Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Builder wget-solaris10-i386 Build #553

Results:

Failed shell shell_1 shell_2 shell_3

SourceStamp:

Projectwget
Repositoryhttps://gitlab.com/gnuwget/wget.git
Branchmaster
Revision581b53633159200125bcdee697762c62449b1067
Got Revision581b53633159200125bcdee697762c62449b1067
Changes1 change

BuildSlave:

unstable10x

Reason:

The SingleBranchScheduler scheduler named 'schedule-wget-solaris10-i386' triggered this build

Steps and Logfiles:

  1. git update ( 6 secs )
    1. stdio
  2. shell 'bash bootstrap' failed ( 56 secs )
    1. stdio
  3. shell_1 './configure' failed ( 0 secs )
    1. stdio
    2. src/config.h
    3. config.log
  4. shell_2 'gmake' failed ( 0 secs )
    1. stdio
  5. shell_3 'gmake check' failed ( 0 secs )
    1. stdio
    2. tests-unit-tests.log
    3. tests-test-suite.log
    4. testenv-test-suite.log

Build Properties:

NameValueSource
branch master Build
builddir /export/home/buildbot/slave/wget-solaris10-i386 slave
buildername wget-solaris10-i386 Builder
buildnumber 553 Build
codebase Build
got_revision 581b53633159200125bcdee697762c62449b1067 Git
project wget Build
repository https://gitlab.com/gnuwget/wget.git Build
revision 581b53633159200125bcdee697762c62449b1067 Build
scheduler schedule-wget-solaris10-i386 Scheduler
slavename unstable10x BuildSlave
workdir /export/home/buildbot/slave/wget-solaris10-i386 slave (deprecated)

Forced Build Properties:

NameLabelValue

Responsible Users:

  1. vlefebvre

Timing:

StartSat Jun 20 10:59:30 2026
EndSat Jun 20 11:00:33 2026
Elapsed1 mins, 2 secs

All Changes:

:

  1. Change #271894

    Category wget
    Changed by vlefebvre <valentin.lefebvreohnoyoudont@suse.com>
    Changed at Sat 20 Jun 2026 10:29:10
    Repository https://gitlab.com/gnuwget/wget.git
    Project wget
    Branch master
    Revision 581b53633159200125bcdee697762c62449b1067

    Comments

    Drop user-provided Authorization and Cookie headers on untrusted redirections
* src/http.c: (unredirectable_headerline) check if a header line is
  included in a list of value that cannot be sent after a redirect.
* src/http.c: (get_http) Do not set user header, when
  location_changed, from unredirectable_headerline.
* src/http.h: (http_loop) Add argument location_changed.
* testenv/Makefile.am: Add new tests.
* testenv/Test-redirect-auth-cookie.py: New test file.
* testenv/Test-redirect-same-host-keep-auth-cookie.py: New test file.
* testenv/conf/update_redirect.py: New file.

Fix CVE-2021-31879. If wget for an http URL is redirected to a
different site (hostnameparts of URLs differ), then any "Authorization"
and "Cookie" header entries are discarded.

The dropping of user-provided headers is switched off by --trust-server-names.

Signed-off-by: vlefebvre <valentin.lefebvre@suse.com>
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
Co-authored-by: Tim Rühsen <tim.ruehsen@gmx.de>
Copyright-paperwork-exempt: Yes

    Changed files

    • src/http.c
    • src/http.h
    • src/retr.c
    • testenv/Makefile.am
    • testenv/Test-redirect-auth-cookie.py
    • testenv/Test-redirect-same-host-keep-auth-cookie.py
    • testenv/conf/update_redirect.py
BuildBot (0.8.14) working for the OpenCSW Buildbot project.
Page built: Sat 20 Jun 2026 14:39:54 (CEST)