new file mode 100644

@@ -0,0 +1,33 @@

+From d892291fb8ace4c3b734ea5125770989c215df3f Mon Sep 17 00:00:00 2001

+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>

+Date: Fri, 20 Oct 2017 10:59:38 +0200

+Subject: Fix stack overflow in HTTP protocol handling (CVE-2017-13089)

+MIME-Version: 1.0

+Content-Type: text/plain; charset=UTF-8

+Content-Transfer-Encoding: 8bit

+

+* src/http.c (skip_short_body): Return error on negative chunk size

+

+Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint

+Reported-by: Juhani Eronen from Finnish National Cyber Security Centre

+---

+ src/http.c | 3 +++

+ 1 file changed, 3 insertions(+)

+

+diff --git a/src/http.c b/src/http.c

+index 5536768..dc31823 100644

+--- a/src/http.c

+@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked)

+               remaining_chunk_size = strtol (line, &endl, 16);

+               xfree (line);

+ 

++              if (remaining_chunk_size < 0)

++                return false;

++

+               if (remaining_chunk_size == 0)

+                 {

+                   line = fd_read_line (fd);

+-- 

+cgit v1.0-41-gc330

+

new file mode 100644

@@ -0,0 +1,36 @@

+From ba6b44f6745b14dce414761a8e4b35d31b176bba Mon Sep 17 00:00:00 2001

+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>

+Date: Fri, 20 Oct 2017 15:15:47 +0200

+Subject: Fix heap overflow in HTTP protocol handling (CVE-2017-13090)

+MIME-Version: 1.0

+Content-Type: text/plain; charset=UTF-8

+Content-Transfer-Encoding: 8bit

+

+* src/retr.c (fd_read_body): Stop processing on negative chunk size

+

+Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint

+Reported-by: Juhani Eronen from Finnish National Cyber Security Centre

+---

+ src/retr.c | 6 ++++++

+ 1 file changed, 6 insertions(+)

+

+diff --git a/src/retr.c b/src/retr.c

+index c1bc600..6555ed4 100644

+--- a/src/retr.c

+@@ -378,6 +378,12 @@ fd_read_body (const char *downloaded_filename, int fd, FILE *out, wgint toread,

+               remaining_chunk_size = strtol (line, &endl, 16);

+               xfree (line);

+ 

++              if (remaining_chunk_size < 0)

++                {

++                  ret = -1;

++                  break;

++                }

++

+               if (remaining_chunk_size == 0)

+                 {

+                   ret = 0;

+-- 

+cgit v1.0-41-gc330

+

@@ -1,7 +1,7 @@

 Summary:        A network utility to retrieve files from the Web

 Name:           wget

 Version:        1.19.1

-Release:        2%{?dist}

+Release:        3%{?dist}

 License:        GPLv3+

 URL:            http://www.gnu.org/software/wget/wget.html

 Group:          System Environment/NetworkingPrograms

@@ -9,6 +9,8 @@ Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        ftp://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz

 %define sha1    wget=cde25e99c144191644406793cbd1c69c102c6970

+Patch0:         wget-CVE-2017-13089.patch

+Patch1:         wget-CVE-2017-13090.patch

 Requires:       openssl

 BuildRequires:  openssl-devel

 %if %{with_check}

@@ -20,6 +22,8 @@ The Wget package contains a utility useful for non-interactive

 downloading of files from the Web.

 %prep

 %setup -q

+%patch0 -p1

+%patch1 -p1

 %build

 ./configure \

@@ -56,6 +60,8 @@ rm -rf %{buildroot}/*

 %{_bindir}/*

 %{_mandir}/man1/*

 %changelog

+*   Mon Nov 20 2017 Xiaolin Li <xiaolinl@vmware.com> 1.19.1-3

+-   Fix CVE-2017-13089 and CVE-2017-13090

 *   Wed Aug 09 2017 Dheeraj Shetty <dheerajs@vmware.com> 1.19.1-2

 -   Install HTTP::Daemon perl module for the tests to pass.

 *   Wed Apr 05 2017 Xiaolin Li <xiaolinl@vmware.com> 1.19.1-1