diff options
Diffstat (limited to 'meta/recipes-devtools/rsync')
3 files changed, 368 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch new file mode 100644 index 0000000000..b2e02dba97 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch | |||
@@ -0,0 +1,31 @@ | |||
1 | From fabef23bea6e9963c06e218586fda1a823e3c6bf Mon Sep 17 00:00:00 2001 | ||
2 | From: Wayne Davison <wayne@opencoder.net> | ||
3 | Date: Mon, 8 Aug 2022 21:30:21 -0700 | ||
4 | Subject: [PATCH] Fix --relative when copying an absolute path. | ||
5 | |||
6 | CVE: CVE-2022-29154 | ||
7 | Upstream-Status: Backport [https://github.com/WayneD/rsync/commit/fabef23bea6e9963c06e218586fda1a823e3c6bf] | ||
8 | Signed-off-by: Matthias Schmitz <matthias.schmitz@port4949.net> | ||
9 | --- | ||
10 | exclude.c | 4 +++- | ||
11 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
12 | |||
13 | diff --git a/exclude.c b/exclude.c | ||
14 | index 2394023f..ba5ca5a3 100644 | ||
15 | --- a/exclude.c | ||
16 | +++ b/exclude.c | ||
17 | @@ -434,8 +434,10 @@ void add_implied_include(const char *arg) | ||
18 | *p++ = *cp++; | ||
19 | break; | ||
20 | case '/': | ||
21 | - if (p[-1] == '/') /* This is safe because of the initial slash. */ | ||
22 | + if (p[-1] == '/') { /* This is safe because of the initial slash. */ | ||
23 | + cp++; | ||
24 | break; | ||
25 | + } | ||
26 | if (relative_paths) { | ||
27 | filter_rule const *ent; | ||
28 | int found = 0; | ||
29 | -- | ||
30 | 2.39.2 | ||
31 | |||
diff --git a/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch b/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch new file mode 100644 index 0000000000..61e4e03254 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch | |||
@@ -0,0 +1,334 @@ | |||
1 | From b7231c7d02cfb65d291af74ff66e7d8c507ee871 Mon Sep 17 00:00:00 2001 | ||
2 | From: Wayne Davison <wayne@opencoder.net> | ||
3 | Date: Sun, 31 Jul 2022 16:55:34 -0700 | ||
4 | Subject: [PATCH] Some extra file-list safety checks. | ||
5 | |||
6 | CVE-2022-29154 rsync: remote arbitrary files write inside the | ||
7 | |||
8 | Upstream-Status: Backport from [https://git.samba.org/?p=rsync.git;a=patch;h=b7231c7d02cfb65d291af74ff66e7d8c507ee871] | ||
9 | CVE:CVE-2022-29154 | ||
10 | Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> | ||
11 | --- | ||
12 | exclude.c | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++++- | ||
13 | flist.c | 17 ++++++- | ||
14 | io.c | 4 ++ | ||
15 | main.c | 7 ++- | ||
16 | receiver.c | 11 +++-- | ||
17 | 5 files changed, 158 insertions(+), 8 deletions(-) | ||
18 | |||
19 | diff --git a/exclude.c b/exclude.c | ||
20 | index 7989fb3..e146e96 100644 | ||
21 | --- a/exclude.c | ||
22 | +++ b/exclude.c | ||
23 | @@ -26,16 +26,21 @@ extern int am_server; | ||
24 | extern int am_sender; | ||
25 | extern int eol_nulls; | ||
26 | extern int io_error; | ||
27 | +extern int xfer_dirs; | ||
28 | +extern int recurse; | ||
29 | extern int local_server; | ||
30 | extern int prune_empty_dirs; | ||
31 | extern int ignore_perishable; | ||
32 | +extern int relative_paths; | ||
33 | extern int delete_mode; | ||
34 | extern int delete_excluded; | ||
35 | extern int cvs_exclude; | ||
36 | extern int sanitize_paths; | ||
37 | extern int protocol_version; | ||
38 | +extern int list_only; | ||
39 | extern int module_id; | ||
40 | |||
41 | +extern char *filesfrom_host; | ||
