diff options
| author | Archana Polampalli <archana.polampalli@windriver.com> | 2025-01-16 15:15:07 +0000 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-01-25 06:20:37 -0800 |
| commit | 61587111989252119cce4c1c26503e986f9efd7a (patch) | |
| tree | 9f9012054a1dc4351e25d03922b9f2b179248109 /meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch | |
| parent | dfbd3aac89fe9344d752ff8e77f0afe25bcd6866 (diff) | |
| download | poky-61587111989252119cce4c1c26503e986f9efd7a.tar.gz | |
rsync: fix CVE-2024-12087
A path traversal vulnerability exists in rsync. It stems from behavior enabled
by the `--inc-recursive` option, a default-enabled option for many client options
and can be enabled by the server even if not explicitly enabled by the client.
When using the `--inc-recursive` option, a lack of proper symlink verification
coupled with deduplication checks occurring on a per-file-list basis could allow
a server to write files outside of the client's intended destination directory.
A malicious server could write malicious files to arbitrary locations named after
valid directories/paths on the client.
(From OE-Core rev: c34cbef572e18c60bb7600fda370d6c46688c7b3)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch')
| -rw-r--r-- | meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch new file mode 100644 index 0000000000..0ece69c4e7 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch | |||
| @@ -0,0 +1,40 @@ | |||
| 1 | From 996af4a79f9afe4d7158ecdd87c78cee382c6b39 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Natanael Copa <ncopa@alpinelinux.org> | ||
| 3 | Date: Wed, 15 Jan 2025 15:10:24 +0100 | ||
| 4 | Subject: [PATCH] Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED | ||
| 5 | |||
| 6 | fixes commit 688f5c379a43 (Refuse a duplicate dirlist.) | ||
| 7 | |||
| 8 | Fixes: https://github.com/RsyncProject/rsync/issues/702 | ||
| 9 | Fixes: https://github.com/RsyncProject/rsync/issues/697 | ||
| 10 | CVE: CVE-2024-12087 | ||
| 11 | |||
| 12 | Upstream-Status: Backport [https://github.com/RsyncProject/rsync/commit/996af4a79f9afe4d7158ecdd87c78cee382c6b39] | ||
| 13 | |||
| 14 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
| 15 | --- | ||
| 16 | rsync.h | 2 +- | ||
| 17 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 18 | |||
| 19 | diff --git a/rsync.h b/rsync.h | ||
| 20 | index 9be1297b..479ac484 100644 | ||
| 21 | --- a/rsync.h | ||
| 22 | +++ b/rsync.h | ||
| 23 | @@ -84,7 +84,6 @@ | ||
| 24 | #define FLAG_DUPLICATE (1<<4) /* sender */ | ||
| 25 | #define FLAG_MISSING_DIR (1<<4) /* generator */ | ||
| 26 | #define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */ | ||
| 27 | -#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */ | ||
| 28 | #define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */ | ||
| 29 | #define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */ | ||
| 30 | #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */ | ||
| 31 | @@ -93,6 +92,7 @@ | ||
| 32 | #define FLAG_SKIP_GROUP (1<<10) /* receiver/generator */ | ||
| 33 | #define FLAG_TIME_FAILED (1<<11)/* generator */ | ||
| 34 | #define FLAG_MOD_NSEC (1<<12) /* sender/receiver/generator */ | ||
| 35 | +#define FLAG_GOT_DIR_FLIST (1<<13)/* sender/receiver/generator - dir_flist only */ | ||
| 36 | |||
| 37 | /* These flags are passed to functions but not stored. */ | ||
| 38 | |||
| 39 | -- | ||
| 40 | 2.40.0 | ||