On Tue Oct 31, 2017 at 01:02:44PM +0100, Rafael Sadowski wrote: > On Tue Oct 31, 2017 at 12:20:26PM +0100, Rafael Sadowski wrote: > > Hi All, > > > > Update Wget to the latest stable version 1.19.1. This version includes > > the following CVE patches: > > > > "Fix stack overflow in HTTP protocol handling (CVE-2017-13089)" > > http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f > > > > "Fix heap overflow in HTTP protocol handling (CVE-2017-13090)" > > http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba > > > > 1.19.1 provide only .tar.lz and tar.gz. Since we don't support *.lz, I > > have decided to *.gz > > > > Also please find attached a diff for -stable. > > > > Forget the attachment, so here it is inline: >
*ping-stable* > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/net/wget/Makefile,v > retrieving revision 1.72 > diff -u -p -u -p -r1.72 Makefile > --- Makefile 22 Feb 2017 02:49:25 -0000 1.72 > +++ Makefile 31 Oct 2017 11:09:04 -0000 > @@ -4,6 +4,7 @@ COMMENT = retrieve files from the web vi > > DISTNAME = wget-1.19.1 > CATEGORIES = net > +REVISION = 0 > > HOMEPAGE = https://www.gnu.org/software/wget/ > > Index: patches/patch-src_http_c > =================================================================== > RCS file: patches/patch-src_http_c > diff -N patches/patch-src_http_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_http_c 31 Oct 2017 11:09:04 -0000 > @@ -0,0 +1,16 @@ > +$OpenBSD$ > +Fix stack overflow in HTTP protocol handling (CVE-2017-13089) > +Commit from upstream d892291fb8ace4c3b734ea5125770989c215df3f > +Index: src/http.c > +--- src/http.c.orig > ++++ src/http.c > +@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked) > + remaining_chunk_size = strtol (line, &endl, 16); > + xfree (line); > + > ++ if (remaining_chunk_size < 0) > ++ return false; > ++ > + if (remaining_chunk_size == 0) > + { > + line = fd_read_line (fd); > Index: patches/patch-src_retr_c > =================================================================== > RCS file: patches/patch-src_retr_c > diff -N patches/patch-src_retr_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_retr_c 31 Oct 2017 11:09:04 -0000 > @@ -0,0 +1,19 @@ > +$OpenBSD$ > +Fix heap overflow in HTTP protocol handling (CVE-2017-13090) > +Commit from upstream ba6b44f6745b14dce414761a8e4b35d31b176bba > +Index: src/retr.c > +--- src/retr.c.orig > ++++ src/retr.c > +@@ -320,6 +320,12 @@ fd_read_body (const char *downloaded_filename, int fd, > + remaining_chunk_size = strtol (line, &endl, 16); > + xfree (line); > + > ++ if (remaining_chunk_size < 0) > ++ { > ++ ret = -1; > ++ break; > ++ } > ++ > + if (remaining_chunk_size == 0) > + { > + ret = 0; >
