import wget-1.19.5-8.el8_1.1
This commit is contained in:
parent
5e8b50dfcc
commit
80d41999c1
28
SOURCES/wget-1.19.5-no_proxy-dot-prefix.patch
Normal file
28
SOURCES/wget-1.19.5-no_proxy-dot-prefix.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
commit fd85ac9cc623847e9d94d9f9241ab34e2c146cbf
|
||||||
|
Author: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
||||||
|
Date: Thu Oct 25 17:39:52 2018 -0300
|
||||||
|
|
||||||
|
* src/host.c (sufmatch): Fix dot-prefixed domain matching
|
||||||
|
|
||||||
|
Current sufmatch does not match when domain is dot-prefixed.
|
||||||
|
The example of no_proxy in man (.mit.edu) does use a dot-prefixed
|
||||||
|
domain.
|
||||||
|
|
||||||
|
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
||||||
|
Copyright-paperwork-exempt: Yes
|
||||||
|
|
||||||
|
diff --git a/src/host.c b/src/host.c
|
||||||
|
index b42cd6e8..2bf848f3 100644
|
||||||
|
--- a/src/host.c
|
||||||
|
+++ b/src/host.c
|
||||||
|
@@ -1033,8 +1033,9 @@ sufmatch (const char **list, const char *what)
|
||||||
|
/* Domain or subdomain match
|
||||||
|
* k == -1: exact match
|
||||||
|
* k >= 0 && what[k] == '.': subdomain match
|
||||||
|
+ * k >= 0 && list[i][0] == '.': dot-prefixed subdomain match
|
||||||
|
*/
|
||||||
|
- if (j == -1 && (k == -1 || what[k] == '.'))
|
||||||
|
+ if (j == -1 && (k == -1 || what[k] == '.' || list[i][0] == '.'))
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
285
SOURCES/wget-1.19.5-no_proxy-tests.patch
Normal file
285
SOURCES/wget-1.19.5-no_proxy-tests.patch
Normal file
@ -0,0 +1,285 @@
|
|||||||
|
From dea0f6272889adcff846144fff5714c076067b16 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Hozza <thozza@redhat.com>
|
||||||
|
Date: Thu, 7 Nov 2019 12:46:15 +0100
|
||||||
|
Subject: [PATCH 1/3] testenv: HTTPTest.begin() should return exit value
|
||||||
|
|
||||||
|
* testenv/test/http_test.py: Ensure that HTTPTest.begin() always retuns a value
|
||||||
|
|
||||||
|
Previously the HTTPTest.begin() method always returned None. However this is not consistent with the begin() implementation of the parent class (BaseTest). This change ensures that HTTPTest.begin() returns a value.
|
||||||
|
|
||||||
|
Signed-off-by: Tomas Hozza <thozza@redhat.com>
|
||||||
|
---
|
||||||
|
testenv/test/http_test.py | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/testenv/test/http_test.py b/testenv/test/http_test.py
|
||||||
|
index fef0c2ef..462ac6e7 100644
|
||||||
|
--- a/testenv/test/http_test.py
|
||||||
|
+++ b/testenv/test/http_test.py
|
||||||
|
@@ -42,7 +42,7 @@ class HTTPTest(BaseTest):
|
||||||
|
print_green("Test Passed.")
|
||||||
|
else:
|
||||||
|
self.tests_passed = False
|
||||||
|
- super(HTTPTest, self).begin()
|
||||||
|
+ return super(HTTPTest, self).begin()
|
||||||
|
|
||||||
|
def instantiate_server_by(self, protocol):
|
||||||
|
server = {HTTP: HTTPd,
|
||||||
|
--
|
||||||
|
2.21.0
|
||||||
|
|
||||||
|
|
||||||
|
From 7fba12cf25ff7cc352f0f5df7d91670df7035823 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Hozza <thozza@redhat.com>
|
||||||
|
Date: Thu, 7 Nov 2019 13:01:44 +0100
|
||||||
|
Subject: [PATCH 2/3] testenv: Allow definition of environment variables for
|
||||||
|
wget execuion
|
||||||
|
|
||||||
|
* testenv/README: Added description for new EnvironmentVariable hook
|
||||||
|
* testenv/conf/environment_variable.py: Added implementation of EnvironmentVariable hook
|
||||||
|
* testenv/test/base_test.py: Modified exec_wget() to enable use of EnvironmentVariable hook
|
||||||
|
|
||||||
|
Added new test hook called EnvironmentVariables, for defining environment variables when wget is executed in tests. This is handy for testing environment variables, which are accepted by wget.
