diff options
author | Thomas Deutschmann <whissi@gentoo.org> | 2017-10-26 16:23:12 +0200 |
---|---|---|
committer | Thomas Deutschmann <whissi@gentoo.org> | 2017-10-26 17:02:49 +0200 |
commit | c52583a431acfca8fcfc89b3b91dd3078b82b3b3 (patch) | |
tree | 4106a4013aa7e174e08a3ad183d224e43fc9c541 /net-misc/wget | |
parent | dev-python/ijson: bump to EAPI 6 and add py36 support (diff) | |
download | gentoo-c52583a431acfca8fcfc89b3b91dd3078b82b3b3.tar.gz gentoo-c52583a431acfca8fcfc89b3b91dd3078b82b3b3.tar.bz2 gentoo-c52583a431acfca8fcfc89b3b91dd3078b82b3b3.zip |
net-misc/wget: Rev bump to fix CVE-2017-{13089,13090}
See: https://bugs.gentoo.org/635496
Closes: https://bugs.gentoo.org/619356
Closes: https://bugs.gentoo.org/624024
Package-Manager: Portage-2.3.11, Repoman-2.3.3
Diffstat (limited to 'net-misc/wget')
-rw-r--r-- | net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch | 34 | ||||
-rw-r--r-- | net-misc/wget/files/wget-1.19.1-CVE-2017-13090.patch | 37 | ||||
-rw-r--r-- | net-misc/wget/files/wget-1.19.1-fix-Perl-warnings-in-tests.patch | 104 | ||||
-rw-r--r-- | net-misc/wget/files/wget-1.19.1-fix-Python-test-suite.patch | 172 | ||||
-rw-r--r-- | net-misc/wget/wget-1.19.1-r2.ebuild | 115 |
5 files changed, 462 insertions, 0 deletions
diff --git a/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch b/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch new file mode 100644 index 000000000000..f961741aa288 --- /dev/null +++ b/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch @@ -0,0 +1,34 @@ +From 3dbc2e06ad487862c2fcc64d4891ff8aeb254bad Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de> +Date: Fri, 20 Oct 2017 10:59:38 +0200 +Subject: [PATCH 1/2] Fix stack overflow in HTTP protocol handling + (CVE-2017-13089) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* src/http.c (skip_short_body): Return error on negative chunk size + +Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint +Reported-by: Juhani Eronen from Finnish National Cyber Security Centre +--- + src/http.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/http.c b/src/http.c +index 55367688..dc318231 100644 +--- a/src/http.c ++++ b/src/http.c +@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked) + remaining_chunk_size = strtol (line, &endl, 16); + xfree (line); + ++ if (remaining_chunk_size < 0) ++ return false; ++ + if (remaining_chunk_size == 0) + { + line = fd_read_line (fd); +-- +2.15.0.rc1 + diff --git a/net-misc/wget/files/wget-1.19.1-CVE-2017-13090.patch b/net-misc/wget/files/wget-1.19.1-CVE-2017-13090.patch new file mode 100644 index 000000000000..4e600fe784ff --- /dev/null +++ b/net-misc/wget/files/wget-1.19.1-CVE-2017-13090.patch @@ -0,0 +1,37 @@ +From 28925c37b72867c0819799c6f35caf9439080f83 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de> +Date: Fri, 20 Oct 2017 15:15:47 +0200 +Subject: [PATCH 2/2] Fix heap overflow in HTTP protocol handling + (CVE-2017-13090) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* src/retr.c (fd_read_body): Stop processing on negative chunk size + +Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint +Reported-by: Juhani Eronen from Finnish National Cyber Security Centre +--- + src/retr.