[ptxdist] [PATCH v2 1/2] wget: version bump 1.19.1 -> 1.20

[ptxdist] [PATCH v2 1/2] wget: version bump 1.19.1 -> 1.20

[Ladislav Michl]

CVE-2017-6508 patch was merged upstream, so remove it.

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
---
 Changes:
 -v2: also remove patch

 patches/wget-1.19.1/CVE-2017-6508.patch | 31 -------------------------
 patches/wget-1.19.1/series              |  1 -
 rules/wget.make                         |  4 ++--
 3 files changed, 2 insertions(+), 34 deletions(-)
 delete mode 100644 patches/wget-1.19.1/CVE-2017-6508.patch
 delete mode 100644 patches/wget-1.19.1/series

diff --git a/patches/wget-1.19.1/CVE-2017-6508.patch b/patches/wget-1.19.1/CVE-2017-6508.patch
deleted file mode 100644
index bb2f63f5c..000000000
--- a/patches/wget-1.19.1/CVE-2017-6508.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Tim Rühsen <tim.ruehsen@gmx.de>
-Date: Mon Mar 6 10:04:22 2017 +0100
-Subject: Fix CRLF injection in Wget host part
-
-* src/url.c (url_parse): Reject control characters in host part of URL
-
-Reported-by: Orange Tsai
-
-commit 4d729e322fae359a1aefaafec1144764a54e8ad4
-diff --git a/src/url.c b/src/url.c
-index 8f8ff0b8..7d36b27d 100644
---- a/src/url.c
-+++ b/src/url.c
-@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode)
-       url_unescape (u->host);
-       host_modified = true;
- 
-+      /* check for invalid control characters in host name */
-+      for (p = u->host; *p; p++)
-+        {
-+          if (c_iscntrl(*p))
-+            {
-+              url_free(u);
-+              error_code = PE_INVALID_HOST_NAME;
-+              goto error;
-+            }
-+        }
-+
-       /* Apply IDNA regardless of iri->utf8_encode status */
-       if (opt.enable_iri && iri)
-         {
diff --git a/patches/wget-1.19.1/series b/patches/wget-1.19.1/series
deleted file mode 100644
index f58bfe356..000000000
--- a/patches/wget-1.19.1/series
+++ /dev/null
@@ -1 +0,0 @@
-CVE-2017-6508.patch
diff --git a/rules/wget.make b/rules/wget.make
index 4e62dd18c..9e17d410e 100644
--- a/rules/wget.make
+++ b/rules/wget.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_WGET) += wget
 #
 # Paths and names
 #
-WGET_VERSION	:= 1.19.1
-WGET_MD5	:= 87cea36b7161fd43e3fd51a4e8b89689
+WGET_VERSION	:= 1.20
+WGET_MD5	:= 9f1515d083b769e9ff7642ce6016518e
 WGET		:= wget-$(WGET_VERSION)
 WGET_SUFFIX	:= tar.gz
 WGET_URL	:= $(call ptx/mirror, GNU, wget/$(WGET).$(WGET_SUFFIX))
-- 
2.20.1



_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH v2 2/2] wget: add TLS support

[Ladislav Michl]

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
---
 Changes:
 -v2: fix indentation, simplify --with-ssl

 rules/wget.in   | 47 +++++++++++++++++++++++++++++++++++++++++++++--
 rules/wget.make |  9 +++++----
 2 files changed, 50 insertions(+), 6 deletions(-)

diff --git a/rules/wget.in b/rules/wget.in
index 033946bcc..4f9edef03 100644
--- a/rules/wget.in
+++ b/rules/wget.in
@@ -1,10 +1,14 @@
 ## SECTION=networking
-config WGET
+
+menuconfig WGET
 	tristate
-	prompt "wget"
+	prompt "wget                          "
 	depends on !BUSYBOX_WGET || ALLYES
 	select LIBC_RT
 	select GCCLIBS_GCC_S
+	select GNUTLS	if WGET_SSL_GNUTLS
+	select OPENSSL	if WGET_SSL_OPENSSL
+	select ZLIB	if WGET_ZLIB
 	help
 	  GNU wget is a commandline mirroring tool.
 
@@ -34,5 +38,44 @@ config WGET
 
 	  http://www.gnu.org/software/wget/
 
+if WGET
+
+choice
+	prompt "SSL support"
+	default WGET_SSL_NONE
+
+	config WGET_SSL_OPENSSL
+		bool
+		prompt "OpenSSL"
+		help
+		  Wget uses OpenSSL
+
+	config WGET_SSL_GNUTLS
+		bool
+		prompt "GNU TLS"
+		help
+		  Wget uses GNU TLS
+
+	config WGET_SSL_NONE
+		bool
+		prompt "none"
+		help
+		  No SSL support for wget
+
+endchoice
+
+config WGET_SSL
+	string
+	default "openssl"	if WGET_SSL_OPENSSL
+	default "gnutls"	if WGET_SSL_GNUTLS
+	default "no"		if WGET_SSL_NONE
+
+config WGET_ZLIB
+	bool "zlib support"
+	help
+	  Build wget with zlib support
+
+endif
+
 comment "BusyBox's wget is selected!"
 	depends on BUSYBOX_WGET
diff --git a/rules/wget.make b/rules/wget.make
index 9e17d410e..4d8c3ddea 100644
--- a/rules/wget.make
+++ b/rules/wget.make
@@ -37,7 +37,8 @@ WGET_ENV := \
 #
 # autoconf
 #
-WGET_AUTOCONF := \
+WGET_CONF_TOOL := autoconf
+WGET_CONF_OPT := \
 	$(CROSS_AUTOCONF_USR) \
 	--enable-opie \
 	--enable-digest \
@@ -54,11 +55,11 @@ WGET_AUTOCONF := \
 	--disable-pcre \
 	--disable-xattr \
 	--without-libpsl \
-	--without-ssl \
-	--without-zlib \
+	--with-ssl=$(PTXCONF_WGET_SSL) \
+	--$(call ptx/wwo,PTXCONF_WGET_ZLIB)-zlib \
 	--with-metalink \
 	--without-cares \
-	--without-openssl \
+	--$(call ptx/wwo,PTXCONF_WGET_OPENSSL)-openssl \
 	--with-included-libunistring \
 	--without-included-regex \
 	--with-libidn=/usr \
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v2 2/2] wget: add TLS support

[Ladislav Michl]

v3 with changes bellow...

On Sat, Jan 12, 2019 at 10:03:14AM +0100, Ladislav Michl wrote:
> Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
> ---
>  Changes:
>  -v2: fix indentation, simplify --with-ssl
> 
>  rules/wget.in   | 47 +++++++++++++++++++++++++++++++++++++++++++++--
>  rules/wget.make |  9 +++++----
>  2 files changed, 50 insertions(+), 6 deletions(-)
> 
> diff --git a/rules/wget.in b/rules/wget.in
> index 033946bcc..4f9edef03 100644
> --- a/rules/wget.in
> +++ b/rules/wget.in
> @@ -1,10 +1,14 @@
>  ## SECTION=networking
> -config WGET
> +
> +menuconfig WGET
>  	tristate
> -	prompt "wget"
> +	prompt "wget                          "
>  	depends on !BUSYBOX_WGET || ALLYES
>  	select LIBC_RT
>  	select GCCLIBS_GCC_S
> +	select GNUTLS	if WGET_SSL_GNUTLS
> +	select OPENSSL	if WGET_SSL_OPENSSL
> +	select ZLIB	if WGET_ZLIB
>  	help
>  	  GNU wget is a commandline mirroring tool.
>  
> @@ -34,5 +38,44 @@ config WGET
>  
>  	  http://www.gnu.org/software/wget/
>  
> +if WGET
> +
> +choice
> +	prompt "SSL support"
> +	default WGET_SSL_NONE
> +
> +	config WGET_SSL_OPENSSL
> +		bool
> +		prompt "OpenSSL"
> +		help
> +		  Wget uses OpenSSL
> +
> +	config WGET_SSL_GNUTLS
> +		bool
> +		prompt "GNU TLS"
> +		help
> +		  Wget uses GNU TLS
> +
> +	config WGET_SSL_NONE
> +		bool
> +		prompt "none"
> +		help
> +		  No SSL support for wget
> +
> +endchoice
> +
> +config WGET_SSL
> +	string
> +	default "openssl"	if WGET_SSL_OPENSSL
> +	default "gnutls"	if WGET_SSL_GNUTLS
> +	default "no"		if WGET_SSL_NONE
> +
> +config WGET_ZLIB
> +	bool "zlib support"
> +	help
> +	  Build wget with zlib support
> +
> +endif
> +
>  comment "BusyBox's wget is selected!"
>  	depends on BUSYBOX_WGET
> diff --git a/rules/wget.make b/rules/wget.make
> index 9e17d410e..4d8c3ddea 100644
> --- a/rules/wget.make
> +++ b/rules/wget.make
> @@ -37,7 +37,8 @@ WGET_ENV := \
>  #
>  # autoconf
>  #
> -WGET_AUTOCONF := \
> +WGET_CONF_TOOL := autoconf
> +WGET_CONF_OPT := \
>  	$(CROSS_AUTOCONF_USR) \
>  	--enable-opie \
>  	--enable-digest \
> @@ -54,11 +55,11 @@ WGET_AUTOCONF := \
>  	--disable-pcre \
>  	--disable-xattr \
>  	--without-libpsl \
> -	--without-ssl \
> -	--without-zlib \
> +	--with-ssl=$(PTXCONF_WGET_SSL) \

                   $(call remove_quotes,$(PTXCONF_WGET_SSL)

> +	--$(call ptx/wwo,PTXCONF_WGET_ZLIB)-zlib \
>  	--with-metalink \
>  	--without-cares \
> -	--without-openssl \
> +	--$(call ptx/wwo,PTXCONF_WGET_OPENSSL)-openssl \

                         PTXCONF_WGET_SSL_OPENSSL

>  	--with-included-libunistring \
>  	--without-included-regex \
>  	--with-libidn=/usr \
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v2 2/2] wget: add TLS support

[Denis OSTERLAND]

Hi,

Am Samstag, den 12.01.2019, 10:03 +0100 schrieb Ladislav Michl:
> +
> +config WGET_SSL
> +	string
> +	default "openssl"	if WGET_SSL_OPENSSL
> +	default "gnutls"	if WGET_SSL_GNUTLS
> +	default "no"		if WGET_SSL_NONE
> +
> +config WGET_ZLIB
> +	bool "zlib support"
> +	help
> +	  Build wget with zlib support
> +
> +endif
> +
>  comment "BusyBox's wget is selected!"
>  	depends on BUSYBOX_WGET
> diff --git a/rules/wget.make b/rules/wget.make
> index 9e17d410e..4d8c3ddea 100644
> --- a/rules/wget.make
> +++ b/rules/wget.make
> @@ -37,7 +37,8 @@ WGET_ENV := \
>  #
>  # autoconf
>  #
> -WGET_AUTOCONF := \
> +WGET_CONF_TOOL := autoconf
> +WGET_CONF_OPT := \
>  	$(CROSS_AUTOCONF_USR) \
>  	--enable-opie \
>  	--enable-digest \
> @@ -54,11 +55,11 @@ WGET_AUTOCONF := \
>  	--disable-pcre \
>  	--disable-xattr \
>  	--without-libpsl \
> -	--without-ssl \
> -	--without-zlib \
> +	--with-ssl=$(PTXCONF_WGET_SSL) \
> +	--$(call ptx/wwo,PTXCONF_WGET_ZLIB)-zlib \
>  	--with-metalink \
>  	--without-cares \
> -	--without-openssl \
> +	--$(call ptx/wwo,PTXCONF_WGET_OPENSSL)-openssl \
I wonder if '--$(call ptx/wwo,PTXCONF_WGET_GNUTLS)-gnutls' would be required,
or '--with-ssl=$(PTXCONF_WGET_SSL)' does everything and none of them are required.

