3 files changed, 368 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch
new file mode 100644
index 0000000000..b2e02dba97
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch
@@ -0,0 +1,31 @@
+From fabef23bea6e9963c06e218586fda1a823e3c6bf Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Mon, 8 Aug 2022 21:30:21 -0700
+Subject: [PATCH] Fix --relative when copying an absolute path.
+CVE: CVE-2022-29154
+Upstream-Status: Backport [https://github.com/WayneD/rsync/commit/fabef23bea6e9963c06e218586fda1a823e3c6bf]
+Signed-off-by: Matthias Schmitz <matthias.schmitz@port4949.net>
+---
+ exclude.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+diff --git a/exclude.c b/exclude.c
+index 2394023f..ba5ca5a3 100644
+--- a/exclude.c
+++ b/exclude.c
+@@ -434,8 +434,10 @@ void add_implied_include(const char *arg)
+                                *p++ = *cp++;
+                                break;
+                          case '/':
+-                               if (p[-1] == '/') /* This is safe because of the initial slash. */
+                               if (p[-1] == '/') { /* This is safe because of the initial slash. */
+                                       cp++;
+                                        break;
+                               }
+                                if (relative_paths) {
+                                        filter_rule const *ent;
+                                        int found = 0;
+-- 
+2.39.2
diff --git a/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch b/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch
new file mode 100644
index 0000000000..61e4e03254
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch
@@ -0,0 +1,334 @@
+From b7231c7d02cfb65d291af74ff66e7d8c507ee871 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Sun, 31 Jul 2022 16:55:34 -0700
+Subject: [PATCH] Some extra file-list safety checks.
+CVE-2022-29154 rsync: remote arbitrary files write inside the
+Upstream-Status: Backport from [https://git.samba.org/?p=rsync.git;a=patch;h=b7231c7d02cfb65d291af74ff66e7d8c507ee871]
+CVE:CVE-2022-29154
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ exclude.c  | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ flist.c    |  17 ++++++-
+ io.c       |   4 ++
+ main.c     |   7 ++-
+ receiver.c |  11 +++--
+ 5 files changed, 158 insertions(+), 8 deletions(-)
+diff --git a/exclude.c b/exclude.c
+index 7989fb3..e146e96 100644
+--- a/exclude.c
+++ b/exclude.c
+@@ -26,16 +26,21 @@ extern int am_server;
+ extern int am_sender;
+ extern int eol_nulls;
+ extern int io_error;
+extern int xfer_dirs;
+extern int recurse;
+ extern int local_server;
+ extern int prune_empty_dirs;
+ extern int ignore_perishable;
+extern int relative_paths;
+ extern int delete_mode;
+ extern int delete_excluded;
+ extern int cvs_exclude;
+ extern int sanitize_paths;
+ extern int protocol_version;
+extern int list_only;
+ extern int module_id;
+ 
+extern char *filesfrom_host;
+ extern char curr_dir[MAXPATHLEN];
+ extern unsigned int curr_dir_len;
+ extern unsigned int module_dirlen;
+@@ -43,8 +48,10 @@ extern unsigned int module_dirlen;
+ filter_rule_list filter_list = { .debug_type = "" };
+ filter_rule_list cvs_filter_list = { .debug_type = " [global CVS]" };
+ filter_rule_list daemon_filter_list = { .debug_type = " [daemon]" };
+filter_rule_list implied_filter_list = { .debug_type = " [implied]" };
+ 
+ int saw_xattr_filter = 0;
+int trust_sender_filter = 0;
+ 
+ /* Need room enough for ":MODS " prefix plus some room to grow. */
+ #define MAX_RULE_PREFIX (16)
+@@ -293,6 +300,123 @@ static void add_rule(filter_rule_list *listp, const char *pat, unsigned int pat_
+        }
+ }
+ 
+/* Each arg the client sends to the remote sender turns into an implied include
+ * that the receiver uses to validate the file list from the sender. */
+void add_implied_include(const char *arg)
+{
+       filter_rule *rule;
+       int arg_len, saw_wild = 0, backslash_cnt = 0;
+       int slash_cnt = 1; /* We know we're adding a leading slash. */
+       const char *cp;
+       char *p;
+       if (relative_paths) {
+               cp = strstr(arg, "/./");
+               if (cp)
+                       arg = cp+3;
+       } else {
+               if ((cp = strrchr(arg, '/')) != NULL)
+                       arg = cp + 1;
+       }
+       arg_len = strlen(arg);
+       if (arg_len) {
+               if (strpbrk(arg, "*[?")) {
+                       /* We need to add room to escape backslashes if wildcard chars are present. */
+                       cp = arg;
+                       while ((cp = strchr(cp, '\\')) != NULL) {
+                               arg_len++;
+                               cp++;
+                       }
+                       saw_wild = 1;
+               }
+               arg_len++; /* Leave room for the prefixed slash */
+               rule = new0(filter_rule);
+               if (!implied_filter_list.head)
+                       implied_filter_list.head = implied_filter_list.tail = rule;
+               else {
+                       rule->next = implied_filter_list.head;
+                       implied_filter_list.head = rule;
+               }
+               rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0);
+               p = rule->pattern = new_array(char, arg_len + 1);
+               *p++ = '/';
+               cp = arg;
+               while (*cp) {
+                       switch (*cp) {
+                         case '\\':
+                               backslash_cnt++;
+                               if (saw_wild)
+                                       *p++ = '\\';
+                               *p++ = *cp++;
+                               break;
+                         case '/':
+                               if (p[-1] == '/') /* This is safe because of the initial slash. */
+                                       break;
+                               if (relative_paths) {
+                                       filter_rule const *ent;
+                                       int found = 0;
+                                       *p = '\0';
+                                       for (ent = implied_filter_list.head; ent; ent = ent->next) {
+                                               if (ent != rule && strcmp(ent->pattern, rule->pattern) == 0)
+                                                       found = 1;
+                                       }
+                                       if (!found) {
+                                               filter_rule *R_rule = new0(filter_rule);
+                                               R_rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0);
+                                               R_rule->pattern = strdup(rule->pattern);
+                                               R_rule->u.slash_cnt = slash_cnt;
+                                               R_rule->next = implied_filter_list.head;
+                                               implied_filter_list.head = R_rule;
+                                       }
+                               }
+                               slash_cnt++;
+                               *p++ = *cp++;
+                               break;
+                         default:
+                               *p++ = *cp++;
+                               break;
+                       }
+               }
+               *p = '\0';
+               rule->u.slash_cnt = slash_cnt;
+               arg = (const char *)rule->pattern;
+       }
+
+       if (recurse || xfer_dirs) {
+               /* Now create a rule with an added "/" & "**" or "*" at the end */
+               rule = new0(filter_rule);
+               if (recurse)
+                       rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD | FILTRULE_WILD2;
+               else
+                       rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD;
+               /* A +4 in the len leaves enough room for / * * \0 or / * \0 \0 */
+               if (!saw_wild && backslash_cnt) {
+                       /* We are appending a wildcard, so now the backslashes need to be escaped. */
+                       p = rule->pattern = new_array(char, arg_len + backslash_cnt + 3 + 1);
+                       cp = arg;
+                       while (*cp) {
+                               if (*cp == '\\')
+                                       *p++ = '\\';
+                               *p++ = *cp++;
+                       }
+               } else {
+                       p = rule->pattern = new_array(char, arg_len + 3 + 1);
+                       if (arg_len) {
+                               memcpy(p, arg, arg_len);
+                               p += arg_len;
+                       }
+               }
+               if (p[-1] != '/')
+                       *p++ = '/';
+               *p++ = '*';
+               if (recurse)
+                       *p++ = '*';
+               *p = '\0';
+               rule->u.slash_cnt = slash_cnt + 1;
+               rule->next = implied_filter_list.head;
+               implied_filter_list.head = rule;
+       }
+}
+
+ /* This frees any non-inherited items, leaving just inherited items on the list. */
+ static void pop_filter_list(filter_rule_list *listp)
+ {
