From bd7908c6630f38067350d396ac5d18c3cc2434a0 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sun, 29 Oct 2017 11:22:34 +0000
Subject: gentoo resync : 29.10.2017

---
 net-misc/wget/Manifest                             |   7 +
 .../wget/files/wget-1.19.1-CVE-2017-13089.patch    |  34 ++++
 .../wget/files/wget-1.19.1-CVE-2017-13090.patch    |  37 +++++
 .../wget-1.19.1-fix-Perl-warnings-in-tests.patch   | 104 +++++++++++++
 .../files/wget-1.19.1-fix-Python-test-suite.patch  | 172 +++++++++++++++++++++
 net-misc/wget/wget-1.19.1-r2.ebuild                | 115 ++++++++++++++
 net-misc/wget/wget-1.19.2.ebuild                   | 107 +++++++++++++
 7 files changed, 576 insertions(+)
 create mode 100644 net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch
 create mode 100644 net-misc/wget/files/wget-1.19.1-CVE-2017-13090.patch
 create mode 100644 net-misc/wget/files/wget-1.19.1-fix-Perl-warnings-in-tests.patch
 create mode 100644 net-misc/wget/files/wget-1.19.1-fix-Python-test-suite.patch
 create mode 100644 net-misc/wget/wget-1.19.1-r2.ebuild
 create mode 100644 net-misc/wget/wget-1.19.2.ebuild

(limited to 'net-misc/wget')

diff --git a/net-misc/wget/Manifest b/net-misc/wget/Manifest
index 4775ef27454f..aeeda043c571 100644
--- a/net-misc/wget/Manifest
+++ b/net-misc/wget/Manifest
@@ -1,6 +1,13 @@
 AUX wget-1.19.1-CRLF_injection.patch 1051 SHA256 4eb2932d33f79b59af345b6ad075893f0a146547d8a7266edfea0d3e7c612093 SHA512 fd36c9225c567e9958f030449f40cb747c0a23b7023fd4eee4e982c867d96be1562377a2d9b80150d9dc714bdbdc2bd509a8a244c4969c731002bdf6434d9cf8 WHIRLPOOL 90cf4613f9e65fabc6d228d361e8ef31a72dc00f5a165ce922fd4ee34568ccabf43954f900a94f13ab51b0d81d1a7272c10c646472066e373ceadd3e4bc4efe1
+AUX wget-1.19.1-CVE-2017-13089.patch 1093 SHA256 06631755cbd42eb092d4f158a348c0bcd94fbdba357595a5fd7336d2f10aba97 SHA512 c3f44138aa105fa6572b3083671a95f4c819a65667d3d0ba1489a043390a184c5b442f5c134ab868360b01c6662b4bfb52588242273af5012d76099cb5511c77 WHIRLPOOL 20958618a92e0333a849a5e01fc9dd40a0354e665e9159c89f735f2edb717c921d2d330499114d29818cfd3d07cbe9178c90abbebe37265e49475d8829c5b593
+AUX wget-1.19.1-CVE-2017-13090.patch 1167 SHA256 25b6fcff6ff926b21d4ced14463521cebaba9e51de28269d69e8761676aeeb81 SHA512 b9aa7972ff6523bf32810d3fca46ba1bb0c65b0075945c61d8009f39dc87202432ae1e0b9e4a861652001203ec8935078f0db171eda518cc01b72863c8c5ac36 WHIRLPOOL 6b40cd713357a4ebf47b6012ed23c5049718e572a51ec06ac4d9b941defd494c06aab916d3aa2947f718ca4bee316ff2475a4830b1f02e4af2f8204ad16d45ab
+AUX wget-1.19.1-fix-Perl-warnings-in-tests.patch 3666 SHA256 d351ada0a6ba3db96c71aee5372b2d21d56a2035192cf46562c28d78f4a4fab5 SHA512 9f1b7ffded3422c995a51e346e3957024f4b5435cf51d491f3d4816620376539bffe2d3a7d7dcd03ca99828f06a21ebaa846b3a1755cd020a29f166c0fa2f7d9 WHIRLPOOL e2708491ec1ed57a010b15eccc76c754745c939fde5eb282a7eb0fb322723c8f7cfa79aa06bc882207ded54f8902b5fe71cea018d9719ba2e667d561d9d63cac
+AUX wget-1.19.1-fix-Python-test-suite.patch 8721 SHA256 d9549cc04352b5efdd8a44c36644fd86054527394fff965800a7977d9c3d899e SHA512 e7905dc70c59e9c6b2fcc6c1a058fe98e8681492f034f2cd00aac5f1674d7dca0520bcf30d8b2563983bcb4388c6e35f66e772f833a364810f523784f8de3b19 WHIRLPOOL aed5cdf47deffcff06acad56e8700ed74a210951a0e412f1822c2daabeb78bd43aa689f2a6743b3b519172241319d1b209c46207e614a755852ec0de71aeb9f0
 DIST wget-1.19.1.tar.xz 2111756 SHA256 0c950b9671881222a4d385b013c9604e98a8025d1988529dfca0e93617744cd2 SHA512 00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5 WHIRLPOOL 2a4bd80f1e7134637227609f532ee3385472a6895ff22efeface42d082072a09abaa5dd2d8653bfdab015de801d31426b01d73ab5dd1a6864b84c29dc8e72462
+DIST wget-1.19.2.tar.gz 4349267 SHA256 4f4a673b6d466efa50fbfba796bd84a46ae24e370fa562ede5b21ab53c11a920 SHA512 a0f8afcc0767a8fd1acd64b1b1b27d177bc938e70cc3709c1b3faa6c1426ec926642cd8e49d292cec0268ee507683539b5152072110106de5a728a03efd8cedd WHIRLPOOL 64398a8fc132a21d81d6fd7c97335739525fb8b31eca4aa4aa7048f251691c05ad1f004c36d6e633abf02d174ffefcb2176213e68fefb76bce505d247940af3a
 EBUILD wget-1.19.1-r1.ebuild 3197 SHA256 29fc6002b0afa09b6b8718ba1e1a77e1329d4b8b58cd9d95644d7f2c09e968f2 SHA512 bf0b1c2275c6252f8f17c630aa9bb89e9276097f1fa74cf9d56d67c3ea099851ae64cd08996653493dadc39e31737fbeed88f5fc8cc0cbf1313b0b23e824befc WHIRLPOOL 4a989f7804950fa9b4bf1890f717e46a3dd64591df82b9627349b8a4bab9dbba4c9b83ade854effd5e8fd445a5f4223aa807dd3134583e831fde890f71e36926
+EBUILD wget-1.19.1-r2.ebuild 3380 SHA256 8f5b2d642003f0ea147b370634579e605c59b775747192181776e52e91d7f016 SHA512 82f4a4baf6755a056cbdc0f43ca6a226f069b51f2ab1a6f7dc5dc9976437011f54fd32261ed6b6c6d972b8bc9be704271b1c1a560fbc37f4b170d81da0702e07 WHIRLPOOL 4690671f26ed2a1b0df20b58119b70850e736f5ddc347d514b5ac9f07ba0bf9d56b3c4fa7abc452f7e5a7018adae2d467b003601b06b8bd00c8c3660a69589b0
+EBUILD wget-1.19.2.ebuild 3118 SHA256 084c69c9ae1e1a242e85fb6d21d8e8c8643fe047162797500cd268b4b91d37fa SHA512 e4a6f74d9e7feddab9d9849e32f75f8a383e648b592ec0beb79c20a560c9e0156e4494059a3f95afe3135538e460abc0f5966b4002549e2c94ae572f2ef71738 WHIRLPOOL eadbe036d1a37bd4a0cc92d15282728d37a9cfd3d01d280a6782df59b714659c27f9b97c5f266f5b922934cae62bc5aa83fc0e2919d64781028db59be5585c09
 MISC ChangeLog 11759 SHA256 b0200db8aa9205aa6cf590936f1758619e1b56fdb17c76314175d6031c287ccf SHA512 eb9e6c7b1d5cb9f3e550b3c7d89493da0026492b629d3b76c5f096b9ef7de499addb31fcf43dd4cfd01eaf73253ddd10ceef5937a9a1a8d18142f9e5c22b764b WHIRLPOOL 679e53afbcbdadd297e78cfbbbbbb4406d23f993f44d38388c0f55b74ec888ea1f81b29be95e36b19dcc92fe6f350861d59549b28a77eb884eba6bee3d0844a2
 MISC ChangeLog-2015 29939 SHA256 902a2f6576d8c8dd01ee76cad7a689cb260d153139adc04b8d76abe91860d86d SHA512 55c752f56737ab6116057f3c158fcd4ba9b0405d43796e4114076c6fe849f7bdf3f771606c69551d5a1bd8a408ff5099158d461b26c840c6a4fe05824d8ae11e WHIRLPOOL 4b1c46b1c0c25428559442be8e2aef443686e00fd1889c908bf7d28291a5064e2dbe9879f0bd2025a8e0f49e42ed89334198f5dc9ee1122c91e1ba7c317678c7
 MISC metadata.xml 570 SHA256 82fb121ee11ecf4d5b5a20e885a9773b301061d7a2b19755c01322aef615e1ae SHA512 add9378a31ae7abc66d8dc6bfc3d355af3eb683ce177e68fbcbedb4b69435d7254b4cac1897d3b8267bddb23467e8f4bb16e439c09a4f91be16845b1113e055c WHIRLPOOL 08ddfe93af78d6f213e2a08f2414e2ae7e1442ec0eddf34ea29e1383a694f342c1dc72df8370b61828e7ef7914f2863519afc83e83a3cbd783a1be015703bcfb
diff --git a/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch b/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch
new file mode 100644
index 000000000000..f961741aa288
--- /dev/null
+++ b/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch
@@ -0,0 +1,34 @@
+From 3dbc2e06ad487862c2fcc64d4891ff8aeb254bad Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Fri, 20 Oct 2017 10:59:38 +0200
+Subject: [PATCH 1/2] Fix stack overflow in HTTP protocol handling
+ (CVE-2017-13089)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* src/http.c (skip_short_body): Return error on negative chunk size
+
+Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
+Reported-by: Juhani Eronen from Finnish National Cyber Security Centre
+---
+ src/http.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/http.c b/src/http.c
+index 55367688..dc318231 100644
+--- a/src/http.c
++++ b/src/http.c
+@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked)
