pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/wget wget: update to 1.19.2.
details: https://anonhg.NetBSD.org/pkgsrc/rev/b8032632850a
branches: trunk
changeset: 371845:b8032632850a
user: wiz <wiz%pkgsrc.org@localhost>
date: Thu Nov 23 16:03:29 2017 +0000
description:
wget: update to 1.19.2.
* Changes in Wget 1.19.2
* Fix CVE-2017-13089 (Stack overflow in HTTP protocol handling)
* Fix CVE-2017-13090 (Heap overflow in HTTP protocol handling)
* New option --compression for gzip Content-Encoding
* New option --[no]-netrc to control .netrc parsing
* Added GNU extensions to .netrc parsing
* Improved IDNA 2003 compatibility
* Fix VPATH issues
* Improved and extended the test suite
* Support Wayback Machine's X-Archive-Orig-last-modified
* Several bug fixes
diffstat:
net/wget/Makefile | 12 ++--------
net/wget/distinfo | 16 ++++---------
net/wget/patches/patch-CVE-2017-13089 | 36 --------------------------------
net/wget/patches/patch-CVE-2017-13090 | 39 -----------------------------------
4 files changed, 8 insertions(+), 95 deletions(-)
diffs (127 lines):
diff -r 6e44c5b71f90 -r b8032632850a net/wget/Makefile
--- a/net/wget/Makefile Thu Nov 23 15:59:59 2017 +0000
+++ b/net/wget/Makefile Thu Nov 23 16:03:29 2017 +0000
@@ -1,15 +1,9 @@
-# $NetBSD: Makefile,v 1.137 2017/11/14 09:51:13 leot Exp $
+# $NetBSD: Makefile,v 1.138 2017/11/23 16:03:29 wiz Exp $
-DISTNAME= wget-1.19.1
-PKGREVISION= 3
+DISTNAME= wget-1.19.2
CATEGORIES= net
MASTER_SITES= ${MASTER_SITE_GNU:=wget/}
-EXTRACT_SUFX= .tar.xz
-
-PATCH_SITES= http://git.savannah.gnu.org/cgit/wget.git/patch/?id=
-PATCH_DIST_STRIP= -p1
-# For CVE-2017-6508
-PATCHFILES= 4d729e322fae359a1aefaafec1144764a54e8ad4
+EXTRACT_SUFX= .tar.lz
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
HOMEPAGE= http://www.gnu.org/software/wget/wget.html
diff -r 6e44c5b71f90 -r b8032632850a net/wget/distinfo
--- a/net/wget/distinfo Thu Nov 23 15:59:59 2017 +0000
+++ b/net/wget/distinfo Thu Nov 23 16:03:29 2017 +0000
@@ -1,13 +1,7 @@
-$NetBSD: distinfo,v 1.55 2017/10/26 15:01:38 tez Exp $
+$NetBSD: distinfo,v 1.56 2017/11/23 16:03:29 wiz Exp $
-SHA1 (4d729e322fae359a1aefaafec1144764a54e8ad4) = 95acf2c162f0e413c40c5881940daafff2cca9bb
-RMD160 (4d729e322fae359a1aefaafec1144764a54e8ad4) = 41f0ac16a00f0837045120d1b65fd0e86c5c8618
-SHA512 (4d729e322fae359a1aefaafec1144764a54e8ad4) = fd36c9225c567e9958f030449f40cb747c0a23b7023fd4eee4e982c867d96be1562377a2d9b80150d9dc714bdbdc2bd509a8a244c4969c731002bdf6434d9cf8
-Size (4d729e322fae359a1aefaafec1144764a54e8ad4) = 1051 bytes
-SHA1 (wget-1.19.1.tar.xz) = cde25e99c144191644406793cbd1c69c102c6970
-RMD160 (wget-1.19.1.tar.xz) = 158d759b81c0893cc9c83e4beabb104f4987f6dd
-SHA512 (wget-1.19.1.tar.xz) = 00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5
-Size (wget-1.19.1.tar.xz) = 2111756 bytes
-SHA1 (patch-CVE-2017-13089) = 4dc004441198b6ae1cb2fb07eb6db3d55a007d1a
-SHA1 (patch-CVE-2017-13090) = ad77c0406bb0e08979067649f93f5fa07328a1ea
+SHA1 (wget-1.19.2.tar.lz) = 262ddadec85b7836e2f724a4f3e47797a063f772
+RMD160 (wget-1.19.2.tar.lz) = a304bb50b388eaeeb23f4222d38fb45acc75bd5a
+SHA512 (wget-1.19.2.tar.lz) = ed99ca6cc58a6a9001326d1081c4110ff9732a11b0b2c129ef4e9719aab029087276bfce9fb38c0d56c19054f5417b37d712098b2ec9e814e68a68f9a5b48cec
+Size (wget-1.19.2.tar.lz) = 2152055 bytes
SHA1 (patch-doc_wget.texi) = 6db25b3500ff4617b5ade34d9013b1f9876104f8
diff -r 6e44c5b71f90 -r b8032632850a net/wget/patches/patch-CVE-2017-13089
--- a/net/wget/patches/patch-CVE-2017-13089 Thu Nov 23 15:59:59 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,36 +0,0 @@
-$NetBSD: patch-CVE-2017-13089,v 1.1 2017/10/26 15:01:38 tez Exp $
-
-From 3dbc2e06ad487862c2fcc64d4891ff8aeb254bad Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen%gmx.de@localhost>
-Date: Fri, 20 Oct 2017 10:59:38 +0200
-Subject: [PATCH 1/2] Fix stack overflow in HTTP protocol handling
- (CVE-2017-13089)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-* src/http.c (skip_short_body): Return error on negative chunk size
-
-Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
-Reported-by: Juhani Eronen from Finnish National Cyber Security Centre
----
- src/http.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/http.c b/src/http.c
-index 55367688..dc318231 100644
---- src/http.c
-+++ src/http.c
-@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked)
- remaining_chunk_size = strtol (line, &endl, 16);
- xfree (line);
-
-+ if (remaining_chunk_size < 0)
-+ return false;
-+
- if (remaining_chunk_size == 0)
- {
- line = fd_read_line (fd);
---
-2.15.0.rc1
-
diff -r 6e44c5b71f90 -r b8032632850a net/wget/patches/patch-CVE-2017-13090
--- a/net/wget/patches/patch-CVE-2017-13090 Thu Nov 23 15:59:59 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,39 +0,0 @@
-$NetBSD: patch-CVE-2017-13090,v 1.1 2017/10/26 15:01:38 tez Exp $
-
-From 28925c37b72867c0819799c6f35caf9439080f83 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen%gmx.de@localhost>
-Date: Fri, 20 Oct 2017 15:15:47 +0200
-Subject: [PATCH 2/2] Fix heap overflow in HTTP protocol handling
- (CVE-2017-13090)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-* src/retr.c (fd_read_body): Stop processing on negative chunk size
-
-Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
-Reported-by: Juhani Eronen from Finnish National Cyber Security Centre
----
- src/retr.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/retr.c b/src/retr.c
-index a27d58af..723ac725 100644
---- src/retr.c
-+++ src/retr.c
-@@ -378,6 +378,12 @@ fd_read_body (const char *downloaded_filename, int fd, FILE *out, wgint toread,
- remaining_chunk_size = strtol (line, &endl, 16);
- xfree (line);
-
-+ if (remaining_chunk_size < 0)
-+ {
-+ ret = -1;
-+ break;
-+ }
-+
- if (remaining_chunk_size == 0)
- {
- ret = 0;
---
-2.15.0.rc1
-
Home |
Main Index |
Thread Index |
Old Index