* [PATCH 0/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091
@ 2011-05-10 2:54 Dexuan Cui
2011-05-10 2:54 ` [PATCH 1/1] " Dexuan Cui
0 siblings, 1 reply; 7+ messages in thread
From: Dexuan Cui @ 2011-05-10 2:54 UTC (permalink / raw)
To: openembedded-core
From: Dexuan Cui <dexuan.cui@intel.com>
The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
Pull URL: git://git.pokylinux.org/poky-contrib.git
Branch: dcui/master
Browse: http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=dcui/master
Thanks,
Dexuan Cui <dexuan.cui@intel.com>
---
Dexuan Cui (1):
rsync (GPLv2): fix security vulnerability CVE-2007-4091
.../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch | 70 ++++++++++++++++++++
meta/recipes-devtools/rsync/rsync_2.6.9.bb | 3 +-
2 files changed, 72 insertions(+), 1 deletions(-)
create mode 100644 meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
--
1.7.2
^ permalink raw reply [flat|nested] 7+ messages in thread* [PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091 2011-05-10 2:54 [PATCH 0/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091 Dexuan Cui @ 2011-05-10 2:54 ` Dexuan Cui 2011-05-10 5:01 ` Saul Wold 2011-05-10 17:53 ` Saul Wold 0 siblings, 2 replies; 7+ messages in thread From: Dexuan Cui @ 2011-05-10 2:54 UTC (permalink / raw) To: openembedded-core From: Dexuan Cui <dexuan.cui@intel.com> Added a patch to fix http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 Signed-off-by: Dexuan Cui <dexuan.cui@intel.com> --- .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch | 70 ++++++++++++++++++++ meta/recipes-devtools/rsync/rsync_2.6.9.bb | 3 +- 2 files changed, 72 insertions(+), 1 deletions(-) create mode 100644 meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch new file mode 100644 index 0000000..f054452 --- /dev/null +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch @@ -0,0 +1,70 @@ +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ] + +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 + +Date: Tue May 10 10:07:36 2011 +0800 +Dexuan Cui <dexuan.cui@intel.com> + +diff --git a/sender.c b/sender.c +index 6fcaa65..053a8f1 100644 +--- a/sender.c ++++ b/sender.c +@@ -123,6 +123,7 @@ void successful_send(int ndx) + char fname[MAXPATHLEN]; + struct file_struct *file; + unsigned int offset; ++ size_t l = 0; + + if (ndx < 0 || ndx >= the_file_list->count) + return; +@@ -133,6 +134,20 @@ void successful_send(int ndx) + file->dir.root, "/", NULL); + } else + offset = 0; ++ ++ l = offset + 1; ++ if (file) { ++ if (file->dirname) ++ l += strlen(file->dirname); ++ if (file->basename) ++ l += strlen(file->basename); ++ } ++ ++ if (l >= sizeof(fname)) { ++ rprintf(FERROR, "Overlong pathname\n"); ++ exit_cleanup(RERR_FILESELECT); ++ } ++ + f_name(file, fname + offset); + if (remove_source_files) { + if (do_unlink(fname) == 0) { +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in) + enum logcode log_code = log_before_transfer ? FLOG : FINFO; + int f_xfer = write_batch < 0 ? batch_fd : f_out; + int i, j; ++ size_t l = 0; + + if (verbose > 2) + rprintf(FINFO, "send_files starting\n"); +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in) + fname[offset++] = '/'; + } else + offset = 0; ++ ++ l = offset + 1; ++ if (file) { ++ if (file->dirname) ++ l += strlen(file->dirname); ++ if (file->basename) ++ l += strlen(file->basename); ++ } ++ ++ if (l >= sizeof(fname)) { ++ rprintf(FERROR, "Overlong pathname\n"); ++ exit_cleanup(RERR_FILESELECT); ++ } ++ + fname2 = f_name(file, fname + offset); + + if (verbose > 2) diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb b/meta/recipes-devtools/rsync/rsync_2.6.9.bb index 4337982..17c18a4 100644 --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb @@ -8,6 +8,7 @@ PRIORITY = "optional" DEPENDS = "popt" SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \ + file://rsync-2.6.9-fname-obo.patch \ file://rsyncd.conf" inherit autotools @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""' LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c" -PR = "r2" +PR = "r3" -- 1.7.2 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091 2011-05-10 2:54 ` [PATCH 1/1] " Dexuan Cui @ 2011-05-10 5:01 ` Saul Wold 2011-05-10 5:03 ` He, Qing 2011-05-10 17:53 ` Saul Wold 1 sibling, 1 reply; 7+ messages in thread From: Saul Wold @ 2011-05-10 5:01 UTC (permalink / raw) To: Patches and discussions about the oe-core layer On 05/09/2011 07:54 PM, Dexuan Cui wrote: > From: Dexuan Cui<dexuan.cui@intel.com> > > Added a patch to fix > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 > This is missing a [YOCTO #bugid], please add and resend. (update branch is OK). Sau! > Signed-off-by: Dexuan Cui<dexuan.cui@intel.com> > --- > .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch | 70 ++++++++++++++++++++ > meta/recipes-devtools/rsync/rsync_2.6.9.bb | 3 +- > 2 files changed, 72 insertions(+), 1 deletions(-) > create mode 100644 meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch > > diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch > new file mode 100644 > index 0000000..f054452 > --- /dev/null > +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch > @@ -0,0 +1,70 @@ > +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ] > + > +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to > +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 > + > +Date: Tue May 10 10:07:36 2011 +0800 > +Dexuan Cui<dexuan.cui@intel.com> > + > +diff --git a/sender.c b/sender.c > +index 6fcaa65..053a8f1 100644 > +--- a/sender.c > ++++ b/sender.c > +@@ -123,6 +123,7 @@ void successful_send(int ndx) > + char fname[MAXPATHLEN]; > + struct file_struct *file; > + unsigned int offset; > ++ size_t l = 0; > + > + if (ndx< 0 || ndx>= the_file_list->count) > + return; > +@@ -133,6 +134,20 @@ void successful_send(int ndx) > + file->dir.root, "/", NULL); > + } else > + offset = 0; > ++ > ++ l = offset + 1; > ++ if (file) { > ++ if (file->dirname) > ++ l += strlen(file->dirname); > ++ if (file->basename) > ++ l += strlen(file->basename); > ++ } > ++ > ++ if (l>= sizeof(fname)) { > ++ rprintf(FERROR, "Overlong pathname\n"); > ++ exit_cleanup(RERR_FILESELECT); > ++ } > ++ > + f_name(file, fname + offset); > + if (remove_source_files) { > + if (do_unlink(fname) == 0) { > +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in) > + enum logcode log_code = log_before_transfer ? FLOG : FINFO; > + int f_xfer = write_batch< 0 ? batch_fd : f_out; > + int i, j; > ++ size_t l = 0; > + > + if (verbose> 2) > + rprintf(FINFO, "send_files starting\n"); > +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in) > + fname[offset++] = '/'; > + } else > + offset = 0; > ++ > ++ l = offset + 1; > ++ if (file) { > ++ if (file->dirname) > ++ l += strlen(file->dirname); > ++ if (file->basename) > ++ l += strlen(file->basename); > ++ } > ++ > ++ if (l>= sizeof(fname)) { > ++ rprintf(FERROR, "Overlong pathname\n"); > ++ exit_cleanup(RERR_FILESELECT); > ++ } > ++ > + fname2 = f_name(file, fname + offset); > + > + if (verbose> 2) > diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb b/meta/recipes-devtools/rsync/rsync_2.6.9.bb > index 4337982..17c18a4 100644 > --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb > +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb > @@ -8,6 +8,7 @@ PRIORITY = "optional" > DEPENDS = "popt" > > SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \ > + file://rsync-2.6.9-fname-obo.patch \ > file://rsyncd.conf" > > inherit autotools > @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""' > LICENSE = "GPLv2+" > LIC_FILES_CHKSUM = "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c" > > -PR = "r2" > +PR = "r3" ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091 2011-05-10 5:01 ` Saul Wold @ 2011-05-10 5:03 ` He, Qing 2011-05-10 5:05 ` Saul Wold 0 siblings, 1 reply; 7+ messages in thread From: He, Qing @ 2011-05-10 5:03 UTC (permalink / raw) To: Patches and discussions about the oe-core layer >-----Original Message----- >From: openembedded-core-bounces@lists.openembedded.org >[mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf Of Saul >Wold >Sent: 2011年5月10日 13:02 >To: Patches and discussions about the oe-core layer >Subject: Re: [OE-core] [PATCH 1/1] rsync (GPLv2): fix security vulnerability >CVE-2007-4091 > >On 05/09/2011 07:54 PM, Dexuan Cui wrote: >> From: Dexuan Cui<dexuan.cui@intel.com> >> >> Added a patch to fix >> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 >> >This is missing a [YOCTO #bugid], please add and resend. (update branch >is OK). Saul, Before the other two CVEs are specifically addressed, I don't think we can call a close on this bug. Thanks, Qing > >Sau! > >> Signed-off-by: Dexuan Cui<dexuan.cui@intel.com> >> --- >> .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch | 70 >++++++++++++++++++++ >> meta/recipes-devtools/rsync/rsync_2.6.9.bb | 3 +- >> 2 files changed, 72 insertions(+), 1 deletions(-) >> create mode 100644 >meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >> >> diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >> new file mode 100644 >> index 0000000..f054452 >> --- /dev/null >> +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >> @@ -0,0 +1,70 @@ >> +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ] >> + >> +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to >> +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 >> + >> +Date: Tue May 10 10:07:36 2011 +0800 >> +Dexuan Cui<dexuan.cui@intel.com> >> + >> +diff --git a/sender.c b/sender.c >> +index 6fcaa65..053a8f1 100644 >> +--- a/sender.c >> ++++ b/sender.c >> +@@ -123,6 +123,7 @@ void successful_send(int ndx) >> + char fname[MAXPATHLEN]; >> + struct file_struct *file; >> + unsigned int offset; >> ++ size_t l = 0; >> + >> + if (ndx< 0 || ndx>= the_file_list->count) >> + return; >> +@@ -133,6 +134,20 @@ void successful_send(int ndx) >> + file->dir.root, "/", NULL); >> + } else >> + offset = 0; >> ++ >> ++ l = offset + 1; >> ++ if (file) { >> ++ if (file->dirname) >> ++ l += strlen(file->dirname); >> ++ if (file->basename) >> ++ l += strlen(file->basename); >> ++ } >> ++ >> ++ if (l>= sizeof(fname)) { >> ++ rprintf(FERROR, "Overlong pathname\n"); >> ++ exit_cleanup(RERR_FILESELECT); >> ++ } >> ++ >> + f_name(file, fname + offset); >> + if (remove_source_files) { >> + if (do_unlink(fname) == 0) { >> +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in) >> + enum logcode log_code = log_before_transfer ? FLOG : FINFO; >> + int f_xfer = write_batch< 0 ? batch_fd : f_out; >> + int i, j; >> ++ size_t l = 0; >> + >> + if (verbose> 2) >> + rprintf(FINFO, "send_files starting\n"); >> +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in) >> + fname[offset++] = '/'; >> + } else >> + offset = 0; >> ++ >> ++ l = offset + 1; >> ++ if (file) { >> ++ if (file->dirname) >> ++ l += strlen(file->dirname); >> ++ if (file->basename) >> ++ l += strlen(file->basename); >> ++ } >> ++ >> ++ if (l>= sizeof(fname)) { >> ++ rprintf(FERROR, "Overlong