From 29158f7bde5b6448e96c340efe1d73e61d83f5e5 Mon Sep 17 00:00:00 2001 From: Jagadeesh Krishnanjanappa Date: Thu, 23 Aug 2018 16:55:32 +0530 Subject: lftp: CVE-2018-10916 Affects lftp <= 4.8.3 Signed-off-by: Jagadeesh Krishnanjanappa Signed-off-by: Khem Raj --- .../lftp/files/CVE-2018-10916.patch | 82 ++++++++++++++++++++++ .../recipes-connectivity/lftp/lftp_4.8.3.bb | 1 + 2 files changed, 83 insertions(+) create mode 100644 meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch (limited to 'meta-networking') diff --git a/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch new file mode 100644 index 0000000000..c0e87d942e --- /dev/null +++ b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch @@ -0,0 +1,82 @@ +From a27e07d90a4608ceaf928b1babb27d4d803e1992 Mon Sep 17 00:00:00 2001 +From: "Alexander V. Lukyanov" +Date: Tue, 31 Jul 2018 10:57:35 +0300 +Subject: [PATCH] mirror: prepend ./ to rm and chmod arguments to avoid URL + recognition (fix #452) + +CVE: CVE-2018-10916 +Upstream-Status: Backport from v4.8.4 + +Signed-off-by: Jagadeesh Krishnanjanappa +--- + src/MirrorJob.cc | 24 +++++++++--------------- + 1 file changed, 9 insertions(+), 15 deletions(-) + +diff --git a/src/MirrorJob.cc b/src/MirrorJob.cc +index cf106c40..0be45431 100644 +--- a/src/MirrorJob.cc ++++ b/src/MirrorJob.cc +@@ -1164,24 +1164,21 @@ int MirrorJob::Do() + } + continue; + } ++ bool use_rmdir = (file->TypeIs(file->DIRECTORY) ++ && recursion_mode==RECURSION_NEVER); + if(script) + { +- ArgV args("rm"); +- if(file->TypeIs(file->DIRECTORY)) +- { +- if(recursion_mode==RECURSION_NEVER) +- args.setarg(0,"rmdir"); +- else +- args.Append("-r"); +- } ++ ArgV args(use_rmdir?"rmdir":"rm"); ++ if(file->TypeIs(file->DIRECTORY) && !use_rmdir) ++ args.Append("-r"); + args.Append(target_session->GetFileURL(file->name)); + xstring_ca cmd(args.CombineQuoted()); + fprintf(script,"%s\n",cmd.get()); + } + if(!script_only) + { +- ArgV *args=new ArgV("rm"); +- args->Append(file->name); ++ ArgV *args=new ArgV(use_rmdir?"rmdir":"rm"); ++ args->Append(dir_file(".",file->name)); + args->seek(1); + rmJob *j=new rmJob(target_session->Clone(),args); + args->CombineTo(j->cmdline); +@@ -1189,10 +1186,7 @@ int MirrorJob::Do() + if(file->TypeIs(file->DIRECTORY)) + { + if(recursion_mode==RECURSION_NEVER) +- { +- args->setarg(0,"rmdir"); + j->Rmdir(); +- } + else + j->Recurse(); + } +@@ -1258,7 +1252,7 @@ int MirrorJob::Do() + if(!script_only) + { + ArgV *a=new ArgV("chmod"); +- a->Append(file->name); ++ a->Append(dir_file(".",file->name)); + a->seek(1); + ChmodJob *cj=new ChmodJob(target_session->Clone(), + file->mode&~mode_mask,a); +@@ -1380,7 +1374,7 @@ int MirrorJob::Do() + if(!script_only) + { + ArgV *args=new ArgV("rm"); +- args->Append(file->name); ++ args->Append(dir_file(".",file->name)); + args->seek(1); + rmJob *j=new rmJob(source_session->Clone(),args); + args->CombineTo(j->cmdline); +-- +2.13.3 + diff --git a/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb b/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb index c6e37277e4..e0b6bebad4 100644 --- a/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb +++ b/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb @@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SRC_URI = "http://lftp.yar.ru/ftp/lftp-${PV}.tar.bz2 \ file://fix-gcc-6-conflicts-signbit.patch \ + file://CVE-2018-10916.patch \ " SRC_URI[md5sum] = "12b1fcbf13f41e9cdb0903fc670fa1f1" SRC_URI[sha256sum] = "c4159f056afee41866a6c2d639655bc351e6d3486bbe7758eaedb24f6a4239d5" -- cgit 1.2.3-korg