+               remaining_chunk_size = strtol (line, &endl, 16);
+               xfree (line);
+ 
++              if (remaining_chunk_size < 0)
++                return false;
++
+               if (remaining_chunk_size == 0)
+                 {
+                   line = fd_read_line (fd);
+-- 
+2.15.0.rc1
+
diff --git a/net-misc/wget/files/wget-1.19.1-CVE-2017-13090.patch b/net-misc/wget/files/wget-1.19.1-CVE-2017-13090.patch
new file mode 100644
index 000000000000..4e600fe784ff
--- /dev/null
+++ b/net-misc/wget/files/wget-1.19.1-CVE-2017-13090.patch
@@ -0,0 +1,37 @@
+From 28925c37b72867c0819799c6f35caf9439080f83 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Fri, 20 Oct 2017 15:15:47 +0200
+Subject: [PATCH 2/2] Fix heap overflow in HTTP protocol handling
+ (CVE-2017-13090)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* src/retr.c (fd_read_body): Stop processing on negative chunk size
+
+Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
+Reported-by: Juhani Eronen from Finnish National Cyber Security Centre
+---
+ src/retr.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/retr.c b/src/retr.c
+index a27d58af..723ac725 100644
+--- a/src/retr.c
++++ b/src/retr.c
+@@ -378,6 +378,12 @@ fd_read_body (const char *downloaded_filename, int fd, FILE *out, wgint toread,
+               remaining_chunk_size = strtol (line, &endl, 16);
+               xfree (line);
+ 
++              if (remaining_chunk_size < 0)
++                {
++                  ret = -1;
++                  break;
++                }
++
+               if (remaining_chunk_size == 0)
+                 {
+                   ret = 0;
+-- 
+2.15.0.rc1
+
diff --git a/net-misc/wget/files/wget-1.19.1-fix-Perl-warnings-in-tests.patch b/net-misc/wget/files/wget-1.19.1-fix-Perl-warnings-in-tests.patch
new file mode 100644
index 000000000000..334bcef8659b
--- /dev/null
+++ b/net-misc/wget/files/wget-1.19.1-fix-Perl-warnings-in-tests.patch
@@ -0,0 +1,104 @@
+From 7ffe93cabb181f39ad5091c31ab9f61bd940a55f Mon Sep 17 00:00:00 2001
+From: Anton Yuzhaninov <citrin+github@citrin.ru>
+Date: Wed, 5 Apr 2017 19:06:42 +0300
+Subject: [PATCH] Fix perl warnings in tests
+
+* tests/FTPServer.pm: Escape '{' in RE to fix warnings
+* tests/FTPTest.pm: Likewise
+* tests/HTTPServer.pm: Likewise
+* tests/HTTPTest.pm: Likewise
+* tests/Test-proxied-https-auth-keepalive.px: Likewise
+* tests/Test-proxied-https-auth.px: Likewise
+Escape '{' in RE to fix warnings:
+Unescaped left brace in regex is deprecated, passed through in regex;
+marked by <-- HERE in m/{{ <-- HERE port}}/
+---
+ tests/FTPServer.pm                         | 2 +-
+ tests/FTPTest.pm                           | 2 +-
+ tests/HTTPServer.pm                        | 2 +-
+ tests/HTTPTest.pm                          | 2 +-
+ tests/Test-proxied-https-auth-keepalive.px | 2 +-
+ tests/Test-proxied-https-auth.px           | 2 +-
+ 6 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/tests/FTPServer.pm b/tests/FTPServer.pm
+index a5185d66..cac80942 100644
+--- a/tests/FTPServer.pm
++++ b/tests/FTPServer.pm
+@@ -589,7 +589,7 @@ sub new
+     foreach my $file (keys %{$self->{_input}})
+     {
+         my $ref = \$self->{_input}{$file}{content};
+-        $$ref =~ s/{{port}}/$self->sockport/eg;
++        $$ref =~ s/\Q{{port}}/$self->sockport/eg;
+     }
+ 
+     return $self;
+diff --git a/tests/FTPTest.pm b/tests/FTPTest.pm
+index 50385ad0..0a1c768c 100644
+--- a/tests/FTPTest.pm
++++ b/tests/FTPTest.pm
+@@ -53,7 +53,7 @@ sub _substitute_port
+ {
+     my $self = shift;
+     my $ret  = shift;
+-    $ret =~ s/{{port}}/$self->{_server}->sockport/eg;
++    $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg;
+     return $ret;
+ }
+ 
+diff --git a/tests/HTTPServer.pm b/tests/HTTPServer.pm
+index dd8ec043..78609f65 100644
+--- a/tests/HTTPServer.pm
++++ b/tests/HTTPServer.pm
+@@ -310,7 +310,7 @@ sub _substitute_port
+ {
+     my $self = shift;
+     my $ret  = shift;
+-    $ret =~ s/{{port}}/$self->sockport/eg;
++    $ret =~ s/\Q{{port}}/$self->sockport/eg;
+     return $ret;
+ }
+ 
+diff --git a/tests/HTTPTest.pm b/tests/HTTPTest.pm
+index 00f079f8..6225c7f1 100644
+--- a/tests/HTTPTest.pm
++++ b/tests/HTTPTest.pm
+@@ -47,7 +47,7 @@ sub _substitute_port
+ {
+     my $self = shift;
+     my $ret  = shift;
+-    $ret =~ s/{{port}}/$self->{_server}->sockport/eg;
++    $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg;
+     return $ret;
+ }
+ 
+diff --git a/tests/Test-proxied-https-auth-keepalive.px b/tests/Test-proxied-https-auth-keepalive.px
+index 049bebec..2a18ccfd 100755
+--- a/tests/Test-proxied-https-auth-keepalive.px
++++ b/tests/Test-proxied-https-auth-keepalive.px
+@@ -153,7 +153,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"
+     . " --password=Dodgson -e https_proxy=localhost:{{port}}"
+     . " --no-check-certificate"
+     . " https://no.such.domain/needs-auth.txt";
+-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e;
++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e;
+ 
+ if (defined $srcdir) {
+     $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl';
+diff --git a/tests/Test-proxied-https-auth.px b/tests/Test-proxied-https-auth.px
+index ce4e736c..878114e7 100755
+--- a/tests/Test-proxied-https-auth.px
++++ b/tests/Test-proxied-https-auth.px
+@@ -152,7 +152,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"
+     . " --password=Dodgson -e https_proxy=localhost:{{port}}"
+     . " --no-check-certificate"
+     . " https://no.such.domain/needs-auth.txt";
+-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e;
++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e;
+ 
+ if (defined $srcdir) {
+     $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl';
+-- 
+2.14.3
+
diff --git a/net-misc/wget/files/wget-1.19.1-fix-Python-test-suite.patch b/net-misc/wget/files/wget-1.19.1-fix-Python-test-suite.patch
new file mode 100644
index 000000000000..11736675dcc8
--- /dev/null
+++ b/net-misc/wget/files/wget-1.19.1-fix-Python-test-suite.patch
@@ -0,0 +1,172 @@
+Fix python test suite for GnuTLS 3.5.12+
+
+Backport of f42229b1fdf30ee30c6e13b01eb0c4ebd9ea9169
+
+--- a/testenv/Test--rejected-log.py
++++ b/testenv/Test--rejected-log.py
+@@ -14,7 +14,7 @@ mainpage = """
+ </head>
+ <body>
+   <p>
+-    Recurse to a <a href="http://127.0.0.1:{{port}}/secondpage.html">second page</a>.
++    Recurse to a <a href="http://localhost:{{port}}/secondpage.html">second page</a>.
+   </p>
+ </body>
+ </html>
+@@ -27,8 +27,8 @@ secondpage = """
+ </head>
+ <body>
+   <p>
+-    Recurse to a <a href="http://127.0.0.1:{{port}}/thirdpage.html">third page</a>.
+-    Try the blacklisted <a href="http://127.0.0.1:{{port}}/index.html">main page</a>.
++    Recurse to a <a href="http://localhost:{{port}}/thirdpage.html">third page</a>.
++    Try the blacklisted <a href="http://localhost:{{port}}/index.html">main page</a>.
+   </p>
+ </body>
+ </html>
+@@ -41,7 +41,7 @@ thirdpage = """
+ </head>
+ <body>
+   <p>
+-    Try a hidden <a href="http://127.0.0.1:{{port}}/dummy.txt">dummy file</a>.
++    Try a hidden <a href="http://localhost:{{port}}/dummy.txt">dummy file</a>.
+     Try to leave to <a href="http://no.such.domain/">another domain</a>.
