From 15c8d96ebd0930f456470e8e1a0e77250dfbe4f8 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: May 07 2019 19:24:19 +0000
Subject: import wget-1.19.5-7.el8_0.1


---

diff --git a/SOURCES/wget-1.19.5-CVE-2019-5953.patch b/SOURCES/wget-1.19.5-CVE-2019-5953.patch
new file mode 100644
index 0000000..767fe98
--- /dev/null
+++ b/SOURCES/wget-1.19.5-CVE-2019-5953.patch
@@ -0,0 +1,18 @@
+diff --git a/src/iri.c b/src/iri.c
+index 7dcf3ac..1c8695c 100644
+--- a/src/iri.c
++++ b/src/iri.c
+@@ -189,9 +189,10 @@ do_conversion (const char *tocode, const char *fromcode, char const *in_org, siz
+         {
+           tooshort++;
+           done = len;
+-          len = outlen = done + inlen * 2;
+-          s = xrealloc (s, outlen + 1);
+-          *out = s + done;
++          len = done + inlen * 2;
++          s = xrealloc (s, len + 1);
++          *out = s + done - outlen;
++          outlen += inlen * 2;
+         }
+       else /* Weird, we got an unspecified error */
+         {
diff --git a/SPECS/wget.spec b/SPECS/wget.spec
index 8e2d8ec..1444747 100644
--- a/SPECS/wget.spec
+++ b/SPECS/wget.spec
@@ -1,7 +1,7 @@
 Summary: A utility for retrieving files using the HTTP or FTP protocols
 Name: wget
 Version: 1.19.5
-Release: 7%{?dist}
+Release: 7%{?dist}.1
 License: GPLv3+
 Group: Applications/Internet
 Url: http://www.gnu.org/software/wget/
@@ -14,6 +14,9 @@ Patch4: wget-1.19.5-Add-TLS-1.3-support-for-GnuTLS.patch
 Patch5: wget-1.19.5-Enable-post-handshake-auth-under-gnutls-on-TLS1.3.patch
 Patch6: wget-1.19.5-Dont-use-extended-attributes---xattr-by-default.patch
 Patch7: wget-1.19.5-Dont-save-userpw-with---xattr.patch
+# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
+# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17
+Patch8: wget-1.19.5-CVE-2019-5953.patch
 
 Provides: webclient
 Provides: bundled(gnulib) 
@@ -46,6 +49,7 @@ grep "PACKAGE_STRING='wget .* (Red Hat modified)'" configure || exit 1
 %patch5 -p1 -b .post_auth_tls13
 %patch6 -p1 -b .no_xattr_by_default
 %patch7 -p1 -b .no_userpw_in_xattr
+%patch8 -p1 -b .CVE-2019-5953
 
 %build
 %configure \
@@ -92,6 +96,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_infodir}/*
 
 %changelog
+* Sun Apr 07 2019 Tomas Hozza <thozza@redhat.com> - 1.19.5-7.1
+- Fix CVE-2019-5953 (#1696735)
+
 * Thu Jan 10 2019 Tomas Hozza <thozza@redhat.com> - 1.19.5-7
 - Fix information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)