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/retr.c b/src/retr.c +index a27d58af..723ac725 100644 +--- a/src/retr.c ++++ b/src/retr.c +@@ -378,6 +378,12 @@ fd_read_body (const char *downloaded_filename, int fd, FILE *out, wgint toread, + remaining_chunk_size = strtol (line, &endl, 16); + xfree (line); + ++ if (remaining_chunk_size < 0) ++ { ++ ret = -1; ++ break; ++ } ++ + if (remaining_chunk_size == 0) + { + ret = 0; +-- +2.15.0.rc1 + diff --git a/net-misc/wget/files/wget-1.19.1-fix-Perl-warnings-in-tests.patch b/net-misc/wget/files/wget-1.19.1-fix-Perl-warnings-in-tests.patch new file mode 100644 index 000000000000..334bcef8659b --- /dev/null +++ b/net-misc/wget/files/wget-1.19.1-fix-Perl-warnings-in-tests.patch @@ -0,0 +1,104 @@ +From 7ffe93cabb181f39ad5091c31ab9f61bd940a55f Mon Sep 17 00:00:00 2001 +From: Anton Yuzhaninov <citrin+github@citrin.ru> +Date: Wed, 5 Apr 2017 19:06:42 +0300 +Subject: [PATCH] Fix perl warnings in tests + +* tests/FTPServer.pm: Escape '{' in RE to fix warnings +* tests/FTPTest.pm: Likewise +* tests/HTTPServer.pm: Likewise +* tests/HTTPTest.pm: Likewise +* tests/Test-proxied-https-auth-keepalive.px: Likewise +* tests/Test-proxied-https-auth.px: Likewise +Escape '{' in RE to fix warnings: +Unescaped left brace in regex is deprecated, passed through in regex; +marked by <-- HERE in m/{{ <-- HERE port}}/ +--- + tests/FTPServer.pm | 2 +- + tests/FTPTest.pm | 2 +- + tests/HTTPServer.pm | 2 +- + tests/HTTPTest.pm | 2 +- + tests/Test-proxied-https-auth-keepalive.px | 2 +- + tests/Test-proxied-https-auth.px | 2 +- + 6 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/tests/FTPServer.pm b/tests/FTPServer.pm +index a5185d66..cac80942 100644 +--- a/tests/FTPServer.pm ++++ b/tests/FTPServer.pm +@@ -589,7 +589,7 @@ sub new + foreach my $file (keys %{$self->{_input}}) + { + my $ref = \$self->{_input}{$file}{content}; +- $$ref =~ s/{{port}}/$self->sockport/eg; ++ $$ref =~ s/\Q{{port}}/$self->sockport/eg; + } + + return $self; +diff --git a/tests/FTPTest.pm b/tests/FTPTest.pm +index 50385ad0..0a1c768c 100644 +--- a/tests/FTPTest.pm ++++ b/tests/FTPTest.pm +@@ -53,7 +53,7 @@ sub _substitute_port + { + my $self = shift; + my $ret = shift; +- $ret =~ s/{{port}}/$self->{_server}->sockport/eg; ++ $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg; + return $ret; + } + +diff --git a/tests/HTTPServer.pm b/tests/HTTPServer.pm +index dd8ec043..78609f65 100644 +--- a/tests/HTTPServer.pm ++++ b/tests/HTTPServer.pm +@@ -310,7 +310,7 @@ sub _substitute_port + { + my $self = shift; + my $ret = shift; +- $ret =~ s/{{port}}/$self->sockport/eg; ++ $ret =~ s/\Q{{port}}/$self->sockport/eg; + return $ret; + } + +diff --git a/tests/HTTPTest.pm b/tests/HTTPTest.pm +index 00f079f8..6225c7f1 100644 +--- a/tests/HTTPTest.pm ++++ b/tests/HTTPTest.pm +@@ -47,7 +47,7 @@ sub _substitute_port + { + my $self = shift; + my $ret = shift; +- $ret =~ s/{{port}}/$self->{_server}->sockport/eg; ++ $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg; + return $ret; + } + +diff --git a/tests/Test-proxied-https-auth-keepalive.px b/tests/Test-proxied-https-auth-keepalive.px +index 049bebec..2a18ccfd 100755 +--- a/tests/Test-proxied-https-auth-keepalive.px ++++ b/tests/Test-proxied-https-auth-keepalive.px +@@ -153,7 +153,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee" + . " --password=Dodgson -e https_proxy=localhost:{{port}}" + . " --no-check-certificate" + . " https://no.such.domain/needs-auth.txt"; +-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e; ++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e; + + if (defined $srcdir) { + $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl'; +diff --git a/tests/Test-proxied-https-auth.px b/tests/Test-proxied-https-auth.px +index ce4e736c..878114e7 100755 +--- a/tests/Test-proxied-https-auth.px ++++ b/tests/Test-proxied-https-auth.px +@@ -152,7 +152,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee" + . " --password=Dodgson -e https_proxy=localhost:{{port}}" + . " --no-check-certificate" + . " https://no.such.domain/needs-auth.txt"; +-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e; ++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e; + + if (defined $srcdir) { + $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl'; +-- +2.14.3 + diff --git a/net-misc/wget/files/wget-1.19.1-fix-Python-test-suite.patch b/net-misc/wget/files/wget-1.19.1-fix-Python-test-suite.patch new file mode 100644 index 000000000000..11736675dcc8 --- /dev/null +++ b/net-misc/wget/files/wget-1.19.1-fix-Python-test-suite.patch @@ -0,0 +1,172 @@ +Fix python test suite for GnuTLS 3.5.12+ + +Backport of f42229b1fdf30ee30c6e13b01eb0c4ebd9ea9169 + +--- a/testenv/Test--rejected-log.py ++++ b/testenv/Test--rejected-log.py +@@ -14,7 +14,7 @@ mainpage = """ + </head> + <body> + <p> +- Recurse to a <a href="http://127.0.0.1:{{port}}/secondpage.html">second page</a>. ++ Recurse to a <a href="http://localhost:{{port}}/secondpage.html">second page</a>. + </p> + </body> + </html> +@@ -27,8 +27,8 @@ secondpage = """ + </head> + <body> + <p> +- Recurse to a <a href="http://127.0.0.1:{{port}}/thirdpage.html">third page</a>. +- Try the blacklisted <a href="http://127.0.0.1:{{port}}/index.html">main page</a>. ++ Recurse to a <a href="http://localhost:{{port}}/thirdpage.html">third page</a>. ++ Try the blacklisted <a href="http://localhost:{{port}}/index.html">main