mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 21:11:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #559 from dm0-/glsa

Browse Source 
Sync and fix GLSAs
This commit is contained in:
David Michael 2017-06-21 19:58:02 -07:00 committed by GitHub
commit 9c85afa6e8
13 changed files with 385 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-16.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-16">
<title>GNU Wget: Header injection</title>
<synopsis>A header injection vulnerability in GNU Wget might allow remote
attackers to inject arbitrary HTTP headers.
</synopsis>
<product type="ebuild">wget</product>
<announced>2017-06-20</announced>
<revised>2017-06-20: 1</revised>
<bug>612326</bug>
<access>remote</access>
<affected>
<package name="net-misc/wget" auto="yes" arch="*">
<unaffected range="ge">1.19.1-r1</unaffected>
<vulnerable range="lt">1.19.1-r1</vulnerable>
</package>
</affected>
<background>
<p>GNU Wget is a free software package for retrieving files using HTTP,
HTTPS and FTP, the most widely-used Internet protocols.
</p>
</background>
<description>
<p>It was discovered that there was a header injection vulnerability in GNU
Wget which allowed remote attackers to inject arbitrary HTTP headers via
CRLF sequences in the host subcomponent of a URL.
</p>
</description>
<impact type="normal">
<p>A remote attacker could inject arbitrary HTTP headers in requests by
tricking a user running GNU Wget into processing crafted URLs.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GNU Wget users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.19.1-r1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6508">CVE-2017-6508</uri>
</references>
<metadata tag="requester" timestamp="2017-03-23T20:33:13Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-06-20T17:09:12Z">whissi</metadata>
</glsa>

59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-17.xml vendored Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-17">
<title>Kodi: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Kodi, the worst of
which could allow remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">kodi</product>
<announced>2017-06-20</announced>
<revised>2017-06-20: 1</revised>
<bug>549342</bug>
<bug>619492</bug>
<access>remote</access>
<affected>
<package name="media-tv/kodi" auto="yes" arch="*">
<unaffected range="ge">17.2</unaffected>
<vulnerable range="lt">17.2</vulnerable>
</package>
</affected>
<background>
<p>Kodi (formerly XBMC) is a free and open-source media player software
application.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Kodi. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to open a specially crafted image
file using Kodi, possibly resulting in a Denial of Service condition.
</p>
<p>Furthermore, a remote attacker could entice a user process a specially
crafted ZIP file containing subtitles using Kodi, possibly resulting in
execution of arbitrary code with the privileges of the process or a
Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Kodi users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-tv/kodi-17.2"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3885">CVE-2015-3885</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8314">CVE-2017-8314</uri>
</references>
<metadata tag="requester" timestamp="2017-06-06T16:37:32Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-06-20T17:18:36Z">whissi</metadata>
</glsa>

56
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-18.xml vendored Normal file
View File

@ -0,0 +1,56 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-18">
<title>mbed TLS: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in mbed TLS, the worst of
which could lead to the remote execution of arbitrary code.
</synopsis>
<product type="ebuild">mbedtls</product>
<announced>2017-06-20</announced>
<revised>2017-06-20: 1</revised>
<bug>562608</bug>
<bug>571102</bug>
<bug>618824</bug>
<access>remote</access>
<affected>
<package name="net-libs/mbedtls" auto="yes" arch="*">
<unaffected range="ge">2.4.2</unaffected>
<vulnerable range="lt">2.4.2</vulnerable>
</package>
</affected>
<background>
<p>mbed TLS (previously PolarSSL) is an “easy to understand, use,
integrate and expand” implementation of the TLS and SSL protocols and
the respective cryptographic algorithms and support code required.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in mbed TLS. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="high">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All mbed TLS users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-libs/mbedtls-2.4.2"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5291">CVE-2015-5291</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7575">CVE-2015-7575</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2784">CVE-2017-2784</uri>
</references>
<metadata tag="requester" timestamp="2017-04-17T22:12:43Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-06-20T17:42:02Z">whissi</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-19.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-19">
<title>GNU C Library: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in the GNU C Library, the
worst of which may allow execution of arbitrary code.
</synopsis>
<product type="ebuild">glibc</product>
<announced>2017-06-20</announced>
<revised>2017-06-20: 2</revised>
<bug>608698</bug>
<bug>608706</bug>
<bug>622220</bug>
<access>local, remote</access>
<affected>
<package name="sys-libs/glibc" auto="yes" arch="*">
<unaffected range="ge">2.23-r4</unaffected>
<vulnerable range="lt">2.23-r4</vulnerable>
</package>
</affected>
<background>
<p>The GNU C library is the standard C library used by Gentoo Linux
systems.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in the GNU C Library.
Please review the CVE identifiers and Qualys security advisory
referenced below for details.
</p>
</description>
<impact type="high">
<p>An attacker could possibly execute arbitrary code with the privileges of
the process, escalate privileges or cause a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GNU C Library users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.23-r4"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5180">CVE-2015-5180</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6323">CVE-2016-6323</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000366">
CVE-2017-1000366
</uri>
<uri link="https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt">
Qualys Security Advisory - The Stack Clash
</uri>
</references>
<metadata tag="requester" timestamp="2017-06-20T17:01:37Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-06-20T17:49:43Z">whissi</metadata>
</glsa>

76
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-20.xml vendored Normal file
View File

@ -0,0 +1,76 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-20">
<title>Chromium: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in the Chromium web
browser, the worst of which allows remote attackers to execute arbitrary
code.
</synopsis>
<product type="ebuild">Chromium</product>
<announced>2017-06-20</announced>
<revised>2017-06-20: 1</revised>
<bug>617504</bug>
<bug>620956</bug>
<bug>621886</bug>
<access>remote</access>
<affected>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">59.0.3071.104</unaffected>
<vulnerable range="lt">59.0.3071.104</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, bypass security restrictions or spoof content.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-client/chromium-59.0.3071.104"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5068">CVE-2017-5068</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5070">CVE-2017-5070</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5071">CVE-2017-5071</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5072">CVE-2017-5072</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5073">CVE-2017-5073</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5074">CVE-2017-5074</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5075">CVE-2017-5075</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5076">CVE-2017-5076</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5077">CVE-2017-5077</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5078">CVE-2017-5078</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5079">CVE-2017-5079</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5080">CVE-2017-5080</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5081">CVE-2017-5081</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5082">CVE-2017-5082</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5083">CVE-2017-5083</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5084">CVE-2017-5084</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5085">CVE-2017-5085</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5086">CVE-2017-5086</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5087">CVE-2017-5087</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5088">CVE-2017-5088</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5089">CVE-2017-5089</uri>
</references>
<metadata tag="requester" timestamp="2017-06-09T11:21:16Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-06-20T19:00:15Z">whissi</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Fri, 16 Jun 2017 18:39:35 +0000
Thu, 22 Jun 2017 02:08:59 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
c2f911fc13b81dd715a1b756f739b077f8718170 1496836599 2017-06-07T11:56:39+00:00
18375d0b60539dde07bb13258d4de5105b9e188e 1497985227 2017-06-20T19:00:27+00:00

14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/wget-1.18 vendored
View File

@ -1,14 +0,0 @@
DEFINED_PHASES=configure install prepare setup test
DEPEND=!static? ( idn? ( net-dns/libidn ) pcre? ( dev-libs/libpcre ) ssl? ( gnutls? ( net-libs/gnutls:0= ) !gnutls? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl ) ) ) uuid? ( sys-apps/util-linux ) zlib? ( sys-libs/zlib ) ) app-arch/xz-utils virtual/pkgconfig static? ( idn? ( net-dns/libidn[static-libs(+)] ) pcre? ( dev-libs/libpcre[static-libs(+)] ) ssl? ( gnutls? ( net-libs/gnutls:0=[static-libs(+)] ) !gnutls? ( !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) libressl? ( dev-libs/libressl[static-libs(+)] ) ) ) uuid? ( sys-apps/util-linux[static-libs(+)] ) zlib? ( sys-libs/zlib[static-libs(+)] ) ) test? ( || ( dev-lang/python:3.4 ) dev-lang/perl dev-perl/HTTP-Daemon dev-perl/HTTP-Message dev-perl/IO-Socket-SSL ) nls? ( sys-devel/gettext )
DESCRIPTION=Network utility to retrieve files from the WWW
EAPI=5
HOMEPAGE=https://www.gnu.org/software/wget/
IUSE=debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib
KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris
LICENSE=GPL-3
RDEPEND=!static? ( idn? ( net-dns/libidn ) pcre? ( dev-libs/libpcre ) ssl? ( gnutls? ( net-libs/gnutls:0= ) !gnutls? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl ) ) ) uuid? ( sys-apps/util-linux ) zlib? ( sys-libs/zlib ) )
REQUIRED_USE=ntlm? ( !gnutls ssl ) gnutls? ( ssl )
SLOT=0
SRC_URI=mirror://gnu/wget/wget-1.18.tar.xz
_eclasses_=epatch 8233751dc5105a6ae8fcd86ce2bb0247 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 9c113d6a64826c40154cad7be15d95ea flag-o-matic 61cad4fb5d800b29d484b27cb033f59b ltprune 2770eed66a9b8ef944714cd0e968182e multilib 0236be304ee52e7f179ed2f337075515 python-any-r1 be89e882151ba4b847089b860d79729c python-utils-r1 c11fc374357e6ad9ddfe2e9f931e4d29 toolchain-funcs 6eb35f81556258a4bc9182ad3dfd58ee
_md5_=95f23320fa87e20372b16e301d8792a0

