diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12084.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12084.patch new file mode 100644 index 0000000000..c4479ef8a8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12084.patch @@ -0,0 +1,132 @@ +https://bugs.gentoo.org/948106 + +Backport provided by Red Hat on the VINCE case. +diff --git a/io.c b/io.c +index a99ac0e..bb60eec 100644 +--- a/io.c ++++ b/io.c +@@ -55,6 +55,7 @@ extern int read_batch; + extern int compat_flags; + extern int protect_args; + extern int checksum_seed; ++extern int xfer_sum_len; + extern int daemon_connection; + extern int protocol_version; + extern int remove_source_files; +@@ -1977,7 +1978,7 @@ void read_sum_head(int f, struct sum_struct *sum) + exit_cleanup(RERR_PROTOCOL); + } + sum->s2length = protocol_version < 27 ? csum_length : (int)read_int(f); +- if (sum->s2length < 0 || sum->s2length > MAX_DIGEST_LEN) { ++ if (sum->s2length < 0 || sum->s2length > xfer_sum_len) { + rprintf(FERROR, "Invalid checksum length %d [%s]\n", + sum->s2length, who_am_i()); + exit_cleanup(RERR_PROTOCOL); +diff --git a/match.c b/match.c +index cdb30a1..36e78ed 100644 +--- a/match.c ++++ b/match.c +@@ -232,7 +232,7 @@ static void hash_search(int f,struct sum_struct *s, + done_csum2 = 1; + } + +- if (memcmp(sum2,s->sums[i].sum2,s->s2length) != 0) { ++ if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) { + false_alarms++; + continue; + } +@@ -252,7 +252,7 @@ static void hash_search(int f,struct sum_struct *s, + if (i != aligned_i) { + if (sum != s->sums[aligned_i].sum1 + || l != s->sums[aligned_i].len +- || memcmp(sum2, s->sums[aligned_i].sum2, s->s2length) != 0) ++ || memcmp(sum2, sum2_at(s, aligned_i), s->s2length) != 0) + goto check_want_i; + i = aligned_i; + } +@@ -271,7 +271,7 @@ static void hash_search(int f,struct sum_struct *s, + if (sum != s->sums[i].sum1) + goto check_want_i; + get_checksum2((char *)map, l, sum2); +- if (memcmp(sum2, s->sums[i].sum2, s->s2length) != 0) ++ if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) + goto check_want_i; + /* OK, we have a re-alignment match. Bump the offset + * forward to the new match point. */ +@@ -290,7 +290,7 @@ static void hash_search(int f,struct sum_struct *s, + && (!updating_basis_file || s->sums[want_i].offset >= offset + || s->sums[want_i].flags & SUMFLG_SAME_OFFSET) + && sum == s->sums[want_i].sum1 +- && memcmp(sum2, s->sums[want_i].sum2, s->s2length) == 0) { ++ && memcmp(sum2, sum2_at(s, want_i), s->s2length) == 0) { + /* we've found an adjacent match - the RLL coder + * will be happy */ + i = want_i; +diff --git a/rsync.c b/rsync.c +index cd288f5..b130aba 100644 +--- a/rsync.c ++++ b/rsync.c +@@ -437,7 +437,10 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, cha + */ + void free_sums(struct sum_struct *s) + { +- if (s->sums) free(s->sums); ++ if (s->sums) { ++ free(s->sums); ++ free(s->sum2_array); ++ } + free(s); + } + +diff --git a/rsync.h b/rsync.h +index d3709fe..0f9e277 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -958,12 +958,12 @@ struct sum_buf { + uint32 sum1; /**< simple checksum */ + int32 chain; /**< next hash-table collision */ + short flags; /**< flag bits */ +- char sum2[SUM_LENGTH]; /**< checksum */ + }; + + struct sum_struct { + OFF_T flength; /**< total file length */ + struct sum_buf *sums; /**< points to info for each chunk */ ++ char *sum2_array; /**< checksums of length xfer_sum_len */ + int32 count; /**< how many chunks */ + int32 blength; /**< block_length */ + int32 remainder; /**< flength % block_length */ +@@ -982,6 +982,8 @@ struct map_struct { + int status; /* first errno from read errors */ + }; + ++#define sum2_at(s, i) ((s)->sum2_array + ((size_t)(i) * xfer_sum_len)) ++ + #define NAME_IS_FILE (0) /* filter name as a file */ + #define NAME_IS_DIR (1<<0) /* filter name as a dir */ + #define NAME_IS_XATTR (1<<2) /* filter name as an xattr */ +diff --git a/sender.c b/sender.c +index 3d4f052..2bbff2f 100644 +--- a/sender.c ++++ b/sender.c +@@ -31,6 +31,7 @@ extern int log_before_transfer; + extern int stdout_format_has_i; + extern int logfile_format_has_i; + extern int want_xattr_optim; ++extern int xfer_sum_len; + extern int csum_length; + extern int append_mode; + extern int copy_links; +@@ -94,10 +95,11 @@ static struct sum_struct *receive_sums(int f) + return(s); + + s->sums = new_array(struct sum_buf, s->count); ++ s->sum2_array = new_array(char, (size_t)s->count * xfer_sum_len); + + for (i = 0; i < s->count; i++) { + s->sums[i].sum1 = read_int(f); +- read_buf(f, s->sums[i].sum2, s->s2length); ++ read_buf(f, sum2_at(s, i), s->s2length); + + s->sums[i].offset = offset; + s->sums[i].flags = 0; diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12085.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12085.patch new file mode 100644 index 0000000000..d841ad0716 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12085.patch @@ -0,0 +1,17 @@ +https://bugs.gentoo.org/948106 + +Backport provided by Red Hat on the VINCE case. +diff --git a/match.c b/match.c +index 36e78ed..dfd6af2 100644 +--- a/match.c ++++ b/match.c +@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s, + int more; + schar *map; + ++ // prevent possible memory leaks ++ memset(sum2, 0, sizeof sum2); ++ + /* want_i is used to encourage adjacent matches, allowing the RLL + * coding of the output to work more efficiently. */ + want_i = 0; diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-1.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-1.patch new file mode 100644 index 0000000000..b0ab88e8c1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-1.patch @@ -0,0 +1,200 @@ +https://bugs.gentoo.org/948106 + +Backport provided by Red Hat on the VINCE case. +diff --git a/receiver.c b/receiver.c +index 6b4b369..8031b8f 100644 +--- a/receiver.c ++++ b/receiver.c +@@ -66,6 +66,7 @@ extern char sender_file_sum[MAX_DIGEST_LEN]; + extern struct file_list *cur_flist, *first_flist, *dir_flist; + extern filter_rule_list daemon_filter_list; + extern OFF_T preallocated_len; ++extern int fuzzy_basis; + + extern struct name_num_item *xfer_sum_nni; + extern int xfer_sum_len; +@@ -551,6 +552,8 @@ int recv_files(int f_in, int f_out, char *local_name) + progress_init(); + + while (1) { ++ const char *basedir = NULL; ++ + cleanup_disable(); + + /* This call also sets cur_flist. */ +@@ -716,28 +719,34 @@ int recv_files(int f_in, int f_out, char *local_name) + fnamecmp = get_backup_name(fname); + break; + case FNAMECMP_FUZZY: ++ if (fuzzy_basis == 0) { ++ rprintf(FERROR_XFER, "rsync: refusing malicious fuzzy operation for %s\n", xname); ++ exit_cleanup(RERR_PROTOCOL); ++ } + if (file->dirname) { +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname); +- fnamecmp = fnamecmpbuf; +- } else +- fnamecmp = xname; ++ basedir = file->dirname; ++ } ++ fnamecmp = xname; + break; + default: + if (fnamecmp_type > FNAMECMP_FUZZY && fnamecmp_type-FNAMECMP_FUZZY <= basis_dir_cnt) { + fnamecmp_type -= FNAMECMP_FUZZY + 1; + if (file->dirname) { +- stringjoin(fnamecmpbuf, sizeof fnamecmpbuf, +- basis_dir[fnamecmp_type], "/", file->dirname, "/", xname, NULL); +- } else +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], xname); ++ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], file->dirname); ++ basedir = fnamecmpbuf; ++ } else { ++ basedir = basis_dir[fnamecmp_type]; ++ } ++ fnamecmp = xname; + } else if (fnamecmp_type >= basis_dir_cnt) { + rprintf(FERROR, + "invalid basis_dir index: %d.