+   </p>
+ </body>
+@@ -55,9 +55,9 @@ Disallow: /dummy.txt
+ 
+ log = """\
+ REASON\tU_URL\tU_SCHEME\tU_HOST\tU_PORT\tU_PATH\tU_PARAMS\tU_QUERY\tU_FRAGMENT\tP_URL\tP_SCHEME\tP_HOST\tP_PORT\tP_PATH\tP_PARAMS\tP_QUERY\tP_FRAGMENT
+-BLACKLIST\thttp%3A//127.0.0.1%3A{{port}}/index.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tindex.html\t\t\t\thttp%3A//127.0.0.1%3A{{port}}/secondpage.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tsecondpage.html\t\t\t
+-ROBOTS\thttp%3A//127.0.0.1%3A{{port}}/dummy.txt\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tdummy.txt\t\t\t\thttp%3A//127.0.0.1%3A{{port}}/thirdpage.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tthirdpage.html\t\t\t
+-SPANNEDHOST\thttp%3A//no.such.domain/\tSCHEME_HTTP\tno.such.domain\t80\t\t\t\t\thttp%3A//127.0.0.1%3A{{port}}/thirdpage.html\tSCHEME_HTTP\t127.0.0.1\t{{port}}\tthirdpage.html\t\t\t
++BLACKLIST\thttp%3A//localhost%3A{{port}}/index.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tindex.html\t\t\t\thttp%3A//localhost%3A{{port}}/secondpage.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tsecondpage.html\t\t\t
++ROBOTS\thttp%3A//localhost%3A{{port}}/dummy.txt\tSCHEME_HTTP\tlocalhost\t{{port}}\tdummy.txt\t\t\t\thttp%3A//localhost%3A{{port}}/thirdpage.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tthirdpage.html\t\t\t
++SPANNEDHOST\thttp%3A//no.such.domain/\tSCHEME_HTTP\tno.such.domain\t80\t\t\t\t\thttp%3A//localhost%3A{{port}}/thirdpage.html\tSCHEME_HTTP\tlocalhost\t{{port}}\tthirdpage.html\t\t\t
+ """
+ 
+ dummyfile = "Don't care."
+--- a/testenv/Test--spider-r.py
++++ b/testenv/Test--spider-r.py
+@@ -14,8 +14,8 @@ mainpage = """
+ </head>
+ <body>
+   <p>
+-    Some text and a link to a <a href="http://127.0.0.1:{{port}}/secondpage.html">second page</a>.
+-    Also, a <a href="http://127.0.0.1:{{port}}/nonexistent">broken link</a>.
++    Some text and a link to a <a href="http://localhost:{{port}}/secondpage.html">second page</a>.
++    Also, a <a href="http://localhost:{{port}}/nonexistent">broken link</a>.
+   </p>
+ </body>
+ </html>
+@@ -29,8 +29,8 @@ secondpage = """
+ </head>
+ <body>
+   <p>
+-    Some text and a link to a <a href="http://127.0.0.1:{{port}}/thirdpage.html">third page</a>.
+-    Also, a <a href="http://127.0.0.1:{{port}}/nonexistent">broken link</a>.
++    Some text and a link to a <a href="http://localhost:{{port}}/thirdpage.html">third page</a>.
++    Also, a <a href="http://localhost:{{port}}/nonexistent">broken link</a>.
+   </p>
+ </body>
+ </html>
+@@ -43,8 +43,8 @@ thirdpage = """
+ </head>
+ <body>
+   <p>
+-    Some text and a link to a <a href="http://127.0.0.1:{{port}}/dummy.txt">text file</a>.
+-    Also, another <a href="http://127.0.0.1:{{port}}/againnonexistent">broken link</a>.
++    Some text and a link to a <a href="http://localhost:{{port}}/dummy.txt">text file</a>.
++    Also, another <a href="http://localhost:{{port}}/againnonexistent">broken link</a>.
+   </p>
+ </body>
+ </html>
+--- a/testenv/certs/server-cert.pem
++++ b/testenv/certs/server-cert.pem
+@@ -1,21 +1,21 @@
+ -----BEGIN CERTIFICATE-----
+-MIIDgDCCAmigAwIBAgIIVGI73zrIeeMwDQYJKoZIhvcNAQELBQAwMDERMA8GA1UE
+-AxMIR05VIFdnZXQxDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTAiGA8yMDE0
+-MTExMTE2NDAwMFoYDzk5OTkxMjMxMjM1OTU5WjAxMRIwEAYDVQQDEwkxMjcuMC4w
+-LjExDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTCCASIwDQYJKoZIhvcNAQEB
+-BQADggEPADCCAQoCggEBAMjC3Gt55EfStl6mE371+pD3/cpR5MLxkdbBss5MlIP2
