diff --git a/wget/.SRCINFO b/wget/.SRCINFO index 56efe75f02..b85c1bf5b6 100644 --- a/wget/.SRCINFO +++ b/wget/.SRCINFO @@ -1,9 +1,13 @@ pkgbase = wget pkgdesc = Network utility to retrieve files from the Web - pkgver = 1.24.5 - pkgrel = 3 + pkgver = 1.25.0 + pkgrel = 1 url = https://www.gnu.org/software/wget/wget.html arch = x86_64 + arch = powerpc64le + arch = powerpc64 + arch = powerpc + arch = riscv64 license = GPL3 checkdepends = perl-http-daemon checkdepends = perl-io-socket-ssl @@ -22,17 +26,14 @@ pkgbase = wget depends = libnettle.so optdepends = ca-certificates: HTTPS downloads backup = etc/wgetrc - source = https://ftp.gnu.org/gnu/wget/wget-1.24.5.tar.lz - source = https://ftp.gnu.org/gnu/wget/wget-1.24.5.tar.lz.sig - source = CVE-2024-38428.patch + source = https://ftp.gnu.org/gnu/wget/wget-1.25.0.tar.lz + source = https://ftp.gnu.org/gnu/wget/wget-1.25.0.tar.lz.sig validpgpkeys = AC404C1C0BF735C63FF4D562263D6DF2E163E1EA validpgpkeys = 7845120B07CBD8D6ECE5FF2B2A1743EDA91A35B6 validpgpkeys = 1CB27DBC98614B2D5841646D08302DB6A2670428 - sha256sums = 57a107151e4ef94fdf94affecfac598963f372f13293ed9c74032105390b36ee + sha256sums = 19225cc756b0a088fc81148dc6a40a0c8f329af7fd8483f1c7b2fe50f4e08a1f sha256sums = SKIP - sha256sums = 9da45c5d34163fe0c0cc8d75402b2d1e6a752b794e52187da5d9141b825db24f - b2sums = 8057e5992ddaf39b3daffbde99871ddec1328c6bbafbc6b9f1d3cd294bb928b2a80f813024d4cd664c396f84477f1d93d5a21c60c6fe2932f9196d29bb9aa896 + b2sums = 58edd7393b5109804d7a6ce77466d30e1fba3c5ae4b5b8634758c9ebd7fa95cf106d35ad0b4f9151833d88b0221fc488a1005ec0b98417766bf2092309744954 b2sums = SKIP - b2sums = fb0cf748b4f5aa34e0b43cc7c010e8f95324433fb3298365065708f8d092ab63c57f778fc1bfa17a121c651a6cd3296331992c5abe3958c368d523d11b3db067 pkgname = wget diff --git a/wget/.nvchecker.toml b/wget/.nvchecker.toml index 8395182f39..60e06b66e5 100644 --- a/wget/.nvchecker.toml +++ b/wget/.nvchecker.toml @@ -1,4 +1,4 @@ [wget] source = "git" -git = "https://git.savannah.gnu.org/git/wget.git" +git = "https://gitlab.com/gnuwget/wget.git" prefix = "v" diff --git a/wget/CVE-2024-38428.patch b/wget/CVE-2024-38428.patch deleted file mode 100644 index b27f1cba94..0000000000 --- a/wget/CVE-2024-38428.patch +++ /dev/null @@ -1,75 +0,0 @@ -From ed0c7c7e0e8f7298352646b2fd6e06a11e242ace Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Tim=20R=C3=BChsen?= -Date: Sun, 2 Jun 2024 12:40:16 +0200 -Subject: Properly re-implement userinfo parsing (rfc2396) - -* src/url.c (url_skip_credentials): Properly re-implement userinfo parsing (rfc2396) - -The reason why the implementation is based on RFC 2396, an outdated standard, -is that the whole file is based on that RFC, and mixing standard here might be -dangerous. ---- - src/url.c | 40 ++++++++++++++++++++++++++++++++++------ - 1 file changed, 34 insertions(+), 6 deletions(-) - -diff --git a/src/url.c b/src/url.c -index 69e948b..07c3bc8 100644 ---- a/src/url.c -+++ b/src/url.c -@@ -41,6 +41,7 @@ as that of the covered work. */ - #include "url.h" - #include "host.h" /* for is_valid_ipv6_address */ - #include "c-strcase.h" -+#include "c-ctype.h" - - #ifdef HAVE_ICONV - # include -@@ -526,12 +527,39 @@ scheme_leading_string (enum url_scheme scheme) - static const char * - url_skip_credentials (const char *url) - { -- /* Look for '@' that comes before terminators, such as '/', '?', -- '#', or ';'. */ -- const char *p = (const char *)strpbrk (url, "@/?