Okay, I will merge this one, but there is no need to follow wget really closely and patch every bug unless someone runs into it. They had quite a number of severe security issues, hence I was asking. Best, -Michael On Wed, 2018-05-09 at 19:36 +0200, Matthias Fischer wrote: > Hi, > > On 09.05.2018 13:14, Michael Tremer wrote: > > Hi, > > > > are any of these security-relevant? > > I'm not sure - I read this discussion on bug-wget(a)gnu.org: > > ***SNIP*** > On 05/08/2018 09:16 AM, Josef Moellers wrote: > > > Hi, > > > > > > While trying to upgrade to 1.19.5, we found a bug in wget > > > (src/host.c) > > > where the (non-existing) return value of a void function is assigned > > > to > > > a variable. > > > > > > A patch is appended. > > Thanks, > > setting timer to NULL is not needed here. > > I'll amended and pushed the patch. > > With Best Regards, Tim > ***SNAP*** > > Being curious, I looked at http://git.savannah.gnu.org/cgit/wget.git, > found the two other patches and thought they could be of help. > > Unfortunately, I can'T judge what effects these bugs have or why they > where added. By now, they're undocumented. > > Best, > Matthias > > > Best, > > -Michael > > > > On Tue, 2018-05-08 at 20:05 +0200, Matthias Fischer wrote: > > > For details see: > > > http://git.savannah.gnu.org/cgit/wget.git > > > > > > Best, > > > Matthias > > > > > > Signed-off-by: Matthias Fischer > > > --- > > > lfs/wget | 4 +++ > > > ...1-src_hosts_c_remove_void_assignment.patch | 13 +++++++++ > > > .../02-src_version_h_add_header_guard.patch | 20 +++++++++++++ > > > .../wget/03-src_hsts_h_fix_header_guard.patch | 29 +++++++++++++++++++ > > > 4 files changed, 66 insertions(+) > > > create mode 100644 src/patches/wget/01- > > > src_hosts_c_remove_void_assignment.patch > > > create mode 100644 src/patches/wget/02- > > > src_version_h_add_header_guard.patch > > > create mode 100644 src/patches/wget/03-src_hsts_h_fix_header_guard.patch > > > > > > diff --git a/lfs/wget b/lfs/wget > > > index 39f59ba80..f753bef1a 100644 > > > --- a/lfs/wget > > > +++ b/lfs/wget > > > @@ -71,6 +71,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > > > @$(PREBUILD) > > > @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf > > > $(DIR_DL)/$(DL_FILE) > > > > > > + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/wget/01- > > > src_hosts_c_remove_void_assignment.patch > > > + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/wget/02- > > > src_version_h_add_header_guard.patch > > > + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/wget/03- > > > src_hsts_h_fix_header_guard.patch > > > + > > > cd $(DIR_APP) && ./configure \ > > > --prefix=/usr \ > > > --sysconfdir=/etc \ > > > diff --git a/src/patches/wget/01-src_hosts_c_remove_void_assignment.patch > > > b/src/patches/wget/01-src_hosts_c_remove_void_assignment.patch > > > new file mode 100644 > > > index 000000000..ba488571c > > > --- /dev/null > > > +++ b/src/patches/wget/01-src_hosts_c_remove_void_assignment.patch > > > @@ -0,0 +1,13 @@ > > > +diff --git a/src/host.c b/src/host.c > > > +index 4597f46..b42cd6e 100644 > > > +--- a/src/host.c > > > ++++ b/src/host.c > > > +@@ -732,7 +732,7 @@ wait_ares (ares_channel channel) > > > + ares_process (channel, &read_fds, &write_fds); > > > + } > > > + if (timer) > > > +- timer = ptimer_destroy (timer); > > > ++ ptimer_destroy (timer); > > > + } > > > + > > > + static void > > > diff --git a/src/patches/wget/02-src_version_h_add_header_guard.patch > > > b/src/patches/wget/02-src_version_h_add_header_guard.patch > > > new file mode 100644 > > > index 000000000..5fd75b975 > > > --- /dev/null > > > +++ b/src/patches/wget/02-src_version_h_add_header_guard.patch > > > @@ -0,0 +1,20 @@ > > > +diff --git a/src/version.h b/src/version.h > > > +index aeae086..ee40bb1 100644 > > > +--- a/src/version.h > > > ++++ b/src/version.h > > > +@@ -27,6 +27,9 @@ Corresponding Source for a non-source form of such a > > > combination > > > + shall include the source code for the parts of OpenSSL used as well > > > + as that of the covered work. */ > > > + > > > ++#ifndef WGET_VERSION_H > > > ++#define WGET_VERSION_H > > > ++ > > > + /* Extern declarations for strings in version.c */ > > > + extern const char *version_string; > > > + extern const char *compilation_string; > > > +@@ -34,3 +37,5 @@ extern const char *link_string; > > > + > > > + /* Extern declaration for string in build_info.c */ > > > + extern const char *compiled_features[]; > > > ++ > > > ++#endif /* WGET_VERSION_H */ > > > diff --git a/src/patches/wget/03-src_hsts_h_fix_header_guard.patch > > > b/src/patches/wget/03-src_hsts_h_fix_header_guard.patch > > > new file mode 100644 > > > index 000000000..786d28851 > > > --- /dev/null > > > +++ b/src/patches/wget/03-src_hsts_h_fix_header_guard.patch > > > @@ -0,0 +1,29 @@ > > > +diff --git a/src/hsts.h b/src/hsts.h > > > +index 257f0b0..0065d9f 100644 > > > +--- a/src/hsts.h > > > ++++ b/src/hsts.h > > > +@@ -26,13 +26,13 @@ grants you additional permission to convey the > > > resulting > > > work. > > > + Corresponding Source for a non-source form of such a combination > > > + shall include the source code for the parts of OpenSSL used as well > > > + as that of the covered work. */ > > > +-#include "wget.h" > > > + > > > +-#ifdef HAVE_HSTS > > > ++#ifndef WGET_HSTS_H > > > ++#define WGET_HSTS_H > > > + > > > +-#ifndef HSTS_H > > > +-#define HSTS_H > > > ++#ifdef HAVE_HSTS > > > + > > > ++#include "wget.h" > > > + #include "url.h" > > > + > > > + typedef struct hsts_store *hsts_store_t; > > > +@@ -48,5 +48,5 @@ bool hsts_store_entry (hsts_store_t, > > > + time_t, bool); > > > + bool hsts_match (hsts_store_t, struct url *); > > > + > > > +-#endif /* HSTS_H */ > > > + #endif /* HAVE_HSTS */ > > > ++#endif /* WGET_HSTS_H */ > >