summaryrefslogtreecommitdiff
path: root/yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1
diff options
context:
space:
mode:
Diffstat (limited to 'yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1')
-rw-r--r--yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch135
-rw-r--r--yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch101
2 files changed, 236 insertions, 0 deletions
diff --git a/yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch b/yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch
new file mode 100644
index 000000000..5ece5420a
--- /dev/null
+++ b/yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch
@@ -0,0 +1,135 @@
+From 962f8b90045ab331fc04c9e65f80f1a53e68243b Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayned@samba.org>
+Date: Wed, 31 Dec 2014 12:41:03 -0800
+Subject: [PATCH] Complain if an inc-recursive path is not right for its dir.
+ This ensures that a malicious sender can't use a just-sent symlink as a
+ trasnfer path.
+
+Upstream-Status: BackPort
+
+Fix the CVE-2014-9512, rsync 3.1.1 allows remote attackers to write to arbitrary
+files via a symlink attack on a file in the synchronization path.
+
+BackPort and fix this patch to make it able to apply to source code
+
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ flist.c | 22 ++++++++++++++++++++--
+ io.c | 2 +-
+ main.c | 4 ++--
+ rsync.c | 2 +-
+ proto.h | 2 +-
+ 6 files changed, 31 insertions(+), 8 deletions(-)
+
+diff --git a/flist.c b/flist.c
+index c24672e..92e4b65 100644
+--- a/flist.c
++++ b/flist.c
+@@ -2435,8 +2435,9 @@ struct file_list *send_file_list(int f, int argc, char *argv[])
+ return flist;
+ }
+
+-struct file_list *recv_file_list(int f)
++struct file_list *recv_file_list(int f, int dir_ndx)
+ {
++ const char *good_dirname = NULL;
+ struct file_list *flist;
+ int dstart, flags;
+ int64 start_read;
+@@ -2492,6 +2493,23 @@ struct file_list *recv_file_list(int f)
+ flist_expand(flist, 1);
+ file = recv_file_entry(f, flist, flags);
+
++ if (inc_recurse) {
++ static const char empty_dir[] = "\0";
++ const char *cur_dir = file->dirname ? file->dirname : empty_dir;
++ if (relative_paths && *cur_dir == '/')
++ cur_dir++;
++ if (cur_dir != good_dirname) {
++ const char *d = dir_ndx >= 0 ? f_name(dir_flist->files[dir_ndx], NULL) : empty_dir;
++ if (strcmp(cur_dir, d) != 0) {
++ rprintf(FERROR,
++ "ABORTING due to invalid dir prefix from sender: %s (should be: %s)\n",
++ cur_dir, d);
++ exit_cleanup(RERR_PROTOCOL);
++ }
++ good_dirname = cur_dir;
++ }
++ }
++
+ if (S_ISREG(file->mode)) {
+ /* Already counted */
+ } else if (S_ISDIR(file->mode)) {
+@@ -2615,7 +2633,7 @@ void recv_additional_file_list(int f)
+ rprintf(FINFO, "[%s] receiving flist for dir %d\n",
+ who_am_i(), ndx);
+ }
+- flist = recv_file_list(f);
++ flist = recv_file_list(f, ndx);
+ flist->parent_ndx = ndx;
+ }
+ }
+diff --git a/io.c b/io.c
+index b9a9bd0..a868fa9 100644
+--- a/io.c
++++ b/io.c
+@@ -1685,7 +1685,7 @@ void wait_for_receiver(void)
+ rprintf(FINFO, "[%s] receiving flist for dir %d\n",
+ who_am_i(), ndx);
+ }
+- flist = recv_file_list(iobuf.in_fd);
++ flist = recv_file_list(iobuf.in_fd, ndx);
+ flist->parent_ndx = ndx;
+ #ifdef SUPPORT_HARD_LINKS
+ if (preserve_hard_links)
+diff --git a/main.c b/main.c
+index e7a13f7..713b818 100644
+--- a/main.c
++++ b/main.c
+@@ -1009,7 +1009,7 @@ static void do_server_recv(int f_in, int f_out, int argc, char *argv[])
+ filesfrom_fd = -1;
+ }
+
+- flist = recv_file_list(f_in);
++ flist = recv_file_list(f_in, -1);
+ if (!flist) {
+ rprintf(FERROR,"server_recv: recv_file_list error\n");
+ exit_cleanup(RERR_FILESELECT);
+@@ -1183,7 +1183,7 @@ int client_run(int f_in, int f_out, pid_t pid, int argc, char *argv[])
+
+ if (write_batch && !am_server)
+ start_write_batch(f_in);
+- flist = recv_file_list(f_in);
++ flist = recv_file_list(f_in, -1);
+ if (inc_recurse && file_total == 1)
+ recv_additional_file_list(f_in);
+
+diff --git a/rsync.c b/rsync.c
+index 68ff6b1..c3ecc51 100644
+--- a/rsync.c
++++ b/rsync.c
+@@ -364,7 +364,7 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr,
+ }
+ /* Send all the data we read for this flist to the generator. */
+ start_flist_forward(ndx);
+- flist = recv_file_list(f_in);
++ flist = recv_file_list(f_in, ndx);
+ flist->parent_ndx = ndx;
+ stop_flist_forward();
+ }
+diff --git a/proto.h b/proto.h
+index 22fc539..247c558 100644
+--- a/proto.h
++++ b/proto.h
+@@ -89,7 +89,7 @@ struct file_struct *make_file(const char *fname, struct file_list *flist,
+ void unmake_file(struct file_struct *file);
+ void send_extra_file_list(int f, int at_least);
+ struct file_list *send_file_list(int f, int argc, char *argv[]);
+-struct file_list *recv_file_list(int f);
++struct file_list *recv_file_list(int f, int dir_ndx);
+ void recv_additional_file_list(int f);
+ int flist_find(struct file_list *flist, struct file_struct *f);
+ int flist_find_ignore_dirness(struct file_list *flist, struct file_struct *f);
+--
+1.9.1
+
diff --git a/yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch b/yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch
new file mode 100644
index 000000000..1fcac490a
--- /dev/null
+++ b/yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch
@@ -0,0 +1,101 @@
+From eac858085e3ac94ec0ab5061d11f52652c90a869 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayned@samba.org>
+Date: Mon, 11 May 2015 12:36:20 -0700
+Subject: [PATCH 1/1] Add compat flag to allow proper seed checksum order.