>  	--with-included-libunistring \
>  	--without-included-regex \
>  	--with-libidn=/usr \

Regards Denis

Diehl Connectivity Solutions GmbH
Geschäftsführung: Horst Leonberger
Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht
Nürnberg: HRB 32315
___________________________________________________________________________________________________

Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen.
Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht.
Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt.
The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by
mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited. 
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v2 2/2] wget: add TLS support

[Ladislav Michl]

On Mon, Jan 14, 2019 at 07:50:11AM +0000, Denis OSTERLAND wrote:
> Hi,
> 
> Am Samstag, den 12.01.2019, 10:03 +0100 schrieb Ladislav Michl:
> > +
> > +config WGET_SSL
> > +	string
> > +	default "openssl"	if WGET_SSL_OPENSSL
> > +	default "gnutls"	if WGET_SSL_GNUTLS
> > +	default "no"		if WGET_SSL_NONE
> > +
> > +config WGET_ZLIB
> > +	bool "zlib support"
> > +	help
> > +	  Build wget with zlib support
> > +
> > +endif
> > +
> >  comment "BusyBox's wget is selected!"
> >  	depends on BUSYBOX_WGET
> > diff --git a/rules/wget.make b/rules/wget.make
> > index 9e17d410e..4d8c3ddea 100644
> > --- a/rules/wget.make
> > +++ b/rules/wget.make
> > @@ -37,7 +37,8 @@ WGET_ENV := \
> >  #
> >  # autoconf
> >  #
> > -WGET_AUTOCONF := \
> > +WGET_CONF_TOOL := autoconf
> > +WGET_CONF_OPT := \
> >  	$(CROSS_AUTOCONF_USR) \
> >  	--enable-opie \
> >  	--enable-digest \
> > @@ -54,11 +55,11 @@ WGET_AUTOCONF := \
> >  	--disable-pcre \
> >  	--disable-xattr \
> >  	--without-libpsl \
> > -	--without-ssl \
> > -	--without-zlib \
> > +	--with-ssl=$(PTXCONF_WGET_SSL) \
> > +	--$(call ptx/wwo,PTXCONF_WGET_ZLIB)-zlib \
> >  	--with-metalink \
> >  	--without-cares \
> > -	--without-openssl \
> > +	--$(call ptx/wwo,PTXCONF_WGET_OPENSSL)-openssl \
> I wonder if '--$(call ptx/wwo,PTXCONF_WGET_GNUTLS)-gnutls' would be required,
> or '--with-ssl=$(PTXCONF_WGET_SSL)' does everything and none of them are required.

There is no such option. --with-openssl comes from m4/gl-openssl.m4 while
--with-ssl is from configure.ac
It seems that wget is using libcrypto or kernel crypto api and either libssl or
gnutls. Something to investigate :)

> >  	--with-included-libunistring \
> >  	--without-included-regex \
> >  	--with-libidn=/usr \
> 
> Regards Denis
> 
> Diehl Connectivity Solutions GmbH
> Geschäftsführung: Horst Leonberger
> Sitz der Gesellschaft: Nürnberg - Registergericht: Amtsgericht
> Nürnberg: HRB 32315
> ___________________________________________________________________________________________________
> 
> Der Inhalt der vorstehenden E-Mail ist nicht rechtlich bindend. Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen.
> Informieren Sie uns bitte, wenn Sie diese E-Mail faelschlicherweise erhalten haben. Bitte loeschen Sie in diesem Fall die Nachricht.
> Jede unerlaubte Form der Reproduktion, Bekanntgabe, Aenderung, Verteilung und/oder Publikation dieser E-Mail ist strengstens untersagt.
> The contents of the above mentioned e-mail is not legally binding. This e-mail contains confidential and/or legally protected information. Please inform us if you have received this e-mail by
> mistake and delete it in such a case. Each unauthorized reproduction, disclosure, alteration, distribution and/or publication of this e-mail is strictly prohibited. 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de