Hi, On 09.05.2018 13:14, Michael Tremer wrote: > Hi, > > are any of these security-relevant? I'm not sure - I read this discussion on bug-wget(a)gnu.org: ***SNIP*** On 05/08/2018 09:16 AM, Josef Moellers wrote: > > Hi, > > > > While trying to upgrade to 1.19.5, we found a bug in wget > > (src/host.c) > > where the (non-existing) return value of a void function is assigned > > to > > a variable. > > > > A patch is appended. Thanks, setting timer to NULL is not needed here. I'll amended and pushed the patch. With Best Regards, Tim ***SNAP*** Being curious, I looked at http://git.savannah.gnu.org/cgit/wget.git, found the two other patches and thought they could be of help. Unfortunately, I can'T judge what effects these bugs have or why they where added. By now, they're undocumented. Best, Matthias > Best, > -Michael > > On Tue, 2018-05-08 at 20:05 +0200, Matthias Fischer wrote: >> For details see: >> http://git.savannah.gnu.org/cgit/wget.git >> >> Best, >> Matthias >> >> Signed-off-by: Matthias Fischer >> --- >> lfs/wget | 4 +++ >> ...1-src_hosts_c_remove_void_assignment.patch | 13 +++++++++ >> .../02-src_version_h_add_header_guard.patch | 20 +++++++++++++ >> .../wget/03-src_hsts_h_fix_header_guard.patch | 29 +++++++++++++++++++ >> 4 files changed, 66 insertions(+) >> create mode 100644 src/patches/wget/01- >> src_hosts_c_remove_void_assignment.patch >> create mode 100644 src/patches/wget/02-src_version_h_add_header_guard.patch >> create mode 100644 src/patches/wget/03-src_hsts_h_fix_header_guard.patch >> >> diff --git a/lfs/wget b/lfs/wget >> index 39f59ba80..f753bef1a 100644 >> --- a/lfs/wget >> +++ b/lfs/wget >> @@ -71,6 +71,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >> @$(PREBUILD) >> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) >> >> + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/wget/01- >> src_hosts_c_remove_void_assignment.patch >> + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/wget/02- >> src_version_h_add_header_guard.patch >> + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/wget/03- >> src_hsts_h_fix_header_guard.patch >> + >> cd $(DIR_APP) && ./configure \ >> --prefix=/usr \ >> --sysconfdir=/etc \ >> diff --git a/src/patches/wget/01-src_hosts_c_remove_void_assignment.patch >> b/src/patches/wget/01-src_hosts_c_remove_void_assignment.patch >> new file mode 100644 >> index 000000000..ba488571c >> --- /dev/null >> +++ b/src/patches/wget/01-src_hosts_c_remove_void_assignment.patch >> @@ -0,0 +1,13 @@ >> +diff --git a/src/host.c b/src/host.c >> +index 4597f46..b42cd6e 100644 >> +--- a/src/host.c >> ++++ b/src/host.c >> +@@ -732,7 +732,7 @@ wait_ares (ares_channel channel) >> + ares_process (channel, &read_fds, &write_fds); >> + } >> + if (timer) >> +- timer = ptimer_destroy (timer); >> ++ ptimer_destroy (timer); >> + } >> + >> + static void >> diff --git a/src/patches/wget/02-src_version_h_add_header_guard.patch >> b/src/patches/wget/02-src_version_h_add_header_guard.patch >> new file mode 100644 >> index 000000000..5fd75b975 >> --- /dev/null >> +++ b/src/patches/wget/02-src_version_h_add_header_guard.patch >> @@ -0,0 +1,20 @@ >> +diff --git a/src/version.h b/src/version.h >> +index aeae086..ee40bb1 100644 >> +--- a/src/version.h >> ++++ b/src/version.h >> +@@ -27,6 +27,9 @@ Corresponding Source for a non-source form of such a >> combination >> + shall include the source code for the parts of OpenSSL used as well >> + as that of the covered work. */ >> + >> ++#ifndef WGET_VERSION_H >> ++#define WGET_VERSION_H >> ++ >> + /* Extern declarations for strings in version.c */ >> + extern const char *version_string; >> + extern const char *compilation_string; >> +@@ -34,3 +37,5 @@ extern const char *link_string; >> + >> + /* Extern declaration for string in build_info.c */ >> + extern const char *compiled_features[]; >> ++ >> ++#endif /* WGET_VERSION_H */ >> diff --git a/src/patches/wget/03-src_hsts_h_fix_header_guard.patch >> b/src/patches/wget/03-src_hsts_h_fix_header_guard.patch >> new file mode 100644 >> index 000000000..786d28851 >> --- /dev/null >> +++ b/src/patches/wget/03-src_hsts_h_fix_header_guard.patch >> @@ -0,0 +1,29 @@ >> +diff --git a/src/hsts.h b/src/hsts.h >> +index 257f0b0..0065d9f 100644 >> +--- a/src/hsts.h >> ++++ b/src/hsts.h >> +@@ -26,13 +26,13 @@ grants you additional permission to convey the resulting >> work. >> + Corresponding Source for a non-source form of such a combination >> + shall include the source code for the parts of OpenSSL used as well >> + as that of the covered work. */ >> +-#include "wget.h" >> + >> +-#ifdef HAVE_HSTS >> ++#ifndef WGET_HSTS_H >> ++#define WGET_HSTS_H >> + >> +-#ifndef HSTS_H >> +-#define HSTS_H >> ++#ifdef HAVE_HSTS >> + >> ++#include "wget.h" >> + #include "url.h" >> + >> + typedef struct hsts_store *hsts_store_t; >> +@@ -48,5 +48,5 @@ bool hsts_store_entry (hsts_store_t, >> + time_t, bool); >> + bool hsts_match (hsts_store_t, struct url *); >> + >> +-#endif /* HSTS_H */ >> + #endif /* HAVE_HSTS */ >> ++#endif /* WGET_HSTS_H */ >