CVE-2017-6508 patch was merged upstream, so remove it. Signed-off-by: Ladislav Michl <la...@linux-mips.org> --- Changes: -v2: also remove patch
patches/wget-1.19.1/CVE-2017-6508.patch | 31 ------------------------- patches/wget-1.19.1/series | 1 - rules/wget.make | 4 ++-- 3 files changed, 2 insertions(+), 34 deletions(-) delete mode 100644 patches/wget-1.19.1/CVE-2017-6508.patch delete mode 100644 patches/wget-1.19.1/series diff --git a/patches/wget-1.19.1/CVE-2017-6508.patch b/patches/wget-1.19.1/CVE-2017-6508.patch deleted file mode 100644 index bb2f63f5c..000000000 --- a/patches/wget-1.19.1/CVE-2017-6508.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: Tim Rühsen <tim.rueh...@gmx.de> -Date: Mon Mar 6 10:04:22 2017 +0100 -Subject: Fix CRLF injection in Wget host part - -* src/url.c (url_parse): Reject control characters in host part of URL - -Reported-by: Orange Tsai - -commit 4d729e322fae359a1aefaafec1144764a54e8ad4 -diff --git a/src/url.c b/src/url.c -index 8f8ff0b8..7d36b27d 100644 ---- a/src/url.c -+++ b/src/url.c -@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode) - url_unescape (u->host); - host_modified = true; - -+ /* check for invalid control characters in host name */ -+ for (p = u->host; *p; p++) -+ { -+ if (c_iscntrl(*p)) -+ { -+ url_free(u); -+ error_code = PE_INVALID_HOST_NAME; -+ goto error; -+ } -+ } -+ - /* Apply IDNA regardless of iri->utf8_encode status */ - if (opt.enable_iri && iri) - { diff --git a/patches/wget-1.19.1/series b/patches/wget-1.19.1/series deleted file mode 100644 index f58bfe356..000000000 --- a/patches/wget-1.19.1/series +++ /dev/null @@ -1 +0,0 @@ -CVE-2017-6508.patch diff --git a/rules/wget.make b/rules/wget.make index 4e62dd18c..9e17d410e 100644 --- a/rules/wget.make +++ b/rules/wget.make @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_WGET) += wget # # Paths and names # -WGET_VERSION := 1.19.1 -WGET_MD5 := 87cea36b7161fd43e3fd51a4e8b89689 +WGET_VERSION := 1.20 +WGET_MD5 := 9f1515d083b769e9ff7642ce6016518e WGET := wget-$(WGET_VERSION) WGET_SUFFIX := tar.gz WGET_URL := $(call ptx/mirror, GNU, wget/$(WGET).$(WGET_SUFFIX)) -- 2.20.1 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de