From f83a6cfe667275be43347e8e0ffbb09c976b3807 Mon Sep 17 00:00:00 2001
From: Randy MacLeod <randy.macleod@windriver.com>
Date: Wed, 5 Sep 2018 14:15:06 -0400
Subject: lftp: update from 4.8.3 to 4.8.4

Drop upstreamed CVE fix:
   a27e07d9 mirror: prepend ./ to rm and chmod arguments to avoid URL recognition (fix #452)

Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 .../lftp/files/CVE-2018-10916.patch                | 82 ----------------------
 .../recipes-connectivity/lftp/lftp_4.8.3.bb        | 34 ---------
 .../recipes-connectivity/lftp/lftp_4.8.4.bb        | 33 +++++++++
 3 files changed, 33 insertions(+), 116 deletions(-)
 delete mode 100644 meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
 delete mode 100644 meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb
 create mode 100644 meta-networking/recipes-connectivity/lftp/lftp_4.8.4.bb

(limited to 'meta-networking')

diff --git a/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
deleted file mode 100644
index c0e87d942e..0000000000
--- a/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From a27e07d90a4608ceaf928b1babb27d4d803e1992 Mon Sep 17 00:00:00 2001
-From: "Alexander V. Lukyanov" <lavv17f@gmail.com>
-Date: Tue, 31 Jul 2018 10:57:35 +0300
-Subject: [PATCH] mirror: prepend ./ to rm and chmod arguments to avoid URL
- recognition (fix #452)
-
-CVE: CVE-2018-10916
-Upstream-Status: Backport from v4.8.4
-
-Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
----
- src/MirrorJob.cc | 24 +++++++++---------------
- 1 file changed, 9 insertions(+), 15 deletions(-)
-
-diff --git a/src/MirrorJob.cc b/src/MirrorJob.cc
-index cf106c40..0be45431 100644
---- a/src/MirrorJob.cc
-+++ b/src/MirrorJob.cc
-@@ -1164,24 +1164,21 @@ int   MirrorJob::Do()
- 	    }
- 	    continue;
- 	 }
-+	 bool use_rmdir = (file->TypeIs(file->DIRECTORY)
-+			   && recursion_mode==RECURSION_NEVER);
- 	 if(script)
- 	 {
--	    ArgV args("rm");
--	    if(file->TypeIs(file->DIRECTORY))
--	    {
--	       if(recursion_mode==RECURSION_NEVER)
--		  args.setarg(0,"rmdir");
--	       else
--		  args.Append("-r");
--	    }
-+	    ArgV args(use_rmdir?"rmdir":"rm");
-+	    if(file->TypeIs(file->DIRECTORY) && !use_rmdir)
-+	       args.Append("-r");
- 	    args.Append(target_session->GetFileURL(file->name));
- 	    xstring_ca cmd(args.CombineQuoted());
- 	    fprintf(script,"%s\n",cmd.get());
- 	 }
- 	 if(!script_only)
- 	 {
--	    ArgV *args=new ArgV("rm");
--	    args->Append(file->name);
-+	    ArgV *args=new ArgV(use_rmdir?"rmdir":"rm");
-+	    args->Append(dir_file(".",file->name));
- 	    args->seek(1);
- 	    rmJob *j=new rmJob(target_session->Clone(),args);
- 	    args->CombineTo(j->cmdline);
-@@ -1189,10 +1186,7 @@ int   MirrorJob::Do()
- 	    if(file->TypeIs(file->DIRECTORY))
- 	    {
- 	       if(recursion_mode==RECURSION_NEVER)
--	       {
--		  args->setarg(0,"rmdir");
- 		  j->Rmdir();
--	       }
- 	       else
- 		  j->Recurse();
- 	    }
-@@ -1258,7 +1252,7 @@ int   MirrorJob::Do()
- 	 if(!script_only)
- 	 {
- 	    ArgV *a=new ArgV("chmod");
--	    a->Append(file->name);
-+	    a->Append(dir_file(".",file->name));
- 	    a->seek(1);
- 	    ChmodJob *cj=new ChmodJob(target_session->Clone(),
- 				 file->mode&~mode_mask,a);
-@@ -1380,7 +1374,7 @@ int   MirrorJob::Do()
- 	 if(!script_only)
- 	 {
- 	    ArgV *args=new ArgV("rm");
--	    args->Append(file->name);
-+	    args->Append(dir_file(".",file->name));
- 	    args->seek(1);
- 	    rmJob *j=new rmJob(source_session->Clone(),args);
- 	    args->CombineTo(j->cmdline);
