[ptxdist] [PATCH v2 1/2] wget: version bump 1.19.1 -> 1.20

Sat, 12 Jan 2019 01:03:17 -0800 

CVE-2017-6508 patch was merged upstream, so remove it.

Signed-off-by: Ladislav Michl <la...@linux-mips.org>
---
 Changes:
 -v2: also remove patch

 patches/wget-1.19.1/CVE-2017-6508.patch | 31 -------------------------
 patches/wget-1.19.1/series              |  1 -
 rules/wget.make                         |  4 ++--
 3 files changed, 2 insertions(+), 34 deletions(-)
 delete mode 100644 patches/wget-1.19.1/CVE-2017-6508.patch
 delete mode 100644 patches/wget-1.19.1/series

diff --git a/patches/wget-1.19.1/CVE-2017-6508.patch 
b/patches/wget-1.19.1/CVE-2017-6508.patch
deleted file mode 100644
index bb2f63f5c..000000000
--- a/patches/wget-1.19.1/CVE-2017-6508.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Tim Rühsen <tim.rueh...@gmx.de>
-Date: Mon Mar 6 10:04:22 2017 +0100
-Subject: Fix CRLF injection in Wget host part
-
-* src/url.c (url_parse): Reject control characters in host part of URL
-
-Reported-by: Orange Tsai
-
-commit 4d729e322fae359a1aefaafec1144764a54e8ad4
-diff --git a/src/url.c b/src/url.c
-index 8f8ff0b8..7d36b27d 100644
---- a/src/url.c
-+++ b/src/url.c
-@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, 
bool percent_encode)
-       url_unescape (u->host);
-       host_modified = true;
- 
-+      /* check for invalid control characters in host name */
-+      for (p = u->host; *p; p++)
-+        {
-+          if (c_iscntrl(*p))
-+            {
-+              url_free(u);
-+              error_code = PE_INVALID_HOST_NAME;
-+              goto error;
-+            }
-+        }
-+
-       /* Apply IDNA regardless of iri->utf8_encode status */
-       if (opt.enable_iri && iri)
-         {
diff --git a/patches/wget-1.19.1/series b/patches/wget-1.19.1/series
deleted file mode 100644
index f58bfe356..000000000
--- a/patches/wget-1.19.1/series
+++ /dev/null
@@ -1 +0,0 @@
-CVE-2017-6508.patch
diff --git a/rules/wget.make b/rules/wget.make
index 4e62dd18c..9e17d410e 100644
--- a/rules/wget.make
+++ b/rules/wget.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_WGET) += wget
 #
 # Paths and names
 #
-WGET_VERSION   := 1.19.1
-WGET_MD5       := 87cea36b7161fd43e3fd51a4e8b89689
+WGET_VERSION   := 1.20
+WGET_MD5       := 9f1515d083b769e9ff7642ce6016518e
 WGET           := wget-$(WGET_VERSION)
 WGET_SUFFIX    := tar.gz
 WGET_URL       := $(call ptx/mirror, GNU, wget/$(WGET).$(WGET_SUFFIX))
-- 
2.20.1



_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Reply via email to