[oe-commits] Chris Larson : wget: apply patch to 1.12 for CVE-2010-2252

git version control git at git.openembedded.org
Fri Jan 21 18:52:31 UTC 2011 

Module: openembedded.git
Branch: master
Commit: ca83d2d3992943a48ae2e86a61b287e46c2b1fb7
URL:    http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=ca83d2d3992943a48ae2e86a61b287e46c2b1fb7

Author: Chris Larson <chris_larson at mentor.com>
Date:   Tue Jan 18 12:07:04 2011 -0500

wget: apply patch to 1.12 for CVE-2010-2252

Signed-off-by: Chris Larson <chris_larson at mentor.com>

---

 recipes/wget/wget-1.12/CVE-2010-2252.patch |  211 ++++++++++++++++++++++++++++
 recipes/wget/wget_1.12.bb                  |    3 +-
 2 files changed, 213 insertions(+), 1 deletions(-)

diff --git a/recipes/wget/wget-1.12/CVE-2010-2252.patch b/recipes/wget/wget-1.12/CVE-2010-2252.patch
new file mode 100644
index 0000000..9670195
--- /dev/null
+++ b/recipes/wget/wget-1.12/CVE-2010-2252.patch
@@ -0,0 +1,211 @@
+http://bugs.gentoo.org/329941
+
+based on upstream commit, but tweaked to work with wget-1.12 and
+remove useless style changes
+
+------------------------------------------------------------
+revno: 2409
+committer: Giuseppe Scrivano <gscrivano at gnu.org>
+branch nick: wget
+timestamp: Wed 2010-07-28 21:22:22 +0200
+message:
+  Introduce --trust-server-names.  Close CVE-2010-2252.
+diff:
+
+NEWS:
+** By default, on server redirects, use the original URL to get the
+   local file name. Close CVE-2010-2252.
+
+ChangeLog:
+2010-07-28  Giuseppe Scrivano  <gscrivano at gnu.org>
+
+	* http.h (http_loop): Add new argument `original_url'
+	* http.c (http_loop): Add new argument `original_url'.  Use
+	`original_url' to get a filename if `trustservernames' is false.
+
+	* init.c (commands): Add "trustservernames".
+
+	* options.h (library): Add variable `trustservernames'.
+
+	* main.c (option_data): Add trust-server-names.
+	(print_help): Describe --trust-server-names.
+
+	* retr.c (retrieve_url): Pass new argument to `http_loop'.
+
+=== modified file 'doc/wget.texi'
+Index: doc/wget.texi
+===================================================================
+--- doc/wget.texi.orig
++++ doc/wget.texi
+@@ -1487,6 +1487,13 @@ This option is useful for some file-down
+ @code{Content-Disposition} headers to describe what the name of a
+ downloaded file should be.
+
++ at cindex Trust server names
++ at item --trust-server-names
++
++If this is set to on, on a redirect the last component of the
++redirection URL will be used as the local file name.  By default it is
++used the last component in the original URL.
++
+ @cindex authentication
+ @item --auth-no-challenge
+
+@@ -2799,6 +2806,10 @@ Set the connect timeout---the same as @s
+ Turn on recognition of the (non-standard) @samp{Content-Disposition}
+ HTTP header---if set to @samp{on}, the same as @samp{--content-disposition}.
+
++ at item trust_server_names = on/off
++If set to on, use the last component of a redirection URL for the local
++file name.
++
+ @item continue = on/off
+ If set to on, force continuation of preexistent partially retrieved
+ files.  See @samp{-c} before setting it.
+Index: src/http.c
+===================================================================
+--- src/http.c.orig
++++ src/http.c
+@@ -2410,8 +2410,9 @@ File %s already there; not retrieving.\n
+ /* The genuine HTTP loop!  This is the part where the retrieval is
+    retried, and retried, and retried, and...  */
+ uerr_t
+-http_loop (struct url *u, char **newloc, char **local_file, const char *referer,
+-           int *dt, struct url *proxy, struct iri *iri)
++http_loop (struct url *u, struct url *original_url, char **newloc,
++           char **local_file, const char *referer, int *dt, struct url *proxy,
++           struct iri *iri)
+ {
+   int count;
+   bool got_head = false;         /* used for time-stamping and filename detection */
+@@ -2457,7 +2458,8 @@ http_loop (struct url *u, char **newloc,
+     }
+   else if (!opt.content_disposition)
+     {
+-      hstat.local_file = url_file_name (u);
++      hstat.local_file =
++        url_file_name (opt.trustservernames ? u : original_url);
+       got_name = true;
+     }
+
+@@ -2497,7 +2499,7 @@ File %s already there; not retrieving.\n
+
+   /* Send preliminary HEAD request if -N is given and we have an existing
+    * destination file. */
+-  file_name = url_file_name (u);
++  file_name = url_file_name (opt.trustservernames ? u : original_url);
+   if (opt.timestamping
+       && !opt.content_disposition
+       && file_exists_p (file_name))
+Index: src/http.h
+===================================================================
+--- src/http.h.orig
++++ src/http.h
+@@ -33,8 +33,8 @@ as that of the covered work.  */
+
+ struct url;
+
