diff --git a/utils/lrzsz/Makefile b/utils/lrzsz/Makefile index 9eab1b6813..5eb6f81e85 100644 --- a/utils/lrzsz/Makefile +++ b/utils/lrzsz/Makefile @@ -8,16 +8,18 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lrzsz -PKG_VERSION:=0.12.20 -PKG_RELEASE:=3 +PKG_VERSION:=0.12.21 +PKG_RELEASE:=1 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://ohse.de/uwe/releases/ -PKG_HASH:=c28b36b14bddb014d9e9c97c52459852f97bd405f89113f30bee45ed92728ff1 +PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.gz +PKG_SOURCE_URL:=@DEBIAN/pool/main/l/lrzsz/ +PKG_HASH:=3262e5df47b108d33e184ff3bf5af14ddca1ac15118ac4ed9171a57c1593ae00 +PKG_BUILD_DIR=$(BUILD_DIR)/lrzsz-990823 PKG_MAINTAINER:=Hsing-Wang Liao PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=COPYING +PKG_CPE_ID:=cpe:/a:lrzsz_project PKG_INSTALL:=1 @@ -26,15 +28,24 @@ include $(INCLUDE_DIR)/package.mk define Package/lrzsz SECTION:=utils CATEGORY:=Utilities - TITLE:=X, Y and Z-modem protocols + TITLE:=Tools for zmodem/xmodem/ymodem file transfer URL:=https://ohse.de/uwe/software/lrzsz.html endef define Package/lrzsz/description - Transfer files in your login sessions. - Very leightweight and straight forward. - You just need a terminal client that can do - either X, Y or Z-modem file transfers. + lrzsz is a cosmetically modified zmodem/ymodem/xmodem package built + from the public-domain version of Chuck Forsberg's rzsz package. + + These programs use error correcting protocols ({z,x,y}modem) to send + (sz, sx, sb) and receive (rz, rx, rb) files over a dial-in serial port + from a variety of programs running under various operating systems. +endef + +# to stop automake from running, the bundled autohell crap is too old +define Build/Configure + touch $(PKG_BUILD_DIR)/* + touch $(PKG_BUILD_DIR)/*/* + $(call Build/Configure/Default) endef define Package/lrzsz/install diff --git a/utils/lrzsz/patches/001-siginterrupt-after-the-call-to-signal-otherwise-ymod.patch b/utils/lrzsz/patches/001-siginterrupt-after-the-call-to-signal-otherwise-ymod.patch new file mode 100644 index 0000000000..730d466897 --- /dev/null +++ b/utils/lrzsz/patches/001-siginterrupt-after-the-call-to-signal-otherwise-ymod.patch @@ -0,0 +1,22 @@ +From 89fef6d8dc539ed6225b46b8e755e08bbf48d27b Mon Sep 17 00:00:00 2001 +From: Uwe Ohse +Date: Sun, 1 Mar 2020 22:34:24 +0000 +Subject: [PATCH] siginterrupt after the call to signal, otherwise ymodem + transfer hangs. WTF? + +--- + src/zreadline.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/src/zreadline.c ++++ b/src/zreadline.c +@@ -71,6 +71,9 @@ readline_internal(unsigned int timeout) + vstringf("Calling read: alarm=%d Readnum=%d ", + n, readline_readnum); + signal(SIGALRM, zreadline_alarm_handler); ++#ifdef HAVE_SIGINTERRUPT ++ siginterrupt(SIGALRM,1); ++#endif + alarm(n); + } + else if (Verbose > 5) diff --git a/utils/lrzsz/patches/002-may-be-security-fix-avoid-possible-underflow.patch b/utils/lrzsz/patches/002-may-be-security-fix-avoid-possible-underflow.patch new file mode 100644 index 0000000000..81ec959639 --- /dev/null +++ b/utils/lrzsz/patches/002-may-be-security-fix-avoid-possible-underflow.patch @@ -0,0 +1,28 @@ +From a7c525191aa725f4ebb7b489cdd7dd854a4e42fb Mon Sep 17 00:00:00 2001 +From: Uwe Ohse +Date: Sun, 1 Mar 2020 22:35:28 +0000 +Subject: [PATCH] may-be-security-fix: avoid possible underflow + +Fixes: CVE-2018-10195 + +[a.heider: mention CVE in commit message] +--- + src/zm.