* [PATCH 1/3] lftp: update from 4.8.3 to 4.8.4
@ 2018-09-05 18:15 Randy MacLeod
2018-09-05 18:15 ` [PATCH 2/3] hwdata: 0.312 -> 0.315 Randy MacLeod
2018-09-05 18:15 ` [PATCH 3/3] vim/vim-tiny: upgrade 8.1.0172 -> 8.1.0347 Randy MacLeod
0 siblings, 2 replies; 3+ messages in thread
From: Randy MacLeod @ 2018-09-05 18:15 UTC (permalink / raw)
To: openembedded-devel
Drop upstreamed CVE fix:
a27e07d9 mirror: prepend ./ to rm and chmod arguments to avoid URL recognition (fix #452)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
---
.../lftp/files/CVE-2018-10916.patch | 82 -------------------
.../lftp/{lftp_4.8.3.bb => lftp_4.8.4.bb} | 5 +-
2 files changed, 2 insertions(+), 85 deletions(-)
delete mode 100644 meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
rename meta-networking/recipes-connectivity/lftp/{lftp_4.8.3.bb => lftp_4.8.4.bb} (87%)
diff --git a/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch b/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
deleted file mode 100644
index c0e87d942..000000000
--- a/meta-networking/recipes-connectivity/lftp/files/CVE-2018-10916.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From a27e07d90a4608ceaf928b1babb27d4d803e1992 Mon Sep 17 00:00:00 2001
-From: "Alexander V. Lukyanov" <lavv17f@gmail.com>
-Date: Tue, 31 Jul 2018 10:57:35 +0300
-Subject: [PATCH] mirror: prepend ./ to rm and chmod arguments to avoid URL
- recognition (fix #452)
-
-CVE: CVE-2018-10916
-Upstream-Status: Backport from v4.8.4
-
-Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
----
- src/MirrorJob.cc | 24 +++++++++---------------
- 1 file changed, 9 insertions(+), 15 deletions(-)
-
-diff --git a/src/MirrorJob.cc b/src/MirrorJob.cc
-index cf106c40..0be45431 100644
---- a/src/MirrorJob.cc
-+++ b/src/MirrorJob.cc
-@@ -1164,24 +1164,21 @@ int MirrorJob::Do()
- }
- continue;
- }
-+ bool use_rmdir = (file->TypeIs(file->DIRECTORY)
-+ && recursion_mode==RECURSION_NEVER);
- if(script)
- {
-- ArgV args("rm");
-- if(file->TypeIs(file->DIRECTORY))
-- {
-- if(recursion_mode==RECURSION_NEVER)
-- args.setarg(0,"rmdir");
-- else
-- args.Append("-r");
-- }
-+ ArgV args(use_rmdir?"rmdir":"rm");
-+ if(file->TypeIs(file->DIRECTORY) && !use_rmdir)
-+ args.Append("-r");
- args.Append(target_session->GetFileURL(file->name));
- xstring_ca cmd(args.CombineQuoted());
- fprintf(script,"%s\n",cmd.get());
- }
- if(!script_only)
- {
-- ArgV *args=new ArgV("rm");
-- args->Append(file->name);
-+ ArgV *args=new ArgV(use_rmdir?"rmdir":"rm");
-+ args->Append(dir_file(".",file->name));
- args->seek(1);
- rmJob *j=new rmJob(target_session->Clone(),args);
- args->CombineTo(j->cmdline);
-@@ -1189,10 +1186,7 @@ int MirrorJob::Do()
- if(file->TypeIs(file->DIRECTORY))
- {
- if(recursion_mode==RECURSION_NEVER)
-- {
-- args->setarg(0,"rmdir");
- j->Rmdir();
-- }
- else
- j->Recurse();
- }
-@@ -1258,7 +1252,7 @@ int MirrorJob::Do()
- if(!script_only)
- {
- ArgV *a=new ArgV("chmod");
-- a->Append(file->name);
-+ a->Append(dir_file(".",file->name));
- a->seek(1);
- ChmodJob *cj=new ChmodJob(target_session->Clone(),
- file->mode&~mode_mask,a);
-@@ -1380,7 +1374,7 @@ int MirrorJob::Do()
- if(!script_only)
- {
- ArgV *args=new ArgV("rm");
-- args->Append(file->name);
-+ args->Append(dir_file(".",file->name));
- args->seek(1);
- rmJob *j=new rmJob(source_session->Clone(),args);
- args->CombineTo(j->cmdline);
---
-2.13.3
-
diff --git a/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb b/meta-networking/recipes-connectivity/lftp/lftp_4.8.4.bb
similarity index 87%
rename from meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb
rename to meta-networking/recipes-connectivity/lftp/lftp_4.8.4.bb
index e0b6bebad..bf793d91d 100644
--- a/meta-networking/recipes-connectivity/lftp/lftp_4.8.3.bb
+++ b/meta-networking/recipes-connectivity/lftp/lftp_4.8.4.bb
@@ -8,10 +8,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
SRC_URI = "http://lftp.yar.ru/ftp/lftp-${PV}.tar.bz2 \
file://fix-gcc-6-conflicts-signbit.patch \
- file://CVE-2018-10916.patch \
"
-SRC_URI[md5sum] = "12b1fcbf13f41e9cdb0903fc670fa1f1"
-SRC_URI[sha256sum] = "c4159f056afee41866a6c2d639655bc351e6d3486bbe7758eaedb24f6a4239d5"
+SRC_URI[md5sum] = "a56b5047dbfda052df4c1dfd197aa092"
+SRC_URI[sha256sum] = "a853edbd075b008c315679c7882b6dcc6821ed2365d2ed843a412acd3d40da0e"
inherit autotools gettext pkgconfig
--
2.17.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/3] hwdata: 0.312 -> 0.315
2018-09-05 18:15 [PATCH 1/3] lftp: update from 4.8.3 to 4.8.4 Randy MacLeod
@ 2018-09-05 18:15 ` Randy MacLeod
2018-09-05 18:15 ` [PATCH 3/3] vim/vim-tiny: upgrade 8.1.0172 -> 8.1.0347 Randy MacLeod
1 sibling, 0 replies; 3+ messages in thread
From: Randy MacLeod @ 2018-09-05 18:15 UTC (permalink / raw)
To: openembedded-devel
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
---
meta-oe/recipes-support/hwdata/hwdata_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta-oe/recipes-support/hwdata/hwdata_git.bb b/meta-oe/recipes-support/hwdata/hwdata_git.bb
index 83b72535c..a1c8ac746 100644
--- a/meta-oe/recipes-support/hwdata/hwdata_git.bb
+++ b/meta-oe/recipes-support/hwdata/hwdata_git.bb
@@ -5,8 +5,8 @@ SECTION = "System/Base"
LICENSE = "GPL-2.0+"
LIC_FILES_CHKSUM = "file://LICENSE;md5=1556547711e8246992b999edd9445a57"
-PV = "0.312+git${SRCPV}"
-SRCREV = "016be785fd4f5f895c6482ec484507d5a08839fa"
+PV = "0.315+git${SRCPV}"
+SRCREV = "1b8bae6352cf91d745d2205f91594e6cb8690ca8"
SRC_URI = "git://github.com/vcrhonek/${BPN}.git"
S = "${WORKDIR}/git"
--
2.17.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 3/3] vim/vim-tiny: upgrade 8.1.0172 -> 8.1.0347
2018-09-05 18:15 [PATCH 1/3] lftp: update from 4.8.3 to 4.8.4 Randy MacLeod
2018-09-05 18:15 ` [PATCH 2/3] hwdata: 0.312 -> 0.315 Randy MacLeod
@ 2018-09-05 18:15 ` Randy MacLeod
1 sibling, 0 replies; 3+ messages in thread
From: Randy MacLeod @ 2018-09-05 18:15 UTC (permalink / raw)
To: openembedded-devel
The license file changed because the vim format tag
on the last line of the file changed. Specify the
the license end line to avoid this problem.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
---
.../vim/{vim-tiny_8.1.0172.bb => vim-tiny_8.1.0347.bb} | 0
.../recipes-support/vim/{vim_8.1.0172.bb => vim_8.1.0347.bb} | 4 ++--
2 files changed, 2 insertions(+), 2 deletions(-)
rename meta-oe/recipes-support/vim/{vim-tiny_8.1.0172.bb => vim-tiny_8.1.0347.bb} (100%)
rename meta-oe/recipes-support/vim/{vim_8.1.0172.bb => vim_8.1.0347.bb} (96%)
diff --git a/meta-oe/recipes-support/vim/vim-tiny_8.1.0172.bb b/meta-oe/recipes-support/vim/vim-tiny_8.1.0347.bb
similarity index 100%
rename from meta-oe/recipes-support/vim/vim-tiny_8.1.0172.bb
rename to meta-oe/recipes-support/vim/vim-tiny_8.1.0347.bb
diff --git a/meta-oe/recipes-support/vim/vim_8.1.0172.bb b/meta-oe/recipes-support/vim/vim_8.1.0347.bb
similarity index 96%
rename from meta-oe/recipes-support/vim/vim_8.1.0172.bb
rename to meta-oe/recipes-support/vim/vim_8.1.0347.bb
index 371fe35ee..8713d66ed 100644
--- a/meta-oe/recipes-support/vim/vim_8.1.0172.bb
+++ b/meta-oe/recipes-support/vim/vim_8.1.0347.bb
@@ -6,13 +6,13 @@ DEPENDS = "ncurses gettext-native"
# vimdiff doesn't like busybox diff
RSUGGESTS_${PN} = "diffutils"
LICENSE = "vim"
-LIC_FILES_CHKSUM = "file://../runtime/doc/uganda.txt;md5=b6eb9d541de3933cc8f48125ae0335fe"
+LIC_FILES_CHKSUM = "file://../runtime/doc/uganda.txt;endline=287;md5=f1f82b42360005c70b8c19b0ef493f72"
SRC_URI = "git://github.com/vim/vim.git \
file://disable_acl_header_check.patch;patchdir=.. \
file://vim-add-knob-whether-elf.h-are-checked.patch;patchdir=.. \
"
-SRCREV = "c229e54a69468722ca2449e807e90445b7479659"
+SRCREV = "f1c118be93184e8e57e3e80b1b3383f464ed649e"
S = "${WORKDIR}/git/src"
--
2.17.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-09-05 18:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-05 18:15 [PATCH 1/3] lftp: update from 4.8.3 to 4.8.4 Randy MacLeod
2018-09-05 18:15 ` [PATCH 2/3] hwdata: 0.312 -> 0.315 Randy MacLeod
2018-09-05 18:15 ` [PATCH 3/3] vim/vim-tiny: upgrade 8.1.0172 -> 8.1.0347 Randy MacLeod
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.