[oe] [meta-networking][PATCH] lftp: CVE-2018-10916
Jagadeesh Krishnanjanappa
jkrishnanjanappa at mvista.com
Thu Aug 23 11:25:32 UTC 2018
Affects lftp <= 4.8.3
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa at mvista.com>
---
.../lftp/files/CVE-2018-10916.patch | 82 ++++++++++++++++++++++
.../recipes-connectivity/lftp/lftp_4.8.3.bb | 1 +
2 files changed, 83 insertions(+)
create mode 100644 meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
diff --git a/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
new file mode 100644
index 0000000..c0e87d9
--- /dev/null
+++ b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
@@ -0,0 +1,82 @@
+From a27e07d90a4608ceaf928b1babb27d4d803e1992 Mon Sep 17 00:00:00 2001
+From: "Alexander V. Lukyanov" <lavv17f at gmail.com>
+Date: Tue, 31 Jul 2018 10:57:35 +0300
+Subject: [PATCH] mirror: prepend ./ to rm and chmod arguments to avoid URL
+ recognition (fix #452)
+
+CVE: CVE-2018-10916
+Upstream-Status: Backport from v4.8.4
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa at mvista.com>
+---
+ src/MirrorJob.cc | 24 +++++++++---------------
+ 1 file changed, 9 insertions(+), 15 deletions(-)
+
+diff --git a/src/MirrorJob.cc b/src/MirrorJob.cc
+index cf106c40..0be45431 100644
+--- a/src/MirrorJob.cc
++++ b/src/MirrorJob.cc
+@@ -1164,24 +1164,21 @@ int MirrorJob::Do()
+ }
+ continue;
+ }
++ bool use_rmdir = (file->TypeIs(file->DIRECTORY)
++ && recursion_mode==RECURSION_NEVER);
+ if(script)
+ {
+- ArgV args("rm");
+- if(file->TypeIs(file->DIRECTORY))
+- {
+- if(recursion_mode==RECURSION_NEVER)
+- args.setarg(0,"rmdir");
+- else
+- args.Append("-r");
+- }
++ ArgV args(use_rmdir?"rmdir":"rm");
++ if(file->TypeIs(file->DIRECTORY) && !use_rmdir)
++ args.Append("-r");
+ args.Append(target_session->GetFileURL(file->name));
+ xstring_ca cmd(args.CombineQuoted());
+ fprintf(script,"%s\n",cmd.get());
+ }
+ if(!script_only)
+ {
+- ArgV *args=new ArgV("rm");
+- args->Append(file->name);
++ ArgV *args=new ArgV(use_rmdir?"rmdir":"rm");
++ args->Append(dir_file(".",file->name));
+ args->seek(1);
+ rmJob *j=new rmJob(target_session->Clone(),args);
+ args->CombineTo(j->cmdline);
+@@ -1189,10 +1186,7 @@ int MirrorJob::Do()
+ if(file->TypeIs(file->DIRECTORY))
+ {
+ if(recursion_mode==RECURSION_NEVER)
+- {
+- args->setarg(0,"rmdir");
+ j->Rmdir();
+- }
+ else
+ j->Recurse();
+ }
+@@ -1258,7 +1252,7 @@ int MirrorJob::Do()
+ if(!script_only)
+ {
+ ArgV *a=new ArgV("chmod");
+- a->Append(file->name);
++ a->Append(dir_file(".",file->name));
+ a->seek(1);
+ ChmodJob *cj=new ChmodJob(target_session->Clone(),
+ file->mode&~mode_mask,a);
+@@ -1380,7 +1374,7 @@ int MirrorJob::Do()
+ if(!script_only)
+ {
+ ArgV *args=new ArgV("rm");
+- args->Append(file->name);
++ args->Append(dir_file(".",file->name));
+ args->seek(1);
+ rmJob *j=new rmJob(source_session->Clone(),args);
+ args->CombineTo(j->cmdline);
+--
+2.13.3
+
diff --git a/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb b/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb
index c6e3727..e0b6beb 100644
--- a/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb
+++ b/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
SRC_URI = "http://lftp.yar.ru/ftp/lftp-${PV}.tar.bz2 \
file://fix-gcc-6-conflicts-signbit.patch \
+ file://CVE-2018-10916.patch \
"
SRC_URI[md5sum] = "12b1fcbf13f41e9cdb0903fc670fa1f1"
SRC_URI[sha256sum] = "c4159f056afee41866a6c2d639655bc351e6d3486bbe7758eaedb24f6a4239d5"
--
2.7.4
More information about the Openembedded-devel
mailing list