+@@ -721,7 +845,7 @@ static void report_filter_result(enum logcode code, char const *name,
+                              : name_flags & NAME_IS_DIR ? "directory"
+                              : "file";
+                rprintf(code, "[%s] %sing %s %s because of pattern %s%s%s\n",
+-                   w, actions[*w!='s'][!(ent->rflags & FILTRULE_INCLUDE)],
+                   w, actions[*w=='g'][!(ent->rflags & FILTRULE_INCLUDE)],
+                    t, name, ent->pattern,
+                    ent->rflags & FILTRULE_DIRECTORY ? "/" : "", type);
+        }
+@@ -894,6 +1018,7 @@ static filter_rule *parse_rule_tok(const char **rulestr_ptr,
+                }
+                switch (ch) {
+                case ':':
+                       trust_sender_filter = 1;
+                        rule->rflags |= FILTRULE_PERDIR_MERGE
+                                      | FILTRULE_FINISH_SETUP;
+                        /* FALL THROUGH */
+diff --git a/flist.c b/flist.c
+index 499440c..630d685 100644
+--- a/flist.c
+++ b/flist.c
+@@ -70,6 +70,7 @@ extern int need_unsorted_flist;
+ extern int sender_symlink_iconv;
+ extern int output_needs_newline;
+ extern int sender_keeps_checksum;
+extern int trust_sender_filter;
+ extern int unsort_ndx;
+ extern uid_t our_uid;
+ extern struct stats stats;
+@@ -80,8 +81,7 @@ extern char curr_dir[MAXPATHLEN];
+ 
+ extern struct chmod_mode_struct *chmod_modes;
+ 
+-extern filter_rule_list filter_list;
+-extern filter_rule_list daemon_filter_list;
+extern filter_rule_list filter_list, implied_filter_list, daemon_filter_list;
+ 
+ #ifdef ICONV_OPTION
+ extern int filesfrom_convert;
+@@ -904,6 +904,19 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x
+                exit_cleanup(RERR_UNSUPPORTED);
+        }
+ 
+       if (*thisname != '.' || thisname[1] != '\0') {
+               int filt_flags = S_ISDIR(mode) ? NAME_IS_DIR : NAME_IS_FILE;
+               if (!trust_sender_filter /* a per-dir filter rule means we must trust the sender's filtering */
+                && filter_list.head && check_filter(&filter_list, FINFO, thisname, filt_flags) < 0) {
+                       rprintf(FERROR, "ERROR: rejecting excluded file-list name: %s\n", thisname);
+                       exit_cleanup(RERR_PROTOCOL);
+               }
+               if (implied_filter_list.head && check_filter(&implied_filter_list, FINFO, thisname, filt_flags) <= 0) {
+                       rprintf(FERROR, "ERROR: rejecting unrequested file-list name: %s\n", thisname);
+                       exit_cleanup(RERR_PROTOCOL);
+               }
+       }
+
+        if (inc_recurse && S_ISDIR(mode)) {
+                if (one_file_system) {
+                        /* Room to save the dir's device for -x */
+diff --git a/io.c b/io.c
+index c04dbd5..698a7da 100644
+--- a/io.c
+++ b/io.c
+@@ -415,6 +415,7 @@ static void forward_filesfrom_data(void)
+                while (s != eob) {
+                        if (*s++ == '\0') {
+                                ff_xb.len = s - sob - 1;
+                               add_implied_include(sob);
+                                if (iconvbufs(ic_send, &ff_xb, &iobuf.out, flags) < 0)
+                                        exit_cleanup(RERR_PROTOCOL); /* impossible? */
+                                write_buf(iobuf.out_fd, s-1, 1); /* Send the '\0'. */
+@@ -446,9 +447,12 @@ static void forward_filesfrom_data(void)
+                char *f = ff_xb.buf + ff_xb.pos;
+                char *t = ff_xb.buf;
+                char *eob = f + len;
+               char *cur = t;
+                /* Eliminate any multi-'\0' runs. */
+                while (f != eob) {
+                        if (!(*t++ = *f++)) {
+                               add_implied_include(cur);
+                               cur = t;
+                                while (f != eob && *f == '\0')
+                                        f++;
+                        }
+diff --git a/main.c b/main.c
+index ee9630f..6ec56e7 100644
+--- a/main.c
+++ b/main.c
+@@ -78,6 +78,7 @@ extern BOOL flist_receiving_enabled;
+ extern BOOL shutting_down;
+ extern int backup_dir_len;
+ extern int basis_dir_cnt;
+extern int trust_sender_filter;
+ extern struct stats stats;
+ extern char *stdout_format;
+ extern char *logfile_format;
+@@ -93,7 +94,7 @@ extern char curr_dir[MAXPATHLEN];
+ extern char backup_dir_buf[MAXPATHLEN];
+ extern char *basis_dir[MAX_BASIS_DIRS+1];
+ extern struct file_list *first_flist;
+-extern filter_rule_list daemon_filter_list;
+extern filter_rule_list daemon_filter_list, implied_filter_list;
+ 
+ uid_t our_uid;
+ gid_t our_gid;
+@@ -534,6 +535,7 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char **remote_argv, in
