Change-Id: I4dad450744f38d2c994cfec784f8c31597f16ec2
Reviewed-on: http://photon-jenkins.eng.vmware.com/416
Tested-by: jenkins-photon <wangnan2015@hotmail.com>
Reviewed-by: Xiaolin Li <xiaolinl@vmware.com>
... | ... |
@@ -1,12 +1,12 @@ |
1 | 1 |
# Got the intial spec from Fedora and modified it |
2 | 2 |
Summary: An enhanced version of csh, the C shell |
3 | 3 |
Name: tcsh |
4 |
-Version: 6.18.01 |
|
4 |
+Version: 6.19.00 |
|
5 | 5 |
Release: 1%{?dist} |
6 | 6 |
License: BSD |
7 | 7 |
Group: System Environment/Shells |
8 | 8 |
Source: http://www.sfr-fresh.com/unix/misc/%{name}-%{version}.tar.gz |
9 |
-%define sha1 tcsh=eee2035645737197ff8059c84933a75d23cd76f9 |
|
9 |
+%define sha1 tcsh=cdb1abe319fab5d3caff101c393293e5b3607f0c |
|
10 | 10 |
URL: http://www.tcsh.org/ |
11 | 11 |
Vendor: VMware, Inc. |
12 | 12 |
Distribution: Photon |
... | ... |
@@ -95,5 +95,7 @@ fi |
95 | 95 |
%{_mandir}/man1/*.1* |
96 | 96 |
|
97 | 97 |
%changelog |
98 |
+* Thu Jan 21 2016 Anish Swaminathan <anishs@vmware.com> 6.19.00-1 |
|
99 |
+- Upgrade version |
|
98 | 100 |
* Wed Apr 1 2015 Divya Thaluru <dthaluru@vmware.com> 6.18.01-1 |
99 | 101 |
- Initial build. First version |
100 | 102 |
deleted file mode 100644 |
... | ... |
@@ -1,151 +0,0 @@ |
1 |
-From 043366ac3248a58662a6fbf47a1dd688a75d0e78 Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Darshit Shah <darnir@gmail.com> |
|
3 |
-Date: Mon, 8 Sep 2014 00:41:17 +0530 |
|
4 |
-Subject: [PATCH 1/2] Fix R7-2014-15: Arbitrary Symlink Access |
|
5 |
- |
|
6 |
-Wget was susceptible to a symlink attack which could create arbitrary |
|
7 |
-files, directories or symbolic links and set their permissions when |
|
8 |
-retrieving a directory recursively through FTP. This commit changes the |
|
9 |
-default settings in Wget such that Wget no longer creates local symbolic |
|
10 |
-links, but rather traverses them and retrieves the pointed-to file in |
|
11 |
-such a retrieval. |
|
12 |
- |
|
13 |
-The old behaviour can be attained by passing the --retr-symlinks=no |
|
14 |
-option to the Wget invokation command. |
|
15 |
- doc/wget.texi | 23 ++++++++++++----------- |
|
16 |
- src/init.c | 16 ++++++++++++++++ |
|
17 |
- 4 files changed, 39 insertions(+), 11 deletions(-) |
|
18 |
- |
|
19 |
-diff --git a/doc/wget.texi b/doc/wget.texi |
|
20 |
-index a31eb5e..f54e98d 100644 |
|
21 |
-+++ b/doc/wget.texi |
|
22 |
-@@ -1883,17 +1883,18 @@ Preserve remote file permissions instead of permissions set by umask. |
|
23 |
- |
|
24 |
- @cindex symbolic links, retrieving |
|
25 |
- @item --retr-symlinks |
|
26 |
--Usually, when retrieving @sc{ftp} directories recursively and a symbolic |
|
27 |
--link is encountered, the linked-to file is not downloaded. Instead, a |
|
28 |
--matching symbolic link is created on the local filesystem. The |
|
29 |
--pointed-to file will not be downloaded unless this recursive retrieval |
|
30 |
--would have encountered it separately and downloaded it anyway. |
|
31 |
-- |
|
32 |
--When @samp{--retr-symlinks} is specified, however, symbolic links are |
|
33 |
--traversed and the pointed-to files are retrieved. At this time, this |
|
34 |
--option does not cause Wget to traverse symlinks to directories and |
|
35 |
--recurse through them, but in the future it should be enhanced to do |
|
36 |
--this. |
|
37 |
