diff options
author | Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | 2018-08-23 16:51:24 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2018-09-04 07:37:56 -0700 |
commit | 3e615d62eb4e11a1e4aa47a980e0fb4130f51e65 (patch) | |
tree | ab53fe846f1f223f0ba871b8b6fea82533b6648a /meta-networking | |
parent | 0fec2df04070651d1b7a6b3d4236e1fdd0af3974 (diff) | |
download | meta-openembedded-3e615d62eb4e11a1e4aa47a980e0fb4130f51e65.tar.gz |
lftp: CVE-2018-10916
Affects lftp <= 4.8.3
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-networking')
-rw-r--r-- | meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch | 82 | ||||
-rw-r--r-- | meta-networking/recipes-connectivity/lftp/lftp_4.7.7.bb | 1 |
2 files changed, 83 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch new file mode 100644 index 000000000..213403e82 --- /dev/null +++ b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch | |||
@@ -0,0 +1,82 @@ | |||
1 | From a27e07d90a4608ceaf928b1babb27d4d803e1992 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Alexander V. Lukyanov" <lavv17f@gmail.com> | ||
3 | Date: Tue, 31 Jul 2018 10:57:35 +0300 | ||
4 | Subject: [PATCH] mirror: prepend ./ to rm and chmod arguments to avoid URL | ||
5 | recognition (fix #452) | ||
6 | |||
7 | CVE: CVE-2018-10916 | ||
8 | Upstream-Status: Backport from v4.8.4 | ||
9 | |||
10 | Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | ||
11 | --- | ||
12 | src/MirrorJob.cc | 24 +++++++++--------------- | ||
13 | 1 file changed, 9 insertions(+), 15 deletions(-) | ||
14 | |||
15 | diff --git a/src/MirrorJob.cc b/src/MirrorJob.cc | ||
16 | index cf106c40..0be45431 100644 | ||
17 | --- a/src/MirrorJob.cc | ||
18 | +++ b/src/MirrorJob.cc | ||
19 | @@ -1164,24 +1164,21 @@ int MirrorJob::Do() | ||
20 | } | ||
21 | continue; | ||
22 | } | ||
23 | + bool use_rmdir = (file->TypeIs(file->DIRECTORY) | ||
24 | + && recursion_mode==RECURSION_NEVER); | ||
25 | if(script) | ||
26 | { | ||
27 | - ArgV args("rm"); | ||
28 | - if(file->TypeIs(file->DIRECTORY)) | ||
29 | - { | ||
30 | - if(recursion_mode==RECURSION_NEVER) | ||
31 | - args.setarg(0,"rmdir"); | ||
32 | - else | ||
33 | - args.Append("-r"); | ||
34 | - } | ||
35 | + ArgV args(use_rmdir?"rmdir":"rm"); | ||
36 | + if(file->TypeIs(file->DIRECTORY) && !use_rmdir) | ||
37 | + args.Append("-r"); | ||
38 | args.Append(target_session->GetFileURL(file->name)); | ||
39 | xstring_ca cmd(args.CombineQuoted()); | ||
40 | fprintf(script,"%s\n",cmd.get()); | ||
41 | } | ||
42 | if(!script_only) | ||
43 | { | ||
44 | - ArgV *args=new ArgV("rm"); | ||
45 | - args->Append(file->name); | ||
46 | + ArgV *args=new ArgV(use_rmdir?"rmdir":"rm"); | ||
47 | + args->Append(dir_file(".",file->name)); | ||
48 | args->seek(1); | ||
49 | rmJob *j=new rmJob(target_session->Clone(),args); | ||
50 | j->cmdline.set_allocated(args->Combine()); | ||
51 | @@ -1185,10 +1182,7 @@ int MirrorJob::Do() | ||
52 | if(file->TypeIs(file->DIRECTORY)) | ||
53 | { | ||
54 | if(recursion_mode==RECURSION_NEVER) | ||
55 | - { | ||
56 | - args->setarg(0,"rmdir"); | ||
57 | j->Rmdir(); | ||
58 | - } | ||
59 | else | ||
60 | j->Recurse(); | ||
61 | } | ||
62 | @@ -1252,7 +1246,7 @@ int MirrorJob::Do() | ||
63 | if(!script_only) | ||
64 | { | ||
65 | ArgV *a=new ArgV("chmod"); | ||
66 | - a->Append(file->name); | ||
67 | + a->Append(dir_file(".",file->name)); | ||
68 | a->seek(1); | ||
69 | ChmodJob *cj=new ChmodJob(target_session->Clone(), | ||
70 | file->mode&~mode_mask,a); | ||
71 | @@ -1372,7 +1366,7 @@ int MirrorJob::Do() | ||
72 | if(!script_only) | ||
73 | { | ||
74 | ArgV *args=new ArgV("rm"); | ||
75 | - args->Append(file->name); | ||
76 | + args->Append(dir_file(".",file->name)); | ||
77 | args->seek(1); | ||
78 | rmJob *j=new rmJob(source_session->Clone(),args); | ||
79 | j->cmdline.set_allocated(args->Combine()); | ||
80 | -- | ||
81 | 2.13.3 | ||
82 | |||
diff --git a/meta-networking/recipes-connectivity/lftp/lftp_4.7.7.bb b/meta-networking/recipes-connectivity/lftp/lftp_4.7.7.bb index b6b65da73..042b0aa54 100644 --- a/meta-networking/recipes-connectivity/lftp/lftp_4.7.7.bb +++ b/meta-networking/recipes-connectivity/lftp/lftp_4.7.7.bb | |||
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" | |||
8 | 8 | ||
9 | SRC_URI = "http://lftp.yar.ru/ftp/lftp-${PV}.tar.bz2 \ | 9 | SRC_URI = "http://lftp.yar.ru/ftp/lftp-${PV}.tar.bz2 \ |
10 | file://fix-gcc-6-conflicts-signbit.patch \ | 10 | file://fix-gcc-6-conflicts-signbit.patch \ |
11 | file://CVE-2018-10916.patch \ | ||
11 | " | 12 | " |
12 | SRC_URI[md5sum] = "3701e7675baa5619c92622eb141c8301" | 13 | SRC_URI[md5sum] = "3701e7675baa5619c92622eb141c8301" |
13 | SRC_URI[sha256sum] = "fe441f20a9a317cfb99a8b8e628ba0457df472b6d93964d17374d5b5ebdf9280" | 14 | SRC_URI[sha256sum] = "fe441f20a9a317cfb99a8b8e628ba0457df472b6d93964d17374d5b5ebdf9280" |