#;"); -- if (!p || *p != '@') -- return url; -- return p + 1; -+ /* -+ * This whole file implements https://www.rfc-editor.org/rfc/rfc2396 . -+ * RFC 2396 is outdated since 2005 and needs a rewrite or a thorough re-visit. -+ * -+ * The RFC says -+ * server = [ [ userinfo "@" ] hostport ] -+ * userinfo = *( unreserved | escaped | ";" | ":" | "&" | "=" | "+" | "$" | "," ) -+ * unreserved = alphanum | mark -+ * mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")" -+ */ -+ static const char *allowed = "-_.!~*'();:&=+$,"; -+ -+ for (const char *p = url; *p; p++) -+ { -+ if (c_isalnum(*p)) -+ continue; -+ -+ if (strchr(allowed, *p)) -+ continue; -+ -+ if (*p == '%' && c_isxdigit(p[1]) && c_isxdigit(p[2])) -+ { -+ p += 2; -+ continue; -+ } -+ -+ if (*p == '@') -+ return p + 1; -+ -+ break; -+ } -+ -+ return url; - } - - /* Parse credentials contained in [BEG, END). The region is expected --- -cgit v1.1 - diff --git a/wget/PKGBUILD b/wget/PKGBUILD index 22a11e56de..d7eed63b5b 100644 --- a/wget/PKGBUILD +++ b/wget/PKGBUILD @@ -4,8 +4,8 @@ # Contributor: Eric BĂ©langer pkgname=wget -pkgver=1.24.5 -pkgrel=3.1 +pkgver=1.25.0 +pkgrel=1 pkgdesc='Network utility to retrieve files from the Web' url='https://www.gnu.org/software/wget/wget.html' arch=(x86_64 powerpc64le powerpc64 powerpc riscv64) @@ -15,14 +15,11 @@ depends=('glibc' 'zlib' 'gnutls' 'libidn2' 'libidn2.so' 'util-linux-libs' 'libuu checkdepends=('perl-http-daemon' 'perl-io-socket-ssl' 'python') optdepends=('ca-certificates: HTTPS downloads') backup=('etc/wgetrc') -source=(https://ftp.gnu.org/gnu/${pkgname}/${pkgname}-${pkgver}.tar.lz{,.sig} - CVE-2024-38428.patch) -sha256sums=('57a107151e4ef94fdf94affecfac598963f372f13293ed9c74032105390b36ee' - 'SKIP' - '9da45c5d34163fe0c0cc8d75402b2d1e6a752b794e52187da5d9141b825db24f') -b2sums=('8057e5992ddaf39b3daffbde99871ddec1328c6bbafbc6b9f1d3cd294bb928b2a80f813024d4cd664c396f84477f1d93d5a21c60c6fe2932f9196d29bb9aa896' - 'SKIP' - 'fb0cf748b4f5aa34e0b43cc7c010e8f95324433fb3298365065708f8d092ab63c57f778fc1bfa17a121c651a6cd3296331992c5abe3958c368d523d11b3db067') +source=(https://ftp.gnu.org/gnu/${pkgname}/${pkgname}-${pkgver}.tar.lz{,.sig}) +sha256sums=('19225cc756b0a088fc81148dc6a40a0c8f329af7fd8483f1c7b2fe50f4e08a1f' + 'SKIP') +b2sums=('58edd7393b5109804d7a6ce77466d30e1fba3c5ae4b5b8634758c9ebd7fa95cf106d35ad0b4f9151833d88b0221fc488a1005ec0b98417766bf2092309744954' + 'SKIP') validpgpkeys=( 'AC404C1C0BF735C63FF4D562263D6DF2E163E1EA' # Giuseppe Scrivano '7845120B07CBD8D6ECE5FF2B2A1743EDA91A35B6' # Darshit Shah @@ -31,7 +28,6 @@ validpgpkeys=( prepare() { cd ${pkgname}-${pkgver} - patch -Np1 -i ../CVE-2024-38428.patch cat >> doc/sample.wgetrc <