diff --git a/SOURCES/wget-1.14-CVE-2017-13089.patch b/SOURCES/wget-1.14-CVE-2017-13089.patch new file mode 100644 index 0000000..4f04364 --- /dev/null +++ b/SOURCES/wget-1.14-CVE-2017-13089.patch @@ -0,0 +1,18 @@ +@@ -, +, @@ + (CVE-2017-13089) +--- + src/http.c | 3 +++ + 1 file changed, 3 insertions(+) +--- a/src/http.c ++++ a/src/http.c +@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked) + remaining_chunk_size = strtol (line, &endl, 16); + xfree (line); + ++ if (remaining_chunk_size < 0) ++ return false; ++ + if (remaining_chunk_size == 0) + { + line = fd_read_line (fd); +-- diff --git a/SOURCES/wget-1.14-CVE-2017-13090.patch b/SOURCES/wget-1.14-CVE-2017-13090.patch new file mode 100644 index 0000000..634625f --- /dev/null +++ b/SOURCES/wget-1.14-CVE-2017-13090.patch @@ -0,0 +1,21 @@ +@@ -, +, @@ + (CVE-2017-13090) +--- + src/retr.c | 6 ++++++ + 1 file changed, 6 insertions(+) +--- a/src/retr.c ++++ a/src/retr.c +@@ -378,6 +378,12 @@ fd_read_body (const char *downloaded_filename, int fd, FILE *out, wgint toread, + remaining_chunk_size = strtol (line, &endl, 16); + xfree (line); + ++ if (remaining_chunk_size < 0) ++ { ++ ret = -1; ++ break; ++ } ++ + if (remaining_chunk_size == 0) + { + ret = 0; +-- diff --git a/SPECS/wget.spec b/SPECS/wget.spec index 1cd541a..9972948 100644 --- a/SPECS/wget.spec +++ b/SPECS/wget.spec @@ -1,7 +1,7 @@ Summary: A utility for retrieving files using the HTTP or FTP protocols Name: wget Version: 1.14 -Release: 15%{?dist} +Release: 15%{?dist}.1 License: GPLv3+ Group: Applications/Internet Url: http://www.gnu.org/software/wget/ @@ -34,6 +34,8 @@ Patch18: wget-1.14-add-openssl-tlsv11-tlsv12-support.patch # commit 3eff3ad69a46364475e1f4abdf9412cfa87e3d6c # commit 2303793a626158627bdb2ac255e0f58697682b24 Patch19: wget-1.14-fix-synchronization-in-Test-proxied-https-auth.patch +Patch20: wget-1.14-CVE-2017-13089.patch +Patch21: wget-1.14-CVE-2017-13090.patch Provides: webclient Provides: bundled(gnulib) @@ -72,8 +74,10 @@ support for Proxy servers, and configurability. %patch15 -p1 %patch16 -p1 %patch17 -p1 -%patch18 -p1 -b tls11_tls12 -%patch19 -p1 -b test_synch_fix +%patch18 -p1 -b .tls11_tls12 +%patch19 -p1 -b .test_synch_fix +%patch20 -p1 -b .CVE-2017-13089 +%patch21 -p1 -b .CVE-2017-13090 %build if pkg-config openssl ; then @@ -113,6 +117,9 @@ make check %{_infodir}/* %changelog +* Tue Oct 24 2017 Tomas Hozza - 1.14-15.1 +- Fixed various security flaws (CVE-2017-13089, CVE-2017-13090) + * Fri May 05 2017 Tomas Hozza - 1.14-15 - Added TLSv1_1 and TLSv1_2 as secure-protocol values to help (#1439811) - Fixed synchronization in randomly failing unit test Test-proxied-https-auth (#1448440)