OBS User unknown 2007-03-28 23:01:25 +00:00 committed by Git OBS Bridge
parent 7fba2a2446
commit fb41fcc519
3 changed files with 29 additions and 4 deletions

16
wget-CVE-2006-6719.patch Normal file
View File

@ -0,0 +1,16 @@
Fixes NULL pointer dereference (CVE-2006-6719)
================================================================================
--- src/ftp-basic.c
+++ src/ftp-basic.c
@@ -1039,7 +1039,9 @@
first word of the server response)? */
request = strtok (NULL, " ");
- if (!strcasecmp (request, "VMS"))
+ if (request == NULL)
+ *server_type = ST_OTHER;
+ else if (!strcasecmp (request, "VMS"))
*server_type = ST_VMS;
else if (!strcasecmp (request, "UNIX"))
*server_type = ST_UNIX;

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Wed Mar 28 19:13:11 CEST 2007 - max@suse.de
- Fixes a null pointer dereference (#231063, CVE-2006-6719)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jun 22 14:53:07 CEST 2006 - max@suse.de Thu Jun 22 14:53:07 CEST 2006 - max@suse.de

View File

@ -1,7 +1,7 @@
# #
# spec file for package wget (Version 1.10.2) # spec file for package wget (Version 1.10.2)
# #
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine # This file and all modifications and additions to the pristine
# package are under the same license as the package itself. # package are under the same license as the package itself.
# #
@ -13,11 +13,11 @@
Name: wget Name: wget
BuildRequires: libpng-devel openssl-devel BuildRequires: libpng-devel openssl-devel
URL: http://wget.sunsite.dk/ URL: http://wget.sunsite.dk/
License: GPL License: GNU General Public License (GPL)
Group: Productivity/Networking/Web/Utilities Group: Productivity/Networking/Web/Utilities
Autoreqprov: on Autoreqprov: on
Version: 1.10.2 Version: 1.10.2
Release: 15 Release: 46
Summary: A Tool for Mirroring FTP and HTTP Servers Summary: A Tool for Mirroring FTP and HTTP Servers
Source: %name-%version.tar.bz2 Source: %name-%version.tar.bz2
Patch: nops_doc.diff Patch: nops_doc.diff
@ -28,6 +28,7 @@ Patch6: wget-1.10-fnmatch.diff
Patch7: wget-1.10.1-strict-aliasing.diff Patch7: wget-1.10.1-strict-aliasing.diff
Patch8: wget-ftp-restart.patch Patch8: wget-ftp-restart.patch
Patch9: wget-CAN-2004-1488.patch Patch9: wget-CAN-2004-1488.patch
Patch10: wget-CVE-2006-6719.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %install_info_prereq PreReq: %install_info_prereq
@ -51,6 +52,7 @@ Authors:
%patch7 -p1 %patch7 -p1
%patch8 %patch8
%patch9 %patch9
%patch10
rename no nb $RPM_BUILD_DIR/wget*/po/no.* rename no nb $RPM_BUILD_DIR/wget*/po/no.*
%build %build
@ -91,7 +93,9 @@ rm -rf $RPM_BUILD_ROOT;
%{_bindir}/* %{_bindir}/*
%{_datadir}/locale/*/*/* %{_datadir}/locale/*/*/*
%changelog -n wget %changelog
* Wed Mar 28 2007 - max@suse.de
- Fixes a null pointer dereference (#231063, CVE-2006-6719)
* Thu Jun 22 2006 - max@suse.de * Thu Jun 22 2006 - max@suse.de
- Removed the unneeded fix for CAN-2004-1487 - Removed the unneeded fix for CAN-2004-1487
(bugs #179369 and #185214). (bugs #179369 and #185214).