On Tue Oct 31, 2017 at 12:20:26PM +0100, Rafael Sadowski wrote:
> Hi All,
>
> Update Wget to the latest stable version 1.19.1. This version includes
> the following CVE patches:
>
> "Fix stack overflow in HTTP protocol handling (CVE-2017-13089)"
> http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f
>
> "Fix heap overflow in HTTP protocol handling (CVE-2017-13090)"
> http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba
>
> 1.19.1 provide only .tar.lz and tar.gz. Since we don't support *.lz, I
> have decided to *.gz
>
> Also please find attached a diff for -stable.
>
Forget the attachment, so here it is inline:
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/wget/Makefile,v
retrieving revision 1.72
diff -u -p -u -p -r1.72 Makefile
--- Makefile 22 Feb 2017 02:49:25 -0000 1.72
+++ Makefile 31 Oct 2017 11:09:04 -0000
@@ -4,6 +4,7 @@ COMMENT = retrieve files from the web vi
DISTNAME = wget-1.19.1
CATEGORIES = net
+REVISION = 0
HOMEPAGE = https://www.gnu.org/software/wget/
Index: patches/patch-src_http_c
===================================================================
RCS file: patches/patch-src_http_c
diff -N patches/patch-src_http_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_http_c 31 Oct 2017 11:09:04 -0000
@@ -0,0 +1,16 @@
+$OpenBSD$
+Fix stack overflow in HTTP protocol handling (CVE-2017-13089)
+Commit from upstream d892291fb8ace4c3b734ea5125770989c215df3f
+Index: src/http.c
+--- src/http.c.orig
++++ src/http.c
+@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked)
+ remaining_chunk_size = strtol (line, &endl, 16);
+ xfree (line);
+
++ if (remaining_chunk_size < 0)
++ return false;
++
+ if (remaining_chunk_size == 0)
+ {
+ line = fd_read_line (fd);
Index: patches/patch-src_retr_c
===================================================================
RCS file: patches/patch-src_retr_c
diff -N patches/patch-src_retr_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_retr_c 31 Oct 2017 11:09:04 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+Fix heap overflow in HTTP protocol handling (CVE-2017-13090)
+Commit from upstream ba6b44f6745b14dce414761a8e4b35d31b176bba
+Index: src/retr.c
+--- src/retr.c.orig
++++ src/retr.c
+@@ -320,6 +320,12 @@ fd_read_body (const char *downloaded_filename, int fd,
+ remaining_chunk_size = strtol (line, &endl, 16);
+ xfree (line);
+
++ if (remaining_chunk_size < 0)
++ {
++ ret = -1;
++ break;
++ }
++
+ if (remaining_chunk_size == 0)
+ {
+ ret = 0;
No comments:
Post a Comment