Patchwork [1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091

login
register
mail settings
Submitter Dexuan Cui
Date May 10, 2011, 2:54 a.m.
Message ID <29a6f5e598717a6c701495174db9ef4f448e64e7.1304995908.git.dexuan.cui@intel.com>
Download mbox | patch
Permalink /patch/3543/
State New, archived
Headers show

Comments

Dexuan Cui - May 10, 2011, 2:54 a.m.
From: Dexuan Cui <dexuan.cui@intel.com>

Added a patch to fix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
---
 .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch  |   70 ++++++++++++++++++++
 meta/recipes-devtools/rsync/rsync_2.6.9.bb         |    3 +-
 2 files changed, 72 insertions(+), 1 deletions(-)
 create mode 100644 meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
Saul Wold - May 10, 2011, 5:01 a.m.
On 05/09/2011 07:54 PM, Dexuan Cui wrote:
> From: Dexuan Cui<dexuan.cui@intel.com>
>
> Added a patch to fix
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
>
This is missing a [YOCTO #bugid], please add and resend. (update branch 
is OK).

Sau!

> Signed-off-by: Dexuan Cui<dexuan.cui@intel.com>
> ---
>   .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch  |   70 ++++++++++++++++++++
>   meta/recipes-devtools/rsync/rsync_2.6.9.bb         |    3 +-
>   2 files changed, 72 insertions(+), 1 deletions(-)
>   create mode 100644 meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>
> diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
> new file mode 100644
> index 0000000..f054452
> --- /dev/null
> +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
> @@ -0,0 +1,70 @@
> +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
> +
> +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
> +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
> +
> +Date:   Tue May 10 10:07:36 2011 +0800
> +Dexuan Cui<dexuan.cui@intel.com>
> +
> +diff --git a/sender.c b/sender.c
> +index 6fcaa65..053a8f1 100644
> +--- a/sender.c
> ++++ b/sender.c
> +@@ -123,6 +123,7 @@ void successful_send(int ndx)
> + 	char fname[MAXPATHLEN];
> + 	struct file_struct *file;
> + 	unsigned int offset;
> ++	size_t l = 0;
> +
> + 	if (ndx<  0 || ndx>= the_file_list->count)
> + 		return;
> +@@ -133,6 +134,20 @@ void successful_send(int ndx)
> + 				    file->dir.root, "/", NULL);
> + 	} else
> + 		offset = 0;
> ++
> ++	l = offset + 1;
> ++	if (file) {
> ++		if (file->dirname)
> ++			l += strlen(file->dirname);
> ++		if (file->basename)
> ++			l += strlen(file->basename);
> ++	}
> ++
> ++	if (l>= sizeof(fname)) {
> ++		rprintf(FERROR, "Overlong pathname\n");
> ++		exit_cleanup(RERR_FILESELECT);
> ++	}
> ++
> + 	f_name(file, fname + offset);
> + 	if (remove_source_files) {
> + 		if (do_unlink(fname) == 0) {
> +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in)
> + 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;
> + 	int f_xfer = write_batch<  0 ? batch_fd : f_out;
> + 	int i, j;
> ++	size_t l = 0;
> +
> + 	if (verbose>  2)
> + 		rprintf(FINFO, "send_files starting\n");
> +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in)
> + 				fname[offset++] = '/';
> + 		} else
> + 			offset = 0;
> ++
> ++		l = offset + 1;
> ++		if (file) {
> ++			if (file->dirname)
> ++				l += strlen(file->dirname);
> ++			if (file->basename)
> ++				l += strlen(file->basename);
> ++		}
> ++
> ++		if (l>= sizeof(fname)) {
> ++			rprintf(FERROR, "Overlong pathname\n");
> ++			exit_cleanup(RERR_FILESELECT);
> ++		}
> ++
> + 		fname2 = f_name(file, fname + offset);
> +
> + 		if (verbose>  2)
> diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> index 4337982..17c18a4 100644
> --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> @@ -8,6 +8,7 @@ PRIORITY = "optional"
>   DEPENDS = "popt"
>
>   SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \
> +           file://rsync-2.6.9-fname-obo.patch \
>              file://rsyncd.conf"
>
>   inherit autotools
> @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""'
>   LICENSE = "GPLv2+"
>   LIC_FILES_CHKSUM = "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c"
>
> -PR = "r2"
> +PR = "r3"
Qing He - May 10, 2011, 5:03 a.m.
>-----Original Message-----

