Merge pull request #20330 from dhewg/lrzsz

lrzsz: update to v0.12.21rc and fix a CVE
2023-01-21 16:18:37 +02:00 · 2023-01-21 16:18:37 +02:00 · b0fceb6963
commit b0fceb6963
parent 6a3d2386fa 6d6c4b21b5
5 changed files with 78 additions and 35 deletions
--- a/utils/lrzsz/Makefile
+++ b/utils/lrzsz/Makefile
@ -8,16 +8,18 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=lrzsz
-PKG_VERSION:=0.12.20
+PKG_VERSION:=0.12.21
-PKG_RELEASE:=3
+PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.gz
-PKG_SOURCE_URL:=https://ohse.de/uwe/releases/
+PKG_SOURCE_URL:=@DEBIAN/pool/main/l/lrzsz/
-PKG_HASH:=c28b36b14bddb014d9e9c97c52459852f97bd405f89113f30bee45ed92728ff1
+PKG_HASH:=3262e5df47b108d33e184ff3bf5af14ddca1ac15118ac4ed9171a57c1593ae00
 PKG_BUILD_DIR=$(BUILD_DIR)/lrzsz-990823
 PKG_MAINTAINER:=Hsing-Wang Liao <kuoruan@gmail.com>
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_LICENSE_FILES:=COPYING
 PKG_CPE_ID:=cpe:/a:lrzsz_project
 PKG_INSTALL:=1
@ -26,15 +28,24 @@ include $(INCLUDE_DIR)/package.mk
 define Package/lrzsz
  SECTION:=utils
  CATEGORY:=Utilities
-  TITLE:=X, Y and Z-modem protocols
+  TITLE:=Tools for zmodem/xmodem/ymodem file transfer
  URL:=https://ohse.de/uwe/software/lrzsz.html
 endef
 define Package/lrzsz/description
-	Transfer files in your login sessions.
+  lrzsz is a cosmetically modified zmodem/ymodem/xmodem package built
-	Very leightweight and straight forward.
+  from the public-domain version of Chuck Forsberg's rzsz package.
-	You just need a terminal client that can do
+
-	either X, Y or Z-modem file transfers.
+  These programs use error correcting protocols ({z,x,y}modem) to send
  (sz, sx, sb) and receive (rz, rx, rb) files over a dial-in serial port
  from a variety of programs running under various operating systems.
 endef
 # to stop automake from running, the bundled autohell crap is too old
 define Build/Configure
 	touch $(PKG_BUILD_DIR)/*
 	touch $(PKG_BUILD_DIR)/*/*
 	$(call Build/Configure/Default)
 endef
 define Package/lrzsz/install
--- a/utils/lrzsz/patches/001-siginterrupt-after-the-call-to-signal-otherwise-ymod.patch
+++ b/utils/lrzsz/patches/001-siginterrupt-after-the-call-to-signal-otherwise-ymod.patch
@ -0,0 +1,22 @@
 From 89fef6d8dc539ed6225b46b8e755e08bbf48d27b Mon Sep 17 00:00:00 2001
 From: Uwe Ohse <uwe@ohse.de>
 Date: Sun, 1 Mar 2020 22:34:24 +0000
 Subject: [PATCH] siginterrupt after the call to signal, otherwise ymodem
 transfer hangs. WTF?
 ---
 src/zreadline.c | 3 +++
 1 file changed, 3 insertions(+)
 --- a/src/zreadline.c
 +++ b/src/zreadline.c
@@ -71,6 +71,9 @@ readline_internal(unsigned int timeout)
 			vstringf("Calling read: alarm=%d  Readnum=%d ",
 			  n, readline_readnum);
 		signal(SIGALRM, zreadline_alarm_handler); 
 +#ifdef HAVE_SIGINTERRUPT
 +		siginterrupt(SIGALRM,1);
 +#endif  
 		alarm(n);
 	}
 	else if (Verbose > 5)
--- a/utils/lrzsz/patches/002-may-be-security-fix-avoid-possible-underflow.patch
+++ b/utils/lrzsz/patches/002-may-be-security-fix-avoid-possible-underflow.patch
@ -0,0 +1,28 @@
 From a7c525191aa725f4ebb7b489cdd7dd854a4e42fb Mon Sep 17 00:00:00 2001
 From: Uwe Ohse <uwe@ohse.de>
 Date: Sun, 1 Mar 2020 22:35:28 +0000
 Subject: [PATCH] may-be-security-fix: avoid possible underflow
 Fixes: CVE-2018-10195
 [a.heider: mention CVE in commit message]
 ---
 src/zm.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 --- a/src/zm.c
 +++ b/src/zm.c
@@ -432,10 +432,11 @@ zsdata(const char *buf, size_t length, i
 	VPRINTF(3,("zsdata: %lu %s", (unsigned long) length, 
 		Zendnames[(frameend-ZCRCE)&3]));
 	crc = 0;
 -	do {
 +	while (length>0) {
 		zsendline(*buf); crc = updcrc((0377 & *buf), crc);
 		buf++;
 -	} while (--length>0);
 +		length--;
 +	}
 	xsendline(ZDLE); xsendline(frameend);
 	crc = updcrc(frameend, crc);
--- a/utils/lrzsz/patches/100-install_delete_fix.patch
+++ b/utils/lrzsz/patches/100-install_delete_fix.patch
@ -1,6 +1,6 @@
 --- a/src/Makefile.in
 +++ b/src/Makefile.in
-@@ -372,13 +372,13 @@ install-exec-local:
+@@ -414,13 +414,13 @@ install-exec-local:
 	rm -f $(DESTDIR)/$(bindir)/`echo lsb | sed -e '$(transform)'`
 	ln $(DESTDIR)/$(bindir)/`echo lsz |sed -e '$(transform)'` \
 		$(DESTDIR)/$(bindir)/`echo lsb |sed -e '$(transform)'` 
--- a/utils/lrzsz/patches/200-format.patch
+++ b/utils/lrzsz/patches/200-format.patch
@ -10,7 +10,7 @@
 --- a/src/lrz.c
 +++ b/src/lrz.c
-@@ -2319,7 +2319,7 @@ exec2(const char *s)
+@@ -2296,7 +2296,7 @@ exec2(const char *s)
 	if (*s == '!')
 		++s;
 	io_mode(0,0);
@ -31,7 +31,7 @@
 #endif
 --- a/src/lsz.c
 +++ b/src/lsz.c
-@@ -1997,7 +1997,7 @@ zsendfdata (struct zm_fileinfo *zi)
+@@ -1988,7 +1988,7 @@ zsendfdata (struct zm_fileinfo *zi)
 		blklen = calc_blklen (total_sent);
 		total_sent += blklen + OVERHEAD;
 		if (Verbose > 2 && blklen != old)
@ -40,29 +40,9 @@
 #ifdef HAVE_MMAP
 		if (mm_addr) {
 			if (zi->bytes_sent + blklen < mm_size)
 --- a/src/tcp.c
 +++ b/src/tcp.c
@@ -56,7 +56,7 @@ tcp_server (char *buf)
 	struct sockaddr_in s;
 	struct sockaddr_in t;
 	int on=1;
 -	size_t len;
 +	socklen_t len;
 	if ((sock = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
 		error(1,errno,"socket");
@@ -91,7 +91,7 @@ tcp_accept (int d)
 {
 	int so;
 	struct  sockaddr_in s;
 -	size_t namelen;
 +	socklen_t namelen;
 	int num=0;
 	namelen = sizeof(s);
 --- a/src/zm.c
 +++ b/src/zm.c
-@@ -451,7 +451,7 @@ zsda32(const char *buf, size_t length, i
+@@ -453,7 +453,7 @@ zsda32(const char *buf, size_t length, i
 	int c;
 	unsigned long crc;
 	int i;
@ -73,7 +53,7 @@
 	zsendline_s(buf,length);
 --- a/src/zreadline.c
 +++ b/src/zreadline.c
-@@ -68,13 +68,13 @@ readline_internal(unsigned int timeout)
+@@ -68,7 +68,7 @@ readline_internal(unsigned int timeout)
 		else if (n==0)
 			n=1;
 		if (Verbose > 5)
@ -81,6 +61,8 @@
 +			vstringf("Calling read: alarm=%u  Readnum=%zu ",
 			  n, readline_readnum);
 		signal(SIGALRM, zreadline_alarm_handler); 
 #ifdef HAVE_SIGINTERRUPT
@@ -77,7 +77,7 @@ readline_internal(unsigned int timeout)
 		alarm(n);
 	}
 	else if (Verbose > 5)