mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
netkit-rsh: security fixes
Fix CVE-2019-7282, CVE-2019-7283 References: https://nvd.nist.gov/vuln/detail/CVE-2019-7282 https://nvd.nist.gov/vuln/detail/CVE-2019-7283 Patch from: https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
+33
@@ -0,0 +1,33 @@
|
|||||||
|
From a7831a16c3e0e1463d5eb08a58af152cb75ca976 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Yi Zhao <yi.zhao@windriver.com>
|
||||||
|
Date: Mon, 15 Apr 2019 06:05:58 +0000
|
||||||
|
Subject: [PATCH] Fix CVE-2019-7282 and CVE-2019-7283
|
||||||
|
|
||||||
|
Description: Fix CVE-2018-20685 and CVE-2019-6111
|
||||||
|
Bug-Debian: https://bugs.debian.org/920486
|
||||||
|
Origin: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2#diff-9f340c228413d5a9a9206ea2ed2bc624R1114
|
||||||
|
|
||||||
|
Upstream-Status: Backport [Debian]
|
||||||
|
[https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch]
|
||||||
|
|
||||||
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
||||||
|
---
|
||||||
|
rcp/rcp.c | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/rcp/rcp.c b/rcp/rcp.c
|
||||||
|
index ca61c18..77d8ff8 100644
|
||||||
|
--- a/rcp/rcp.c
|
||||||
|
+++ b/rcp/rcp.c
|
||||||
|
@@ -740,6 +740,11 @@ sink(int argc, char *argv[])
|
||||||
|
size = size * 10 + (*cp++ - '0');
|
||||||
|
if (*cp++ != ' ')
|
||||||
|
SCREWUP("size not delimited");
|
||||||
|
+ if (*cp == '\0' || strchr(cp, '/') != NULL ||
|
||||||
|
+ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
|
||||||
|
+ error("error: unexpected filename: %s", cp);
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
if (targisdir) {
|
||||||
|
static char *namebuf;
|
||||||
|
static int cursize;
|
||||||
@@ -16,6 +16,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-rsh/netkit-rsh_${PV}.orig.tar.gz;name=
|
|||||||
file://netkit-rsh-0.17-rexec-ipv6.patch \
|
file://netkit-rsh-0.17-rexec-ipv6.patch \
|
||||||
file://fix-host-variable.patch \
|
file://fix-host-variable.patch \
|
||||||
file://fixup_wait3_api_change.patch \
|
file://fixup_wait3_api_change.patch \
|
||||||
|
file://CVE-2019-7282-and-CVE-2019-7283.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI[archive.md5sum] = "65f5f28e2fe22d9ad8b17bb9a10df096"
|
SRC_URI[archive.md5sum] = "65f5f28e2fe22d9ad8b17bb9a10df096"
|
||||||
|
|||||||
Reference in New Issue
Block a user