>From: openembedded-core-bounces@lists.openembedded.org

>[mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf Of Saul

>Wold

>Sent: 2011?5?10? 13:02

>To: Patches and discussions about the oe-core layer

>Subject: Re: [OE-core] [PATCH 1/1] rsync (GPLv2): fix security vulnerability

>CVE-2007-4091

>

>On 05/09/2011 07:54 PM, Dexuan Cui wrote:

>> From: Dexuan Cui<dexuan.cui@intel.com>

>>

>> Added a patch to fix

>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091

>>

>This is missing a [YOCTO #bugid], please add and resend. (update branch

>is OK).


Saul,
	Before the other two CVEs are specifically addressed, I don't think we can call a close on this bug.

Thanks,
Qing

>

>Sau!

>

>> Signed-off-by: Dexuan Cui<dexuan.cui@intel.com>

>> ---

>>   .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch  |   70

>++++++++++++++++++++

>>   meta/recipes-devtools/rsync/rsync_2.6.9.bb         |    3 +-

>>   2 files changed, 72 insertions(+), 1 deletions(-)

>>   create mode 100644

>meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch

>>

>> diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch

>b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch

>> new file mode 100644

>> index 0000000..f054452

>> --- /dev/null

>> +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch

>> @@ -0,0 +1,70 @@

>> +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]

>> +

>> +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to

>> +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091

>> +

>> +Date:   Tue May 10 10:07:36 2011 +0800

>> +Dexuan Cui<dexuan.cui@intel.com>

>> +

>> +diff --git a/sender.c b/sender.c

>> +index 6fcaa65..053a8f1 100644

>> +--- a/sender.c

>> ++++ b/sender.c

>> +@@ -123,6 +123,7 @@ void successful_send(int ndx)

>> + 	char fname[MAXPATHLEN];

>> + 	struct file_struct *file;

>> + 	unsigned int offset;

>> ++	size_t l = 0;

>> +

>> + 	if (ndx<  0 || ndx>= the_file_list->count)

>> + 		return;

>> +@@ -133,6 +134,20 @@ void successful_send(int ndx)

>> + 				    file->dir.root, "/", NULL);

>> + 	} else

>> + 		offset = 0;

>> ++

>> ++	l = offset + 1;

>> ++	if (file) {

>> ++		if (file->dirname)

>> ++			l += strlen(file->dirname);

>> ++		if (file->basename)

>> ++			l += strlen(file->basename);

>> ++	}

>> ++

>> ++	if (l>= sizeof(fname)) {

>> ++		rprintf(FERROR, "Overlong pathname\n");

>> ++		exit_cleanup(RERR_FILESELECT);

>> ++	}

>> ++

>> + 	f_name(file, fname + offset);

>> + 	if (remove_source_files) {

>> + 		if (do_unlink(fname) == 0) {

>> +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in)

>> + 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;

>> + 	int f_xfer = write_batch<  0 ? batch_fd : f_out;

>> + 	int i, j;

>> ++	size_t l = 0;

>> +

>> + 	if (verbose>  2)

>> + 		rprintf(FINFO, "send_files starting\n");

>> +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in)

>> + 				fname[offset++] = '/';

>> + 		} else

>> + 			offset = 0;

>> ++

>> ++		l = offset + 1;

>> ++		if (file) {

>> ++			if (file->dirname)

>> ++				l += strlen(file->dirname);

>> ++			if (file->basename)

>> ++				l += strlen(file->basename);

>> ++		}

>> ++

>> ++		if (l>= sizeof(fname)) {

>> ++			rprintf(FERROR, "Overlong pathname\n");

>> ++			exit_cleanup(RERR_FILESELECT);

>> ++		}

>> ++

>> + 		fname2 = f_name(file, fname + offset);

>> +

>> + 		if (verbose>  2)

>> diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb

>b/meta/recipes-devtools/rsync/rsync_2.6.9.bb

>> index 4337982..17c18a4 100644

>> --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb

>> +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb

>> @@ -8,6 +8,7 @@ PRIORITY = "optional"

>>   DEPENDS = "popt"

>>

>>   SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \

>> +           file://rsync-2.6.9-fname-obo.patch \

>>              file://rsyncd.conf"

>>

>>   inherit autotools

>> @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""'

>>   LICENSE = "GPLv2+"

>>   LIC_FILES_CHKSUM =

>"file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c"

>>

>> -PR = "r2"

>> +PR = "r3"

>

>_______________________________________________

>Openembedded-core mailing list

>Openembedded-core@lists.openembedded.org

>http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
Saul Wold - May 10, 2011, 5:05 a.m.
On 05/09/2011 10:03 PM, He, Qing wrote:
>> -----Original Message-----
>> From: openembedded-core-bounces@lists.openembedded.org
>> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf Of Saul
>> Wold
>> Sent: 2011?5?10? 13:02
>> To: Patches and discussions about the oe-core layer
>> Subject: Re: [OE-core] [PATCH 1/1] rsync (GPLv2): fix security vulnerability
>> CVE-2007-4091
>>
>> On 05/09/2011 07:54 PM, Dexuan Cui wrote:
>>> From: Dexuan Cui<dexuan.cui@intel.com>
>>>
>>> Added a patch to fix
>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
>>>
>> This is missing a [YOCTO #bugid], please add and resend. (update branch
>> is OK).
> 
> Saul,
> 	Before the other two CVEs are specifically addressed, I don't think we can call a close on this bug.
> 
Yes, that's true, but it's important to know that this patch addresses a
part of that bug.

Sau!

> Thanks,
> Qing
> 
>>
>> Sau!
>>
>>> Signed-off-by: Dexuan Cui<dexuan.cui@intel.com>
>>> ---
>>>    .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch  |   70
>> ++++++++++++++++++++
>>>    meta/recipes-devtools/rsync/rsync_2.6.9.bb         |    3 +-
>>>    2 files changed, 72 insertions(+), 1 deletions(-)
>>>    create mode 100644
>> meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>>>
>>> diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>> b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>>> new file mode 100644
>>> index 0000000..f054452
>>> --- /dev/null
>>> +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>>> @@ -0,0 +1,70 @@
>>> +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
>>> +
>>> +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
>>> +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
>>> +
>>> +Date:   Tue May 10 10:07:36 2011 +0800
>>> +Dexuan Cui<dexuan.cui@intel.com>
>>> +
>>> +diff --git a/sender.c b/sender.c
>>> +index 6fcaa65..053a8f1 100644
>>> +--- a/sender.c
>>> ++++ b/sender.c
>>> +@@ -123,6 +123,7 @@ void successful_send(int ndx)
>>> + 	char fname[MAXPATHLEN];
>>> + 	struct file_struct *file;
>>> + 	unsigned int offset;
>>> ++	size_t l = 0;
>>> +
>>> + 	if (ndx<   0 || ndx>= the_file_list->count)
>>> + 		return;
>>> +@@ -133,6 +134,20 @@ void successful_send(int ndx)
>>> + 				    file->dir.root, "/", NULL);
>>> + 	} else
>>> + 		offset = 0;
>>> ++
>>> ++	l = offset + 1;
>>> ++	if (file) {
>>> ++		if (file->dirname)
>>> ++			l += strlen(file->dirname);
>>> ++		if (file->basename)
>>> ++			l += strlen(file->basename);
>>> ++	}
>>> ++
>>> ++	if (l>= sizeof(fname)) {
>>> ++		rprintf(FERROR, "Overlong pathname\n");
>>> ++		exit_cleanup(RERR_FILESELECT);
>>> ++	}
>>> ++
>>> + 	f_name(file, fname + offset);
>>> + 	if (remove_source_files) {
>>> + 		if (do_unlink(fname) == 0) {
>>> +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in)
>>> + 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;
>>> + 	int f_xfer = write_batch<   0 ? batch_fd : f_out;
>>> + 	int i, j;
>>> ++	size_t l = 0;
>>> +
>>> + 	if (verbose>   2)
>>> + 		rprintf(FINFO, "send_files starting\n");
>>> +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in)
>>> + 				fname[offset++] = '/';
>>> + 		} else
>>> + 			offset = 0;
>>> ++
>>> ++		l = offset + 1;
>>> ++		if (file) {
>>> ++			if (file->dirname)
>>> ++				l += strlen(file->dirname);
>>> ++			if (file->basename)
>>> ++				l += strlen(file->basename);
>>> ++		}
>>> ++
>>> ++		if (l>= sizeof(fname)) {
>>> ++			rprintf(FERROR, "Overlong pathname\n");
>>> ++			exit_cleanup(RERR_FILESELECT);
>>> ++		}
>>> ++
>>> + 		fname2 = f_name(file, fname + offset);
>>> +
>>> + 		if (verbose>   2)
>>> diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
>> b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
>>> index 4337982..17c18a4 100644
>>> --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
>>> +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
>>> @@ -8,6 +8,7 @@ PRIORITY = "optional"
>>>    DEPENDS = "popt"
>>>
>>>    SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \
>>> +           file://rsync-2.6.9-fname-obo.patch \
>>>               file://rsyncd.conf"
>>>
>>>    inherit autotools
>>> @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""'
>>>    LICENSE = "GPLv2+"
>>>    LIC_FILES_CHKSUM =
>> "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c"
>>>
>>> -PR = "r2"
>>> +PR = "r3"
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
Dexuan Cui - May 10, 2011, 5:18 a.m.
Saul Wold wrote:
> On 05/09/2011 10:03 PM, He, Qing wrote:

>>> -----Original Message-----

>>> From: openembedded-core-bounces@lists.openembedded.org

>>> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf

>>> Of Saul Wold Sent: 2011?5?10? 13:02

>>> To: Patches and discussions about the oe-core layer

>>> Subject: Re: [OE-core] [PATCH 1/1] rsync (GPLv2): fix security

>>> vulnerability CVE-2007-4091 

>>> 

>>> On 05/09/2011 07:54 PM, Dexuan Cui wrote:

>>>> From: Dexuan Cui<dexuan.cui@intel.com>

>>>> 

>>>> Added a patch to fix

>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091

>>>> 

>>> This is missing a [YOCTO #bugid], please add and resend. (update

>>> branch 

>>> is OK).

>> 

>> Saul,

>> 	Before the other two CVEs are specifically addressed, I don't think

>> we can call a close on this bug. 

>> 

> Yes, that's true, but it's important to know that this patch

> addresses a part of that bug.

Hi Saul,
I added "[YOCTO #984] is partially fixed by this commit"  and did "git push" just now.
Please use the same branch 
http://git.pokylinux.org/cgit/cgit.cgi/poky-contrib/commit/?h=dcui/master&id=898ce2ddf774646796af5c8700130916afe6dbc1


Thanks,
-- Dexuan
Saul Wold - May 10, 2011, 5:53 p.m.
On 05/09/2011 07:54 PM, Dexuan Cui wrote:
> From: Dexuan Cui<dexuan.cui@intel.com>
>
> Added a patch to fix
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
>
> Signed-off-by: Dexuan Cui<dexuan.cui@intel.com>
> ---
>   .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch  |   70 ++++++++++++++++++++
>   meta/recipes-devtools/rsync/rsync_2.6.9.bb         |    3 +-
>   2 files changed, 72 insertions(+), 1 deletions(-)
>   create mode 100644 meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>
> diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
> new file mode 100644
> index 0000000..f054452
> --- /dev/null
> +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
> @@ -0,0 +1,70 @@
> +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
> +
> +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
> +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
> +
> +Date:   Tue May 10 10:07:36 2011 +0800
> +Dexuan Cui<dexuan.cui@intel.com>
> +
> +diff --git a/sender.c b/sender.c
> +index 6fcaa65..053a8f1 100644
> +--- a/sender.c
> ++++ b/sender.c
> +@@ -123,6 +123,7 @@ void successful_send(int ndx)
> + 	char fname[MAXPATHLEN];
> + 	struct file_struct *file;
> + 	unsigned int offset;
> ++	size_t l = 0;
> +
> + 	if (ndx<  0 || ndx>= the_file_list->count)
> + 		return;
> +@@ -133,6 +134,20 @@ void successful_send(int ndx)
> + 				    file->dir.root, "/", NULL);
> + 	} else
> + 		offset = 0;
> ++
> ++	l = offset + 1;
> ++	if (file) {
> ++		if (file->dirname)
> ++			l += strlen(file->dirname);
> ++		if (file->basename)
> ++			l += strlen(file->basename);
> ++	}
> ++
> ++	if (l>= sizeof(fname)) {
> ++		rprintf(FERROR, "Overlong pathname\n");
> ++		exit_cleanup(RERR_FILESELECT);
> ++	}
> ++
> + 	f_name(file, fname + offset);
> + 	if (remove_source_files) {
> + 		if (do_unlink(fname) == 0) {
> +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in)
> + 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;
> + 	int f_xfer = write_batch<  0 ? batch_fd : f_out;
> + 	int i, j;
> ++	size_t l = 0;
> +
> + 	if (verbose>  2)
> + 		rprintf(FINFO, "send_files starting\n");
> +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in)
> + 				fname[offset++] = '/';
> + 		} else
> + 			offset = 0;
> ++
> ++		l = offset + 1;
> ++		if (file) {
> ++			if (file->dirname)
> ++				l += strlen(file->dirname);
> ++			if (file->basename)
> ++				l += strlen(file->basename);
> ++		}
> ++
> ++		if (l>= sizeof(fname)) {
> ++			rprintf(FERROR, "Overlong pathname\n");
> ++			exit_cleanup(RERR_FILESELECT);
> ++		}
> ++
> + 		fname2 = f_name(file, fname + offset);
> +
> + 		if (verbose>  2)
> diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> index 4337982..17c18a4 100644
> --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> @@ -8,6 +8,7 @@ PRIORITY = "optional"
>   DEPENDS = "popt"
>
>   SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \
> +           file://rsync-2.6.9-fname-obo.patch \
>              file://rsyncd.conf"
>
>   inherit autotools
> @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""'
>   LICENSE = "GPLv2+"
>   LIC_FILES_CHKSUM = "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c"
>
> -PR = "r2"
> +PR = "r3"