+ #ifdef ICONV_CONST
+                setup_iconv();
+ #endif
+               trust_sender_filter = 1;
+        } else if (local_server) {
+                /* If the user didn't request --[no-]whole-file, force
+                 * it on, but only if we're not batch processing. */
+@@ -1358,6 +1360,8 @@ static int start_client(int argc, char *argv[])
+                char *dummy_host;
+                int dummy_port = rsync_port;
+                int i;
+               if (filesfrom_fd < 0)
+                       add_implied_include(remote_argv[0]);
+                /* For remote source, any extra source args must have either
+                 * the same hostname or an empty hostname. */
+                for (i = 1; i < remote_argc; i++) {
+@@ -1381,6 +1385,7 @@ static int start_client(int argc, char *argv[])
+                        if (!rsync_port && !*arg) /* Turn an empty arg into a dot dir. */
+                                arg = ".";
+                        remote_argv[i] = arg;
+                       add_implied_include(arg);
+                }
+        }
+ 
+diff --git a/receiver.c b/receiver.c
+index d6a48f1..c0aa893 100644
+--- a/receiver.c
+++ b/receiver.c
+@@ -577,10 +577,13 @@ int recv_files(int f_in, int f_out, char *local_name)
+                if (DEBUG_GTE(RECV, 1))
+                        rprintf(FINFO, "recv_files(%s)\n", fname);
+ 
+-               if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0')
+-                && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+-                       rprintf(FERROR, "attempt to hack rsync failed.\n");
+-                       exit_cleanup(RERR_PROTOCOL);
+               if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0')) {
+                       int filt_flags = S_ISDIR(file->mode) ? NAME_IS_DIR : NAME_IS_FILE;
+                       if (check_filter(&daemon_filter_list, FLOG, fname, filt_flags) < 0) {
+                               rprintf(FERROR, "ERROR: rejecting file transfer request for daemon excluded file: %s\n",
+                                       fname);
+                               exit_cleanup(RERR_PROTOCOL);
+                       }
+                }
+ 
+ #ifdef SUPPORT_XATTRS
+-- 
+2.30.2
diff --git a/meta/recipes-devtools/rsync/rsync_3.1.3.bb b/meta/recipes-devtools/rsync/rsync_3.1.3.bb
index 152ff02a25..c744503227 100644
--- a/meta/recipes-devtools/rsync/rsync_3.1.3.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.1.3.bb
@@ -1,5 +1,6 @@
 SUMMARY = "File synchronization tool"
 HOMEPAGE = "http://rsync.samba.org/"
+DESCRIPTION = "rsync is an open source utility that provides fast incremental file transfer."
 BUGTRACKER = "http://rsync.samba.org/bugzilla.html"
 SECTION = "console/network"
 # GPLv2+ (<< 3.0.0), GPLv3+ (>= 3.0.0)
@@ -15,6 +16,8 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
           file://CVE-2016-9841.patch \
           file://CVE-2016-9842.patch \
           file://CVE-2016-9843.patch \
+           file://CVE-2022-29154.patch \
+           file://0001-Fix-relative-when-copying-an-absolute-path.patch \
 "
 SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf"

diff --git a/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch new file mode 100644 index 0000000000..b2e02dba97 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch
@@ -0,0 +1,31 @@
		1	From fabef23bea6e9963c06e218586fda1a823e3c6bf Mon Sep 17 00:00:00 2001
		2	From: Wayne Davison <wayne@opencoder.net>
		3	Date: Mon, 8 Aug 2022 21:30:21 -0700
		4	Subject: [PATCH] Fix --relative when copying an absolute path.
		5
		6	CVE: CVE-2022-29154
		7	Upstream-Status: Backport [https://github.com/WayneD/rsync/commit/fabef23bea6e9963c06e218586fda1a823e3c6bf]
		8	Signed-off-by: Matthias Schmitz <matthias.schmitz@port4949.net>
		9	---
		10	exclude.c \| 4 +++-
		11	1 file changed, 3 insertions(+), 1 deletion(-)
		12
		13	diff --git a/exclude.c b/exclude.c
		14	index 2394023f..ba5ca5a3 100644
		15	--- a/exclude.c
		16	+++ b/exclude.c
		17	@@ -434,8 +434,10 @@ void add_implied_include(const char *arg)
		18	p++ = cp++;
		19	break;
		20	case '/':
		21	- if (p[-1] == '/') /* This is safe because of the initial slash. */
		22	+ if (p[-1] == '/') { /* This is safe because of the initial slash. */
		23	+ cp++;
		24	break;
		25	+ }
		26	if (relative_paths) {
		27	filter_rule const *ent;
		28	int found = 0;
		29	--
		30	2.39.2
		31


diff --git a/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch b/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch new file mode 100644 index 0000000000..61e4e03254 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch
@@ -0,0 +1,334 @@
		1	From b7231c7d02cfb65d291af74ff66e7d8c507ee871 Mon Sep 17 00:00:00 2001
		2	From: Wayne Davison <wayne@opencoder.net>
		3	Date: Sun, 31 Jul 2022 16:55:34 -0700
		4	Subject: [PATCH] Some extra file-list safety checks.
		5
		6	CVE-2022-29154 rsync: remote arbitrary files write inside the
		7
		8	Upstream-Status: Backport from [https://git.samba.org/?p=rsync.git;a=patch;h=b7231c7d02cfb65d291af74ff66e7d8c507ee871]
		9	CVE:CVE-2022-29154
		10	Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
		11	---
		12	exclude.c \| 127 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
		13	flist.c \| 17 ++++++-
		14	io.c \| 4 ++
		15	main.c \| 7 ++-
		16	receiver.c \| 11 +++--
		17	5 files changed, 158 insertions(+), 8 deletions(-)
		18
		19	diff --git a/exclude.c b/exclude.c
		20	index 7989fb3..e146e96 100644
		21	--- a/exclude.c
		22	+++ b/exclude.c
		23	@@ -26,16 +26,21 @@ extern int am_server;
		24	extern int am_sender;
		25	extern int eol_nulls;
		26	extern int io_error;
		27	+extern int xfer_dirs;
		28	+extern int recurse;
		29	extern int local_server;
		30	extern int prune_empty_dirs;
		31	extern int ignore_perishable;
		32	+extern int relative_paths;
		33	extern int delete_mode;
		34	extern int delete_excluded;
		35	extern int cvs_exclude;
		36	extern int sanitize_paths;
		37	extern int protocol_version;
		38	+extern int list_only;
		39	extern int module_id;
		40
		41	+extern char *filesfrom_host;
		42	extern char curr_dir[MAXPATHLEN];
		43	extern unsigned int curr_dir_len;
		44	extern unsigned int module_dirlen;
		45	@@ -43,8 +48,10 @@ extern unsigned int module_dirlen;
		46	filter_rule_list filter_list = { .debug_type = "" };
		47	filter_rule_list cvs_filter_list = { .debug_type = " [global CVS]" };
		48	filter_rule_list daemon_filter_list = { .debug_type = " [daemon]" };
		49	+filter_rule_list implied_filter_list = { .debug_type = " [implied]" };
		50
		51	int saw_xattr_filter = 0;
		52	+int trust_sender_filter = 0;
		53
		54	/* Need room enough for ":MODS " prefix plus some room to grow. */
		55	#define MAX_RULE_PREFIX (16)
		56	@@ -293,6 +300,123 @@ static void add_rule(filter_rule_list listp, const char pat, unsigned int pat_
		57	}
		58	}
		59
		60	+/* Each arg the client sends to the remote sender turns into an implied include
		61	+ * that the receiver uses to validate the file list from the sender. */
		62	+void add_implied_include(const char *arg)
		63	+{
		64	+ filter_rule *rule;
		65	+ int arg_len, saw_wild = 0, backslash_cnt = 0;
		66	+ int slash_cnt = 1; /* We know we're adding a leading slash. */
		67	+ const char *cp;
		68	+ char *p;
		69	+ if (relative_paths) {
		70	+ cp = strstr(arg, "/./");
		71	+ if (cp)
		72	+ arg = cp+3;
		73	+ } else {
		74	+ if ((cp = strrchr(arg, '/')) != NULL)
		75	+ arg = cp + 1;
		76	+ }
		77	+ arg_len = strlen(arg);
		78	+ if (arg_len) {
		79	+ if (strpbrk(arg, "*[?")) {
		80	+ /* We need to add room to escape backslashes if wildcard chars are present. */
		81	+ cp = arg;
		82	+ while ((cp = strchr(cp, '\\')) != NULL) {
		83	+ arg_len++;
		84	+ cp++;
		85	+ }
		86	+ saw_wild = 1;
		87	+ }
		88	+ arg_len++; /* Leave room for the prefixed slash */
		89	+ rule = new0(filter_rule);
		90	+ if (!implied_filter_list.head)
		91	+ implied_filter_list.head = implied_filter_list.tail = rule;
		92	+ else {
		93	+ rule->next = implied_filter_list.head;
