diff options
| author |   Ned Ludd <solar@gentoo.org> | 2005-03-02 15:00:45 +0000 |
|---|---|---|
| committer | Ned Ludd <solar@gentoo.org> | 2005-03-02 15:00:45 +0000 |
| commit | fb85dd19bd074a07099266663760f35dec1b8604 (patch) | |
| tree | 7d00684fe994c0ccc0e3420e8d56a9f4aeeabb61 | |
| parent | Revision bump for security bug 83792. (diff) | |
| download | historical-fb85dd19bd074a07099266663760f35dec1b8604.tar.gz historical-fb85dd19bd074a07099266663760f35dec1b8604.tar.bz2 historical-fb85dd19bd074a07099266663760f35dec1b8604.zip | |
- security bump for bug 74008. CAN-2004-1487 - overwrite files via ".." in path component
Package-Manager: portage-2.0.51-r15
| -rw-r--r-- | net-misc/wget/ChangeLog | 9 | ||||
| -rw-r--r-- | net-misc/wget/Manifest | 15 | ||||
| -rw-r--r-- | net-misc/wget/files/digest-wget-1.9.1-r3 | 1 | ||||
| -rw-r--r-- | net-misc/wget/files/wget-CAN-2004-1487.patch | 49 | ||||
| -rw-r--r-- | net-misc/wget/wget-1.9.1-r3.ebuild | 68 |
5 files changed, 130 insertions, 12 deletions
diff --git a/net-misc/wget/ChangeLog b/net-misc/wget/ChangeLog index 09f50529d0cf..1458129c39d7 100644 --- a/net-misc/wget/ChangeLog +++ b/net-misc/wget/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-misc/wget # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/wget/ChangeLog,v 1.45 2005/01/09 11:31:48 swegener Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/wget/ChangeLog,v 1.46 2005/03/02 15:00:45 solar Exp $ + +*wget-1.9.1-r3 (02 Mar 2005) + + 02 Mar 2005; <solar@gentoo.org> +files/wget-CAN-2004-1487.patch, + +wget-1.9.1-r3.ebuild: + - security bump for bug 74008. CAN-2004-1487 - overwrite files via ".." in + path component 09 Jan 2005; Sven Wegener <swegener@gentoo.org> wget-1.8.2-r3.ebuild, wget-1.9-r2.ebuild, wget-1.9.1-r2.ebuild: diff --git a/net-misc/wget/Manifest b/net-misc/wget/Manifest index ec716f13323e..6d1679005445 100644 --- a/net-misc/wget/Manifest +++ b/net-misc/wget/Manifest @@ -1,23 +1,16 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - MD5 eb96a013e4e739b4d3fff72e6399c9b1 wget-1.9.1-r2.ebuild 1635 MD5 11770f5823ecbab503908a148814305a wget-1.8.2-r3.ebuild 1863 +MD5 dd491518371292bf097c5ef89f519988 wget-1.9.1-r3.ebuild 1722 MD5 fa1f319d6557c3d1b198a9a6530ca89b wget-1.9-r2.ebuild 1615 -MD5 04fd51fa2492e9914fe94555035abc36 ChangeLog 7762 +MD5 f0bb26c9808f809ccda6377ce7a8001c ChangeLog 7979 MD5 d8da3021a3e635af9c4511b2a55b5633 metadata.xml 343 MD5 4dcb05d1f54b53a2aed7a21663352952 files/wget-1.9.1-locale.patch 322 MD5 a48195a152f8913a82d743f3136f3d95 files/wget-1.9.1+ipvmisc.patch 25622 +MD5 e38837d2e6b898527d0a5b7167b68e81 files/wget-CAN-2004-1487.patch 1551 MD5 cb7be837f683bbf0b328e3f5513d8775 files/digest-wget-1.9-r2 131 MD5 987b30c931a50d2dc02a905c29f84821 files/wget-1.8.2-gentoo.diff 1549 MD5 f91472025c987d7159170dee736d35e6 files/wget-1.8.2-2Glimit.diff 23388 MD5 daf2955489495fca41ecca68b4e65114 files/wget-1.9-uclibc.patch 2951 MD5 28f004e72194fae0e65365e48b867c83 files/digest-wget-1.8.2-r3 221 MD5 3ae4d064cf6e6d112fe89fd8e3fa389c files/digest-wget-1.9.1-r2 63 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.9.10 (GNU/Linux) - -iD8DBQFB4RYqI1lqEGTUzyQRAh+xAKDHExnuvCHfaRlD5r+3TF1H/ZhQ+ACdGd0R -NBN46E+C+O4N0+pdxvz8/ew= -=U4np ------END PGP SIGNATURE----- +MD5 3ae4d064cf6e6d112fe89fd8e3fa389c files/digest-wget-1.9.1-r3 63 diff --git a/net-misc/wget/files/digest-wget-1.9.1-r3 b/net-misc/wget/files/digest-wget-1.9.1-r3 new file mode 100644 index 000000000000..fc78fd386c38 --- /dev/null +++ b/net-misc/wget/files/digest-wget-1.9.1-r3 @@ -0,0 +1 @@ +MD5 e6051f1e1487ec0ebfdbda72bedc70ad wget-1.9.1.tar.gz 1322378 diff --git