14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/wget-1.19.1-r1 vendored Normal file
View File

@ -0,0 +1,14 @@
DEFINED_PHASES=configure install prepare setup test
DEPEND=!static? ( idn? ( >=net-dns/libidn2-0.14 ) pcre? ( dev-libs/libpcre ) ssl? ( gnutls? ( net-libs/gnutls:0= ) !gnutls? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl ) ) ) uuid? ( sys-apps/util-linux ) zlib? ( sys-libs/zlib ) ) app-arch/xz-utils virtual/pkgconfig static? ( idn? ( >=net-dns/libidn2-0.14[static-libs(+)] ) pcre? ( dev-libs/libpcre[static-libs(+)] ) ssl? ( gnutls? ( net-libs/gnutls:0=[static-libs(+)] ) !gnutls? ( !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) libressl? ( dev-libs/libressl[static-libs(+)] ) ) ) uuid? ( sys-apps/util-linux[static-libs(+)] ) zlib? ( sys-libs/zlib[static-libs(+)] ) ) test? ( || ( dev-lang/python:3.6 dev-lang/python:3.5 dev-lang/python:3.4 ) dev-lang/perl dev-perl/HTTP-Daemon dev-perl/HTTP-Message dev-perl/IO-Socket-SSL ) nls? ( sys-devel/gettext )
DESCRIPTION=Network utility to retrieve files from the WWW
EAPI=5
HOMEPAGE=https://www.gnu.org/software/wget/
IUSE=debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib
KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris
LICENSE=GPL-3
RDEPEND=!static? ( idn? ( >=net-dns/libidn2-0.14 ) pcre? ( dev-libs/libpcre ) ssl? ( gnutls? ( net-libs/gnutls:0= ) !gnutls? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl ) ) ) uuid? ( sys-apps/util-linux ) zlib? ( sys-libs/zlib ) )
REQUIRED_USE=ntlm? ( !gnutls ssl ) gnutls? ( ssl )
SLOT=0
SRC_URI=mirror://gnu/wget/wget-1.19.1.tar.xz
_eclasses_=epatch 8233751dc5105a6ae8fcd86ce2bb0247 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 9c113d6a64826c40154cad7be15d95ea flag-o-matic 61cad4fb5d800b29d484b27cb033f59b ltprune 2770eed66a9b8ef944714cd0e968182e multilib 0236be304ee52e7f179ed2f337075515 python-any-r1 be89e882151ba4b847089b860d79729c python-utils-r1 c11fc374357e6ad9ddfe2e9f931e4d29 toolchain-funcs 6eb35f81556258a4bc9182ad3dfd58ee
_md5_=0559e58957ead79d76144568a14ba39c

6
sdk_container/src/third_party/portage-stable/net-misc/wget/Manifest vendored
View File

@ -1,6 +1,6 @@
AUX wget-1.17.1-gnulib-cygwin-sys_select.patch 850 SHA256 122a069e24ed07bab7a65ea31f10e14f755a1a464acb9568dc610f171b94b0a8 SHA512 1aaac731af050193a67a45aae7c100e8a6c4e5328b60b2e6f89ef774f66b6d997a1558b104157f65183191c9940c9d4a904f8b32666021ae20dff6b3e5726990 WHIRLPOOL befcfb16d080bcce5247705a32b82cca6af4ad5b1a6bd7e143b1eb6d901e4b3c625088f9b741abf2bd4785f37eb1a710f4897ce8f12053abdb84939d84c1658a
DIST wget-1.18.tar.xz 1922376 SHA256 b5b55b75726c04c06fe253daec9329a6f1a3c0c1878e3ea76ebfebc139ea9cc1 SHA512 a3f6fe2f44a8d797659d55cffaf81eb82b770c96222a0ee29bc4931b13846f8d8b9a07806f2197723c873a1248922d59cca5a81869661d9c6c3107447c184338 WHIRLPOOL a9e467f8bd17909485329103c17a27da345421257ce82fdf77ff2e00bdae50b13570506a1887300868e99b608c71598596ee260d86879aaeddad14cbb5ec634d
EBUILD wget-1.18.ebuild 2799 SHA256 7534e3e07d2859a2d8407da7ab0be0283235c01550d6a16528b7057fc0f728d7 SHA512 1db4560e7c6932f14a5a2a437ad95719635f5424ff3a69098f03d6f391ce3f44c1d4d5f9e722e8458092a6f753b75cfac75ea26d7a2db421106b7928bca63eec WHIRLPOOL f77cab1d3e531e3077d22de89aed32a27fef2abc4bf3cc5023c1dace3356be16e927dec57d9df4dc400e446611a2f477a75aada0fec3b5eb9ddf113ac7209a9b
AUX wget-1.19.1-CRLF_injection.patch 1051 SHA256 4eb2932d33f79b59af345b6ad075893f0a146547d8a7266edfea0d3e7c612093 SHA512 fd36c9225c567e9958f030449f40cb747c0a23b7023fd4eee4e982c867d96be1562377a2d9b80150d9dc714bdbdc2bd509a8a244c4969c731002bdf6434d9cf8 WHIRLPOOL 90cf4613f9e65fabc6d228d361e8ef31a72dc00f5a165ce922fd4ee34568ccabf43954f900a94f13ab51b0d81d1a7272c10c646472066e373ceadd3e4bc4efe1
DIST wget-1.19.1.tar.xz 2111756 SHA256 0c950b9671881222a4d385b013c9604e98a8025d1988529dfca0e93617744cd2 SHA512 00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5 WHIRLPOOL 2a4bd80f1e7134637227609f532ee3385472a6895ff22efeface42d082072a09abaa5dd2d8653bfdab015de801d31426b01d73ab5dd1a6864b84c29dc8e72462
EBUILD wget-1.19.1-r1.ebuild 3197 SHA256 29fc6002b0afa09b6b8718ba1e1a77e1329d4b8b58cd9d95644d7f2c09e968f2 SHA512 bf0b1c2275c6252f8f17c630aa9bb89e9276097f1fa74cf9d56d67c3ea099851ae64cd08996653493dadc39e31737fbeed88f5fc8cc0cbf1313b0b23e824befc WHIRLPOOL 4a989f7804950fa9b4bf1890f717e46a3dd64591df82b9627349b8a4bab9dbba4c9b83ade854effd5e8fd445a5f4223aa807dd3134583e831fde890f71e36926
MISC ChangeLog 11759 SHA256 b0200db8aa9205aa6cf590936f1758619e1b56fdb17c76314175d6031c287ccf SHA512 eb9e6c7b1d5cb9f3e550b3c7d89493da0026492b629d3b76c5f096b9ef7de499addb31fcf43dd4cfd01eaf73253ddd10ceef5937a9a1a8d18142f9e5c22b764b WHIRLPOOL 679e53afbcbdadd297e78cfbbbbbb4406d23f993f44d38388c0f55b74ec888ea1f81b29be95e36b19dcc92fe6f350861d59549b28a77eb884eba6bee3d0844a2
MISC ChangeLog-2015 29939 SHA256 902a2f6576d8c8dd01ee76cad7a689cb260d153139adc04b8d76abe91860d86d SHA512 55c752f56737ab6116057f3c158fcd4ba9b0405d43796e4114076c6fe849f7bdf3f771606c69551d5a1bd8a408ff5099158d461b26c840c6a4fe05824d8ae11e WHIRLPOOL 4b1c46b1c0c25428559442be8e2aef443686e00fd1889c908bf7d28291a5064e2dbe9879f0bd2025a8e0f49e42ed89334198f5dc9ee1122c91e1ba7c317678c7
MISC metadata.xml 570 SHA256 82fb121ee11ecf4d5b5a20e885a9773b301061d7a2b19755c01322aef615e1ae SHA512 add9378a31ae7abc66d8dc6bfc3d355af3eb683ce177e68fbcbedb4b69435d7254b4cac1897d3b8267bddb23467e8f4bb16e439c09a4f91be16845b1113e055c WHIRLPOOL 08ddfe93af78d6f213e2a08f2414e2ae7e1442ec0eddf34ea29e1383a694f342c1dc72df8370b61828e7ef7914f2863519afc83e83a3cbd783a1be015703bcfb

22
sdk_container/src/third_party/portage-stable/net-misc/wget/files/wget-1.17.1-gnulib-cygwin-sys_select.patch vendored
View File

@ -1,22 +0,0 @@
https://lists.gnu.org/archive/html/bug-gnulib/2016-03/msg00065.html
--- gnulib/lib/sys_select.in.h.orig 2014-08-03 15:31:22.000000000 +0200
+++ gnulib/lib/sys_select.in.h 2016-05-19 12:57:51.243064700 +0200
@@ -81,7 +81,7 @@
Also, Mac OS X, AIX, HP-UX, IRIX, Solaris, Interix declare select()
in <sys/time.h>.
But avoid namespace pollution on glibc systems. */
-# ifndef __GLIBC__
+# if !(defined __GLIBC__ || defined __NEWLIB__)
# include <sys/time.h>
# endif
@@ -102,7 +102,7 @@
But avoid namespace pollution on glibc systems.
Do this after the include_next (for the sake of OpenBSD 5.0) but before
the split double-inclusion guard (for the sake of Solaris). */
-#if !(defined __GLIBC__ && !defined __UCLIBC__)
+#if !((defined __GLIBC__ || defined __NEWLIB__) && !defined __UCLIBC__)
# include <signal.h>
#endif

37
sdk_container/src/third_party/portage-stable/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch vendored Normal file
View File

@ -0,0 +1,37 @@
From 4d729e322fae359a1aefaafec1144764a54e8ad4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Mon, 6 Mar 2017 10:04:22 +0100
Subject: Fix CRLF injection in Wget host part
* src/url.c (url_parse): Reject control characters in host part of URL
Reported-by: Orange Tsai
---
src/url.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/url.c b/src/url.c
index 8f8ff0b..7d36b27 100644
--- a/src/url.c
+++ b/src/url.c
@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode)
url_unescape (u->host);
host_modified = true;
+ /* check for invalid control characters in host name */
+ for (p = u->host; *p; p++)
+ {
+ if (c_iscntrl(*p))
+ {
+ url_free(u);
+ error_code = PE_INVALID_HOST_NAME;
+ goto error;
+ }
+ }
+
/* Apply IDNA regardless of iri->utf8_encode status */
if (opt.enable_iri && iri)
{
--
cgit v1.0-41-gc330

36
sdk_container/src/third_party/portage-stable/net-misc/wget/wget-1.18.ebuild → sdk_container/src/third_party/portage-stable/net-misc/wget/wget-1.19.1-r1.ebuild vendored
View File

@ -1,10 +1,9 @@
# Copyright 1999-2016 Gentoo Foundation
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="5"
EAPI=5
PYTHON_COMPAT=( python3_4 )
PYTHON_COMPAT=( python3_{4,5,6} )
inherit flag-o-matic python-any-r1 toolchain-funcs eutils
@ -14,11 +13,12 @@ SRC_URI="mirror://gnu/wget/${P}.tar.xz"
LICENSE="GPL-3"
SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib"
REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )"
LIB_DEPEND="idn? ( net-dns/libidn[static-libs(+)] )
# Force a newer libidn2 to avoid libunistring deps. #612498
LIB_DEPEND="idn? ( >=net-dns/libidn2-0.14[static-libs(+)] )
pcre? ( dev-libs/libpcre[static-libs(+)] )
ssl? (
gnutls? ( net-libs/gnutls:0=[static-libs(+)] )
@ -45,12 +45,17 @@ DEPEND="${RDEPEND}
DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc )
PATCHES=(
"${FILESDIR}"/${P}-CRLF_injection.patch
)
pkg_setup() {
use test && python-any-r1_pkg_setup
}
src_prepare() {
epatch "${FILESDIR}"/${PN}-1.17.1-gnulib-cygwin-sys_select.patch
epatch "${PATCHES[@]}"
# revert some hack that breaks linking, bug #585924
if [[ ${CHOST} == *-darwin* ]] || [[ ${CHOST} == *-solaris* ]] || [[ ${CHOST} == *-uclibc* ]]; then
sed -i \
@ -69,18 +74,27 @@ src_configure() {
tc-export PKG_CONFIG
PKG_CONFIG+=" --static"
fi
# There is no flag that controls this. libunistring-prefix only
# controls the search path (which is why we turn it off below).
# Further, libunistring is only needed w/older libidn2 installs,
# and since we force the latest, we can force off libunistring. #612498
ac_cv_libunistring=no \
econf \
--disable-assert \
--disable-rpath \
$(use_with ssl ssl $(usex gnutls gnutls openssl)) \
$(use_enable ssl opie) \
$(use_enable ssl digest) \
--without-included-libunistring \
--without-libunistring-prefix \
$(use_enable debug) \
$(use_enable idn iri) \
$(use_enable ipv6) \
$(use_enable nls) \
$(use_enable ntlm) \
$(use_enable pcre) \
$(use_enable debug) \
$(use_enable ssl digest) \
$(use_enable ssl opie) \
$(use_with idn libidn) \
$(use_with ssl ssl $(usex gnutls gnutls openssl)) \
$(use_with uuid libuuid) \
$(use_with zlib)
}