-+By default, when retrieving @sc{ftp} directories recursively and a symbolic link |
|
38 |
-+is encountered, the symbolic link is traversed and the pointed-to files are |
|
39 |
-+retrieved. Currently, Wget does not traverse symbolic links to directories to |
|
40 |
-+download them recursively, though this feature may be added in the future. |
|
41 |
-+ |
|
42 |
-+When @samp{--retr-symlinks=no} is specified, the linked-to file is not |
|
43 |
-+downloaded. Instead, a matching symbolic link is created on the local |
|
44 |
-+filesystem. The pointed-to file will not be retrieved unless this recursive |
|
45 |
-+retrieval would have encountered it separately and downloaded it anyway. This |
|
46 |
-+option poses a security risk where a malicious FTP Server may cause Wget to |
|
47 |
-+write to files outside of the intended directories through a specially crafted |
|
48 |
-+@sc{.listing} file. |
|
49 |
- |
|
50 |
- Note that when retrieving a file (not a directory) because it was |
|
51 |
- specified on the command-line, rather than because it was recursed to, |
|
52 |
-diff --git a/src/init.c b/src/init.c |
|
53 |
-index 93e95f8..94b6f8b 100644 |
|
54 |
-+++ b/src/init.c |
|
55 |
-@@ -366,6 +366,22 @@ defaults (void) |
|
56 |
- |
|
57 |
- opt.dns_cache = true; |
|
58 |
- opt.ftp_pasv = true; |
|
59 |
-+ /* 2014-09-07 Darshit Shah <darnir@gmail.com> |
|
60 |
-+ * opt.retr_symlinks is set to true by default. Creating symbolic links on the |
|
61 |
-+ * local filesystem pose a security threat by malicious FTP Servers that |
|
62 |
-+ * server a specially crafted .listing file akin to this: |
|
63 |
-+ * |
|
64 |
-+ * lrwxrwxrwx 1 root root 33 Dec 25 2012 JoCxl6d8rFU -> / |
|
65 |
-+ * drwxrwxr-x 15 1024 106 4096 Aug 28 02:02 JoCxl6d8rFU |
|
66 |
-+ * |
|
67 |
-+ * A .listing file in this fashion makes Wget susceptiple to a symlink attack |
|
68 |
-+ * wherein the attacker is able to create arbitrary files, directories and |
|
69 |
-+ * symbolic links on the target system and even set permissions. |
|
70 |
-+ * |
|
71 |
-+ * Hence, by default Wget attempts to retrieve the pointed-to files and does |
|
72 |
-+ * not create the symbolic links locally. |
|
73 |
-+ */ |
|
74 |
-+ opt.retr_symlinks = true; |
|
75 |
- |
|
76 |
- #ifdef HAVE_SSL |
|
77 |
- opt.check_cert = true; |
|
78 |
-2.1.0 |
|
79 |
- |
|
80 |
-From bfa8c9cc9937f686a4de110e49710061267f8d9e Mon Sep 17 00:00:00 2001 |
|
81 |
-From: Darshit Shah <darnir@gmail.com> |
|
82 |
-Date: Mon, 8 Sep 2014 15:07:45 +0530 |
|
83 |
-Subject: [PATCH 2/2] Add checks for valid listing file in FTP |
|
84 |
- |
|
85 |
-When Wget retrieves a file through FTP, it first downloads a .listing |
|
86 |
-file and parses it for information about the files and other metadata. |
|
87 |
-Some servers may serve invalid .listing files. This patch checks for one |
|
88 |
-such known inconsistency wherein multiple lines in a listing file have |
|
89 |
-the same name. Such a filesystem is clearly not possible and hence we |
|
90 |
-eliminate duplicate entries here. |
|
91 |
- |
|
92 |
-Signed-off-by: Darshit Shah <darnir@gmail.com> |
|
93 |
- src/ftp.c | 27 +++++++++++++++++++++++++-- |
|
94 |
- 2 files changed, 32 insertions(+), 2 deletions(-) |
|
95 |
- |
|
96 |
-diff --git a/src/ftp.c b/src/ftp.c |
|
97 |
-index 2d54333..054cb61 100644 |
|
98 |
-+++ b/src/ftp.c |
|
99 |
-@@ -2211,6 +2211,29 @@ has_insecure_name_p (const char *s) |
|
100 |
- return false; |
|
101 |
- } |
|
102 |
- |
|
103 |
-+/* Test if the file node is invalid. This can occur due to malformed or |
|
104 |
-+ * maliciously crafted listing files being returned by the server. |
|
105 |
-+ * |
|
106 |
-+ * Currently, this function only tests if there are multiple entries in the |
|
107 |
-+ * listing file by the same name. However this function can be expanded as more |
|
108 |
-+ * such illegal listing formats are discovered. */ |
|
109 |
-+static bool |
|
110 |
-+is_invalid_entry (struct fileinfo *f) |
|
111 |
-+{ |
|
112 |
-+ struct fileinfo *cur; |
|
113 |
-+ cur = f; |
|
114 |
-+ char *f_name = f->name; |
|
115 |
-+ /* If the node we're currently checking has a duplicate later, we eliminate |
|
116 |
-+ * the current node and leave the next one intact. */ |
|
117 |
-+ while (cur->next) |
|
118 |
-+ { |
|
119 |
-+ cur = cur->next; |
|
120 |
-+ if (strcmp(f_name, cur->name) == 0) |
|
121 |
-+ return true; |
|
122 |
-+ } |
|
123 |
-+ return false; |
|
124 |
-+} |
|
125 |
-+ |
|
126 |
- /* A near-top-level function to retrieve the files in a directory. |
|
127 |
- The function calls ftp_get_listing, to get a linked list of files. |
|
128 |
- Then it weeds out the file names that do not match the pattern. |
|
129 |
-@@ -2248,11 +2271,11 @@ ftp_retrieve_glob (struct url *u, ccon *con, int action) |
|
130 |
- f = f->next; |
|
131 |
- } |
|
132 |
- } |
|
133 |
-- /* Remove all files with possible harmful names */ |
|
134 |
-+ /* Remove all files with possible harmful names or invalid entries. */ |
|
135 |
- f = start; |
|
136 |
- while (f) |
|
137 |
- { |
|
138 |
-- if (has_insecure_name_p (f->name)) |
|
139 |
-+ if (has_insecure_name_p (f->name) || is_invalid_entry (f)) |
|
140 |
- { |
|
141 |
- logprintf (LOG_VERBOSE, _("Rejecting %s.\n"), |
|
142 |
- quote (f->name)); |
|
143 |
-2.1.0 |
|
144 |
- |
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
Summary: A network utility to retrieve files from the Web |
2 | 2 |
Name: wget |
3 |
-Version: 1.15 |
|
3 |
+Version: 1.17.1 |
|
4 | 4 |
Release: 1%{?dist} |
5 | 5 |
License: GPLv3+ |
6 | 6 |
URL: http://www.gnu.org/software/wget/wget.html |
... | ... |
@@ -8,8 +8,7 @@ Group: System Environment/NetworkingPrograms |
8 | 8 |
Vendor: VMware, Inc. |
9 | 9 |
Distribution: Photon |
10 | 10 |
Source0: ftp://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz |
11 |
-%define sha1 wget=e9fb1d25fa04f9c69e74e656a3174dca02700ba1 |
|
12 |
-Patch0: cve-2014-4877.patch |
|
11 |
+%define sha1 wget=8ae737ab2252607ce708f98d1dd7559ebf047f48 |
|
13 | 12 |
Requires: openssl |
14 | 13 |
BuildRequires: openssl-devel |
15 | 14 |
%description |
... | ... |
@@ -17,7 +16,6 @@ The Wget package contains a utility useful for non-interactive |
17 | 17 |
downloading of files from the Web. |
18 | 18 |
%prep |
19 | 19 |
%setup -q |
20 |
-%patch0 -p1 |
|
21 | 20 |
|
22 | 21 |
%build |
23 | 22 |
./configure \ |
... | ... |
@@ -51,5 +49,7 @@ rm -rf %{buildroot}/* |
51 | 51 |
%{_bindir}/* |
52 | 52 |
%{_mandir}/man1/* |
53 | 53 |
%changelog |
54 |
+* Thu Jan 21 2016 Anish Swaminathan <anishs@vmware.com> 1.17.1-1 |
|
55 |
+- Upgrade version |
|
54 | 56 |
* Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 1.15-1 |
55 | 57 |
- Initial build. First version |