42 | extern char curr_dir[MAXPATHLEN]; | ||
43 | extern unsigned int curr_dir_len; | ||
44 | extern unsigned int module_dirlen; | ||
45 | @@ -43,8 +48,10 @@ extern unsigned int module_dirlen; | ||
46 | filter_rule_list filter_list = { .debug_type = "" }; | ||
47 | filter_rule_list cvs_filter_list = { .debug_type = " [global CVS]" }; | ||
48 | filter_rule_list daemon_filter_list = { .debug_type = " [daemon]" }; | ||
49 | +filter_rule_list implied_filter_list = { .debug_type = " [implied]" }; | ||
50 | |||
51 | int saw_xattr_filter = 0; | ||
52 | +int trust_sender_filter = 0; | ||
53 | |||
54 | /* Need room enough for ":MODS " prefix plus some room to grow. */ | ||
55 | #define MAX_RULE_PREFIX (16) | ||
56 | @@ -293,6 +300,123 @@ static void add_rule(filter_rule_list *listp, const char *pat, unsigned int pat_ | ||
57 | } | ||
58 | } | ||
59 | |||
60 | +/* Each arg the client sends to the remote sender turns into an implied include | ||
61 | + * that the receiver uses to validate the file list from the sender. */ | ||
62 | +void add_implied_include(const char *arg) | ||
63 | +{ | ||
64 | + filter_rule *rule; | ||
65 | + int arg_len, saw_wild = 0, backslash_cnt = 0; | ||
66 | + int slash_cnt = 1; /* We know we're adding a leading slash. */ | ||
67 | + const char *cp; | ||
68 | + char *p; | ||
69 | + if (relative_paths) { | ||
70 | + cp = strstr(arg, "/./"); | ||
71 | + if (cp) | ||
72 | + arg = cp+3; | ||
73 | + } else { | ||
74 | + if ((cp = strrchr(arg, '/')) != NULL) | ||
75 | + arg = cp + 1; | ||
76 | + } | ||
77 | + arg_len = strlen(arg); | ||
78 | + if (arg_len) { | ||
79 | + if (strpbrk(arg, "*[?")) { | ||
80 | + /* We need to add room to escape backslashes if wildcard chars are present. */ | ||
81 | + cp = arg; | ||
82 | + while ((cp = strchr(cp, '\\')) != NULL) { | ||
83 | + arg_len++; | ||
84 | + cp++; | ||
85 | + } | ||
86 | + saw_wild = 1; | ||
87 | + } | ||
88 | + arg_len++; /* Leave room for the prefixed slash */ | ||
89 | + rule = new0(filter_rule); | ||
90 | + if (!implied_filter_list.head) | ||
91 | + implied_filter_list.head = implied_filter_list.tail = rule; | ||
92 | + else { | ||
93 | + rule->next = implied_filter_list.head; | ||
94 | + implied_filter_list.head = rule; | ||
95 | + } | ||
96 | + rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0); | ||
97 | + p = rule->pattern = new_array(char, arg_len + 1); | ||
98 | + *p++ = '/'; | ||
99 | + cp = arg; | ||
100 | + while (*cp) { | ||
101 | + switch (*cp) { | ||
102 | + case '\\': | ||
103 | + backslash_cnt++; | ||
104 | + if (saw_wild) | ||
105 | + *p++ = '\\'; | ||
106 | + *p++ = *cp++; | ||
107 | + break; | ||
108 | + case '/': | ||
109 | + if (p[-1] == '/') /* This is safe because of the initial slash. */ | ||
110 | + break; | ||
111 | + if (relative_paths) { | ||
112 | + filter_rule const *ent; | ||
113 | + int found = 0; | ||
114 | + *p = '\0'; | ||
115 | + for (ent = implied_filter_list.head; ent; ent = ent->next) { | ||
116 | + if (ent != rule && strcmp(ent->pattern, rule->pattern) == 0) | ||
117 | + found = 1; | ||
118 | + } | ||
119 | + if (!found) { | ||
120 | + filter_rule *R_rule = new0(filter_rule); | ||
121 | + R_rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0); | ||
122 | + R_rule->pattern = strdup(rule->pattern); | ||
123 | + R_rule->u.slash_cnt = slash_cnt; | ||
124 | + R_rule->next = implied_filter_list.head; | ||
125 | + implied_filter_list.head = R_rule; | ||
126 | + } | ||
127 | + } | ||
128 | + slash_cnt++; | ||
129 | + *p++ = *cp++; | ||
130 | + break; | ||
131 | + default: | ||
132 | + *p++ = *cp++; | ||
133 | + break; | ||
134 | + } | ||
135 | + } | ||
136 | + *p = '\0'; | ||
137 | + rule->u.slash_cnt = slash_cnt; | ||
138 | + arg = (const char *)rule->pattern; | ||
139 | + } | ||
140 | + | ||
141 | + if (recurse || xfer_dirs) { | ||
142 | + /* Now create a rule with an added "/" & "**" or "*" at the end */ | ||
143 | + rule = new0(filter_rule); | ||
144 | + if (recurse) | ||
145 | + rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD | FILTRULE_WILD2; | ||
146 | + else | ||
147 | + rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD; | ||
148 | + /* A +4 in the len leaves enough room for / * * \0 or / * \0 \0 */ | ||
149 | + if (!saw_wild && backslash_cnt) { | ||
150 | + /* We are appending a wildcard, so now the backslashes need to be escaped. */ | ||
151 | + p = rule->pattern = new_array(char, arg_len + backslash_cnt + 3 + 1); | ||
152 | + cp = arg; | ||
153 | + while (*cp) { | ||
154 | + if (*cp == '\\') | ||
155 | + *p++ = '\\'; | ||
156 | + *p++ = *cp++; | ||
157 | + } | ||
158 | + } else { | ||
159 | + p = rule->pattern = new_array(char, arg_len + 3 + 1); | ||
160 | + if (arg_len) { | ||
161 | + memcpy(p, arg, arg_len); | ||
162 | + p += arg_len; | ||
163 | + } | ||
164 | + } | ||
165 | + if (p[-1] != '/') | ||
166 | + *p++ = '/'; | ||
167 | + *p++ = '*'; | ||
168 | + if (recurse) | ||
169 | + *p++ = '*'; | ||
170 | + *p = '\0'; | ||
171 | + rule->u.slash_cnt = slash_cnt + 1; | ||
172 | + rule->next = implied_filter_list.head; | ||
173 | + implied_filter_list.head = rule; | ||
174 | + } | ||
175 | +} | ||
176 | + | ||
177 | /* This frees any non-inherited items, leaving just inherited items on the list. */ | ||
178 | static void pop_filter_list(filter_rule_list *listp) | ||
179 | { | ||
180 | @@ -721,7 +845,7 @@ static void report_filter_result(enum logcode code, char const *name, | ||
181 | : name_flags & NAME_IS_DIR ? "directory" | ||
182 | : "file"; | ||
183 | rprintf(code, "[%s] %sing %s %s because of pattern %s%s%s\n", | ||
184 | - w, actions[*w!='s'][!(ent->rflags & FILTRULE_INCLUDE)], | ||
185 | + w, actions[*w=='g'][!(ent->rflags & FILTRULE_INCLUDE)], | ||
186 | t, name, ent->pattern, | ||
187 | ent->rflags & FILTRULE_DIRECTORY ? "/" : "", type); | ||
188 | } | ||
189 | @@ -894,6 +1018,7 @@ static filter_rule *parse_rule_tok(const char **rulestr_ptr, | ||
190 | } | ||
191 | switch (ch) { | ||
192 | case ':': | ||
193 | + trust_sender_filter = 1; | ||
194 | rule->rflags |= FILTRULE_PERDIR_MERGE | ||
195 | | FILTRULE_FINISH_SETUP; | ||
196 | /* FALL THROUGH */ | ||
197 | diff --git a/flist.c b/flist.c | ||
198 | index 499440c..630d685 100644 | ||
199 | --- a/flist.c | ||
200 | +++ b/flist.c | ||
201 | @@ -70,6 +70,7 @@ extern int need_unsorted_flist; | ||
202 | extern int sender_symlink_iconv; | ||
203 | extern int output_needs_newline; | ||
204 | extern int sender_keeps_checksum; | ||
205 | +extern int trust_sender_filter; | ||
206 | extern int unsort_ndx; | ||
207 | extern uid_t our_uid; | ||
208 | extern struct stats stats; | ||
209 | @@ -80,8 +81,7 @@ extern char curr_dir[MAXPATHLEN]; | ||
210 | |||
211 | extern struct chmod_mode_struct *chmod_modes; | ||
212 | |||
213 | -extern filter_rule_list filter_list; | ||
214 | -extern filter_rule_list daemon_filter_list; | ||
215 | +extern filter_rule_list filter_list, implied_filter_list, daemon_filter_list; | ||
216 | |||
217 | #ifdef ICONV_OPTION | ||
218 | extern int filesfrom_convert; | ||
219 | @@ -904,6 +904,19 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x | ||
220 | exit_cleanup(RERR_UNSUPPORTED); | ||
221 | } | ||
222 | |||
223 | + if (*thisname != '.' || thisname[1] != '\0') { | ||
224 | + int filt_flags = S_ISDIR(mode) ? NAME_IS_DIR : NAME_IS_FILE; | ||
225 | + if (!trust_sender_filter /* a per-dir filter rule means we must trust the sender's filtering */ | ||
226 | + && filter_list.head && check_filter(&filter_list, FINFO, thisname, filt_flags) < 0) { | ||
227 | + rprintf(FERROR, "ERROR: rejecting excluded file-list name: %s\n", thisname); | ||
228 | + exit_cleanup(RERR_PROTOCOL); | ||
229 | + } | ||
230 | + if (implied_filter_list.head && check_filter(&implied_filter_list, FINFO, thisname, filt_flags) <= 0) { | ||
231 | + rprintf(FERROR, "ERROR: rejecting unrequested file-list name: %s\n", thisname); | ||
232 | + exit_cleanup(RERR_PROTOCOL); | ||
233 | + } | ||
234 | + } | ||
235 | + | ||
236 | if (inc_recurse && S_ISDIR(mode)) { | ||
237 | if (one_file_system) { | ||
238 | /* Room to save the dir's device for -x */ | ||
239 | diff --git a/io.c b/io.c | ||
240 | index c04dbd5..698a7da 100644 | ||
241 | --- a/io.c | ||
242 | +++ b/io.c | ||
243 | @@ -415,6 +415,7 @@ static void forward_filesfrom_data(void) | ||
244 | while (s != eob) { | ||
245 | if (*s++ == '\0') { | ||
246 | ff_xb.len = s - sob - 1; | ||
247 | + add_implied_include(sob); | ||
248 | if (iconvbufs(ic_send, &ff_xb, &iobuf.out, flags) < 0) | ||
249 | exit_cleanup(RERR_PROTOCOL); /* impossible? */ | ||
250 | write_buf(iobuf.out_fd, s-1, 1); /* Send the '\0'. */ | ||
251 | @@ -446,9 +447,12 @@ static void forward_filesfrom_data(void) | ||
252 | char *f = ff_xb.buf + ff_xb.pos; | ||
253 | char *t = ff_xb.buf; | ||
254 | char *eob = f + len; | ||
255 | + char *cur = t; | ||
256 | /* Eliminate any multi-'\0' runs. */ | ||
257 | while (f != eob) { | ||
258 | if (!(*t++ = *f++)) { | ||
259 | + add_implied_include(cur); | ||
260 | + cur = t; | ||
261 | while (f != eob && *f == '\0') | ||
262 | f++; | ||
263 | } | ||
264 | diff --git a/main.c b/main.c | ||
265 | index ee9630f..6ec56e7 100644 | ||
266 | --- a/main.c | ||
267 | +++ b/main.c | ||
268 | @@ -78,6 +78,7 @@ extern BOOL flist_receiving_enabled; | ||
269 | extern BOOL shutting_down; | ||
270 | extern int backup_dir_len; | ||
271 | extern int basis_dir_cnt; | ||
272 | +extern int trust_sender_filter; | ||
273 | extern struct stats stats; | ||
274 | extern char *stdout_format; | ||
275 | extern char *logfile_format; | ||
276 | @@ -93,7 +94,7 @@ extern char curr_dir[MAXPATHLEN]; | ||
277 | extern char backup_dir_buf[MAXPATHLEN]; | ||
278 | extern char *basis_dir[MAX_BASIS_DIRS+1]; | ||
279 | extern struct file_list *first_flist; | ||
280 | -extern filter_rule_list daemon_filter_list; | ||
281 | +extern filter_rule_list daemon_filter_list, implied_filter_list; | ||
282 | |||
283 | uid_t our_uid; | ||
284 | gid_t our_gid; | ||
285 | @@ -534,6 +535,7 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char **remote_argv, in | ||
286 | #ifdef ICONV_CONST | ||
287 | setup_iconv(); | ||
288 | #endif | ||
289 | + trust_sender_filter = 1; | ||
290 | } else if (local_server) { | ||
291 | /* If the user didn't request --[no-]whole-file, force | ||
292 | * it on, but only if we're not batch processing. */ | ||
293 | @@ -1358,6 +1360,8 @@ static int start_client(int argc, char *argv[]) | ||
294 | char *dummy_host; | ||
295 | int dummy_port = rsync_port; | ||
296 | int i; | ||
297 | + if (filesfrom_fd < 0) | ||
298 | + add_implied_include(remote_argv[0]); | ||
299 | /* For remote source, any extra source args must have either | ||
300 | * the same hostname or an empty hostname. */ | ||
301 | for (i = 1; i < remote_argc; i++) { | ||
302 | @@ -1381,6 +1385,7 @@ static int start_client(int argc, char *argv[]) | ||
303 | if (!rsync_port && !*arg) /* Turn an empty arg into a dot dir. */ | ||
304 | arg = "."; | ||
305 | remote_argv[i] = arg; | ||
306 | + add_implied_include(arg); | ||
307 | } | ||
308 | } | ||
309 | |||
310 | diff --git a/receiver.c b/receiver.c | ||
311 | index d6a48f1..c0aa893 100644 | ||
312 | --- a/receiver.c | ||
313 | +++ b/receiver.c | ||
314 | @@ -577,10 +577,13 @@ int recv_files(int f_in, int f_out, char *local_name) | ||
315 | if (DEBUG_GTE(RECV, 1)) | ||
316 | rprintf(FINFO, "recv_files(%s)\n", fname); | ||
317 | |||
318 | - if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0') | ||
319 | - && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { | ||
320 | - rprintf(FERROR, "attempt to hack rsync failed.\n"); | ||
321 | - exit_cleanup(RERR_PROTOCOL); | ||
322 | + if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0')) { | ||
323 | + int filt_flags = S_ISDIR(file->mode) ? NAME_IS_DIR : NAME_IS_FILE; | ||
324 | + if (check_filter(&daemon_filter_list, FLOG, fname, filt_flags) < 0) { | ||
325 | + rprintf(FERROR, "ERROR: rejecting file transfer request for daemon excluded file: %s\n", | ||
326 | + fname); | ||
327 | + exit_cleanup(RERR_PROTOCOL); | ||
328 | + } | ||
329 | } | ||
330 | |||
331 | #ifdef SUPPORT_XATTRS | ||
332 | -- | ||
333 | 2.30.2 | ||
334 | |||
diff --git a/meta/recipes-devtools/rsync/rsync_3.1.3.bb b/meta/recipes-devtools/rsync/rsync_3.1.3.bb index 152ff02a25..c744503227 100644 --- a/meta/recipes-devtools/rsync/rsync_3.1.3.bb +++ b/meta/recipes-devtools/rsync/rsync_3.1.3.bb | |||
@@ -1,5 +1,6 @@ | |||
1 | SUMMARY = "File synchronization tool" | 1 | SUMMARY = "File synchronization tool" |
2 | HOMEPAGE = "http://rsync.samba.org/" | 2 | HOMEPAGE = "http://rsync.samba.org/" |
3 | DESCRIPTION = "rsync is an open source utility that provides fast incremental file transfer." | ||
3 | BUGTRACKER = "http://rsync.samba.org/bugzilla.html" | 4 | BUGTRACKER = "http://rsync.samba.org/bugzilla.html" |
4 | SECTION = "console/network" | 5 | SECTION = "console/network" |
5 | # GPLv2+ (<< 3.0.0), GPLv3+ (>= 3.0.0) | 6 | # GPLv2+ (<< 3.0.0), GPLv3+ (>= 3.0.0) |
@@ -15,6 +16,8 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ | |||
15 | file://CVE-2016-9841.patch \ | 16 | file://CVE-2016-9841.patch \ |
16 | file://CVE-2016-9842.patch \ | 17 | file://CVE-2016-9842.patch \ |
17 | file://CVE-2016-9843.patch \ | 18 | file://CVE-2016-9843.patch \ |
19 | file://CVE-2022-29154.patch \ | ||
20 | file://0001-Fix-relative-when-copying-an-absolute-path.patch \ | ||
18 | " | 21 | " |
19 | 22 | ||
20 | SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf" | 23 | SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf" |