| Message ID | 20240205135528.45112-1-matthias.schmitz@port4949.net |
|---|---|
| State | Superseded |
| Headers | show |
| Series | rsync: Fix rsync hanging when used with --relative | expand |
You need to specify which release of oe-core this is for in the email subject. Alex On Mon, 5 Feb 2024 at 14:55, Matthias Schmitz <matthias.schmitz@port4949.net> wrote: > > Fixes [YOCTO #15383] > > This bug was introduced into upstream when fixing CVE-2022-29154. It was > later discovered and fixed upstream but this fix didn't make it into > poky yet. > The added patch is taken from upstreams git repository: > https://github.com/WayneD/rsync/commit/fabef23bea6e9963c06e218586fda1a823e3c6bf > > Signed-off-by: Matthias Schmitz <matthias.schmitz@port4949.net> > --- > ...lative-when-copying-an-absolute-path.patch | 28 +++++++++++++++++++ > meta/recipes-devtools/rsync/rsync_3.1.3.bb | 1 + > 2 files changed, 29 insertions(+) > create mode 100644 meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch > > diff --git a/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch > new file mode 100644 > index 0000000000..ccfaf8463a > --- /dev/null > +++ b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch > @@ -0,0 +1,28 @@ > +From fabef23bea6e9963c06e218586fda1a823e3c6bf Mon Sep 17 00:00:00 2001 > +From: Wayne Davison <wayne@opencoder.net> > +Date: Mon, 8 Aug 2022 21:30:21 -0700 > +Subject: [PATCH] Fix --relative when copying an absolute path. > + > +--- > + exclude.c | 4 +++- > + 1 file changed, 3 insertions(+), 1 deletion(-) > + > +diff --git a/exclude.c b/exclude.c > +index 2394023f..ba5ca5a3 100644 > +--- a/exclude.c > ++++ b/exclude.c > +@@ -434,8 +434,10 @@ void add_implied_include(const char *arg) > + *p++ = *cp++; > + break; > + case '/': > +- if (p[-1] == '/') /* This is safe because of the initial slash. */ > ++ if (p[-1] == '/') { /* This is safe because of the initial slash. */ > ++ cp++; > + break; > ++ } > + if (relative_paths) { > + filter_rule const *ent; > + int found = 0; > +-- > +2.39.2 > + > diff --git a/meta/recipes-devtools/rsync/rsync_3.1.3.bb b/meta/recipes-devtools/rsync/rsync_3.1.3.bb > index a5c20dee34..c744503227 100644 > --- a/meta/recipes-devtools/rsync/rsync_3.1.3.bb > +++ b/meta/recipes-devtools/rsync/rsync_3.1.3.bb > @@ -17,6 +17,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ > file://CVE-2016-9842.patch \ > file://CVE-2016-9843.patch \ > file://CVE-2022-29154.patch \ > + file://0001-Fix-relative-when-copying-an-absolute-path.patch \ > " > > SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf" > -- > 2.39.2 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#194935): https://lists.openembedded.org/g/openembedded-core/message/194935 > Mute This Topic: https://lists.openembedded.org/mt/104176037/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch new file mode 100644 index 0000000000..ccfaf8463a --- /dev/null +++ b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch @@ -0,0 +1,28 @@ +From fabef23bea6e9963c06e218586fda1a823e3c6bf Mon Sep 17 00:00:00 2001 +From: Wayne Davison <wayne@opencoder.net> +Date: Mon, 8 Aug 2022 21:30:21 -0700 +Subject: [PATCH] Fix --relative when copying an absolute path. + +--- + exclude.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/exclude.c b/exclude.c +index 2394023f..ba5ca5a3 100644 +--- a/exclude.c ++++ b/exclude.c +@@ -434,8 +434,10 @@ void add_implied_include(const char *arg) + *p++ = *cp++; + break; + case '/': +- if (p[-1] == '/') /* This is safe because of the initial slash. */ ++ if (p[-1] == '/') { /* This is safe because of the initial slash. */ ++ cp++; + break; ++ } + if (relative_paths) { + filter_rule const *ent; + int found = 0; +-- +2.39.2 + diff --git a/meta/recipes-devtools/rsync/rsync_3.1.3.bb b/meta/recipes-devtools/rsync/rsync_3.1.3.bb index a5c20dee34..c744503227 100644 --- a/meta/recipes-devtools/rsync/rsync_3.1.3.bb +++ b/meta/recipes-devtools/rsync/rsync_3.1.3.bb @@ -17,6 +17,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://CVE-2016-9842.patch \ file://CVE-2016-9843.patch \ file://CVE-2022-29154.patch \ + file://0001-Fix-relative-when-copying-an-absolute-path.patch \ " SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf"
Fixes [YOCTO #15383] This bug was introduced into upstream when fixing CVE-2022-29154. It was later discovered and fixed upstream but this fix didn't make it into poky yet. The added patch is taken from upstreams git repository: https://github.com/WayneD/rsync/commit/fabef23bea6e9963c06e218586fda1a823e3c6bf Signed-off-by: Matthias Schmitz <matthias.schmitz@port4949.net> --- ...lative-when-copying-an-absolute-path.patch | 28 +++++++++++++++++++ meta/recipes-devtools/rsync/rsync_3.1.3.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch