diff --git a/srcpkgs/rsync/patches/CVE-2017-16548.patch b/srcpkgs/rsync/patches/CVE-2017-16548.patch new file mode 100644 index 00000000000..8b166a5db75 --- /dev/null +++ b/srcpkgs/rsync/patches/CVE-2017-16548.patch @@ -0,0 +1,17 @@ +X-Git-Url: https://git.samba.org/rsync.git/?p=rsync.git;a=blobdiff_plain;f=xattrs.c;h=4867e6f5b8ad2934d43b06f3b99b7b3690a6dc7a;hp=68305d7559b34f5cc2f196b74429b82fa6ff49dd;hb=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1;hpb=bc112b0e7feece62ce98708092306639a8a53cce + +diff --git a/xattrs.c b/xattrs.c +index 68305d7..4867e6f 100644 +--- xattrs.c ++++ xattrs.c +@@ -824,6 +824,10 @@ void receive_xattr(int f, struct file_struct *file) + out_of_memory("receive_xattr"); + name = ptr + dget_len + extra_len; + read_buf(f, name, name_len); ++ if (name_len < 1 || name[name_len-1] != '\0') { ++ rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n"); ++ exit_cleanup(RERR_FILEIO); ++ } + if (dget_len == datum_len) + read_buf(f, ptr, dget_len); + else { diff --git a/srcpkgs/rsync/patches/CVE-2017-17433.patch b/srcpkgs/rsync/patches/CVE-2017-17433.patch new file mode 100644 index 00000000000..06c7ac4e5e7 --- /dev/null +++ b/srcpkgs/rsync/patches/CVE-2017-17433.patch @@ -0,0 +1,32 @@ +X-Git-Url: https://git.samba.org/?p=rsync.git;a=blobdiff_plain;f=receiver.c;h=9fdafa152cb38d0fa8191b14af5cfc49a06a185c;hp=baae3a919cdd5db81afdb6c6bacd22081ff098e5;hb=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51;hpb=416e719bea4f5466c8dd2b34cac0059b6ff84ff3 + +diff --git a/receiver.c b/receiver.c +index baae3a9..9fdafa1 100644 +--- receiver.c ++++ receiver.c +@@ -574,6 +574,12 @@ int recv_files(int f_in, int f_out, char *local_name) + file = dir_flist->files[cur_flist->parent_ndx]; + fname = local_name ? local_name : f_name(file, fbuf); + ++ if (daemon_filter_list.head ++ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { ++ rprintf(FERROR, "attempt to hack rsync failed.\n"); ++ exit_cleanup(RERR_PROTOCOL); ++ } ++ + if (DEBUG_GTE(RECV, 1)) + rprintf(FINFO, "recv_files(%s)\n", fname); + +@@ -645,12 +651,6 @@ int recv_files(int f_in, int f_out, char *local_name) + + cleanup_got_literal = 0; + +- if (daemon_filter_list.head +- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { +- rprintf(FERROR, "attempt to hack rsync failed.\n"); +- exit_cleanup(RERR_PROTOCOL); +- } +- + if (read_batch) { + int wanted = redoing + ? we_want_redo(ndx) diff --git a/srcpkgs/rsync/patches/CVE-2017-17434.patch b/srcpkgs/rsync/patches/CVE-2017-17434.patch new file mode 100644 index 00000000000..0bdb93d316d --- /dev/null +++ b/srcpkgs/rsync/patches/CVE-2017-17434.patch @@ -0,0 +1,42 @@ +X-Git-Url: https://git.samba.org/?p=rsync.git;a=blobdiff_plain;f=receiver.c;h=9c46242e013c4d447b17b00bbb705a96a5c92ed1;hp=9fdafa152cb38d0fa8191b14af5cfc49a06a185c;hb=5509597decdbd7b91994210f700329d8a35e70a1;hpb=70aeb5fddd1b2f8e143276f8d5a085db16c593b9 + +diff --git a/receiver.c b/receiver.c +index 9fdafa1..9c46242 100644 +--- receiver.c ++++ receiver.c +@@ -722,7 +722,7 @@ int recv_files(int f_in, int f_out, char *local_name) + break; + } + if (!fnamecmp || (daemon_filter_list.head +- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0)) { ++ && check_filter(&daemon_filter_list, FLOG, fnamecmp, 0) < 0)) { + fnamecmp = fname; + fnamecmp_type = FNAMECMP_FNAME; + } + +X-Git-Url: https://git.samba.org/?p=rsync.git;a=blobdiff_plain;f=rsync.c;h=a0945ba4e7f5a154854d12e16f193145d9d0b7b1;hp=b82e59881018a906ce91451674ee5e3e7c658a1e;hb=70aeb5fddd1b2f8e143276f8d5a085db16c593b9;hpb=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 + +diff --git a/rsync.c b/rsync.c +index b82e598..a0945ba 100644 +--- rsync.c ++++ rsync.c +@@ -49,6 +49,7 @@ extern int flist_eof; + extern int file_old_total; + extern int keep_dirlinks; + extern int make_backups; ++extern int sanitize_paths; + extern struct file_list *cur_flist, *first_flist, *dir_flist; + extern struct chmod_mode_struct *daemon_chmod_modes; + #ifdef ICONV_OPTION +@@ -396,6 +397,11 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, + if (iflags & ITEM_XNAME_FOLLOWS) { + if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0) + exit_cleanup(RERR_PROTOCOL); ++ ++ if (sanitize_paths) { ++ sanitize_path(buf, buf, "", 0, SP_DEFAULT); ++ len = strlen(buf); ++ } + } else { + *buf = '\0'; + len = -1; diff --git a/srcpkgs/rsync/template b/srcpkgs/rsync/template index 2f8caef9d06..24ad8f4021e 100644 --- a/srcpkgs/rsync/template +++ b/srcpkgs/rsync/template @@ -1,7 +1,7 @@ # Template file for 'rsync' pkgname=rsync version=3.1.2 -revision=1 +revision=2 build_style=gnu-configure conf_files="/etc/rsyncd.conf" hostmakedepends="perl"