diff options
Diffstat (limited to 'yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1')
2 files changed, 236 insertions, 0 deletions
diff --git a/yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch b/yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch new file mode 100644 index 000000000..5ece5420a --- /dev/null +++ b/yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch @@ -0,0 +1,135 @@ +From 962f8b90045ab331fc04c9e65f80f1a53e68243b Mon Sep 17 00:00:00 2001 +From: Wayne Davison <wayned@samba.org> +Date: Wed, 31 Dec 2014 12:41:03 -0800 +Subject: [PATCH] Complain if an inc-recursive path is not right for its dir. + This ensures that a malicious sender can't use a just-sent symlink as a + trasnfer path. + +Upstream-Status: BackPort + +Fix the CVE-2014-9512, rsync 3.1.1 allows remote attackers to write to arbitrary +files via a symlink attack on a file in the synchronization path. + +BackPort and fix this patch to make it able to apply to source code + +Signed-off-by: Roy Li <rongqing.li@windriver.com> +--- + flist.c | 22 ++++++++++++++++++++-- + io.c | 2 +- + main.c | 4 ++-- + rsync.c | 2 +- + proto.h | 2 +- + 6 files changed, 31 insertions(+), 8 deletions(-) + +diff --git a/flist.c b/flist.c +index c24672e..92e4b65 100644 +--- a/flist.c ++++ b/flist.c +@@ -2435,8 +2435,9 @@ struct file_list *send_file_list(int f, int argc, char *argv[]) + return flist; + } + +-struct file_list *recv_file_list(int f) ++struct file_list *recv_file_list(int f, int dir_ndx) + { ++ const char *good_dirname = NULL; + struct file_list *flist; + int dstart, flags; + int64 start_read; +@@ -2492,6 +2493,23 @@ struct file_list *recv_file_list(int f) + flist_expand(flist, 1); + file = recv_file_entry(f, flist, flags); + ++ if (inc_recurse) { ++ static const char empty_dir[] = "\0"; ++ const char *cur_dir = file->dirname ? file->dirname : empty_dir; ++ if (relative_paths && *cur_dir == '/') ++ cur_dir++; ++ if (cur_dir != good_dirname) { ++ const char *d = dir_ndx >= 0 ? f_name(dir_flist->files[dir_ndx], NULL) : empty_dir; ++ if (strcmp(cur_dir, d) != 0) { ++ rprintf(FERROR, ++ "ABORTING due to invalid dir prefix from sender: %s (should be: %s)\n", ++ cur_dir, d); ++ exit_cleanup(RERR_PROTOCOL); ++ } ++ good_dirname = cur_dir; ++ } ++ } ++ + if (S_ISREG(file->mode)) { + /* Already counted */ + } else if (S_ISDIR(file->mode)) { +@@ -2615,7 +2633,7 @@ void recv_additional_file_list(int f) + rprintf(FINFO, "[%s] receiving flist for dir %d\n", + who_am_i(), ndx); + } +- flist = recv_file_list(f); ++ flist = recv_file_list(f, ndx); + flist->parent_ndx = ndx; + } + } +diff --git a/io.c b/io.c +index b9a9bd0..a868fa9 100644 +--- a/io.c ++++ b/io.c +@@ -1685,7 +1685,7 @@ void wait_for_receiver(void) + rprintf(FINFO, "[%s] receiving flist for dir %d\n", + who_am_i(), ndx); + } +- flist = recv_file_list(iobuf.in_fd); ++ flist = recv_file_list(iobuf.in_fd, ndx); + flist->parent_ndx = ndx; + #ifdef SUPPORT_HARD_LINKS + if (preserve_hard_links) +diff --git a/main.c b/main.c +index e7a13f7..713b818 100644 +--- a/main.c ++++ b/main.c +@@ -1009,7 +1009,7 @@ static void do_server_recv(int f_in, int f_out, int argc, char *argv[]) + filesfrom_fd = -1; + } + +- flist = recv_file_list(f_in); ++ flist = recv_file_list(f_in, -1); + if (!flist) { + rprintf(FERROR,"server_recv: recv_file_list error\n"); + exit_cleanup(RERR_FILESELECT); +@@ -1183,7 +1183,7 @@ int client_run(int f_in, int f_out, pid_t pid, int argc, char *argv[]) + + if (write_batch && !am_server) + start_write_batch(f_in); +- flist = recv_file_list(f_in); ++ flist = recv_file_list(f_in, -1); + if (inc_recurse && file_total == 1) + recv_additional_file_list(f_in); + +diff --git a/rsync.c b/rsync.c +index 68ff6b1..c3ecc51 100644 +--- a/rsync.c ++++ b/rsync.c +@@ -364,7 +364,7 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, + } + /* Send all the data we read for this flist to the generator. */ + start_flist_forward(ndx); +- flist = recv_file_list(f_in); ++ flist = recv_file_list(f_in, ndx); + flist->parent_ndx = ndx; + stop_flist_forward(); + } +diff --git a/proto.h b/proto.h +index 22fc539..247c558 100644 +--- a/proto.h ++++ b/proto.h +@@ -89,7 +89,7 @@ struct file_struct *make_file(const char *fname, struct file_list *flist, + void unmake_file(struct file_struct *file); + void send_extra_file_list(int f, int at_least); + struct file_list *send_file_list(int f, int argc, char *argv[]); +-struct file_list *recv_file_list(int f); ++struct file_list *recv_file_list(int f, int dir_ndx); + void recv_additional_file_list(int f); + int flist_find(struct file_list *flist, struct file_struct *f); + int flist_find_ignore_dirness(struct file_list *flist, struct file_struct *f); +-- +1.9.1 + diff --git a/yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch b/yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch new file mode 100644 index 000000000..1fcac490a --- /dev/null +++ b/yocto-poky/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch @@ -0,0 +1,101 @@ +From eac858085e3ac94ec0ab5061d11f52652c90a869 Mon Sep 17 00:00:00 2001 +From: Wayne Davison <wayned@samba.org> +Date: Mon, 11 May 2015 12:36:20 -0700 +Subject: [PATCH 1/1] Add compat flag to allow proper seed checksum order. + Fixes the equivalent of librsync's CVE-2014-8242 issue. + +Upstream-Status: Backport + +Signed-off-by: Roy Li <rongqing.li@windriver.com> +--- + checksum.c | 17 +++++++++++++---- + compat.c | 5 +++++ + options.c | 1 + + 3 files changed, 19 insertions(+), 4 deletions(-) + +diff --git a/checksum.c b/checksum.c +index a1c2aa2..933b514 100644 +--- a/checksum.c ++++ b/checksum.c +@@ -23,6 +23,7 @@ + + extern int checksum_seed; + extern int protocol_version; ++extern int proper_seed_order; + + /* + a simple 32 bit checksum that can be upadted from either end +@@ -54,10 +55,18 @@ void get_checksum2(char *buf, int32 len, char *sum) + if (protocol_version >= 30) { + uchar seedbuf[4]; + md5_begin(&m); +- md5_update(&m, (uchar *)buf, len); +- if (checksum_seed) { +- SIVALu(seedbuf, 0, checksum_seed); +- md5_update(&m, seedbuf, 4); ++ if (proper_seed_order) { ++ if (checksum_seed) { ++ SIVALu(seedbuf, 0, checksum_seed); ++ md5_update(&m, seedbuf, 4); ++ } ++ md5_update(&m, (uchar *)buf, len); ++ } else { ++ md5_update(&m, (uchar *)buf, len); ++ if (checksum_seed) { ++ SIVALu(seedbuf, 0, checksum_seed); ++ md5_update(&m, seedbuf, 4); ++ } + } + md5_result(&m, (uchar *)sum); + } else { +diff --git a/compat.c b/compat.c +index 2454937..f89d466 100644 +--- a/compat.c ++++ b/compat.c +@@ -27,6 +27,7 @@ int inc_recurse = 0; + int compat_flags = 0; + int use_safe_inc_flist = 0; + int want_xattr_optim = 0; ++int proper_seed_order = 0; + + extern int am_server; + extern int am_sender; +@@ -78,6 +79,7 @@ int filesfrom_convert = 0; + #define CF_SYMLINK_ICONV (1<<2) + #define CF_SAFE_FLIST (1<<3) + #define CF_AVOID_XATTR_OPTIM (1<<4) ++#define CF_CHKSUM_SEED_FIX (1<<5) + + static const char *client_info; + +@@ -271,12 +273,15 @@ void setup_protocol(int f_out,int f_in) + compat_flags |= CF_SAFE_FLIST; + if (local_server || strchr(client_info, 'x') != NULL) + compat_flags |= CF_AVOID_XATTR_OPTIM; ++ if (local_server || strchr(client_info, 'C') != NULL) ++ compat_flags |= CF_CHKSUM_SEED_FIX; + write_byte(f_out, compat_flags); + } else + compat_flags = read_byte(f_in); + /* The inc_recurse var MUST be set to 0 or 1. */ + inc_recurse = compat_flags & CF_INC_RECURSE ? 1 : 0; + want_xattr_optim = protocol_version >= 31 && !(compat_flags & CF_AVOID_XATTR_OPTIM); ++ proper_seed_order = compat_flags & CF_CHKSUM_SEED_FIX ? 1 : 0; + if (am_sender) { + receiver_symlink_times = am_server + ? strchr(client_info, 'L') != NULL +diff --git a/options.c b/options.c +index 19c2b7d..4128b59 100644 +--- a/options.c ++++ b/options.c +@@ -2503,6 +2503,7 @@ void server_options(char **args, int *argc_p) + #endif + argstr[x++] = 'f'; /* flist I/O-error safety support */ + argstr[x++] = 'x'; /* xattr hardlink optimization not desired */ ++ argstr[x++] = 'C'; /* support checksum seed order fix */ + } + + if (x >= (int)sizeof argstr) { /* Not possible... */ +-- +1.9.1 + |