rpms/wget
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import wget-1.19.5-7.el8_0.1

Browse Source
This commit is contained in:
CentOS Sources 2019-05-07 15:24:19 -04:00 committed by Andrew Lukoshko
parent 5ed1ed08af
commit 211ebae8be
2 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
SOURCES/wget-1.19.5-CVE-2019-5953.patch Normal file
View File

@ -0,0 +1,18 @@
diff --git a/src/iri.c b/src/iri.c
index 7dcf3ac..1c8695c 100644
--- a/src/iri.c
+++ b/src/iri.c
@@ -189,9 +189,10 @@ do_conversion (const char *tocode, const char *fromcode, char const *in_org, siz
{
tooshort++;
done = len;
- len = outlen = done + inlen * 2;
- s = xrealloc (s, outlen + 1);
- *out = s + done;
+ len = done + inlen * 2;
+ s = xrealloc (s, len + 1);
+ *out = s + done - outlen;
+ outlen += inlen * 2;
}
else /* Weird, we got an unspecified error */
{

9
SPECS/wget.spec
View File

@ -1,7 +1,7 @@
Summary: A utility for retrieving files using the HTTP or FTP protocols
Name: wget
Version: 1.19.5
Release: 7%{?dist}
Release: 7%{?dist}.1
License: GPLv3+
Group: Applications/Internet
Url: http://www.gnu.org/software/wget/
@ -14,6 +14,9 @@ Patch4: wget-1.19.5-Add-TLS-1.3-support-for-GnuTLS.patch
Patch5: wget-1.19.5-Enable-post-handshake-auth-under-gnutls-on-TLS1.3.patch
Patch6: wget-1.19.5-Dont-use-extended-attributes---xattr-by-default.patch
Patch7: wget-1.19.5-Dont-save-userpw-with---xattr.patch
# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17
Patch8: wget-1.19.5-CVE-2019-5953.patch
Provides: webclient
Provides: bundled(gnulib)
@ -46,6 +49,7 @@ grep "PACKAGE_STRING='wget .* (Red Hat modified)'" configure || exit 1
%patch5 -p1 -b .post_auth_tls13
%patch6 -p1 -b .no_xattr_by_default
%patch7 -p1 -b .no_userpw_in_xattr
%patch8 -p1 -b .CVE-2019-5953
%build
%configure \
@ -92,6 +96,9 @@ rm -rf $RPM_BUILD_ROOT
%{_infodir}/*
%changelog
* Sun Apr 07 2019 Tomas Hozza <thozza@redhat.com> - 1.19.5-7.1
- Fix CVE-2019-5953 (#1696735)
* Thu Jan 10 2019 Tomas Hozza <thozza@redhat.com> - 1.19.5-7
- Fix information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)