>-----Original Message----- >From: openembedded-core-boun...@lists.openembedded.org >[mailto:openembedded-core-boun...@lists.openembedded.org] On Behalf Of Saul >Wold >Sent: 2011年5月10日 13:02 >To: Patches and discussions about the oe-core layer >Subject: Re: [OE-core] [PATCH 1/1] rsync (GPLv2): fix security vulnerability >CVE-2007-4091 > >On 05/09/2011 07:54 PM, Dexuan Cui wrote: >> From: Dexuan Cui<dexuan....@intel.com> >> >> Added a patch to fix >> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 >> >This is missing a [YOCTO #bugid], please add and resend. (update branch >is OK).
Saul, Before the other two CVEs are specifically addressed, I don't think we can call a close on this bug. Thanks, Qing > >Sau! > >> Signed-off-by: Dexuan Cui<dexuan....@intel.com> >> --- >> .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch | 70 >++++++++++++++++++++ >> meta/recipes-devtools/rsync/rsync_2.6.9.bb | 3 +- >> 2 files changed, 72 insertions(+), 1 deletions(-) >> create mode 100644 >meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >> >> diff --git >> a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >> new file mode 100644 >> index 0000000..f054452 >> --- /dev/null >> +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >> @@ -0,0 +1,70 @@ >> +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ] >> + >> +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to >> +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 >> + >> +Date: Tue May 10 10:07:36 2011 +0800 >> +Dexuan Cui<dexuan....@intel.com> >> + >> +diff --git a/sender.c b/sender.c >> +index 6fcaa65..053a8f1 100644 >> +--- a/sender.c >> ++++ b/sender.c >> +@@ -123,6 +123,7 @@ void successful_send(int ndx) >> + char fname[MAXPATHLEN]; >> + struct file_struct *file; >> + unsigned int offset; >> ++ size_t l = 0; >> + >> + if (ndx< 0 || ndx>= the_file_list->count) >> + return; >> +@@ -133,6 +134,20 @@ void successful_send(int ndx) >> + file->dir.root, "/", NULL); >> + } else >> + offset = 0; >> ++ >> ++ l = offset + 1; >> ++ if (file) { >> ++ if (file->dirname) >> ++ l += strlen(file->dirname); >> ++ if (file->basename) >> ++ l += strlen(file->basename); >> ++ } >> ++ >> ++ if (l>= sizeof(fname)) { >> ++ rprintf(FERROR, "Overlong pathname\n"); >> ++ exit_cleanup(RERR_FILESELECT); >> ++ } >> ++ >> + f_name(file, fname + offset); >> + if (remove_source_files) { >> + if (do_unlink(fname) == 0) { >> +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int >> f_in) >> + enum logcode log_code = log_before_transfer ? FLOG : FINFO; >> + int f_xfer = write_batch< 0 ? batch_fd : f_out; >> + int i, j; >> ++ size_t l = 0; >> + >> + if (verbose> 2) >> + rprintf(FINFO, "send_files starting\n"); >> +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, >> int f_in) >> + fname[offset++] = '/'; >> + } else >> + offset = 0; >> ++ >> ++ l = offset + 1; >> ++ if (file) { >> ++ if (file->dirname) >> ++ l += strlen(file->dirname); >> ++ if (file->basename) >> ++ l += strlen(file->basename); >> ++ } >> ++ >> ++ if (l>= sizeof(fname)) { >> ++ rprintf(FERROR, "Overlong pathname\n"); >> ++ exit_cleanup(RERR_FILESELECT); >> ++ } >> ++ >> + fname2 = f_name(file, fname + offset); >> + >> + if (verbose> 2) >> diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb >b/meta/recipes-devtools/rsync/rsync_2.6.9.bb >> index 4337982..17c18a4 100644 >> --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb >> +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb >> @@ -8,6 +8,7 @@ PRIORITY = "optional" >> DEPENDS = "popt" >> >> SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \ >> + file://rsync-2.6.9-fname-obo.patch \ >> file://rsyncd.conf" >> >> inherit autotools >> @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""' >> LICENSE = "GPLv2+" >> LIC_FILES_CHKSUM = >"file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c" >> >> -PR = "r2" >> +PR = "r3" > >_______________________________________________ >Openembedded-core mailing list >Openembedded-core@lists.openembedded.org >http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core