Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/wget/files/, net-misc/wget/
Date: Thu, 26 Oct 2017 15:04:24
Message-Id: 1509030169.c52583a431acfca8fcfc89b3b91dd3078b82b3b3.whissi@gentoo
1 commit: c52583a431acfca8fcfc89b3b91dd3078b82b3b3
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Thu Oct 26 14:23:12 2017 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Thu Oct 26 15:02:49 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c52583a4
7
8 net-misc/wget: Rev bump to fix CVE-2017-{13089,13090}
9
10 See: https://bugs.gentoo.org/635496
11 Closes: https://bugs.gentoo.org/619356
12 Closes: https://bugs.gentoo.org/624024
13 Package-Manager: Portage-2.3.11, Repoman-2.3.3
14
15 .../wget/files/wget-1.19.1-CVE-2017-13089.patch | 34 ++++
16 .../wget/files/wget-1.19.1-CVE-2017-13090.patch | 37 +++++
17 .../wget-1.19.1-fix-Perl-warnings-in-tests.patch | 104 +++++++++++++
18 .../files/wget-1.19.1-fix-Python-test-suite.patch | 172 +++++++++++++++++++++
19 net-misc/wget/wget-1.19.1-r2.ebuild | 115 ++++++++++++++
20 5 files changed, 462 insertions(+)
21
22 diff --git a/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch b/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch
23 new file mode 100644
24 index 00000000000..f961741aa28
25 --- /dev/null
26 +++ b/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch
27 @@ -0,0 +1,34 @@
28 +From 3dbc2e06ad487862c2fcc64d4891ff8aeb254bad Mon Sep 17 00:00:00 2001
29 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@×××.de>
30 +Date: Fri, 20 Oct 2017 10:59:38 +0200
31 +Subject: [PATCH 1/2] Fix stack overflow in HTTP protocol handling
32 + (CVE-2017-13089)
33 +MIME-Version: 1.0
34 +Content-Type: text/plain; charset=UTF-8
35 +Content-Transfer-Encoding: 8bit
36 +
37 +* src/http.c (skip_short_body): Return error on negative chunk size
38 +
39 +Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
40 +Reported-by: Juhani Eronen from Finnish National Cyber Security Centre
41 +---
42 + src/http.c | 3 +++
43 + 1 file changed, 3 insertions(+)
44 +
45 +diff --git a/src/http.c b/src/http.c
46 +index 55367688..dc318231 100644
47 +--- a/src/http.c
48 ++++ b/src/http.c
49 +@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked)
50 + remaining_chunk_size = strtol (line, &endl, 16);
51 + xfree (line);
52 +
53 ++ if (remaining_chunk_size < 0)
54 ++ return false;
55 ++
56 + if (remaining_chunk_size == 0)
57 + {
58 + line = fd_read_line (fd);
59 +--
60 +2.15.0.rc1
61 +
62
63 diff --git a/net-misc/wget/files/wget-1.19.1-CVE-2017-13090.patch b/net-misc/wget/files/wget-1.19.1-CVE-2017-13090.patch
64 new file mode 100644
65 index 00000000000..4e600fe784f
66 --- /dev/null
67 +++ b/net-misc/wget/files/wget-1.19.1-CVE-2017-13090.patch
68 @@ -0,0 +1,37 @@
69 +From 28925c37b72867c0819799c6f35caf9439080f83 Mon Sep 17 00:00:00 2001
70 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@×××.de>
71 +Date: Fri, 20 Oct 2017 15:15:47 +0200
72 +Subject: [PATCH 2/2] Fix heap overflow in HTTP protocol handling
73 + (CVE-2017-13090)
74 +MIME-Version: 1.0
75 +Content-Type: text/plain; charset=UTF-8
76 +Content-Transfer-Encoding: 8bit
77 +
78 +* src/retr.c (fd_read_body): Stop processing on negative chunk size
79 +
80 +Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
81 +Reported-by: Juhani Eronen from Finnish National Cyber Security Centre
82 +---
83 + src/retr.c | 6 ++++++
84 + 1 file changed, 6 insertions(+)
85 +
86 +diff --git a/src/retr.c b/src/retr.c
87 +index a27d58af..723ac725 100644
88 +--- a/src/retr.c
89 ++++ b/src/retr.c
90 +@@ -378,6 +378,12 @@ fd_read_body (const char *downloaded_filename, int fd, FILE *out, wgint toread,
91 + remaining_chunk_size = strtol (line, &endl, 16);
92 + xfree (line);
93 +
94 ++ if (remaining_chunk_size < 0)
95 ++ {
96 ++ ret = -1;
97 ++ break;
98 ++ }
99 ++
100 + if (remaining_chunk_size == 0)
101 + {
102 + ret = 0;
103 +--
104 +2.15.0.rc1
105 +
106
107 diff --git a/net-misc/wget/files/wget-1.19.1-fix-Perl-warnings-in-tests.patch b/net-misc/wget/files/wget-1.19.1-fix-Perl-warnings-in-tests.patch
108 new file mode 100644
109 index 00000000000..334bcef8659
110 --- /dev/null
111 +++ b/net-misc/wget/files/wget-1.19.1-fix-Perl-warnings-in-tests.patch
112 @@ -0,0 +1,104 @@
113 +From 7ffe93cabb181f39ad5091c31ab9f61bd940a55f Mon Sep 17 00:00:00 2001
114 +From: Anton Yuzhaninov <citrin+github@××××××.ru>
115 +Date: Wed, 5 Apr 2017 19:06:42 +0300
116 +Subject: [PATCH] Fix perl warnings in tests
117 +
118 +* tests/FTPServer.pm: Escape '{' in RE to fix warnings
119 +* tests/FTPTest.pm: Likewise
120 +* tests/HTTPServer.pm: Likewise
121 +* tests/HTTPTest.pm: Likewise
122 +* tests/Test-proxied-https-auth-keepalive.px: Likewise
123 +* tests/Test-proxied-https-auth.px: Likewise
124 +Escape '{' in RE to fix warnings:
125 +Unescaped left brace in regex is deprecated, passed through in regex;
126 +marked by <-- HERE in m/{{ <-- HERE port}}/
127 +---
128 + tests/FTPServer.pm | 2 +-
129 + tests/FTPTest.pm | 2 +-
130 + tests/HTTPServer.pm | 2 +-
131 + tests/HTTPTest.pm | 2 +-
132 + tests/Test-proxied-https-auth-keepalive.px | 2 +-
133 + tests/Test-proxied-https-auth.px | 2 +-
134 + 6 files changed, 6 insertions(+), 6 deletions(-)
135 +
136 +diff --git a/tests/FTPServer.pm b/tests/FTPServer.pm
137 +index a5185d66..cac80942 100644
138 +--- a/tests/FTPServer.pm
139 ++++ b/tests/FTPServer.pm
140 +@@ -589,7 +589,7 @@ sub new
141 + foreach my $file (keys %{$self->{_input}})
142 + {
143 + my $ref = \$self->{_input}{$file}{content};
144 +- $$ref =~ s/{{port}}/$self->sockport/eg;
145 ++ $$ref =~ s/\Q{{port}}/$self->sockport/eg;
146 + }
147 +
148 + return $self;
149 +diff --git a/tests/FTPTest.pm b/tests/FTPTest.pm
150 +index 50385ad0..0a1c768c 100644
151 +--- a/tests/FTPTest.pm
152 ++++ b/tests/FTPTest.pm
153 +@@ -53,7 +53,7 @@ sub _substitute_port
154 + {
155 + my $self = shift;
156 + my $ret = shift;
157 +- $ret =~ s/{{port}}/$self->{_server}->sockport/eg;
158 ++ $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg;
159 + return $ret;
160 + }
161 +
162 +diff --git a/tests/HTTPServer.pm b/tests/HTTPServer.pm
163 +index dd8ec043..78609f65 100644
164 +--- a/tests/HTTPServer.pm
165 ++++ b/tests/HTTPServer.pm
166 +@@ -310,7 +310,7 @@ sub _substitute_port
167 + {
168 + my $self = shift;
169 + my $ret = shift;
170 +- $ret =~ s/{{port}}/$self->sockport/eg;
171 ++ $ret =~ s/\Q{{port}}/$self->sockport/eg;
172 + return $ret;
173 + }
174 +
175 +diff --git a/tests/HTTPTest.pm b/tests/HTTPTest.pm
176 +index 00f079f8..6225c7f1 100644
177 +--- a/tests/HTTPTest.pm
178 ++++ b/tests/HTTPTest.pm
179 +@@ -47,7 +47,7 @@ sub _substitute_port
180 + {
181 + my $self = shift;
182 + my $ret = shift;
183 +- $ret =~ s/{{port}}/$self->{_server}->sockport/eg;
184 ++ $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg;
185 + return $ret;
186 + }
187 +
188 +diff --git a/tests/Test-proxied-https-auth-keepalive.px b/tests/Test-proxied-https-auth-keepalive.px
189 +index 049bebec..2a18ccfd 100755
190 +--- a/tests/Test-proxied-https-auth-keepalive.px
191 ++++ b/tests/Test-proxied-https-auth-keepalive.px
192 +@@ -153,7 +153,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"
193 + . " --password=Dodgson -e https_proxy=localhost:{{port}}"
194 + . " --no-check-certificate"
195 + . " https://no.such.domain/needs-auth.txt";
196 +-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e;
197 ++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e;
198 +
199 + if (defined $srcdir) {
200 + $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl';
201 +diff --git a/tests/Test-proxied-https-auth.px b/tests/Test-proxied-https-auth.px
202 +index ce4e736c..878114e7 100755
203 +--- a/tests/Test-proxied-https-auth.px
204 ++++ b/tests/Test-proxied-https-auth.px
205 +@@ -152,7 +152,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"
206 + . " --password=Dodgson -e https_proxy=localhost:{{port}}"
207 + . " --no-check-certificate"
208 + . " https://no.such.domain/needs-auth.txt";
209 +-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e;
210 ++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e;
211 +
212 + if (defined $srcdir) {
213 + $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl';
214 +--
215 +2.14.3
216 +
217
218 diff --git a/net-misc/wget/files/wget-1.19.1-fix-Python-test-suite.patch b/net-misc/wget/files/wget-1.19.1-fix-Python-test-suite.patch
219 new file mode 100644
220 index 00000000000..11736675dcc
221 --- /dev/null
222 +++ b/net-misc/wget/files/wget-1.19.1-fix-Python-test-suite.patch
223 @@ -0,0 +1,172 @@
224 +Fix python test suite for GnuTLS 3.5.12+
225 +
226 +Backport of f42229b1fdf30ee30c6e13b01eb0c4ebd9ea9169
227 +
228 +--- a/testenv/Test--rejected-log.py
229 ++++ b/testenv/Test--rejected-log.py
230 +@@ -14,7 +14,7 @@ mainpage = """
231 + </head>
232 + <body>
233 + <p>
234 +- Recurse to a <a href="http://127.0.0.1:{{port}}/secondpage.html">second page</a>.
235 ++ Recurse to a <a href="http://localhost:{{port}}/secondpage.html">second page</a>.
236 + </p>
237 + </body>
238 + </html>
239 +@@ -27,8 +27,8 @@ secondpage = """
240 + </head>
241 + <body>
242 + <p>
243 +- Recurse to a <a href="http://127.0.0.1:{{port}}/thirdpage.html">third page</a>.
244 +- Try the blacklisted <a href="http://127.0.0.1:{{port}}/index.html">main page</a>.
245 ++ Recurse to a <a href="http://localhost:{{port}}/thirdpage.html">third page</a>.
246 ++ Try the blacklisted <a href="http://localhost:{{port}}/index.html">main page</a>.
247 + </p>
248 + </body>
249 + </html>
250 +@@ -41,7 +41,7 @@ thirdpage = """
251 + </head>
252 + <body>
253 + <p>
254 +- Try a hidden <a href="http://127.0.0.1:{{port}}/dummy.txt">dummy file</a>.
255 ++ Try a hidden <a href="http://localhost:{{port}}/dummy.txt">dummy file</a>.
256 + Try to leave to <a href="http://no.such.domain/">another domain</a>.
257 + </p>
258 + </body>
259 +@@ -55,9 +55,9 @@ Disallow: /dummy.txt
260 +
261 + log = """\
262 + REASON\tU_URL\tU_SCHEME\tU_HOST\tU_PORT\tU_PATH\tU_PARAMS\tU_QUERY\tU_FRAGMENT\tP_URL\tP_SCHEME\tP_HOST\tP_PORT\tP_PATH\tP_PARAMS\tP_QUERY\tP_FRAGMENT
263 +-BLACKLIST\thttp%3A//127.0.0.1%3A{{port}}/index.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tindex.html\t\t\t\thttp%3A//127.0.0.1%3A{{port}}/secondpage.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tsecondpage.html\t\t\t
264 +-ROBOTS\thttp%3A//127.0.0.1%3A{{port}}/dummy.txt\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tdummy.txt\t\t\t\thttp%3A//127.0.0.1%3A{{port}}/thirdpage.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tthirdpage.html\t\t\t
265 +-SPANNEDHOST\thttp%3A//no.such.domain/\tSCHEME_HTTP\tno.such.domain\t80\t\t\t\t\thttp%3A//127.0.0.1%3A{{port}}/thirdpage.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tthirdpage.html\t\t\t
266 ++BLACKLIST\thttp%3A//localhost%3A{{port}}/index.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tindex.html\t\t\t\thttp%3A//localhost%3A{{port}}/secondpage.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tsecondpage.html\t\t\t
267 ++ROBOTS\thttp%3A//localhost%3A{{port}}/dummy.txt\tSCHEME_HTTP\tlocalhost\t{{port}}\tdummy.txt\t\t\t\thttp%3A//localhost%3A{{port}}/thirdpage.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tthirdpage.html\t\t\t
268 ++SPANNEDHOST\thttp%3A//no.such.domain/\tSCHEME_HTTP\tno.such.domain\t80\t\t\t\t\thttp%3A//localhost%3A{{port}}/thirdpage.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tthirdpage.html\t\t\t
269 + """
270 +
271 + dummyfile = "Don't care."
272 +--- a/testenv/Test--spider-r.py
273 ++++ b/testenv/Test--spider-r.py
274 +@@ -14,8 +14,8 @@ mainpage = """
275 + </head>
276 + <body>
277 + <p>
278 +- Some text and a link to a <a href="http://127.0.0.1:{{port}}/secondpage.html">second page</a>.
279 +- Also, a <a href="http://127.0.0.1:{{port}}/nonexistent">broken link</a>.
280 ++ Some text and a link to a <a href="http://localhost:{{port}}/secondpage.html">second page</a>.
281 ++ Also, a <a href="http://localhost:{{port}}/nonexistent">broken link</a>.
282 + </p>
283 + </body>
284 + </html>
285 +@@ -29,8 +29,8 @@ secondpage = """
286 + </head>
287 + <body>
288 + <p>
289 +- Some text and a link to a <a href="http://127.0.0.1:{{port}}/thirdpage.html">third page</a>.
290 +- Also, a <a href="http://127.0.0.1:{{port}}/nonexistent">broken link</a>.
291 ++ Some text and a link to a <a href="http://localhost:{{port}}/thirdpage.html">third page</a>.
292 ++ Also, a <a href="http://localhost:{{port}}/nonexistent">broken link</a>.
293 + </p>
294 + </body>
295 + </html>
296 +@@ -43,8 +43,8 @@ thirdpage = """
297 + </head>
298 + <body>
299 + <p>
300 +- Some text and a link to a <a href="http://127.0.0.1:{{port}}/dummy.txt">text file</a>.
301 +- Also, another <a href="http://127.0.0.1:{{port}}/againnonexistent">broken link</a>.
302 ++ Some text and a link to a <a href="http://localhost:{{port}}/dummy.txt">text file</a>.
303 ++ Also, another <a href="http://localhost:{{port}}/againnonexistent">broken link</a>.
304 + </p>
305 + </body>
306 + </html>
307 +--- a/testenv/certs/server-cert.pem
308 ++++ b/testenv/certs/server-cert.pem
309 +@@ -1,21 +1,21 @@
310 + -----BEGIN CERTIFICATE-----
311 +-MIIDgDCCAmigAwIBAgIIVGI73zrIeeMwDQYJKoZIhvcNAQELBQAwMDERMA8GA1UE
312 +-AxMIR05VIFdnZXQxDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTAiGA8yMDE0
313 +-MTExMTE2NDAwMFoYDzk5OTkxMjMxMjM1OTU5WjAxMRIwEAYDVQQDEwkxMjcuMC4w
314 +-LjExDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTCCASIwDQYJKoZIhvcNAQEB
315 +-BQADggEPADCCAQoCggEBAMjC3Gt55EfStl6mE371+pD3/cpR5MLxkdbBss5MlIP2
316 +-TDhiPOItLXml8oxs4BjUm3wfn3GV9iJLmbzbIWL+0kbRkQ2LCPKUf+Cln3z2ZE+r
317 +-XwdWlT8gVfv51Opfkp2lLDVUqLfNKRGQgivjSCmLqY2LqeB0SaVNvuaD3EpqZyIH
318 +-0E5SZgjqBHgRRtvGkcy0rOmp5SI2NASLugUioXa9OLWjpYDwodsd3ERlL0DJ1aJW
319 +-8TC8Tqix4i0osWzar+LXBIin0Qvar9/uRHN0p1kq3p0XgNHKqWpiTT54+WYx7Pem
320 +-v4qRXz11swiJzUL+Pw1DurQ9smbzDgAsz7V2FJnUeCcCAwEAAaOBmDCBlTAMBgNV
321 +-HRMBAf8EAjAAMB8GA1UdEQQYMBaCCTEyNy4wLjAuMYIJbG9jYWxob3N0MBMGA1Ud
322 +-JQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJfm323L
323 +-JbKTM/tMKSt0qlUqewbnMB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tU
324 +-MA0GCSqGSIb3DQEBCwUAA4IBAQCDmuSD4IGmn0UQ5jhGQquh92Iu59j64Rrg7EIM
325 +-zoppciyYR8gDUutOI9CEisxJz6umvAdOo5L981gcFaBv6hHWaE/krAZccR+ZXZP6
326 +-fI9btO8My8O63fYcd2KkLEFqvKDF43i01S2LrqXdPo3uELbFZwxCmUKsexFGsoW1
327 +-CbXbRjnS7w/f72myRmvBeDiNMuGfe1lb4IflybH3DMlKC7i0AN1JKglp+IKn5XAE
328 +-neWR03i3UaYJsibIxj0DkTS+hVPu5MXQ9RlF5CkRdFKjGinLE/u70XyAyx0/IeAN
329 +-e7c2MJvpdfRmTXm2ew4sNyK9RXo7Bv0Yqkl65iMscF8LNnxL
330 ++MIIDdzCCAl+gAwIBAgIMWWD1GB1UFkEICdQvMA0GCSqGSIb3DQEBCwUAMDAxETAP
331 ++BgNVBAMTCEdOVSBXZ2V0MQ0wCwYDVQQLEwRXZ2V0MQwwCgYDVQQKEwNHTlUwIBcN
332 ++MTcwNzA4MTUwNzA0WhgPOTk5OTEyMzEyMzU5NTlaMDExEjAQBgNVBAMTCTEyNy4w
333 ++LjAuMTENMAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VMIIBIjANBgkqhkiG9w0B
334 ++AQEFAAOCAQ8AMIIBCgKCAQEAyMLca3nkR9K2XqYTfvX6kPf9ylHkwvGR1sGyzkyU
335 ++g/ZMOGI84i0teaXyjGzgGNSbfB+fcZX2IkuZvNshYv7SRtGRDYsI8pR/4KWffPZk
336 ++T6tfB1aVPyBV+/nU6l+SnaUsNVSot80pEZCCK+NIKYupjYup4HRJpU2+5oPcSmpn
337 ++IgfQTlJmCOoEeBFG28aRzLSs6anlIjY0BIu6BSKhdr04taOlgPCh2x3cRGUvQMnV
338 ++olbxMLxOqLHiLSixbNqv4tcEiKfRC9qv3+5Ec3SnWSrenReA0cqpamJNPnj5ZjHs
339 ++96a/ipFfPXWzCInNQv4/DUO6tD2yZvMOACzPtXYUmdR4JwIDAQABo4GNMIGKMAwG
340 ++A1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsG
341 ++AQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJfm323LJbKTM/tMKSt0
342 ++qlUqewbnMB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tUMA0GCSqGSIb3
343 ++DQEBCwUAA4IBAQC1a0NQfmqT8Ky/BFo5H+G+GoQTlqi3J83ujAMdLUD57zYCEyDL
344 ++XzAhMPfrOSLPDcQb0ooD1Ie+Rz8Xs1h00cD2OGKwH479+nisF5ksqJVJ4fn/aNFE
345 ++6W2Xb3MCB+4FRdmy0UeDDA6N2OpVskCM30s9tmovlBLVK46HogdLvy/O1o7z/gbx
346 ++vV8luevxobnevZ3NdWLyVE3BJZiThBHmZUvL1XNy4KAR4wDAkbCwoTN/JkehTu0i
347 ++WR6DaG7N7M6psc7rctfzRqimlAkxnoAUwc8LwNLTB3v613xXX8iSUsLKsh6pQfZR
348 ++e5wnYQIS4MzowvDx8WevTPMRKlN72d8HHuv9
349 + -----END CERTIFICATE-----
350 +--- a/testenv/certs/server-crl.pem
351 ++++ b/testenv/certs/server-crl.pem
352 +@@ -1,12 +1,12 @@
353 + -----BEGIN X509 CRL-----
354 +-MIIB1DCBvQIBATANBgkqhkiG9w0BAQsFADAwMREwDwYDVQQDEwhHTlUgV2dldDEN
355 +-MAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VGA8yMDE0MTExMTE2NDU1NFoYDzk5
356 +-OTkxMjMxMjM1OTU5WjAdMBsCCFRiO986yHnjGA8yMDE0MTExMTE2NDU1NFqgNjA0
357 +-MB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tUMBEGA1UdFAQKAghUYj1E
358 +-KHs9ijANBgkqhkiG9w0BAQsFAAOCAQEAZgwqs1VOFG39dFHHMXvBr4eJfhwiG4bC
359 +-cL6IvLhvl9ikcyQMHrpOBtNjkCtgclSbJjjTDdera1+zuCWE0WBOJ4mojYdAIOhR
360 +-QvSwp4NwAtibu2F/fjeXoo+LEpcRKtLvAotB30eCZ1OPrijsa/HxFILOLlayjns8
361 +-wM4RmQC4o43y1G/1jqM8hGDg4Wz0j1URVuyP+pU55JpubV5LlExy3gIRwevD2lam
362 +-q3hiighenJYFO3HGZkYT2SIoSpXZnQqKPJ4HwRBSg/cjOpc1y1lIIvKhmk+Cut6M
363 +-+S5HL4pIk8vGYg57nTfOOkj1goqFkfU0DBqvVAZj02ay/VIDu61T1g==
364 ++MIIB1jCBvwIBATANBgkqhkiG9w0BAQsFADAwMREwDwYDVQQDEwhHTlUgV2dldDEN
365 ++MAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VFw0xNzA3MDgxNTA3MDRaFw0xODA3
366 ++MDgxNTA3MDRaMB8wHQIMWWD1GB1UFkEICdQvFw0xNzA3MDgxNTA3MDRaoDowODAf
367 ++BgNVHSMEGDAWgBTzPk44hEqpvsFvx2GjUNpuKYvrVDAVBgNVHRQEDgIMWWD1GB4C
368 ++YfERSnyEMA0GCSqGSIb3DQEBCwUAA4IBAQAAKu+Lum1l/XtcCJ43WveouPK97iOE
369 ++bjUZWaGYx8Ys/iBdhTa1GXG+E+JuyqgyHTW0HrWJi1D+GiYmsjPJXoEgVgtxXEQ7
370 ++8b3NyIQ8OCsSTTlVCmLECN9R0xlsitzH+HXOaIEs5sbmIxCnxu+brqno9gQocmCv
371 ++LHYvoSxsSsOCkkmodbYtKssl2dBonvQPSijN/z3NhZ259e2U3Yv4V7/MrEoTvOxg
372 ++M0GC0u0Nx86EWbq0sWeiUu270Qk9En5YGNtRhkeq0bXerJswmMAmvrtuKdyfouny
373 ++4WMvtn30xsO3WwWSV2oyrDSN/IQdDbcmul/bg8ewqlnN77cVf2m70c/W
374 + -----END X509 CRL-----
375 +--- a/testenv/certs/server-template.cfg
376 ++++ b/testenv/certs/server-template.cfg
377 +@@ -68,7 +68,6 @@ expiration_days = -1
378 + # X.509 v3 extensions
379 +
380 + # A dnsname in case of a WWW server.
381 +-dns_name = "127.0.0.1"
382 + dns_name = "localhost"
383 +
384 + # A subject alternative name URI
385 +--- a/testenv/test/base_test.py
386 ++++ b/testenv/test/base_test.py
387 +@@ -90,7 +90,7 @@ class BaseTest:
388 + # ports and etc.
389 + # so we should record different domains respect to servers.
390 + domain = self.get_domain_addr(instance.server_address)
391 +- self.domains.append(domain[0])
392 ++ self.domains.append('localhost')
393 + self.ports.append(domain[1])
394 +
395 + def exec_wget(self):
396
397 diff --git a/net-misc/wget/wget-1.19.1-r2.ebuild b/net-misc/wget/wget-1.19.1-r2.ebuild
398 new file mode 100644
399 index 00000000000..a7329fb922a
400 --- /dev/null
401 +++ b/net-misc/wget/wget-1.19.1-r2.ebuild
402 @@ -0,0 +1,115 @@
403 +# Copyright 1999-2017 Gentoo Foundation
404 +# Distributed under the terms of the GNU General Public License v2
405 +
406 +EAPI="6"
407 +
408 +PYTHON_COMPAT=( python3_{4,5,6} )
409 +
410 +inherit flag-o-matic python-any-r1 toolchain-funcs
411 +
412 +DESCRIPTION="Network utility to retrieve files from the WWW"
413 +HOMEPAGE="https://www.gnu.org/software/wget/"
414 +SRC_URI="mirror://gnu/wget/${P}.tar.xz"
415 +
416 +LICENSE="GPL-3"
417 +SLOT="0"
418 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
419 +IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib"
420 +REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )"
421 +
422 +# Force a newer libidn2 to avoid libunistring deps. #612498
423 +LIB_DEPEND="idn? ( >=net-dns/libidn2-0.14[static-libs(+)] )
424 + pcre? ( dev-libs/libpcre[static-libs(+)] )
425 + ssl? (
426 + gnutls? ( net-libs/gnutls:0=[static-libs(+)] )
427 + !gnutls? (
428 + !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
429 + libressl? ( dev-libs/libressl[static-libs(+)] )
430 + )
431 + )
432 + uuid? ( sys-apps/util-linux[static-libs(+)] )
433 + zlib? ( sys-libs/zlib[static-libs(+)] )"
434 +RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )"
435 +DEPEND="${RDEPEND}
436 + app-arch/xz-utils
437 + virtual/pkgconfig
438 + static? ( ${LIB_DEPEND} )
439 + test? (
440 + ${PYTHON_DEPS}
441 + dev-lang/perl
442 + dev-perl/HTTP-Daemon
443 + dev-perl/HTTP-Message
444 + dev-perl/IO-Socket-SSL
445 + )
446 + nls? ( sys-devel/gettext )"
447 +
448 +DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc )
449 +
450 +PATCHES=(
451 + "${FILESDIR}"/${P}-CRLF_injection.patch
452 + "${FILESDIR}"/${PN}-1.19.1-fix-Perl-warnings-in-tests.patch
453 + "${FILESDIR}"/${PN}-1.19.1-fix-Python-test-suite.patch
454 + "${FILESDIR}"/${PN}-1.19.1-CVE-2017-13089.patch
455 + "${FILESDIR}"/${PN}-1.19.1-CVE-2017-13090.patch
456 +)
457 +
458 +pkg_setup() {
459 + use test && python-any-r1_pkg_setup
460 +}
461 +
462 +src_prepare() {
463 + default
464 +
465 + # revert some hack that breaks linking, bug #585924
466 + if [[ ${CHOST} == *-darwin* ]] || [[ ${CHOST} == *-solaris* ]] || [[ ${CHOST} == *-uclibc* ]]; then
467 + sed -i \
468 + -e 's/^ LIBICONV=$/:/' \
469 + configure || die
470 + fi
471 +}
472 +
473 +src_configure() {
474 + # fix compilation on Solaris, we need filio.h for FIONBIO as used in
475 + # the included gnutls -- force ioctl.h to include this header
476 + [[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1
477 +
478 + if use static ; then
479 + append-ldflags -static
480 + tc-export PKG_CONFIG
481 + PKG_CONFIG+=" --static"
482 + fi
483 +
484 + # There is no flag that controls this. libunistring-prefix only
485 + # controls the search path (which is why we turn it off below).
486 + # Further, libunistring is only needed w/older libidn2 installs,
487 + # and since we force the latest, we can force off libunistring. #612498
488 + ac_cv_libunistring=no \
489 + econf \
490 + --disable-assert \
491 + --disable-rpath \
492 + --without-included-libunistring \
493 + --without-libunistring-prefix \
494 + $(use_enable debug) \
495 + $(use_enable idn iri) \
496 + $(use_enable ipv6) \
497 + $(use_enable nls) \
498 + $(use_enable ntlm) \
499 + $(use_enable pcre) \
500 + $(use_enable ssl digest) \
501 + $(use_enable ssl opie) \
502 + $(use_with idn libidn) \
503 + $(use_with ssl ssl $(usex gnutls gnutls openssl)) \
504 + $(use_with uuid libuuid) \
505 + $(use_with zlib)
506 +}
507 +
508 +src_install() {
509 + default
510 +
511 + sed -i \
512 + -e "s:/usr/local/etc:${EPREFIX}/etc:g" \
513 + "${ED}"/etc/wgetrc \
514 + "${ED}"/usr/share/man/man1/wget.1 \
515 + "${ED}"/usr/share/info/wget.info \
516 + || die
517 +}
Report Message
Find on MARC Find on Google Groups