On 05/09/2011 10:03 PM, He, Qing wrote: >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Saul >> Wold >> Sent: 2011年5月10日 13:02 >> To: Patches and discussions about the oe-core layer >> Subject: Re: [OE-core] [PATCH 1/1] rsync (GPLv2): fix security vulnerability >> CVE-2007-4091 >> >> On 05/09/2011 07:54 PM, Dexuan Cui wrote: >>> From: Dexuan Cui<[email protected]> >>> >>> Added a patch to fix >>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 >>> >> This is missing a [YOCTO #bugid], please add and resend. (update branch >> is OK). > > Saul, > Before the other two CVEs are specifically addressed, I don't think we > can call a close on this bug. > Yes, that's true, but it's important to know that this patch addresses a part of that bug.
Sau! > Thanks, > Qing > >> >> Sau! >> >>> Signed-off-by: Dexuan Cui<[email protected]> >>> --- >>> .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch | 70 >> ++++++++++++++++++++ >>> meta/recipes-devtools/rsync/rsync_2.6.9.bb | 3 +- >>> 2 files changed, 72 insertions(+), 1 deletions(-) >>> create mode 100644 >> meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >>> >>> diff --git >>> a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >> b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >>> new file mode 100644 >>> index 0000000..f054452 >>> --- /dev/null >>> +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >>> @@ -0,0 +1,70 @@ >>> +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ] >>> + >>> +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to >>> +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 >>> + >>> +Date: Tue May 10 10:07:36 2011 +0800 >>> +Dexuan Cui<[email protected]> >>> + >>> +diff --git a/sender.c b/sender.c >>> +index 6fcaa65..053a8f1 100644 >>> +--- a/sender.c >>> ++++ b/sender.c >>> +@@ -123,6 +123,7 @@ void successful_send(int ndx) >>> + char fname[MAXPATHLEN]; >>> + struct file_struct *file; >>> + unsigned int offset; >>> ++ size_t l = 0; >>> + >>> + if (ndx< 0 || ndx>= the_file_list->count) >>> + return; >>> +@@ -133,6 +134,20 @@ void successful_send(int ndx) >>> + file->dir.root, "/", NULL); >>> + } else >>> + offset = 0; >>> ++ >>> ++ l = offset + 1; >>> ++ if (file) { >>> ++ if (file->dirname) >>> ++ l += strlen(file->dirname); >>> ++ if (file->basename) >>> ++ l += strlen(file->basename); >>> ++ } >>> ++ >>> ++ if (l>= sizeof(fname)) { >>> ++ rprintf(FERROR, "Overlong pathname\n"); >>> ++ exit_cleanup(RERR_FILESELECT); >>> ++ } >>> ++ >>> + f_name(file, fname + offset); >>> + if (remove_source_files) { >>> + if (do_unlink(fname) == 0) { >>> +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, >>> int f_in) >>> + enum logcode log_code = log_before_transfer ? FLOG : FINFO; >>> + int f_xfer = write_batch< 0 ? batch_fd : f_out; >>> + int i, j; >>> ++ size_t l = 0; >>> + >>> + if (verbose> 2) >>> + rprintf(FINFO, "send_files starting\n"); >>> +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, >>> int f_in) >>> + fname[offset++] = '/'; >>> + } else >>> + offset = 0; >>> ++ >>> ++ l = offset + 1; >>> ++ if (file) { >>> ++ if (file->dirname) >>> ++ l += strlen(file->dirname); >>> ++ if (file->basename) >>> ++ l += strlen(file->basename); >>> ++ } >>> ++ >>> ++ if (l>= sizeof(fname)) { >>> ++ rprintf(FERROR, "Overlong pathname\n"); >>> ++ exit_cleanup(RERR_FILESELECT); >>> ++ } >>> ++ >>> + fname2 = f_name(file, fname + offset); >>> + >>> + if (verbose> 2) >>> diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb >> b/meta/recipes-devtools/rsync/rsync_2.6.9.bb >>> index 4337982..17c18a4 100644 >>> --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb >>> +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb >>> @@ -8,6 +8,7 @@ PRIORITY = "optional" >>> DEPENDS = "popt" >>> >>> SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \ >>> + file://rsync-2.6.9-fname-obo.patch \ >>> file://rsyncd.conf" >>> >>> inherit autotools >>> @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""' >>> LICENSE = "GPLv2+" >>> LIC_FILES_CHKSUM = >> "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c" >>> >>> -PR = "r2" >>> +PR = "r3" >> >> _______________________________________________ >> Openembedded-core mailing list >> [email protected] >> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core > _______________________________________________ > Openembedded-core mailing list > [email protected] > http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core _______________________________________________ Openembedded-core mailing list [email protected] http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
