diff --git a/create_image-Sanitize-input-param-dl_total_time.patch b/create_image-Sanitize-input-param-dl_total_time.patch new file mode 100644 index 0000000..31fd210 --- /dev/null +++ b/create_image-Sanitize-input-param-dl_total_time.patch @@ -0,0 +1,30 @@ +From 0179138fe58134dec9abe77220d683c7dbb105e6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= +Date: Wed, 11 Dec 2019 12:29:54 +0100 +Subject: [PATCH] * src/progress.c (create_image): Sanitize input param + 'dl_total_time' + +--- + src/progress.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/progress.c b/src/progress.c +index 1db94546..574a035e 100644 +--- a/src/progress.c ++++ b/src/progress.c +@@ -950,6 +950,12 @@ create_image (struct bar_progress *bp, double dl_total_time, bool done) + if (progress_size < 5) + progress_size = 0; + ++ // sanitize input ++ if (dl_total_time >= INT_MAX) ++ dl_total_time = INT_MAX - 1; ++ else if (dl_total_time < 0) ++ dl_total_time = 0; ++ + if (orig_filename_cols <= MAX_FILENAME_COLS) + { + padding = MAX_FILENAME_COLS - orig_filename_cols; +-- +2.19.1.windows.1 + diff --git a/wget.spec b/wget.spec index dde6661..82b85eb 100644 --- a/wget.spec +++ b/wget.spec @@ -1,11 +1,13 @@ Name: wget Version: 1.20.3 -Release: 1 +Release: 2 Summary: A package for retrieving files using HTTP, HTTPS, FTP and FTPS the most widely-used Internet protocols. License: GPLv3+ Url: http://www.gnu.org/software/wget/ Source: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.gz +Patch6000: create_image-Sanitize-input-param-dl_total_time.patch + Provides: webclient bundled(gnulib) BuildRequires: perl-HTTP-Daemon python3 libuuid-devel perl-podlators libpsl-devel libmetalink-devel BuildRequires: gnutls-devel pkgconfig texinfo gettext autoconf libidn2-devel gpgme-devel zlib-devel @@ -52,6 +54,12 @@ make check %{_infodir}/* %changelog +* Thu Apr 23 2020 openEuler Buildteam - 1.20.3-2 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Sanitize input param dl_total_time + * Sat Jan 11 2020 openEuler Buildteam - 1.20.3-1 - Type:NA - ID:NA