summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorRoy Li <rongqing.li@windriver.com>2015-06-01 14:58:00 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-06-03 16:38:47 +0100
commit933aaf7d3c3e5a6825274512ff2f607e2a947db2 (patch)
treedb786942013135d7261c8af8465318bf9cec5aff /meta
parent9ee388fc06220c95650b938d7687f9485cb51137 (diff)
downloadpoky-933aaf7d3c3e5a6825274512ff2f607e2a947db2.tar.gz
rsync: backport a patch to fix CVE-2014-8242
(From OE-Core rev: 81d06ef0a566793e644686ec604ad7d46546d2b0) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch101
-rw-r--r--meta/recipes-devtools/rsync/rsync_3.1.1.bb1
2 files changed, 102 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch b/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch
new file mode 100644
index 0000000000..1fcac490ae
--- /dev/null
+++ b/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch
@@ -0,0 +1,101 @@
1From eac858085e3ac94ec0ab5061d11f52652c90a869 Mon Sep 17 00:00:00 2001
2From: Wayne Davison <wayned@samba.org>
3Date: Mon, 11 May 2015 12:36:20 -0700
4Subject: [PATCH 1/1] Add compat flag to allow proper seed checksum order.
5 Fixes the equivalent of librsync's CVE-2014-8242 issue.
6
7Upstream-Status: Backport
8
9Signed-off-by: Roy Li <rongqing.li@windriver.com>
10---
11 checksum.c | 17 +++++++++++++----
12 compat.c | 5 +++++
13 options.c | 1 +
14 3 files changed, 19 insertions(+), 4 deletions(-)
15
16diff --git a/checksum.c b/checksum.c
17index a1c2aa2..933b514 100644
18--- a/checksum.c
19+++ b/checksum.c
20@@ -23,6 +23,7 @@
21
22 extern int checksum_seed;
23 extern int protocol_version;
24+extern int proper_seed_order;
25
26 /*
27 a simple 32 bit checksum that can be upadted from either end
28@@ -54,10 +55,18 @@ void get_checksum2(char *buf, int32 len, char *sum)
29 if (protocol_version >= 30) {
30 uchar seedbuf[4];
31 md5_begin(&m);
32- md5_update(&m, (uchar *)buf, len);
33- if (checksum_seed) {
34- SIVALu(seedbuf, 0, checksum_seed);
35- md5_update(&m, seedbuf, 4);
36+ if (proper_seed_order) {
37+ if (checksum_seed) {
38+ SIVALu(seedbuf, 0, checksum_seed);
39+ md5_update(&m, seedbuf, 4);
40+ }
41+ md5_update(&m, (uchar *)buf, len);
42+ } else {
43+ md5_update(&m, (uchar *)buf, len);
44+ if (checksum_seed) {
45+ SIVALu(seedbuf, 0, checksum_seed);
46+ md5_update(&m, seedbuf, 4);
47+ }
48 }
49 md5_result(&m, (uchar *)sum);
50 } else {
51diff --git a/compat.c b/compat.c
52index 2454937..f89d466 100644
53--- a/compat.c
54+++ b/compat.c
55@@ -27,6 +27,7 @@ int inc_recurse = 0;
56 int compat_flags = 0;
57 int use_safe_inc_flist = 0;
58 int want_xattr_optim = 0;
59+int proper_seed_order = 0;
60
61 extern int am_server;
62 extern int am_sender;
63@@ -78,6 +79,7 @@ int filesfrom_convert = 0;
64 #define CF_SYMLINK_ICONV (1<<2)
65 #define CF_SAFE_FLIST (1<<3)
66 #define CF_AVOID_XATTR_OPTIM (1<<4)
67+#define CF_CHKSUM_SEED_FIX (1<<5)
68
69 static const char *client_info;
70
71@@ -271,12 +273,15 @@ void setup_protocol(int f_out,int f_in)
72 compat_flags |= CF_SAFE_FLIST;
73 if (local_server || strchr(client_info, 'x') != NULL)
74 compat_flags |= CF_AVOID_XATTR_OPTIM;
75+ if (local_server || strchr(client_info, 'C') != NULL)
76+ compat_flags |= CF_CHKSUM_SEED_FIX;
77 write_byte(f_out, compat_flags);
78 } else
79 compat_flags = read_byte(f_in);
80 /* The inc_recurse var MUST be set to 0 or 1. */
81 inc_recurse = compat_flags & CF_INC_RECURSE ? 1 : 0;
82 want_xattr_optim = protocol_version >= 31 && !(compat_flags & CF_AVOID_XATTR_OPTIM);
83+ proper_seed_order = compat_flags & CF_CHKSUM_SEED_FIX ? 1 : 0;
84 if (am_sender) {
85 receiver_symlink_times = am_server
86 ? strchr(client_info, 'L') != NULL
87diff --git a/options.c b/options.c
88index 19c2b7d..4128b59 100644
89--- a/options.c
90+++ b/options.c
91@@ -2503,6 +2503,7 @@ void server_options(char **args, int *argc_p)
92 #endif
93 argstr[x++] = 'f'; /* flist I/O-error safety support */
94 argstr[x++] = 'x'; /* xattr hardlink optimization not desired */
95+ argstr[x++] = 'C'; /* support checksum seed order fix */
96 }
97
98 if (x >= (int)sizeof argstr) { /* Not possible... */
99--
1001.9.1
101
diff --git a/meta/recipes-devtools/rsync/rsync_3.1.1.bb b/meta/recipes-devtools/rsync/rsync_3.1.1.bb
index 3a79154511..c74cdda943 100644
--- a/meta/recipes-devtools/rsync/rsync_3.1.1.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.1.1.bb
@@ -3,6 +3,7 @@ require rsync.inc
3 3
4SRC_URI += "file://acinclude.m4 \ 4SRC_URI += "file://acinclude.m4 \
5 file://0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch \ 5 file://0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch \
6 file://rsync.git-eac858085.patch \
6" 7"
7 8
8SRC_URI[md5sum] = "43bd6676f0b404326eee2d63be3cdcfe" 9SRC_URI[md5sum] = "43bd6676f0b404326eee2d63be3cdcfe"