|
||||||
|
|
||||||
|
Signed-off-by: Tomas Hozza <thozza@redhat.com>
|
||||||
|
---
|
||||||
|
testenv/README | 3 +++
|
||||||
|
testenv/conf/environment_variables.py | 14 ++++++++++++++
|
||||||
|
testenv/test/base_test.py | 6 +++++-
|
||||||
|
3 files changed, 22 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 testenv/conf/environment_variables.py
|
||||||
|
|
||||||
|
diff --git a/testenv/README b/testenv/README
|
||||||
|
index aca8cdda..d4fabddd 100644
|
||||||
|
--- a/testenv/README
|
||||||
|
+++ b/testenv/README
|
||||||
|
@@ -224,6 +224,9 @@ executed. The currently supported options are:
|
||||||
|
file. While all Download URL's are passed to Urls, a notable exception is
|
||||||
|
when in-url authentication is used. In such a case, the URL is specified in
|
||||||
|
the WgetCommands string.
|
||||||
|
+ * EnvironmentVariables: A dictionary with key-value items, which will be
|
||||||
|
+ defined as environment variables during the execution of wget command in
|
||||||
|
+ test.
|
||||||
|
|
||||||
|
Post-Test Hooks:
|
||||||
|
================================================================================
|
||||||
|
diff --git a/testenv/conf/environment_variables.py b/testenv/conf/environment_variables.py
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..323c051c
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/testenv/conf/environment_variables.py
|
||||||
|
@@ -0,0 +1,14 @@
|
||||||
|
+from conf import hook
|
||||||
|
+
|
||||||
|
+""" Test Option: EnvironmentVariables
|
||||||
|
+This hook is used to define environment variables used for execution of wget
|
||||||
|
+command in test."""
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+@hook(alias='EnvironmentVariables')
|
||||||
|
+class URLs:
|
||||||
|
+ def __init__(self, envs):
|
||||||
|
+ self.envs = envs
|
||||||
|
+
|
||||||
|
+ def __call__(self, test_obj):
|
||||||
|
+ test_obj.envs.update(**self.envs)
|
||||||
|
diff --git a/testenv/test/base_test.py b/testenv/test/base_test.py
|
||||||
|
index dbf4678f..04a6f748 100644
|
||||||
|
--- a/testenv/test/base_test.py
|
||||||
|
+++ b/testenv/test/base_test.py
|
||||||
|
@@ -51,6 +51,7 @@ class BaseTest:
|
||||||
|
|
||||||
|
self.wget_options = ''
|
||||||
|
self.urls = []
|
||||||
|
+ self.envs = dict()
|
||||||
|
|
||||||
|
self.tests_passed = True
|
||||||
|
self.ready = False
|
||||||
|
@@ -97,12 +98,15 @@ class BaseTest:
|
||||||
|
cmd_line = self.gen_cmd_line()
|
||||||
|
params = shlex.split(cmd_line)
|
||||||
|
print(params)
|
||||||
|
+ envs = {"HOME": os.getcwd()}
|
||||||
|
+ envs.update(**self.envs)
|
||||||
|
+ print(envs)
|
||||||
|
|
||||||
|
if os.getenv("SERVER_WAIT"):
|
||||||
|
time.sleep(float(os.getenv("SERVER_WAIT")))
|
||||||
|
|
||||||
|
try:
|
||||||
|
- ret_code = call(params, env={"HOME": os.getcwd()})
|
||||||
|
+ ret_code = call(params, env=envs)
|
||||||
|
except FileNotFoundError:
|
||||||
|
raise TestFailed("The Wget Executable does not exist at the "
|
||||||
|
"expected path.")
|
||||||
|
--
|
||||||
|
2.21.0
|
||||||
|
|
||||||
|
|
||||||
|
From 0d50becc19ba07f34157b2842ca97675cc95fc1a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Hozza <thozza@redhat.com>
|
||||||
|
Date: Thu, 7 Nov 2019 13:11:30 +0100
|
||||||
|
Subject: [PATCH 3/3] testenv: Add test for handling of no_proxy environment
|
||||||
|
variable
|
||||||
|
|
||||||
|
* testenv/Test-no_proxy-env.py: Added new test for no_proxy env
|
||||||
|
|
||||||
|
Added new test with 5 cases, which are testing various combinations of no_proxy environment variable definition and requested URLs
|
||||||
|
|
||||||
|
Signed-off-by: Tomas Hozza <thozza@redhat.com>
|
||||||
|
---
|
||||||
|
testenv/Test-no_proxy-env.py | 142 +++++++++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 142 insertions(+)
|
||||||
|
create mode 100755 testenv/Test-no_proxy-env.py
|
||||||
|
|
||||||
|
diff --git a/testenv/Test-no_proxy-env.py b/testenv/Test-no_proxy-env.py
|
||||||
|
new file mode 100755
|
||||||
|
index 00000000..ea7f38c4
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/testenv/Test-no_proxy-env.py
|
||||||
|
@@ -0,0 +1,142 @@
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
+from sys import exit
|
||||||
|
+from test.http_test import HTTPTest
|
||||||
|
+from test.base_test import HTTP
|
||||||
|
+from misc.wget_file import WgetFile
|
||||||
|
+
|
||||||
|
+"""
|
||||||
|
+ This test ensures, that domains with and without leftmost dot defined in
|
||||||
|
+ no_proxy environment variable are accepted by wget. The idea is to use
|
||||||
|
+ non-existing proxy server address and detect whether files are downloaded
|
||||||
|
+ when proxy settings are omitted based on no_proxy environment variable
|
||||||
|
+ value.
|
||||||
|
+
|
||||||
|
+ current wget's behavior:
|
||||||
|
+ - "no_proxy=.mit.edu"
|
||||||
|
+ - will match the domain and subdomains e.g. "www.mit.edu" or "www.subdomain.mit.edu" (Case #4)
|
||||||
|
+ - will NOT match the host "mit.edu" (Case #3)
|
||||||
|
+ - "no_proxy=mit.edu"
|
||||||
|
+ - will match the domain and subdomains e.g. "www.mit.edu" or "www.subdomain.mit.edu" (Case #2)
|
||||||
|
+ - will match the host "mit.edu" (Case #1)
|
||||||
|
+ - downside: can not match only the host
|
||||||
|
+"""
|
||||||
|
+# File Definitions
|
||||||
|
+File1 = "Would you like some Tea?"
|
||||||
|
+File2 = "With lemon or cream?"
|
||||||
|
+
|
||||||
|
+A_File = WgetFile ("File1", File1)
|
||||||
|
+B_File = WgetFile ("File2", File2)
|
||||||
|
+
|
||||||
|
+WGET_URLS = [["File1", "File2"]]
|
||||||
|
+WGET_ENVS = {
|
||||||
|
+ "http_proxy": "nonexisting.localhost:8080",
|
||||||
|
+ "no_proxy": "working1.localhost,.working2.localhost"
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+Servers = [HTTP]
|
||||||
|
+Files = [[A_File, B_File]]
|
||||||
|
+
|
||||||
|
+ExpectedReturnCodeWorking = 0
|
||||||
|
+ExpectedReturnCodeNotWorking = 4 # network error (non-existing proxy address)
|
||||||
|
+
|
||||||
|
+ExpectedDownloadedFilesWorking = [A_File, B_File]
|
||||||
|
+
|
||||||
|
+# Pre and Post Test Hooks
|
||||||
|
+test_options = {
|
||||||
|
+ "Urls" : WGET_URLS,
|
||||||
|
+ "EnvironmentVariables": WGET_ENVS
|
||||||
|
+}
|
||||||
|
+post_test_working = {
|
||||||
|
+ "ExpectedFiles" : ExpectedDownloadedFilesWorking,
|
||||||
|
+ "ExpectedRetcode" : ExpectedReturnCodeWorking
|
||||||
|
+}
|
||||||
|
+post_test_not_working = {
|
||||||
|
+ "ExpectedRetcode" : ExpectedReturnCodeNotWorking
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+# Case #1:
|
||||||
|
+# - Requested domain matches exactly the domain definition in no_proxy.
|
||||||
|
+# - Domain definition in no_proxy is NOT dot-prefixed
|
||||||
|
+# Expected result: proxy settings don't apply and files are downloaded.
|
||||||
|
+pre_case_1 = {
|
||||||
|
+ "ServerFiles" : Files,
|
||||||
|
+ "Domains" : ["working1.localhost"]
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+err_case_1 = HTTPTest (
|
||||||
|
+ pre_hook=pre_case_1,
|
||||||
|
+ test_params=test_options,
|
||||||
|
+ post_hook=post_test_working,
|
||||||
|
+ protocols=Servers
|
||||||
|
+).begin ()
|
||||||
|
+
|
||||||
|
+# Case #2:
|
||||||
|
+# - Requested domain is sub-domain of a domain definition in no_proxy.
|
||||||
|
+# - Domain definition in no_proxy is NOT dot-prefixed
|
||||||
|
+# Expected result: proxy settings don't apply and files are downloaded.
|
||||||
|
+pre_case_2 = {
|
||||||
|
+ "ServerFiles" : Files,
|
||||||
|
+ "Domains" : ["www.working1.localhost"]
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+err_case_2 = HTTPTest (
|
||||||
|
+ pre_hook=pre_case_2,
|
||||||
|
+ test_params=test_options,
|
||||||
|
+ post_hook=post_test_working,
|
||||||
|
+ protocols=Servers
|
||||||
|
+).begin ()
|
||||||
|
+
|
||||||
|
+# Case #3:
|
||||||
|
+# - Requested domain matches exactly the domain definition in no_proxy,
|
||||||
|
+# except for the leftmost dot (".") in no_proxy domain definition.
|
||||||
|
+# - Domain definition in no_proxy IS dot-prefixed
|
||||||
|
+# Expected result: proxy settings apply and files are downloaded. This is
|
||||||
|
+# due to the mismatch in leftmost dot.
|
||||||
|
+# NOTE: This is inconsistent with curl's behavior, but has less drawbacks.
|
||||||
|
+pre_case_3 = {
|
||||||
|
+ "ServerFiles" : Files,
|
||||||
|
+ "Domains" : ["working2.localhost"]
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+err_case_3 = HTTPTest (
|
||||||
|
+ pre_hook=pre_case_3,
|
||||||
|
+ test_params=test_options,
|
||||||
|
+ post_hook=post_test_not_working,
|
||||||
|
+ protocols=Servers
|
||||||
|
+).begin ()
|
||||||
|
+
|
||||||
|
+# Case #4:
|
||||||
|
+# - Requested domain is sub-domain of a domain definition in no_proxy.
|
||||||
|
+# - Domain definition in no_proxy IS dot-prefixed
|
||||||
|
+# Expected result: proxy settings don't apply and files are downloaded.
|
||||||
|
+pre_case_4 = {
|
||||||
|
+ "ServerFiles" : Files,
|
||||||
|
+ "Domains" : ["www.working2.localhost"]
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+err_case_4 = HTTPTest (
|
||||||
|
+ pre_hook=pre_case_4,
|
||||||
|
+ test_params=test_options,
|
||||||
|
+ post_hook=post_test_working,
|
||||||
|
+ protocols=Servers
|
||||||
|
+).begin ()
|
||||||
|
+
|
||||||
|
+# Case #5
|
||||||
|
+# - Requested domain does not match a domain definition in no_proxy.
