diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2025-01-19 18:40:22 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2025-01-19 18:40:22 +0000 |
| commit | f3262cc6aeed05b753fce4aa16615758fd788ea7 (patch) | |
| tree | d00a9107f9a05ad12aaffa516ad50ba69b71b5af /debian | |
| parent | Merging upstream version 3.3.0+ds1. (diff) | |
| download | rsync-f3262cc6aeed05b753fce4aa16615758fd788ea7.tar.xz rsync-f3262cc6aeed05b753fce4aa16615758fd788ea7.zip | |
Merging debian version 3.3.0+ds1-4.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
24 files changed, 1656 insertions, 45 deletions
diff --git a/debian/changelog b/debian/changelog index 992eeb7..c387787 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,69 @@ +rsync (3.3.0+ds1-4) unstable; urgency=critical + + [ Salvatore Bonaccorso ] + * Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED + (Closes: #1093089, #1093052) + + [ Samuel Henrique ] + * d/p/Fix_use-after-free_in_generator: New patch to fix UAF + + -- Samuel Henrique <samueloph@debian.org> Wed, 15 Jan 2025 18:34:49 +0000 + +rsync (3.3.0+ds1-3) unstable; urgency=critical + + * Import upstream patches for CVE-2024-12084, CVE-2024-12085, + CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747 + - d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12084 + ~ 0001-Some-checksum-buffer-fixes.patch + ~ 0002-Another-cast-when-multiplying-integers.patch + - d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12085 + ~ 0001-prevent-information-leak-off-the-stack.patch + - d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12086 + ~ 0001-refuse-fuzzy-options-when-fuzzy-not-selected.patch + ~ 0002-added-secure_relative_open.patch + ~ 0003-receiver-use-secure_relative_open-for-basis-file.patch + ~ 0004-disallow-.-elements-in-relpath-for-secure_relative_o.patch + - d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12087 + ~ 0001-Refuse-a-duplicate-dirlist.patch + ~ 0002-range-check-dir_ndx-before-use.patch + - d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12088 + ~ 0001-make-safe-links-stricter.patch + - d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12747 + ~ 0001-fixed-symlink-race-condition-in-sender.patch + - d/p/rsync-upstream-CVE-patches-v3/version_update + ~ 0001-raise-protocol-version-to-32.patch + ~ 0002-change-version-to-3.4.0.patch + ~ 0003-update-NEWS-for-3.4.0.patch + + -- Samuel Henrique <samueloph@debian.org> Sun, 12 Jan 2025 15:40:14 +0000 + +rsync (3.3.0+ds1-2) unstable; urgency=medium + + * d/watch: Set repacksuffix to +ds1 to fix salsa CI + * d/p/configure_ac...: New patch to fix IPv6 support, thanks to Simon + Ruderich for the bug report (closes: #1090328) + + -- Samuel Henrique <samueloph@debian.org> Tue, 17 Dec 2024 18:56:13 +0000 + +rsync (3.3.0+ds1-1) unstable; urgency=medium + + * Team upload. + + [ Samuel Henrique ] + * New upstream version 3.3.0+ds + - Repack to remove the zlib bundled library + + [ Matheus Polkorny ] + * New upstream version 3.3.0+ds1 + - Repack to remove the popt bundled library + * d/copyright: Update to comply with 1.0 format and exclude popt/* + * d/gbp.conf: Remove export-dir configuration + * d/rules: fix build failure due to missing zlib/dummy.in and popt/dummy.in + * d/t/upstream-tests: Run d/rules override_dh_auto_configure during setup + * d/watch: add +ds suffix to version + + -- Matheus Polkorny <mpolkorny@gmail.com> Sat, 07 Dec 2024 20:54:11 -0300 + rsync (3.3.0-1~progress7.99u1) graograman-backports; urgency=medium * Uploading to graograman-backports, remaining changes: diff --git a/debian/copyright b/debian/copyright index 881aacf..f6ec9b4 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,48 +1,464 @@ -This file will be updated to use the new dep5 schema soon, please -reach out to the maintainers if you'd like to help with that. +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: rsync +Upstream-Contact: Wayne Davison <wayne@opencoder.net> +Source: https://github.com/RsyncProject/rsync +Files-Excluded: zlib/* + popt/* +Comment: The zlib/ and popt/ directories were excluded because they contain + bundled libraries that are already provided -This is Debian's prepackaged version of Andrew Tridgell and -Paul Mackerras' rsync utility. +Files: * +Copyright: 1996 Paul Mackerras <paulus@ozlabs.org> + 1996-2011 Andrew Tridgell <andrew@tridgell.net> + 2003-2024 Wayne Davison <wayne@opencoder.net> +License: GPL-3+ -This package provides the rsync program, which is a replacement -for rcp that uses the rsync algorythm to transfer only the -differences between two sets of files. +Files: main.c + io.c + progress.c + delete.c + cleanup.c + flist.c + pipe.c + generator.c + util1.c + rsync.h + exclude.c + util2.c + hlink.c + lib/permstring.c +Copyright: 1996 Paul Mackerras <paulus@ozlabs.org> + 1996-2001 Andrew Tridgell <andrew@tridgell.net> + 2001, 2002 Martin Pool <mbp@samba.org> + 2002-2024 Wayne Davison <wayne@opencoder.net> +License: GPL-3+ -This package was put together by Philip Hands <phil@hands.com>, -from sources obtained from: - http://rsync.samba.org/ftp/rsync/rsync-2.5.4.tar.gz -The current version was downloaded from: - https://rsync.samba.org/ftp/rsync/src/rsync-3.2.0.tar.gz -on 2018-12-02 by Samuel Henrique <samueloph@debian.org>. +Files: log.c + socket.c + clientname.c + syscall.c + options.c + lib/compat.c + clientserver.c + fileio.c +Copyright: 1992-2001 Andrew Tridgell <tridge@samba.org> + 2000-2002 Martin Pool <mbp@samba.org> + 2002-2023 Wayne Davison <wayne@opencoder.net> +License: GPL-3+ -See the debian/patches/ directory for the Debian specific changes. +Files: t_stub.c + t_unsafe.c + tls.c + loadparm.c + trimslash.c +Copyright: 2001, 2002 Martin Pool <mbp@samba.org> + 2003-2022 Wayne Davison <wayne@opencoder.net> +License: GPL-3+ +Files: xattrs.c + lib/sysxattrs.c +Copyright: 2003-2022 Wayne Davison <wayne@opencoder.net> + 2004 Red Hat, Inc +License: GPL-3+ -COPYRIGHT ---------- +Files: config.guess +Copyright: 1992-2023 Free Software Foundation, Inc. +License: GPL-3+ -Copyright (C) 1996-2011 by Andrew Tridgell, Wayne Davison, and others. +Files: simd-checksum-x86_64.cpp +Copyright: 1996 Paul Mackerras <paulus@ozlabs.org> + 1996 Andrew Tridgell <tridge@samba.org> + 2004-2020 Wayne Davison <wayne@opencoder.net> + 2020 Jorrit Jongma <git@jongma.org> +License: GPL-3+ -Rsync was originally written by Andrew Tridgell and is currently -maintained by Wayne Davison. It has been improved by many developers -from around the world. +Files: batch.c +Copyright: 1999 Weiss + 2004 Chris Shoemaker + 2004-2022 Wayne Davison <wayne@opencoder.net> +License: GPL-3+ -Rsync may be used, modified and redistributed only under the terms of -the GNU General Public License, found in the file: +Files: chmod.c +Copyright: 2002 Scott Howard + 2005-2020 Wayne Davison <wayne@opencoder.net> +License: GPL-3+ - /usr/share/common-licenses/GPL-3 +Files: lib/md5.c +Copyright: 2001-2003 Christophe Devine + 2007-2022 Wayne Davison <wayne@opencoder.net> +License: GPL-3+ -on Debian systems, or at +Files: byteorder.h + access.c + backup.c + authenticate.c + errcode.h + lib/mdfour.c + connection.c +Copyright: 1992-2000 Andrew Tridgell <tridge@samba.org> + 2002-2022 Wayne Davison <wayne@opencoder.net> +License: GPL-3+ - https://www.gnu.org/licenses/gpl.html +Files: lib/getpass.c +Copyright: 2013 Roman Donchenko +License: GPL-3+ -The license of rsync also adds an OpenSSL exemption: +Files: lib/sysacls.c + lib/sysacls.h +Copyright: 2000 Jeremy Allison + 2007-2022 Wayne Davison <wayne@opencoder.net> +License: GPL-3+ -REGARDING OPENSSL AND XXHASH +Files: io.h + rounding.c + case_N.h + ifuncs.h + wildtest.c + inums.h + itypes.h + usage.c +Copyright: 2003-2022 Wayne Davison <wayne@opencoder.net> +License: GPL-3+ -In addition, as a special exception, the copyright holders give -permission to dynamically link rsync with the OpenSSL and xxhash -libraries when those libraries are being distributed in compliance -with their license terms, and to distribute a dynamically linked -combination of rsync and these libraries. This is also considered -to be covered under the GPL's System Libraries exception. +Files: params.c +Copyright: Karl Auer + Christopher Hertel +License: GPL-3+ + +Files: hashtable.c +Copyright: 2003-2022 Wayne Davison <wayne@opencoder.net> + 2006 Bob Jenkins <bob_jenkins@burtleburtle.net> +License: GPL-3+ and public-domain + +Files: checksum.c +Copyright: 1996 Paul Mackerras <paulus@ozlabs.org> + 1996 Andrew Tridgell <andrew@tridgell.net> + 2004-2023 Wayne Davison <wayne@opencoder.net> +License: GPL-3+ with OpenSSL-xxhash exception + +Files: getgroups.c +Copyright: 2002 Martin Pool <mbp@samba.org> + 2003-2020 Wayne Davison <wayne@opencoder.net> +License: GPL-3 + +Files: testsuite/hands.test + testsuite/ssh-basic.test + testsuite/longdir.test +Copyright: 1998, 1999 Philip Hands <phil@hands.com> + 2001, 2002 Martin Pool <mbp@samba.org> +License: GPL-3 with OpenSSL-xxhash exception + +Files: testsuite/exclude.test + testsuite/alt-dest.test + testsuite/chmod.test + testsuite/backup.test + testsuite/fuzzy.test + testsuite/chmod-temp-dir.test + testsuite/relative.test + testsuite/itemize.test + testsuite/merge.test + testsuite/files-from.test + testsuite/delete.test + testsuite/wildmatch.test + md-convert +Copyright: 2003-2022 Wayne Davison <wayne@opencoder.net> +License: GPL-3 with OpenSSL-xxhash exception + +Files: testsuite/duplicates.test + testsuite/daemon.test + testsuite/trimslash.test + testsuite/unsafe-byname.test + testsuite/chgrp.test + testsuite/hardlinks.test + testsuite/chmod-option.test + testsuite/symlink-ignore.test + testsuite/devices.test + testsuite/daemon-gzip-upload.test + testsuite/chown.test +Copyright: 2001, 2002 Martin Pool <mbp@samba.org> +License: GPL-3 with OpenSSL-xxhash exception + +Files: support/instant-rsyncd + testsuite/executability.test + testsuite/acls-default.test +Copyright: Matt McCutchen <matt@mattmccutchen.net> +License: GPL-3 with OpenSSL-xxhash exception + +Files: support/rrsync +Copyright: 2004 Joe Smith <js-cgi@inwap.com> + Wayne Davison <wayne@opencoder.net> +License: GPL-3 with OpenSSL-xxhash exception + +Files: testsuite/batch-mode.test +Copyright: 2004 Chris Shoemaker <c.shoemaker@cox.net> +License: GPL-3 with OpenSSL-xxhash exception + +Files: testsuite/protected-regular.test +Copyright: 2021 Achim Leitner <aleitner@lis-engineering.de> +License: GPL-3 with OpenSSL-xxhash exception + +Files: testsuite/unsafe-links.test +Copyright: Vladimír Michl <Vladimir.Michl@hlubocky.del.cz> +License: GPL-3 with OpenSSL-xxhash exception + +Files: packaging/solaris/build_pkg.sh +Copyright: Jens Apel <jens.apel@web.de> +License: GPL-3 with OpenSSL-xxhash exception + +Files: lib/wildmatch.c +Copyright: 1986 Rich $alz <rsalz@bbn.com> + Wayne Davison <wayne@opencoder.net> +License: GPL-3 with OpenSSL-xxhash exception + +Files: config.sub +Copyright: 1992-2023 Free Software Foundation, Inc. +License: GPL-3 with Autoconf-data exception + +Files: testsuite/daemon-gzip-download.test +Copyright: 2001, 2002 Martin Pool <mbp@samba.org> +License: GPL-2+ + +Files: runtests.sh +Copyright: 2001, 2002 Martin Pool <mbp@samba.org> + 2003-2022 Wayne Davison <wayne@opencoder.net> +License: GPL-2 + +Files: testsuite/rsync.fns + testhelp/maketree.py +Copyright: 2001, 2002 Martin Pool <mbp@samba.org> +License: GPL-2 + +Files: lib/getaddrinfo.c +Copyright: 1994 The Regents of the University of California + 1996-2007 The PostgreSQL Global Development Group + 2007 Jeremy Allison +License: PostgreSQL + +Files: lib/addrinfo.h +Copyright: 1994 The Regents of the University of California + 1996-2007 The PostgreSQL Global Development Group +License: PostgreSQL + +Files: lib/inet_pton.c + lib/inet_ntop.c +Copyright: 1996-2001 Internet Software Consortium +License: ISC + +Files: lib/snprintf.c +Copyright: 1995 Patrick Powell +License: snprintf + +Files: configure.sh +Copyright: 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, Inc. +License: FSF-unlimited + +Files: aclocal.m4 +Copyright: 1996-2021 Free Software Foundation, Inc. +License: FSFULLR + +Files: lib/md5-asm-x86_64.S +Copyright: 2004, Marc Bevand +License: public-domain + +Files: debian/* +Copyright: 1996-2000, 2002 Philip Hands <phil@hands.com> + 1999 Joel Klecker <espy@debian.org> + 2000 Adam Heath <doogie@debian.org> + 2001, 2022 Colin Walters <walters@debian.org> + 2002 Noel Koethe <noel@debian.org> + 2002 Wichert Akkerman <wakkerma@debian.org> + 2002 Michael Stone <mstone@debian.org> + 2004 Martin Schulze <joey@infodrom.org> + 2003-2017, 2019 Paul Slootman <paul@debian.org> + 2006 Norbert Tretkowski <nobse@backports.org> + 2007 Steve Kemp <skx@debian.org> + 2007 Nico Golde <nion@debian.org> + 2008 Moritz Muehlenhoff <jmm@debian.org> + 2008 Alexander Wirt <formorer@debian.org> + 2009, 2010 Micah Anderson <micah@debian.org> + 2017 Salvatore Bonaccorso <carnil@debian.org> + 2017 Thorsten Alteholz <debian@alteholz.de> + 2018, 2019, 2022 Chris Lamb <lamby@debian.org> + 2018 Aurelien Jarno <aurel32@debian.org> + 2018 YunQiang Su <syq@debian.org> + 2018-2024 Samuel Henrique <samueloph@debian.org> + 2020, 2021 Sergio Durigan Junior <sergiodj@debian.org> + 2021 Helmut Grohne <helmut@subdivi.de> + 2021 刘建强 <liujianqiang@uniontech.com> + 2022 Juri Grabowski <debian@jugra.de> + 2023 Aquila Macedo <aquilamacedo@riseup.net> + 2024 Matheus Polkorny <mpolkorny@gmail.com> +License: GPL-3+ + +License: GPL-3+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + On Debian GNU/Linux systems, the complete text of the GNU General + Public License can be found in `/usr/share/common-licenses/GPL-3` + +License: GPL-3+ with OpenSSL-xxhash exception + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + . + In addition, as a special exception, the copyright holders give + permission to dynamically link rsync with the OpenSSL and xxhash + libraries when those libraries are being distributed in compliance + with their license terms, and to distribute a dynamically linked + combination of rsync and these libraries. This is also considered + to be covered under the GPL's System Libraries exception. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program; if not, visit the http://fsf.org website. + +License: GPL-3 + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License version 3 as + published by the Free Software Foundation. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program; if not, visit the http://fsf.org website. + +License: GPL-3 with OpenSSL-xxhash exception + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License version 3 as + published by the Free Software Foundation. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program; if not, visit the http://fsf.org website. + . + In addition, as a special exception, the copyright holders give + permission to dynamically link rsync with the OpenSSL and xxhash + libraries when those libraries are being distributed in compliance + with their license terms, and to distribute a dynamically linked + combination of rsync and these libraries. This is also considered + to be covered under the GPL's System Libraries exception. + +License: GPL-3 with Autoconf-data exception + This file is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, see <https://www.gnu.org/licenses/>. + . + As a special exception to the GNU General Public License, if you + distribute this file as part of a program that contains a + configuration script generated by Autoconf, you may include it under + the same distribution terms that you use for the rest of that + program. This Exception is an additional permission under section 7 + of the GNU General Public License, version 3 ("GPLv3"). + +License: GPL-2+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +License: GPL-2 + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License version + 2 as published by the Free Software Foundation. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + +License: PostgreSQL + Permission to use, copy, modify, and distribute this software and its + documentation for any purpose, without fee, and without a written agreement + is hereby granted, provided that the above copyright notice and this paragraph + and the following paragraphs appear in all copies. + . + IN NO EVENT SHALL THE AUTHOR BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, + SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, + ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF + THE AUTHOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + . + THE AUTHOR SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS IS" + BASIS, AND THE AUTHOR HAS NO OBLIGATIONS TO PROVIDE MAINTENANCE, SUPPORT, + UPDATES, ENHANCEMENTS, OR MODIFICATIONS. + +License: ISC + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + . + THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM + DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, + INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING + FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, + NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +License: snprintf + This code is based on code written by Patrick Powell (papowell@astart.com) + It may be used for any purpose as long as this notice remains intact + on all source code distributions. + +License: FSF-unlimited + This configure script is free software; the Free Software Foundation + gives unlimited permission to copy, distribute and modify it. + +License: FSFULLR + This file is free software; the Free Software Foundation + gives unlimited permission to copy and/or distribute it, + with or without modifications, as long as this notice is preserved. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY, to the extent permitted by law; without + even the implied warranty of MERCHANTABILITY or FITNESS FOR A + PARTICULAR PURPOSE. + +License: public-domain + This file was explicitly placed in the public domain by its author. The + original publication can be found at: + https://www.zorinaq.com/papers/md5-amd64.html diff --git a/debian/gbp.conf b/debian/gbp.conf index 6cbc70d..8d46add 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -5,7 +5,6 @@ cleaner = /bin/true [buildpackage] sign-tags = True -export-dir = ../build-area/ ignore-branch = True [import-orig] diff --git a/debian/patches/Fix-FLAG_GOT_DIR_FLIST-collission-with-FLAG_HLINKED.patch b/debian/patches/Fix-FLAG_GOT_DIR_FLIST-collission-with-FLAG_HLINKED.patch new file mode 100644 index 0000000..bf39d9b --- /dev/null +++ b/debian/patches/Fix-FLAG_GOT_DIR_FLIST-collission-with-FLAG_HLINKED.patch @@ -0,0 +1,40 @@ +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Wed, 15 Jan 2025 15:10:24 +0100 +Subject: Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED +Origin: https://github.com/ncopa/rsync/commit/efb85fd8db9e8f74eb3ab91ebf44f6ed35e3da5b +Bug: https://github.com/RsyncProject/rsync/issues/697 +Bug-Debian: https://bugs.debian.org/1093089 +Bug-Debian: https://bugs.debian.org/1093052 +Bug: https://github.com/RsyncProject/rsync/issues/702 + +fixes commit 688f5c379a43 (Refuse a duplicate dirlist.) + +Fixes: https://github.com/RsyncProject/rsync/issues/702 +Fixes: https://github.com/RsyncProject/rsync/issues/697 +--- + rsync.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rsync.h b/rsync.h +index 9be1297bdd29..479ac4848991 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -84,7 +84,6 @@ + #define FLAG_DUPLICATE (1<<4) /* sender */ + #define FLAG_MISSING_DIR (1<<4) /* generator */ + #define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */ +-#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */ + #define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */ + #define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */ + #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */ +@@ -93,6 +92,7 @@ + #define FLAG_SKIP_GROUP (1<<10) /* receiver/generator */ + #define FLAG_TIME_FAILED (1<<11)/* generator */ + #define FLAG_MOD_NSEC (1<<12) /* sender/receiver/generator */ ++#define FLAG_GOT_DIR_FLIST (1<<13)/* sender/receiver/generator - dir_flist only */ + + /* These flags are passed to functions but not stored. */ + +-- +2.47.1 + diff --git a/debian/patches/Fix_use-after-free_in_generator.patch b/debian/patches/Fix_use-after-free_in_generator.patch new file mode 100644 index 0000000..5d3ccb2 --- /dev/null +++ b/debian/patches/Fix_use-after-free_in_generator.patch @@ -0,0 +1,31 @@ +From f923b19fd85039a2b0e908391074872334646d51 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Wed, 15 Jan 2025 15:48:04 +0100 +Subject: [PATCH] Fix use-after-free in generator + +full_fname() will free the return value in the next call so we need to +duplicate it before passing it to rsyserr. + +Fixes: https://github.com/RsyncProject/rsync/issues/704 +--- + generator.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/generator.c b/generator.c +index 3f13bb95..b56fa569 100644 +--- a/generator.c ++++ b/generator.c +@@ -2041,8 +2041,12 @@ int atomic_create(struct file_struct *file, char *fname, const char *slnk, const + + if (!skip_atomic) { + if (do_rename(tmpname, fname) < 0) { ++ char *full_tmpname = strdup(full_fname(tmpname)); ++ if (full_tmpname == NULL) ++ out_of_memory("atomic_create"); + rsyserr(FERROR_XFER, errno, "rename %s -> \"%s\" failed", +- full_fname(tmpname), full_fname(fname)); ++ full_tmpname, full_fname(fname)); ++ free(full_tmpname); + do_unlink(tmpname); + return 0; + } diff --git a/debian/patches/configure_ac_fix_failing_IPv6_check_due_to_missing_return_type.patch b/debian/patches/configure_ac_fix_failing_IPv6_check_due_to_missing_return_type.patch new file mode 100644 index 0000000..9ff542e --- /dev/null +++ b/debian/patches/configure_ac_fix_failing_IPv6_check_due_to_missing_return_type.patch @@ -0,0 +1,36 @@ +From 0dd25d4752520ed405315f1d2a8454fd507631bb Mon Sep 17 00:00:00 2001 +From: Ivan Babrou <github@ivan.computer> +Date: Mon, 1 Jan 2024 19:31:01 -0800 +Subject: [PATCH] configure.ac: fix failing IPv6 check due to missing return + type + +Fixing this warning escalated to an error, resuting in no IPv6 support: + +``` +configure.sh:7679: checking whether to enable ipv6 +configure.sh:7718: clang -o conftest -g -O2 -DHAVE_CONFIG_H -Wall -W conftest.c >&5 +conftest.c:73:1: error: type specifier missing, defaults to 'int'; ISO C99 and later do not support implicit int [-Wimplicit-int] +main() +^ +int +1 error generated. +configure.sh:7718: $? = 1 +configure.sh: program exited with status 1 +``` +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 0d868571..57ee32f3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -392,7 +392,7 @@ AS_HELP_STRING([--disable-ipv6],[disable to omit ipv6 support]), + #include <stdlib.h> + #include <sys/types.h> + #include <sys/socket.h> +-main() ++int main() + { + if (socket(AF_INET6, SOCK_STREAM, 0) < 0) + exit(1); diff --git a/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12084/0001-Some-checksum-buffer-fixes.patch b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12084/0001-Some-checksum-buffer-fixes.patch new file mode 100644 index 0000000..e5ba8dd --- /dev/null +++ b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12084/0001-Some-checksum-buffer-fixes.patch @@ -0,0 +1,151 @@ +From 0902b52f6687b1f7952422080d50b93108742e53 Mon Sep 17 00:00:00 2001 +From: Wayne Davison <wayne@opencoder.net> +Date: Tue, 29 Oct 2024 22:55:29 -0700 +Subject: [PATCH 1/2] Some checksum buffer fixes. + +- Put sum2_array into sum_struct to hold an array of sum2 checksums + that are each xfer_sum_len bytes. +- Remove sum2 buf from sum_buf. +- Add macro sum2_at() to access each sum2 array element. +- Throw an