Merged into oe-core and poky/master and staged for Bernard

Thanks
	Sau!

Patch

diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
new file mode 100644
index 0000000..f054452
--- /dev/null
+++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
@@ -0,0 +1,70 @@ 
+Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
+
+The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
+address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
+
+Date:   Tue May 10 10:07:36 2011 +0800
+Dexuan Cui <dexuan.cui@intel.com>
+
+diff --git a/sender.c b/sender.c
+index 6fcaa65..053a8f1 100644
+--- a/sender.c
++++ b/sender.c
+@@ -123,6 +123,7 @@ void successful_send(int ndx)
+ 	char fname[MAXPATHLEN];
+ 	struct file_struct *file;
+ 	unsigned int offset;
++	size_t l = 0;
+ 
+ 	if (ndx < 0 || ndx >= the_file_list->count)
+ 		return;
+@@ -133,6 +134,20 @@ void successful_send(int ndx)
+ 				    file->dir.root, "/", NULL);
+ 	} else
+ 		offset = 0;
++
++	l = offset + 1;
++	if (file) {
++		if (file->dirname)
++			l += strlen(file->dirname);
++		if (file->basename)
++			l += strlen(file->basename);
++	}
++
++	if (l >= sizeof(fname)) {
++		rprintf(FERROR, "Overlong pathname\n");
++		exit_cleanup(RERR_FILESELECT);
++	}
++
+ 	f_name(file, fname + offset);
+ 	if (remove_source_files) {
+ 		if (do_unlink(fname) == 0) {
+@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in)
+ 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;
+ 	int f_xfer = write_batch < 0 ? batch_fd : f_out;
+ 	int i, j;
++	size_t l = 0;
+ 
+ 	if (verbose > 2)
+ 		rprintf(FINFO, "send_files starting\n");
+@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in)
+ 				fname[offset++] = '/';
+ 		} else
+ 			offset = 0;
++
++		l = offset + 1;
++		if (file) {
++			if (file->dirname)
++				l += strlen(file->dirname);
++			if (file->basename)
++				l += strlen(file->basename);
++		}
++
++		if (l >= sizeof(fname)) {
++			rprintf(FERROR, "Overlong pathname\n");
++			exit_cleanup(RERR_FILESELECT);
++		}
++
+ 		fname2 = f_name(file, fname + offset);
+ 
+ 		if (verbose > 2)
diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
index 4337982..17c18a4 100644
--- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
+++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
@@ -8,6 +8,7 @@  PRIORITY = "optional"
 DEPENDS = "popt"
 
 SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \
+           file://rsync-2.6.9-fname-obo.patch \
            file://rsyncd.conf"
 
 inherit autotools
@@ -22,4 +23,4 @@  EXTRA_OEMAKE='STRIP=""'
 LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c"
 
-PR = "r2"
+PR = "r3"