4 files changed, 142 insertions, 0 deletions
diff --git a/meta/recipes-extended/wget/wget-1.15/wget_cve-2014-4877.patch b/meta/recipes-extended/wget/wget-1.15/wget_cve-2014-4877.patch
new file mode 100644
index 0000000000..bfcc36ea9e
--- /dev/null
+++ b/meta/recipes-extended/wget/wget-1.15/wget_cve-2014-4877.patch
@@ -0,0 +1,78 @@
+From 18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 Mon Sep 17 00:00:00 2001
+From: Darshit Shah <darnir@gmail.com>
+Date: Sun, 07 Sep 2014 19:11:17 +0000
+Subject: CVE-2014-4877: Arbitrary Symlink Access
+Wget was susceptible to a symlink attack which could create arbitrary
+files, directories or symbolic links and set their permissions when
+retrieving a directory recursively through FTP. This commit changes the
+default settings in Wget such that Wget no longer creates local symbolic
+links, but rather traverses them and retrieves the pointed-to file in
+such a retrieval.
+The old behaviour can be attained by passing the --retr-symlinks=no
+option to the Wget invokation command.
+---
+diff --git a/doc/wget.texi b/doc/wget.texi
+index aef1f80..d7a4c94 100644
+--- a/doc/wget.texi
+++ b/doc/wget.texi
+@@ -1883,17 +1883,18 @@ Preserve remote file permissions instead of permissions set by umask.
+ 
+ @cindex symbolic links, retrieving
+ @item --retr-symlinks
+-Usually, when retrieving @sc{ftp} directories recursively and a symbolic
+-link is encountered, the linked-to file is not downloaded.  Instead, a
+-matching symbolic link is created on the local filesystem.  The
+-pointed-to file will not be downloaded unless this recursive retrieval
+-would have encountered it separately and downloaded it anyway.
+-
+-When @samp{--retr-symlinks} is specified, however, symbolic links are
+-traversed and the pointed-to files are retrieved.  At this time, this
+-option does not cause Wget to traverse symlinks to directories and
+-recurse through them, but in the future it should be enhanced to do
+-this.
+By default, when retrieving @sc{ftp} directories recursively and a symbolic link
+is encountered, the symbolic link is traversed and the pointed-to files are
+retrieved.  Currently, Wget does not traverse symbolic links to directories to
+download them recursively, though this feature may be added in the future.
+
+When @samp{--retr-symlinks=no} is specified, the linked-to file is not
+downloaded.  Instead, a matching symbolic link is created on the local
+filesystem.  The pointed-to file will not be retrieved unless this recursive
+retrieval would have encountered it separately and downloaded it anyway.  This
+option poses a security risk where a malicious FTP Server may cause Wget to
+write to files outside of the intended directories through a specially crafted
+@sc{.listing} file.
+ 
+ Note that when retrieving a file (not a directory) because it was
+ specified on the command-line, rather than because it was recursed to,
+diff --git a/src/init.c b/src/init.c
+index 09557af..3bdaa48 100644
+--- a/src/init.c
+++ b/src/init.c
+@@ -366,6 +366,22 @@ defaults (void)
+ 
+   opt.dns_cache = true;
+   opt.ftp_pasv = true;
+  /* 2014-09-07  Darshit Shah  <darnir@gmail.com>
+   * opt.retr_symlinks is set to true by default. Creating symbolic links on the
+   * local filesystem pose a security threat by malicious FTP Servers that
+   * server a specially crafted .listing file akin to this:
+   *
+   * lrwxrwxrwx   1 root     root           33 Dec 25  2012 JoCxl6d8rFU -> /
+   * drwxrwxr-x  15 1024     106          4096 Aug 28 02:02 JoCxl6d8rFU
+   *
+   * A .listing file in this fashion makes Wget susceptiple to a symlink attack
+   * wherein the attacker is able to create arbitrary files, directories and
+   * symbolic links on the target system and even set permissions.
+   *
+   * Hence, by default Wget attempts to retrieve the pointed-to files and does
+   * not create the symbolic links locally.
+   */
+  opt.retr_symlinks = true;
+ 
+ #ifdef HAVE_SSL
+   opt.check_cert = true;
+--
+cgit v0.9.0.2
diff --git a/meta/recipes-extended/wget/wget.inc b/meta/recipes-extended/wget/wget.inc
new file mode 100644
index 0000000000..87310300e1
--- /dev/null
+++ b/meta/recipes-extended/wget/wget.inc
@@ -0,0 +1,23 @@
+SUMMARY = "Console URL download utility supporting HTTP, FTP, etc"
+HOMEPAGE = "https://www.gnu.org/software/wget/"
+SECTION = "console/network"
+LICENSE = "GPLv3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
+DEPENDS = "gnutls zlib libpcre"
+DEPENDS_class-nativesdk = "nativesdk-gnutls nativesdk-zlib nativesdk-libpcre"
+INC_PR = "r16"
+inherit autotools gettext texinfo update-alternatives
+EXTRA_OECONF = "--enable-ipv6 --with-ssl=gnutls --disable-rpath --disable-iri \
+                --without-libgnutls-prefix ac_cv_header_uuid_uuid_h=no"
+ALTERNATIVE_${PN} = "wget"
+ALTERNATIVE_${PN}_class-nativesdk = ""
+ALTERNATIVE_PRIORITY = "100"
+RRECOMMENDS_${PN} += "ca-certificates"
+BBCLASSEXTEND += "nativesdk"
diff --git a/meta/recipes-extended/wget/wget/fix_makefile.patch b/meta/recipes-extended/wget/wget/fix_makefile.patch
new file mode 100644
index 0000000000..8ad7c62cdf
--- /dev/null
+++ b/meta/recipes-extended/wget/wget/fix_makefile.patch
@@ -0,0 +1,33 @@
+Upstream-Status: Pending
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+Index: wget-1.12/po/Makefile.in.in
+===================================================================
+--- wget-1.12.orig/po/Makefile.in.in    2009-09-04 09:31:54.000000000 -0700
+++ wget-1.12/po/Makefile.in.in 2011-10-19 20:32:53.714812160 -0700
+@@ -8,8 +8,8 @@
+ # Please note that the actual code of GNU gettext is covered by the GNU
+ # General Public License and is *not* in the public domain.
+ #
+-# Origin: gettext-0.17
+-GETTEXT_MACRO_VERSION = 0.17
+# Origin: gettext-0.18
+GETTEXT_MACRO_VERSION = 0.18
+ 
+ PACKAGE = @PACKAGE@
+ VERSION = @VERSION@
+Index: wget-1.12/configure.ac
+===================================================================
+--- wget-1.12.orig/configure.ac 2009-09-22 09:39:49.000000000 -0700
+++ wget-1.12/configure.ac      2011-10-19 20:32:53.714812160 -0700
+@@ -110,7 +110,7 @@
+ dnl Gettext
+ dnl
+ AM_GNU_GETTEXT([external],[need-ngettext])
+-AM_GNU_GETTEXT_VERSION([0.17])
+AM_GNU_GETTEXT_VERSION([0.18])
+ 
+ AC_PROG_RANLIB
+ 
diff --git a/meta/recipes-extended/wget/wget_1.15.bb b/meta/recipes-extended/wget/wget_1.15.bb
new file mode 100644
index 0000000000..5375e4e504
--- /dev/null
+++ b/meta/recipes-extended/wget/wget_1.15.bb
@@ -0,0 +1,8 @@
+SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
+           file://fix_makefile.patch \
+           file://wget_cve-2014-4877.patch \
+          "
+SRC_URI[md5sum] = "506df41295afc6486662cc47470b4618"
+SRC_URI[sha256sum] = "52126be8cf1bddd7536886e74c053ad7d0ed2aa89b4b630f76785bac21695fcd"
+require wget.inc

diff --git a/meta/recipes-extended/wget/wget-1.15/wget_cve-2014-4877.patch b/meta/recipes-extended/wget/wget-1.15/wget_cve-2014-4877.patch new file mode 100644 index 0000000000..bfcc36ea9e --- /dev/null +++ b/meta/recipes-extended/wget/wget-1.15/wget_cve-2014-4877.patch
@@ -0,0 +1,78 @@
	1	From 18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 Mon Sep 17 00:00:00 2001
	2	From: Darshit Shah <darnir@gmail.com>
	3	Date: Sun, 07 Sep 2014 19:11:17 +0000
	4	Subject: CVE-2014-4877: Arbitrary Symlink Access
	5
	6	Wget was susceptible to a symlink attack which could create arbitrary
	7	files, directories or symbolic links and set their permissions when
	8	retrieving a directory recursively through FTP. This commit changes the
	9	default settings in Wget such that Wget no longer creates local symbolic
	10	links, but rather traverses them and retrieves the pointed-to file in
	11	such a retrieval.
	12
	13	The old behaviour can be attained by passing the --retr-symlinks=no
	14	option to the Wget invokation command.
	15	---
	16	diff --git a/doc/wget.texi b/doc/wget.texi
	17	index aef1f80..d7a4c94 100644
	18	--- a/doc/wget.texi
	19	+++ b/doc/wget.texi
	20	@@ -1883,17 +1883,18 @@ Preserve remote file permissions instead of permissions set by umask.
	21
	22	@cindex symbolic links, retrieving
	23	@item --retr-symlinks
	24	-Usually, when retrieving @sc{ftp} directories recursively and a symbolic
	25	-link is encountered, the linked-to file is not downloaded. Instead, a
	26	-matching symbolic link is created on the local filesystem. The
	27	-pointed-to file will not be downloaded unless this recursive retrieval
	28	-would have encountered it separately and downloaded it anyway.
	29	-
	30	-When @samp{--retr-symlinks} is specified, however, symbolic links are
	31	-traversed and the pointed-to files are retrieved. At this time, this
	32	-option does not cause Wget to traverse symlinks to directories and
	33	-recurse through them, but in the future it should be enhanced to do
	34	-this.
	35	+By default, when retrieving @sc{ftp} directories recursively and a symbolic link
	36	+is encountered, the symbolic link is traversed and the pointed-to files are
	37	+retrieved. Currently, Wget does not traverse symbolic links to directories to
	38	+download them recursively, though this feature may be added in the future.
	39	+
	40	+When @samp{--retr-symlinks=no} is specified, the linked-to file is not
	41	+downloaded. Instead, a matching symbolic link is created on the local
	42	+filesystem. The pointed-to file will not be retrieved unless this recursive
	43	+retrieval would have encountered it separately and downloaded it anyway. This
	44	+option poses a security risk where a malicious FTP Server may cause Wget to
	45	+write to files outside of the intended directories through a specially crafted
	46	+@sc{.listing} file.
	47
	48	Note that when retrieving a file (not a directory) because it was
	49	specified on the command-line, rather than because it was recursed to,
	50	diff --git a/src/init.c b/src/init.c
	51	index 09557af..3bdaa48 100644
	52	--- a/src/init.c
	53	+++ b/src/init.c
	54	@@ -366,6 +366,22 @@ defaults (void)
	55
	56	opt.dns_cache = true;
	57	opt.ftp_pasv = true;
	58	+ /* 2014-09-07 Darshit Shah <darnir@gmail.com>
	59	+ * opt.retr_symlinks is set to true by default. Creating symbolic links on the
	60	+ * local filesystem pose a security threat by malicious FTP Servers that
	61	+ * server a specially crafted .listing file akin to this:
	62	+ *
	63	+ * lrwxrwxrwx 1 root root 33 Dec 25 2012 JoCxl6d8rFU -> /
	64	+ * drwxrwxr-x 15 1024 106 4096 Aug 28 02:02 JoCxl6d8rFU
	65	+ *
	66	+ * A .listing file in this fashion makes Wget susceptiple to a symlink attack
	67	+ * wherein the attacker is able to create arbitrary files, directories and
	68	+ * symbolic links on the target system and even set permissions.
	69	+ *
	70	+ * Hence, by default Wget attempts to retrieve the pointed-to files and does
	71	+ * not create the symbolic links locally.
	72	+ */
	73	+ opt.retr_symlinks = true;
	74
	75	#ifdef HAVE_SSL
	76	opt.check_cert = true;
	77	--
	78	cgit v0.9.0.2


diff --git a/meta/recipes-extended/wget/wget.inc b/meta/recipes-extended/wget/wget.inc new file mode 100644 index 0000000000..87310300e1 --- /dev/null +++ b/meta/recipes-extended/wget/wget.inc
@@ -0,0 +1,23 @@
	1	SUMMARY = "Console URL download utility supporting HTTP, FTP, etc"
	2	HOMEPAGE = "https://www.gnu.org/software/wget/"
	3	SECTION = "console/network"
	4	LICENSE = "GPLv3"
	5	LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
	6
	7	DEPENDS = "gnutls zlib libpcre"
	8	DEPENDS_class-nativesdk = "nativesdk-gnutls nativesdk-zlib nativesdk-libpcre"
	9
	10	INC_PR = "r16"
	11
	12	inherit autotools gettext texinfo update-alternatives
	13
	14	EXTRA_OECONF = "--enable-ipv6 --with-ssl=gnutls --disable-rpath --disable-iri \
	15	--without-libgnutls-prefix ac_cv_header_uuid_uuid_h=no"
	16
	17	ALTERNATIVE_${PN} = "wget"
	18	ALTERNATIVE_${PN}_class-nativesdk = ""
	19	ALTERNATIVE_PRIORITY = "100"
	20
	21	RRECOMMENDS_${PN} += "ca-certificates"
	22
	23	BBCLASSEXTEND += "nativesdk"


diff --git a/meta/recipes-extended/wget/wget/fix_makefile.patch b/meta/recipes-extended/wget/wget/fix_makefile.patch new file mode 100644 index 0000000000..8ad7c62cdf --- /dev/null +++ b/meta/recipes-extended/wget/wget/fix_makefile.patch
@@ -0,0 +1,33 @@
	1
	2	Upstream-Status: Pending
	3
	4	Signed-off-by: Saul Wold <sgw@linux.intel.com>
	5
	6	Index: wget-1.12/po/Makefile.in.in
	7	===================================================================
	8	--- wget-1.12.orig/po/Makefile.in.in 2009-09-04 09:31:54.000000000 -0700
	9	+++ wget-1.12/po/Makefile.in.in 2011-10-19 20:32:53.714812160 -0700
	10	@@ -8,8 +8,8 @@
	11	# Please note that the actual code of GNU gettext is covered by the GNU
	12	# General Public License and is not in the public domain.
	13	#
	14	-# Origin: gettext-0.17
	15	-GETTEXT_MACRO_VERSION = 0.17
	16	+# Origin: gettext-0.18
	17	+GETTEXT_MACRO_VERSION = 0.18
	18
	19	PACKAGE = @PACKAGE@
	20	VERSION = @VERSION@
	21	Index: wget-1.12/configure.ac
	22	===================================================================
	23	--- wget-1.12.orig/configure.ac 2009-09-22 09:39:49.000000000 -0700
	24	+++ wget-1.12/configure.ac 2011-10-19 20:32:53.714812160 -0700
	25	@@ -110,7 +110,7 @@
	26	dnl Gettext
	27	dnl
	28	AM_GNU_GETTEXT([external],[need-ngettext])
	29	-AM_GNU_GETTEXT_VERSION([0.17])
	30	+AM_GNU_GETTEXT_VERSION([0.18])
	31
	32	AC_PROG_RANLIB
	33


diff --git a/meta/recipes-extended/wget/wget_1.15.bb b/meta/recipes-extended/wget/wget_1.15.bb new file mode 100644 index 0000000000..5375e4e504 --- /dev/null +++ b/meta/recipes-extended/wget/wget_1.15.bb
@@ -0,0 +1,8 @@
	1	SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
	2	file://fix_makefile.patch \
	3	file://wget_cve-2014-4877.patch \
	4	"
	5	SRC_URI[md5sum] = "506df41295afc6486662cc47470b4618"
	6	SRC_URI[sha256sum] = "52126be8cf1bddd7536886e74c053ad7d0ed2aa89b4b630f76785bac21695fcd"
	7
	8	require wget.inc