diff -Nru wget-1.17.1/debian/changelog wget-1.17.1/debian/changelog --- wget-1.17.1/debian/changelog 2016-06-14 15:37:45.000000000 +0800 +++ wget-1.17.1/debian/changelog 2017-02-28 15:19:13.000000000 +0800 @@ -1,3 +1,13 @@ +wget (1.17.1-1ubuntu1.2) xenial-proposed; urgency=medium + + * Fix segmentation fault (LP: #1573307) + - debian/patches/Sanitize-value-sent-to-memset-to-prevent-SEGFAULT.patch + upstream commited 7099f489 patch to fix segmentation fault + - debian/patches/Fix-assertion-in-Progress-bar.patch upstream commited + 7cb9efa6 patch to fix assertion + + -- Chen-Han Hsiao (Stanley) Tue, 28 Feb 2017 15:19:04 +0800 + wget (1.17.1-1ubuntu1.1) xenial-security; urgency=medium * SECURITY UPDATE: http to ftp redirect spoofed filenames diff -Nru wget-1.17.1/debian/patches/Fix-assertion-in-Progress-bar.patch wget-1.17.1/debian/patches/Fix-assertion-in-Progress-bar.patch --- wget-1.17.1/debian/patches/Fix-assertion-in-Progress-bar.patch 1970-01-01 08:00:00.000000000 +0800 +++ wget-1.17.1/debian/patches/Fix-assertion-in-Progress-bar.patch 2017-02-28 15:13:16.000000000 +0800 @@ -0,0 +1,28 @@ +From 7cb9efa668f80ab5ca4d25133c3133e10473d1ef Mon Sep 17 00:00:00 2001 +From: Darshit Shah +Date: Sat, 5 Mar 2016 11:58:53 +0100 +Subject: [PATCH] Fix assertion in Progress bar + + * src/progress.c (create_image): Fix off-by-one error in assert() + statement for progress bar width. + Reported-By: Gisle Vanem +--- + src/progress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/progress.c b/src/progress.c +index 8a5df21..481e21e 100644 +--- a/src/progress.c ++++ b/src/progress.c +@@ -1164,7 +1164,7 @@ create_image (struct bar_progress *bp, double dl_total_time, bool done) + } + + padding = bp->width - count_cols (bp->buffer); +- assert (padding > 0 && "Padding length became non-positive!"); ++ assert (padding >= 0 && "Padding length became non-positive!"); + padding = padding > 0 ? padding : 0; + memset (p, ' ', padding); + p += padding; +-- +2.7.4 + diff -Nru wget-1.17.1/debian/patches/Sanitize-value-sent-to-memset-to-prevent-SEGFAULT.patch wget-1.17.1/debian/patches/Sanitize-value-sent-to-memset-to-prevent-SEGFAULT.patch --- wget-1.17.1/debian/patches/Sanitize-value-sent-to-memset-to-prevent-SEGFAULT.patch 1970-01-01 08:00:00.000000000 +0800 +++ wget-1.17.1/debian/patches/Sanitize-value-sent-to-memset-to-prevent-SEGFAULT.patch 2017-02-24 11:27:22.000000000 +0800 @@ -0,0 +1,35 @@ +From 7099f4899880eaefc2c40a3dc7693ab4174a819b Mon Sep 17 00:00:00 2001 +From: Darshit Shah +Date: Mon, 22 Feb 2016 15:08:15 +0100 +Subject: [PATCH] Sanitize value sent to memset to prevent SEGFAULT + +--- + src/progress.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/progress.c b/src/progress.c +index 93f6246..8a5df21 100644 +--- a/src/progress.c ++++ b/src/progress.c +@@ -1164,6 +1164,8 @@ create_image (struct bar_progress *bp, double dl_total_time, bool done) + } + + padding = bp->width - count_cols (bp->buffer); ++ assert (padding > 0 && "Padding length became non-positive!"); ++ padding = padding > 0 ? padding : 0; + memset (p, ' ', padding); + p += padding; + *p = '\0'; +@@ -1174,6 +1176,9 @@ create_image (struct bar_progress *bp, double dl_total_time, bool done) + * from the release code since we do not want Wget to crash and burn when the + * assertion fails. Instead Wget should continue downloading and display a + * horrible and irritating progress bar that spams the screen with newlines. ++ * ++ * By default, all assertions are disabled in a Wget build and are enabled ++ * only with the --enable-assert configure option. + */ + assert (count_cols (bp->buffer) == bp->width); + } +-- +2.7.4 + diff -Nru wget-1.17.1/debian/patches/series wget-1.17.1/debian/patches/series --- wget-1.17.1/debian/patches/series 2016-06-14 15:35:21.000000000 +0800 +++ wget-1.17.1/debian/patches/series 2017-02-28 15:13:35.000000000 +0800 @@ -3,3 +3,5 @@ wget-passive_ftp-default wget-doc-CRLs.patch CVE-2016-4971.patch +Sanitize-value-sent-to-memset-to-prevent-SEGFAULT.patch +Fix-assertion-in-Progress-bar.patch