+       epatch "${PATCHES[@]}"
+
+       # revert some hack that breaks linking, bug #585924
+       if [[ ${CHOST} == *-darwin* ]] || [[ ${CHOST} == *-solaris* ]] || [[ 
${CHOST} == *-uclibc* ]]; then
+               sed -i \
+                       -e 's/^  LIBICONV=$/:/' \
+                       configure || die
+       fi
+}
+
+src_configure() {
+       # fix compilation on Solaris, we need filio.h for FIONBIO as used in
+       # the included gnutls -- force ioctl.h to include this header
+       [[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1
+
+       if use static ; then
+               append-ldflags -static
+               tc-export PKG_CONFIG
+               PKG_CONFIG+=" --static"
+       fi
+       econf \
+               --disable-assert \
+               --disable-rpath \
+               $(use_enable debug) \
+               $(use_enable idn iri) \
+               $(use_enable ipv6) \
+               $(use_enable nls) \
+               $(use_enable ntlm) \
+               $(use_enable pcre) \
+               $(use_enable ssl digest) \
+               $(use_enable ssl opie) \
+               $(use_with idn libidn) \
+               $(use_with ssl ssl $(usex gnutls gnutls openssl)) \
+               $(use_with uuid libuuid) \
+               $(use_with zlib)
+}
+
+src_test() {
+       emake check
+}
+
+src_install() {
+       default
+
+       sed -i \
+               -e "s:/usr/local/etc:${EPREFIX}/etc:g" \
+               "${ED}"/etc/wgetrc \
+               "${ED}"/usr/share/man/man1/wget.1 \
+               "${ED}"/usr/share/info/wget.info
+}

Reply via email to