error if a sums header has an s2length larger than + xfer_sum_len. +--- + io.c | 3 ++- + match.c | 8 ++++---- + rsync.c | 5 ++++- + rsync.h | 4 +++- + sender.c | 4 +++- + 5 files changed, 16 insertions(+), 8 deletions(-) + +diff --git a/io.c b/io.c +index a99ac0ec..bb60eeca 100644 +--- a/io.c ++++ b/io.c +@@ -55,6 +55,7 @@ extern int read_batch; + extern int compat_flags; + extern int protect_args; + extern int checksum_seed; ++extern int xfer_sum_len; + extern int daemon_connection; + extern int protocol_version; + extern int remove_source_files; +@@ -1977,7 +1978,7 @@ void read_sum_head(int f, struct sum_struct *sum) + exit_cleanup(RERR_PROTOCOL); + } + sum->s2length = protocol_version < 27 ? csum_length : (int)read_int(f); +- if (sum->s2length < 0 || sum->s2length > MAX_DIGEST_LEN) { ++ if (sum->s2length < 0 || sum->s2length > xfer_sum_len) { + rprintf(FERROR, "Invalid checksum length %d [%s]\n", + sum->s2length, who_am_i()); + exit_cleanup(RERR_PROTOCOL); +diff --git a/match.c b/match.c +index cdb30a15..36e78ed2 100644 +--- a/match.c ++++ b/match.c +@@ -232,7 +232,7 @@ static void hash_search(int f,struct sum_struct *s, + done_csum2 = 1; + } + +- if (memcmp(sum2,s->sums[i].sum2,s->s2length) != 0) { ++ if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) { + false_alarms++; + continue; + } +@@ -252,7 +252,7 @@ static void hash_search(int f,struct sum_struct *s, + if (i != aligned_i) { + if (sum != s->sums[aligned_i].sum1 + || l != s->sums[aligned_i].len +- || memcmp(sum2, s->sums[aligned_i].sum2, s->s2length) != 0) ++ || memcmp(sum2, sum2_at(s, aligned_i), s->s2length) != 0) + goto check_want_i; + i = aligned_i; + } +@@ -271,7 +271,7 @@ static void hash_search(int f,struct sum_struct *s, + if (sum != s->sums[i].sum1) + goto check_want_i; + get_checksum2((char *)map, l, sum2); +- if (memcmp(sum2, s->sums[i].sum2, s->s2length) != 0) ++ if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) + goto check_want_i; + /* OK, we have a re-alignment match. Bump the offset + * forward to the new match point. */ +@@ -290,7 +290,7 @@ static void hash_search(int f,struct sum_struct *s, + && (!updating_basis_file || s->sums[want_i].offset >= offset + || s->sums[want_i].flags & SUMFLG_SAME_OFFSET) + && sum == s->sums[want_i].sum1 +- && memcmp(sum2, s->sums[want_i].sum2, s->s2length) == 0) { ++ && memcmp(sum2, sum2_at(s, want_i), s->s2length) == 0) { + /* we've found an adjacent match - the RLL coder + * will be happy */ + i = want_i; +diff --git a/rsync.c b/rsync.c +index cd288f57..b130aba5 100644 +--- a/rsync.c ++++ b/rsync.c +@@ -437,7 +437,10 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, cha + */ + void free_sums(struct sum_struct *s) + { +- if (s->sums) free(s->sums); ++ if (s->sums) { ++ free(s->sums); ++ free(s->sum2_array); ++ } + free(s); + } + +diff --git a/rsync.h b/rsync.h +index d3709fe0..8ddbe702 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -958,12 +958,12 @@ struct sum_buf { + uint32 sum1; /**< simple checksum */ + int32 chain; /**< next hash-table collision */ + short flags; /**< flag bits */ +- char sum2[SUM_LENGTH]; /**< checksum */ + }; + + struct sum_struct { + OFF_T flength; /**< total file length */ + struct sum_buf *sums; /**< points to info for each chunk */ ++ char *sum2_array; /**< checksums of length xfer_sum_len */ + int32 count; /**< how many chunks */ + int32 blength; /**< block_length */ + int32 remainder; /**< flength % block_length */ +@@ -982,6 +982,8 @@ struct map_struct { + int status; /* first errno from read errors */ + }; + ++#define sum2_at(s, i) ((s)->sum2_array + ((OFF_T)(i) * xfer_sum_len)) ++ + #define NAME_IS_FILE (0) /* filter name as a file */ + #define NAME_IS_DIR (1<<0) /* filter name as a dir */ + #define NAME_IS_XATTR (1<<2) /* filter name as an xattr */ +diff --git a/sender.c b/sender.c +index 3d4f052e..ab205341 100644 +--- a/sender.c ++++ b/sender.c +@@ -31,6 +31,7 @@ extern int log_before_transfer; + extern int stdout_format_has_i; + extern int logfile_format_has_i; + extern int want_xattr_optim; ++extern int xfer_sum_len; + extern int csum_length; + extern int append_mode; + extern int copy_links; +@@ -94,10 +95,11 @@ static struct sum_struct *receive_sums(int f) + return(s); + + s->sums = new_array(struct sum_buf, s->count); ++ s->sum2_array = new_array(char, s->count * xfer_sum_len); + + for (i = 0; i < s->count; i++) { + s->sums[i].sum1 = read_int(f); +- read_buf(f, s->sums[i].sum2, s->s2length); ++ read_buf(f, sum2_at(s, i), s->s2length); + + s->sums[i].offset = offset; + s->sums[i].flags = 0; +-- +2.34.1 + diff --git a/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12084/0002-Another-cast-when-multiplying-integers.patch b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12084/0002-Another-cast-when-multiplying-integers.patch new file mode 100644 index 0000000..5a21d71 --- /dev/null +++ b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12084/0002-Another-cast-when-multiplying-integers.patch @@ -0,0 +1,39 @@ +From 42e2b56c4ede3ab164f9a5c6dae02aa84606a6c1 Mon Sep 17 00:00:00 2001 +From: Wayne Davison <wayne@opencoder.net> +Date: Tue, 5 Nov 2024 11:01:03 -0800 +Subject: [PATCH 2/2] Another cast when multiplying integers. + +--- + rsync.h | 2 +- + sender.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rsync.h b/rsync.h +index 8ddbe702..0f9e277f 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -982,7 +982,7 @@ struct map_struct { + int status; /* first errno from read errors */ + }; + +-#define sum2_at(s, i) ((s)->sum2_array + ((OFF_T)(i) * xfer_sum_len)) ++#define sum2_at(s, i) ((s)->sum2_array + ((size_t)(i) * xfer_sum_len)) + + #define NAME_IS_FILE (0) /* filter name as a file */ + #define NAME_IS_DIR (1<<0) /* filter name as a dir */ +diff --git a/sender.c b/sender.c +index ab205341..2bbff2fa 100644 +--- a/sender.c ++++ b/sender.c +@@ -95,7 +95,7 @@ static struct sum_struct *receive_sums(int f) + return(s); + + s->sums = new_array(struct sum_buf, s->count); +- s->sum2_array = new_array(char, s->count * xfer_sum_len); ++ s->sum2_array = new_array(char, (size_t)s->count * xfer_sum_len); + + for (i = 0; i < s->count; i++) { + s->sums[i].sum1 = read_int(f); +-- +2.34.1 + diff --git a/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12085/0001-prevent-information-leak-off-the-stack.patch b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12085/0001-prevent-information-leak-off-the-stack.patch new file mode 100644 index 0000000..7356fb6 --- /dev/null +++ b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12085/0001-prevent-information-leak-off-the-stack.patch @@ -0,0 +1,27 @@ +From cf620065502f065d4ea44f5df4f81295a738aa21 Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell <andrew@tridgell.net> +Date: Thu, 14 Nov 2024 09:57:08 +1100 +Subject: [PATCH] prevent information leak off the stack + +prevent leak of uninitialised stack data in hash_search +--- + match.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/match.c b/match.c +index 36e78ed2..dfd6af2c 100644 +--- a/match.c ++++ b/match.c +@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s, + int more; + schar *map; + ++ // prevent possible memory leaks ++ memset(sum2, 0, sizeof sum2); ++ + /* want_i is used to encourage adjacent matches, allowing the RLL + * coding of the output to work more efficiently. */ + want_i = 0; +-- +2.34.1 + diff --git a/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12086/0001-refuse-fuzzy-options-when-fuzzy-not-selected.patch b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12086/0001-refuse-fuzzy-options-when-fuzzy-not-selected.patch new file mode 100644 index 0000000..f409b1a --- /dev/null +++ b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12086/0001-refuse-fuzzy-options-when-fuzzy-not-selected.patch @@ -0,0 +1,37 @@ +From 3feb8669d875d03c9ceb82e208ef40ddda8eb908 Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell <andrew@tridgell.net> +Date: Sat, 23 Nov 2024 11:08:03 +1100 +Subject: [PATCH 1/4] refuse fuzzy options when fuzzy not selected + +this prevents a malicious server providing a file to compare to when +the user has not given the fuzzy option +--- + receiver.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/receiver.c b/receiver.c +index 6b4b369e..2d7f6033 100644 +--- a/receiver.c ++++ b/receiver.c +@@ -66,6 +66,7 @@ extern char sender_file_sum[MAX_DIGEST_LEN]; + extern struct file_list *cur_flist, *first_flist, *dir_flist; + extern filter_rule_list daemon_filter_list; + extern OFF_T preallocated_len; ++extern int fuzzy_basis; + + extern struct name_num_item *xfer_sum_nni; + extern int xfer_sum_len; +@@ -716,6 +717,10 @@ int recv_files(int f_in, int f_out, char *local_name) + fnamecmp = get_backup_name(fname); + break; + case FNAMECMP_FUZZY: ++ if (fuzzy_basis == 0) { ++ rprintf(FERROR_XFER, "rsync: refusing malicious fuzzy operation for %s\n", xname); ++ exit_cleanup(RERR_PROTOCOL); ++ } + if (file->dirname) { + pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname); + fnamecmp = fnamecmpbuf; +-- +2.34.1 + diff --git a/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12086/0002-added-secure_relative_open.patch b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12086/0002-added-secure_relative_open.patch new file mode 100644 index 0000000..719c6f1 --- /dev/null +++ b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12086/0002-added-secure_relative_open.patch @@ -0,0 +1,103 @@ +From 33385aefe4773e7a3982d41995681eb079c92d12 Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell <andrew@tridgell.net> +Date: Sat, 23 Nov 2024 12:26:10 +1100 +Subject: [PATCH 2/4] added secure_relative_open() + +this is an open that enforces no symlink following for all path +components in a relative path +--- + syscall.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 74 insertions(+) + +diff --git a/syscall.c b/syscall.c +index d92074aa..a4b7f542 100644 +--- a/syscall.c ++++ b/syscall.c +@@ -33,6 +33,8 @@ + #include <sys/syscall.h> + #endif + ++#include "ifuncs.h" ++ + extern int dry_run; + extern int am_root; + extern int am_sender; +@@ -712,3 +714,75 @@ int do_open_nofollow(const char *pathname, int flags) + + return fd; + } ++ ++/* ++ open a file relative to a base directory. The basedir can be NULL, ++ in which case the current working directory is used. The relpath ++ must be a relative path, and the relpath must not contain any ++ elements in the path which follow symlinks (ie. like O_NOFOLLOW, but ++ applies to all path components, not just the last component) ++*/ ++int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode) ++{ ++ if (!relpath || relpath[0] == '/') { ++ // must be a relative path ++ errno = EINVAL; ++ return -1; ++ } ++ ++#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) ++ // really old system, all we can do is live with the risks ++ if (!basedir) { ++ return open(relpath, flags, mode); ++ } ++ char fullpath[MAXPATHLEN]; ++ pathjoin(fullpath, sizeof fullpath, basedir, relpath); ++ return open(fullpath, flags, mode); ++#else ++ int dirfd = AT_FDCWD; ++ if (basedir != NULL) { ++ dirfd = openat(AT_FDCWD, basedir, O_RDONLY | O_DIRECTORY); ++ if (dirfd == -1) { ++ return -1; ++ } ++ } ++ int retfd = -1; ++ ++ char *path_copy = my_strdup(relpath, __FILE__, __LINE__); ++ if (!path_copy) { ++ return -1; ++ } ++ ++ for (const char *part = strtok(path_copy, "/"); ++ part != NULL; ++ part = strtok(NULL, "/")) ++ { ++ int next_fd = openat(dirfd, part, O_RDONLY | O_DIRECTORY | O_NOFOLLOW); ++ if (next_fd == -1 && errno == ENOTDIR) { ++ if (strtok(NULL, "/") != NULL) { ++ // this is not the last component of the path ++ errno = ELOOP; ++ goto cleanup; ++ } ++ // this could be the last component of the path, try as a file ++ retfd = openat(dirfd, part, flags | O_NOFOLLOW, mode); ++ goto cleanup; ++ } ++ if (next_fd == -1) { ++ goto cleanup; ++ } ++ if (dirfd != AT_FDCWD) close(dirfd); ++ dirfd = next_fd; ++ } ++ ++ // the path must be a directory ++ errno = EINVAL; ++ ++cleanup: ++ free(path_copy); ++ if (dirfd != AT_FDCWD) { ++ close(dirfd); ++ } ++ return retfd; ++#endif // O_NOFOLLOW, O_DIRECTORY ++} +-- +2.34.1 + diff --git a/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12086/0003-receiver-use-secure_relative_open-for-basis-file.patch b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12086/0003-receiver-use-secure_relative_open-for-basis-file.patch new file mode 100644 index 0000000..4be6391 --- /dev/null +++ b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12086/0003-receiver-use-secure_relative_open-for-basis-file.patch @@ -0,0 +1,103 @@ +From e59ef9939d3f0ccc8f9bab51442989a81be0c914 Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell <andrew@tridgell.net> +Date: Sat, 23 Nov 2024 12:28:13 +1100 +Subject: [PATCH 3/4] receiver: use secure_relative_open() for basis file + +this prevents attacks where the basis file is manipulated by a +malicious sender to gain information about files outside the +destination tree +--- + receiver.c | 42 ++++++++++++++++++++++++++---------------- + 1 file changed, 26 insertions(+), 16 deletions(-) + +diff --git a/receiver.c b/receiver.c +index 2d7f6033..8031b8f4 100644 +--- a/receiver.c ++++ b/receiver.c +@@ -552,6 +552,8 @@ int recv_files(int f_in, int f_out, char *local_name) + progress_init(); + + while (1) { ++ const char *basedir = NULL; ++ + cleanup_disable(); + + /* This call also sets cur_flist. */ +@@ -722,27 +724,29 @@ int recv_files(int f_in, int f_out, char *local_name) + exit_cleanup(RERR_PROTOCOL); + } + if (file->dirname) { +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname); +- fnamecmp = fnamecmpbuf; +- } else +- fnamecmp = xname; ++ basedir = file->dirname; ++ } ++ fnamecmp = xname; + break; + default: + if (fnamecmp_type > FNAMECMP_FUZZY && fnamecmp_type-FNAMECMP_FUZZY <= basis_dir_cnt) { + fnamecmp_type -= FNAMECMP_FUZZY + 1; + if (file->dirname) { +- stringjoin(fnamecmpbuf, sizeof fnamecmpbuf, +- basis_dir[fnamecmp_type], "/", file->dirname, "/", xname, NULL); +- } else +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], xname); ++ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], file->dirname); ++ basedir = fnamecmpbuf; ++ } else { ++ basedir = basis_dir[fnamecmp_type]; ++ } ++ fnamecmp = xname; + } else if (fnamecmp_type >= basis_dir_cnt) { + rprintf(FERROR, + "invalid basis_dir index: %d.\n", + fnamecmp_type); + exit_cleanup(RERR_PROTOCOL); +- } else +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], fname); +- fnamecmp = fnamecmpbuf; ++ } else { ++ basedir = basis_dir[fnamecmp_type]; ++ fnamecmp = fname; ++ } + break; + } + if (!fnamecmp || (daemon_filter_list.head +@@ -765,7 +769,7 @@ int recv_files(int f_in, int f_out, char *local_name) + } + + /* open the file */ +- fd1 = do_open(fnamecmp, O_RDONLY, 0); ++ fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0); + + if (fd1 == -1 && protocol_version < 29) { + if (fnamecmp != fname) { +@@ -776,14 +780,20 @@ int recv_files(int f_in, int f_out, char *local_name) + + if (fd1 == -1 && basis_dir[0]) { + /* pre-29 allowed only one alternate basis */ +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, +- basis_dir[0], fname); +- fnamecmp = fnamecmpbuf; ++ basedir = basis_dir[0]; ++ fnamecmp = fname; + fnamecmp_type = FNAMECMP_BASIS_DIR_LOW; +- fd1 = do_open(fnamecmp, O_RDONLY, 0); ++ fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0); + } + } + ++ if (basedir) { ++ // for the following code we need the full ++ // path name as a single string ++ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basedir, fnamecmp); ++ fnamecmp = fnamecmpbuf; ++ } ++ + one_inplace = inplace_partial && fnamecmp_type == FNAMECMP_PARTIAL_DIR; + updating_basis_or_equiv = one_inplace + || (inplace && (fnamecmp == fname || fnamecmp_type == FNAMECMP_BACKUP)); +-- +2.34.1 + diff --git a/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12086/0004-disallow-.-elements-in-relpath-for-secure_relative_o.patch b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12086/0004-disallow-.-elements-in-relpath-for-secure_relative_o.patch new file mode 100644 index 0000000..74a16e7 --- /dev/null +++ b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12086/0004-disallow-.-elements-in-relpath-for-secure_relative_o.patch @@ -0,0 +1,37 @@ +From c78e53edb802d04f7e4e070fe8314f2544749e7a Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell <andrew@tridgell.net> +Date: Tue, 26 Nov 2024 09:16:31 +1100 +Subject: [PATCH 4/4] disallow ../ elements in relpath for secure_relative_open + +--- + syscall.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/syscall.c b/syscall.c +index a4b7f542..47c5ea57 100644 +--- a/syscall.c ++++ b/syscall.c +@@ -721,6 +721,8 @@ int do_open_nofollow(const char *pathname, int flags) + must be a relative path, and the relpath must not contain any + elements in the path which follow symlinks (ie. like O_NOFOLLOW, but + applies to all path components, not just the last component) ++ ++ The relpath must also not contain any ../ elements in the path + */ + int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode) + { +@@ -729,6 +731,11 @@ int secure_relative_open(const char *basedir, const char *relpath, int flags, mo + errno = EINVAL; + return -1; + } ++ if (strncmp(relpath, "../", 3) == 0 || strstr(relpath, "/../")) { ++ // no ../ elements allowed in the relpath ++ errno = EINVAL; ++ return -1; ++ } + + #if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) + // really old system, all we can do is live with the risks +-- +2.34.1 + diff --git a/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12087/0001-Refuse-a-duplicate-dirlist.patch b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12087/0001-Refuse-a-duplicate-dirlist.patch new file mode 100644 index 0000000..99ebc15 --- /dev/null +++ b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12087/0001-Refuse-a-duplicate-dirlist.patch @@ -0,0 +1,45 @@ +From 0ebc19ee486a8e928a68d8f98d07d40f176770aa Mon Sep 17 00:00:00 2001 +From: Wayne Davison <wayne@opencoder.net> +Date: Thu, 14 Nov 2024 15:46:50 -0800 +Subject: [PATCH 1/2] Refuse a duplicate dirlist. + +--- + flist.c | 9 +++++++++ + rsync.h | 1 + + 2 files changed, 10 insertions(+) + +diff --git a/flist.c b/flist.c +index 464d556e..847b1054 100644 +--- a/flist.c ++++ b/flist.c +@@ -2584,6 +2584,15 @@ struct file_list *recv_file_list(int f, int dir_ndx) + init_hard_links(); + #endif + ++ if (inc_recurse && dir_ndx >= 0) { ++ struct file_struct *file = dir_flist->files[dir_ndx]; ++ if (file->flags & FLAG_GOT_DIR_FLIST) { ++ rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx); ++ exit_cleanup(RERR_PROTOCOL); ++ } ++ file->flags |= FLAG_GOT_DIR_FLIST; ++ } ++ + flist = flist_new(0, "recv_file_list"); + flist_expand(flist, FLIST_START_LARGE); + +diff --git a/rsync.h b/rsync.h +index 0f9e277f..b9a7101a 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -84,6 +84,7 @@ + #define FLAG_DUPLICATE (1<<4) /* sender */ + #define FLAG_MISSING_DIR (1<<4) /* generator */ + #define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */ ++#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */ + #define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */ + #define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */ + #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */ +-- +2.34.1 + diff --git a/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12087/0002-range-check-dir_ndx-before-use.patch b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12087/0002-range-check-dir_ndx-before-use.patch new file mode 100644 index 0000000..b067809 --- /dev/null +++ b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12087/0002-range-check-dir_ndx-before-use.patch @@ -0,0 +1,27 @@ +From b3e16be18d582dac1513c0a932d146b36e867b1b Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell <andrew@tridgell.net> +Date: Tue, 26 Nov 2024 16:12:45 +1100 +Subject: [PATCH 2/2] range check dir_ndx before use + +--- + flist.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/flist.c b/flist.c +index 847b1054..087f9da6 100644 +--- a/flist.c ++++ b/flist.c +@@ -2585,6 +2585,10 @@ struct file_list *recv_file_list(int f, int dir_ndx) + #endif + + if (inc_recurse && dir_ndx >= 0) { ++ if (dir_ndx >= dir_flist->used) { ++ rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used); ++ exit_cleanup(RERR_PROTOCOL); ++ } + struct file_struct *file = dir_flist->files[dir_ndx]; + if (file->flags & FLAG_GOT_DIR_FLIST) { + rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx); +-- +2.34.1 + diff --git a/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12088/0001-make-safe-links-stricter.patch b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12088/0001-make-safe-links-stricter.patch new file mode 100644 index 0000000..2ba5881 --- /dev/null +++ b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12088/0001-make-safe-links-stricter.patch @@ -0,0 +1,136 @@ +From 535f8f816539ba681ef0f12015d2cb587ae61b6d Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell <andrew@tridgell.net> +Date: Sat, 23 Nov 2024 15:15:53 +1100 +Subject: [PATCH] make --safe-links stricter + +when --safe-links is used also reject links where a '../' component is +included in the destination as other than the leading part of the +filename +--- + testsuite/safe-links.test | 55 ++++++++++++++++++++++++++++++++++++ + testsuite/unsafe-byname.test | 2 +- + util1.c | 26 ++++++++++++++++- + 3 files changed, 81 insertions(+), 2 deletions(-) + create mode 100644 testsuite/safe-links.test + +diff --git a/testsuite/safe-links.test b/testsuite/safe-links.test +new file mode 100644 +index 00000000..6e95a4b9 +--- /dev/null ++++ b/testsuite/safe-links.test +@@ -0,0 +1,55 @@ ++#!/bin/sh ++ ++. "$suitedir/rsync.fns" ++ ++test_symlink() { ++ is_a_link "$1" || test_fail "File $1 is not a symlink" ++} ++ ++test_regular() { ++ if [ ! -f "$1" ]; then ++ test_fail "File $1 is not regular file or not exists" ++ fi ++} ++ ++test_notexist() { ++ if [ -e "$1" ]; then ++ test_fail "File $1 exists" ++ fi ++ if [ -h "$1" ]; then ++ test_fail "File $1 exists as a symlink" ++ fi ++} ++ ++cd "$tmpdir" ++ ++mkdir from ++ ++mkdir "from/safe" ++mkdir "from/unsafe" ++ ++mkdir "from/safe/files" ++mkdir "from/safe/links" ++ ++touch "from/safe/files/file1" ++touch "from/safe/files/file2" ++touch "from/unsafe/unsafefile" ++ ++ln -s ../files/file1 "from/safe/links/" ++ln -s ../files/file2 "from/safe/links/" ++ln -s ../../unsafe/unsafefile "from/safe/links/" ++ln -s a/a/a/../../../unsafe2 "from/safe/links/" ++ ++#echo "LISTING FROM" ++#ls -lR from ++ ++echo "rsync with relative path and just -a" ++$RSYNC -avv --safe-links from/safe/ to ++ ++#echo "LISTING TO" ++#ls -lR to ++ ++test_symlink to/links/file1 ++test_symlink to/links/file2 ++test_notexist to/links/unsafefile ++test_notexist to/links/unsafe2 +diff --git a/testsuite/unsafe-byname.test b/testsuite/unsafe-byname.test +index 75e72014..d2e318ef 100644 +--- a/testsuite/unsafe-byname.test ++++ b/testsuite/unsafe-byname.test +@@ -40,7 +40,7 @@ test_unsafe ..//../dest from/dir unsafe + test_unsafe .. from/file safe + test_unsafe ../.. from/file unsafe + test_unsafe ..//.. from//file unsafe +-test_unsafe dir/.. from safe ++test_unsafe dir/.. from unsafe + test_unsafe dir/../.. from unsafe + test_unsafe dir/..