1 files changed, 82 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
new file mode 100644
index 000000000..213403e82
--- /dev/null
+++ b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
@@ -0,0 +1,82 @@
+From a27e07d90a4608ceaf928b1babb27d4d803e1992 Mon Sep 17 00:00:00 2001
+From: "Alexander V. Lukyanov" <lavv17f@gmail.com>
+Date: Tue, 31 Jul 2018 10:57:35 +0300
+Subject: [PATCH] mirror: prepend ./ to rm and chmod arguments to avoid URL
+ recognition (fix #452)
+CVE: CVE-2018-10916
+Upstream-Status: Backport from v4.8.4
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ src/MirrorJob.cc | 24 +++++++++---------------
+ 1 file changed, 9 insertions(+), 15 deletions(-)
+diff --git a/src/MirrorJob.cc b/src/MirrorJob.cc
+index cf106c40..0be45431 100644
+--- a/src/MirrorJob.cc
+++ b/src/MirrorJob.cc
+@@ -1164,24 +1164,21 @@ int   MirrorJob::Do()
+            }
+            continue;
+         }
+        bool use_rmdir = (file->TypeIs(file->DIRECTORY)
+                          && recursion_mode==RECURSION_NEVER);
+         if(script)
+         {
+-           ArgV args("rm");
+-           if(file->TypeIs(file->DIRECTORY))
+-           {
+-              if(recursion_mode==RECURSION_NEVER)
+-                 args.setarg(0,"rmdir");
+-              else
+-                 args.Append("-r");
+-           }
+           ArgV args(use_rmdir?"rmdir":"rm");
+           if(file->TypeIs(file->DIRECTORY) && !use_rmdir)
+              args.Append("-r");
+            args.Append(target_session->GetFileURL(file->name));
+            xstring_ca cmd(args.CombineQuoted());
+            fprintf(script,"%s\n",cmd.get());
+         }
+         if(!script_only)
+         {
+-           ArgV *args=new ArgV("rm");
+-           args->Append(file->name);
+           ArgV *args=new ArgV(use_rmdir?"rmdir":"rm");
+           args->Append(dir_file(".",file->name));
+            args->seek(1);
+            rmJob *j=new rmJob(target_session->Clone(),args);
+            j->cmdline.set_allocated(args->Combine());
+@@ -1185,10 +1182,7 @@ int   MirrorJob::Do()
+            if(file->TypeIs(file->DIRECTORY))
+            {
+               if(recursion_mode==RECURSION_NEVER)
+-              {
+-                 args->setarg(0,"rmdir");
+                  j->Rmdir();
+-              }
+               else
+                  j->Recurse();
+            }
+@@ -1252,7 +1246,7 @@ int   MirrorJob::Do()
+         if(!script_only)
+         {
+            ArgV *a=new ArgV("chmod");
+-           a->Append(file->name);
+           a->Append(dir_file(".",file->name));
+            a->seek(1);
+            ChmodJob *cj=new ChmodJob(target_session->Clone(),
+                                 file->mode&~mode_mask,a);
+@@ -1372,7 +1366,7 @@ int   MirrorJob::Do()
+         if(!script_only)
+         {
+            ArgV *args=new ArgV("rm");
+-           args->Append(file->name);
+           args->Append(dir_file(".",file->name));
+            args->seek(1);
+            rmJob *j=new rmJob(source_session->Clone(),args);
+            j->cmdline.set_allocated(args->Combine());
+-- 
+2.13.3

diff --git a/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch new file mode 100644 index 000000000..213403e82 --- /dev/null +++ b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
@@ -0,0 +1,82 @@
	1	From a27e07d90a4608ceaf928b1babb27d4d803e1992 Mon Sep 17 00:00:00 2001
	2	From: "Alexander V. Lukyanov" <lavv17f@gmail.com>
	3	Date: Tue, 31 Jul 2018 10:57:35 +0300
	4	Subject: [PATCH] mirror: prepend ./ to rm and chmod arguments to avoid URL
	5	recognition (fix #452)
	6
	7	CVE: CVE-2018-10916
	8	Upstream-Status: Backport from v4.8.4
	9
	10	Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
	11	---
	12	src/MirrorJob.cc \| 24 +++++++++---------------
	13	1 file changed, 9 insertions(+), 15 deletions(-)
	14
	15	diff --git a/src/MirrorJob.cc b/src/MirrorJob.cc
	16	index cf106c40..0be45431 100644
	17	--- a/src/MirrorJob.cc
	18	+++ b/src/MirrorJob.cc
	19	@@ -1164,24 +1164,21 @@ int MirrorJob::Do()
	20	}
	21	continue;
	22	}
	23	+ bool use_rmdir = (file->TypeIs(file->DIRECTORY)
	24	+ && recursion_mode==RECURSION_NEVER);
	25	if(script)
	26	{
	27	- ArgV args("rm");
	28	- if(file->TypeIs(file->DIRECTORY))
	29	- {
	30	- if(recursion_mode==RECURSION_NEVER)
	31	- args.setarg(0,"rmdir");
	32	- else
	33	- args.Append("-r");
	34	- }
	35	+ ArgV args(use_rmdir?"rmdir":"rm");
	36	+ if(file->TypeIs(file->DIRECTORY) && !use_rmdir)
	37	+ args.Append("-r");
	38	args.Append(target_session->GetFileURL(file->name));
	39	xstring_ca cmd(args.CombineQuoted());
	40	fprintf(script,"%s\n",cmd.get());
	41	}
	42	if(!script_only)
	43	{
	44	- ArgV *args=new ArgV("rm");
	45	- args->Append(file->name);
	46	+ ArgV *args=new ArgV(use_rmdir?"rmdir":"rm");
	47	+ args->Append(dir_file(".",file->name));
	48	args->seek(1);
	49	rmJob *j=new rmJob(target_session->Clone(),args);
	50	j->cmdline.set_allocated(args->Combine());
	51	@@ -1185,10 +1182,7 @@ int MirrorJob::Do()
	52	if(file->TypeIs(file->DIRECTORY))
	53	{
	54	if(recursion_mode==RECURSION_NEVER)
	55	- {
	56	- args->setarg(0,"rmdir");
	57	j->Rmdir();
	58	- }
	59	else
	60	j->Recurse();
	61	}
	62	@@ -1252,7 +1246,7 @@ int MirrorJob::Do()
	63	if(!script_only)
	64	{
	65	ArgV *a=new ArgV("chmod");
	66	- a->Append(file->name);
	67	+ a->Append(dir_file(".",file->name));
	68	a->seek(1);
	69	ChmodJob *cj=new ChmodJob(target_session->Clone(),
	70	file->mode&~mode_mask,a);
	71	@@ -1372,7 +1366,7 @@ int MirrorJob::Do()
	72	if(!script_only)
	73	{
	74	ArgV *args=new ArgV("rm");
	75	- args->Append(file->name);
	76	+ args->Append(dir_file(".",file->name));
	77	args->seek(1);
	78	rmJob *j=new rmJob(source_session->Clone(),args);
	79	j->cmdline.set_allocated(args->Combine());
	80	--
	81	2.13.3
	82