Hello community,
here is the log from the commit of package rsync for openSUSE:Factory checked in at 2015-02-05 10:58:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rsync (Old)
and /work/SRC/openSUSE:Factory/.rsync.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rsync"
Changes:
--------
--- /work/SRC/openSUSE:Factory/rsync/rsync.changes 2014-11-24 11:11:17.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.rsync.new/rsync.changes 2015-02-05 10:58:54.000000000 +0100
@@ -1,0 +2,7 @@
+Mon Feb 2 18:42:25 UTC 2015 - vcizek@suse.com
+
+- fix for CVE-2014-9512 (bnc#915410)
+ * path spoofing attack vulnerability
+ * added rsync-CVE-2014-9512.patch
+
+-------------------------------------------------------------------
New:
----
rsync-CVE-2014-9512.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rsync.spec ++++++
--- /var/tmp/diff_new_pack.zZmeGA/_old 2015-02-05 10:58:56.000000000 +0100
+++ /var/tmp/diff_new_pack.zZmeGA/_new 2015-02-05 10:58:56.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package rsync
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -42,6 +42,7 @@
Source11: http://rsync.samba.org/ftp/rsync/src/rsync-patches-%{version}.tar.gz.asc
Source12: %{name}.keyring
Patch3: system-zlib.diff
+Patch4: rsync-CVE-2014-9512.patch
BuildRequires: autoconf
BuildRequires: libacl-devel
BuildRequires: openslp-devel
@@ -79,6 +80,7 @@
rm -f zlib/*.h
%patch3
%endif
+%patch4 -p1
patch -p1 < patches/acls.diff
patch -p1 < patches/xattrs.diff
patch -p1 < patches/slp.diff
++++++ rsync-CVE-2014-9512.patch ++++++
commit 962f8b90045ab331fc04c9e65f80f1a53e68243b
Author: Wayne Davison
Date: Wed Dec 31 12:41:03 2014 -0800
Complain if an inc-recursive path is not right for its dir.
This ensures that a malicious sender can't use a just-sent
symlink as a trasnfer path.
diff --git a/flist.c b/flist.c
index c24672e..92e4b65 100644
--- a/flist.c
+++ b/flist.c
@@ -2435,8 +2435,9 @@ struct file_list *send_file_list(int f, int argc, char *argv[])
return flist;
}
-struct file_list *recv_file_list(int f)
+struct file_list *recv_file_list(int f, int dir_ndx)
{
+ const char *good_dirname = NULL;
struct file_list *flist;
int dstart, flags;
int64 start_read;
@@ -2492,6 +2493,23 @@ struct file_list *recv_file_list(int f)
flist_expand(flist, 1);
file = recv_file_entry(f, flist, flags);
+ if (inc_recurse) {
+ static const char empty_dir[] = "\0";
+ const char *cur_dir = file->dirname ? file->dirname : empty_dir;
+ if (relative_paths && *cur_dir == '/')
+ cur_dir++;
+ if (cur_dir != good_dirname) {
+ const char *d = dir_ndx >= 0 ? f_name(dir_flist->files[dir_ndx], NULL) : empty_dir;
+ if (strcmp(cur_dir, d) != 0) {
+ rprintf(FERROR,
+ "ABORTING due to invalid dir prefix from sender: %s (should be: %s)\n",
+ cur_dir, d);
+ exit_cleanup(RERR_PROTOCOL);
+ }
+ good_dirname = cur_dir;
+ }
+ }
+
if (S_ISREG(file->mode)) {
/* Already counted */
} else if (S_ISDIR(file->mode)) {
@@ -2615,7 +2633,7 @@ void recv_additional_file_list(int f)
rprintf(FINFO, "[%s] receiving flist for dir %d\n",
who_am_i(), ndx);
}
- flist = recv_file_list(f);
+ flist = recv_file_list(f, ndx);
flist->parent_ndx = ndx;
}
}
diff --git a/io.c b/io.c
index b9a9bd0..a868fa9 100644
--- a/io.c
+++ b/io.c
@@ -1685,7 +1685,7 @@ void wait_for_receiver(void)
rprintf(FINFO, "[%s] receiving flist for dir %d\n",
who_am_i(), ndx);
}
- flist = recv_file_list(iobuf.in_fd);
+ flist = recv_file_list(iobuf.in_fd, ndx);
flist->parent_ndx = ndx;
#ifdef SUPPORT_HARD_LINKS
if (preserve_hard_links)
diff --git a/main.c b/main.c
index e7a13f7..713b818 100644
--- a/main.c
+++ b/main.c
@@ -1009,7 +1009,7 @@ static void do_server_recv(int f_in, int f_out, int argc, char *argv[])
filesfrom_fd = -1;
}
- flist = recv_file_list(f_in);
+ flist = recv_file_list(f_in, -1);
if (!flist) {
rprintf(FERROR,"server_recv: recv_file_list error\n");
exit_cleanup(RERR_FILESELECT);
@@ -1183,7 +1183,7 @@ int client_run(int f_in, int f_out, pid_t pid, int argc, char *argv[])
if (write_batch && !am_server)
start_write_batch(f_in);
- flist = recv_file_list(f_in);
+ flist = recv_file_list(f_in, -1);
if (inc_recurse && file_total == 1)
recv_additional_file_list(f_in);
diff --git a/rsync.c b/rsync.c
index 68ff6b1..c3ecc51 100644
--- a/rsync.c
+++ b/rsync.c
@@ -364,7 +364,7 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr,
}
/* Send all the data we read for this flist to the generator. */
start_flist_forward(ndx);
- flist = recv_file_list(f_in);
+ flist = recv_file_list(f_in, ndx);
flist->parent_ndx = ndx;
stop_flist_forward();
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org