pathname\n"); >> ++ exit_cleanup(RERR_FILESELECT); >> ++ } >> ++ >> + fname2 = f_name(file, fname + offset); >> + >> + if (verbose> 2) >> diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb >b/meta/recipes-devtools/rsync/rsync_2.6.9.bb >> index 4337982..17c18a4 100644 >> --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb >> +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb >> @@ -8,6 +8,7 @@ PRIORITY = "optional" >> DEPENDS = "popt" >> >> SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \ >> + file://rsync-2.6.9-fname-obo.patch \ >> file://rsyncd.conf" >> >> inherit autotools >> @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""' >> LICENSE = "GPLv2+" >> LIC_FILES_CHKSUM = >"file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c" >> >> -PR = "r2" >> +PR = "r3" > >_______________________________________________ >Openembedded-core mailing list >Openembedded-core@lists.openembedded.org >http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091 2011-05-10 5:03 ` He, Qing @ 2011-05-10 5:05 ` Saul Wold 2011-05-10 5:18 ` Cui, Dexuan 0 siblings, 1 reply; 7+ messages in thread From: Saul Wold @ 2011-05-10 5:05 UTC (permalink / raw) To: Patches and discussions about the oe-core layer On 05/09/2011 10:03 PM, He, Qing wrote: >> -----Original Message----- >> From: openembedded-core-bounces@lists.openembedded.org >> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf Of Saul >> Wold >> Sent: 2011年5月10日 13:02 >> To: Patches and discussions about the oe-core layer >> Subject: Re: [OE-core] [PATCH 1/1] rsync (GPLv2): fix security vulnerability >> CVE-2007-4091 >> >> On 05/09/2011 07:54 PM, Dexuan Cui wrote: >>> From: Dexuan Cui<dexuan.cui@intel.com> >>> >>> Added a patch to fix >>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 >>> >> This is missing a [YOCTO #bugid], please add and resend. (update branch >> is OK). > > Saul, > Before the other two CVEs are specifically addressed, I don't think we can call a close on this bug. > Yes, that's true, but it's important to know that this patch addresses a part of that bug. Sau! > Thanks, > Qing > >> >> Sau! >> >>> Signed-off-by: Dexuan Cui<dexuan.cui@intel.com> >>> --- >>> .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch | 70 >> ++++++++++++++++++++ >>> meta/recipes-devtools/rsync/rsync_2.6.9.bb | 3 +- >>> 2 files changed, 72 insertions(+), 1 deletions(-) >>> create mode 100644 >> meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >>> >>> diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >> b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >>> new file mode 100644 >>> index 0000000..f054452 >>> --- /dev/null >>> +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >>> @@ -0,0 +1,70 @@ >>> +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ] >>> + >>> +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to >>> +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 >>> + >>> +Date: Tue May 10 10:07:36 2011 +0800 >>> +Dexuan Cui<dexuan.cui@intel.com> >>> + >>> +diff --git a/sender.c b/sender.c >>> +index 6fcaa65..053a8f1 100644 >>> +--- a/sender.c >>> ++++ b/sender.c >>> +@@ -123,6 +123,7 @@ void successful_send(int ndx) >>> + char fname[MAXPATHLEN]; >>> + struct file_struct *file; >>> + unsigned int offset; >>> ++ size_t l = 0; >>> + >>> + if (ndx< 0 || ndx>= the_file_list->count) >>> + return; >>> +@@ -133,6 +134,20 @@ void successful_send(int ndx) >>> + file->dir.root, "/", NULL); >>> + } else >>> + offset = 0; >>> ++ >>> ++ l = offset + 1; >>> ++ if (file) { >>> ++ if (file->dirname) >>> ++ l += strlen(file->dirname); >>> ++ if (file->basename) >>> ++ l += strlen(file->basename); >>> ++ } >>> ++ >>> ++ if (l>= sizeof(fname)) { >>> ++ rprintf(FERROR, "Overlong pathname\n"); >>> ++ exit_cleanup(RERR_FILESELECT); >>> ++ } >>> ++ >>> + f_name(file, fname + offset); >>> + if (remove_source_files) { >>> + if (do_unlink(fname) == 0) { >>> +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in) >>> + enum logcode log_code = log_before_transfer ? FLOG : FINFO; >>> + int f_xfer = write_batch< 0 ? batch_fd : f_out; >>> + int i, j; >>> ++ size_t l = 0; >>> + >>> + if (verbose> 2) >>> + rprintf(FINFO, "send_files starting\n"); >>> +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in) >>> + fname[offset++] = '/'; >>> + } else >>> + offset = 0; >>> ++ >>> ++ l = offset + 1; >>> ++ if (file) { >>> ++ if (file->dirname) >>> ++ l += strlen(file->dirname); >>> ++ if (file->basename) >>> ++ l += strlen(file->basename); >>> ++ } >>> ++ >>> ++ if (l>= sizeof(fname)) { >>> ++ rprintf(FERROR, "Overlong pathname\n"); >>> ++ exit_cleanup(RERR_FILESELECT); >>> ++ } >>> ++ >>> + fname2 = f_name(file, fname + offset); >>> + >>> + if (verbose> 2) >>> diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb >> b/meta/recipes-devtools/rsync/rsync_2.6.9.bb >>> index 4337982..17c18a4 100644 >>> --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb >>> +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb >>> @@ -8,6 +8,7 @@ PRIORITY = "optional" >>> DEPENDS = "popt" >>> >>> SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \ >>> + file://rsync-2.6.9-fname-obo.patch \ >>> file://rsyncd.conf" >>> >>> inherit autotools >>> @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""' >>> LICENSE = "GPLv2+" >>> LIC_FILES_CHKSUM = >> "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c" >>> >>> -PR = "r2" >>> +PR = "r3" >> >> _______________________________________________ >> Openembedded-core mailing list >> Openembedded-core@lists.openembedded.org >> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091 2011-05-10 5:05 ` Saul Wold @ 2011-05-10 5:18 ` Cui, Dexuan 0 siblings, 0 replies; 7+ messages in thread From: Cui, Dexuan @ 2011-05-10 5:18 UTC (permalink / raw) To: 'Patches and discussions about the oe-core layer' Saul Wold wrote: > On 05/09/2011 10:03 PM, He, Qing wrote: >>> -----Original Message----- >>> From: openembedded-core-bounces@lists.openembedded.org >>> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf >>> Of Saul Wold Sent: 2011年5月10日 13:02 >>> To: Patches and discussions about the oe-core layer >>> Subject: Re: [OE-core] [PATCH 1/1] rsync (GPLv2): fix security >>> vulnerability CVE-2007-4091 >>> >>> On 05/09/2011 07:54 PM, Dexuan Cui wrote: >>>> From: Dexuan Cui<dexuan.cui@intel.com> >>>> >>>> Added a patch to fix >>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 >>>> >>> This is missing a [YOCTO #bugid], please add and resend. (update >>> branch >>> is OK). >> >> Saul, >> Before the other two CVEs are specifically addressed, I don't think >> we can call a close on this bug. >> > Yes, that's true, but it's important to know that this patch > addresses a part of that bug. Hi Saul, I added "[YOCTO #984] is partially fixed by this commit" and did "git push" just now. Please use the same branch http://git.pokylinux.org/cgit/cgit.cgi/poky-contrib/commit/?h=dcui/master&id=898ce2ddf774646796af5c8700130916afe6dbc1 Thanks, -- Dexuan ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091 2011-05-10 2:54 ` [PATCH 1/1] " Dexuan Cui 2011-05-10 5:01 ` Saul Wold @ 2011-05-10 17:53 ` Saul Wold 1 sibling, 0 replies; 7+ messages in thread From: Saul Wold @ 2011-05-10 17:53 UTC (permalink / raw) To: Patches and discussions about the oe-core layer On 05/09/2011 07:54 PM, Dexuan Cui wrote: > From: Dexuan Cui<dexuan.cui@intel.com> > > Added a patch to fix > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 > > Signed-off-by: Dexuan Cui<dexuan.cui@intel.com> > --- > .