a/net-misc/wget/files/wget-CAN-2004-1487.patch b/net-misc/wget/files/wget-CAN-2004-1487.patch new file mode 100644 index 000000000000..acc4ef1241a7 --- /dev/null +++ b/net-misc/wget/files/wget-CAN-2004-1487.patch @@ -0,0 +1,49 @@ +diff -Nur wget-1.9.1/src/http.c wget-1.9.1_patched/src/http.c +--- wget-1.9.1/src/http.c 2003-10-15 01:32:15.000000000 +0200 ++++ wget-1.9.1_patched/src/http.c 2005-03-02 15:00:44.262827441 +0100 +@@ -1479,6 +1479,7 @@ + /* Open the local file. */ + if (!opt.dfp) + { ++ sanitize_path(*hs->local_file); + mkalldirs (*hs->local_file); + if (opt.backups) + rotate_backups (*hs->local_file); +diff -Nur wget-1.9.1/src/utils.c wget-1.9.1_patched/src/utils.c +--- wget-1.9.1/src/utils.c 2003-10-23 14:16:21.000000000 +0200 ++++ wget-1.9.1_patched/src/utils.c 2005-03-02 15:01:45.003786585 +0100 +@@ -554,6 +554,23 @@ + #endif + } + ++char * ++sanitize_path(char *path) ++{ ++ char *str = NULL; ++ ++ /* evilhost/../ */ ++ while ((str = strstr(path, "..")) != NULL) ++ memcpy(str, "__", 2); ++ /* evilhost/.bashrc */ ++ while ((str = strstr(path, "/.")) != NULL) ++ str[1] = '_'; ++ /* .bashrc */ ++ if (*path == '.') ++ *path = '_'; ++ return path; ++} ++ + /* Returns 0 if PATH is a directory, 1 otherwise (any kind of file). + Returns 0 on error. */ + int +diff -Nur wget-1.9.1/src/utils.h wget-1.9.1_patched/src/utils.h +--- wget-1.9.1/src/utils.h 2003-10-11 15:57:11.000000000 +0200 ++++ wget-1.9.1_patched/src/utils.h 2005-03-02 15:02:06.631499261 +0100 +@@ -75,6 +75,7 @@ + int make_directory PARAMS ((const char *)); + char *unique_name PARAMS ((const char *, int)); + char *file_merge PARAMS ((const char *, const char *)); ++char *sanitize_path PARAMS ((char *)); + + int acceptable PARAMS ((const char *)); + int accdir PARAMS ((const char *s, enum accd)); diff --git a/net-misc/wget/wget-1.9.1-r3.ebuild b/net-misc/wget/wget-1.9.1-r3.ebuild new file mode 100644 index 000000000000..0bdcb8ab161e --- /dev/null +++ b/net-misc/wget/wget-1.9.1-r3.ebuild @@ -0,0 +1,68 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/wget/wget-1.9.1-r3.ebuild,v 1.1 2005/03/02 15:00:45 solar Exp $ + +inherit gnuconfig eutils + +NPVER=20031022 +DESCRIPTION="Network utility to retrieve files from the WWW" +HOMEPAGE="http://wget.sunsite.dk/" +SRC_URI="mirror://gnu/wget/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~ppc-macos ~s390 ~sh ~sparc ~x86" +IUSE="build debug ipv6 nls socks5 ssl static" + +RDEPEND="ssl? ( >=dev-libs/openssl-0.9.6b )" +DEPEND="${RDEPEND} + nls? ( sys-devel/gettext ) + sys-devel/autoconf" + +src_unpack() { + unpack ${A} + cd ${S} + epatch ${FILESDIR}/${P}+ipvmisc.patch + epatch ${FILESDIR}/${PN}-1.9-uclibc.patch + epatch ${FILESDIR}/${P}-locale.patch + # security patch for bug 74008 + epatch ${FILESDIR}/${PN}-CAN-2004-1487.patch +} + +src_compile() { + # Make wget use up-to-date configure scripts + gnuconfig_update + + local myconf + use ssl \ + && myconf="${myconf} --with-ssl" \ + || myconf="${myconf} --without-ssl --disable-opie --disable-digest" + + use ssl && CFLAGS="${CFLAGS} -I/usr/include/openssl" + + econf \ + --sysconfdir=/etc/wget \ + `use_enable ipv6` \ + `use_enable nls` \ + `use_enable debug` \ + `use_with socks5 socks` \ + ${myconf} || die + + if use static; then + emake LDFLAGS="--static" || die + else + emake || die + fi +} + +src_install() { + if use build; then + insinto /usr + dobin ${S}/src/wget + return + fi + make prefix=${D}/usr sysconfdir=${D}/etc/wget \ + mandir=${D}/usr/share/man infodir=${D}/usr/share/info install || die + dodoc AUTHORS COPYING ChangeLog MACHINES MAILING-LIST NEWS README TODO + dodoc doc/sample.wgetrc +} |