On Tue Oct 31, 2017 at 12:20:26PM +0100, Rafael Sadowski wrote: > Hi All, > > Update Wget to the latest stable version 1.19.1. This version includes > the following CVE patches: > > "Fix stack overflow in HTTP protocol handling (CVE-2017-13089)" > http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f > > "Fix heap overflow in HTTP protocol handling (CVE-2017-13090)" > http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba > > 1.19.1 provide only .tar.lz and tar.gz. Since we don't support *.lz, I > have decided to *.gz > > Also please find attached a diff for -stable. >
Forget the attachment, so here it is inline: Index: Makefile =================================================================== RCS file: /cvs/ports/net/wget/Makefile,v retrieving revision 1.72 diff -u -p -u -p -r1.72 Makefile --- Makefile 22 Feb 2017 02:49:25 -0000 1.72 +++ Makefile 31 Oct 2017 11:09:04 -0000 @@ -4,6 +4,7 @@ COMMENT = retrieve files from the web vi DISTNAME = wget-1.19.1 CATEGORIES = net +REVISION = 0 HOMEPAGE = https://www.gnu.org/software/wget/ Index: patches/patch-src_http_c =================================================================== RCS file: patches/patch-src_http_c diff -N patches/patch-src_http_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_http_c 31 Oct 2017 11:09:04 -0000 @@ -0,0 +1,16 @@ +$OpenBSD$ +Fix stack overflow in HTTP protocol handling (CVE-2017-13089) +Commit from upstream d892291fb8ace4c3b734ea5125770989c215df3f +Index: src/http.c +--- src/http.c.orig ++++ src/http.c +@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked) + remaining_chunk_size = strtol (line, &endl, 16); + xfree (line); + ++ if (remaining_chunk_size < 0) ++ return false; ++ + if (remaining_chunk_size == 0) + { + line = fd_read_line (fd); Index: patches/patch-src_retr_c =================================================================== RCS file: patches/patch-src_retr_c diff -N patches/patch-src_retr_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_retr_c 31 Oct 2017 11:09:04 -0000 @@ -0,0 +1,19 @@ +$OpenBSD$ +Fix heap overflow in HTTP protocol handling (CVE-2017-13090) +Commit from upstream ba6b44f6745b14dce414761a8e4b35d31b176bba +Index: src/retr.c +--- src/retr.c.orig ++++ src/retr.c +@@ -320,6 +320,12 @@ fd_read_body (const char *downloaded_filename, int fd, + remaining_chunk_size = strtol (line, &endl, 16); + xfree (line); + ++ if (remaining_chunk_size < 0) ++ { ++ ret = -1; ++ break; ++ } ++ + if (remaining_chunk_size == 0) + { + ret = 0;