+-TDhiPOItLXml8oxs4BjUm3wfn3GV9iJLmbzbIWL+0kbRkQ2LCPKUf+Cln3z2ZE+r
+-XwdWlT8gVfv51Opfkp2lLDVUqLfNKRGQgivjSCmLqY2LqeB0SaVNvuaD3EpqZyIH
+-0E5SZgjqBHgRRtvGkcy0rOmp5SI2NASLugUioXa9OLWjpYDwodsd3ERlL0DJ1aJW
+-8TC8Tqix4i0osWzar+LXBIin0Qvar9/uRHN0p1kq3p0XgNHKqWpiTT54+WYx7Pem
+-v4qRXz11swiJzUL+Pw1DurQ9smbzDgAsz7V2FJnUeCcCAwEAAaOBmDCBlTAMBgNV
+-HRMBAf8EAjAAMB8GA1UdEQQYMBaCCTEyNy4wLjAuMYIJbG9jYWxob3N0MBMGA1Ud
+-JQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJfm323L
+-JbKTM/tMKSt0qlUqewbnMB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tU
+-MA0GCSqGSIb3DQEBCwUAA4IBAQCDmuSD4IGmn0UQ5jhGQquh92Iu59j64Rrg7EIM
+-zoppciyYR8gDUutOI9CEisxJz6umvAdOo5L981gcFaBv6hHWaE/krAZccR+ZXZP6
+-fI9btO8My8O63fYcd2KkLEFqvKDF43i01S2LrqXdPo3uELbFZwxCmUKsexFGsoW1
+-CbXbRjnS7w/f72myRmvBeDiNMuGfe1lb4IflybH3DMlKC7i0AN1JKglp+IKn5XAE
+-neWR03i3UaYJsibIxj0DkTS+hVPu5MXQ9RlF5CkRdFKjGinLE/u70XyAyx0/IeAN
+-e7c2MJvpdfRmTXm2ew4sNyK9RXo7Bv0Yqkl65iMscF8LNnxL
++MIIDdzCCAl+gAwIBAgIMWWD1GB1UFkEICdQvMA0GCSqGSIb3DQEBCwUAMDAxETAP
++BgNVBAMTCEdOVSBXZ2V0MQ0wCwYDVQQLEwRXZ2V0MQwwCgYDVQQKEwNHTlUwIBcN
++MTcwNzA4MTUwNzA0WhgPOTk5OTEyMzEyMzU5NTlaMDExEjAQBgNVBAMTCTEyNy4w
++LjAuMTENMAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VMIIBIjANBgkqhkiG9w0B
++AQEFAAOCAQ8AMIIBCgKCAQEAyMLca3nkR9K2XqYTfvX6kPf9ylHkwvGR1sGyzkyU
++g/ZMOGI84i0teaXyjGzgGNSbfB+fcZX2IkuZvNshYv7SRtGRDYsI8pR/4KWffPZk
++T6tfB1aVPyBV+/nU6l+SnaUsNVSot80pEZCCK+NIKYupjYup4HRJpU2+5oPcSmpn
++IgfQTlJmCOoEeBFG28aRzLSs6anlIjY0BIu6BSKhdr04taOlgPCh2x3cRGUvQMnV
++olbxMLxOqLHiLSixbNqv4tcEiKfRC9qv3+5Ec3SnWSrenReA0cqpamJNPnj5ZjHs
++96a/ipFfPXWzCInNQv4/DUO6tD2yZvMOACzPtXYUmdR4JwIDAQABo4GNMIGKMAwG
++A1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsG
++AQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJfm323LJbKTM/tMKSt0
++qlUqewbnMB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tUMA0GCSqGSIb3
++DQEBCwUAA4IBAQC1a0NQfmqT8Ky/BFo5H+G+GoQTlqi3J83ujAMdLUD57zYCEyDL
++XzAhMPfrOSLPDcQb0ooD1Ie+Rz8Xs1h00cD2OGKwH479+nisF5ksqJVJ4fn/aNFE
++6W2Xb3MCB+4FRdmy0UeDDA6N2OpVskCM30s9tmovlBLVK46HogdLvy/O1o7z/gbx
++vV8luevxobnevZ3NdWLyVE3BJZiThBHmZUvL1XNy4KAR4wDAkbCwoTN/JkehTu0i
++WR6DaG7N7M6psc7rctfzRqimlAkxnoAUwc8LwNLTB3v613xXX8iSUsLKsh6pQfZR
++e5wnYQIS4MzowvDx8WevTPMRKlN72d8HHuv9
+ -----END CERTIFICATE-----
+--- a/testenv/certs/server-crl.pem
++++ b/testenv/certs/server-crl.pem
+@@ -1,12 +1,12 @@
+ -----BEGIN X509 CRL-----
+-MIIB1DCBvQIBATANBgkqhkiG9w0BAQsFADAwMREwDwYDVQQDEwhHTlUgV2dldDEN
+-MAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VGA8yMDE0MTExMTE2NDU1NFoYDzk5
+-OTkxMjMxMjM1OTU5WjAdMBsCCFRiO986yHnjGA8yMDE0MTExMTE2NDU1NFqgNjA0
+-MB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tUMBEGA1UdFAQKAghUYj1E
+-KHs9ijANBgkqhkiG9w0BAQsFAAOCAQEAZgwqs1VOFG39dFHHMXvBr4eJfhwiG4bC
+-cL6IvLhvl9ikcyQMHrpOBtNjkCtgclSbJjjTDdera1+zuCWE0WBOJ4mojYdAIOhR
+-QvSwp4NwAtibu2F/fjeXoo+LEpcRKtLvAotB30eCZ1OPrijsa/HxFILOLlayjns8
+-wM4RmQC4o43y1G/1jqM8hGDg4Wz0j1URVuyP+pU55JpubV5LlExy3gIRwevD2lam
+-q3hiighenJYFO3HGZkYT2SIoSpXZnQqKPJ4HwRBSg/cjOpc1y1lIIvKhmk+Cut6M
+-+S5HL4pIk8vGYg57nTfOOkj1goqFkfU0DBqvVAZj02ay/VIDu61T1g==
++MIIB1jCBvwIBATANBgkqhkiG9w0BAQsFADAwMREwDwYDVQQDEwhHTlUgV2dldDEN
++MAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VFw0xNzA3MDgxNTA3MDRaFw0xODA3
++MDgxNTA3MDRaMB8wHQIMWWD1GB1UFkEICdQvFw0xNzA3MDgxNTA3MDRaoDowODAf
++BgNVHSMEGDAWgBTzPk44hEqpvsFvx2GjUNpuKYvrVDAVBgNVHRQEDgIMWWD1GB4C
++YfERSnyEMA0GCSqGSIb3DQEBCwUAA4IBAQAAKu+Lum1l/XtcCJ43WveouPK97iOE
++bjUZWaGYx8Ys/iBdhTa1GXG+E+JuyqgyHTW0HrWJi1D+GiYmsjPJXoEgVgtxXEQ7
++8b3NyIQ8OCsSTTlVCmLECN9R0xlsitzH+HXOaIEs5sbmIxCnxu+brqno9gQocmCv
++LHYvoSxsSsOCkkmodbYtKssl2dBonvQPSijN/z3NhZ259e2U3Yv4V7/MrEoTvOxg
++M0GC0u0Nx86EWbq0sWeiUu270Qk9En5YGNtRhkeq0bXerJswmMAmvrtuKdyfouny
++4WMvtn30xsO3WwWSV2oyrDSN/IQdDbcmul/bg8ewqlnN77cVf2m70c/W
+ -----END X509 CRL-----
+--- a/testenv/certs/server-template.cfg
++++ b/testenv/certs/server-template.cfg
+@@ -68,7 +68,6 @@ expiration_days = -1
+ # X.509 v3 extensions
+ 
+ # A dnsname in case of a WWW server.
+-dns_name = "127.0.0.1"
+ dns_name = "localhost"
+ 
+ # A subject alternative name URI
+--- a/testenv/test/base_test.py
++++ b/testenv/test/base_test.py
+@@ -90,7 +90,7 @@ class BaseTest:
+             # ports and etc.
+             # so we should record different domains respect to servers.
+             domain = self.get_domain_addr(instance.server_address)
+-            self.domains.append(domain[0])
++            self.domains.append('localhost')
+             self.ports.append(domain[1])
+ 
+     def exec_wget(self):
diff --git a/net-misc/wget/wget-1.19.1-r2.ebuild b/net-misc/wget/wget-1.19.1-r2.ebuild
new file mode 100644
index 000000000000..8d84a93dfa73
--- /dev/null
+++ b/net-misc/wget/wget-1.19.1-r2.ebuild
@@ -0,0 +1,115 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+PYTHON_COMPAT=( python3_{4,5,6} )
+
+inherit flag-o-matic python-any-r1 toolchain-funcs
+
+DESCRIPTION="Network utility to retrieve files from the WWW"
+HOMEPAGE="https://www.gnu.org/software/wget/"
+SRC_URI="mirror://gnu/wget/${P}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib"
+REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )"
+
+# Force a newer libidn2 to avoid libunistring deps. #612498
+LIB_DEPEND="idn? ( >=net-dns/libidn2-0.14[static-libs(+)] )
+	pcre? ( dev-libs/libpcre[static-libs(+)] )
+	ssl? (
+		gnutls? ( net-libs/gnutls:0=[static-libs(+)] )
+		!gnutls? (
+			!libressl? ( dev-libs/openssl:0=[static-libs(+)] )
+			libressl? ( dev-libs/libressl[static-libs(+)] )
+		)
+	)
+	uuid? ( sys-apps/util-linux[static-libs(+)] )
+	zlib? ( sys-libs/zlib[static-libs(+)] )"
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )"
+DEPEND="${RDEPEND}
+	app-arch/xz-utils
+	virtual/pkgconfig
+	static? ( ${LIB_DEPEND} )
+	test? (
+		${PYTHON_DEPS}
+		dev-lang/perl
+		dev-perl/HTTP-Daemon
+		dev-perl/HTTP-Message
+		dev-perl/IO-Socket-SSL
+	)
+	nls? ( sys-devel/gettext )"
+
+DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc )
+
+PATCHES=(
+	"${FILESDIR}"/${P}-CRLF_injection.patch
+	"${FILESDIR}"/${PN}-1.19.1-fix-Perl-warnings-in-tests.patch
+	"${FILESDIR}"/${PN}-1.19.1-fix-Python-test-suite.patch
+	"${FILESDIR}"/${PN}-1.19.1-CVE-2017-13089.patch
+	"${FILESDIR}"/${PN}-1.19.1-CVE-2017-13090.patch
+)
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	# revert some hack that breaks linking, bug #585924
+	if [[ ${CHOST} == *-darwin* ]] || [[ ${CHOST} == *-solaris* ]] || [[ ${CHOST} == *-uclibc* ]]; then
+		sed -i \
+			-e 's/^  LIBICONV=$/:/' \
+			configure || die
+	fi
+}
+
+src_configure() {
+	# fix compilation on Solaris, we need filio.h for FIONBIO as used in
+	# the included gnutls -- force ioctl.h to include this header
+	[[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1
+
+	if use static ; then
+		append-ldflags -static
+		tc-export PKG_CONFIG
+		PKG_CONFIG+=" --static"
+	fi
+
+	# There is no flag that controls this.  libunistring-prefix only
+	# controls the search path (which is why we turn it off below).
