From 0ca6fab31f0030ce0149ec67e9b759246ba2dd4caa80276a4f75946e7c0a45ef Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Wed, 25 Oct 2017 16:00:50 +0000 Subject: [PATCH] Updating link to change in openSUSE:Factory/wget revision 49.0 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=67ab3e42ff8956d7492283b54cdad5f8 --- ...on-negative-chunksize-CVE-2017-13089.patch | 31 ----------------- ...on-negative-chunksize-CVE-2017-13090.patch | 34 ------------------- wget.changes | 9 ----- wget.spec | 4 --- 4 files changed, 78 deletions(-) delete mode 100644 wget-stack-overflow-on-negative-chunksize-CVE-2017-13089.patch delete mode 100644 wget-stack-overflow-on-negative-chunksize-CVE-2017-13090.patch diff --git a/wget-stack-overflow-on-negative-chunksize-CVE-2017-13089.patch b/wget-stack-overflow-on-negative-chunksize-CVE-2017-13089.patch deleted file mode 100644 index e6206b2..0000000 --- a/wget-stack-overflow-on-negative-chunksize-CVE-2017-13089.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 3dbc2e06ad487862c2fcc64d4891ff8aeb254bad Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Tim=20R=C3=BChsen?= -Date: Fri, 20 Oct 2017 10:59:38 +0200 -Subject: [PATCH 1/2] Fix stack overflow in HTTP protocol handling - (CVE-2017-13089) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -* src/http.c (skip_short_body): Return error on negative chunk size - -Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint -Reported-by: Juhani Eronen from Finnish National Cyber Security Centre ---- - src/http.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/http.c b/src/http.c -index 55367688..dc318231 100644 ---- a/src/http.c -+++ b/src/http.c -@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked) - remaining_chunk_size = strtol (line, &endl, 16); - xfree (line); - -+ if (remaining_chunk_size < 0) -+ return false; -+ - if (remaining_chunk_size == 0) - { - line = fd_read_line (fd); diff --git a/wget-stack-overflow-on-negative-chunksize-CVE-2017-13090.patch b/wget-stack-overflow-on-negative-chunksize-CVE-2017-13090.patch deleted file mode 100644 index 4017545..0000000 --- a/wget-stack-overflow-on-negative-chunksize-CVE-2017-13090.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 28925c37b72867c0819799c6f35caf9439080f83 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Tim=20R=C3=BChsen?= -Date: Fri, 20 Oct 2017 15:15:47 +0200 -Subject: [PATCH 2/2] Fix heap overflow in HTTP protocol handling - (CVE-2017-13090) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -* src/retr.c (fd_read_body): Stop processing on negative chunk size - -Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint -Reported-by: Juhani Eronen from Finnish National Cyber Security Centre ---- - src/retr.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/retr.c b/src/retr.c -index a27d58af..723ac725 100644 ---- a/src/retr.c -+++ b/src/retr.c -@@ -378,6 +378,12 @@ fd_read_body (const char *downloaded_filename, int fd, FILE *out, wgint toread, - remaining_chunk_size = strtol (line, &endl, 16); - xfree (line); - -+ if (remaining_chunk_size < 0) -+ { -+ ret = -1; -+ break; -+ } -+ - if (remaining_chunk_size == 0) - { - ret = 0; diff --git a/wget.changes b/wget.changes index 51071ac..5175d3b 100644 --- a/wget.changes +++ b/wget.changes @@ -1,12 +1,3 @@ -------------------------------------------------------------------- -Tue Oct 24 07:07:32 UTC 2017 - josef.moellers@suse.com - -- Fixed two stack overflow vulnerabilities if a chunksize is - negative. - [bsc#1064715,wget-stack-overflow-on-negative-chunksize-CVE-2017-13089.patch, - bsc#1064716,wget-stack-overflow-on-negative-chunksize-CVE-2017-13090.patch, - CVE-2017-13089,CVE-2017-13090] - ------------------------------------------------------------------- Thu Sep 21 06:45:00 UTC 2017 - josef.moellers@suse.com diff --git a/wget.spec b/wget.spec index a8d084f..8ae3839 100644 --- a/wget.spec +++ b/wget.spec @@ -35,8 +35,6 @@ Patch7: wget-fix-pod-syntax.diff Patch8: wget-errno-clobber.patch Patch9: wget-CVE-2017-6508.patch Patch10: wget-416-but-file-not-complete.patch -Patch11: wget-stack-overflow-on-negative-chunksize-CVE-2017-13089.patch -Patch12: wget-stack-overflow-on-negative-chunksize-CVE-2017-13090.patch BuildRequires: automake BuildRequires: gpgme-devel >= 0.4.2 BuildRequires: libcares-devel @@ -85,8 +83,6 @@ This can be done in script files or via the command line. %patch8 -p1 %patch9 -p1 %patch10 -p1 -%patch11 -p1 -%patch12 -p1 %build %if 0%{?suse_version} > 1110