Welcome to Centmin Mod Community
Become a Member

Beta Branch add addons/wget.sh allow newer version of wget on CentOS for 123.09beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jul 8, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    30,955
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,416
    Local Time:
    12:11 AM
    Nginx 1.13.x
    MariaDB 5.5
    add addons/wget.sh allow newer version of wget on CentOS for 123.09beta01

    addons/wget.sh allows source compilation of a newer version of wget than the YUM repo available CentOS wget versions. The source install via addons/wget.sh installs newer wget to /usr/local/bin/wget and sets up wget command as an alias pointing to that binary path so as to not interfere with CentOS YUM installed wget version.

    Continue reading...

    123.09beta01 branch

     
  2. eva2000

    eva2000 Administrator Staff Member

    30,955
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,416
    Local Time:
    12:11 AM
    Nginx 1.13.x
    MariaDB 5.5
    FYI, CentOS 6 uses wget 1.12 and CentOS 7 uses wget 1.14. The addons/wget.sh installer installs latest wget 1.18 version.

    For Centmin Mod 123.09beta01



    Ensure you updated your 123.09beta01 builds via centmin.sh menu option 23 submenu option 2 first.

    Example run on 123.09beta01 latest code with CentOS 7 GCC 4.8.5

    Install via addons/wget.sh
    Code (Text):
    cd /usr/local/src/centminmod/addons
    ./wget.sh install
    


    For Centmin Mod 123.08stable



    Centmin Mod 123.08stable has backported the addons/wget.sh as of July 10th, 2016 updates. So will also auto trigger addons/wget.sh on running centmin.sh. If on older Centmin Mod 123.08stable code base, you can also run centmin.sh menu option 23 submenu option 2 to update the code and then run above newly backported addons/wget.sh. Or you can just grab the addons/wget.sh via github download since addons are meant to be standalone for this reason.
    Code (Text):
    cd /usr/local/src/centminmod/addons
    rm -rf wget.sh
    wget https://github.com/centminmod/centminmod/raw/123.09beta01/addons/wget.sh -O wget.sh
    ./wget.sh install
    rm -rf /usr/local/src/centminmod/addons/wget.sh
    


    Example Outputs



    Resulting output at end for CentOS 7 with GCC 4.8.5
    Code (Text):
    --------------------------------------------------------
    wget -V
    GNU Wget 1.18 built on linux-gnu.
    
    -cares +digest -gpgme +https +ipv6 +iri +large-file -metalink +nls
    +ntlm +opie +psl +ssl/openssl
    
    Wgetrc:
        /usr/local/etc/wgetrc (system)
    Locale:
        /usr/local/share/locale
    Compile:
        gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/local/etc/wgetrc"
        -DLOCALEDIR="/usr/local/share/locale" -I. -I../lib -I../lib -I
        /usr/local/include -DHAVE_LIBSSL -DNDEBUG -O2 -g -pipe -Wall
        -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
        --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
    Link:
        gcc -I /usr/local/include -DHAVE_LIBSSL -DNDEBUG -O2 -g -pipe -Wall
        -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
        --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
        -L /usr/local/lib -lpcre -lssl -lcrypto -lz -lpsl -lidn ftp-opie.o
        openssl.o http-ntlm.o ../lib/libgnu.a
    
    Copyright (C) 2015 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later
    <http://www.gnu.org/licenses/gpl.html>.
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.
    
    Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
    Please send bug reports and questions to <bug-wget@gnu.org>.
    --------------------------------------------------------
    wget 1.18 installed at /usr/local/bin/wget
    


    Example run with CentOS 6.8 GCC 4.9.1 via devtoolset-3 to work around native GCC 4.4.7 which wget compile doesn't support.
    Code (Text):
    --------------------------------------------------------
    ldconfig -p | grep libpcre.so.1
            libpcre.so.1 (libc6,x86-64) => /usr/local/lib/libpcre.so.1
    
    ldd /usr/local/bin/wget
            linux-vdso.so.1 =>  (0x00007ffedffd5000)
            libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x00007f7e56ff6000)
            libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f7e56d8a000)
            libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f7e569a5000)
            libz.so.1 => /lib64/libz.so.1 (0x00007f7e5678f000)
            libidn.so.11 => /lib64/libidn.so.11 (0x00007f7e5655d000)
            librt.so.1 => /lib64/librt.so.1 (0x00007f7e56354000)
            libc.so.6 => /lib64/libc.so.6 (0x00007f7e55fc0000)
            libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f7e55d7c000)
            libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f7e55a94000)
            libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f7e55890000)
            libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f7e55664000)
            libdl.so.2 => /lib64/libdl.so.2 (0x00007f7e5545f000)
            libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f7e55242000)
            /lib64/ld-linux-x86-64.so.2 (0x00007f7e57221000)
            libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f7e55037000)
            libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f7e54e33000)
            libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f7e54c19000)
            libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f7e549f9000)
    --------------------------------------------------------
    wget -V
    GNU Wget 1.18 built on linux-gnu.
    
    -cares +digest -gpgme +https +ipv6 +iri +large-file -metalink +nls
    +ntlm +opie -psl +ssl/openssl
    
    Wgetrc:
        /usr/local/etc/wgetrc (system)
    Locale:
        /usr/local/share/locale
    Compile:
        /opt/rh/devtoolset-3/root/usr/bin/gcc -DHAVE_CONFIG_H
        -DSYSTEM_WGETRC="/usr/local/etc/wgetrc"
        -DLOCALEDIR="/usr/local/share/locale" -I. -I../lib -I../lib -I
        /usr/local/include -DHAVE_LIBSSL -DNDEBUG -O2 -g -pipe -Wall
        -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
        --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
    Link:
        /opt/rh/devtoolset-3/root/usr/bin/gcc -I /usr/local/include
        -DHAVE_LIBSSL -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
        -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
        -grecord-gcc-switches -m64 -mtune=generic -L /usr/local/lib -lpcre
        -lssl -lcrypto -lz -lidn -lrt ftp-opie.o openssl.o http-ntlm.o
        ../lib/libgnu.a
    
    Copyright (C) 2015 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later
    <http://www.gnu.org/licenses/gpl.html>.
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.
    
    Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
    Please send bug reports and questions to <bug-wget@gnu.org>.
    --------------------------------------------------------
    wget 1.18 installed at /usr/local/bin/wget
    --------------------------------------------------------
    
    Total wget Install Time: 223.272601719 seconds
    
     
    Last edited: Jul 10, 2016
    • Like Like x 1
  3. pamamolf

    pamamolf Well-Known Member

    2,820
    253
    83
    May 31, 2014
    Ratings:
    +447
    Local Time:
    4:11 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Does the 1.18 solves the latest remote code execution issue?
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,955
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,416
    Local Time:
    12:11 AM
    Nginx 1.13.x
    MariaDB 5.5
    Yup wget 1.18 fixes wget vulnerability CVE-2016-4971 (Dangerous GNU wget Vulnerability Still Not Patched in All Linux Distros) and why i am adding addons/wget.sh. Redhat is being slack and slow to update YUM packaged wget so CentOS is waiting for them.

    So until Redhat/CentOS update wget YUM package, addons/wget.sh is a workaround. Once wget YUM package is updated via backported patch fixes into same wget respective CentOS 6/7 YUM package versions 1.12 and 1.14, you can remove the wget alias from /root/.bashrc and logout and back into a new SSH session.

    remove this line from /root/.bashrc to revert to system YUM package installed wget versions
    Code (Text):
    alias wget='/usr/local/bin/wget'


    So please test addons/wget.sh on a test VPS server and let me know how you fair. Once sure it's working with send out notifications to Centmin Mod users via forum mailings, push notifications etc.
     
    Last edited: Jul 8, 2016
  5. eva2000

    eva2000 Administrator Staff Member

    30,955
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,416
    Local Time:
    12:11 AM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 2