From: Ladislav Michl <ladis@linux-mips.org>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH v2 1/2] wget: version bump 1.19.1 -> 1.20
Date: Sat, 12 Jan 2019 10:02:18 +0100 [thread overview]
Message-ID: <20190112090218.GB28371@lenoch> (raw)
CVE-2017-6508 patch was merged upstream, so remove it.
Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
---
Changes:
-v2: also remove patch
patches/wget-1.19.1/CVE-2017-6508.patch | 31 -------------------------
patches/wget-1.19.1/series | 1 -
rules/wget.make | 4 ++--
3 files changed, 2 insertions(+), 34 deletions(-)
delete mode 100644 patches/wget-1.19.1/CVE-2017-6508.patch
delete mode 100644 patches/wget-1.19.1/series
diff --git a/patches/wget-1.19.1/CVE-2017-6508.patch b/patches/wget-1.19.1/CVE-2017-6508.patch
deleted file mode 100644
index bb2f63f5c..000000000
--- a/patches/wget-1.19.1/CVE-2017-6508.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Tim Rühsen <tim.ruehsen@gmx.de>
-Date: Mon Mar 6 10:04:22 2017 +0100
-Subject: Fix CRLF injection in Wget host part
-
-* src/url.c (url_parse): Reject control characters in host part of URL
-
-Reported-by: Orange Tsai
-
-commit 4d729e322fae359a1aefaafec1144764a54e8ad4
-diff --git a/src/url.c b/src/url.c
-index 8f8ff0b8..7d36b27d 100644
---- a/src/url.c
-+++ b/src/url.c
-@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode)
- url_unescape (u->host);
- host_modified = true;
-
-+ /* check for invalid control characters in host name */
-+ for (p = u->host; *p; p++)
-+ {
-+ if (c_iscntrl(*p))
-+ {
-+ url_free(u);
-+ error_code = PE_INVALID_HOST_NAME;
-+ goto error;
-+ }
-+ }
-+
- /* Apply IDNA regardless of iri->utf8_encode status */
- if (opt.enable_iri && iri)
- {
diff --git a/patches/wget-1.19.1/series b/patches/wget-1.19.1/series
deleted file mode 100644
index f58bfe356..000000000
--- a/patches/wget-1.19.1/series
+++ /dev/null
@@ -1 +0,0 @@
-CVE-2017-6508.patch
diff --git a/rules/wget.make b/rules/wget.make
index 4e62dd18c..9e17d410e 100644
--- a/rules/wget.make
+++ b/rules/wget.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_WGET) += wget
#
# Paths and names
#
-WGET_VERSION := 1.19.1
-WGET_MD5 := 87cea36b7161fd43e3fd51a4e8b89689
+WGET_VERSION := 1.20
+WGET_MD5 := 9f1515d083b769e9ff7642ce6016518e
WGET := wget-$(WGET_VERSION)
WGET_SUFFIX := tar.gz
WGET_URL := $(call ptx/mirror, GNU, wget/$(WGET).$(WGET_SUFFIX))
--
2.20.1
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
next reply other threads:[~2019-01-12 9:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-12 9:02 Ladislav Michl [this message]
2019-01-12 9:03 ` [ptxdist] [PATCH v2 2/2] wget: add TLS support Ladislav Michl
2019-01-14 7:47 ` Ladislav Michl
2019-01-14 7:50 ` Denis OSTERLAND
2019-01-14 9:26 ` Ladislav Michl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190112090218.GB28371@lenoch \
--to=ladis@linux-mips.org \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox