* [PATCH] Upgrade 1.19.1 -> 1.19.2
@ 2017-10-31 9:48 Zhixiong Chi
2017-10-31 9:51 ` Zhixiong Chi
2017-10-31 10:05 ` ✗ patchtest: failure for " Patchwork
0 siblings, 2 replies; 3+ messages in thread
From: Zhixiong Chi @ 2017-10-31 9:48 UTC (permalink / raw)
To: openembedded-core
Among other things, fix CVE-2017-13089 CVE-2017-13090 CVE-2017-6508
External References:
https://nvd.nist.gov/vuln/detail/CVE-2017-13089
https://nvd.nist.gov/vuln/detail/CVE-2017-13090
https://nvd.nist.gov/vuln/detail/CVE-2017-6508
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
.../recipes-extended/wget/wget/CVE-2017-6508.patch | 44 ----------------------
meta/recipes-extended/wget/wget_1.19.1.bb | 9 -----
meta/recipes-extended/wget/wget_1.19.2.bb | 8 ++++
3 files changed, 8 insertions(+), 53 deletions(-)
delete mode 100644 meta/recipes-extended/wget/wget/CVE-2017-6508.patch
delete mode 100644 meta/recipes-extended/wget/wget_1.19.1.bb
create mode 100644 meta/recipes-extended/wget/wget_1.19.2.bb
diff --git a/meta/recipes-extended/wget/wget/CVE-2017-6508.patch b/meta/recipes-extended/wget/wget/CVE-2017-6508.patch
deleted file mode 100644
index b9c290f..0000000
--- a/meta/recipes-extended/wget/wget/CVE-2017-6508.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 4d729e322fae359a1aefaafec1144764a54e8ad4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
-Date: Mon, 6 Mar 2017 10:04:22 +0100
-Subject: [PATCH] Fix CRLF injection in Wget host part
-
-* src/url.c (url_parse): Reject control characters in host part of URL
-
-Reported-by: Orange Tsai
-
-Upstream-Status: Backport
-[http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4]
-
-CVE: CVE-2017-6508
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- src/url.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/src/url.c b/src/url.c
-index 8f8ff0b..7d36b27 100644
---- a/src/url.c
-+++ b/src/url.c
-@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode)
- url_unescape (u->host);
- host_modified = true;
-
-+ /* check for invalid control characters in host name */
-+ for (p = u->host; *p; p++)
-+ {
-+ if (c_iscntrl(*p))
-+ {
-+ url_free(u);
-+ error_code = PE_INVALID_HOST_NAME;
-+ goto error;
-+ }
-+ }
-+
- /* Apply IDNA regardless of iri->utf8_encode status */
- if (opt.enable_iri && iri)
- {
---
-2.7.4
-
diff --git a/meta/recipes-extended/wget/wget_1.19.1.bb b/meta/recipes-extended/wget/wget_1.19.1.bb
deleted file mode 100644
index 78bde95..0000000
--- a/meta/recipes-extended/wget/wget_1.19.1.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
- file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
- file://CVE-2017-6508.patch \
- "
-
-SRC_URI[md5sum] = "87cea36b7161fd43e3fd51a4e8b89689"
-SRC_URI[sha256sum] = "9e4f12da38cc6167d0752d934abe27c7b1599a9af294e73829be7ac7b5b4da40"
-
-require wget.inc
diff --git a/meta/recipes-extended/wget/wget_1.19.2.bb b/meta/recipes-extended/wget/wget_1.19.2.bb
new file mode 100644
index 0000000..bdafa70
--- /dev/null
+++ b/meta/recipes-extended/wget/wget_1.19.2.bb
@@ -0,0 +1,8 @@
+SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
+ file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
+ "
+
+SRC_URI[md5sum] = "caabf9727fa429626316619a6369fffa"
+SRC_URI[sha256sum] = "4f4a673b6d466efa50fbfba796bd84a46ae24e370fa562ede5b21ab53c11a920"
+
+require wget.inc
--
1.9.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] Upgrade 1.19.1 -> 1.19.2
2017-10-31 9:48 [PATCH] Upgrade 1.19.1 -> 1.19.2 Zhixiong Chi
@ 2017-10-31 9:51 ` Zhixiong Chi
2017-10-31 10:05 ` ✗ patchtest: failure for " Patchwork
1 sibling, 0 replies; 3+ messages in thread
From: Zhixiong Chi @ 2017-10-31 9:51 UTC (permalink / raw)
To: openembedded-core
Please ignore this, I will update the subject with the patch.
Thanks.
On 2017年10月31日 17:48, Zhixiong Chi wrote:
> Among other things, fix CVE-2017-13089 CVE-2017-13090 CVE-2017-6508
> External References:
> https://nvd.nist.gov/vuln/detail/CVE-2017-13089
> https://nvd.nist.gov/vuln/detail/CVE-2017-13090
> https://nvd.nist.gov/vuln/detail/CVE-2017-6508
>
> Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
> ---
> .../recipes-extended/wget/wget/CVE-2017-6508.patch | 44 ----------------------
> meta/recipes-extended/wget/wget_1.19.1.bb | 9 -----
> meta/recipes-extended/wget/wget_1.19.2.bb | 8 ++++
> 3 files changed, 8 insertions(+), 53 deletions(-)
> delete mode 100644 meta/recipes-extended/wget/wget/CVE-2017-6508.patch
> delete mode 100644 meta/recipes-extended/wget/wget_1.19.1.bb
> create mode 100644 meta/recipes-extended/wget/wget_1.19.2.bb
>
> diff --git a/meta/recipes-extended/wget/wget/CVE-2017-6508.patch b/meta/recipes-extended/wget/wget/CVE-2017-6508.patch
> deleted file mode 100644
> index b9c290f..0000000
> --- a/meta/recipes-extended/wget/wget/CVE-2017-6508.patch
> +++ /dev/null
> @@ -1,44 +0,0 @@
> -From 4d729e322fae359a1aefaafec1144764a54e8ad4 Mon Sep 17 00:00:00 2001
> -From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
> -Date: Mon, 6 Mar 2017 10:04:22 +0100
> -Subject: [PATCH] Fix CRLF injection in Wget host part
> -
> -* src/url.c (url_parse): Reject control characters in host part of URL
> -
> -Reported-by: Orange Tsai
> -
> -Upstream-Status: Backport
> -[http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4]
> -
> -CVE: CVE-2017-6508
> -
> -Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
> ----
> - src/url.c | 11 +++++++++++
> - 1 file changed, 11 insertions(+)
> -
> -diff --git a/src/url.c b/src/url.c
> -index 8f8ff0b..7d36b27 100644
> ---- a/src/url.c
> -+++ b/src/url.c
> -@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode)
> - url_unescape (u->host);
> - host_modified = true;
> -
> -+ /* check for invalid control characters in host name */
> -+ for (p = u->host; *p; p++)
> -+ {
> -+ if (c_iscntrl(*p))
> -+ {
> -+ url_free(u);
> -+ error_code = PE_INVALID_HOST_NAME;
> -+ goto error;
> -+ }
> -+ }
> -+
> - /* Apply IDNA regardless of iri->utf8_encode status */
> - if (opt.enable_iri && iri)
> - {
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-extended/wget/wget_1.19.1.bb b/meta/recipes-extended/wget/wget_1.19.1.bb
> deleted file mode 100644
> index 78bde95..0000000
> --- a/meta/recipes-extended/wget/wget_1.19.1.bb
> +++ /dev/null
> @@ -1,9 +0,0 @@
> -SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
> - file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
> - file://CVE-2017-6508.patch \
> - "
> -
> -SRC_URI[md5sum] = "87cea36b7161fd43e3fd51a4e8b89689"
> -SRC_URI[sha256sum] = "9e4f12da38cc6167d0752d934abe27c7b1599a9af294e73829be7ac7b5b4da40"
> -
> -require wget.inc
> diff --git a/meta/recipes-extended/wget/wget_1.19.2.bb b/meta/recipes-extended/wget/wget_1.19.2.bb
> new file mode 100644
> index 0000000..bdafa70
> --- /dev/null
> +++ b/meta/recipes-extended/wget/wget_1.19.2.bb
> @@ -0,0 +1,8 @@
> +SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
> + file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
> + "
> +
> +SRC_URI[md5sum] = "caabf9727fa429626316619a6369fffa"
> +SRC_URI[sha256sum] = "4f4a673b6d466efa50fbfba796bd84a46ae24e370fa562ede5b21ab53c11a920"
> +
> +require wget.inc
--
---------------------
Thanks,
Zhixiong Chi
Tel: +86-10-8477-7036
^ permalink raw reply [flat|nested] 3+ messages in thread
* ✗ patchtest: failure for Upgrade 1.19.1 -> 1.19.2
2017-10-31 9:48 [PATCH] Upgrade 1.19.1 -> 1.19.2 Zhixiong Chi
2017-10-31 9:51 ` Zhixiong Chi
@ 2017-10-31 10:05 ` Patchwork
1 sibling, 0 replies; 3+ messages in thread
From: Patchwork @ 2017-10-31 10:05 UTC (permalink / raw)
To: Zhixiong Chi; +Cc: openembedded-core
== Series Details ==
Series: Upgrade 1.19.1 -> 1.19.2
Revision: 1
URL : https://patchwork.openembedded.org/series/9555/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:
* Patch Upgrade 1.19.1 -> 1.19.2
Issue Shortlog does not follow expected format [test_shortlog_format]
Suggested fix Commit shortlog (first line of commit message) should follow the format "<target>: <summary>"
If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).
---
Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-10-31 10:05 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-31 9:48 [PATCH] Upgrade 1.19.1 -> 1.19.2 Zhixiong Chi
2017-10-31 9:51 ` Zhixiong Chi
2017-10-31 10:05 ` ✗ patchtest: failure for " Patchwork
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox