diff --git a/SOURCES/wget-1.14-CVE-2018-0494.patch b/SOURCES/wget-1.14-CVE-2018-0494.patch new file mode 100644 index 0000000..25f9a3d --- /dev/null +++ b/SOURCES/wget-1.14-CVE-2018-0494.patch @@ -0,0 +1,43 @@ +diff --git a/src/http.c b/src/http.c +index b45c404..aa4fd25 100644 +--- a/src/http.c ++++ b/src/http.c +@@ -605,9 +605,9 @@ struct response { + resp_header_*. */ + + static struct response * +-resp_new (const char *head) ++resp_new (char *head) + { +- const char *hdr; ++ char *hdr; + int count, size; + + struct response *resp = xnew0 (struct response); +@@ -636,15 +636,23 @@ resp_new (const char *head) + break; + + /* Find the end of HDR, including continuations. */ +- do ++ for (;;) + { +- const char *end = strchr (hdr, '\n'); ++ char *end = strchr (hdr, '\n'); ++ + if (end) + hdr = end + 1; + else + hdr += strlen (hdr); ++ ++ if (*hdr != ' ' && *hdr != '\t') ++ break; ++ ++ // continuation, transform \r and \n into spaces ++ *end = ' '; ++ if (end > head && end[-1] == '\r') ++ end[-1] = ' '; + } +- while (*hdr == ' ' || *hdr == '\t'); + } + DO_REALLOC (resp->headers, size, count + 1, const char *); + resp->headers[count] = NULL; diff --git a/SOURCES/wget-1.14-digest-auth-qop-segfault-fix.patch b/SOURCES/wget-1.14-digest-auth-qop-segfault-fix.patch new file mode 100644 index 0000000..0679c13 --- /dev/null +++ b/SOURCES/wget-1.14-digest-auth-qop-segfault-fix.patch @@ -0,0 +1,22 @@ +diff --git a/src/http.c b/src/http.c +index 5ee1c93..b45c404 100644 +--- a/src/http.c ++++ b/src/http.c +@@ -3728,7 +3728,7 @@ digest_authentication_encode (const char *au, const char *user, + md5_finish_ctx (&ctx, hash); + dump_hash (a2buf, hash); + +- if (!strcmp(qop,"auth")) ++ if (qop && !strcmp(qop,"auth")) + { + /* RFC 2617 Digest Access Authentication */ + /* generate random hex string */ +@@ -3776,7 +3776,7 @@ digest_authentication_encode (const char *au, const char *user, + + res = xmalloc (res_size); + +- if (!strcmp(qop,"auth")) ++ if (qop && !strcmp (qop, "auth")) + { + snprintf (res, res_size, "Digest "\ + "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\""\ diff --git a/SPECS/wget.spec b/SPECS/wget.spec index 9972948..a3b091a 100644 --- a/SPECS/wget.spec +++ b/SPECS/wget.spec @@ -1,7 +1,7 @@ Summary: A utility for retrieving files using the HTTP or FTP protocols Name: wget Version: 1.14 -Release: 15%{?dist}.1 +Release: 18%{?dist} License: GPLv3+ Group: Applications/Internet Url: http://www.gnu.org/software/wget/ @@ -36,6 +36,11 @@ Patch18: wget-1.14-add-openssl-tlsv11-tlsv12-support.patch Patch19: wget-1.14-fix-synchronization-in-Test-proxied-https-auth.patch Patch20: wget-1.14-CVE-2017-13089.patch Patch21: wget-1.14-CVE-2017-13090.patch +# Partial backport without setting the default algorithm +# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e9cc8b2f7c4678b832ad56f7119bba86a8db08ef +Patch22: wget-1.14-digest-auth-qop-segfault-fix.patch +# https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd +Patch23: wget-1.14-CVE-2018-0494.patch Provides: webclient Provides: bundled(gnulib) @@ -78,6 +83,8 @@ support for Proxy servers, and configurability. %patch19 -p1 -b .test_synch_fix %patch20 -p1 -b .CVE-2017-13089 %patch21 -p1 -b .CVE-2017-13090 +%patch22 -p1 -b .digest-auth-segfault +%patch23 -p1 -b .CVE-2018-0494 %build if pkg-config openssl ; then @@ -117,7 +124,13 @@ make check %{_infodir}/* %changelog -* Tue Oct 24 2017 Tomas Hozza - 1.14-15.1 +* Wed May 09 2018 Tomas Hozza - 1.14-18 +- Fix CVE-2018-0494 (#1576106) + +* Mon Apr 23 2018 Tomas Hozza - 1.14-17 +- Fix segfault when Digest Authentication header is missing 'qop' part (#1545310) + +* Tue Oct 24 2017 Tomas Hozza - 1.14-16 - Fixed various security flaws (CVE-2017-13089, CVE-2017-13090) * Fri May 05 2017 Tomas Hozza - 1.14-15