|
||||||
|
+# - Requested domain is NOT sub-domain of a domain definition in no_proxy.
|
||||||
|
+# Expected result: proxy settings apply and files are NOT downloaded due to
|
||||||
|
+# network error when using proxy with non-existing URL.
|
||||||
|
+pre_case_5 = {
|
||||||
|
+ "ServerFiles" : Files,
|
||||||
|
+ "Domains" : ["www.example.localhost"]
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+err_case_5 = HTTPTest (
|
||||||
|
+ pre_hook=pre_case_5,
|
||||||
|
+ test_params=test_options,
|
||||||
|
+ post_hook=post_test_not_working,
|
||||||
|
+ protocols=Servers
|
||||||
|
+).begin ()
|
||||||
|
+
|
||||||
|
+# Combine error codes from all test cases
|
||||||
|
+exit (max(err_case_1, err_case_2, err_case_3, err_case_4, err_case_5))
|
||||||
|
--
|
||||||
|
2.21.0
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for retrieving files using the HTTP or FTP protocols
|
Summary: A utility for retrieving files using the HTTP or FTP protocols
|
||||||
Name: wget
|
Name: wget
|
||||||
Version: 1.19.5
|
Version: 1.19.5
|
||||||
Release: 7%{?dist}.1
|
Release: 8%{?dist}.1
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
Url: http://www.gnu.org/software/wget/
|
Url: http://www.gnu.org/software/wget/
|
||||||
@ -17,6 +17,9 @@ Patch7: wget-1.19.5-Dont-save-userpw-with---xattr.patch
|
|||||||
# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
|
# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
|
||||||
# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17
|
# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17
|
||||||
Patch8: wget-1.19.5-CVE-2019-5953.patch
|
Patch8: wget-1.19.5-CVE-2019-5953.patch
|
||||||
|
# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=fd85ac9cc623847e9d94d9f9241ab34e2c146cbf
|
||||||
|
Patch9: wget-1.19.5-no_proxy-dot-prefix.patch
|
||||||
|
Patch10: wget-1.19.5-no_proxy-tests.patch
|
||||||
|
|
||||||
Provides: webclient
|
Provides: webclient
|
||||||
Provides: bundled(gnulib)
|
Provides: bundled(gnulib)
|
||||||
@ -50,6 +53,8 @@ grep "PACKAGE_STRING='wget .* (Red Hat modified)'" configure || exit 1
|
|||||||
%patch6 -p1 -b .no_xattr_by_default
|
%patch6 -p1 -b .no_xattr_by_default
|
||||||
%patch7 -p1 -b .no_userpw_in_xattr
|
%patch7 -p1 -b .no_userpw_in_xattr
|
||||||
%patch8 -p1 -b .CVE-2019-5953
|
%patch8 -p1 -b .CVE-2019-5953
|
||||||
|
%patch9 -p1 -b .no_proxy-dot-prefix
|
||||||
|
%patch10 -p1 -b .no_proxy-test
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure \
|
%configure \
|
||||||
@ -96,8 +101,11 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_infodir}/*
|
%{_infodir}/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Sun Apr 07 2019 Tomas Hozza <thozza@redhat.com> - 1.19.5-7.1
|
* Thu Nov 21 2019 Tomáš Hozza <thozza@redhat.com> - 1.19.5-8.1
|
||||||
- Fix CVE-2019-5953 (#1696735)
|
- Fix issue with dot-prefixed domain names in no_proxy ENV (#1772821)
|
||||||
|
|
||||||
|
* Sun Apr 07 2019 Tomas Hozza <thozza@redhat.com> - 1.19.5-8
|
||||||
|
- Fix CVE-2019-5953 (#1696736)
|
||||||
|
|
||||||
* Thu Jan 10 2019 Tomas Hozza <thozza@redhat.com> - 1.19.5-7
|
* Thu Jan 10 2019 Tomas Hozza <thozza@redhat.com> - 1.19.5-7
|
||||||
- Fix information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)
|
- Fix information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)
|
||||||
|
Loading…
Reference in New Issue
Block a user