--- 
-2.13.3
-
diff --git a/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb b/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb
deleted file mode 100644
index e0b6bebad4..0000000000
--- a/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb
+++ /dev/null
@@ -1,34 +0,0 @@
-DESCRIPTION = "LFTP is a sophisticated file transfer program with \
-               command line interface. It supports FTP, HTTP, \
-               FISH, SFTP, HTTPS and FTPS protocols"
-HOMEPAGE = "http://lftp.yar.ru/"
-SECTION = "console/network"
-LICENSE = "GPLv3"
-LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
-
-SRC_URI = "http://lftp.yar.ru/ftp/lftp-${PV}.tar.bz2 \
-           file://fix-gcc-6-conflicts-signbit.patch \
-           file://CVE-2018-10916.patch \
-          "
-SRC_URI[md5sum] = "12b1fcbf13f41e9cdb0903fc670fa1f1"
-SRC_URI[sha256sum] = "c4159f056afee41866a6c2d639655bc351e6d3486bbe7758eaedb24f6a4239d5"
-
-inherit autotools gettext pkgconfig
-
-acpaths = "-I ./m4"
-
-EXTRA_OECONF += "--with-modules --disable-rpath"
-
-PACKAGECONFIG ??= "openssl zlib gnutls readline expat"
-PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
-PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_INCDIR}/.., --without-zlib, zlib"
-PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
-PACKAGECONFIG[readline] = "--with-readline=${STAGING_INCDIR}/.. --with-readline-inc=${STAGING_INCDIR} --with-readline-lib=-lreadline, --with-readline=no, readline"
-PACKAGECONFIG[expat] = "--with-expat=${STAGING_INCDIR}/.. --with-expat-inc=${STAGING_INCDIR} --with-expat-lib=-lexpat, , expat"
-
-do_install_append() {
-	rm -rf ${D}${libdir}/charset.alias
-}
-FILES_${PN} += "${datadir}/icons/hicolor"
-FILES_${PN}-dbg += "${libdir}/lftp/${PV}/.debug"
-RDEPENDS_${PN} = "perl bash readline"
diff --git a/meta-networking/recipes-connectivity/lftp/lftp_4.8.4.bb b/meta-networking/recipes-connectivity/lftp/lftp_4.8.4.bb
new file mode 100644
index 0000000000..bf793d91d3
--- /dev/null
+++ b/meta-networking/recipes-connectivity/lftp/lftp_4.8.4.bb
@@ -0,0 +1,33 @@
+DESCRIPTION = "LFTP is a sophisticated file transfer program with \
+               command line interface. It supports FTP, HTTP, \
+               FISH, SFTP, HTTPS and FTPS protocols"
+HOMEPAGE = "http://lftp.yar.ru/"
+SECTION = "console/network"
+LICENSE = "GPLv3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
+
+SRC_URI = "http://lftp.yar.ru/ftp/lftp-${PV}.tar.bz2 \
+           file://fix-gcc-6-conflicts-signbit.patch \
+          "
+SRC_URI[md5sum] = "a56b5047dbfda052df4c1dfd197aa092"
+SRC_URI[sha256sum] = "a853edbd075b008c315679c7882b6dcc6821ed2365d2ed843a412acd3d40da0e"
+
+inherit autotools gettext pkgconfig
+
+acpaths = "-I ./m4"
+
+EXTRA_OECONF += "--with-modules --disable-rpath"
+
+PACKAGECONFIG ??= "openssl zlib gnutls readline expat"
+PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
+PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_INCDIR}/.., --without-zlib, zlib"
+PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
+PACKAGECONFIG[readline] = "--with-readline=${STAGING_INCDIR}/.. --with-readline-inc=${STAGING_INCDIR} --with-readline-lib=-lreadline, --with-readline=no, readline"
+PACKAGECONFIG[expat] = "--with-expat=${STAGING_INCDIR}/.. --with-expat-inc=${STAGING_INCDIR} --with-expat-lib=-lexpat, , expat"
+
+do_install_append() {
+	rm -rf ${D}${libdir}/charset.alias
+}
+FILES_${PN} += "${datadir}/icons/hicolor"
+FILES_${PN}-dbg += "${libdir}/lftp/${PV}/.debug"
+RDEPENDS_${PN} = "perl bash readline"
-- 
cgit 1.2.3-korg