Hello community, here is the log from the commit of package rsync for openSUSE:Factory checked in at 2018-01-20 11:19:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rsync (Old) and /work/SRC/openSUSE:Factory/.rsync.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rsync" Sat Jan 20 11:19:53 2018 rev:65 rq:567411 version:3.1.2 Changes: -------- --- /work/SRC/openSUSE:Factory/rsync/rsync.changes 2018-01-16 09:33:21.071016137 +0100 +++ /work/SRC/openSUSE:Factory/.rsync.new/rsync.changes 2018-01-20 11:19:58.715262357 +0100 @@ -1,0 +2,7 @@ +Thu Jan 18 12:13:48 UTC 2018 - [email protected] + +- Security fix: Ignore --protect-args when already sent by client + [bsc#1076503, CVE-2018-5764] + * Added patch rsync-3.1.2-CVE-2018-5764.patch + +------------------------------------------------------------------- New: ---- rsync-3.1.2-CVE-2018-5764.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rsync.spec ++++++ --- /var/tmp/diff_new_pack.8azZdm/_old 2018-01-20 11:19:59.567222529 +0100 +++ /var/tmp/diff_new_pack.8azZdm/_new 2018-01-20 11:19:59.571222342 +0100 @@ -45,6 +45,8 @@ #PATCH-FIX-UPSTREAM bcs#1062063 rsync doesn't stop on errors Patch4: rsync-send_error_to_sender.patch Patch5: rsync-avoid-uploading-after-error.patch +#PATCH-FIX-UPSTREAM bcs#1076503 CVE-2018-5764 parse_arguments function does not prevent multiple --protect-arg +Patch6: rsync-3.1.2-CVE-2018-5764.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libacl-devel @@ -81,6 +83,7 @@ %patch3 -p1 %patch4 %patch5 +%patch6 -p1 %build autoreconf -fiv ++++++ rsync-3.1.2-CVE-2018-5764.patch ++++++ >From 7706303828fcde524222babb2833864a4bd09e07 Mon Sep 17 00:00:00 2001 From: Jeriko One <[email protected]> Date: Mon, 20 Nov 2017 14:42:30 -0800 Subject: [PATCH 1/1] Ignore --protect-args when already sent by client In parse_arguments when --protect-args is encountered the function exits early. The caller is expected to check protect_args, and recall parse_arguments setting protect_args to 2. This patch prevents the client from resetting protect_args during the second pass of parse_arguments. This prevents parse_arguments returning early the second time before it's able to sanitize the arguments it received. --- options.c | 5 +++++ 1 file changed, 5 insertions(+) Index: rsync-3.1.2/options.c =================================================================== --- rsync-3.1.2.orig/options.c +++ rsync-3.1.2/options.c @@ -1304,6 +1304,7 @@ int parse_arguments(int *argc_p, const c const char *arg, **argv = *argv_p; int argc = *argc_p; int opt; + int orig_protect_args = protect_args; if (ref && *ref) set_refuse_options(ref); @@ -1933,6 +1934,10 @@ int parse_arguments(int *argc_p, const c if (fuzzy_basis > 1) fuzzy_basis = basis_dir_cnt + 1; + /* Don't let the client reset protect_args if it was already processed */ + if (orig_protect_args == 2 && am_server) + protect_args = orig_protect_args; + if (protect_args == 1 && am_server) return 1;
