2 files changed, 83 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
new file mode 100644
index 0000000000..c0e87d942e
--- /dev/null
+++ b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
@@ -0,0 +1,82 @@
+From a27e07d90a4608ceaf928b1babb27d4d803e1992 Mon Sep 17 00:00:00 2001
+From: "Alexander V. Lukyanov" <lavv17f@gmail.com>
+Date: Tue, 31 Jul 2018 10:57:35 +0300
+Subject: [PATCH] mirror: prepend ./ to rm and chmod arguments to avoid URL
+ recognition (fix #452)
+CVE: CVE-2018-10916
+Upstream-Status: Backport from v4.8.4
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ src/MirrorJob.cc | 24 +++++++++---------------
+ 1 file changed, 9 insertions(+), 15 deletions(-)
+diff --git a/src/MirrorJob.cc b/src/MirrorJob.cc
+index cf106c40..0be45431 100644
+--- a/src/MirrorJob.cc
+++ b/src/MirrorJob.cc
+@@ -1164,24 +1164,21 @@ int   MirrorJob::Do()
+            }
+            continue;
+         }
+        bool use_rmdir = (file->TypeIs(file->DIRECTORY)
+                          && recursion_mode==RECURSION_NEVER);
+         if(script)
+         {
+-           ArgV args("rm");
+-           if(file->TypeIs(file->DIRECTORY))
+-           {
+-              if(recursion_mode==RECURSION_NEVER)
+-                 args.setarg(0,"rmdir");
+-              else
+-                 args.Append("-r");
+-           }
+           ArgV args(use_rmdir?"rmdir":"rm");
+           if(file->TypeIs(file->DIRECTORY) && !use_rmdir)
+              args.Append("-r");
+            args.Append(target_session->GetFileURL(file->name));
+            xstring_ca cmd(args.CombineQuoted());
+            fprintf(script,"%s\n",cmd.get());
+         }
+         if(!script_only)
+         {
+-           ArgV *args=new ArgV("rm");
+-           args->Append(file->name);
+           ArgV *args=new ArgV(use_rmdir?"rmdir":"rm");
+           args->Append(dir_file(".",file->name));
+            args->seek(1);
+            rmJob *j=new rmJob(target_session->Clone(),args);
+            args->CombineTo(j->cmdline);
+@@ -1189,10 +1186,7 @@ int   MirrorJob::Do()
+            if(file->TypeIs(file->DIRECTORY))
+            {
+               if(recursion_mode==RECURSION_NEVER)
+-              {
+-                 args->setarg(0,"rmdir");
+                  j->Rmdir();
+-              }
+               else
+                  j->Recurse();
+            }
+@@ -1258,7 +1252,7 @@ int   MirrorJob::Do()
+         if(!script_only)
+         {
+            ArgV *a=new ArgV("chmod");
+-           a->Append(file->name);
+           a->Append(dir_file(".",file->name));
+            a->seek(1);
+            ChmodJob *cj=new ChmodJob(target_session->Clone(),
+                                 file->mode&~mode_mask,a);
+@@ -1380,7 +1374,7 @@ int   MirrorJob::Do()
+         if(!script_only)
+         {
+            ArgV *args=new ArgV("rm");
+-           args->Append(file->name);
+           args->Append(dir_file(".",file->name));
+            args->seek(1);
+            rmJob *j=new rmJob(source_session->Clone(),args);
+            args->CombineTo(j->cmdline);
+-- 
+2.13.3
diff --git a/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb b/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb
index c6e37277e4..e0b6bebad4 100644
--- a/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb
+++ b/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 SRC_URI = "http://lftp.yar.ru/ftp/lftp-${PV}.tar.bz2 \
           file://fix-gcc-6-conflicts-signbit.patch \
+           file://CVE-2018-10916.patch \
          "
 SRC_URI[md5sum] = "12b1fcbf13f41e9cdb0903fc670fa1f1"
 SRC_URI[sha256sum] = "c4159f056afee41866a6c2d639655bc351e6d3486bbe7758eaedb24f6a4239d5"

diff --git a/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch new file mode 100644 index 0000000000..c0e87d942e --- /dev/null +++ b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
@@ -0,0 +1,82 @@
		1	From a27e07d90a4608ceaf928b1babb27d4d803e1992 Mon Sep 17 00:00:00 2001
		2	From: "Alexander V. Lukyanov" <lavv17f@gmail.com>
		3	Date: Tue, 31 Jul 2018 10:57:35 +0300
		4	Subject: [PATCH] mirror: prepend ./ to rm and chmod arguments to avoid URL
		5	recognition (fix #452)
		6
		7	CVE: CVE-2018-10916
		8	Upstream-Status: Backport from v4.8.4
		9
		10	Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
		11	---
		12	src/MirrorJob.cc \| 24 +++++++++---------------
		13	1 file changed, 9 insertions(+), 15 deletions(-)
		14
		15	diff --git a/src/MirrorJob.cc b/src/MirrorJob.cc
		16	index cf106c40..0be45431 100644
		17	--- a/src/MirrorJob.cc
		18	+++ b/src/MirrorJob.cc
		19	@@ -1164,24 +1164,21 @@ int MirrorJob::Do()
		20	}
		21	continue;
		22	}
		23	+ bool use_rmdir = (file->TypeIs(file->DIRECTORY)
		24	+ && recursion_mode==RECURSION_NEVER);
		25	if(script)
		26	{
		27	- ArgV args("rm");
		28	- if(file->TypeIs(file->DIRECTORY))
		29	- {
		30	- if(recursion_mode==RECURSION_NEVER)
		31	- args.setarg(0,"rmdir");
		32	- else
		33	- args.Append("-r");
		34	- }
		35	+ ArgV args(use_rmdir?"rmdir":"rm");
		36	+ if(file->TypeIs(file->DIRECTORY) && !use_rmdir)
		37	+ args.Append("-r");
		38	args.Append(target_session->GetFileURL(file->name));
		39	xstring_ca cmd(args.CombineQuoted());
		40	fprintf(script,"%s\n",cmd.get());
		41	}
		42	if(!script_only)
		43	{
		44	- ArgV *args=new ArgV("rm");
		45	- args->Append(file->name);
		46	+ ArgV *args=new ArgV(use_rmdir?"rmdir":"rm");
		47	+ args->Append(dir_file(".",file->name));
		48	args->seek(1);
		49	rmJob *j=new rmJob(target_session->Clone(),args);
		50	args->CombineTo(j->cmdline);
		51	@@ -1189,10 +1186,7 @@ int MirrorJob::Do()
		52	if(file->TypeIs(file->DIRECTORY))
		53	{
		54	if(recursion_mode==RECURSION_NEVER)
		55	- {
		56	- args->setarg(0,"rmdir");
		57	j->Rmdir();
		58	- }
		59	else
		60	j->Recurse();
		61	}
		62	@@ -1258,7 +1252,7 @@ int MirrorJob::Do()
		63	if(!script_only)
		64	{
		65	ArgV *a=new ArgV("chmod");
		66	- a->Append(file->name);
		67	+ a->Append(dir_file(".",file->name));
		68	a->seek(1);
		69	ChmodJob *cj=new ChmodJob(target_session->Clone(),
		70	file->mode&~mode_mask,a);
		71	@@ -1380,7 +1374,7 @@ int MirrorJob::Do()
		72	if(!script_only)
		73	{
		74	ArgV *args=new ArgV("rm");
		75	- args->Append(file->name);
		76	+ args->Append(dir_file(".",file->name));
		77	args->seek(1);
		78	rmJob *j=new rmJob(source_session->Clone(),args);
		79	args->CombineTo(j->cmdline);
		80	--
		81	2.13.3
		82


diff --git a/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb b/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb index c6e37277e4..e0b6bebad4 100644 --- a/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb +++ b/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
8		8
9	SRC_URI = "http://lftp.yar.ru/ftp/lftp-${PV}.tar.bz2 \	9	SRC_URI = "http://lftp.yar.ru/ftp/lftp-${PV}.tar.bz2 \
10	file://fix-gcc-6-conflicts-signbit.patch \	10	file://fix-gcc-6-conflicts-signbit.patch \
		11	file://CVE-2018-10916.patch \
11	"	12	"
12	SRC_URI[md5sum] = "12b1fcbf13f41e9cdb0903fc670fa1f1"	13	SRC_URI[md5sum] = "12b1fcbf13f41e9cdb0903fc670fa1f1"
13	SRC_URI[sha256sum] = "c4159f056afee41866a6c2d639655bc351e6d3486bbe7758eaedb24f6a4239d5"	14	SRC_URI[sha256sum] = "c4159f056afee41866a6c2d639655bc351e6d3486bbe7758eaedb24f6a4239d5"