Change-Id: Id1ae8eb30993af55f15249edee08eb52d88fd196
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4537
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,22 @@ |
0 |
+diff --git a/src/url.c b/src/url.c |
|
1 |
+index 8f8ff0b..7d36b27 100644 |
|
2 |
+--- a/src/url.c |
|
3 |
+@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode) |
|
4 |
+ url_unescape (u->host); |
|
5 |
+ host_modified = true; |
|
6 |
+ |
|
7 |
++ /* check for invalid control characters in host name */ |
|
8 |
++ for (p = u->host; *p; p++) |
|
9 |
++ { |
|
10 |
++ if (c_iscntrl(*p)) |
|
11 |
++ { |
|
12 |
++ url_free(u); |
|
13 |
++ error_code = PE_INVALID_HOST_NAME; |
|
14 |
++ goto error; |
|
15 |
++ } |
|
16 |
++ } |
|
17 |
++ |
|
18 |
+ /* Apply IDNA regardless of iri->utf8_encode status */ |
|
19 |
+ if (opt.enable_iri && iri) |
|
20 |
+ { |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: A network utility to retrieve files from the Web |
2 | 2 |
Name: wget |
3 | 3 |
Version: 1.19.1 |
4 |
-Release: 3%{?dist} |
|
4 |
+Release: 4%{?dist} |
|
5 | 5 |
License: GPLv3+ |
6 | 6 |
URL: http://www.gnu.org/software/wget/wget.html |
7 | 7 |
Group: System Environment/NetworkingPrograms |
... | ... |
@@ -11,6 +11,7 @@ Source0: ftp://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz |
11 | 11 |
%define sha1 wget=cde25e99c144191644406793cbd1c69c102c6970 |
12 | 12 |
Patch0: wget-CVE-2017-13089.patch |
13 | 13 |
Patch1: wget-CVE-2017-13090.patch |
14 |
+Patch2: wget-CVE-2017-6508.patch |
|
14 | 15 |
Requires: openssl |
15 | 16 |
BuildRequires: openssl-devel |
16 | 17 |
%if %{with_check} |
... | ... |
@@ -24,6 +25,7 @@ downloading of files from the Web. |
24 | 24 |
%setup -q |
25 | 25 |
%patch0 -p1 |
26 | 26 |
%patch1 -p1 |
27 |
+%patch2 -p1 |
|
27 | 28 |
|
28 | 29 |
%build |
29 | 30 |
./configure \ |
... | ... |
@@ -60,6 +62,8 @@ rm -rf %{buildroot}/* |
60 | 60 |
%{_bindir}/* |
61 | 61 |
%{_mandir}/man1/* |
62 | 62 |
%changelog |
63 |
+* Tue Dec 19 2017 Xiaolin Li <xiaolinl@vmware.com> 1.19.1-4 |
|
64 |
+- Fix CVE-2017-6508 |
|
63 | 65 |
* Mon Nov 20 2017 Xiaolin Li <xiaolinl@vmware.com> 1.19.1-3 |
64 | 66 |
- Fix CVE-2017-13089 and CVE-2017-13090 |
65 | 67 |
* Wed Aug 09 2017 Dheeraj Shetty <dheerajs@vmware.com> 1.19.1-2 |