CVS commit: pkgsrc/net/wget

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/net/wget
From: "Tim Zingelman" <tez%netbsd.org@localhost>
Date: Thu, 26 Oct 2017 15:01:39 +0000

Module Name:    pkgsrc
Committed By:   tez
Date:           Thu Oct 26 15:01:39 UTC 2017

Modified Files:
        pkgsrc/net/wget: Makefile distinfo
Added Files:
        pkgsrc/net/wget/patches: patch-CVE-2017-13089 patch-CVE-2017-13090

Log Message:
wget: patches for VE-2017-13089 and CVE-2017-13090


To generate a diff of this commit:
cvs rdiff -u -r1.135 -r1.136 pkgsrc/net/wget/Makefile
cvs rdiff -u -r1.54 -r1.55 pkgsrc/net/wget/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/net/wget/patches/patch-CVE-2017-13089 \
    pkgsrc/net/wget/patches/patch-CVE-2017-13090

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/wget/Makefile
diff -u pkgsrc/net/wget/Makefile:1.135 pkgsrc/net/wget/Makefile:1.136
--- pkgsrc/net/wget/Makefile:1.135      Mon May 15 05:10:09 2017
+++ pkgsrc/net/wget/Makefile    Thu Oct 26 15:01:38 2017
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.135 2017/05/15 05:10:09 kim Exp $
+# $NetBSD: Makefile,v 1.136 2017/10/26 15:01:38 tez Exp $
 
 DISTNAME=      wget-1.19.1
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    net
 MASTER_SITES=  ${MASTER_SITE_GNU:=wget/}
 EXTRACT_SUFX=  .tar.xz

Index: pkgsrc/net/wget/distinfo
diff -u pkgsrc/net/wget/distinfo:1.54 pkgsrc/net/wget/distinfo:1.55
--- pkgsrc/net/wget/distinfo:1.54       Mon May 15 05:10:09 2017
+++ pkgsrc/net/wget/distinfo    Thu Oct 26 15:01:38 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.54 2017/05/15 05:10:09 kim Exp $
+$NetBSD: distinfo,v 1.55 2017/10/26 15:01:38 tez Exp $
 
 SHA1 (4d729e322fae359a1aefaafec1144764a54e8ad4) = 95acf2c162f0e413c40c5881940daafff2cca9bb
 RMD160 (4d729e322fae359a1aefaafec1144764a54e8ad4) = 41f0ac16a00f0837045120d1b65fd0e86c5c8618
@@ -8,4 +8,6 @@ SHA1 (wget-1.19.1.tar.xz) = cde25e99c144
 RMD160 (wget-1.19.1.tar.xz) = 158d759b81c0893cc9c83e4beabb104f4987f6dd
 SHA512 (wget-1.19.1.tar.xz) = 00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5
 Size (wget-1.19.1.tar.xz) = 2111756 bytes
+SHA1 (patch-CVE-2017-13089) = 4dc004441198b6ae1cb2fb07eb6db3d55a007d1a
+SHA1 (patch-CVE-2017-13090) = ad77c0406bb0e08979067649f93f5fa07328a1ea
 SHA1 (patch-doc_wget.texi) = 6db25b3500ff4617b5ade34d9013b1f9876104f8

Added files:

Index: pkgsrc/net/wget/patches/patch-CVE-2017-13089
diff -u /dev/null pkgsrc/net/wget/patches/patch-CVE-2017-13089:1.1
--- /dev/null   Thu Oct 26 15:01:39 2017
+++ pkgsrc/net/wget/patches/patch-CVE-2017-13089        Thu Oct 26 15:01:38 2017
@@ -0,0 +1,36 @@
+$NetBSD: patch-CVE-2017-13089,v 1.1 2017/10/26 15:01:38 tez Exp $
+
+From 3dbc2e06ad487862c2fcc64d4891ff8aeb254bad Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen%gmx.de@localhost>
+Date: Fri, 20 Oct 2017 10:59:38 +0200
+Subject: [PATCH 1/2] Fix stack overflow in HTTP protocol handling
+ (CVE-2017-13089)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* src/http.c (skip_short_body): Return error on negative chunk size
+
+Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
+Reported-by: Juhani Eronen from Finnish National Cyber Security Centre
+---
+ src/http.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/http.c b/src/http.c
+index 55367688..dc318231 100644
+--- src/http.c
++++ src/http.c
+@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked)
+               remaining_chunk_size = strtol (line, &endl, 16);
+               xfree (line);
+ 
++              if (remaining_chunk_size < 0)
++                return false;
++
+               if (remaining_chunk_size == 0)
+                 {
+                   line = fd_read_line (fd);
+-- 
+2.15.0.rc1
+
Index: pkgsrc/net/wget/patches/patch-CVE-2017-13090
diff -u /dev/null pkgsrc/net/wget/patches/patch-CVE-2017-13090:1.1
--- /dev/null   Thu Oct 26 15:01:39 2017
+++ pkgsrc/net/wget/patches/patch-CVE-2017-13090        Thu Oct 26 15:01:38 2017
@@ -0,0 +1,39 @@
+$NetBSD: patch-CVE-2017-13090,v 1.1 2017/10/26 15:01:38 tez Exp $
+
+From 28925c37b72867c0819799c6f35caf9439080f83 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen%gmx.de@localhost>
+Date: Fri, 20 Oct 2017 15:15:47 +0200
+Subject: [PATCH 2/2] Fix heap overflow in HTTP protocol handling
+ (CVE-2017-13090)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* src/retr.c (fd_read_body): Stop processing on negative chunk size
+
+Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
+Reported-by: Juhani Eronen from Finnish National Cyber Security Centre
+---
+ src/retr.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/retr.c b/src/retr.c
+index a27d58af..723ac725 100644
+--- src/retr.c
++++ src/retr.c
+@@ -378,6 +378,12 @@ fd_read_body (const char *downloaded_filename, int fd, FILE *out, wgint toread,
+               remaining_chunk_size = strtol (line, &endl, 16);
+               xfree (line);
+ 
++              if (remaining_chunk_size < 0)
++                {
++                  ret = -1;
++                  break;
++                }
++
+               if (remaining_chunk_size == 0)
+                 {
+                   ret = 0;
+-- 
+2.15.0.rc1
+

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index