//.. from unsafe + +diff --git a/util1.c b/util1.c +index da50ff1e..f260d398 100644 +--- a/util1.c ++++ b/util1.c +@@ -1318,7 +1318,14 @@ int handle_partial_dir(const char *fname, int create) + * + * "src" is the top source directory currently applicable at the level + * of the referenced symlink. This is usually the symlink's full path +- * (including its name), as referenced from the root of the transfer. */ ++ * (including its name), as referenced from the root of the transfer. ++ * ++ * NOTE: this also rejects dest names with a .. component in other ++ * than the first component of the name ie. it rejects names such as ++ * a/b/../x/y. This needs to be done as the leading subpaths 'a' or ++ * 'b' could later be replaced with symlinks such as a link to '.' ++ * resulting in the link being transferred now becoming unsafe ++ */ + int unsafe_symlink(const char *dest, const char *src) + { + const char *name, *slash; +@@ -1328,6 +1335,23 @@ int unsafe_symlink(const char *dest, const char *src) + if (!dest || !*dest || *dest == '/') + return 1; + ++ // reject destinations with /../ in the name other than at the start of the name ++ const char *dest2 = dest; ++ while (strncmp(dest2, "../", 3) == 0) { ++ dest2 += 3; ++ while (*dest2 == '/') { ++ // allow for ..//..///../foo ++ dest2++; ++ } ++ } ++ if (strstr(dest2, "/../")) ++ return 1; ++ ++ // reject if the destination ends in /.. ++ const size_t dlen = strlen(dest); ++ if (dlen > 3 && strcmp(&dest[dlen-3], "/..") == 0) ++ return 1; ++ + /* find out what our safety margin is */ + for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) { + /* ".." segment starts the count over. "." segment is ignored. */ +-- +2.34.1 + diff --git a/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12747/0001-fixed-symlink-race-condition-in-sender.patch b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12747/0001-fixed-symlink-race-condition-in-sender.patch new file mode 100644 index 0000000..0c2e92b --- /dev/null +++ b/debian/patches/rsync-upstream-CVE-patches-v3/CVE-2024-12747/0001-fixed-symlink-race-condition-in-sender.patch @@ -0,0 +1,188 @@ +From f45f48055e548851bc7230f454dfeba139be6c04 Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell <andrew@tridgell.net> +Date: Wed, 18 Dec 2024 08:59:42 +1100 +Subject: [PATCH] fixed symlink race condition in sender + +when we open a file that we don't expect to be a symlink use +O_NOFOLLOW to prevent a race condition where an attacker could change +a file between being a normal file and a symlink + +Backported-By: Samuel Henrique <samueloph@debian.org> +* Refresh patch to remove offset. + +--- + checksum.c | 2 +- + flist.c | 2 +- + generator.c | 4 ++-- + receiver.c | 2 +- + sender.c | 2 +- + syscall.c | 20 ++++++++++++++++++++ + t_unsafe.c | 3 +++ + tls.c | 3 +++ + trimslash.c | 2 ++ + util1.c | 2 +- + 10 files changed, 35 insertions(+), 7 deletions(-) + +Index: rsync/checksum.c +=================================================================== +--- rsync.orig/checksum.c ++++ rsync/checksum.c +@@ -406,7 +406,7 @@ void file_checksum(const char *fname, co + int32 remainder; + int fd; + +- fd = do_open(fname, O_RDONLY, 0); ++ fd = do_open_checklinks(fname); + if (fd == -1) { + memset(sum, 0, file_sum_len); + return; +Index: rsync/flist.c +=================================================================== +--- rsync.orig/flist.c ++++ rsync/flist.c +@@ -1390,7 +1390,7 @@ struct file_struct *make_file(const char + + if (copy_devices && am_sender && IS_DEVICE(st.st_mode)) { + if (st.st_size == 0) { +- int fd = do_open(fname, O_RDONLY, 0); ++ int fd = do_open_checklinks(fname); + if (fd >= 0) { + st.st_size = get_device_size(fd, fname); + close(fd); +Index: rsync/generator.c +=================================================================== +--- rsync.orig/generator.c ++++ rsync/generator.c +@@ -1798,7 +1798,7 @@ static void recv_generator(char *fname, + + if (write_devices && IS_DEVICE(sx.st.st_mode) && sx.st.st_size == 0) { + /* This early open into fd skips the regular open below. */ +- if ((fd = do_open(fnamecmp, O_RDONLY, 0)) >= 0) ++ if ((fd = do_open_nofollow(fnamecmp, O_RDONLY)) >= 0) + real_sx.st.st_size = sx.st.st_size = get_device_size(fd, fnamecmp); + } + +@@ -1867,7 +1867,7 @@ static void recv_generator(char *fname, + } + + /* open the file */ +- if (fd < 0 && (fd = do_open(fnamecmp, O_RDONLY, 0)) < 0) { ++ if (fd < 0 && (fd = do_open_checklinks(fnamecmp)) < 0) { + rsyserr(FERROR, errno, "failed to open %s, continuing", + full_fname(fnamecmp)); + pretend_missing: +Index: rsync/receiver.c +=================================================================== +--- rsync.orig/receiver.c ++++ rsync/receiver.c +@@ -775,7 +775,7 @@ int recv_files(int f_in, int f_out, char + if (fnamecmp != fname) { + fnamecmp = fname; + fnamecmp_type = FNAMECMP_FNAME; +- fd1 = do_open(fnamecmp, O_RDONLY, 0); ++ fd1 = do_open_nofollow(fnamecmp, O_RDONLY); + } + + if (fd1 == -1 && basis_dir[0]) { +Index: rsync/sender.c +=================================================================== +--- rsync.orig/sender.c ++++ rsync/sender.c +@@ -350,7 +350,7 @@ void send_files(int f_in, int f_out) + exit_cleanup(RERR_PROTOCOL); + } + +- fd = do_open(fname, O_RDONLY, 0); ++ fd = do_open_checklinks(fname); + if (fd == -1) { + if (errno == ENOENT) { + enum logcode c = am_daemon && protocol_version < 28 ? FERROR : FWARNING; +Index: rsync/syscall.c +=================================================================== +--- rsync.orig/syscall.c ++++ rsync/syscall.c +@@ -45,6 +45,8 @@ extern int preallocate_files; + extern int preserve_perms; + extern int preserve_executability; + extern int open_noatime; ++extern int copy_links; ++extern int copy_unsafe_links; + + #ifndef S_BLKSIZE + # if defined hpux || defined __hpux__ || defined __hpux +@@ -793,3 +795,21 @@ cleanup: + return retfd; + #endif // O_NOFOLLOW, O_DIRECTORY + } ++ ++/* ++ varient of do_open/do_open_nofollow which does do_open() if the ++ copy_links or copy_unsafe_links options are set and does ++ do_open_nofollow() otherwise ++ ++ This is used to prevent a race condition where an attacker could be ++ switching a file between being a symlink and being a normal file ++ ++ The open is always done with O_RDONLY flags ++ */ ++int do_open_checklinks(const char *pathname) ++{ ++ if (copy_links || copy_unsafe_links) { ++ return do_open(pathname, O_RDONLY, 0); ++ } ++ return do_open_nofollow(pathname, O_RDONLY); ++} +Index: rsync/t_unsafe.c +=================================================================== +--- rsync.orig/t_unsafe.c ++++ rsync/t_unsafe.c +@@ -28,6 +28,9 @@ int am_root = 0; + int am_sender = 1; + int read_only = 0; + int list_only = 0; ++int copy_links = 0; ++int copy_unsafe_links = 0; ++ + short info_levels[COUNT_INFO], debug_levels[COUNT_DEBUG]; + + int +Index: rsync/tls.c +=================================================================== +--- rsync.orig/tls.c ++++ rsync/tls.c +@@ -49,6 +49,9 @@ int list_only = 0; + int link_times = 0; + int link_owner = 0; + int nsec_times = 0; ++int safe_symlinks = 0; ++int copy_links = 0; ++int copy_unsafe_links = 0; + + #ifdef SUPPORT_XATTRS + +Index: rsync/trimslash.c +=================================================================== +--- rsync.orig/trimslash.c ++++ rsync/trimslash.c +@@ -26,6 +26,8 @@ int am_root = 0; + int am_sender = 1; + int read_only = 1; + int list_only = 0; ++int copy_links = 0; ++int copy_unsafe_links = 0; + + int + main(int argc, char **argv) +Index: rsync/util1.c +=================================================================== +--- rsync.orig/util1.c ++++ rsync/util1.c +@@ -365,7 +365,7 @@ int copy_file(const char *source, const + int len; /* Number of bytes read into `buf'. */ + OFF_T prealloc_len = 0, offset = 0; + +- if ((ifd = do_open(source, O_RDONLY, 0)) < 0) { ++ if ((ifd = do_open_nofollow(source, O_RDONLY)) < 0) { + int save_errno = errno; + rsyserr(FERROR_XFER, errno, "open %s", full_fname(source)); + errno = save_errno; diff --git a/debian/patches/rsync-upstream-CVE-patches-v3/version_update/0001-raise-protocol-version-to-32.patch b/debian/patches/rsync-upstream-CVE-patches-v3/version_update/0001-raise-protocol-version-to-32.patch new file mode 100644 index 0000000..94054fd --- /dev/null +++ b/debian/patches/rsync-upstream-CVE-patches-v3/version_update/0001-raise-protocol-version-to-32.patch @@ -0,0 +1,26 @@ +From 163e05b1680c4a3b448fa68d03c3fca9589f3bc4 Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell <andrew@tridgell.net> +Date: Tue, 10 Dec 2024 13:34:01 +1100 +Subject: [PATCH 1/3] raise protocol version to 32 + +make it easier to spot unpatched servers +--- + rsync.