page</a>. + </p> + </body> + </html> +@@ -41,7 +41,7 @@ thirdpage = """ + </head> + <body> + <p> +- Try a hidden <a href="http://127.0.0.1:{{port}}/dummy.txt">dummy file</a>. ++ Try a hidden <a href="http://localhost:{{port}}/dummy.txt">dummy file</a>. + Try to leave to <a href="http://no.such.domain/">another domain</a>. + </p> + </body> +@@ -55,9 +55,9 @@ Disallow: /dummy.txt + + log = """\ + REASON\tU_URL\tU_SCHEME\tU_HOST\tU_PORT\tU_PATH\tU_PARAMS\tU_QUERY\tU_FRAGMENT\tP_URL\tP_SCHEME\tP_HOST\tP_PORT\tP_PATH\tP_PARAMS\tP_QUERY\tP_FRAGMENT +-BLACKLIST\thttp%3A//127.0.0.1%3A{{port}}/index.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tindex.html\t\t\t\thttp%3A//127.0.0.1%3A{{port}}/secondpage.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tsecondpage.html\t\t\t +-ROBOTS\thttp%3A//127.0.0.1%3A{{port}}/dummy.txt\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tdummy.txt\t\t\t\thttp%3A//127.0.0.1%3A{{port}}/thirdpage.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tthirdpage.html\t\t\t +-SPANNEDHOST\thttp%3A//no.such.domain/\tSCHEME_HTTP\tno.such.domain\t80\t\t\t\t\thttp%3A//127.0.0.1%3A{{port}}/thirdpage.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tthirdpage.html\t\t\t ++BLACKLIST\thttp%3A//localhost%3A{{port}}/index.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tindex.html\t\t\t\thttp%3A//localhost%3A{{port}}/secondpage.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tsecondpage.html\t\t\t ++ROBOTS\thttp%3A//localhost%3A{{port}}/dummy.txt\tSCHEME_HTTP\tlocalhost\t{{port}}\tdummy.txt\t\t\t\thttp%3A//localhost%3A{{port}}/thirdpage.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tthirdpage.html\t\t\t ++SPANNEDHOST\thttp%3A//no.such.domain/\tSCHEME_HTTP\tno.such.domain\t80\t\t\t\t\thttp%3A//localhost%3A{{port}}/thirdpage.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tthirdpage.html\t\t\t + """ + + dummyfile = "Don't care." +--- a/testenv/Test--spider-r.py ++++ b/testenv/Test--spider-r.py +@@ -14,8 +14,8 @@ mainpage = """ + </head> + <body> + <p> +- Some text and a link to a <a href="http://127.0.0.1:{{port}}/secondpage.html">second page</a>. +- Also, a <a href="http://127.0.0.1:{{port}}/nonexistent">broken link</a>. ++ Some text and a link to a <a href="http://localhost:{{port}}/secondpage.html">second page</a>. ++ Also, a <a href="http://localhost:{{port}}/nonexistent">broken link</a>. + </p> + </body> + </html> +@@ -29,8 +29,8 @@ secondpage = """ + </head> + <body> + <p> +- Some text and a link to a <a href="http://127.0.0.1:{{port}}/thirdpage.html">third page</a>. +- Also, a <a href="http://127.0.0.1:{{port}}/nonexistent">broken link</a>. ++ Some text and a link to a <a href="http://localhost:{{port}}/thirdpage.html">third page</a>. ++ Also, a <a href="http://localhost:{{port}}/nonexistent">broken link</a>. + </p> + </body> + </html> +@@ -43,8 +43,8 @@ thirdpage = """ + </head> + <body> + <p> +- Some text and a link to a <a href="http://127.0.0.1:{{port}}/dummy.txt">text file</a>. +- Also, another <a href="http://127.0.0.1:{{port}}/againnonexistent">broken link</a>. ++ Some text and a link to a <a href="http://localhost:{{port}}/dummy.txt">text file</a>. ++ Also, another <a href="http://localhost:{{port}}/againnonexistent">broken link</a>. + </p> + </body> + </html> +--- a/testenv/certs/server-cert.pem ++++ b/testenv/certs/server-cert.pem +@@ -1,21 +1,21 @@ + -----BEGIN CERTIFICATE----- +-MIIDgDCCAmigAwIBAgIIVGI73zrIeeMwDQYJKoZIhvcNAQELBQAwMDERMA8GA1UE +-AxMIR05VIFdnZXQxDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTAiGA8yMDE0 +-MTExMTE2NDAwMFoYDzk5OTkxMjMxMjM1OTU5WjAxMRIwEAYDVQQDEwkxMjcuMC4w +-LjExDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTCCASIwDQYJKoZIhvcNAQEB +-BQADggEPADCCAQoCggEBAMjC3Gt55EfStl6mE371+pD3/cpR5MLxkdbBss5MlIP2 +-TDhiPOItLXml8oxs4BjUm3wfn3GV9iJLmbzbIWL+0kbRkQ2LCPKUf+Cln3z2ZE+r +-XwdWlT8gVfv51Opfkp2lLDVUqLfNKRGQgivjSCmLqY2LqeB0SaVNvuaD3EpqZyIH +-0E5SZgjqBHgRRtvGkcy0rOmp5SI2NASLugUioXa9OLWjpYDwodsd3ERlL0DJ1aJW +-8TC8Tqix4i0osWzar+LXBIin0Qvar9/uRHN0p1kq3p0XgNHKqWpiTT54+WYx7Pem +-v4qRXz11swiJzUL+Pw1DurQ9smbzDgAsz7V2FJnUeCcCAwEAAaOBmDCBlTAMBgNV +-HRMBAf8EAjAAMB8GA1UdEQQYMBaCCTEyNy4wLjAuMYIJbG9jYWxob3N0MBMGA1Ud +-JQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJfm323L +-JbKTM/tMKSt0qlUqewbnMB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tU +-MA0GCSqGSIb3DQEBCwUAA4IBAQCDmuSD4IGmn0UQ5jhGQquh92Iu59j64Rrg7EIM +-zoppciyYR8gDUutOI9CEisxJz6umvAdOo5L981gcFaBv6hHWaE/krAZccR+ZXZP6 +-fI9btO8My8O63fYcd2KkLEFqvKDF43i01S2LrqXdPo3uELbFZwxCmUKsexFGsoW1 +-CbXbRjnS7w/f72myRmvBeDiNMuGfe1lb4IflybH3DMlKC7i0AN1JKglp+IKn5XAE +-neWR03i3UaYJsibIxj0DkTS+hVPu5MXQ9RlF5CkRdFKjGinLE/u70XyAyx0/IeAN +-e7c2MJvpdfRmTXm2ew4sNyK9RXo7Bv0Yqkl65iMscF8LNnxL ++MIIDdzCCAl+gAwIBAgIMWWD1GB1UFkEICdQvMA0GCSqGSIb3DQEBCwUAMDAxETAP ++BgNVBAMTCEdOVSBXZ2V0MQ0wCwYDVQQLEwRXZ2V0MQwwCgYDVQQKEwNHTlUwIBcN ++MTcwNzA4MTUwNzA0WhgPOTk5OTEyMzEyMzU5NTlaMDExEjAQBgNVBAMTCTEyNy4w ++LjAuMTENMAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VMIIBIjANBgkqhkiG9w0B ++AQEFAAOCAQ8AMIIBCgKCAQEAyMLca3nkR9K2XqYTfvX6kPf9ylHkwvGR1sGyzkyU ++g/ZMOGI84i0teaXyjGzgGNSbfB+fcZX2IkuZvNshYv7SRtGRDYsI8pR/4KWffPZk ++T6tfB1aVPyBV+/nU6l+SnaUsNVSot80pEZCCK+NIKYupjYup4HRJpU2+5oPcSmpn ++IgfQTlJmCOoEeBFG28aRzLSs6anlIjY0BIu6BSKhdr04taOlgPCh2x3cRGUvQMnV ++olbxMLxOqLHiLSixbNqv4tcEiKfRC9qv3+5Ec3SnWSrenReA0cqpamJNPnj5ZjHs ++96a/ipFfPXWzCInNQv4/DUO6tD2yZvMOACzPtXYUmdR4JwIDAQABo4GNMIGKMAwG ++A1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsG ++AQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJfm323LJbKTM/tMKSt0 ++qlUqewbnMB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tUMA0GCSqGSIb3 ++DQEBCwUAA4IBAQC1a0NQfmqT8Ky/BFo5H+G+GoQTlqi3J83ujAMdLUD57zYCEyDL ++XzAhMPfrOSLPDcQb0ooD1Ie+Rz8Xs1h00cD2OGKwH479+nisF5ksqJVJ4fn/aNFE ++6W2Xb3MCB+4FRdmy0UeDDA6N2OpVskCM30s9tmovlBLVK46HogdLvy/O1o7z/gbx ++vV8luevxobnevZ3NdWLyVE3BJZiThBHmZUvL1XNy4KAR4wDAkbCwoTN/JkehTu0i ++WR6DaG7N7M6psc7rctfzRqimlAkxnoAUwc8LwNLTB3v613xXX8iSUsLKsh6pQfZR ++e5wnYQIS4MzowvDx8WevTPMRKlN72d8HHuv9 + -----END CERTIFICATE----- +--- a/testenv/certs/server-crl.pem ++++ b/testenv/certs/server-crl.pem +@@ -1,12 +1,12 @@ + -----BEGIN X509 CRL----- +-MIIB1DCBvQIBATANBgkqhkiG9w0BAQsFADAwMREwDwYDVQQDEwhHTlUgV2dldDEN +-MAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VGA8yMDE0MTExMTE2NDU1NFoYDzk5 +-OTkxMjMxMjM1OTU5WjAdMBsCCFRiO986yHnjGA8yMDE0MTExMTE2NDU1NFqgNjA0 +-MB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tUMBEGA1UdFAQKAghUYj1E +-KHs9ijANBgkqhkiG9w0BAQsFAAOCAQEAZgwqs1VOFG39dFHHMXvBr4eJfhwiG4bC +-cL6IvLhvl9ikcyQMHrpOBtNjkCtgclSbJjjTDdera1+zuCWE0WBOJ4mojYdAIOhR +-QvSwp4NwAtibu2F/fjeXoo+LEpcRKtLvAotB30eCZ1OPrijsa/HxFILOLlayjns8 +-wM4RmQC4o43y1G/1jqM8hGDg4Wz0j1URVuyP+pU55JpubV5LlExy3gIRwevD2lam +-q3hiighenJYFO3HGZkYT2SIoSpXZnQqKPJ4HwRBSg/cjOpc1y1lIIvKhmk+Cut6M +-+S5HL4pIk8vGYg57nTfOOkj1goqFkfU0DBqvVAZj02ay/VIDu61T1g== ++MIIB1jCBvwIBATANBgkqhkiG9w0BAQsFADAwMREwDwYDVQQDEwhHTlUgV2dldDEN ++MAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VFw0xNzA3MDgxNTA3MDRaFw0xODA3 ++MDgxNTA3MDRaMB8wHQIMWWD1GB1UFkEICdQvFw0xNzA3MDgxNTA3MDRaoDowODAf ++BgNVHSMEGDAWgBTzPk44hEqpvsFvx2GjUNpuKYvrVDAVBgNVHRQEDgIMWWD1GB4C ++YfERSnyEMA0GCSqGSIb3DQEBCwUAA4IBAQAAKu+Lum1l/XtcCJ43WveouPK97iOE ++bjUZWaGYx8Ys/iBdhTa1GXG+E+JuyqgyHTW0HrWJi1D+GiYmsjPJXoEgVgtxXEQ7 ++8b3NyIQ8OCsSTTlVCmLECN9R0xlsitzH+HXOaIEs5sbmIxCnxu+brqno9gQocmCv ++LHYvoSxsSsOCkkmodbYtKssl2dBonvQPSijN/z3NhZ259e2U3Yv4V7/MrEoTvOxg ++M0GC0u0Nx86EWbq0sWeiUu270Qk9En5YGNtRhkeq0bXerJswmMAmvrtuKdyfouny ++4WMvtn30xsO3WwWSV2oyrDSN/IQdDbcmul/bg8ewqlnN77cVf2m70c/W + -----END X509 CRL----- +--- a/testenv/certs/server-template.cfg ++++ b/testenv/certs/server-template.cfg +@@ -68,7 +68,6 @@ expiration_days = -1 + # X.509 v3 extensions + + # A dnsname in case of a WWW server. +-dns_name = "127.0.0.1" + dns_name = "localhost" + + # A subject alternative name URI +--- a/testenv/test/base_test.py ++++ b/testenv/test/base_test.py +@@ -90,7 +90,7 @@ class BaseTest: + # ports and etc. + # so we should record different domains respect to servers. + domain = self.get_domain_addr(instance.server_address) +- self.domains.append(domain[0]) ++ self.domains.append('localhost') + self.ports.append(domain[1]) + + def exec_wget(self): diff --git a/net-misc/wget/wget-1.19.1-r2.ebuild b/net-misc/wget/wget-1.19.1-r2.ebuild new file mode 100644 index 000000000000..a7329fb922a0 --- /dev/null +++ b/net-misc/wget/wget-1.19.1-r2.ebuild @@ -0,0 +1,115 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +PYTHON_COMPAT=( python3_{4,5,6} ) + +inherit flag-o-matic python-any-r1 toolchain-funcs + +DESCRIPTION="Network