diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-10-09 22:59:03 +0200 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-10-09 22:59:03 +0200 |
commit | 972dcfcdbfe75dcfeb777150c136576cf1a71e99 (patch) | |
tree | 97a61cd7e293d7ae9d56ef7ed0f81253365bb026 /meta/recipes-extended/wget | |
download | poky-972dcfcdbfe75dcfeb777150c136576cf1a71e99.tar.gz |
initial commit for Enea Linux 5.0 arm
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-extended/wget')
-rw-r--r-- | meta/recipes-extended/wget/wget-1.15/wget_cve-2014-4877.patch | 78 | ||||
-rw-r--r-- | meta/recipes-extended/wget/wget.inc | 23 | ||||
-rw-r--r-- | meta/recipes-extended/wget/wget/fix_makefile.patch | 33 | ||||
-rw-r--r-- | meta/recipes-extended/wget/wget_1.15.bb | 8 |
4 files changed, 142 insertions, 0 deletions
diff --git a/meta/recipes-extended/wget/wget-1.15/wget_cve-2014-4877.patch b/meta/recipes-extended/wget/wget-1.15/wget_cve-2014-4877.patch new file mode 100644 index 0000000000..bfcc36ea9e --- /dev/null +++ b/meta/recipes-extended/wget/wget-1.15/wget_cve-2014-4877.patch | |||
@@ -0,0 +1,78 @@ | |||
1 | From 18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Darshit Shah <darnir@gmail.com> | ||
3 | Date: Sun, 07 Sep 2014 19:11:17 +0000 | ||
4 | Subject: CVE-2014-4877: Arbitrary Symlink Access | ||
5 | |||
6 | Wget was susceptible to a symlink attack which could create arbitrary | ||
7 | files, directories or symbolic links and set their permissions when | ||
8 | retrieving a directory recursively through FTP. This commit changes the | ||
9 | default settings in Wget such that Wget no longer creates local symbolic | ||
10 | links, but rather traverses them and retrieves the pointed-to file in | ||
11 | such a retrieval. | ||
12 | |||
13 | The old behaviour can be attained by passing the --retr-symlinks=no | ||
14 | option to the Wget invokation command. | ||
15 | --- | ||
16 | diff --git a/doc/wget.texi b/doc/wget.texi | ||
17 | index aef1f80..d7a4c94 100644 | ||
18 | --- a/doc/wget.texi | ||
19 | +++ b/doc/wget.texi | ||
20 | @@ -1883,17 +1883,18 @@ Preserve remote file permissions instead of permissions set by umask. | ||
21 | |||
22 | @cindex symbolic links, retrieving | ||
23 | @item --retr-symlinks | ||
24 | -Usually, when retrieving @sc{ftp} directories recursively and a symbolic | ||
25 | -link is encountered, the linked-to file is not downloaded. Instead, a | ||
26 | -matching symbolic link is created on the local filesystem. The | ||
27 | -pointed-to file will not be downloaded unless this recursive retrieval | ||
28 | -would have encountered it separately and downloaded it anyway. | ||
29 | - | ||
30 | -When @samp{--retr-symlinks} is specified, however, symbolic links are | ||
31 | -traversed and the pointed-to files are retrieved. At this time, this | ||
32 | -option does not cause Wget to traverse symlinks to directories and | ||
33 | -recurse through them, but in the future it should be enhanced to do | ||
34 | -this. | ||
35 | +By default, when retrieving @sc{ftp} directories recursively and a symbolic link | ||
36 | +is encountered, the symbolic link is traversed and the pointed-to files are | ||
37 | +retrieved. Currently, Wget does not traverse symbolic links to directories to | ||
38 | +download them recursively, though this feature may be added in the future. | ||
39 | + | ||
40 | +When @samp{--retr-symlinks=no} is specified, the linked-to file is not | ||
41 | +downloaded. Instead, a matching symbolic link is created on the local | ||
42 | +filesystem. The pointed-to file will not be retrieved unless this recursive | ||
43 | +retrieval would have encountered it separately and downloaded it anyway. This | ||
44 | +option poses a security risk where a malicious FTP Server may cause Wget to | ||
45 | +write to files outside of the intended directories through a specially crafted | ||
46 | +@sc{.listing} file. | ||
47 | |||
48 | Note that when retrieving a file (not a directory) because it was | ||
49 | specified on the command-line, rather than because it was recursed to, | ||
50 | diff --git a/src/init.c b/src/init.c | ||
51 | index 09557af..3bdaa48 100644 | ||
52 | --- a/src/init.c | ||
53 | +++ b/src/init.c | ||
54 | @@ -366,6 +366,22 @@ defaults (void) | ||
55 | |||
56 | opt.dns_cache = true; | ||
57 | opt.ftp_pasv = true; | ||
58 | + /* 2014-09-07 Darshit Shah <darnir@gmail.com> | ||
59 | + * opt.retr_symlinks is set to true by default. Creating symbolic links on the | ||
60 | + * local filesystem pose a security threat by malicious FTP Servers that | ||
61 | + * server a specially crafted .listing file akin to this: | ||
62 | + * | ||
63 | + * lrwxrwxrwx 1 root root 33 Dec 25 2012 JoCxl6d8rFU -> / | ||
64 | + * drwxrwxr-x 15 1024 106 4096 Aug 28 02:02 JoCxl6d8rFU | ||
65 | + * | ||
66 | + * A .listing file in this fashion makes Wget susceptiple to a symlink attack | ||
67 | + * wherein the attacker is able to create arbitrary files, directories and | ||
68 | + * symbolic links on the target system and even set permissions. | ||
69 | + * | ||
70 | + * Hence, by default Wget attempts to retrieve the pointed-to files and does | ||
71 | + * not create the symbolic links locally. | ||
72 | + */ | ||
73 | + opt.retr_symlinks = true; | ||
74 | |||
75 | #ifdef HAVE_SSL | ||
76 | opt.check_cert = true; | ||
77 | -- | ||
78 | cgit v0.9.0.2 | ||
diff --git a/meta/recipes-extended/wget/wget.inc b/meta/recipes-extended/wget/wget.inc new file mode 100644 index 0000000000..87310300e1 --- /dev/null +++ b/meta/recipes-extended/wget/wget.inc | |||
@@ -0,0 +1,23 @@ | |||
1 | SUMMARY = "Console URL download utility supporting HTTP, FTP, etc" | ||
2 | HOMEPAGE = "https://www.gnu.org/software/wget/" | ||
3 | SECTION = "console/network" | ||
4 | LICENSE = "GPLv3" | ||
5 | LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" | ||
6 | |||
7 | DEPENDS = "gnutls zlib libpcre" | ||
8 | DEPENDS_class-nativesdk = "nativesdk-gnutls nativesdk-zlib nativesdk-libpcre" | ||
9 | |||
10 | INC_PR = "r16" | ||
11 | |||
12 | inherit autotools gettext texinfo update-alternatives | ||
13 | |||
14 | EXTRA_OECONF = "--enable-ipv6 --with-ssl=gnutls --disable-rpath --disable-iri \ | ||
15 | --without-libgnutls-prefix ac_cv_header_uuid_uuid_h=no" | ||
16 | |||
17 | ALTERNATIVE_${PN} = "wget" | ||
18 | ALTERNATIVE_${PN}_class-nativesdk = "" | ||
19 | ALTERNATIVE_PRIORITY = "100" | ||
20 | |||
21 | RRECOMMENDS_${PN} += "ca-certificates" | ||
22 | |||
23 | BBCLASSEXTEND += "nativesdk" | ||
diff --git a/meta/recipes-extended/wget/wget/fix_makefile.patch b/meta/recipes-extended/wget/wget/fix_makefile.patch new file mode 100644 index 0000000000..8ad7c62cdf --- /dev/null +++ b/meta/recipes-extended/wget/wget/fix_makefile.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | |||
2 | Upstream-Status: Pending | ||
3 | |||
4 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
5 | |||
6 | Index: wget-1.12/po/Makefile.in.in | ||
7 | =================================================================== | ||
8 | --- wget-1.12.orig/po/Makefile.in.in 2009-09-04 09:31:54.000000000 -0700 | ||
9 | +++ wget-1.12/po/Makefile.in.in 2011-10-19 20:32:53.714812160 -0700 | ||
10 | @@ -8,8 +8,8 @@ | ||
11 | # Please note that the actual code of GNU gettext is covered by the GNU | ||
12 | # General Public License and is *not* in the public domain. | ||
13 | # | ||
14 | -# Origin: gettext-0.17 | ||
15 | -GETTEXT_MACRO_VERSION = 0.17 | ||
16 | +# Origin: gettext-0.18 | ||
17 | +GETTEXT_MACRO_VERSION = 0.18 | ||
18 | |||
19 | PACKAGE = @PACKAGE@ | ||
20 | VERSION = @VERSION@ | ||
21 | Index: wget-1.12/configure.ac | ||
22 | =================================================================== | ||
23 | --- wget-1.12.orig/configure.ac 2009-09-22 09:39:49.000000000 -0700 | ||
24 | +++ wget-1.12/configure.ac 2011-10-19 20:32:53.714812160 -0700 | ||
25 | @@ -110,7 +110,7 @@ | ||
26 | dnl Gettext | ||
27 | dnl | ||
28 | AM_GNU_GETTEXT([external],[need-ngettext]) | ||
29 | -AM_GNU_GETTEXT_VERSION([0.17]) | ||
30 | +AM_GNU_GETTEXT_VERSION([0.18]) | ||
31 | |||
32 | AC_PROG_RANLIB | ||
33 | |||
diff --git a/meta/recipes-extended/wget/wget_1.15.bb b/meta/recipes-extended/wget/wget_1.15.bb new file mode 100644 index 0000000000..5375e4e504 --- /dev/null +++ b/meta/recipes-extended/wget/wget_1.15.bb | |||
@@ -0,0 +1,8 @@ | |||
1 | SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \ | ||
2 | file://fix_makefile.patch \ | ||
3 | file://wget_cve-2014-4877.patch \ | ||
4 | " | ||
5 | SRC_URI[md5sum] = "506df41295afc6486662cc47470b4618" | ||
6 | SRC_URI[sha256sum] = "52126be8cf1bddd7536886e74c053ad7d0ed2aa89b4b630f76785bac21695fcd" | ||
7 | |||
8 | require wget.inc | ||