Mail archive
alpine-aports

[alpine-aports] [PATCH v3.3] main/wget: security fixes #7090

From: Sergei Lukin <sergej.lukin_at_gmail.com>
Date: Wed, 5 Apr 2017 05:53:43 +0000

CVE-2017-6508: CRLF injection in the url_parse function in url.c
---
 main/wget/APKBUILD            | 20 +++++++++++++++-----
 main/wget/CVE-2017-6508.patch | 26 ++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 5 deletions(-)
 create mode 100644 main/wget/CVE-2017-6508.patch
diff --git a/main/wget/APKBUILD b/main/wget/APKBUILD
index d101957..8ff495e 100644
--- a/main/wget/APKBUILD
+++ b/main/wget/APKBUILD
_at_@ -1,8 +1,9 @@
+# Contributor: Sergei Lukin <sergej.lukin_at_gmail.com>
 # Contributor: Carlo Landmeter <clandmeter_at_gmail.com>
 # Maintainer: Carlo Landmeter <clandmeter_at_gmail.com>
 pkgname=wget
 pkgver=1.17.1
-pkgrel=1
+pkgrel=2
 pkgdesc="A network utility to retrieve files from the Web"
 url="http://www.gnu.org/software/wget/wget.html"
 arch="all"
_at_@ -12,7 +13,13 @@ makedepends="openssl-dev perl"
 subpackages="$pkgname-doc"
 install=""
 source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
-	CVE-2016-4971.patch"
+	CVE-2016-4971.patch
+	CVE-2017-6508.patch
+	"
+
+# secfixes:
+#   1.17.1-r2:
+#   - CVE-2017-6508
 
 _builddir="$srcdir"/$pkgname-$pkgver
 prepare() {
_at_@ -49,8 +56,11 @@ package() {
 }
 
 md5sums="a6a908c9ae0e6a4194c628974cc3f05a  wget-1.17.1.tar.gz
-9e02ee4b55e4121339696db6150fc57a  CVE-2016-4971.patch"
+9e02ee4b55e4121339696db6150fc57a  CVE-2016-4971.patch
+142f1d01db302e1429673701472df182  CVE-2017-6508.patch"
 sha256sums="029fbb93bdc1c0c5a7507b6076a6ec2f8d34204a85aa87e5b2f61a9405b290f5  wget-1.17.1.tar.gz
-f1371a6e21d105c67fc1079af24e16596762dfd442ca0c4c8af37f1f92371f34  CVE-2016-4971.patch"
+f1371a6e21d105c67fc1079af24e16596762dfd442ca0c4c8af37f1f92371f34  CVE-2016-4971.patch
+f298bc740e32a5b14b61ff08a40a671221e7e8238268624211751174092b5451  CVE-2017-6508.patch"
 sha512sums="1e99f898669bdb6a330a53b40fac1fc563ad1ce9f6c7f2f25fe3f1cdd3a1a1f094e59c45a8f6497ab0c05d47cbc453ffb5fb6a5507e9a2c9ccf6cddda2aaeaf0  wget-1.17.1.tar.gz
-3ae20be07620020f34782f89c1c22444f4da10b7ab10bbc56da38e2c59958841a8c4d5984d7b40f6d1a6a9632ba7410650b1460569ff7bb6f2fcec34bfdd2ec4  CVE-2016-4971.patch"
+3ae20be07620020f34782f89c1c22444f4da10b7ab10bbc56da38e2c59958841a8c4d5984d7b40f6d1a6a9632ba7410650b1460569ff7bb6f2fcec34bfdd2ec4  CVE-2016-4971.patch
+b640db3aaadb6d25b8391bbf1b6c4d8d07bd7200f9dd21502ff9533e4e356a1c55dd252c9bc2c6e27dcc8d41596e0890ff460c80a0a06166c7bb63e112824e1b  CVE-2017-6508.patch"
diff --git a/main/wget/CVE-2017-6508.patch b/main/wget/CVE-2017-6508.patch
new file mode 100644
index 0000000..0da025d
--- /dev/null
+++ b/main/wget/CVE-2017-6508.patch
_at_@ -0,0 +1,26 @@
+Patch source:
+http://git.savannah.gnu.org/cgit/wget.git/diff/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
+
+diff --git a/src/url.c b/src/url.c
+index 8f8ff0b..7d36b27 100644
+--- a/src/url.c
++++ b/src/url.c
+_at_@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode)
+       url_unescape (u->host);
+       host_modified = true;
+ 
++      /* check for invalid control characters in host name */
++      for (p = u->host; *p; p++)
++        {
++          if (c_iscntrl(*p))
++            {
++              url_free(u);
++              error_code = PE_INVALID_HOST_NAME;
++              goto error;
++            }
++        }
++
+       /* Apply IDNA regardless of iri->utf8_encode status */
+       if (opt.enable_iri && iri)
+         {
+
-- 
2.6.6
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Wed Apr 05 2017 - 05:53:43 GMT