首頁 探索 說明
註冊 登入
PUBLIC_REPOS
/
buildroot
镜像来自 git://git.buildroot.net/buildroot
2
1
複刻 0
檔案
瀏覽代碼

package/wget: security bump version to 1.25.0

Release notes:
https://lists.gnu.org/archive/html/bug-wget/2024-11/msg00002.html

Fixes the following vulnerabilities:

- CVE-2024-38428: url.c in GNU Wget through 1.24.5 mishandles semicolons in
  the userinfo subcomponent of a URI, and thus there may be insecure
  behavior in which data that was supposed to be in the userinfo
  subcomponent is misinterpreted to be part of the host subcomponent.

  https://nvd.nist.gov/vuln/detail/CVE-2024-38428

- CVE-2024-10524: Applications that use Wget to access a remote resource
  using shorthand URLs and pass arbitrary user credentials in the URL are
  vulnerable.  In these cases attackers can enter crafted credentials which
  will cause Wget to access an arbitrary host.

  https://www.openwall.com/lists/oss-security/2024/11/18/6

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 295b2c4f8ecaf0b6e03725a6c8412795e91888c8)
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls 7 月之前
父節點
27914e481d
當前提交
79299da8c4
共有 2 個文件被更改,包括 5 次插入5 次删除
分割檢視 顯示文件統計
  1. 4 4
      package/wget/wget.hash
  2. 1 1
      package/wget/wget.mk

+ 4 - 4
package/wget/wget.hash
查看文件 

@@ -1,8 +1,8 @@
 
-# From https://lists.gnu.org/archive/html/bug-wget/2024-03/msg00008.html
 
-sha1  01659f427c2e90c7c943805db69ea00f5da79b07  wget-1.24.5.tar.lz
 
+# From https://lists.gnu.org/archive/html/bug-wget/2024-11/msg00002.html
 
+sha1  ca79e61fbf1d32133f60ef7c7d476b250b6da423  wget-1.25.0.tar.lz
 
 # Locally calculated after checking pgp signature
 
-# https://ftp.gnu.org/gnu/wget/wget-1.24.5.tar.lz.sig
 
+# https://ftp.gnu.org/gnu/wget/wget-1.25.0.tar.lz.sig
 
 # with key 6B98F637D879C5236E277C5C64FF90AAE8C70AF9
 
-sha256  57a107151e4ef94fdf94affecfac598963f372f13293ed9c74032105390b36ee  wget-1.24.5.tar.lz
 
+sha256  19225cc756b0a088fc81148dc6a40a0c8f329af7fd8483f1c7b2fe50f4e08a1f  wget-1.25.0.tar.lz
 
 # Locally calculated
 
 sha256  f7dc7522e7e1be9227f3dc8de8b39a4d1d2471968c893af15f00c1a2076a0eec  COPYING

+ 1 - 1
package/wget/wget.mk
查看文件 

@@ -4,7 +4,7 @@
 
 #
 
 ################################################################################
 
 
-WGET_VERSION = 1.24.5
 
+WGET_VERSION = 1.25.0
 
 WGET_SOURCE = wget-$(WGET_VERSION).tar.lz
 
 WGET_SITE = $(BR2_GNU_MIRROR)/wget
 
 WGET_DEPENDENCIES = host-pkgconf