aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRandy MacLeod <randy.macleod@windriver.com>2018-09-05 14:15:06 -0400
committerKhem Raj <raj.khem@gmail.com>2018-09-05 13:59:16 -0700
commitf83a6cfe667275be43347e8e0ffbb09c976b3807 (patch)
treee869d5736f27ef6494d9ae88dba9d6738d7d9917
parent005093bac5d84be258409ffbd4d3ec0859996e2f (diff)
downloadmeta-openembedded-contrib-f83a6cfe667275be43347e8e0ffbb09c976b3807.tar.gz
lftp: update from 4.8.3 to 4.8.4
Drop upstreamed CVE fix: a27e07d9 mirror: prepend ./ to rm and chmod arguments to avoid URL recognition (fix #452) Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
-rw-r--r--meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch82
-rw-r--r--meta-networking/recipes-connectivity/lftp/lftp_4.8.4.bb (renamed from meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb)5
2 files changed, 2 insertions, 85 deletions
diff --git a/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
deleted file mode 100644
index c0e87d942e..0000000000
--- a/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From a27e07d90a4608ceaf928b1babb27d4d803e1992 Mon Sep 17 00:00:00 2001
-From: "Alexander V. Lukyanov" <lavv17f@gmail.com>
-Date: Tue, 31 Jul 2018 10:57:35 +0300
-Subject: [PATCH] mirror: prepend ./ to rm and chmod arguments to avoid URL
- recognition (fix #452)
-
-CVE: CVE-2018-10916
-Upstream-Status: Backport from v4.8.4
-
-Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
----
- src/MirrorJob.cc | 24 +++++++++---------------
- 1 file changed, 9 insertions(+), 15 deletions(-)
-
-diff --git a/src/MirrorJob.cc b/src/MirrorJob.cc
-index cf106c40..0be45431 100644
---- a/src/MirrorJob.cc
-+++ b/src/MirrorJob.cc
-@@ -1164,24 +1164,21 @@ int MirrorJob::Do()
- }
- continue;
- }
-+ bool use_rmdir = (file->TypeIs(file->DIRECTORY)
-+ && recursion_mode==RECURSION_NEVER);
- if(script)
- {
-- ArgV args("rm");
-- if(file->TypeIs(file->DIRECTORY))
-- {
-- if(recursion_mode==RECURSION_NEVER)
-- args.setarg(0,"rmdir");
-- else
-- args.Append("-r");
-- }
-+ ArgV args(use_rmdir?"rmdir":"rm");
-+ if(file->TypeIs(file->DIRECTORY) && !use_rmdir)
-+ args.Append("-r");
- args.Append(target_session->GetFileURL(file->name));
- xstring_ca cmd(args.CombineQuoted());
- fprintf(script,"%s\n",cmd.get());
- }
- if(!script_only)
- {
-- ArgV *args=new ArgV("rm");
-- args->Append(file->name);
-+ ArgV *args=new ArgV(use_rmdir?"rmdir":"rm");
-+ args->Append(dir_file(".",file->name));
- args->seek(1);
- rmJob *j=new rmJob(target_session->Clone(),args);
- args->CombineTo(j->cmdline);
-@@ -1189,10 +1186,7 @@ int MirrorJob::Do()
- if(file->TypeIs(file->DIRECTORY))
- {
- if(recursion_mode==RECURSION_NEVER)
-- {
-- args->setarg(0,"rmdir");
- j->Rmdir();
-- }
- else
- j->Recurse();
- }
-@@ -1258,7 +1252,7 @@ int MirrorJob::Do()
- if(!script_only)
- {
- ArgV *a=new ArgV("chmod");
-- a->Append(file->name);
-+ a->Append(dir_file(".",file->name));
- a->seek(1);
- ChmodJob *cj=new ChmodJob(target_session->Clone(),
- file->mode&~mode_mask,a);
-@@ -1380,7 +1374,7 @@ int MirrorJob::Do()
- if(!script_only)
- {
- ArgV *args=new ArgV("rm");
-- args->Append(file->name);
-+ args->Append(dir_file(".",file->name));
- args->seek(1);
- rmJob *j=new rmJob(source_session->Clone(),args);
- args->CombineTo(j->cmdline);
---
-2.13.3
-
diff --git a/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb b/meta-networking/recipes-connectivity/lftp/lftp_4.8.4.bb
index e0b6bebad4..bf793d91d3 100644
--- a/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb
+++ b/meta-networking/recipes-connectivity/lftp/lftp_4.8.4.bb
@@ -8,10 +8,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
SRC_URI = "http://lftp.yar.ru/ftp/lftp-${PV}.tar.bz2 \
file://fix-gcc-6-conflicts-signbit.patch \
- file://CVE-2018-10916.patch \
"
-SRC_URI[md5sum] = "12b1fcbf13f41e9cdb0903fc670fa1f1"
-SRC_URI[sha256sum] = "c4159f056afee41866a6c2d639655bc351e6d3486bbe7758eaedb24f6a4239d5"
+SRC_URI[md5sum] = "a56b5047dbfda052df4c1dfd197aa092"
+SRC_URI[sha256sum] = "a853edbd075b008c315679c7882b6dcc6821ed2365d2ed843a412acd3d40da0e"
inherit autotools gettext pkgconfig