-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: update rsync to 3.3.0+ds1-4 (#4)
- Loading branch information
1 parent
9514a42
commit 0234cd5
Showing
4 changed files
with
86 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,14 @@ | ||
| rsync (3.3.0+ds1-4) unstable; urgency=critical | ||
|
|
||
| [ Salvatore Bonaccorso ] | ||
| * Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED | ||
| (Closes: #1093089, #1093052) | ||
|
|
||
| [ Samuel Henrique ] | ||
| * d/p/Fix_use-after-free_in_generator: New patch to fix UAF | ||
|
|
||
| -- Samuel Henrique <[email protected]> Wed, 15 Jan 2025 18:34:49 +0000 | ||
|
|
||
| rsync (3.3.0+ds1-3) unstable; urgency=critical | ||
|
|
||
| * Import upstream patches for CVE-2024-12084, CVE-2024-12085, | ||
|
|
||
40 changes: 40 additions & 0 deletions
40
debian/patches/Fix-FLAG_GOT_DIR_FLIST-collission-with-FLAG_HLINKED.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| From: Natanael Copa <[email protected]> | ||
| Date: Wed, 15 Jan 2025 15:10:24 +0100 | ||
| Subject: Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED | ||
| Origin: https://github.com/ncopa/rsync/commit/efb85fd8db9e8f74eb3ab91ebf44f6ed35e3da5b | ||
| Bug: https://github.com/RsyncProject/rsync/issues/697 | ||
| Bug-Debian: https://bugs.debian.org/1093089 | ||
| Bug-Debian: https://bugs.debian.org/1093052 | ||
| Bug: https://github.com/RsyncProject/rsync/issues/702 | ||
|
|
||
| fixes commit 688f5c379a43 (Refuse a duplicate dirlist.) | ||
|
|
||
| Fixes: https://github.com/RsyncProject/rsync/issues/702 | ||
| Fixes: https://github.com/RsyncProject/rsync/issues/697 | ||
| --- | ||
| rsync.h | 2 +- | ||
| 1 file changed, 1 insertion(+), 1 deletion(-) | ||
|
|
||
| diff --git a/rsync.h b/rsync.h | ||
| index 9be1297bdd29..479ac4848991 100644 | ||
| --- a/rsync.h | ||
| +++ b/rsync.h | ||
| @@ -84,7 +84,6 @@ | ||
| #define FLAG_DUPLICATE (1<<4) /* sender */ | ||
| #define FLAG_MISSING_DIR (1<<4) /* generator */ | ||
| #define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */ | ||
| -#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */ | ||
| #define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */ | ||
| #define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */ | ||
| #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */ | ||
| @@ -93,6 +92,7 @@ | ||
| #define FLAG_SKIP_GROUP (1<<10) /* receiver/generator */ | ||
| #define FLAG_TIME_FAILED (1<<11)/* generator */ | ||
| #define FLAG_MOD_NSEC (1<<12) /* sender/receiver/generator */ | ||
| +#define FLAG_GOT_DIR_FLIST (1<<13)/* sender/receiver/generator - dir_flist only */ | ||
|
|
||
| /* These flags are passed to functions but not stored. */ | ||
|
|
||
| -- | ||
| 2.47.1 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| From f923b19fd85039a2b0e908391074872334646d51 Mon Sep 17 00:00:00 2001 | ||
| From: Natanael Copa <[email protected]> | ||
| Date: Wed, 15 Jan 2025 15:48:04 +0100 | ||
| Subject: [PATCH] Fix use-after-free in generator | ||
|
|
||
| full_fname() will free the return value in the next call so we need to | ||
| duplicate it before passing it to rsyserr. | ||
|
|
||
| Fixes: https://github.com/RsyncProject/rsync/issues/704 | ||
| --- | ||
| generator.c | 6 +++++- | ||
| 1 file changed, 5 insertions(+), 1 deletion(-) | ||
|
|
||
| diff --git a/generator.c b/generator.c | ||
| index 3f13bb95..b56fa569 100644 | ||
| --- a/generator.c | ||
| +++ b/generator.c | ||
| @@ -2041,8 +2041,12 @@ int atomic_create(struct file_struct *file, char *fname, const char *slnk, const | ||
|
|
||
| if (!skip_atomic) { | ||
| if (do_rename(tmpname, fname) < 0) { | ||
| + char *full_tmpname = strdup(full_fname(tmpname)); | ||
| + if (full_tmpname == NULL) | ||
| + out_of_memory("atomic_create"); | ||
| rsyserr(FERROR_XFER, errno, "rename %s -> \"%s\" failed", | ||
| - full_fname(tmpname), full_fname(fname)); | ||
| + full_tmpname, full_fname(fname)); | ||
| + free(full_tmpname); | ||
| do_unlink(tmpname); | ||
| return 0; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters