rsync: Fix rsync hanging when used with --relative

Fixes [YOCTO #15383] This bug was introduced into upstream when fixing CVE-2022-29154. It was later discovered and fixed upstream but this fix didn't make it into poky yet. The added patch is taken from upstreams git repository: https://github.com/WayneD/rsync/commit/fabef23bea6e9963c06e218586fda1a823e3c6bf (From OE-Core rev: fb448f87c0b3906b91d453451083dc003ac94ebe) Signed-off-by: Matthias Schmitz <matthias.schmitz@port4949.net> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Matthias Schmitz <matthias.schmitz@port4949.net> 2024-02-05 20:02:23 +0100
committer: Steve Sakoman <steve@sakoman.com> 2024-02-16 03:35:51 -1000
commit: c846f0d89c71ed31b8fc486fd1350bd83d1ea071 (patch)
tree: 74ae4774805fab991521468bd20d24ffdf68b765 /meta
parent: fa23359034e1cf72ec09601e18ebcbc3648c3e29 (diff)
download: poky-c846f0d89c71ed31b8fc486fd1350bd83d1ea071.tar.gz
2 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch
new file mode 100644
index 0000000000..b2e02dba97
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch
@@ -0,0 +1,31 @@
+From fabef23bea6e9963c06e218586fda1a823e3c6bf Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Mon, 8 Aug 2022 21:30:21 -0700
+Subject: [PATCH] Fix --relative when copying an absolute path.
+CVE: CVE-2022-29154
+Upstream-Status: Backport [https://github.com/WayneD/rsync/commit/fabef23bea6e9963c06e218586fda1a823e3c6bf]
+Signed-off-by: Matthias Schmitz <matthias.schmitz@port4949.net>
+---
+ exclude.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+diff --git a/exclude.c b/exclude.c
+index 2394023f..ba5ca5a3 100644
+--- a/exclude.c
+++ b/exclude.c
+@@ -434,8 +434,10 @@ void add_implied_include(const char *arg)
+                                *p++ = *cp++;
+                                break;
+                          case '/':
+-                               if (p[-1] == '/') /* This is safe because of the initial slash. */
+                               if (p[-1] == '/') { /* This is safe because of the initial slash. */
+                                       cp++;
+                                        break;
+                               }
+                                if (relative_paths) {
+                                        filter_rule const *ent;
+                                        int found = 0;
+-- 
+2.39.2
diff --git a/meta/recipes-devtools/rsync/rsync_3.1.3.bb b/meta/recipes-devtools/rsync/rsync_3.1.3.bb
index a5c20dee34..c744503227 100644
--- a/meta/recipes-devtools/rsync/rsync_3.1.3.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.1.3.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
           file://CVE-2016-9842.patch \
           file://CVE-2016-9843.patch \
           file://CVE-2022-29154.patch \
+           file://0001-Fix-relative-when-copying-an-absolute-path.patch \
 "
 SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf"
author	Matthias Schmitz <matthias.schmitz@port4949.net>	2024-02-05 20:02:23 +0100
committer	Steve Sakoman <steve@sakoman.com>	2024-02-16 03:35:51 -1000
commit	c846f0d89c71ed31b8fc486fd1350bd83d1ea071 (patch)
tree	74ae4774805fab991521468bd20d24ffdf68b765 /meta
parent	fa23359034e1cf72ec09601e18ebcbc3648c3e29 (diff)
download	poky-c846f0d89c71ed31b8fc486fd1350bd83d1ea071.tar.gz

diff --git a/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch new file mode 100644 index 0000000000..b2e02dba97 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch
@@ -0,0 +1,31 @@
		1	From fabef23bea6e9963c06e218586fda1a823e3c6bf Mon Sep 17 00:00:00 2001
		2	From: Wayne Davison <wayne@opencoder.net>
		3	Date: Mon, 8 Aug 2022 21:30:21 -0700
		4	Subject: [PATCH] Fix --relative when copying an absolute path.
		5
		6	CVE: CVE-2022-29154
		7	Upstream-Status: Backport [https://github.com/WayneD/rsync/commit/fabef23bea6e9963c06e218586fda1a823e3c6bf]
		8	Signed-off-by: Matthias Schmitz <matthias.schmitz@port4949.net>
		9	---
		10	exclude.c \| 4 +++-
		11	1 file changed, 3 insertions(+), 1 deletion(-)
		12
		13	diff --git a/exclude.c b/exclude.c
		14	index 2394023f..ba5ca5a3 100644
		15	--- a/exclude.c
		16	+++ b/exclude.c
		17	@@ -434,8 +434,10 @@ void add_implied_include(const char *arg)
		18	p++ = cp++;
		19	break;
		20	case '/':
		21	- if (p[-1] == '/') /* This is safe because of the initial slash. */
		22	+ if (p[-1] == '/') { /* This is safe because of the initial slash. */
		23	+ cp++;
		24	break;
		25	+ }
		26	if (relative_paths) {
		27	filter_rule const *ent;
		28	int found = 0;
		29	--
		30	2.39.2
		31


diff --git a/meta/recipes-devtools/rsync/rsync_3.1.3.bb b/meta/recipes-devtools/rsync/rsync_3.1.3.bb index a5c20dee34..c744503227 100644 --- a/meta/recipes-devtools/rsync/rsync_3.1.3.bb +++ b/meta/recipes-devtools/rsync/rsync_3.1.3.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
17	file://CVE-2016-9842.patch \	17	file://CVE-2016-9842.patch \
18	file://CVE-2016-9843.patch \	18	file://CVE-2016-9843.patch \
19	file://CVE-2022-29154.patch \	19	file://CVE-2022-29154.patch \
		20	file://0001-Fix-relative-when-copying-an-absolute-path.patch \
20	"	21	"
21		22
22	SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf"	23	SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf"