Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: update rsync to 3.3.0+ds1-4 #4

Merged
merged 1 commit into from
Jan 16, 2025
+86 −0
Merged

feat: update rsync to 3.3.0+ds1-4 #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions debian/changelog
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,14 @@
rsync (3.3.0+ds1-4) unstable; urgency=critical

[ Salvatore Bonaccorso ]
* Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED
(Closes: #1093089, #1093052)

[ Samuel Henrique ]
* d/p/Fix_use-after-free_in_generator: New patch to fix UAF

-- Samuel Henrique <[email protected]> Wed, 15 Jan 2025 18:34:49 +0000

rsync (3.3.0+ds1-3) unstable; urgency=critical

* Import upstream patches for CVE-2024-12084, CVE-2024-12085,
Expand Down
40 changes: 40 additions & 0 deletions debian/patches/Fix-FLAG_GOT_DIR_FLIST-collission-with-FLAG_HLINKED.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
From: Natanael Copa <[email protected]>
Date: Wed, 15 Jan 2025 15:10:24 +0100
Subject: Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED
Origin: https://github.com/ncopa/rsync/commit/efb85fd8db9e8f74eb3ab91ebf44f6ed35e3da5b
Bug: https://github.com/RsyncProject/rsync/issues/697
Bug-Debian: https://bugs.debian.org/1093089
Bug-Debian: https://bugs.debian.org/1093052
Bug: https://github.com/RsyncProject/rsync/issues/702

fixes commit 688f5c379a43 (Refuse a duplicate dirlist.)

Fixes: https://github.com/RsyncProject/rsync/issues/702
Fixes: https://github.com/RsyncProject/rsync/issues/697
---
rsync.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rsync.h b/rsync.h
index 9be1297bdd29..479ac4848991 100644
--- a/rsync.h
+++ b/rsync.h
@@ -84,7 +84,6 @@
#define FLAG_DUPLICATE (1<<4) /* sender */
#define FLAG_MISSING_DIR (1<<4) /* generator */
#define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */
-#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */
#define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */
#define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */
#define FLAG_HLINK_LAST (1<<7) /* receiver/generator */
@@ -93,6 +92,7 @@
#define FLAG_SKIP_GROUP (1<<10) /* receiver/generator */
#define FLAG_TIME_FAILED (1<<11)/* generator */
#define FLAG_MOD_NSEC (1<<12) /* sender/receiver/generator */
+#define FLAG_GOT_DIR_FLIST (1<<13)/* sender/receiver/generator - dir_flist only */

/* These flags are passed to functions but not stored. */

--
2.47.1

31 changes: 31 additions & 0 deletions debian/patches/Fix_use-after-free_in_generator.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
From f923b19fd85039a2b0e908391074872334646d51 Mon Sep 17 00:00:00 2001
From: Natanael Copa <[email protected]>
Date: Wed, 15 Jan 2025 15:48:04 +0100
Subject: [PATCH] Fix use-after-free in generator

full_fname() will free the return value in the next call so we need to
duplicate it before passing it to rsyserr.

Fixes: https://github.com/RsyncProject/rsync/issues/704
---
generator.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/generator.c b/generator.c
index 3f13bb95..b56fa569 100644
--- a/generator.c
+++ b/generator.c
@@ -2041,8 +2041,12 @@ int atomic_create(struct file_struct *file, char *fname, const char *slnk, const

if (!skip_atomic) {
if (do_rename(tmpname, fname) < 0) {
+ char *full_tmpname = strdup(full_fname(tmpname));
+ if (full_tmpname == NULL)
+ out_of_memory("atomic_create");
rsyserr(FERROR_XFER, errno, "rename %s -> \"%s\" failed",
- full_fname(tmpname), full_fname(fname));
+ full_tmpname, full_fname(fname));
+ free(full_tmpname);
do_unlink(tmpname);
return 0;
}
4 changes: 4 additions & 0 deletions debian/patches/series
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,7 @@ rsync-upstream-CVE-patches-v3/CVE-2024-12747/0001-fixed-symlink-race-condition-i
rsync-upstream-CVE-patches-v3/version_update/0001-raise-protocol-version-to-32.patch
rsync-upstream-CVE-patches-v3/version_update/0002-change-version-to-3.4.0.patch
rsync-upstream-CVE-patches-v3/version_update/0003-update-NEWS-for-3.4.0.patch

# Regression from CVE-2024-12087 (#1093052)
Fix-FLAG_GOT_DIR_FLIST-collission-with-FLAG_HLINKED.patch
Fix_use-after-free_in_generator.patch
Loading