+ Fixes the equivalent of librsync's CVE-2014-8242 issue.
+
+Upstream-Status: Backport
+
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ checksum.c | 17 +++++++++++++----
+ compat.c | 5 +++++
+ options.c | 1 +
+ 3 files changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/checksum.c b/checksum.c
+index a1c2aa2..933b514 100644
+--- a/checksum.c
++++ b/checksum.c
+@@ -23,6 +23,7 @@
+
+ extern int checksum_seed;
+ extern int protocol_version;
++extern int proper_seed_order;
+
+ /*
+ a simple 32 bit checksum that can be upadted from either end
+@@ -54,10 +55,18 @@ void get_checksum2(char *buf, int32 len, char *sum)
+ if (protocol_version >= 30) {
+ uchar seedbuf[4];
+ md5_begin(&m);
+- md5_update(&m, (uchar *)buf, len);
+- if (checksum_seed) {
+- SIVALu(seedbuf, 0, checksum_seed);
+- md5_update(&m, seedbuf, 4);
++ if (proper_seed_order) {
++ if (checksum_seed) {
++ SIVALu(seedbuf, 0, checksum_seed);
++ md5_update(&m, seedbuf, 4);
++ }
++ md5_update(&m, (uchar *)buf, len);
++ } else {
++ md5_update(&m, (uchar *)buf, len);
++ if (checksum_seed) {
++ SIVALu(seedbuf, 0, checksum_seed);
++ md5_update(&m, seedbuf, 4);
++ }
+ }
+ md5_result(&m, (uchar *)sum);
+ } else {
+diff --git a/compat.c b/compat.c
+index 2454937..f89d466 100644
+--- a/compat.c
++++ b/compat.c
+@@ -27,6 +27,7 @@ int inc_recurse = 0;
+ int compat_flags = 0;
+ int use_safe_inc_flist = 0;
+ int want_xattr_optim = 0;
++int proper_seed_order = 0;
+
+ extern int am_server;
+ extern int am_sender;
+@@ -78,6 +79,7 @@ int filesfrom_convert = 0;
+ #define CF_SYMLINK_ICONV (1<<2)
+ #define CF_SAFE_FLIST (1<<3)
+ #define CF_AVOID_XATTR_OPTIM (1<<4)
++#define CF_CHKSUM_SEED_FIX (1<<5)
+
+ static const char *client_info;
+
+@@ -271,12 +273,15 @@ void setup_protocol(int f_out,int f_in)
+ compat_flags |= CF_SAFE_FLIST;
+ if (local_server || strchr(client_info, 'x') != NULL)
+ compat_flags |= CF_AVOID_XATTR_OPTIM;
++ if (local_server || strchr(client_info, 'C') != NULL)
++ compat_flags |= CF_CHKSUM_SEED_FIX;
+ write_byte(f_out, compat_flags);
+ } else
+ compat_flags = read_byte(f_in);
+ /* The inc_recurse var MUST be set to 0 or 1. */
+ inc_recurse = compat_flags & CF_INC_RECURSE ? 1 : 0;
+ want_xattr_optim = protocol_version >= 31 && !(compat_flags & CF_AVOID_XATTR_OPTIM);
++ proper_seed_order = compat_flags & CF_CHKSUM_SEED_FIX ? 1 : 0;
+ if (am_sender) {
+ receiver_symlink_times = am_server
+ ? strchr(client_info, 'L') != NULL
+diff --git a/options.c b/options.c
+index 19c2b7d..4128b59 100644
+--- a/options.c
++++ b/options.c
+@@ -2503,6 +2503,7 @@ void server_options(char **args, int *argc_p)
+ #endif
+ argstr[x++] = 'f'; /* flist I/O-error safety support */
+ argstr[x++] = 'x'; /* xattr hardlink optimization not desired */
++ argstr[x++] = 'C'; /* support checksum seed order fix */
+ }
+
+ if (x >= (int)sizeof argstr) { /* Not possible... */
+--
+1.9.1
+
generated by cgit v1.2.3 (git 2.39.0) at 2024-09-13 20:03:15 +0300