Patchwork [1/1] wget: fix a host intrusion issue introduced by adding --with-ssl=openssl.

login
register
mail settings
Submitter Dexuan Cui
Date Dec. 19, 2011, 5:14 a.m.
Message ID <33eb9cf534f8e946cf8cb2d67d64b47f193a89e7.1324271587.git.dexuan.cui@intel.com>
Download mbox | patch
Permalink /patch/17223/
State Accepted
Commit 5f9851f609f503aec098778ef59c27e5f5dd9579
Headers show

Comments

Dexuan Cui - Dec. 19, 2011, 5:14 a.m.
On my x86-64 Ubuntu 11.04, with MACHINE=qemux86, "bitbake wget" fails. The
config.log shows:

configure:30072: i586-poky-linux-gcc  -m32   -march=i586
 --sysroot=/distro/dcui/1212/p1/build/tmp/sysroots/qemux86 -o conftest -O2
 -pipe -g -feliminate-unused-debug-types  -Wl,-O1 -Wl,--hash-style=gnu
 -Wl,--as-needed conftest.c -ldl -lz  /usr/lib/libssl.so /usr/lib/libcrypto.so
 -lz >&5
/usr/lib/libssl.so: could not read symbols: File in wrong format

The patch fixes the issue by specifying libssl-prefix.

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
---
 meta/recipes-extended/wget/wget.inc |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)
Steve Sakoman - Dec. 19, 2011, 5:27 a.m.
On Sun, Dec 18, 2011 at 9:14 PM, Dexuan Cui <dexuan.cui@intel.com> wrote:
> On my x86-64 Ubuntu 11.04, with MACHINE=qemux86, "bitbake wget" fails. The
> config.log shows:
>
> configure:30072: i586-poky-linux-gcc  -m32   -march=i586
>  --sysroot=/distro/dcui/1212/p1/build/tmp/sysroots/qemux86 -o conftest -O2
>  -pipe -g -feliminate-unused-debug-types  -Wl,-O1 -Wl,--hash-style=gnu
>  -Wl,--as-needed conftest.c -ldl -lz  /usr/lib/libssl.so /usr/lib/libcrypto.so
>  -lz >&5
> /usr/lib/libssl.so: could not read symbols: File in wrong format
>
> The patch fixes the issue by specifying libssl-prefix.
>
> Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>

I can verify that this patch fixes my build failure.

Tested-by: Steve Sakoman <steve@sakoman.com>

Steve


>  meta/recipes-extended/wget/wget.inc |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/meta/recipes-extended/wget/wget.inc b/meta/recipes-extended/wget/wget.inc
> index 7083569..25f36c8 100644
> --- a/meta/recipes-extended/wget/wget.inc
> +++ b/meta/recipes-extended/wget/wget.inc
> @@ -4,11 +4,11 @@ LICENSE = "GPL"
>  LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
>  DEPENDS = "openssl"
>
> -INC_PR = "r12"
> +INC_PR = "r13"
>
>  inherit autotools gettext update-alternatives
>
> -EXTRA_OECONF = "--with-libc --enable-ipv6 --with-ssl=openssl"
> +EXTRA_OECONF = "--with-libc --enable-ipv6 --with-libssl-prefix=${STAGING_DIR_HOST} --with-ssl=openssl"
>
>  do_install_append () {
>        mv ${D}${bindir}/wget ${D}${bindir}/wget.${PN}
> --
> 1.7.6
>
Eric BENARD - Dec. 19, 2011, 5:37 a.m.
Hi Dexuan,

Le 19/12/2011 06:14, Dexuan Cui a écrit :
> On my x86-64 Ubuntu 11.04, with MACHINE=qemux86, "bitbake wget" fails. The
> config.log shows:
>
> configure:30072: i586-poky-linux-gcc  -m32   -march=i586
>   --sysroot=/distro/dcui/1212/p1/build/tmp/sysroots/qemux86 -o conftest -O2
>   -pipe -g -feliminate-unused-debug-types  -Wl,-O1 -Wl,--hash-style=gnu
>   -Wl,--as-needed conftest.c -ldl -lz  /usr/lib/libssl.so /usr/lib/libcrypto.so
>   -lz>&5
> /usr/lib/libssl.so: could not read symbols: File in wrong format
>
> The patch fixes the issue by specifying libssl-prefix.
>
> Signed-off-by: Dexuan Cui<dexuan.cui@intel.com>
> ---
>   meta/recipes-extended/wget/wget.inc |    4 ++--
>   1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/meta/recipes-extended/wget/wget.inc b/meta/recipes-extended/wget/wget.inc
> index 7083569..25f36c8 100644
> --- a/meta/recipes-extended/wget/wget.inc
> +++ b/meta/recipes-extended/wget/wget.inc
> @@ -4,11 +4,11 @@ LICENSE = "GPL"
>   LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
>   DEPENDS = "openssl"
>
> -INC_PR = "r12"
> +INC_PR = "r13"
>
>   inherit autotools gettext update-alternatives
>
> -EXTRA_OECONF = "--with-libc --enable-ipv6 --with-ssl=openssl"
> +EXTRA_OECONF = "--with-libc --enable-ipv6 --with-libssl-prefix=${STAGING_DIR_HOST} --with-ssl=openssl"
>
>   do_install_append () {
>   	mv ${D}${bindir}/wget ${D}${bindir}/wget.${PN}

this also fix a problem I just met (angstrom, armv5 target) :
  | configure: error: --with-ssl=openssl was given, but SSL is not available.

Tested-by: Eric Bénard <eric@eukrea.com>

Thanks !
Eric
Dexuan Cui - Dec. 19, 2011, 6:13 a.m.
Eric Bénard wrote on 2011-12-19:
>>   inherit autotools gettext update-alternatives
>> -EXTRA_OECONF = "--with-libc --enable-ipv6 --with-ssl=openssl"
>> +EXTRA_OECONF = "--with-libc --enable-ipv6
>> --with-libssl-prefix=${STAGING_DIR_HOST} --with-ssl=openssl"
>> 
>>   do_install_append () {
>>   	mv ${D}${bindir}/wget ${D}${bindir}/wget.${PN}
> 
> this also fix a problem I just met (angstrom, armv5 target) :
>   | configure: error: --with-ssl=openssl was given, but SSL is not available.
> Tested-by: Eric Bénard <eric@eukrea.com>
Hi Eric,
This is actually the same issue Steve and I met with. :-)

Eric and Steve, thank you both for the testings!

Thanks,
-- Dexuan

Patch

diff --git a/meta/recipes-extended/wget/wget.inc b/meta/recipes-extended/wget/wget.inc
index 7083569..25f36c8 100644
--- a/meta/recipes-extended/wget/wget.inc
+++ b/meta/recipes-extended/wget/wget.inc
@@ -4,11 +4,11 @@  LICENSE = "GPL"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 DEPENDS = "openssl"
 
-INC_PR = "r12"
+INC_PR = "r13"
 
 inherit autotools gettext update-alternatives
 
-EXTRA_OECONF = "--with-libc --enable-ipv6 --with-ssl=openssl"
+EXTRA_OECONF = "--with-libc --enable-ipv6 --with-libssl-prefix=${STAGING_DIR_HOST} --with-ssl=openssl"
 
 do_install_append () {
 	mv ${D}${bindir}/wget ${D}${bindir}/wget.${PN}