rpms/wget/FC-6 wget-1.10.2-CVE-2006-6719.patch, NONE, 1.1 wget-1.10.2-retry186195.patch, NONE, 1.1 wget.spec, 1.50, 1.51

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Jan 10 10:11:39 UTC 2007 

Author: karsten

Update of /cvs/dist/rpms/wget/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv31861

Modified Files:
	wget.spec 
Added Files:
	wget-1.10.2-CVE-2006-6719.patch wget-1.10.2-retry186195.patch 
Log Message:
- add disttag
- fix bugzilla #186195
- fix CVE-2006-6719



wget-1.10.2-CVE-2006-6719.patch:
 ftp-basic.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletion(-)

--- NEW FILE wget-1.10.2-CVE-2006-6719.patch ---
Fixes NULL pointer dereference (CVE-2006-6719) (bz #221483)

--- wget-1.10.2/src/ftp-basic.c.orig	2007-01-04 19:30:31.000000000 +0100
+++ wget-1.10.2/src/ftp-basic.c	2007-01-04 19:31:48.000000000 +0100
@@ -1038,7 +1038,9 @@ ftp_syst (int csock, enum stype *server_
      first word of the server response)?  */
   request = strtok (NULL, " ");
 
-  if (!strcasecmp (request, "VMS"))
+  if (request == NULL)
+    *server_type = ST_OTHER;
+  else if (!strcasecmp (request, "VMS"))
     *server_type = ST_VMS;
   else if (!strcasecmp (request, "UNIX"))
     *server_type = ST_UNIX;

wget-1.10.2-retry186195.patch:
 ftp.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE wget-1.10.2-retry186195.patch ---
--- wget-1.10.2/src/ftp.c.186195	2006-12-08 12:15:20.000000000 +0100
+++ wget-1.10.2/src/ftp.c	2006-12-08 12:17:02.000000000 +0100
@@ -1172,7 +1172,7 @@
 	len = 0;
       err = getftp (u, &len, restval, con);
 
-      if (con->csock != -1)
+      if (con->csock == -1)
 	con->st &= ~DONE_CWD;
       else
 	con->st |= DONE_CWD;


Index: wget.spec
===================================================================
RCS file: /cvs/dist/rpms/wget/FC-6/wget.spec,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- wget.spec	7 Dec 2006 13:09:41 -0000	1.50
+++ wget.spec	10 Jan 2007 10:11:37 -0000	1.51
@@ -1,7 +1,7 @@
 Summary: A utility for retrieving files using the HTTP or FTP protocols.
 Name: wget
 Version: 1.10.2
-Release: 8
+Release: 8%{?dist}.1
 License: GPL
 Group: Applications/Internet
 Url: http://wget.sunsite.dk/
@@ -13,6 +13,8 @@
 Patch5: wget-1.10.1-helpfix.patch
 Patch6: wget-1.10.2-to11.patch
 Patch7: wget-1.10.2-218211.patch
+Patch8: wget-1.10.2-retry186195.patch
+Patch9: wget-1.10.2-CVE-2006-6719.patch
 Provides: webclient
 Prereq: /sbin/install-info
 BuildRequires: perl, openssl-devel, pkgconfig, texinfo, gettext, autoconf
@@ -35,6 +37,8 @@
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
+%patch9 -p1
 
 cp %{SOURCE2} $RPM_BUILD_DIR/wget-%{version}/po/de.po
 chmod a+x doc/texi2pod.pl
@@ -73,6 +77,11 @@
 %{_infodir}/*
 
 %changelog
+* Wed Jan 10 2007 Karsten Hopp <karsten at redhat.com> 1.10.2-8.1
+- add disttag
+- fix bugzilla #186195
+- fix CVE-2006-6719
+
 * Thu Dec 07 2006 Karsten Hopp <karsten at redhat.com> 1.10.2-8
 - Resolves: #218211
   fix double free corruption

More information about the fedora-cvs-commits mailing list