+-uerr_t http_loop (struct url *, char **, char **, const char *, int *,
+-		  struct url *, struct iri *);
++uerr_t http_loop (struct url *, struct url *, char **, char **, const char *,
++                  int *, struct url *, struct iri *);
+ void save_cookies (void);
+ void http_cleanup (void);
+ time_t http_atotm (const char *);
+Index: src/init.c
+===================================================================
+--- src/init.c.orig
++++ src/init.c
+@@ -243,6 +243,7 @@ static const struct {
+   { "timeout",          NULL,                   cmd_spec_timeout },
+   { "timestamping",     &opt.timestamping,      cmd_boolean },
+   { "tries",            &opt.ntry,              cmd_number_inf },
++  { "trustservernames", &opt.trustservernames,  cmd_boolean },
+   { "useproxy",         &opt.use_proxy,         cmd_boolean },
+   { "user",             &opt.user,              cmd_string },
+   { "useragent",        NULL,                   cmd_spec_useragent },
+Index: src/main.c
+===================================================================
+--- src/main.c.orig
++++ src/main.c
+@@ -266,6 +266,7 @@ static struct cmdline_option option_data
+     { "timeout", 'T', OPT_VALUE, "timeout", -1 },
+     { "timestamping", 'N', OPT_BOOLEAN, "timestamping", -1 },
+     { "tries", 't', OPT_VALUE, "tries", -1 },
++    { "trust-server-names", 0, OPT_BOOLEAN, "trustservernames", -1 },
+     { "user", 0, OPT_VALUE, "user", -1 },
+     { "user-agent", 'U', OPT_VALUE, "useragent", -1 },
+     { "verbose", 'v', OPT_BOOLEAN, "verbose", -1 },
+@@ -675,6 +676,8 @@ Recursive accept/reject:\n"),
+     N_("\
+   -I,  --include-directories=LIST  list of allowed directories.\n"),
+     N_("\
++       --trust-server-names        use the name specified by the redirection url last component.\n"),
++    N_("\
+   -X,  --exclude-directories=LIST  list of excluded directories.\n"),
+     N_("\
+   -np, --no-parent                 don't ascend to the parent directory.\n"),
+Index: src/options.h
+===================================================================
+--- src/options.h.orig
++++ src/options.h
+@@ -242,6 +242,7 @@ struct options
+   char *encoding_remote;
+   char *locale;
+
++  bool trustservernames;
+ #ifdef __VMS
+   int ftp_stmlf;                /* Force Stream_LF format for binary FTP. */
+ #endif /* def __VMS */
+Index: src/retr.c
+===================================================================
+--- src/retr.c.orig
++++ src/retr.c
+@@ -689,7 +689,8 @@ retrieve_url (struct url * orig_parsed,
+ #endif
+       || (proxy_url && proxy_url->scheme == SCHEME_HTTP))
+     {
+-      result = http_loop (u, &mynewloc, &local_file, refurl, dt, proxy_url, iri);
++      result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt,
++                          proxy_url, iri);
+     }
+   else if (u->scheme == SCHEME_FTP)
+     {
+Index: tests/Test-iri-forced-remote.px
+===================================================================
+--- tests/Test-iri-forced-remote.px.orig
++++ tests/Test-iri-forced-remote.px
+@@ -174,7 +174,7 @@ my %urls = (
+     },
+ );
+
+-my $cmdline = $WgetTest::WGETPATH . " --iri --remote-encoding=iso-8859-1 -nH -r http://localhost:{{port}}/";
++my $cmdline = $WgetTest::WGETPATH . " --iri --trust-server-names --remote-encoding=iso-8859-1 -nH -r http://localhost:{{port}}/";
+
+ my $expected_error_code = 0;
+
+Index: tests/Test-iri-list.px
+===================================================================
+--- tests/Test-iri-list.px.orig
++++ tests/Test-iri-list.px
+@@ -143,7 +143,7 @@ my %urls = (
+     },
+ );
+
+-my $cmdline = $WgetTest::WGETPATH . " --iri -d -i http://localhost:{{port}}/url_list.txt";
++my $cmdline = $WgetTest::WGETPATH . " --iri --trust-server-names -d -i http://localhost:{{port}}/url_list.txt";
+
+ my $expected_error_code = 0;
+
+Index: tests/Test-iri.px
+===================================================================
+--- tests/Test-iri.px.orig
++++ tests/Test-iri.px
+@@ -186,7 +186,7 @@ my %urls = (
+     },
+ );
+
+-my $cmdline = $WgetTest::WGETPATH . " -d --iri --restrict-file-names=nocontrol -nH -r http://localhost:{{port}}/";
++my $cmdline = $WgetTest::WGETPATH . " -d --iri --trust-server-names --restrict-file-names=nocontrol -nH -r http://localhost:{{port}}/";
+
+ my $expected_error_code = 0;
diff --git a/recipes/wget/wget_1.12.bb b/recipes/wget/wget_1.12.bb
index 4ce3c2d..1acabbe 100644
--- a/recipes/wget/wget_1.12.bb
+++ b/recipes/wget/wget_1.12.bb
@@ -1,7 +1,8 @@
-PR = "${INC_PR}.1"
+PR = "${INC_PR}.2"
 
 SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
            file://gnutls.bzr.patch \
+           file://CVE-2010-2252.patch;striplevel=0 \
 "
 
 SRC_URI[md5sum] = "141461b9c04e454dc8933c9d1f2abf83"

More information about the Openembedded-commits mailing list