utility to retrieve files from the WWW" +HOMEPAGE="https://www.gnu.org/software/wget/" +SRC_URI="mirror://gnu/wget/${P}.tar.xz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib" +REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )" + +# Force a newer libidn2 to avoid libunistring deps. #612498 +LIB_DEPEND="idn? ( >=net-dns/libidn2-0.14[static-libs(+)] ) + pcre? ( dev-libs/libpcre[static-libs(+)] ) + ssl? ( + gnutls? ( net-libs/gnutls:0=[static-libs(+)] ) + !gnutls? ( + !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) + libressl? ( dev-libs/libressl[static-libs(+)] ) + ) + ) + uuid? ( sys-apps/util-linux[static-libs(+)] ) + zlib? ( sys-libs/zlib[static-libs(+)] )" +RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )" +DEPEND="${RDEPEND} + app-arch/xz-utils + virtual/pkgconfig + static? ( ${LIB_DEPEND} ) + test? ( + ${PYTHON_DEPS} + dev-lang/perl + dev-perl/HTTP-Daemon + dev-perl/HTTP-Message + dev-perl/IO-Socket-SSL + ) + nls? ( sys-devel/gettext )" + +DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc ) + +PATCHES=( + "${FILESDIR}"/${P}-CRLF_injection.patch + "${FILESDIR}"/${PN}-1.19.1-fix-Perl-warnings-in-tests.patch + "${FILESDIR}"/${PN}-1.19.1-fix-Python-test-suite.patch + "${FILESDIR}"/${PN}-1.19.1-CVE-2017-13089.patch + "${FILESDIR}"/${PN}-1.19.1-CVE-2017-13090.patch +) + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # revert some hack that breaks linking, bug #585924 + if [[ ${CHOST} == *-darwin* ]] || [[ ${CHOST} == *-solaris* ]] || [[ ${CHOST} == *-uclibc* ]]; then + sed -i \ + -e 's/^ LIBICONV=$/:/' \ + configure || die + fi +} + +src_configure() { + # fix compilation on Solaris, we need filio.h for FIONBIO as used in + # the included gnutls -- force ioctl.h to include this header + [[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1 + + if use static ; then + append-ldflags -static + tc-export PKG_CONFIG + PKG_CONFIG+=" --static" + fi + + # There is no flag that controls this. libunistring-prefix only + # controls the search path (which is why we turn it off below). + # Further, libunistring is only needed w/older libidn2 installs, + # and since we force the latest, we can force off libunistring. #612498 + ac_cv_libunistring=no \ + econf \ + --disable-assert \ + --disable-rpath \ + --without-included-libunistring \ + --without-libunistring-prefix \ + $(use_enable debug) \ + $(use_enable idn iri) \ + $(use_enable ipv6) \ + $(use_enable nls) \ + $(use_enable ntlm) \ + $(use_enable pcre) \ + $(use_enable ssl digest) \ + $(use_enable ssl opie) \ + $(use_with idn libidn) \ + $(use_with ssl ssl $(usex gnutls gnutls openssl)) \ + $(use_with uuid libuuid) \ + $(use_with zlib) +} + +src_install() { + default + + sed -i \ + -e "s:/usr/local/etc:${EPREFIX}/etc:g" \ + "${ED}"/etc/wgetrc \ + "${ED}"/usr/share/man/man1/wget.1 \ + "${ED}"/usr/share/info/wget.info \ + || die +} |