diff options
Diffstat (limited to 'external/poky/meta/recipes-extended/wget/wget')
5 files changed, 7 insertions, 283 deletions
diff --git a/external/poky/meta/recipes-extended/wget/wget/0001-Unset-need_charset_alias-when-building-for-musl.patch b/external/poky/meta/recipes-extended/wget/wget/0001-Unset-need_charset_alias-when-building-for-musl.patch deleted file mode 100644 index 0b3c6f55..00000000 --- a/external/poky/meta/recipes-extended/wget/wget/0001-Unset-need_charset_alias-when-building-for-musl.patch +++ /dev/null @@ -1,30 +0,0 @@ -From b9565dc2fe0c4f7daaec91b7e83bc7313dee2f4a Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 13 Apr 2015 17:02:13 -0700 -Subject: [PATCH] Unset need_charset_alias when building for musl - -localcharset uses ac_cv_gnu_library_2_1 from glibc21.m4 -which actually shoudl be fixed in gnulib and then all downstream -projects will get it eventually. For now we apply the fix to -coreutils - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - lib/gnulib.mk | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: wget-1.16.3/lib/Makefile.am -=================================================================== ---- wget-1.16.3.orig/lib/Makefile.am -+++ wget-1.16.3/lib/Makefile.am -@@ -846,7 +846,7 @@ install-exec-localcharset: all-local - case '$(host_os)' in \ - darwin[56]*) \ - need_charset_alias=true ;; \ -- darwin* | cygwin* | mingw* | pw32* | cegcc*) \ -+ darwin* | cygwin* | mingw* | pw32* | cegcc* | linux-musl*) \ - need_charset_alias=false ;; \ - *) \ - need_charset_alias=true ;; \ diff --git a/external/poky/meta/recipes-extended/wget/wget/0002-improve-reproducibility.patch b/external/poky/meta/recipes-extended/wget/wget/0002-improve-reproducibility.patch index 8781df21..050fc2c7 100644 --- a/external/poky/meta/recipes-extended/wget/wget/0002-improve-reproducibility.patch +++ b/external/poky/meta/recipes-extended/wget/wget/0002-improve-reproducibility.patch @@ -34,6 +34,11 @@ Link: gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + +sed use of DEBUG_PREFIX_MAP must treat whitespace the same as the +echo command building version.c or the expression match will fail. + +Signed-off-by: Joe Slater <jslater@windriver.com> --- src/Makefile.am | 4 ++++ 1 file changed, 4 insertions(+) @@ -47,12 +52,12 @@ index 28c0be2..44084a3 100644 echo 'const char *version_string = "@VERSION@";' >> $@ echo 'const char *compilation_string = "'$(COMPILE)'";' \ + | sed -e "s,$(TOOLCHAIN_OPTIONS),,g" \ -+ -e "s,$(DEBUG_PREFIX_MAP),,g" \ ++ -e "s,$$(echo $(DEBUG_PREFIX_MAP)),,g" \ | $(ESCAPEQUOTE) >> $@ echo 'const char *link_string = "'$(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) $(LIBS) $(wget_LDADD)'";' \ + | sed -e "s,$(TOOLCHAIN_OPTIONS),,g" \ -+ -e "s,$(DEBUG_PREFIX_MAP),,g" \ ++ -e "s,$$(echo $(DEBUG_PREFIX_MAP)),,g" \ | $(ESCAPEQUOTE) >> $@ css.c: $(srcdir)/css.l diff --git a/external/poky/meta/recipes-extended/wget/wget/CVE-2018-20483_p1.patch b/external/poky/meta/recipes-extended/wget/wget/CVE-2018-20483_p1.patch deleted file mode 100644 index cbc4a127..00000000 --- a/external/poky/meta/recipes-extended/wget/wget/CVE-2018-20483_p1.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 6c5471e4834aebd7359d88b760b087136473bac8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de> -Date: Wed, 26 Dec 2018 13:51:48 +0100 -Subject: [PATCH 1/2] Don't use extended attributes (--xattr) by default - -* src/init.c (defaults): Set enable_xattr to false by default -* src/main.c (print_help): Reverse option logic of --xattr -* doc/wget.texi: Add description for --xattr - -Users may not be aware that the origin URL and Referer are saved -including credentials, and possibly access tokens within -the urls. - -CVE: CVE-2018-20483 patch 1 -Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8] -Signed-off-by: Aviraj CJ <acj@cisco.com> ---- - doc/wget.texi | 8 ++++++++ - src/init.c | 4 ---- - src/main.c | 2 +- - 3 files changed, 9 insertions(+), 5 deletions(-) - -diff --git a/doc/wget.texi b/doc/wget.texi -index eaf6b380..3f9d7c1c 100644 ---- a/doc/wget.texi -+++ b/doc/wget.texi -@@ -540,6 +540,14 @@ right NUMBER. - Set preferred location for Metalink resources. This has effect if multiple - resources with same priority are available. - -+@cindex xattr -+@item --xattr -+Enable use of file system's extended attributes to save the -+original URL and the Referer HTTP header value if used. -+ -+Be aware that the URL might contain private information like -+access tokens or credentials. -+ - - @cindex force html - @item -F -diff --git a/src/init.c b/src/init.c -index eb81ab47..800970c5 100644 ---- a/src/init.c -+++ b/src/init.c -@@ -509,11 +509,7 @@ defaults (void) - opt.hsts = true; - #endif - --#ifdef ENABLE_XATTR -- opt.enable_xattr = true; --#else - opt.enable_xattr = false; --#endif - } - - /* Return the user's home directory (strdup-ed), or NULL if none is -diff --git a/src/main.c b/src/main.c -index 81db9319..6ac1621b 100644 ---- a/src/main.c -+++ b/src/main.c -@@ -754,7 +754,7 @@ Download:\n"), - #endif - #ifdef ENABLE_XATTR - N_("\ -- --no-xattr turn off storage of metadata in extended file attributes\n"), -+ --xattr turn on storage of metadata in extended file attributes\n"), - #endif - "\n", - --- -2.19.1 - diff --git a/external/poky/meta/recipes-extended/wget/wget/CVE-2018-20483_p2.patch b/external/poky/meta/recipes-extended/wget/wget/CVE-2018-20483_p2.patch deleted file mode 100644 index 72ce8a0b..00000000 --- a/external/poky/meta/recipes-extended/wget/wget/CVE-2018-20483_p2.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 5a4ee4f3c07cc5dc7ef5f7244fcf51fd2fa3bc67 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de> -Date: Wed, 26 Dec 2018 14:38:18 +0100 -Subject: [PATCH 2/2] Don't save user/pw with --xattr - -Also the Referer info is reduced to scheme+host+port. - -* src/ftp.c (getftp): Change params of set_file_metadata() -* src/http.c (gethttp): Change params of set_file_metadata() -* src/xattr.c (set_file_metadata): Remove user/password from origin URL, - reduce Referer value to scheme/host/port. -* src/xattr.h: Change prototype of set_file_metadata() - -CVE: CVE-2018-20483 patch 2 -Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=3cdfb594cf75f11cdbb9702ac5e856c332ccacfa] -Signed-off-by: Aviraj CJ <acj@cisco.com> ---- - src/ftp.c | 2 +- - src/http.c | 4 ++-- - src/xattr.c | 24 ++++++++++++++++++++---- - src/xattr.h | 3 ++- - 4 files changed, 25 insertions(+), 8 deletions(-) - -diff --git a/src/ftp.c b/src/ftp.c -index 69148936..db8a6267 100644 ---- a/src/ftp.c -+++ b/src/ftp.c -@@ -1580,7 +1580,7 @@ Error in server response, closing control connection.\n")); - - #ifdef ENABLE_XATTR - if (opt.enable_xattr) -- set_file_metadata (u->url, NULL, fp); -+ set_file_metadata (u, NULL, fp); - #endif - - fd_close (local_sock); -diff --git a/src/http.c b/src/http.c -index 77bdbbed..472c328f 100644 ---- a/src/http.c -+++ b/src/http.c -@@ -4120,9 +4120,9 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs, - if (opt.enable_xattr) - { - if (original_url != u) -- set_file_metadata (u->url, original_url->url, fp); -+ set_file_metadata (u, original_url, fp); - else -- set_file_metadata (u->url, NULL, fp); -+ set_file_metadata (u, NULL, fp); - } - #endif - -diff --git a/src/xattr.c b/src/xattr.c -index 66524226..0f20fadf 100644 ---- a/src/xattr.c -+++ b/src/xattr.c -@@ -21,6 +21,7 @@ - #include <string.h> - - #include "log.h" -+#include "utils.h" - #include "xattr.h" - - #ifdef USE_XATTR -@@ -57,7 +58,7 @@ write_xattr_metadata (const char *name, const char *value, FILE *fp) - #endif /* USE_XATTR */ - - int --set_file_metadata (const char *origin_url, const char *referrer_url, FILE *fp) -+set_file_metadata (const struct url *origin_url, const struct url *referrer_url, FILE *fp) - { - /* Save metadata about where the file came from (requested, final URLs) to - * user POSIX Extended Attributes of retrieved file. -@@ -67,13 +68,28 @@ set_file_metadata (const char *origin_url, const char *referrer_url, FILE *fp) - * [http://0pointer.de/lennart/projects/mod_mime_xattr/]. - */ - int retval = -1; -+ char *value; - - if (!origin_url || !fp) - return retval; - -- retval = write_xattr_metadata ("user.xdg.origin.url", escnonprint_uri (origin_url), fp); -- if ((!retval) && referrer_url) -- retval = write_xattr_metadata ("user.xdg.referrer.url", escnonprint_uri (referrer_url), fp); -+ value = url_string (origin_url, URL_AUTH_HIDE); -+ retval = write_xattr_metadata ("user.xdg.origin.url", escnonprint_uri (value), fp); -+ xfree (value); -+ -+ if (!retval && referrer_url) -+ { -+ struct url u; -+ -+ memset(&u, 0, sizeof(u)); -+ u.scheme = referrer_url->scheme; -+ u.host = referrer_url->host; -+ u.port = referrer_url->port; -+ -+ value = url_string (&u, 0); -+ retval = write_xattr_metadata ("user.xdg.referrer.url", escnonprint_uri (value), fp); -+ xfree (value); -+ } - - return retval; - } -diff --git a/src/xattr.h b/src/xattr.h -index 10f3ed11..40c7a8d3 100644 ---- a/src/xattr.h -+++ b/src/xattr.h -@@ -16,12 +16,13 @@ - along with this program; if not, see <http://www.gnu.org/licenses/>. */ - - #include <stdio.h> -+#include <url.h> - - #ifndef _XATTR_H - #define _XATTR_H - - /* Store metadata name/value attributes against fp. */ --int set_file_metadata (const char *origin_url, const char *referrer_url, FILE *fp); -+int set_file_metadata (const struct url *origin_url, const struct url *referrer_url, FILE *fp); - - #if defined(__linux) - /* libc on Linux has fsetxattr (5 arguments). */ --- -2.19.1 - diff --git a/external/poky/meta/recipes-extended/wget/wget/CVE-2019-5953.patch b/external/poky/meta/recipes-extended/wget/wget/CVE-2019-5953.patch deleted file mode 100644 index e43e8e54..00000000 --- a/external/poky/meta/recipes-extended/wget/wget/CVE-2019-5953.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 692d5c5215de0db482c252492a92fc424cc6a97c Mon Sep 17 00:00:00 2001 -From: Tim Ruehsen <tim.ruehsen@gmx.de> -Date: Fri, 5 Apr 2019 11:50:44 +0200 -Subject: [PATCH] Fix a buffer overflow vulnerability - -* src/iri.c(do_conversion): Reallocate the output buffer to a larger - size if it is already full - -Upstream-Status: Backport -http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c -CVE: CVE-2019-5953 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - src/iri.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -Index: wget-1.19.5/src/iri.c -=================================================================== ---- wget-1.19.5.orig/src/iri.c -+++ wget-1.19.5/src/iri.c -@@ -151,8 +151,11 @@ do_conversion (const char *tocode, const - *out = s = xmalloc (outlen + 1); - done = 0; - -+ DEBUGP (("iconv %s -> %s\n", tocode, fromcode)); -+ - for (;;) - { -+ DEBUGP (("iconv outlen=%d inlen=%d\n", outlen, inlen)); - if (iconv (cd, (ICONV_CONST char **) &in, &inlen, out, &outlen) != (size_t)(-1) && - iconv (cd, NULL, NULL, out, &outlen) != (size_t)(-1)) - { -@@ -187,11 +190,14 @@ do_conversion (const char *tocode, const - } - else if (errno == E2BIG) /* Output buffer full */ - { -+ logprintf (LOG_VERBOSE, -+ _("Reallocate output buffer len=%d outlen=%d inlen=%d\n"), len, outlen, inlen); - tooshort++; - done = len; -- len = outlen = done + inlen * 2; -- s = xrealloc (s, outlen + 1); -- *out = s + done; -+ len = done + inlen * 2; -+ s = xrealloc (s, len + 1); -+ *out = s + done - outlen; -+ outlen += inlen * 2; - } - else /* Weird, we got an unspecified error */ - { |