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rsync.h b/rsync.h +index b9a7101a..9be1297b 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -111,7 +111,7 @@ + + /* Update this if you make incompatible changes and ALSO update the + * SUBPROTOCOL_VERSION if it is not a final (official) release. */ +-#define PROTOCOL_VERSION 31 ++#define PROTOCOL_VERSION 32 + + /* This is used when working on a new protocol version or for any unofficial + * protocol tweaks. It should be a non-zero value for each pre-release repo +-- +2.34.1 + diff --git a/debian/patches/rsync-upstream-CVE-patches-v3/version_update/0002-change-version-to-3.4.0.patch b/debian/patches/rsync-upstream-CVE-patches-v3/version_update/0002-change-version-to-3.4.0.patch new file mode 100644 index 0000000..22b3b3f --- /dev/null +++ b/debian/patches/rsync-upstream-CVE-patches-v3/version_update/0002-change-version-to-3.4.0.patch @@ -0,0 +1,20 @@ +From 481228ff763050c1e1751877bd343a7378d990ba Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell <andrew@tridgell.net> +Date: Wed, 18 Dec 2024 09:08:24 +1100 +Subject: [PATCH 2/3] change version to 3.4.0 + +Backported-By: Samuel Henrique <samueloph@debian.org> +* Change previous version from the patch, from "3.3.1dev" to "3.3.0" + +--- + version.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: rsync/version.h +=================================================================== +--- rsync.orig/version.h ++++ rsync/version.h +@@ -1,2 +1,2 @@ +-#define RSYNC_VERSION "3.3.0" ++#define RSYNC_VERSION "3.4.0" + #define MAINTAINER_TZ_OFFSET -7.0 diff --git a/debian/patches/rsync-upstream-CVE-patches-v3/version_update/0003-update-NEWS-for-3.4.0.patch b/debian/patches/rsync-upstream-CVE-patches-v3/version_update/0003-update-NEWS-for-3.4.0.patch new file mode 100644 index 0000000..8627b55 --- /dev/null +++ b/debian/patches/rsync-upstream-CVE-patches-v3/version_update/0003-update-NEWS-for-3.4.0.patch @@ -0,0 +1,61 @@ +From 53f72320ba25b1dbb263dd14c26dc34c8ef3c89b Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell <andrew@tridgell.net> +Date: Wed, 18 Dec 2024 09:20:33 +1100 +Subject: [PATCH 3/3] update NEWS for 3.4.0 + +Backported-By: Samuel Henrique <samueloph@debian.org> +* Update patch context since upstream had other staged entries and we are just cherry-picking + the CVE fixes. + +--- + NEWS.md | 38 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 38 insertions(+) + +Index: rsync/NEWS.md +=================================================================== +--- rsync.orig/NEWS.md ++++ rsync/NEWS.md +@@ -1,3 +1,43 @@ ++# NEWS for rsync 3.4.0 (9 January 2025) ++ ++Version 3.4.0 is a security release fixing 6 important security bugs ++found by two different security research teams. Many thanks to Simon ++Scannell leading the google security team for 5 of the issues and ++Aleksei Gorban (loqpa) for the 6th issue. ++ ++All users are strongly enourages to update to 3.4.0 as soon as ++possible. ++ ++## Changes in this version: ++ ++### BUG FIXES: ++ ++- fixed 6 security issues, see CVE for full details ++ ++- CVE-2024-12087 A server can make a client write files outside of the ++ destination directory using symbolic links ++ ++- CVE-2024-12088 A --safe-links bypass vulnerability can result in a ++ client pointing outside of the destination directory ++ ++- CVE-2024-12086 Server leaks arbitrary client files when a client is ++ connected to a malicious server. ++ ++- CVE-2024-12085 Info leak via uninitialized stack contents defeats ++ address space layout randomization. ++ ++- CVE-2024-12084 A vulnerability in the heap buffer overflow in ++ checksum parsing allows an attacker to write <= 48 bytes past the ++ sum2 buffer limit ++ ++- CVE-2024-XXXX (not yet assigned) symlink race condition in sender ++ ++- update to popt 1.19 ++ ++- correct type size for orig_umask ++ ++------------------------------------------------------------------------------ ++ + # NEWS for rsync 3.3.0 (6 Apr 2024) + + ## Changes in this version: diff --git a/debian/patches/series b/debian/patches/series index 446cf89..200175d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,24 @@ disable_reconfigure_req.diff skip_devices_test.patch env_shebang.patch fix_rrsync_man_generation.patch +configure_ac_fix_failing_IPv6_check_due_to_missing_return_type.patch + +# Patches from 3.4.0 +rsync-upstream-CVE-patches-v3/CVE-2024-12084/0001-Some-checksum-buffer-fixes.patch +rsync-upstream-CVE-patches-v3/CVE-2024-12084/0002-Another-cast-when-multiplying-integers.patch +rsync-upstream-CVE-patches-v3/CVE-2024-12085/0001-prevent-information-leak-off-the-stack.patch +rsync-upstream-CVE-patches-v3/CVE-2024-12086/0001-refuse-fuzzy-options-when-fuzzy-not-selected.patch +rsync-upstream-CVE-patches-v3/CVE-2024-12086/0002-added-secure_relative_open.patch +rsync-upstream-CVE-patches-v3/CVE-2024-12086/0003-receiver-use-secure_relative_open-for-basis-file.patch +rsync-upstream-CVE-patches-v3/CVE-2024-12086/0004-disallow-.-elements-in-relpath-for-secure_relative_o.patch +rsync-upstream-CVE-patches-v3/CVE-2024-12087/0001-Refuse-a-duplicate-dirlist.patch +rsync-upstream-CVE-patches-v3/CVE-2024-12087/0002-range-check-dir_ndx-before-use.patch +rsync-upstream-CVE-patches-v3/CVE-2024-12088/0001-make-safe-links-stricter.patch +rsync-upstream-CVE-patches-v3/CVE-2024-12747/0001-fixed-symlink-race-condition-in-sender.patch +rsync-upstream-CVE-patches-v3/version_update/0001-raise-protocol-version-to-32.patch +rsync-upstream-CVE-patches-v3/version_update/0002-change-version-to-3.4.0.patch +rsync-upstream-CVE-patches-v3/version_update/0003-update-NEWS-for-3.4.0.patch + +# Regression from CVE-2024-12087 (#1093052) +Fix-FLAG_GOT_DIR_FLIST-collission-with-FLAG_HLINKED.patch +Fix_use-after-free_in_generator.patch diff --git a/debian/rules b/debian/rules index a8edd68..c2bfd07 100755 --- a/debian/rules +++ b/debian/rules @@ -14,7 +14,13 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all # CET-incompatible. # Don't use bundled zlib (with-included-zlib=no). override_dh_auto_configure: + mkdir -p zlib popt + touch zlib/dummy.in + touch popt/dummy.in dh_auto_configure -- --with-included-zlib=no --disable-md5-asm --with-rrsync +execute_before_dh_auto_clean: + rm -rf zlib popt + override_dh_installsystemd: dh_installsystemd --no-enable diff --git a/debian/tests/upstream-tests b/debian/tests/upstream-tests index 8f89386..89d281d 100644 --- a/debian/tests/upstream-tests +++ b/debian/tests/upstream-tests @@ -1,16 +1,8 @@ #!/bin/sh set -e -if [ -n "${DEB_HOST_GNU_TYPE:-}" ]; then - CROSS_COMPILE="--host=$DEB_HOST_GNU_TYPE" -else - CROSS_COMPILE= -fi - -# Create needed files for tests -# Supress warnings (autopkg treats them as failures) -./prepare-source build 2>/dev/null -./configure.sh "$CROSS_COMPILE" 2>/dev/null +echo "debian/rules override_dh_auto_configure " +debian/rules override_dh_auto_configure # Supress gcc warnings (autopkg treats them as failures) make tls getgroups getfsdev trimslash t_unsafe wildtest testrun 2>/dev/null diff --git a/debian/watch b/debian/watch index a0350e3..f0448bd 100644 --- a/debian/watch +++ b/debian/watch @@ -1,3 +1,7 @@ version=4 -opts="pgpsigurlmangle=s/$/.asc/" \ +opts="pgpsigurlmangle=s/$/.asc/, \ + filenamemangle=s%v?@ANY_VERSION@%@PACKAGE@-$1.tar.gz%,\ + uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha|a|b)\d*)$/$1~$2/, \ + dversionmangle=s/@DEB_EXT@//, \ + repacksuffix=+ds1" \ https://rsync.samba.org/ftp/rsync/ rsync-(\d\S+)\.tar\.gz |