+	# Further, libunistring is only needed w/older libidn2 installs,
+	# and since we force the latest, we can force off libunistring. #612498
+	ac_cv_libunistring=no \
+	econf \
+		--disable-assert \
+		--disable-rpath \
+		--without-included-libunistring \
+		--without-libunistring-prefix \
+		$(use_enable debug) \
+		$(use_enable idn iri) \
+		$(use_enable ipv6) \
+		$(use_enable nls) \
+		$(use_enable ntlm) \
+		$(use_enable pcre) \
+		$(use_enable ssl digest) \
+		$(use_enable ssl opie) \
+		$(use_with idn libidn) \
+		$(use_with ssl ssl $(usex gnutls gnutls openssl)) \
+		$(use_with uuid libuuid) \
+		$(use_with zlib)
+}
+
+src_install() {
+	default
+
+	sed -i \
+		-e "s:/usr/local/etc:${EPREFIX}/etc:g" \
+		"${ED}"/etc/wgetrc \
+		"${ED}"/usr/share/man/man1/wget.1 \
+		"${ED}"/usr/share/info/wget.info \
+		|| die
+}
diff --git a/net-misc/wget/wget-1.19.2.ebuild b/net-misc/wget/wget-1.19.2.ebuild
new file mode 100644
index 000000000000..454b396597e1
--- /dev/null
+++ b/net-misc/wget/wget-1.19.2.ebuild
@@ -0,0 +1,107 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+PYTHON_COMPAT=( python3_{4,5,6} )
+
+inherit flag-o-matic python-any-r1 toolchain-funcs
+
+DESCRIPTION="Network utility to retrieve files from the WWW"
+HOMEPAGE="https://www.gnu.org/software/wget/"
+SRC_URI="mirror://gnu/wget/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib"
+REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )"
+
+# Force a newer libidn2 to avoid libunistring deps. #612498
+LIB_DEPEND="idn? ( >=net-dns/libidn2-0.14[static-libs(+)] )
+	pcre? ( dev-libs/libpcre[static-libs(+)] )
+	ssl? (
+		gnutls? ( net-libs/gnutls:0=[static-libs(+)] )
+		!gnutls? (
+			!libressl? ( dev-libs/openssl:0=[static-libs(+)] )
+			libressl? ( dev-libs/libressl[static-libs(+)] )
+		)
+	)
+	uuid? ( sys-apps/util-linux[static-libs(+)] )
+	zlib? ( sys-libs/zlib[static-libs(+)] )"
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )"
+DEPEND="${RDEPEND}
+	app-arch/xz-utils
+	virtual/pkgconfig
+	static? ( ${LIB_DEPEND} )
+	test? (
+		${PYTHON_DEPS}
+		dev-lang/perl
+		dev-perl/HTTP-Daemon
+		dev-perl/HTTP-Message
+		dev-perl/IO-Socket-SSL
+	)
+	nls? ( sys-devel/gettext )"
+
+DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc )
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	# revert some hack that breaks linking, bug #585924
+	if [[ ${CHOST} == *-darwin* ]] || [[ ${CHOST} == *-solaris* ]] || [[ ${CHOST} == *-uclibc* ]]; then
+		sed -i \
+			-e 's/^  LIBICONV=$/:/' \
+			configure || die
+	fi
+}
+
+src_configure() {
+	# fix compilation on Solaris, we need filio.h for FIONBIO as used in
+	# the included gnutls -- force ioctl.h to include this header
+	[[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1
+
+	if use static ; then
+		append-ldflags -static
+		tc-export PKG_CONFIG
+		PKG_CONFIG+=" --static"
+	fi
+
+	# There is no flag that controls this.  libunistring-prefix only
+	# controls the search path (which is why we turn it off below).
+	# Further, libunistring is only needed w/older libidn2 installs,
+	# and since we force the latest, we can force off libunistring. #612498
+	ac_cv_libunistring=no \
+	econf \
+		--disable-assert \
+		--disable-rpath \
+		--without-included-libunistring \
+		--without-libunistring-prefix \
+		$(use_enable debug) \
+		$(use_enable idn iri) \
+		$(use_enable ipv6) \
+		$(use_enable nls) \
+		$(use_enable ntlm) \
+		$(use_enable pcre) \
+		$(use_enable ssl digest) \
+		$(use_enable ssl opie) \
+		$(use_with idn libidn) \
+		$(use_with ssl ssl $(usex gnutls gnutls openssl)) \
+		$(use_with uuid libuuid) \
+		$(use_with zlib)
+}
+
+src_install() {
+	default
+
+	sed -i \
+		-e "s:/usr/local/etc:${EPREFIX}/etc:g" \
+		"${ED}"/etc/wgetrc \
+		"${ED}"/usr/share/man/man1/wget.1 \
+		"${ED}"/usr/share/info/wget.info \
+		|| die
+}
-- 
cgit v1.2.3