aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>2018-08-23 16:51:24 +0530
committerArmin Kuster <akuster808@gmail.com>2018-09-04 07:37:56 -0700
commit3e615d62eb4e11a1e4aa47a980e0fb4130f51e65 (patch)
treeab53fe846f1f223f0ba871b8b6fea82533b6648a
parent0fec2df04070651d1b7a6b3d4236e1fdd0af3974 (diff)
downloadmeta-openembedded-contrib-3e615d62eb4e11a1e4aa47a980e0fb4130f51e65.tar.gz
meta-openembedded-contrib-3e615d62eb4e11a1e4aa47a980e0fb4130f51e65.tar.bz2
meta-openembedded-contrib-3e615d62eb4e11a1e4aa47a980e0fb4130f51e65.zip
lftp: CVE-2018-10916
Affects lftp <= 4.8.3 Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch82
-rw-r--r--meta-networking/recipes-connectivity/lftp/lftp_4.7.7.bb1
2 files changed, 83 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
new file mode 100644
index 0000000000..213403e82f
--- /dev/null
+++ b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
@@ -0,0 +1,82 @@
+From a27e07d90a4608ceaf928b1babb27d4d803e1992 Mon Sep 17 00:00:00 2001
+From: "Alexander V. Lukyanov" <lavv17f@gmail.com>
+Date: Tue, 31 Jul 2018 10:57:35 +0300
+Subject: [PATCH] mirror: prepend ./ to rm and chmod arguments to avoid URL
+ recognition (fix #452)
+
+CVE: CVE-2018-10916
+Upstream-Status: Backport from v4.8.4
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ src/MirrorJob.cc | 24 +++++++++---------------
+ 1 file changed, 9 insertions(+), 15 deletions(-)
+
+diff --git a/src/MirrorJob.cc b/src/MirrorJob.cc
+index cf106c40..0be45431 100644
+--- a/src/MirrorJob.cc
++++ b/src/MirrorJob.cc
+@@ -1164,24 +1164,21 @@ int MirrorJob::Do()
+ }
+ continue;
+ }
++ bool use_rmdir = (file->TypeIs(file->DIRECTORY)
++ && recursion_mode==RECURSION_NEVER);
+ if(script)
+ {
+- ArgV args("rm");
+- if(file->TypeIs(file->DIRECTORY))
+- {
+- if(recursion_mode==RECURSION_NEVER)
+- args.setarg(0,"rmdir");
+- else
+- args.Append("-r");
+- }
++ ArgV args(use_rmdir?"rmdir":"rm");
++ if(file->TypeIs(file->DIRECTORY) && !use_rmdir)
++ args.Append("-r");
+ args.Append(target_session->GetFileURL(file->name));
+ xstring_ca cmd(args.CombineQuoted());
+ fprintf(script,"%s\n",cmd.get());
+ }
+ if(!script_only)
+ {
+- ArgV *args=new ArgV("rm");
+- args->Append(file->name);
++ ArgV *args=new ArgV(use_rmdir?"rmdir":"rm");
++ args->Append(dir_file(".",file->name));
+ args->seek(1);
+ rmJob *j=new rmJob(target_session->Clone(),args);
+ j->cmdline.set_allocated(args->Combine());
+@@ -1185,10 +1182,7 @@ int MirrorJob::Do()
+ if(file->TypeIs(file->DIRECTORY))
+ {
+ if(recursion_mode==RECURSION_NEVER)
+- {
+- args->setarg(0,"rmdir");
+ j->Rmdir();
+- }
+ else
+ j->Recurse();
+ }
+@@ -1252,7 +1246,7 @@ int MirrorJob::Do()
+ if(!script_only)
+ {
+ ArgV *a=new ArgV("chmod");
+- a->Append(file->name);
++ a->Append(dir_file(".",file->name));
+ a->seek(1);
+ ChmodJob *cj=new ChmodJob(target_session->Clone(),
+ file->mode&~mode_mask,a);
+@@ -1372,7 +1366,7 @@ int MirrorJob::Do()
+ if(!script_only)
+ {
+ ArgV *args=new ArgV("rm");
+- args->Append(file->name);
++ args->Append(dir_file(".",file->name));
+ args->seek(1);
+ rmJob *j=new rmJob(source_session->Clone(),args);
+ j->cmdline.set_allocated(args->Combine());
+--
+2.13.3
+
diff --git a/meta-networking/recipes-connectivity/lftp/lftp_4.7.7.bb b/meta-networking/recipes-connectivity/lftp/lftp_4.7.7.bb
index b6b65da736..042b0aa54c 100644
--- a/meta-networking/recipes-connectivity/lftp/lftp_4.7.7.bb
+++ b/meta-networking/recipes-connectivity/lftp/lftp_4.7.7.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
SRC_URI = "http://lftp.yar.ru/ftp/lftp-${PV}.tar.bz2 \
file://fix-gcc-6-conflicts-signbit.patch \
+ file://CVE-2018-10916.patch \
"
SRC_URI[md5sum] = "3701e7675baa5619c92622eb141c8301"
SRC_URI[sha256sum] = "fe441f20a9a317cfb99a8b8e628ba0457df472b6d93964d17374d5b5ebdf9280"