CVE-2017-6508: CRLF injection in the url_parse function in url.c
---
main/wget/APKBUILD | 20 +++++++++++++++-----
main/wget/CVE-2017-6508.patch | 25 +++++++++++++++++++++++++
2 files changed, 40 insertions(+), 5 deletions(-)
create mode 100644 main/wget/CVE-2017-6508.patch
diff --git a/main/wget/APKBUILD b/main/wget/APKBUILD
index 1bbd5a9d2d..ecf8c5c1d1 100644
--- a/main/wget/APKBUILD
+++ b/main/wget/APKBUILD
@@ -1,8 +1,9 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=wget
pkgver=1.18
-pkgrel=1
+pkgrel=2
pkgdesc="A network utility to retrieve files from the Web"
url="http://www.gnu.org/software/wget/wget.html"
arch="all"
@@ -11,7 +12,13 @@ depends=""
makedepends="libressl-dev perl"
subpackages="$pkgname-doc"
install=""
-source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
+source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
+ CVE-2017-6508.patch
+ "
+
+# secfixes:
+# 1.19.1-r1:
+# - CVE-2017-6508
_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
@@ -47,6 +54,9 @@ package() {
return 0
}
-md5sums="fc2debd8399e3b933a9b226794e2a886 wget-1.18.tar.gz"
-sha256sums="a00a65fab84cc46e24c53ce88c45604668a7a479276e037dc2f558e34717fb2d wget-1.18.tar.gz"
-sha512sums="a6c31ea7161e5af1552713edc6d9e386e4d63e53660bedbc4b099c7a4c7bbbdfedb4fc8abea67158899dee82b6331c87b1f2a9cb14cbcbcfa6e19a7fdf26b0a1 wget-1.18.tar.gz"
+md5sums="fc2debd8399e3b933a9b226794e2a886 wget-1.18.tar.gz
+85943debf4c1633acb0b011429783e5d CVE-2017-6508.patch"
+sha256sums="a00a65fab84cc46e24c53ce88c45604668a7a479276e037dc2f558e34717fb2d wget-1.18.tar.gz
+a594d3d1743b5a53f5c77bce8c21752776402bf7b65fd178aeee9d61afd07f3e CVE-2017-6508.patch"
+sha512sums="a6c31ea7161e5af1552713edc6d9e386e4d63e53660bedbc4b099c7a4c7bbbdfedb4fc8abea67158899dee82b6331c87b1f2a9cb14cbcbcfa6e19a7fdf26b0a1 wget-1.18.tar.gz
+666b94bcba6a257be01f0d18897c13afe7dcc4eb156e7d6b386de06fdcbdd0da31a2cc7a8ffaa5108dff67872f610b9df30d0df9e8132283255ec6c608fff904 CVE-2017-6508.patch"
diff --git a/main/wget/CVE-2017-6508.patch b/main/wget/CVE-2017-6508.patch
new file mode 100644
index 0000000000..b685d8dab4
--- /dev/null
+++ b/main/wget/CVE-2017-6508.patch
@@ -0,0 +1,25 @@
+Patch source:
+http://git.savannah.gnu.org/cgit/wget.git/diff/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
+
+diff --git a/src/url.c b/src/url.c
+index 8f8ff0b..7d36b27 100644
+--- a/src/url.c
++++ b/src/url.c
+@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode)
+ url_unescape (u->host);
+ host_modified = true;
+
++ /* check for invalid control characters in host name */
++ for (p = u->host; *p; p++)
++ {
++ if (c_iscntrl(*p))
++ {
++ url_free(u);
++ error_code = PE_INVALID_HOST_NAME;
++ goto error;
++ }
++ }
++
+ /* Apply IDNA regardless of iri->utf8_encode status */
+ if (opt.enable_iri && iri)
+ {
--
2.11.1
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---