From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001 From: takeshi_hoshina Date: Mon, 2 Nov 2020 11:07:33 +0900 Subject: basesystem-jj recipes --- .../wget/wget/CVE-2018-20483_p1.patch | 73 ---------------------- 1 file changed, 73 deletions(-) delete mode 100644 external/poky/meta/recipes-extended/wget/wget/CVE-2018-20483_p1.patch (limited to 'external/poky/meta/recipes-extended/wget/wget/CVE-2018-20483_p1.patch') diff --git a/external/poky/meta/recipes-extended/wget/wget/CVE-2018-20483_p1.patch b/external/poky/meta/recipes-extended/wget/wget/CVE-2018-20483_p1.patch deleted file mode 100644 index cbc4a127..00000000 --- a/external/poky/meta/recipes-extended/wget/wget/CVE-2018-20483_p1.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 6c5471e4834aebd7359d88b760b087136473bac8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Tim=20R=C3=BChsen?= -Date: Wed, 26 Dec 2018 13:51:48 +0100 -Subject: [PATCH 1/2] Don't use extended attributes (--xattr) by default - -* src/init.c (defaults): Set enable_xattr to false by default -* src/main.c (print_help): Reverse option logic of --xattr -* doc/wget.texi: Add description for --xattr - -Users may not be aware that the origin URL and Referer are saved -including credentials, and possibly access tokens within -the urls. - -CVE: CVE-2018-20483 patch 1 -Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8] -Signed-off-by: Aviraj CJ ---- - doc/wget.texi | 8 ++++++++ - src/init.c | 4 ---- - src/main.c | 2 +- - 3 files changed, 9 insertions(+), 5 deletions(-) - -diff --git a/doc/wget.texi b/doc/wget.texi -index eaf6b380..3f9d7c1c 100644 ---- a/doc/wget.texi -+++ b/doc/wget.texi -@@ -540,6 +540,14 @@ right NUMBER. - Set preferred location for Metalink resources. This has effect if multiple - resources with same priority are available. - -+@cindex xattr -+@item --xattr -+Enable use of file system's extended attributes to save the -+original URL and the Referer HTTP header value if used. -+ -+Be aware that the URL might contain private information like -+access tokens or credentials. -+ - - @cindex force html - @item -F -diff --git a/src/init.c b/src/init.c -index eb81ab47..800970c5 100644 ---- a/src/init.c -+++ b/src/init.c -@@ -509,11 +509,7 @@ defaults (void) - opt.hsts = true; - #endif - --#ifdef ENABLE_XATTR -- opt.enable_xattr = true; --#else - opt.enable_xattr = false; --#endif - } - - /* Return the user's home directory (strdup-ed), or NULL if none is -diff --git a/src/main.c b/src/main.c -index 81db9319..6ac1621b 100644 ---- a/src/main.c -+++ b/src/main.c -@@ -754,7 +754,7 @@ Download:\n"), - #endif - #ifdef ENABLE_XATTR - N_("\ -- --no-xattr turn off storage of metadata in extended file attributes\n"), -+ --xattr turn on storage of metadata in extended file attributes\n"), - #endif - "\n", - --- -2.19.1 - -- cgit 1.2.3-korg