		94	+ implied_filter_list.head = rule;
		95	+ }
		96	+ rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0);
		97	+ p = rule->pattern = new_array(char, arg_len + 1);
		98	+ *p++ = '/';
		99	+ cp = arg;
		100	+ while (*cp) {
		101	+ switch (*cp) {
		102	+ case '\\':
		103	+ backslash_cnt++;
		104	+ if (saw_wild)
		105	+ *p++ = '\\';
		106	+ p++ = cp++;
		107	+ break;
		108	+ case '/':
		109	+ if (p[-1] == '/') /* This is safe because of the initial slash. */
		110	+ break;
		111	+ if (relative_paths) {
		112	+ filter_rule const *ent;
		113	+ int found = 0;
		114	+ *p = '\0';
		115	+ for (ent = implied_filter_list.head; ent; ent = ent->next) {
		116	+ if (ent != rule && strcmp(ent->pattern, rule->pattern) == 0)
		117	+ found = 1;
		118	+ }
		119	+ if (!found) {
		120	+ filter_rule *R_rule = new0(filter_rule);
		121	+ R_rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0);
		122	+ R_rule->pattern = strdup(rule->pattern);
		123	+ R_rule->u.slash_cnt = slash_cnt;
		124	+ R_rule->next = implied_filter_list.head;
		125	+ implied_filter_list.head = R_rule;
		126	+ }
		127	+ }
		128	+ slash_cnt++;
		129	+ p++ = cp++;
		130	+ break;
		131	+ default:
		132	+ p++ = cp++;
		133	+ break;
		134	+ }
		135	+ }
		136	+ *p = '\0';
		137	+ rule->u.slash_cnt = slash_cnt;
		138	+ arg = (const char *)rule->pattern;
		139	+ }
		140	+
		141	+ if (recurse \|\| xfer_dirs) {
		142	+ /* Now create a rule with an added "/" & "*" or "" at the end */
		143	+ rule = new0(filter_rule);
		144	+ if (recurse)
		145	+ rule->rflags = FILTRULE_INCLUDE \| FILTRULE_WILD \| FILTRULE_WILD2;
		146	+ else
		147	+ rule->rflags = FILTRULE_INCLUDE \| FILTRULE_WILD;
		148	+ /* A +4 in the len leaves enough room for / * * \0 or / * \0 \0 */
		149	+ if (!saw_wild && backslash_cnt) {
		150	+ /* We are appending a wildcard, so now the backslashes need to be escaped. */
		151	+ p = rule->pattern = new_array(char, arg_len + backslash_cnt + 3 + 1);
		152	+ cp = arg;
		153	+ while (*cp) {
		154	+ if (*cp == '\\')
		155	+ *p++ = '\\';
		156	+ p++ = cp++;
		157	+ }
		158	+ } else {
		159	+ p = rule->pattern = new_array(char, arg_len + 3 + 1);
		160	+ if (arg_len) {
		161	+ memcpy(p, arg, arg_len);
		162	+ p += arg_len;
		163	+ }
		164	+ }
		165	+ if (p[-1] != '/')
		166	+ *p++ = '/';
		167	+ p++ = '';
		168	+ if (recurse)
		169	+ p++ = '';
		170	+ *p = '\0';
		171	+ rule->u.slash_cnt = slash_cnt + 1;
		172	+ rule->next = implied_filter_list.head;
		173	+ implied_filter_list.head = rule;
		174	+ }
		175	+}
		176	+
		177	/* This frees any non-inherited items, leaving just inherited items on the list. */
		178	static void pop_filter_list(filter_rule_list *listp)
		179	{
		180	@@ -721,7 +845,7 @@ static void report_filter_result(enum logcode code, char const *name,
		181	: name_flags & NAME_IS_DIR ? "directory"
		182	: "file";
		183	rprintf(code, "[%s] %sing %s %s because of pattern %s%s%s\n",
		184	- w, actions[*w!='s'][!(ent->rflags & FILTRULE_INCLUDE)],
		185	+ w, actions[*w=='g'][!(ent->rflags & FILTRULE_INCLUDE)],
		186	t, name, ent->pattern,
		187	ent->rflags & FILTRULE_DIRECTORY ? "/" : "", type);
		188	}
		189	@@ -894,6 +1018,7 @@ static filter_rule parse_rule_tok(const char *rulestr_ptr,
		190	}
		191	switch (ch) {
		192	case ':':
		193	+ trust_sender_filter = 1;
		194	rule->rflags \|= FILTRULE_PERDIR_MERGE
		195	\| FILTRULE_FINISH_SETUP;
		196	/* FALL THROUGH */
		197	diff --git a/flist.c b/flist.c
		198	index 499440c..630d685 100644
		199	--- a/flist.c
		200	+++ b/flist.c
		201	@@ -70,6 +70,7 @@ extern int need_unsorted_flist;
		202	extern int sender_symlink_iconv;
		203	extern int output_needs_newline;
		204	extern int sender_keeps_checksum;
		205	+extern int trust_sender_filter;
		206	extern int unsort_ndx;
		207	extern uid_t our_uid;
		208	extern struct stats stats;
		209	@@ -80,8 +81,7 @@ extern char curr_dir[MAXPATHLEN];
		210
		211	extern struct chmod_mode_struct *chmod_modes;
		212
		213	-extern filter_rule_list filter_list;
		214	-extern filter_rule_list daemon_filter_list;
		215	+extern filter_rule_list filter_list, implied_filter_list, daemon_filter_list;
		216
		217	#ifdef ICONV_OPTION
		218	extern int filesfrom_convert;
		219	@@ -904,6 +904,19 @@ static struct file_struct recv_file_entry(int f, struct file_list flist, int x
		220	exit_cleanup(RERR_UNSUPPORTED);
		221	}
		222
		223	+ if (*thisname != '.' \|\| thisname[1] != '\0') {
		224	+ int filt_flags = S_ISDIR(mode) ? NAME_IS_DIR : NAME_IS_FILE;
		225	+ if (!trust_sender_filter /* a per-dir filter rule means we must trust the sender's filtering */
		226	+ && filter_list.head && check_filter(&filter_list, FINFO, thisname, filt_flags) < 0) {
		227	+ rprintf(FERROR, "ERROR: rejecting excluded file-list name: %s\n", thisname);
		228	+ exit_cleanup(RERR_PROTOCOL);
		229	+ }
		230	+ if (implied_filter_list.head && check_filter(&implied_filter_list, FINFO, thisname, filt_flags) <= 0) {
		231	+ rprintf(FERROR, "ERROR: rejecting unrequested file-list name: %s\n", thisname);
		232	+ exit_cleanup(RERR_PROTOCOL);
		233	+ }
		234	+ }
		235	+
		236	if (inc_recurse && S_ISDIR(mode)) {
		237	if (one_file_system) {
		238	/* Room to save the dir's device for -x */
		239	diff --git a/io.c b/io.c
		240	index c04dbd5..698a7da 100644
		241	--- a/io.c
		242	+++ b/io.c
		243	@@ -415,6 +415,7 @@ static void forward_filesfrom_data(void)
		244	while (s != eob) {
		245	if (*s++ == '\0') {
		246	ff_xb.len = s - sob - 1;
		247	+ add_implied_include(sob);
		248	if (iconvbufs(ic_send, &ff_xb, &iobuf.out, flags) < 0)
		249	exit_cleanup(RERR_PROTOCOL); /* impossible? */
		250	write_buf(iobuf.out_fd, s-1, 1); /* Send the '\0'. */
		251	@@ -446,9 +447,12 @@ static void forward_filesfrom_data(void)
		252	char *f = ff_xb.buf + ff_xb.pos;
		253	char *t = ff_xb.buf;
		254	char *eob = f + len;
		255	+ char *cur = t;
		256	/* Eliminate any multi-'\0' runs. */
		257	while (f != eob) {
		258	if (!(t++ = f++)) {
		259	+ add_implied_include(cur);
		260	+ cur = t;
		261	while (f != eob && *f == '\0')
		262	f++;
		263	}
		264	diff --git a/main.c b/main.c
		265	index ee9630f..6ec56e7 100644
		266	--- a/main.c
		267	+++ b/main.c
		268	@@ -78,6 +78,7 @@ extern BOOL flist_receiving_enabled;
		269	extern BOOL shutting_down;
		270	extern int backup_dir_len;
		271	extern int basis_dir_cnt;
		272	+extern int trust_sender_filter;
		273	extern struct stats stats;
		274	extern char *stdout_format;
		275	extern char *logfile_format;
		276	@@ -93,7 +94,7 @@ extern char curr_dir[MAXPATHLEN];
		277	extern char backup_dir_buf[MAXPATHLEN];
		278	extern char *basis_dir[MAX_BASIS_DIRS+1];
		279	extern struct file_list *first_flist;
		280	-extern filter_rule_list daemon_filter_list;