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/src/zm.c ++++ b/src/zm.c +@@ -432,10 +432,11 @@ zsdata(const char *buf, size_t length, i + VPRINTF(3,("zsdata: %lu %s", (unsigned long) length, + Zendnames[(frameend-ZCRCE)&3])); + crc = 0; +- do { ++ while (length>0) { + zsendline(*buf); crc = updcrc((0377 & *buf), crc); + buf++; +- } while (--length>0); ++ length--; ++ } + xsendline(ZDLE); xsendline(frameend); + crc = updcrc(frameend, crc); + diff --git a/utils/lrzsz/patches/100-install_delete_fix.patch b/utils/lrzsz/patches/100-install_delete_fix.patch index 7f3995d519..7263ab8434 100644 --- a/utils/lrzsz/patches/100-install_delete_fix.patch +++ b/utils/lrzsz/patches/100-install_delete_fix.patch @@ -1,6 +1,6 @@ --- a/src/Makefile.in +++ b/src/Makefile.in -@@ -372,13 +372,13 @@ install-exec-local: +@@ -414,13 +414,13 @@ install-exec-local: rm -f $(DESTDIR)/$(bindir)/`echo lsb | sed -e '$(transform)'` ln $(DESTDIR)/$(bindir)/`echo lsz |sed -e '$(transform)'` \ $(DESTDIR)/$(bindir)/`echo lsb |sed -e '$(transform)'` diff --git a/utils/lrzsz/patches/200-format.patch b/utils/lrzsz/patches/200-format.patch index 0e244a0e27..26b86c16a4 100644 --- a/utils/lrzsz/patches/200-format.patch +++ b/utils/lrzsz/patches/200-format.patch @@ -10,7 +10,7 @@ --- a/src/lrz.c +++ b/src/lrz.c -@@ -2319,7 +2319,7 @@ exec2(const char *s) +@@ -2296,7 +2296,7 @@ exec2(const char *s) if (*s == '!') ++s; io_mode(0,0); @@ -31,7 +31,7 @@ #endif --- a/src/lsz.c +++ b/src/lsz.c -@@ -1997,7 +1997,7 @@ zsendfdata (struct zm_fileinfo *zi) +@@ -1988,7 +1988,7 @@ zsendfdata (struct zm_fileinfo *zi) blklen = calc_blklen (total_sent); total_sent += blklen + OVERHEAD; if (Verbose > 2 && blklen != old) @@ -40,29 +40,9 @@ #ifdef HAVE_MMAP if (mm_addr) { if (zi->bytes_sent + blklen < mm_size) ---- a/src/tcp.c -+++ b/src/tcp.c -@@ -56,7 +56,7 @@ tcp_server (char *buf) - struct sockaddr_in s; - struct sockaddr_in t; - int on=1; -- size_t len; -+ socklen_t len; - - if ((sock = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { - error(1,errno,"socket"); -@@ -91,7 +91,7 @@ tcp_accept (int d) - { - int so; - struct sockaddr_in s; -- size_t namelen; -+ socklen_t namelen; - int num=0; - - namelen = sizeof(s); --- a/src/zm.c +++ b/src/zm.c -@@ -451,7 +451,7 @@ zsda32(const char *buf, size_t length, i +@@ -453,7 +453,7 @@ zsda32(const char *buf, size_t length, i int c; unsigned long crc; int i; @@ -73,7 +53,7 @@ zsendline_s(buf,length); --- a/src/zreadline.c +++ b/src/zreadline.c -@@ -68,13 +68,13 @@ readline_internal(unsigned int timeout) +@@ -68,7 +68,7 @@ readline_internal(unsigned int timeout) else if (n==0) n=1; if (Verbose > 5) @@ -81,6 +61,8 @@ + vstringf("Calling read: alarm=%u Readnum=%zu ", n, readline_readnum); signal(SIGALRM, zreadline_alarm_handler); + #ifdef HAVE_SIGINTERRUPT +@@ -77,7 +77,7 @@ readline_internal(unsigned int timeout) alarm(n); } else if (Verbose > 5)