diff options
Diffstat (limited to '')
-rw-r--r-- | debian/patches/Fix-a-buffer-overflow-vulnerability.patch | 30 | ||||
-rw-r--r-- | debian/patches/series | 4 | ||||
-rw-r--r-- | debian/patches/wget-doc-remove-usr-local-in-sample.wgetrc | 22 | ||||
-rw-r--r-- | debian/patches/wget-doc-remove-usr-local-in-wget.texi | 43 | ||||
-rw-r--r-- | debian/patches/wget-passive_ftp-default | 12 |
5 files changed, 111 insertions, 0 deletions
diff --git a/debian/patches/Fix-a-buffer-overflow-vulnerability.patch b/debian/patches/Fix-a-buffer-overflow-vulnerability.patch new file mode 100644 index 0000000..d9a7f4c --- /dev/null +++ b/debian/patches/Fix-a-buffer-overflow-vulnerability.patch @@ -0,0 +1,30 @@ +From: Tim Ruehsen <tim.ruehsen@gmx.de> +Date: Fri, 5 Apr 2019 11:50:44 +0200 +Subject: Fix a buffer overflow vulnerability +Origin: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c, + https://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-5953 +Bug-Debian: https://bugs.debian.org/926389 + +* src/iri.c(do_conversion): Reallocate the output buffer to a larger + size if it is already full +--- + src/iri.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +--- a/src/iri.c ++++ b/src/iri.c +@@ -189,9 +189,10 @@ do_conversion (const char *tocode, const + { + tooshort++; + done = len; +- len = outlen = done + inlen * 2; +- s = xrealloc (s, outlen + 1); +- *out = s + done; ++ len = done + inlen * 2; ++ s = xrealloc (s, len + 1); ++ *out = s + done - outlen; ++ outlen += inlen * 2; + } + else /* Weird, we got an unspecified error */ + { diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..d8fccf9 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,4 @@ +wget-doc-remove-usr-local-in-sample.wgetrc +wget-doc-remove-usr-local-in-wget.texi +wget-passive_ftp-default +Fix-a-buffer-overflow-vulnerability.patch diff --git a/debian/patches/wget-doc-remove-usr-local-in-sample.wgetrc b/debian/patches/wget-doc-remove-usr-local-in-sample.wgetrc new file mode 100644 index 0000000..9224525 --- /dev/null +++ b/debian/patches/wget-doc-remove-usr-local-in-sample.wgetrc @@ -0,0 +1,22 @@ +corrects the wgetrc path from /usr/local/etc/ to /etc/wgetrc in the sample wgetrc + +--- a/doc/sample.wgetrc ++++ b/doc/sample.wgetrc +@@ -10,7 +10,7 @@ + ## Or online here: + ## https://www.gnu.org/software/wget/manual/wget.html#Startup-File + ## +-## Wget initialization file can reside in /usr/local/etc/wgetrc ++## Wget initialization file can reside in /etc/wgetrc + ## (global, for all users) or $HOME/.wgetrc (for a single user). + ## + ## To use the settings in this file, you will have to uncomment them, +@@ -19,7 +19,7 @@ + + + ## +-## Global settings (useful for setting up in /usr/local/etc/wgetrc). ++## Global settings (useful for setting up in /etc/wgetrc). + ## Think well before you change them, since they may reduce wget's + ## functionality, and make it behave contrary to the documentation: + ## diff --git a/debian/patches/wget-doc-remove-usr-local-in-wget.texi b/debian/patches/wget-doc-remove-usr-local-in-wget.texi new file mode 100644 index 0000000..ef664c2 --- /dev/null +++ b/debian/patches/wget-doc-remove-usr-local-in-wget.texi @@ -0,0 +1,43 @@ +corrects the wgetrc path from /usr/local/etc/ to /etc/wgetrc in the documentation + +--- a/doc/wget.texi 2011-08-06 12:22:58.000000000 +0200 ++++ b/doc/wget.texi 2011-08-12 14:13:35.000000000 +0200 +@@ -190,16 +190,16 @@ + Most of the features are fully configurable, either through command line + options, or via the initialization file @file{.wgetrc} (@pxref{Startup + File}). Wget allows you to define @dfn{global} startup files +-(@file{/usr/local/etc/wgetrc} by default) for site settings. You can also ++(@file{/etc/wgetrc} by default) for site settings. You can also + specify the location of a startup file with the --config option. + To disable the reading of config files, use --no-config. + If both --config and --no-config are given, --no-config is ignored. + + + @ignore + @c man begin FILES + @table @samp +-@item /usr/local/etc/wgetrc ++@item /etc/wgetrc + Default location of the @dfn{global} startup file. + + @item .wgetrc +@@ -2696,9 +2696,7 @@ + @cindex location of wgetrc + + When initializing, Wget will look for a @dfn{global} startup file, +-@file{/usr/local/etc/wgetrc} by default (or some prefix other than +-@file{/usr/local}, if Wget was not installed there) and read commands +-from there, if it exists. ++@file{/etc/wgetrc} by default and read commands from there, if it exists. + + Then it will look for the user's file. If the environmental variable + @code{WGETRC} is set, Wget will try to load that file. Failing that, no +@@ -2708,7 +2706,7 @@ + + The fact that user's settings are loaded after the system-wide ones + means that in case of collision user's wgetrc @emph{overrides} the +-system-wide wgetrc (in @file{/usr/local/etc/wgetrc} by default). ++system-wide wgetrc (in @file{//etc/wgetrc} by default). + Fascist admins, away! + + @node Wgetrc Syntax, Wgetrc Commands, Wgetrc Location, Startup File diff --git a/debian/patches/wget-passive_ftp-default b/debian/patches/wget-passive_ftp-default new file mode 100644 index 0000000..9ec28c8 --- /dev/null +++ b/debian/patches/wget-passive_ftp-default @@ -0,0 +1,12 @@ +make passive-ftp the default + +--- a/doc/sample.wgetrc ++++ b/doc/sample.wgetrc +@@ -43,6 +43,7 @@ + # problems supporting passive transfer. If you are in such + # environment, use "passive_ftp = off" to revert to active FTP. + #passive_ftp = off ++passive_ftp = on + + # The "wait" command below makes Wget wait between every connection. + # If, instead, you want Wget to wait only between retries of failed |