netkit-rsh: security fixes

Fix CVE-2019-7282, CVE-2019-7283 References: https://nvd.nist.gov/vuln/detail/CVE-2019-7282 https://nvd.nist.gov/vuln/detail/CVE-2019-7283 Patch from: https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Yi Zhao <yi.zhao@windriver.com> 2019-04-15 14:58:34 +0800
committer: Armin Kuster <akuster808@gmail.com> 2019-05-27 22:22:25 -0700
commit: b63137da3fce51c412f20bc2ea6f333b0ef4ab34 (patch)
tree: 3c838e296f5829e10fd71c527b11389c82b8ea75
parent: 8e1252625315dd21077d401affe7988b766e0f46 (diff)
download: meta-openembedded-b63137da3fce51c412f20bc2ea6f333b0ef4ab34.tar.gz
2 files changed, 34 insertions, 0 deletions
diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
new file mode 100644
index 000000000..4381f5bf8
--- /dev/null
+++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
@@ -0,0 +1,33 @@
+From a7831a16c3e0e1463d5eb08a58af152cb75ca976 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Mon, 15 Apr 2019 06:05:58 +0000
+Subject: [PATCH] Fix CVE-2019-7282 and CVE-2019-7283
+Description: Fix CVE-2018-20685 and CVE-2019-6111
+Bug-Debian: https://bugs.debian.org/920486
+Origin: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2#diff-9f340c228413d5a9a9206ea2ed2bc624R1114
+Upstream-Status: Backport [Debian]
+[https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ rcp/rcp.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+diff --git a/rcp/rcp.c b/rcp/rcp.c
+index ca61c18..77d8ff8 100644
+--- a/rcp/rcp.c
+++ b/rcp/rcp.c
+@@ -740,6 +740,11 @@ sink(int argc, char *argv[])
+                        size = size * 10 + (*cp++ - '0');
+                if (*cp++ != ' ')
+                        SCREWUP("size not delimited");
+               if (*cp == '\0' || strchr(cp, '/') != NULL ||
+                   strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
+                       error("error: unexpected filename: %s", cp);
+                       exit(1);
+               }
+                if (targisdir) {
+                        static char *namebuf;
+                        static int cursize;
diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
index d034cd8ed..6f203c5a8 100644
--- a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
+++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
@@ -16,6 +16,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-rsh/netkit-rsh_${PV}.orig.tar.gz;name=
            file://netkit-rsh-0.17-rexec-ipv6.patch \
            file://fix-host-variable.patch \
            file://fixup_wait3_api_change.patch \
+            file://CVE-2019-7282-and-CVE-2019-7283.patch \
 "
 SRC_URI[archive.md5sum] = "65f5f28e2fe22d9ad8b17bb9a10df096"
author	Yi Zhao <yi.zhao@windriver.com>	2019-04-15 14:58:34 +0800
committer	Armin Kuster <akuster808@gmail.com>	2019-05-27 22:22:25 -0700
commit	b63137da3fce51c412f20bc2ea6f333b0ef4ab34 (patch)
tree	3c838e296f5829e10fd71c527b11389c82b8ea75
parent	8e1252625315dd21077d401affe7988b766e0f46 (diff)
download	meta-openembedded-b63137da3fce51c412f20bc2ea6f333b0ef4ab34.tar.gz

diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch new file mode 100644 index 000000000..4381f5bf8 --- /dev/null +++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
@@ -0,0 +1,33 @@
		1	From a7831a16c3e0e1463d5eb08a58af152cb75ca976 Mon Sep 17 00:00:00 2001
		2	From: Yi Zhao <yi.zhao@windriver.com>
		3	Date: Mon, 15 Apr 2019 06:05:58 +0000
		4	Subject: [PATCH] Fix CVE-2019-7282 and CVE-2019-7283
		5
		6	Description: Fix CVE-2018-20685 and CVE-2019-6111
		7	Bug-Debian: https://bugs.debian.org/920486
		8	Origin: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2#diff-9f340c228413d5a9a9206ea2ed2bc624R1114
		9
		10	Upstream-Status: Backport [Debian]
		11	[https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch]
		12
		13	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		14	---
		15	rcp/rcp.c \| 5 +++++
		16	1 file changed, 5 insertions(+)
		17
		18	diff --git a/rcp/rcp.c b/rcp/rcp.c
		19	index ca61c18..77d8ff8 100644
		20	--- a/rcp/rcp.c
		21	+++ b/rcp/rcp.c
		22	@@ -740,6 +740,11 @@ sink(int argc, char *argv[])
		23	size = size * 10 + (*cp++ - '0');
		24	if (*cp++ != ' ')
		25	SCREWUP("size not delimited");
		26	+ if (*cp == '\0' \|\| strchr(cp, '/') != NULL \|\|
		27	+ strcmp(cp, ".") == 0 \|\| strcmp(cp, "..") == 0) {
		28	+ error("error: unexpected filename: %s", cp);
		29	+ exit(1);
		30	+ }
		31	if (targisdir) {
		32	static char *namebuf;
		33	static int cursize;


diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb index d034cd8ed..6f203c5a8 100644 --- a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb +++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
@@ -16,6 +16,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-rsh/netkit-rsh_${PV}.orig.tar.gz;name=
16	file://netkit-rsh-0.17-rexec-ipv6.patch \	16	file://netkit-rsh-0.17-rexec-ipv6.patch \
17	file://fix-host-variable.patch \	17	file://fix-host-variable.patch \
18	file://fixup_wait3_api_change.patch \	18	file://fixup_wait3_api_change.patch \
		19	file://CVE-2019-7282-and-CVE-2019-7283.patch \
19	"	20	"
20		21
21	SRC_URI[archive.md5sum] = "65f5f28e2fe22d9ad8b17bb9a10df096"	22	SRC_URI[archive.md5sum] = "65f5f28e2fe22d9ad8b17bb9a10df096"