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch | 70 ++++++++++++++++++++ > meta/recipes-devtools/rsync/rsync_2.6.9.bb | 3 +- > 2 files changed, 72 insertions(+), 1 deletions(-) > create mode 100644 meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch > > diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch > new file mode 100644 > index 0000000..f054452 > --- /dev/null > +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch > @@ -0,0 +1,70 @@ > +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ] > + > +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to > +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 > + > +Date: Tue May 10 10:07:36 2011 +0800 > +Dexuan Cui<dexuan.cui@intel.com> > + > +diff --git a/sender.c b/sender.c > +index 6fcaa65..053a8f1 100644 > +--- a/sender.c > ++++ b/sender.c > +@@ -123,6 +123,7 @@ void successful_send(int ndx) > + char fname[MAXPATHLEN]; > + struct file_struct *file; > + unsigned int offset; > ++ size_t l = 0; > + > + if (ndx< 0 || ndx>= the_file_list->count) > + return; > +@@ -133,6 +134,20 @@ void successful_send(int ndx) > + file->dir.root, "/", NULL); > + } else > + offset = 0; > ++ > ++ l = offset + 1; > ++ if (file) { > ++ if (file->dirname) > ++ l += strlen(file->dirname); > ++ if (file->basename) > ++ l += strlen(file->basename); > ++ } > ++ > ++ if (l>= sizeof(fname)) { > ++ rprintf(FERROR, "Overlong pathname\n"); > ++ exit_cleanup(RERR_FILESELECT); > ++ } > ++ > + f_name(file, fname + offset); > + if (remove_source_files) { > + if (do_unlink(fname) == 0) { > +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in) > + enum logcode log_code = log_before_transfer ? FLOG : FINFO; > + int f_xfer = write_batch< 0 ? batch_fd : f_out; > + int i, j; > ++ size_t l = 0; > + > + if (verbose> 2) > + rprintf(FINFO, "send_files starting\n"); > +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in) > + fname[offset++] = '/'; > + } else > + offset = 0; > ++ > ++ l = offset + 1; > ++ if (file) { > ++ if (file->dirname) > ++ l += strlen(file->dirname); > ++ if (file->basename) > ++ l += strlen(file->basename); > ++ } > ++ > ++ if (l>= sizeof(fname)) { > ++ rprintf(FERROR, "Overlong pathname\n"); > ++ exit_cleanup(RERR_FILESELECT); > ++ } > ++ > + fname2 = f_name(file, fname + offset); > + > + if (verbose> 2) > diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb b/meta/recipes-devtools/rsync/rsync_2.6.9.bb > index 4337982..17c18a4 100644 > --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb > +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb > @@ -8,6 +8,7 @@ PRIORITY = "optional" > DEPENDS = "popt" > > SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \ > + file://rsync-2.6.9-fname-obo.patch \ > file://rsyncd.conf" > > inherit autotools > @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""' > LICENSE = "GPLv2+" > LIC_FILES_CHKSUM = "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c" > > -PR = "r2" > +PR = "r3" Merged into oe-core and poky/master and staged for Bernard Thanks Sau! ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2011-05-10 17:56 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2011-05-10 2:54 [PATCH 0/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091 Dexuan Cui 2011-05-10 2:54 ` [PATCH 1/1] " Dexuan Cui 2011-05-10 5:01 ` Saul Wold 2011-05-10 5:03 ` He, Qing 2011-05-10 5:05 ` Saul Wold 2011-05-10 5:18 ` Cui, Dexuan 2011-05-10 17:53 ` Saul Wold
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox