Change-Id: I149b1e368b07beae4c09924401be23bb4de70fa8
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4573
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Xiaolin Li <xiaolinl@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,42 @@ |
0 |
+From 3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Jeriko One <jeriko.one@gmx.us> |
|
2 |
+Date: Thu, 2 Nov 2017 23:44:19 -0700 |
|
3 |
+Subject: [PATCH] Check fname in recv_files sooner. |
|
4 |
+ |
|
5 |
+--- |
|
6 |
+ receiver.c | 12 ++++++------ |
|
7 |
+ 1 file changed, 6 insertions(+), 6 deletions(-) |
|
8 |
+ |
|
9 |
+diff --git a/receiver.c b/receiver.c |
|
10 |
+index baae3a9..9fdafa1 100644 |
|
11 |
+--- a/receiver.c |
|
12 |
+@@ -574,6 +574,12 @@ int recv_files(int f_in, int f_out, char *local_name) |
|
13 |
+ file = dir_flist->files[cur_flist->parent_ndx]; |
|
14 |
+ fname = local_name ? local_name : f_name(file, fbuf); |
|
15 |
+ |
|
16 |
++ if (daemon_filter_list.head |
|
17 |
++ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { |
|
18 |
++ rprintf(FERROR, "attempt to hack rsync failed.\n"); |
|
19 |
++ exit_cleanup(RERR_PROTOCOL); |
|
20 |
++ } |
|
21 |
++ |
|
22 |
+ if (DEBUG_GTE(RECV, 1)) |
|
23 |
+ rprintf(FINFO, "recv_files(%s)\n", fname); |
|
24 |
+ |
|
25 |
+@@ -645,12 +651,6 @@ int recv_files(int f_in, int f_out, char *local_name) |
|
26 |
+ |
|
27 |
+ cleanup_got_literal = 0; |
|
28 |
+ |
|
29 |
+- if (daemon_filter_list.head |
|
30 |
+- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { |
|
31 |
+- rprintf(FERROR, "attempt to hack rsync failed.\n"); |
|
32 |
+- exit_cleanup(RERR_PROTOCOL); |
|
33 |
+- } |
|
34 |
+- |
|
35 |
+ if (read_batch) { |
|
36 |
+ int wanted = redoing |
|
37 |
+ ? we_want_redo(ndx) |
|
38 |
+-- |
|
39 |
+1.9.1 |
|
40 |
+ |
0 | 41 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,25 @@ |
0 |
+From 5509597decdbd7b91994210f700329d8a35e70a1 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Jeriko One <jeriko.one@gmx.us> |
|
2 |
+Date: Thu, 16 Nov 2017 17:26:03 -0800 |
|
3 |
+Subject: [PATCH] Check daemon filter against fnamecmp in recv_files(). |
|
4 |
+ |
|
5 |
+--- |
|
6 |
+ receiver.c | 2 +- |
|
7 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
|
8 |
+ |
|
9 |
+diff --git a/receiver.c b/receiver.c |
|
10 |
+index 9fdafa1..9c46242 100644 |
|
11 |
+--- a/receiver.c |
|
12 |
+@@ -722,7 +722,7 @@ int recv_files(int f_in, int f_out, char *local_name) |
|
13 |
+ break; |
|
14 |
+ } |
|
15 |
+ if (!fnamecmp || (daemon_filter_list.head |
|
16 |
+- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0)) { |
|
17 |
++ && check_filter(&daemon_filter_list, FLOG, fnamecmp, 0) < 0)) { |
|
18 |
+ fnamecmp = fname; |
|
19 |
+ fnamecmp_type = FNAMECMP_FNAME; |
|
20 |
+ } |
|
21 |
+-- |
|
22 |
+1.9.1 |
|
23 |
+ |
0 | 24 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,36 @@ |
0 |
+From 70aeb5fddd1b2f8e143276f8d5a085db16c593b9 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Jeriko One <jeriko.one@gmx.us> |
|
2 |
+Date: Thu, 16 Nov 2017 17:05:42 -0800 |
|
3 |
+Subject: [PATCH] Sanitize xname in read_ndx_and_attrs. |
|
4 |
+ |
|
5 |
+--- |
|
6 |
+ rsync.c | 6 ++++++ |
|
7 |
+ 1 file changed, 6 insertions(+) |
|
8 |
+ |
|
9 |
+diff --git a/rsync.c b/rsync.c |
|
10 |
+index b82e598..a0945ba 100644 |
|
11 |
+--- a/rsync.c |
|
12 |
+@@ -49,6 +49,7 @@ extern int flist_eof; |
|
13 |
+ extern int file_old_total; |
|
14 |
+ extern int keep_dirlinks; |
|
15 |
+ extern int make_backups; |
|
16 |
++extern int sanitize_paths; |
|
17 |
+ extern struct file_list *cur_flist, *first_flist, *dir_flist; |
|
18 |
+ extern struct chmod_mode_struct *daemon_chmod_modes; |
|
19 |
+ #ifdef ICONV_OPTION |
|
20 |
+@@ -396,6 +397,11 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, |
|
21 |
+ if (iflags & ITEM_XNAME_FOLLOWS) { |
|
22 |
+ if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0) |
|
23 |
+ exit_cleanup(RERR_PROTOCOL); |
|
24 |
++ |
|
25 |
++ if (sanitize_paths) { |
|
26 |
++ sanitize_path(buf, buf, "", 0, SP_DEFAULT); |
|
27 |
++ len = strlen(buf); |
|
28 |
++ } |
|
29 |
+ } else { |
|
30 |
+ *buf = '\0'; |
|
31 |
+ len = -1; |
|
32 |
+-- |
|
33 |
+1.9.1 |
|
34 |
+ |
... | ... |
@@ -1,12 +1,15 @@ |
1 | 1 |
Summary: Fast incremental file transfer. |
2 | 2 |
Name: rsync |
3 | 3 |
Version: 3.1.2 |
4 |
-Release: 4%{?dist} |
|
4 |
+Release: 5%{?dist} |
|
5 | 5 |
License: GPLv3+ |
6 | 6 |
URL: https://rsync.samba.org/ |
7 | 7 |
Source0: https://download.samba.org/pub/rsync/src/%{name}-%{version}.tar.gz |
8 | 8 |
%define sha1 rsync=0d4c7fb7fe3fc80eeff922a7c1d81df11dbb8a1a |
9 | 9 |
Patch0: rsync-CVE-2017-16548.patch |
10 |
+Patch1: rsync-CVE-2017-17433.patch |
|
11 |
+Patch2: rsync-CVE-2017-17434-1.patch |
|
12 |
+Patch3: rsync-CVE-2017-17434-2.patch |
|
10 | 13 |
Group: Appication/Internet |
11 | 14 |
Vendor: VMware, Inc. |
12 | 15 |
Distribution: Photon |
... | ... |
@@ -17,6 +20,9 @@ Rsync is a fast and extraordinarily versatile file copying tool. It can copy loc |
17 | 17 |
%prep |
18 | 18 |
%setup -q |
19 | 19 |
%patch0 -p1 |
20 |
+%patch1 -p1 |
|
21 |
+%patch2 -p1 |
|
22 |
+%patch3 -p1 |
|
20 | 23 |
%build |
21 | 24 |
%configure --prefix=/usr |
22 | 25 |
make %{?_smp_mflags} |
... | ... |
@@ -56,6 +62,8 @@ make %{?_smp_mflags} check |
56 | 56 |
%{_libdir}/systemd/system/rsyncd.service |
57 | 57 |
%{_sysconfdir}/rsyncd.conf |
58 | 58 |
%changelog |
59 |
+* Wed Dec 27 2017 Xiaolin Li <xiaolinl@vmware.com> 3.1.2-5 |
|
60 |
+- Fix CVE-2017-17433, CVE-2017-17434 |
|
59 | 61 |
* Wed Nov 29 2017 Xiaolin Li <xiaolinl@vmware.com> 3.1.2-4 |
60 | 62 |
- Fix CVE-2017-16548 |
61 | 63 |
* Wed Oct 05 2016 ChangLee <changlee@vmware.com> 3.1.2-3 |