		281	+extern filter_rule_list daemon_filter_list, implied_filter_list;
		282
		283	uid_t our_uid;
		284	gid_t our_gid;
		285	@@ -534,6 +535,7 @@ static pid_t do_cmd(char cmd, char machine, char user, char *remote_argv, in
		286	#ifdef ICONV_CONST
		287	setup_iconv();
		288	#endif
		289	+ trust_sender_filter = 1;
		290	} else if (local_server) {
		291	/* If the user didn't request --[no-]whole-file, force
		292	* it on, but only if we're not batch processing. */
		293	@@ -1358,6 +1360,8 @@ static int start_client(int argc, char *argv[])
		294	char *dummy_host;
		295	int dummy_port = rsync_port;
		296	int i;
		297	+ if (filesfrom_fd < 0)
		298	+ add_implied_include(remote_argv[0]);
		299	/* For remote source, any extra source args must have either
		300	* the same hostname or an empty hostname. */
		301	for (i = 1; i < remote_argc; i++) {
		302	@@ -1381,6 +1385,7 @@ static int start_client(int argc, char *argv[])
		303	if (!rsync_port && !arg) / Turn an empty arg into a dot dir. */
		304	arg = ".";
		305	remote_argv[i] = arg;
		306	+ add_implied_include(arg);
		307	}
		308	}
		309
		310	diff --git a/receiver.c b/receiver.c
		311	index d6a48f1..c0aa893 100644
		312	--- a/receiver.c
		313	+++ b/receiver.c
		314	@@ -577,10 +577,13 @@ int recv_files(int f_in, int f_out, char *local_name)
		315	if (DEBUG_GTE(RECV, 1))
		316	rprintf(FINFO, "recv_files(%s)\n", fname);
		317
		318	- if (daemon_filter_list.head && (*fname != '.' \|\| fname[1] != '\0')
		319	- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
		320	- rprintf(FERROR, "attempt to hack rsync failed.\n");
		321	- exit_cleanup(RERR_PROTOCOL);
		322	+ if (daemon_filter_list.head && (*fname != '.' \|\| fname[1] != '\0')) {
		323	+ int filt_flags = S_ISDIR(file->mode) ? NAME_IS_DIR : NAME_IS_FILE;
		324	+ if (check_filter(&daemon_filter_list, FLOG, fname, filt_flags) < 0) {
		325	+ rprintf(FERROR, "ERROR: rejecting file transfer request for daemon excluded file: %s\n",
		326	+ fname);
		327	+ exit_cleanup(RERR_PROTOCOL);
		328	+ }
		329	}
		330
		331	#ifdef SUPPORT_XATTRS
		332	--
		333	2.30.2
		334


diff --git a/meta/recipes-devtools/rsync/rsync_3.1.3.bb b/meta/recipes-devtools/rsync/rsync_3.1.3.bb index 152ff02a25..c744503227 100644 --- a/meta/recipes-devtools/rsync/rsync_3.1.3.bb +++ b/meta/recipes-devtools/rsync/rsync_3.1.3.bb
@@ -1,5 +1,6 @@
1	SUMMARY = "File synchronization tool"	1	SUMMARY = "File synchronization tool"
2	HOMEPAGE = "http://rsync.samba.org/"	2	HOMEPAGE = "http://rsync.samba.org/"
		3	DESCRIPTION = "rsync is an open source utility that provides fast incremental file transfer."
3	BUGTRACKER = "http://rsync.samba.org/bugzilla.html"	4	BUGTRACKER = "http://rsync.samba.org/bugzilla.html"
4	SECTION = "console/network"	5	SECTION = "console/network"
5	# GPLv2+ (<< 3.0.0), GPLv3+ (>= 3.0.0)	6	# GPLv2+ (<< 3.0.0), GPLv3+ (>= 3.0.0)
@@ -15,6 +16,8 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
15	file://CVE-2016-9841.patch \	16	file://CVE-2016-9841.patch \
16	file://CVE-2016-9842.patch \	17	file://CVE-2016-9842.patch \
17	file://CVE-2016-9843.patch \	18	file://CVE-2016-9843.patch \
		19	file://CVE-2022-29154.patch \
		20	file://0001-Fix-relative-when-copying-an-absolute-path.patch \
18	"	21	"
19		22
20	SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf"	23	SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf"