1 |
commit: c52583a431acfca8fcfc89b3b91dd3078b82b3b3 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Oct 26 14:23:12 2017 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Oct 26 15:02:49 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c52583a4 |
7 |
|
8 |
net-misc/wget: Rev bump to fix CVE-2017-{13089,13090} |
9 |
|
10 |
See: https://bugs.gentoo.org/635496 |
11 |
Closes: https://bugs.gentoo.org/619356 |
12 |
Closes: https://bugs.gentoo.org/624024 |
13 |
Package-Manager: Portage-2.3.11, Repoman-2.3.3 |
14 |
|
15 |
.../wget/files/wget-1.19.1-CVE-2017-13089.patch | 34 ++++ |
16 |
.../wget/files/wget-1.19.1-CVE-2017-13090.patch | 37 +++++ |
17 |
.../wget-1.19.1-fix-Perl-warnings-in-tests.patch | 104 +++++++++++++ |
18 |
.../files/wget-1.19.1-fix-Python-test-suite.patch | 172 +++++++++++++++++++++ |
19 |
net-misc/wget/wget-1.19.1-r2.ebuild | 115 ++++++++++++++ |
20 |
5 files changed, 462 insertions(+) |
21 |
|
22 |
diff --git a/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch b/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch |
23 |
new file mode 100644 |
24 |
index 00000000000..f961741aa28 |
25 |
--- /dev/null |
26 |
+++ b/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch |
27 |
@@ -0,0 +1,34 @@ |
28 |
+From 3dbc2e06ad487862c2fcc64d4891ff8aeb254bad Mon Sep 17 00:00:00 2001 |
29 |
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@×××.de> |
30 |
+Date: Fri, 20 Oct 2017 10:59:38 +0200 |
31 |
+Subject: [PATCH 1/2] Fix stack overflow in HTTP protocol handling |
32 |
+ (CVE-2017-13089) |
33 |
+MIME-Version: 1.0 |
34 |
+Content-Type: text/plain; charset=UTF-8 |
35 |
+Content-Transfer-Encoding: 8bit |
36 |
+ |
37 |
+* src/http.c (skip_short_body): Return error on negative chunk size |
38 |
+ |
39 |
+Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint |
40 |
+Reported-by: Juhani Eronen from Finnish National Cyber Security Centre |
41 |
+--- |
42 |
+ src/http.c | 3 +++ |
43 |
+ 1 file changed, 3 insertions(+) |
44 |
+ |
45 |
+diff --git a/src/http.c b/src/http.c |
46 |
+index 55367688..dc318231 100644 |
47 |
+--- a/src/http.c |
48 |
++++ b/src/http.c |
49 |
+@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked) |
50 |
+ remaining_chunk_size = strtol (line, &endl, 16); |
51 |
+ xfree (line); |
52 |
+ |
53 |
++ if (remaining_chunk_size < 0) |
54 |
++ return false; |
55 |
++ |
56 |
+ if (remaining_chunk_size == 0) |
57 |
+ { |
58 |
+ line = fd_read_line (fd); |
59 |
+-- |
60 |
+2.15.0.rc1 |
61 |
+ |
62 |
|
63 |
diff --git a/net-misc/wget/files/wget-1.19.1-CVE-2017-13090.patch b/net-misc/wget/files/wget-1.19.1-CVE-2017-13090.patch |
64 |
new file mode 100644 |
65 |
index 00000000000..4e600fe784f |
66 |
--- /dev/null |
67 |
+++ b/net-misc/wget/files/wget-1.19.1-CVE-2017-13090.patch |
68 |
@@ -0,0 +1,37 @@ |
69 |
+From 28925c37b72867c0819799c6f35caf9439080f83 Mon Sep 17 00:00:00 2001 |
70 |
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@×××.de> |
71 |
+Date: Fri, 20 Oct 2017 15:15:47 +0200 |
72 |
+Subject: [PATCH 2/2] Fix heap overflow in HTTP protocol handling |
73 |
+ (CVE-2017-13090) |
74 |
+MIME-Version: 1.0 |
75 |
+Content-Type: text/plain; charset=UTF-8 |
76 |
+Content-Transfer-Encoding: 8bit |
77 |
+ |
78 |
+* src/retr.c (fd_read_body): Stop processing on negative chunk size |
79 |
+ |
80 |
+Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint |
81 |
+Reported-by: Juhani Eronen from Finnish National Cyber Security Centre |
82 |
+--- |
83 |
+ src/retr.c | 6 ++++++ |
84 |
+ 1 file changed, 6 insertions(+) |
85 |
+ |
86 |
+diff --git a/src/retr.c b/src/retr.c |
87 |
+index a27d58af..723ac725 100644 |
88 |
+--- a/src/retr.c |
89 |
++++ b/src/retr.c |
90 |
+@@ -378,6 +378,12 @@ fd_read_body (const char *downloaded_filename, int fd, FILE *out, wgint toread, |
91 |
+ remaining_chunk_size = strtol (line, &endl, 16); |
92 |
+ xfree (line); |
93 |
+ |
94 |
++ if (remaining_chunk_size < 0) |
95 |
++ { |
96 |
++ ret = -1; |
97 |
++ break; |
98 |
++ } |
99 |
++ |
100 |
+ if (remaining_chunk_size == 0) |
101 |
+ { |
102 |
+ ret = 0; |
103 |
+-- |
104 |
+2.15.0.rc1 |
105 |
+ |
106 |
|
107 |
diff --git a/net-misc/wget/files/wget-1.19.1-fix-Perl-warnings-in-tests.patch b/net-misc/wget/files/wget-1.19.1-fix-Perl-warnings-in-tests.patch |
108 |
new file mode 100644 |
109 |
index 00000000000..334bcef8659 |
110 |
--- /dev/null |
111 |
+++ b/net-misc/wget/files/wget-1.19.1-fix-Perl-warnings-in-tests.patch |
112 |
@@ -0,0 +1,104 @@ |
113 |
+From 7ffe93cabb181f39ad5091c31ab9f61bd940a55f Mon Sep 17 00:00:00 2001 |
114 |
+From: Anton Yuzhaninov <citrin+github@××××××.ru> |
115 |
+Date: Wed, 5 Apr 2017 19:06:42 +0300 |
116 |
+Subject: [PATCH] Fix perl warnings in tests |
117 |
+ |
118 |
+* tests/FTPServer.pm: Escape '{' in RE to fix warnings |
119 |
+* tests/FTPTest.pm: Likewise |
120 |
+* tests/HTTPServer.pm: Likewise |
121 |
+* tests/HTTPTest.pm: Likewise |
122 |
+* tests/Test-proxied-https-auth-keepalive.px: Likewise |
123 |
+* tests/Test-proxied-https-auth.px: Likewise |
124 |
+Escape '{' in RE to fix warnings: |
125 |
+Unescaped left brace in regex is deprecated, passed through in regex; |
126 |
+marked by <-- HERE in m/{{ <-- HERE port}}/ |
127 |
+--- |
128 |
+ tests/FTPServer.pm | 2 +- |
129 |
+ tests/FTPTest.pm | 2 +- |
130 |
+ tests/HTTPServer.pm | 2 +- |
131 |
+ tests/HTTPTest.pm | 2 +- |
132 |
+ tests/Test-proxied-https-auth-keepalive.px | 2 +- |
133 |
+ tests/Test-proxied-https-auth.px | 2 +- |
134 |
+ 6 files changed, 6 insertions(+), 6 deletions(-) |
135 |
+ |
136 |
+diff --git a/tests/FTPServer.pm b/tests/FTPServer.pm |
137 |
+index a5185d66..cac80942 100644 |
138 |
+--- a/tests/FTPServer.pm |
139 |
++++ b/tests/FTPServer.pm |
140 |
+@@ -589,7 +589,7 @@ sub new |
141 |
+ foreach my $file (keys %{$self->{_input}}) |
142 |
+ { |
143 |
+ my $ref = \$self->{_input}{$file}{content}; |
144 |
+- $$ref =~ s/{{port}}/$self->sockport/eg; |
145 |
++ $$ref =~ s/\Q{{port}}/$self->sockport/eg; |
146 |
+ } |
147 |
+ |
148 |
+ return $self; |
149 |
+diff --git a/tests/FTPTest.pm b/tests/FTPTest.pm |
150 |
+index 50385ad0..0a1c768c 100644 |
151 |
+--- a/tests/FTPTest.pm |
152 |
++++ b/tests/FTPTest.pm |
153 |
+@@ -53,7 +53,7 @@ sub _substitute_port |
154 |
+ { |
155 |
+ my $self = shift; |
156 |
+ my $ret = shift; |
157 |
+- $ret =~ s/{{port}}/$self->{_server}->sockport/eg; |
158 |
++ $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg; |
159 |
+ return $ret; |
160 |
+ } |
161 |
+ |
162 |
+diff --git a/tests/HTTPServer.pm b/tests/HTTPServer.pm |
163 |
+index dd8ec043..78609f65 100644 |
164 |
+--- a/tests/HTTPServer.pm |
165 |
++++ b/tests/HTTPServer.pm |
166 |
+@@ -310,7 +310,7 @@ sub _substitute_port |
167 |
+ { |
168 |
+ my $self = shift; |
169 |
+ my $ret = shift; |
170 |
+- $ret =~ s/{{port}}/$self->sockport/eg; |
171 |
++ $ret =~ s/\Q{{port}}/$self->sockport/eg; |
172 |
+ return $ret; |
173 |
+ } |
174 |
+ |
175 |
+diff --git a/tests/HTTPTest.pm b/tests/HTTPTest.pm |
176 |
+index 00f079f8..6225c7f1 100644 |
177 |
+--- a/tests/HTTPTest.pm |
178 |
++++ b/tests/HTTPTest.pm |
179 |
+@@ -47,7 +47,7 @@ sub _substitute_port |
180 |
+ { |
181 |
+ my $self = shift; |
182 |
+ my $ret = shift; |
183 |
+- $ret =~ s/{{port}}/$self->{_server}->sockport/eg; |
184 |
++ $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg; |
185 |
+ return $ret; |
186 |
+ } |
187 |
+ |
188 |
+diff --git a/tests/Test-proxied-https-auth-keepalive.px b/tests/Test-proxied-https-auth-keepalive.px |
189 |
+index 049bebec..2a18ccfd 100755 |
190 |
+--- a/tests/Test-proxied-https-auth-keepalive.px |
191 |
++++ b/tests/Test-proxied-https-auth-keepalive.px |
192 |
+@@ -153,7 +153,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee" |
193 |
+ . " --password=Dodgson -e https_proxy=localhost:{{port}}" |
194 |
+ . " --no-check-certificate" |
195 |
+ . " https://no.such.domain/needs-auth.txt"; |
196 |
+-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e; |
197 |
++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e; |
198 |
+ |
199 |
+ if (defined $srcdir) { |
200 |
+ $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl'; |
201 |
+diff --git a/tests/Test-proxied-https-auth.px b/tests/Test-proxied-https-auth.px |
202 |
+index ce4e736c..878114e7 100755 |
203 |
+--- a/tests/Test-proxied-https-auth.px |
204 |
++++ b/tests/Test-proxied-https-auth.px |
205 |
+@@ -152,7 +152,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee" |
206 |
+ . " --password=Dodgson -e https_proxy=localhost:{{port}}" |
207 |
+ . " --no-check-certificate" |
208 |
+ . " https://no.such.domain/needs-auth.txt"; |
209 |
+-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e; |
210 |
++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e; |
211 |
+ |
212 |
+ if (defined $srcdir) { |
213 |
+ $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl'; |
214 |
+-- |
215 |
+2.14.3 |
216 |
+ |
217 |
|
218 |
diff --git a/net-misc/wget/files/wget-1.19.1-fix-Python-test-suite.patch b/net-misc/wget/files/wget-1.19.1-fix-Python-test-suite.patch |
219 |
new file mode 100644 |
220 |
index 00000000000..11736675dcc |
221 |
--- /dev/null |
222 |
+++ b/net-misc/wget/files/wget-1.19.1-fix-Python-test-suite.patch |
223 |
@@ -0,0 +1,172 @@ |
224 |
+Fix python test suite for GnuTLS 3.5.12+ |
225 |
+ |
226 |
+Backport of f42229b1fdf30ee30c6e13b01eb0c4ebd9ea9169 |
227 |
+ |
228 |
+--- a/testenv/Test--rejected-log.py |
229 |
++++ b/testenv/Test--rejected-log.py |
230 |
+@@ -14,7 +14,7 @@ mainpage = """ |
231 |
+ </head> |
232 |
+ <body> |
233 |
+ <p> |
234 |
+- Recurse to a <a href="http://127.0.0.1:{{port}}/secondpage.html">second page</a>. |
235 |
++ Recurse to a <a href="http://localhost:{{port}}/secondpage.html">second page</a>. |
236 |
+ </p> |
237 |
+ </body> |
238 |
+ </html> |
239 |
+@@ -27,8 +27,8 @@ secondpage = """ |
240 |
+ </head> |
241 |
+ <body> |
242 |
+ <p> |
243 |
+- Recurse to a <a href="http://127.0.0.1:{{port}}/thirdpage.html">third page</a>. |
244 |
+- Try the blacklisted <a href="http://127.0.0.1:{{port}}/index.html">main page</a>. |
245 |
++ Recurse to a <a href="http://localhost:{{port}}/thirdpage.html">third page</a>. |
246 |
++ Try the blacklisted <a href="http://localhost:{{port}}/index.html">main page</a>. |
247 |
+ </p> |
248 |
+ </body> |
249 |
+ </html> |
250 |
+@@ -41,7 +41,7 @@ thirdpage = """ |
251 |
+ </head> |
252 |
+ <body> |
253 |
+ <p> |
254 |
+- Try a hidden <a href="http://127.0.0.1:{{port}}/dummy.txt">dummy file</a>. |
255 |
++ Try a hidden <a href="http://localhost:{{port}}/dummy.txt">dummy file</a>. |
256 |
+ Try to leave to <a href="http://no.such.domain/">another domain</a>. |
257 |
+ </p> |
258 |
+ </body> |
259 |
+@@ -55,9 +55,9 @@ Disallow: /dummy.txt |
260 |
+ |
261 |
+ log = """\ |
262 |
+ REASON\tU_URL\tU_SCHEME\tU_HOST\tU_PORT\tU_PATH\tU_PARAMS\tU_QUERY\tU_FRAGMENT\tP_URL\tP_SCHEME\tP_HOST\tP_PORT\tP_PATH\tP_PARAMS\tP_QUERY\tP_FRAGMENT |
263 |
+-BLACKLIST\thttp%3A//127.0.0.1%3A{{port}}/index.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tindex.html\t\t\t\thttp%3A//127.0.0.1%3A{{port}}/secondpage.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tsecondpage.html\t\t\t |
264 |
+-ROBOTS\thttp%3A//127.0.0.1%3A{{port}}/dummy.txt\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tdummy.txt\t\t\t\thttp%3A//127.0.0.1%3A{{port}}/thirdpage.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tthirdpage.html\t\t\t |
265 |
+-SPANNEDHOST\thttp%3A//no.such.domain/\tSCHEME_HTTP\tno.such.domain\t80\t\t\t\t\thttp%3A//127.0.0.1%3A{{port}}/thirdpage.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tthirdpage.html\t\t\t |
266 |
++BLACKLIST\thttp%3A//localhost%3A{{port}}/index.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tindex.html\t\t\t\thttp%3A//localhost%3A{{port}}/secondpage.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tsecondpage.html\t\t\t |
267 |
++ROBOTS\thttp%3A//localhost%3A{{port}}/dummy.txt\tSCHEME_HTTP\tlocalhost\t{{port}}\tdummy.txt\t\t\t\thttp%3A//localhost%3A{{port}}/thirdpage.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tthirdpage.html\t\t\t |
268 |
++SPANNEDHOST\thttp%3A//no.such.domain/\tSCHEME_HTTP\tno.such.domain\t80\t\t\t\t\thttp%3A//localhost%3A{{port}}/thirdpage.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tthirdpage.html\t\t\t |
269 |
+ """ |
270 |
+ |
271 |
+ dummyfile = "Don't care." |
272 |
+--- a/testenv/Test--spider-r.py |
273 |
++++ b/testenv/Test--spider-r.py |
274 |
+@@ -14,8 +14,8 @@ mainpage = """ |
275 |
+ </head> |
276 |
+ <body> |
277 |
+ <p> |
278 |
+- Some text and a link to a <a href="http://127.0.0.1:{{port}}/secondpage.html">second page</a>. |
279 |
+- Also, a <a href="http://127.0.0.1:{{port}}/nonexistent">broken link</a>. |
280 |
++ Some text and a link to a <a href="http://localhost:{{port}}/secondpage.html">second page</a>. |
281 |
++ Also, a <a href="http://localhost:{{port}}/nonexistent">broken link</a>. |
282 |
+ </p> |
283 |
+ </body> |
284 |
+ </html> |
285 |
+@@ -29,8 +29,8 @@ secondpage = """ |
286 |
+ </head> |
287 |
+ <body> |
288 |
+ <p> |
289 |
+- Some text and a link to a <a href="http://127.0.0.1:{{port}}/thirdpage.html">third page</a>. |
290 |
+- Also, a <a href="http://127.0.0.1:{{port}}/nonexistent">broken link</a>. |
291 |
++ Some text and a link to a <a href="http://localhost:{{port}}/thirdpage.html">third page</a>. |
292 |
++ Also, a <a href="http://localhost:{{port}}/nonexistent">broken link</a>. |
293 |
+ </p> |
294 |
+ </body> |
295 |
+ </html> |
296 |
+@@ -43,8 +43,8 @@ thirdpage = """ |
297 |
+ </head> |
298 |
+ <body> |
299 |
+ <p> |
300 |
+- Some text and a link to a <a href="http://127.0.0.1:{{port}}/dummy.txt">text file</a>. |
301 |
+- Also, another <a href="http://127.0.0.1:{{port}}/againnonexistent">broken link</a>. |
302 |
++ Some text and a link to a <a href="http://localhost:{{port}}/dummy.txt">text file</a>. |
303 |
++ Also, another <a href="http://localhost:{{port}}/againnonexistent">broken link</a>. |
304 |
+ </p> |
305 |
+ </body> |
306 |
+ </html> |
307 |
+--- a/testenv/certs/server-cert.pem |
308 |
++++ b/testenv/certs/server-cert.pem |
309 |
+@@ -1,21 +1,21 @@ |
310 |
+ -----BEGIN CERTIFICATE----- |
311 |
+-MIIDgDCCAmigAwIBAgIIVGI73zrIeeMwDQYJKoZIhvcNAQELBQAwMDERMA8GA1UE |
312 |
+-AxMIR05VIFdnZXQxDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTAiGA8yMDE0 |
313 |
+-MTExMTE2NDAwMFoYDzk5OTkxMjMxMjM1OTU5WjAxMRIwEAYDVQQDEwkxMjcuMC4w |
314 |
+-LjExDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTCCASIwDQYJKoZIhvcNAQEB |
315 |
+-BQADggEPADCCAQoCggEBAMjC3Gt55EfStl6mE371+pD3/cpR5MLxkdbBss5MlIP2 |
316 |
+-TDhiPOItLXml8oxs4BjUm3wfn3GV9iJLmbzbIWL+0kbRkQ2LCPKUf+Cln3z2ZE+r |
317 |
+-XwdWlT8gVfv51Opfkp2lLDVUqLfNKRGQgivjSCmLqY2LqeB0SaVNvuaD3EpqZyIH |
318 |
+-0E5SZgjqBHgRRtvGkcy0rOmp5SI2NASLugUioXa9OLWjpYDwodsd3ERlL0DJ1aJW |
319 |
+-8TC8Tqix4i0osWzar+LXBIin0Qvar9/uRHN0p1kq3p0XgNHKqWpiTT54+WYx7Pem |
320 |
+-v4qRXz11swiJzUL+Pw1DurQ9smbzDgAsz7V2FJnUeCcCAwEAAaOBmDCBlTAMBgNV |
321 |
+-HRMBAf8EAjAAMB8GA1UdEQQYMBaCCTEyNy4wLjAuMYIJbG9jYWxob3N0MBMGA1Ud |
322 |
+-JQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJfm323L |
323 |
+-JbKTM/tMKSt0qlUqewbnMB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tU |
324 |
+-MA0GCSqGSIb3DQEBCwUAA4IBAQCDmuSD4IGmn0UQ5jhGQquh92Iu59j64Rrg7EIM |
325 |
+-zoppciyYR8gDUutOI9CEisxJz6umvAdOo5L981gcFaBv6hHWaE/krAZccR+ZXZP6 |
326 |
+-fI9btO8My8O63fYcd2KkLEFqvKDF43i01S2LrqXdPo3uELbFZwxCmUKsexFGsoW1 |
327 |
+-CbXbRjnS7w/f72myRmvBeDiNMuGfe1lb4IflybH3DMlKC7i0AN1JKglp+IKn5XAE |
328 |
+-neWR03i3UaYJsibIxj0DkTS+hVPu5MXQ9RlF5CkRdFKjGinLE/u70XyAyx0/IeAN |
329 |
+-e7c2MJvpdfRmTXm2ew4sNyK9RXo7Bv0Yqkl65iMscF8LNnxL |
330 |
++MIIDdzCCAl+gAwIBAgIMWWD1GB1UFkEICdQvMA0GCSqGSIb3DQEBCwUAMDAxETAP |
331 |
++BgNVBAMTCEdOVSBXZ2V0MQ0wCwYDVQQLEwRXZ2V0MQwwCgYDVQQKEwNHTlUwIBcN |
332 |
++MTcwNzA4MTUwNzA0WhgPOTk5OTEyMzEyMzU5NTlaMDExEjAQBgNVBAMTCTEyNy4w |
333 |
++LjAuMTENMAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VMIIBIjANBgkqhkiG9w0B |
334 |
++AQEFAAOCAQ8AMIIBCgKCAQEAyMLca3nkR9K2XqYTfvX6kPf9ylHkwvGR1sGyzkyU |
335 |
++g/ZMOGI84i0teaXyjGzgGNSbfB+fcZX2IkuZvNshYv7SRtGRDYsI8pR/4KWffPZk |
336 |
++T6tfB1aVPyBV+/nU6l+SnaUsNVSot80pEZCCK+NIKYupjYup4HRJpU2+5oPcSmpn |
337 |
++IgfQTlJmCOoEeBFG28aRzLSs6anlIjY0BIu6BSKhdr04taOlgPCh2x3cRGUvQMnV |
338 |
++olbxMLxOqLHiLSixbNqv4tcEiKfRC9qv3+5Ec3SnWSrenReA0cqpamJNPnj5ZjHs |
339 |
++96a/ipFfPXWzCInNQv4/DUO6tD2yZvMOACzPtXYUmdR4JwIDAQABo4GNMIGKMAwG |
340 |
++A1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsG |
341 |
++AQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJfm323LJbKTM/tMKSt0 |
342 |
++qlUqewbnMB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tUMA0GCSqGSIb3 |
343 |
++DQEBCwUAA4IBAQC1a0NQfmqT8Ky/BFo5H+G+GoQTlqi3J83ujAMdLUD57zYCEyDL |
344 |
++XzAhMPfrOSLPDcQb0ooD1Ie+Rz8Xs1h00cD2OGKwH479+nisF5ksqJVJ4fn/aNFE |
345 |
++6W2Xb3MCB+4FRdmy0UeDDA6N2OpVskCM30s9tmovlBLVK46HogdLvy/O1o7z/gbx |
346 |
++vV8luevxobnevZ3NdWLyVE3BJZiThBHmZUvL1XNy4KAR4wDAkbCwoTN/JkehTu0i |
347 |
++WR6DaG7N7M6psc7rctfzRqimlAkxnoAUwc8LwNLTB3v613xXX8iSUsLKsh6pQfZR |
348 |
++e5wnYQIS4MzowvDx8WevTPMRKlN72d8HHuv9 |
349 |
+ -----END CERTIFICATE----- |
350 |
+--- a/testenv/certs/server-crl.pem |
351 |
++++ b/testenv/certs/server-crl.pem |
352 |
+@@ -1,12 +1,12 @@ |
353 |
+ -----BEGIN X509 CRL----- |
354 |
+-MIIB1DCBvQIBATANBgkqhkiG9w0BAQsFADAwMREwDwYDVQQDEwhHTlUgV2dldDEN |
355 |
+-MAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VGA8yMDE0MTExMTE2NDU1NFoYDzk5 |
356 |
+-OTkxMjMxMjM1OTU5WjAdMBsCCFRiO986yHnjGA8yMDE0MTExMTE2NDU1NFqgNjA0 |
357 |
+-MB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tUMBEGA1UdFAQKAghUYj1E |
358 |
+-KHs9ijANBgkqhkiG9w0BAQsFAAOCAQEAZgwqs1VOFG39dFHHMXvBr4eJfhwiG4bC |
359 |
+-cL6IvLhvl9ikcyQMHrpOBtNjkCtgclSbJjjTDdera1+zuCWE0WBOJ4mojYdAIOhR |
360 |
+-QvSwp4NwAtibu2F/fjeXoo+LEpcRKtLvAotB30eCZ1OPrijsa/HxFILOLlayjns8 |
361 |
+-wM4RmQC4o43y1G/1jqM8hGDg4Wz0j1URVuyP+pU55JpubV5LlExy3gIRwevD2lam |
362 |
+-q3hiighenJYFO3HGZkYT2SIoSpXZnQqKPJ4HwRBSg/cjOpc1y1lIIvKhmk+Cut6M |
363 |
+-+S5HL4pIk8vGYg57nTfOOkj1goqFkfU0DBqvVAZj02ay/VIDu61T1g== |
364 |
++MIIB1jCBvwIBATANBgkqhkiG9w0BAQsFADAwMREwDwYDVQQDEwhHTlUgV2dldDEN |
365 |
++MAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VFw0xNzA3MDgxNTA3MDRaFw0xODA3 |
366 |
++MDgxNTA3MDRaMB8wHQIMWWD1GB1UFkEICdQvFw0xNzA3MDgxNTA3MDRaoDowODAf |
367 |
++BgNVHSMEGDAWgBTzPk44hEqpvsFvx2GjUNpuKYvrVDAVBgNVHRQEDgIMWWD1GB4C |
368 |
++YfERSnyEMA0GCSqGSIb3DQEBCwUAA4IBAQAAKu+Lum1l/XtcCJ43WveouPK97iOE |
369 |
++bjUZWaGYx8Ys/iBdhTa1GXG+E+JuyqgyHTW0HrWJi1D+GiYmsjPJXoEgVgtxXEQ7 |
370 |
++8b3NyIQ8OCsSTTlVCmLECN9R0xlsitzH+HXOaIEs5sbmIxCnxu+brqno9gQocmCv |
371 |
++LHYvoSxsSsOCkkmodbYtKssl2dBonvQPSijN/z3NhZ259e2U3Yv4V7/MrEoTvOxg |
372 |
++M0GC0u0Nx86EWbq0sWeiUu270Qk9En5YGNtRhkeq0bXerJswmMAmvrtuKdyfouny |
373 |
++4WMvtn30xsO3WwWSV2oyrDSN/IQdDbcmul/bg8ewqlnN77cVf2m70c/W |
374 |
+ -----END X509 CRL----- |
375 |
+--- a/testenv/certs/server-template.cfg |
376 |
++++ b/testenv/certs/server-template.cfg |
377 |
+@@ -68,7 +68,6 @@ expiration_days = -1 |
378 |
+ # X.509 v3 extensions |
379 |
+ |
380 |
+ # A dnsname in case of a WWW server. |
381 |
+-dns_name = "127.0.0.1" |
382 |
+ dns_name = "localhost" |
383 |
+ |
384 |
+ # A subject alternative name URI |
385 |
+--- a/testenv/test/base_test.py |
386 |
++++ b/testenv/test/base_test.py |
387 |
+@@ -90,7 +90,7 @@ class BaseTest: |
388 |
+ # ports and etc. |
389 |
+ # so we should record different domains respect to servers. |
390 |
+ domain = self.get_domain_addr(instance.server_address) |
391 |
+- self.domains.append(domain[0]) |
392 |
++ self.domains.append('localhost') |
393 |
+ self.ports.append(domain[1]) |
394 |
+ |
395 |
+ def exec_wget(self): |
396 |
|
397 |
diff --git a/net-misc/wget/wget-1.19.1-r2.ebuild b/net-misc/wget/wget-1.19.1-r2.ebuild |
398 |
new file mode 100644 |
399 |
index 00000000000..a7329fb922a |
400 |
--- /dev/null |
401 |
+++ b/net-misc/wget/wget-1.19.1-r2.ebuild |
402 |
@@ -0,0 +1,115 @@ |
403 |
+# Copyright 1999-2017 Gentoo Foundation |
404 |
+# Distributed under the terms of the GNU General Public License v2 |
405 |
+ |
406 |
+EAPI="6" |
407 |
+ |
408 |
+PYTHON_COMPAT=( python3_{4,5,6} ) |
409 |
+ |
410 |
+inherit flag-o-matic python-any-r1 toolchain-funcs |
411 |
+ |
412 |
+DESCRIPTION="Network utility to retrieve files from the WWW" |
413 |
+HOMEPAGE="https://www.gnu.org/software/wget/" |
414 |
+SRC_URI="mirror://gnu/wget/${P}.tar.xz" |
415 |
+ |
416 |
+LICENSE="GPL-3" |
417 |
+SLOT="0" |
418 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
419 |
+IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib" |
420 |
+REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )" |
421 |
+ |
422 |
+# Force a newer libidn2 to avoid libunistring deps. #612498 |
423 |
+LIB_DEPEND="idn? ( >=net-dns/libidn2-0.14[static-libs(+)] ) |
424 |
+ pcre? ( dev-libs/libpcre[static-libs(+)] ) |
425 |
+ ssl? ( |
426 |
+ gnutls? ( net-libs/gnutls:0=[static-libs(+)] ) |
427 |
+ !gnutls? ( |
428 |
+ !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) |
429 |
+ libressl? ( dev-libs/libressl[static-libs(+)] ) |
430 |
+ ) |
431 |
+ ) |
432 |
+ uuid? ( sys-apps/util-linux[static-libs(+)] ) |
433 |
+ zlib? ( sys-libs/zlib[static-libs(+)] )" |
434 |
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )" |
435 |
+DEPEND="${RDEPEND} |
436 |
+ app-arch/xz-utils |
437 |
+ virtual/pkgconfig |
438 |
+ static? ( ${LIB_DEPEND} ) |
439 |
+ test? ( |
440 |
+ ${PYTHON_DEPS} |
441 |
+ dev-lang/perl |
442 |
+ dev-perl/HTTP-Daemon |
443 |
+ dev-perl/HTTP-Message |
444 |
+ dev-perl/IO-Socket-SSL |
445 |
+ ) |
446 |
+ nls? ( sys-devel/gettext )" |
447 |
+ |
448 |
+DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc ) |
449 |
+ |
450 |
+PATCHES=( |
451 |
+ "${FILESDIR}"/${P}-CRLF_injection.patch |
452 |
+ "${FILESDIR}"/${PN}-1.19.1-fix-Perl-warnings-in-tests.patch |
453 |
+ "${FILESDIR}"/${PN}-1.19.1-fix-Python-test-suite.patch |
454 |
+ "${FILESDIR}"/${PN}-1.19.1-CVE-2017-13089.patch |
455 |
+ "${FILESDIR}"/${PN}-1.19.1-CVE-2017-13090.patch |
456 |
+) |
457 |
+ |
458 |
+pkg_setup() { |
459 |
+ use test && python-any-r1_pkg_setup |
460 |
+} |
461 |
+ |
462 |
+src_prepare() { |
463 |
+ default |
464 |
+ |
465 |
+ # revert some hack that breaks linking, bug #585924 |
466 |
+ if [[ ${CHOST} == *-darwin* ]] || [[ ${CHOST} == *-solaris* ]] || [[ ${CHOST} == *-uclibc* ]]; then |
467 |
+ sed -i \ |
468 |
+ -e 's/^ LIBICONV=$/:/' \ |
469 |
+ configure || die |
470 |
+ fi |
471 |
+} |
472 |
+ |
473 |
+src_configure() { |
474 |
+ # fix compilation on Solaris, we need filio.h for FIONBIO as used in |
475 |
+ # the included gnutls -- force ioctl.h to include this header |
476 |
+ [[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1 |
477 |
+ |
478 |
+ if use static ; then |
479 |
+ append-ldflags -static |
480 |
+ tc-export PKG_CONFIG |
481 |
+ PKG_CONFIG+=" --static" |
482 |
+ fi |
483 |
+ |
484 |
+ # There is no flag that controls this. libunistring-prefix only |
485 |
+ # controls the search path (which is why we turn it off below). |
486 |
+ # Further, libunistring is only needed w/older libidn2 installs, |
487 |
+ # and since we force the latest, we can force off libunistring. #612498 |
488 |
+ ac_cv_libunistring=no \ |
489 |
+ econf \ |
490 |
+ --disable-assert \ |
491 |
+ --disable-rpath \ |
492 |
+ --without-included-libunistring \ |
493 |
+ --without-libunistring-prefix \ |
494 |
+ $(use_enable debug) \ |
495 |
+ $(use_enable idn iri) \ |
496 |
+ $(use_enable ipv6) \ |
497 |
+ $(use_enable nls) \ |
498 |
+ $(use_enable ntlm) \ |
499 |
+ $(use_enable pcre) \ |
500 |
+ $(use_enable ssl digest) \ |
501 |
+ $(use_enable ssl opie) \ |
502 |
+ $(use_with idn libidn) \ |
503 |
+ $(use_with ssl ssl $(usex gnutls gnutls openssl)) \ |
504 |
+ $(use_with uuid libuuid) \ |
505 |
+ $(use_with zlib) |
506 |
+} |
507 |
+ |
508 |
+src_install() { |
509 |
+ default |
510 |
+ |
511 |
+ sed -i \ |
512 |
+ -e "s:/usr/local/etc:${EPREFIX}/etc:g" \ |
513 |
+ "${ED}"/etc/wgetrc \ |
514 |
+ "${ED}"/usr/share/man/man1/wget.1 \ |
515 |
+ "${ED}"/usr/share/info/wget.info \ |
516 |
+ || die |
517 |
+} |