~alpine/aports

[alpine-aports] [PATCH v3.2] main/wget: security fixes #7091

Details
Message ID
<1491371872-12588-1-git-send-email-sergej.lukin@gmail.com>
Sender timestamp
1491371872
DKIM signature
missing
Download raw message
Patch: +41 -5
CVE-2017-6508: CRLF injection in the url_parse function in url.c
---
 main/wget/APKBUILD            | 20 +++++++++++++++-----
 main/wget/CVE-2017-6508.patch | 26 ++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 5 deletions(-)
 create mode 100644 main/wget/CVE-2017-6508.patch

diff --git a/main/wget/APKBUILD b/main/wget/APKBUILD
index 1ac7625..edf6e3a 100644
--- a/main/wget/APKBUILD
+++ b/main/wget/APKBUILD
@@ -1,8 +1,9 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=wget
pkgver=1.18
pkgrel=0
pkgrel=1
pkgdesc="A network utility to retrieve files from the Web"
url="http://www.gnu.org/software/wget/wget.html"
arch="all"
@@ -11,7 +12,13 @@ depends=""
makedepends="openssl-dev perl"
subpackages="$pkgname-doc"
install="wget.post-deinstall"
source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
	CVE-2017-6508.patch
	"

# secfixes:
#   1.18-r1:
#   - CVE-2017-6508

_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
@@ -47,6 +54,9 @@ package() {
	return 0
}

md5sums="fc2debd8399e3b933a9b226794e2a886  wget-1.18.tar.gz"
sha256sums="a00a65fab84cc46e24c53ce88c45604668a7a479276e037dc2f558e34717fb2d  wget-1.18.tar.gz"
sha512sums="a6c31ea7161e5af1552713edc6d9e386e4d63e53660bedbc4b099c7a4c7bbbdfedb4fc8abea67158899dee82b6331c87b1f2a9cb14cbcbcfa6e19a7fdf26b0a1  wget-1.18.tar.gz"
md5sums="fc2debd8399e3b933a9b226794e2a886  wget-1.18.tar.gz
142f1d01db302e1429673701472df182  CVE-2017-6508.patch"
sha256sums="a00a65fab84cc46e24c53ce88c45604668a7a479276e037dc2f558e34717fb2d  wget-1.18.tar.gz
f298bc740e32a5b14b61ff08a40a671221e7e8238268624211751174092b5451  CVE-2017-6508.patch"
sha512sums="a6c31ea7161e5af1552713edc6d9e386e4d63e53660bedbc4b099c7a4c7bbbdfedb4fc8abea67158899dee82b6331c87b1f2a9cb14cbcbcfa6e19a7fdf26b0a1  wget-1.18.tar.gz
b640db3aaadb6d25b8391bbf1b6c4d8d07bd7200f9dd21502ff9533e4e356a1c55dd252c9bc2c6e27dcc8d41596e0890ff460c80a0a06166c7bb63e112824e1b  CVE-2017-6508.patch"
diff --git a/main/wget/CVE-2017-6508.patch b/main/wget/CVE-2017-6508.patch
new file mode 100644
index 0000000..0da025d
--- /dev/null
+++ b/main/wget/CVE-2017-6508.patch
@@ -0,0 +1,26 @@
Patch source:
http://git.savannah.gnu.org/cgit/wget.git/diff/?id=4d729e322fae359a1aefaafec1144764a54e8ad4

diff --git a/src/url.c b/src/url.c
index 8f8ff0b..7d36b27 100644
--- a/src/url.c
+++ b/src/url.c
@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode)
       url_unescape (u->host);
       host_modified = true;
 
+      /* check for invalid control characters in host name */
+      for (p = u->host; *p; p++)
+        {
+          if (c_iscntrl(*p))
+            {
+              url_free(u);
+              error_code = PE_INVALID_HOST_NAME;
+              goto error;
+            }
+        }
+
       /* Apply IDNA regardless of iri->utf8_encode status */
       if (opt.enable_iri && iri)
         {

-- 
2.4.11



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)