From d95d85fd10224f053f02b8a57cf2ce369dc46442 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 14 2019 18:38:58 +0000 Subject: import wget-1.14-18.el7_6.1 --- diff --git a/SOURCES/wget-1.14-CVE-2019-5953.patch b/SOURCES/wget-1.14-CVE-2019-5953.patch new file mode 100644 index 0000000..8ae17a3 --- /dev/null +++ b/SOURCES/wget-1.14-CVE-2019-5953.patch @@ -0,0 +1,26 @@ +diff --git a/src/iri.c b/src/iri.c +index 9b16639..da9dc7f 100644 +--- a/src/iri.c ++++ b/src/iri.c +@@ -183,17 +183,12 @@ do_conversion (iconv_t cd, char *in, size_t inlen, char **out) + } + else if (errno == E2BIG) /* Output buffer full */ + { +- char *new; +- + tooshort++; + done = len; +- outlen = done + inlen * 2; +- new = xmalloc (outlen + 1); +- memcpy (new, s, done); +- xfree (s); +- s = new; +- len = outlen; +- *out = s + done; ++ len = done + inlen * 2; ++ s = xrealloc (s, len + 1); ++ *out = s + done - outlen; ++ outlen += inlen * 2; + } + else /* Weird, we got an unspecified error */ + { diff --git a/SPECS/wget.spec b/SPECS/wget.spec index a3b091a..5f3a055 100644 --- a/SPECS/wget.spec +++ b/SPECS/wget.spec @@ -1,7 +1,7 @@ Summary: A utility for retrieving files using the HTTP or FTP protocols Name: wget Version: 1.14 -Release: 18%{?dist} +Release: 18%{?dist}.1 License: GPLv3+ Group: Applications/Internet Url: http://www.gnu.org/software/wget/ @@ -41,6 +41,10 @@ Patch21: wget-1.14-CVE-2017-13090.patch Patch22: wget-1.14-digest-auth-qop-segfault-fix.patch # https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd Patch23: wget-1.14-CVE-2018-0494.patch +# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=cbbeca2af4962a648a2373b35cf8e497e11d90fd +# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c +# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17 +Patch24: wget-1.14-CVE-2019-5953.patch Provides: webclient Provides: bundled(gnulib) @@ -85,6 +89,7 @@ support for Proxy servers, and configurability. %patch21 -p1 -b .CVE-2017-13090 %patch22 -p1 -b .digest-auth-segfault %patch23 -p1 -b .CVE-2018-0494 +%patch24 -p1 -b .CVE-2019-5953 %build if pkg-config openssl ; then @@ -124,6 +129,9 @@ make check %{_infodir}/* %changelog +* Fri Apr 05 2019 Tomas Hozza - 1.14-18.1 +- Fix CVE-2019-5953 (#1696733) + * Wed May 09 2018 Tomas Hozza - 1.14-18 - Fix CVE-2018-0494 (#1576106)