[packages/lftp] - up to 4.6.2; fixes CVE-2014-0139
arekm
arekm at pld-linux.org
Mon Apr 20 20:50:51 CEST 2015
commit 44954320856d5f1f30723cd86246e1dddc2e72f7
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Mon Apr 20 20:50:44 2015 +0200
- up to 4.6.2; fixes CVE-2014-0139
lftp-bug-121.patch | 145 ------------------------------------------------
lftp-pl.po-update.patch | 2 +-
lftp.spec | 8 +--
3 files changed, 4 insertions(+), 151 deletions(-)
---
diff --git a/lftp.spec b/lftp.spec
index 3cb2a64..71cda6c 100644
--- a/lftp.spec
+++ b/lftp.spec
@@ -23,12 +23,12 @@ Summary(pl.UTF-8): Zaawansowany klient FTP/HTTP
Summary(pt_BR.UTF-8): Sofisticado programa de transferência de arquivos (cliente FTP/HTTP)
Summary(zh_CN.UTF-8): lftp 客户端程序
Name: lftp
-Version: 4.6.1
-Release: 3
+Version: 4.6.2
+Release: 1
License: GPL v3+
Group: Applications/Networking
Source0: http://lftp.yar.ru/ftp/%{name}-%{version}.tar.xz
-# Source0-md5: e204e68ee2438da67644cc239de7c465
+# Source0-md5: 487c064ee1bd732e5f95928e530435a8
Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-man-pages.tar.bz2
# Source1-md5: cdad8fb5342eebd9916eccefc98a855b
Source2: %{name}.desktop
@@ -41,7 +41,6 @@ Patch2: aliases.patch
Patch3: %{name}-pl.po-update.patch
Patch4: lftp-4.3.8-gets.patch
Patch5: %{name}-am.patch
-Patch6: lftp-bug-121.patch
URL: http://lftp.yar.ru/
BuildRequires: autoconf >= 2.60
BuildRequires: automake
@@ -100,7 +99,6 @@ o arquivo FEATURES para uma lista mais detalhada.
%patch3 -p1
%patch4 -p1
%patch5 -p1
-%patch6 -p1
%{__rm} po/stamp-po
diff --git a/lftp-bug-121.patch b/lftp-bug-121.patch
deleted file mode 100644
index 88702fd..0000000
--- a/lftp-bug-121.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-From 8e8e146c9763635d510c8a065c2c143068dc58d6 Mon Sep 17 00:00:00 2001
-From: "Alexander V. Lukyanov" <lavv17f at gmail.com>
-Date: Wed, 21 Jan 2015 19:28:52 +0300
-Subject: [PATCH] (ArgV::CombineShellQuoted) new method; use it for FishDirList
-
-This fixes a problem with ls (fish protocol) when called with an
-argument containing spaces and other special symbols.
----
- src/ArgV.cc | 19 +++++++++++++++++++
- src/ArgV.h | 4 ++++
- src/Fish.h | 2 +-
- src/misc.cc | 41 ++++++++++++++++++++++-------------------
- src/misc.h | 1 +
- 5 files changed, 47 insertions(+), 20 deletions(-)
-
-diff --git a/src/ArgV.cc b/src/ArgV.cc
-index fdf9379..785966d 100644
---- a/src/ArgV.cc
-+++ b/src/ArgV.cc
-@@ -72,6 +72,25 @@ char *ArgV::Combine(int start,int end) const
- }
- }
-
-+char *ArgV::CombineShellQuoted(int start) const
-+{
-+ xstring res("");
-+ if(start>=Count())
-+ return res.borrow();
-+ for(;;)
-+ {
-+ for(const char *arg=String(start++); *arg; arg++)
-+ {
-+ if (is_shell_special(*arg))
-+ res.append('\\');
-+ res.append(*arg);
-+ }
-+ if(start>=Count())
-+ return(res.borrow());
-+ res.append(' ');
-+ }
-+}
-+
- int ArgV::getopt_long(const char *opts,const struct option *lopts,int *lind)
- {
- optind=ind;
-diff --git a/src/ArgV.h b/src/ArgV.h
-index 442d6a3..c911733 100644
---- a/src/ArgV.h
-+++ b/src/ArgV.h
-@@ -42,6 +42,10 @@ class ArgV : public StringSet