\n", + fnamecmp_type); + exit_cleanup(RERR_PROTOCOL); +- } else +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], fname); +- fnamecmp = fnamecmpbuf; ++ } else { ++ basedir = basis_dir[fnamecmp_type]; ++ fnamecmp = fname; ++ } + break; + } + if (!fnamecmp || (daemon_filter_list.head +@@ -760,7 +769,7 @@ int recv_files(int f_in, int f_out, char *local_name) + } + + /* open the file */ +- fd1 = do_open(fnamecmp, O_RDONLY, 0); ++ fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0); + + if (fd1 == -1 && protocol_version < 29) { + if (fnamecmp != fname) { +@@ -771,14 +780,20 @@ int recv_files(int f_in, int f_out, char *local_name) + + if (fd1 == -1 && basis_dir[0]) { + /* pre-29 allowed only one alternate basis */ +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, +- basis_dir[0], fname); +- fnamecmp = fnamecmpbuf; ++ basedir = basis_dir[0]; ++ fnamecmp = fname; + fnamecmp_type = FNAMECMP_BASIS_DIR_LOW; +- fd1 = do_open(fnamecmp, O_RDONLY, 0); ++ fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0); + } + } + ++ if (basedir) { ++ // for the following code we need the full ++ // path name as a single string ++ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basedir, fnamecmp); ++ fnamecmp = fnamecmpbuf; ++ } ++ + one_inplace = inplace_partial && fnamecmp_type == FNAMECMP_PARTIAL_DIR; + updating_basis_or_equiv = one_inplace + || (inplace && (fnamecmp == fname || fnamecmp_type == FNAMECMP_BACKUP)); +diff --git a/syscall.c b/syscall.c +index d92074a..47c5ea5 100644 +--- a/syscall.c ++++ b/syscall.c +@@ -33,6 +33,8 @@ + #include + #endif + ++#include "ifuncs.h" ++ + extern int dry_run; + extern int am_root; + extern int am_sender; +@@ -712,3 +714,82 @@ int do_open_nofollow(const char *pathname, int flags) + + return fd; + } ++ ++/* ++ open a file relative to a base directory. The basedir can be NULL, ++ in which case the current working directory is used. The relpath ++ must be a relative path, and the relpath must not contain any ++ elements in the path which follow symlinks (ie. like O_NOFOLLOW, but ++ applies to all path components, not just the last component) ++ ++ The relpath must also not contain any ../ elements in the path ++*/ ++int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode) ++{ ++ if (!relpath || relpath[0] == '/') { ++ // must be a relative path ++ errno = EINVAL; ++ return -1; ++ } ++ if (strncmp(relpath, "../", 3) == 0 || strstr(relpath, "/../")) { ++ // no ../ elements allowed in the relpath ++ errno = EINVAL; ++ return -1; ++ } ++ ++#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) ++ // really old system, all we can do is live with the risks ++ if (!basedir) { ++ return open(relpath, flags, mode); ++ } ++ char fullpath[MAXPATHLEN]; ++ pathjoin(fullpath, sizeof fullpath, basedir, relpath); ++ return open(fullpath, flags, mode); ++#else ++ int dirfd = AT_FDCWD; ++ if (basedir != NULL) { ++ dirfd = openat(AT_FDCWD, basedir, O_RDONLY | O_DIRECTORY); ++ if (dirfd == -1) { ++ return -1; ++ } ++ } ++ int retfd = -1; ++ ++ char *path_copy = my_strdup(relpath, __FILE__, __LINE__); ++ if (!path_copy) { ++ return -1; ++ } ++ ++ for (const char *part = strtok(path_copy, "/"); ++ part != NULL; ++ part = strtok(NULL, "/")) ++ { ++ int next_fd = openat(dirfd, part, O_RDONLY | O_DIRECTORY | O_NOFOLLOW); ++ if (next_fd == -1 && errno == ENOTDIR) { ++ if (strtok(NULL, "/") != NULL) { ++ // this is not the last component of the path ++ errno = ELOOP; ++ goto cleanup; ++ } ++ // this could be the last component of the path, try as a file ++ retfd = openat(dirfd, part, flags | O_NOFOLLOW, mode); ++ goto cleanup; ++ } ++ if (next_fd == -1) { ++ goto cleanup; ++ } ++ if (dirfd != AT_FDCWD) close(dirfd); ++ dirfd = next_fd; ++ } ++ ++ // the path must be a directory ++ errno = EINVAL; ++ ++cleanup: ++ free(path_copy); ++ if (dirfd != AT_FDCWD) { ++ close(dirfd); ++ } ++ return retfd; ++#endif // O_NOFOLLOW, O_DIRECTORY ++} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-2.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-2.patch new file mode 100644 index 0000000000..ae0a85bc4a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-2.patch @@ -0,0 +1,26 @@ +https://github.com/RsyncProject/rsync/pull/707 + +From 4e9b6476325eb08931025d719cfc3ff2c94d2b23 Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Wed, 15 Jan 2025 15:59:17 +0100 +Subject: [PATCH] Fix build on ancient glibc without openat(AT_FDCWD + +Fixes: https://github.com/RsyncProject/rsync/issues/701 +--- + syscall.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/syscall.c b/syscall.c +index 8cea2900..34a9bba0 100644 +--- a/syscall.c ++++ b/syscall.c +@@ -734,7 +734,7 @@ int secure_relative_open(const char *basedir, const char *relpath, int flags, mo + return -1; + } + +-#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) ++#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) || !defined(AT_FDCWD) + // really old system, all we can do is live with the risks + if (!basedir) { + return open(relpath, flags, mode); + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-1.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-1.patch new file mode 100644 index 0000000000..2328f3c0f6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-1.patch @@ -0,0 +1,39 @@ +https://bugs.gentoo.org/948106 + +Backport provided by Red Hat on the VINCE case. +diff --git a/flist.c b/flist.c +index 464d556..087f9da 100644 +--- a/flist.c ++++ b/flist.c +@@ -2584,6 +2584,19 @@ struct file_list *recv_file_list(int f, int dir_ndx) + init_hard_links(); + #endif + ++ if (inc_recurse && dir_ndx >= 0) { ++ if (dir_ndx >= dir_flist->used) { ++ rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used); ++ exit_cleanup(RERR_PROTOCOL); ++ } ++ struct file_struct *file = dir_flist->files[dir_ndx]; ++ if (file->flags & FLAG_GOT_DIR_FLIST) { ++ rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx); ++ exit_cleanup(RERR_PROTOCOL); ++ } ++ file->flags |= FLAG_GOT_DIR_FLIST; ++ } ++ + flist = flist_new(0, "recv_file_list"); + flist_expand(flist, FLIST_START_LARGE); + +diff --git a/rsync.h b/rsync.h +index 0f9e277..b9a7101 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -84,6 +84,7 @@ + #define FLAG_DUPLICATE (1<<4) /* sender */ + #define FLAG_MISSING_DIR (1<<4) /* generator */ + #define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */ ++#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */ + #define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */ + #define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */ + #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */ diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-2.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-2.patch new file mode 100644 index 0000000000..dd4c7fb87a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-2.patch @@ -0,0 +1,36 @@ +https://github.com/RsyncProject/rsync/pull/705 + +From efb85fd8db9e8f74eb3ab91ebf44f6ed35e3da5b Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Wed, 15 Jan 2025 15:10:24 +0100 +Subject: [PATCH] Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED + +fixes commit 688f5c379a43 (Refuse a duplicate dirlist.) + +Fixes: https://github.com/RsyncProject/rsync/issues/702 +Fixes: https://github.com/RsyncProject/rsync/issues/697 +--- + rsync.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rsync.h b/rsync.h +index 9be1297b..479ac484 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -84,7 +84,6 @@ + #define FLAG_DUPLICATE (1<<4) /* sender */ + #define FLAG_MISSING_DIR (1<<4) /* generator */ + #define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */ +-#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */ + #define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */ + #define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */ + #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */ +@@ -93,6 +92,7 @@ + #define FLAG_SKIP_GROUP (1<<10) /* receiver/generator */ + #define FLAG_TIME_FAILED (1<<11)/* generator */ + #define FLAG_MOD_NSEC (1<<12) /* sender/receiver/generator */ ++#define FLAG_GOT_DIR_FLIST (1<<13)/* sender/receiver/generator - dir_flist only */ + + /* These flags are passed to functions but not stored. */ + + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12088.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12088.patch new file mode 100644 index 0000000000..422a45e2c0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12088.patch @@ -0,0 +1,60 @@ +https://bugs.gentoo.org/948106 + +Backport provided by Red Hat on the VINCE case. +diff --git a/testsuite/unsafe-byname.test b/testsuite/unsafe-byname.test +index 75e7201..d2e318e 100644 +--- a/testsuite/unsafe-byname.test ++++ b/testsuite/unsafe-byname.test +@@ -40,7 +40,7 @@ test_unsafe ..//../dest from/dir unsafe + test_unsafe .. from/file safe + test_unsafe ../.. from/file unsafe + test_unsafe ..//.. from//file unsafe +-test_unsafe dir/.. from safe ++test_unsafe dir/.. from unsafe + test_unsafe dir/../.. from unsafe + test_unsafe dir/..//.. from unsafe + +diff --git a/util1.c b/util1.c +index da50ff1..f260d39 100644 +--- a/util1.c ++++ b/util1.c +@@ -1318,7 +1318,14 @@ int handle_partial_dir(const char *fname, int create) + * + * "src" is the top source directory currently applicable at the level + * of the referenced symlink. This is usually the symlink's full path +- * (including its name), as referenced from the root of the transfer. */ ++ * (including its name), as referenced from the root of the transfer. ++ * ++ * NOTE: this also rejects dest names with a .. component in other ++ * than the first component of the name ie. it rejects names such as ++ * a/b/../x/y. This needs to be done as the leading subpaths 'a' or ++ * 'b' could later be replaced with symlinks such as a link to '.' ++ * resulting in the link being transferred now becoming unsafe ++ */ + int unsafe_symlink(const char *dest, const char *src) + { + const char *name, *slash; +@@ -1328,6 +1335,23 @@ int unsafe_symlink(const char *dest, const char *src) + if (!dest || !*dest || *dest == '/') + return 1; + ++ // reject destinations with /../ in the name other than at the start of the name ++ const char *dest2 = dest; ++ while (strncmp(dest2, "../", 3) == 0) { ++ dest2 += 3; ++ while (*dest2 == '/') { ++ // allow for ..//..///../foo ++ dest2++; ++ } ++ } ++ if (strstr(dest2, "/../")) ++ return 1; ++ ++ // reject if the destination ends in /.. ++ const size_t dlen = strlen(dest); ++ if (dlen > 3 && strcmp(&dest[dlen-3], "/..") == 0) ++ return 1; ++ + /* find out what our safety margin is */ + for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) { + /* ".." segment starts the count over. "." segment is ignored. */ diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-1.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-1.patch new file mode 100644 index 0000000000..527da20461 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-1.patch @@ -0,0 +1,166 @@ +https://bugs.gentoo.org/948106 + +Backport provided by Red Hat on the VINCE case. +diff --git a/checksum.c b/checksum.c +index cb21882..66e8089 100644 +--- a/checksum.c ++++ b/checksum.c +@@ -406,7 +406,7 @@ void file_checksum(const char *fname, const STRUCT_STAT *st_p, char *sum) + int32 remainder; + int fd; + +- fd = do_open(fname, O_RDONLY, 0); ++ fd = do_open_checklinks(fname); + if (fd == -1) { + memset(sum, 0, file_sum_len); + return; +diff --git a/flist.c b/flist.c +index 087f9da..1783253 100644 +--- a/flist.c ++++ b/flist.c +@@ -1390,7 +1390,7 @@ struct file_struct *make_file(const char *fname, struct file_list *flist, + + if (copy_devices && am_sender && IS_DEVICE(st.st_mode)) { + if (st.st_size == 0) { +- int fd = do_open(fname, O_RDONLY, 0); ++ int fd = do_open_checklinks(fname); + if (fd >= 0) { + st.st_size = get_device_size(fd, fname); + close(fd); +diff --git a/generator.c b/generator.c +index 110db28..3f13bb9 100644 +--- a/generator.c ++++ b/generator.c +@@ -1798,7 +1798,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx, + + if (write_devices && IS_DEVICE(sx.st.st_mode) && sx.st.st_size == 0) { + /* This early open into fd skips the regular open below. */ +- if ((fd = do_open(fnamecmp, O_RDONLY, 0)) >= 0) ++ if ((fd = do_open_nofollow(fnamecmp, O_RDONLY)) >= 0) + real_sx.st.st_size = sx.st.st_size = get_device_size(fd, fnamecmp); + } + +@@ -1867,7 +1867,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx, + } + + /* open the file */ +- if (fd < 0 && (fd = do_open(fnamecmp, O_RDONLY, 0)) < 0) { ++ if (fd < 0 && (fd = do_open_checklinks(fnamecmp)) < 0) { + rsyserr(FERROR, errno, "failed to open %s, continuing", + full_fname(fnamecmp)); + pretend_missing: +diff --git a/receiver.c b/receiver.c +index 8031b8f..edfbb21 100644 +--- a/receiver.c ++++ b/receiver.c +@@ -775,7 +775,7 @@ int recv_files(int f_in, int f_out, char *local_name) + if (fnamecmp != fname) { + fnamecmp = fname; + fnamecmp_type = FNAMECMP_FNAME; +- fd1 = do_open(fnamecmp, O_RDONLY, 0); ++ fd1 = do_open_nofollow(fnamecmp, O_RDONLY); + } + + if (fd1 == -1 && basis_dir[0]) { +diff --git a/sender.c b/sender.c +index 2bbff2f..a4d46c3 100644 +--- a/sender.c ++++ b/sender.c +@@ -350,7 +350,7 @@ void send_files(int f_in, int f_out) + exit_cleanup(RERR_PROTOCOL); + } + +- fd = do_open(fname, O_RDONLY, 0); ++ fd = do_open_checklinks(fname); + if (fd == -1) { + if (errno == ENOENT) { + enum logcode c = am_daemon && protocol_version < 28 ? FERROR : FWARNING; +diff --git a/syscall.c b/syscall.c +index 47c5ea5..c55ae5f 100644 +--- a/syscall.c ++++ b/syscall.c +@@ -45,6 +45,8 @@ extern int preallocate_files; + extern int preserve_perms; + extern int preserve_executability; + extern int open_noatime; ++extern int copy_links; ++extern int copy_unsafe_links; + + #ifndef S_BLKSIZE + # if defined hpux || defined __hpux__ || defined __hpux +@@ -793,3 +795,21 @@ cleanup: + return retfd; + #endif // O_NOFOLLOW, O_DIRECTORY + } ++ ++/* ++ varient of do_open/do_open_nofollow which does do_open() if the ++ copy_links or copy_unsafe_links options are set and does ++ do_open_nofollow() otherwise ++ ++ This is used to prevent a race condition where an attacker could be ++ switching a file between being a symlink and being a normal file ++ ++ The open is always done with O_RDONLY flags ++ */ ++int do_open_checklinks(const char *pathname) ++{ ++ if (copy_links || copy_unsafe_links) { ++ return do_open(pathname, O_RDONLY, 0); ++ } ++ return do_open_nofollow(pathname, O_RDONLY); ++} +diff --git a/t_unsafe.c b/t_unsafe.c +index 010cac5..e10619a 100644 +--- a/t_unsafe.c ++++ b/t_unsafe.c +@@ -28,6 +28,9 @@ int am_root = 0; + int am_sender = 1; + int read_only = 0; + int list_only = 0; ++int copy_links = 0; ++int copy_unsafe_links = 0; ++ + short info_levels[COUNT_INFO], debug_levels[COUNT_DEBUG]; + + int +diff --git a/tls.c b/tls.c +index e6b0708..858f8f1 100644 +--- a/tls.c ++++ b/tls.c +@@ -49,6 +49,9 @@ int list_only = 0; + int link_times = 0; + int link_owner = 0; + int nsec_times = 0; ++int safe_symlinks = 0; ++int copy_links = 0; ++int copy_unsafe_links = 0; + + #ifdef SUPPORT_XATTRS + +diff --git a/trimslash.c b/trimslash.c +index 1ec928c..f2774cd 100644 +--- a/trimslash.c ++++ b/trimslash.c +@@ -26,6 +26,8 @@ int am_root = 0; + int am_sender = 1; + int read_only = 1; + int list_only = 0; ++int copy_links = 0; ++int copy_unsafe_links = 0; + + int + main(int argc, char **argv) +diff --git a/util1.c b/util1.c +index f260d39..d84bc41 100644 +--- a/util1.c ++++ b/util1.c +@@ -365,7 +365,7 @@ int copy_file(const char *source, const char *dest, int tmpfilefd, mode_t mode) + int len; /* Number of bytes read into `buf'. */ + OFF_T prealloc_len = 0, offset = 0; + +- if ((ifd = do_open(source, O_RDONLY, 0)) < 0) { ++ if ((ifd = do_open_nofollow(source, O_RDONLY)) < 0) { + int save_errno = errno; + rsyserr(FERROR_XFER, errno, "open %s", full_fname(source)); + errno = save_errno; diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-2.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-2.patch new file mode 100644 index 0000000000..2a3add75e0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-2.patch @@ -0,0 +1,34 @@ +https://github.com/RsyncProject/rsync/pull/706 + +From f923b19fd85039a2b0e908391074872334646d51 Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Wed, 15 Jan 2025 15:48:04 +0100 +Subject: [PATCH] Fix use-after-free in generator + +full_fname() will free the return value in the next call so we need to +duplicate it before passing it to rsyserr. + +Fixes: https://github.com/RsyncProject/rsync/issues/704 +--- + generator.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/generator.c b/generator.c +index 3f13bb95..b56fa569 100644 +--- a/generator.c ++++ b/generator.c +@@ -2041,8 +2041,12 @@ int atomic_create(struct file_struct *file, char *fname, const char *slnk, const + + if (!skip_atomic) { + if (do_rename(tmpname, fname) < 0) { ++ char *full_tmpname = strdup(full_fname(tmpname)); ++ if (full_tmpname == NULL) ++ out_of_memory("atomic_create"); + rsyserr(FERROR_XFER, errno, "rename %s -> \"%s\" failed", +- full_fname(tmpname), full_fname(fname)); ++ full_tmpname, full_fname(fname)); ++ free(full_tmpname); + do_unlink(tmpname); + return 0; + } + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.7-r4.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.3.0-r2.ebuild similarity index 94% rename from sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.7-r4.ebuild rename to sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.3.0-r2.ebuild index a747693763..7fbdb2af33 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.7-r4.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.3.0-r2.ebuild @@ -1,11 +1,11 @@ -# Copyright 1999-2024 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 # Uncomment when introducing a patch which touches configure RSYNC_NEEDS_AUTOCONF=1 -PYTHON_COMPAT=( python3_{9..11} ) +PYTHON_COMPAT=( python3_{10..13} ) inherit flag-o-matic prefix python-single-r1 systemd DESCRIPTION="File transfer program to keep remote files into sync" @@ -77,9 +77,8 @@ else fi PATCHES=( - "${FILESDIR}"/${P}-flist-memcmp-ub.patch - "${FILESDIR}"/${P}-fortify-source-3.patch - "${FILESDIR}"/${PN}-3.2.7-ipv6-configure-c99.patch + # Temporary just for the bug #948106 CVE fixes + "${FILESDIR}"/3.3.0 ) pkg_setup() { @@ -114,6 +113,9 @@ src_prepare() { } src_configure() { + # Should be fixed upstream in next release (>3.3.0) (bug #943745) + append-cflags $(test-flags-CC -std=gnu17) + local myeconfargs=( --with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf --without-included-popt @@ -149,7 +151,7 @@ src_install() { dodoc NEWS.md README.md TODO tech_report.tex insinto /etc - newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf + newins "${FILESDIR}"/rsyncd.conf-3.2.7-r5 rsyncd.conf insinto /etc/logrotate.d newins "${FILESDIR}"/rsyncd.logrotate rsyncd diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.3.0.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.3.0.ebuild deleted file mode 100644 index 8c66b403fc..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.3.0.ebuild +++ /dev/null @@ -1,201 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -# Uncomment when introducing a patch which touches configure -RSYNC_NEEDS_AUTOCONF=1 -PYTHON_COMPAT=( python3_{10..12} ) -inherit flag-o-matic prefix python-single-r1 systemd - -DESCRIPTION="File transfer program to keep remote files into sync" -HOMEPAGE="https://rsync.samba.org/" -if [[ ${PV} == *9999 ]] ; then - EGIT_REPO_URI="https://github.com/WayneD/rsync.git" - inherit autotools git-r3 - - REQUIRED_USE="${PYTHON_REQUIRED_USE}" -else - VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/waynedavison.asc - inherit verify-sig - - if [[ -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then - inherit autotools - fi - - if [[ ${PV} == *_pre* ]] ; then - SRC_DIR="src-previews" - else - SRC_DIR="src" - KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" - fi - - SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz - verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )" - S="${WORKDIR}"/${P/_/} -fi - -LICENSE="GPL-3" -SLOT="0" -IUSE="acl examples iconv lz4 rrsync ssl stunnel system-zlib xattr xxhash zstd" -REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )" -REQUIRED_USE+=" rrsync? ( ${PYTHON_REQUIRED_USE} )" - -RDEPEND=" - >=dev-libs/popt-1.5 - acl? ( virtual/acl ) - examples? ( - ${PYTHON_DEPS} - dev-lang/perl - ) - lz4? ( app-arch/lz4:= ) - rrsync? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep ' - dev-python/bracex[${PYTHON_USEDEP}] - ') - ) - ssl? ( dev-libs/openssl:= ) - system-zlib? ( sys-libs/zlib ) - xattr? ( kernel_linux? ( sys-apps/attr ) ) - xxhash? ( >=dev-libs/xxhash-0.8 ) - zstd? ( >=app-arch/zstd-1.4:= ) - iconv? ( virtual/libiconv )" -DEPEND="${RDEPEND}" -BDEPEND=" - examples? ( ${PYTHON_DEPS} ) - rrsync? ( ${PYTHON_DEPS} ) -" - -if [[ ${PV} == *9999 ]] ; then - BDEPEND+=" ${PYTHON_DEPS} - $(python_gen_cond_dep ' - dev-python/commonmark[${PYTHON_USEDEP}] - ')" -else - BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )" -fi - -pkg_setup() { - # - USE=examples needs Python itself at runtime, but nothing else - # - 9999 needs commonmark at build time - if [[ ${PV} == *9999 ]] || use examples || use rrsync; then - python-single-r1_pkg_setup - fi -} - -src_prepare() { - default - - sed -i -e 's/AC_HEADER_MAJOR_FIXED/AC_HEADER_MAJOR/' configure.ac - - if [[ ${PV} == *9999 || -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then - eaclocal -I m4 - eautoconf -o configure.sh - eautoheader && touch config.h.in - fi - - if use examples || use rrsync; then - python_fix_shebang support/ - fi - - if [[ -f rrsync.1 ]]; then - # If the pre-build rrsync.1 man page exists, then link to it - # from support/rrsync.1 to avoid rsync's build system attempting - # re-creating the man page (bug #883049). - ln -s ../rrsync.1 support/rrsync.1 || die - fi -} - -src_configure() { - local myeconfargs=( - --with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf - --without-included-popt - --enable-ipv6 - $(use_enable acl acl-support) - $(use_enable iconv) - $(use_enable lz4) - $(use_with rrsync) - $(use_enable ssl openssl) - $(use_with !system-zlib included-zlib) - $(use_enable xattr xattr-support) - $(use_enable xxhash) - $(use_enable zstd) - ) - - # https://github.com/WayneD/rsync/pull/428 - if is-flagq -fsanitize=undefined ; then - sed -E -i \ - -e 's:#define CAREFUL_ALIGNMENT (0|1):#define CAREFUL_ALIGNMENT 1:' \ - byteorder.h || die - append-flags -DCAREFUL_ALIGNMENT - fi - - econf "${myeconfargs[@]}" -} - -src_install() { - emake DESTDIR="${D}" install - - newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd - newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd - - dodoc NEWS.md README.md TODO tech_report.tex - - insinto /etc - newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf - - insinto /etc/logrotate.d - newins "${FILESDIR}"/rsyncd.logrotate rsyncd - - insinto /etc/xinetd.d - newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd - - # Install stunnel helpers - if use stunnel ; then - emake DESTDIR="${D}" install-ssl-daemon - fi - - # Install the useful contrib scripts - if use examples ; then - # The 'rrsync' script is installed conditionally via the 'rrysnc' - # USE flag, and not via the 'examples' USE flag. - rm support/rrsync* || die - - exeinto /usr/share/rsync - doexe support/* - - rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c} - fi - - eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd* - - systemd_newunit packaging/systemd/rsync.service rsyncd.service -} - -pkg_postinst() { - if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \ - "${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then - ewarn "You have disabled chroot support in your rsyncd.conf. This" - ewarn "is a security risk which you should fix. Please check your" - ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'." - fi - - if use stunnel ; then - einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature." - einfo - einfo "You maybe have to update the certificates configured in" - einfo "${EROOT}/etc/stunnel/rsync.conf" - fi - - if use system-zlib ; then - ewarn "Using system-zlib is incompatible with =rsync-3.1.1 built with bundled zlib," - ewarn "and the --compress option, add --new-compress (-zz)." - ewarn - ewarn "For syncing the portage tree, add:" - ewarn "PORTAGE_RSYNC_EXTRA_OPTS=\"--new-compress\" to make.conf" - fi -}