- void Add(const char *a) { Append(a); } // alias
-
- char *Combine(int start_index=0,int end_index=0) const;
-+
-+ // for the UNIX shell
-+ char *CombineShellQuoted(int start) const;
-+ // for lftp's CmdExec
- char *CombineQuoted(int start_index=0) const;
- char *CombineCmd(int i=0) const;
-
-diff --git a/src/Fish.h b/src/Fish.h
-index dd9112d..5493e59 100644
---- a/src/Fish.h
-+++ b/src/Fish.h
-@@ -150,7 +150,7 @@ class FishDirList : public DirList
-
- public:
- FishDirList(Fish *s,ArgV *a)
-- : DirList(s,a), pattern(args->Combine(1)) {}
-+ : DirList(s,a), pattern(args->CombineShellQuoted(1)) {}
- const char *Status();
- int Do();
-
-diff --git a/src/misc.cc b/src/misc.cc
-index 9e253ef..b31e523 100644
---- a/src/misc.cc
-+++ b/src/misc.cc
-@@ -882,6 +882,26 @@ const char *memrchr(const char *buf,char c,size_t len)
- return 0;
- }
-
-+bool is_shell_special(char c)
-+{
-+ switch (c)
-+ {
-+ case '\'':
-+ case '(': case ')':
-+ case '!': case '{': case '}': /* reserved words */
-+ case '^':
-+ case '$': case '`': /* expansion chars */
-+ case '*': case '[': case '?': case ']': /* globbing chars */
-+ case ' ': case '\t': case '\n': /* IFS white space */
-+ case '"': case '\\': /* quoting chars */
-+ case '|': case '&': case ';': /* shell metacharacters */
-+ case '<': case '>':
-+ case '#': /* comment char */
-+ return true;
-+ }
-+ return false;
-+}
-+
- const xstring& shell_encode(const char *string)
- {
- if(!string)
-@@ -901,26 +921,9 @@ const xstring& shell_encode(const char *string)
- int c;
- for (const char *s = string; s && (c = *s); s++)
- {
-- switch (c)
-- {
-- case '\'':
-- case '(': case ')':
-- case '!': case '{': case '}': /* reserved words */
-- case '^':
-- case '$': case '`': /* expansion chars */
-- case '*': case '[': case '?': case ']': /* globbing chars */
-- case ' ': case '\t': case '\n': /* IFS white space */
-- case '"': case '\\': /* quoting chars */
-- case '|': case '&': case ';': /* shell metacharacters */
-- case '<': case '>':
-- case '#': /* comment char */
-+ if (is_shell_special(c))
- *r++ = '\\';
-- *r++ = c;
-- break;
-- default:
-- *r++ = c;
-- break;
-- }
-+ *r++ = c;
- }
- result.set_length(r-result);
- return (result);
-diff --git a/src/misc.h b/src/misc.h
-index 4cda301..f93d25e 100644
---- a/src/misc.h
-+++ b/src/misc.h
-@@ -123,6 +123,7 @@ static inline char *memrchr(char *buf,char c,size_t len) {
- return const_cast<char*>(memrchr(const_cast<const char*>(buf),c,len));
- }
-
-+bool is_shell_special(char c);
- const xstring& shell_encode(const char *);
- void remove_tags(char *buf);
- void rtrim(char *s);
diff --git a/lftp-pl.po-update.patch b/lftp-pl.po-update.patch
index 40785ad..cd6d293 100644
--- a/lftp-pl.po-update.patch
+++ b/lftp-pl.po-update.patch
@@ -27,7 +27,7 @@
@@ -673,9 +673,9 @@
msgstr "Usuwanie starego katalogu `%s'"
- #: src/MirrorJob.cc:1252
+ #: src/MirrorJob.cc:1253
-#, fuzzy, c-format
+#, c-format
msgid "Removing source file `%s'"
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/lftp.git/commitdiff/44954320856d5f1f30723cd86246e1dddc2e72f7
More information about the pld-cvs-commit
mailing list