[pkgsrc/trunk]: pkgsrc/net/rsync net/rsync: Fix CVE-2017-17433 and CVE-2017-1...

[snj <snj%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/d4653e877c78
branches:  trunk
changeset: 373382:d4653e877c78
user:      snj <snj%pkgsrc.org@localhost>
date:      Sun Dec 31 20:55:43 2017 +0000

description:
net/rsync: Fix CVE-2017-17433 and CVE-2017-17434.

Bump PKGREVISION to 2.

diffstat:

 net/rsync/Makefile                 |   4 +-
 net/rsync/distinfo                 |   4 ++-
 net/rsync/patches/patch-receiver.c |  47 ++++++++++++++++++++++++++++++++++++++
 net/rsync/patches/patch-rsync.c    |  28 ++++++++++++++++++++++
 4 files changed, 80 insertions(+), 3 deletions(-)

diffs (112 lines):

diff -r ff32835b37d6 -r d4653e877c78 net/rsync/Makefile
--- a/net/rsync/Makefile        Sun Dec 31 18:49:52 2017 +0000
+++ b/net/rsync/Makefile        Sun Dec 31 20:55:43 2017 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.105 2017/11/10 06:59:16 spz Exp $
+# $NetBSD: Makefile,v 1.106 2017/12/31 20:55:43 snj Exp $
 
 DISTNAME=      rsync-3.1.2
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    net
 MASTER_SITES=  http://rsync.samba.org/ftp/rsync/
 MASTER_SITES+= http://rsync.samba.org/ftp/rsync/old-versions/
diff -r ff32835b37d6 -r d4653e877c78 net/rsync/distinfo
--- a/net/rsync/distinfo        Sun Dec 31 18:49:52 2017 +0000
+++ b/net/rsync/distinfo        Sun Dec 31 20:55:43 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.45 2017/11/10 06:59:16 spz Exp $
+$NetBSD: distinfo,v 1.46 2017/12/31 20:55:43 snj Exp $
 
 SHA1 (rsync-3.1.2.tar.gz) = 0d4c7fb7fe3fc80eeff922a7c1d81df11dbb8a1a
 RMD160 (rsync-3.1.2.tar.gz) = f7d6c0c9752af8d9eb933cffc6032c1763490a04
@@ -7,4 +7,6 @@
 SHA1 (patch-Makefile.in) = df3479e93de86524a391433a3d6e6108a797835a
 SHA1 (patch-ab) = 98aa07a50314e3309b48f803d6febb1138eae1f2
 SHA1 (patch-authenticate.c) = 0612fb141cea1509b882df78f1b90fa52b1092b0
+SHA1 (patch-receiver.c) = 5bf0b7ceaaf79e0fd5f93e1c433162e9248fe37c
+SHA1 (patch-rsync.c) = e390038a9592d9bc3e77ebc2aabfa62bdd6778b3
 SHA1 (patch-xattrs.c) = 9883ea79a60c786dd5a3dc74f4872621823c9377
diff -r ff32835b37d6 -r d4653e877c78 net/rsync/patches/patch-receiver.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/rsync/patches/patch-receiver.c        Sun Dec 31 20:55:43 2017 +0000
@@ -0,0 +1,47 @@
+$NetBSD: patch-receiver.c,v 1.1 2017/12/31 20:55:43 snj Exp $
+
+Fix for CVE-2017-17433, taken from:
+
+https://git.samba.org/?p=rsync.git;a=commitdiff;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
+
+Fix for CVE-2017-17434, taken from:
+
+https://git.samba.org/?p=rsync.git;a=commitdiff;h=5509597decdbd7b91994210f700329d8a35e70a1
+
+--- receiver.c.orig    2015-09-07 10:07:17.000000000 -0700
++++ receiver.c 2017-12-31 12:46:27.078487190 -0800
+@@ -580,6 +580,12 @@ int recv_files(int f_in, int f_out, char
+                       file = dir_flist->files[cur_flist->parent_ndx];
+               fname = local_name ? local_name : f_name(file, fbuf);
+ 
++              if (daemon_filter_list.head
++                  && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
++                      rprintf(FERROR, "attempt to hack rsync failed.\n");
++                      exit_cleanup(RERR_PROTOCOL);
++              }
++
+               if (DEBUG_GTE(RECV, 1))
+                       rprintf(FINFO, "recv_files(%s)\n", fname);
+ 
+@@ -651,12 +657,6 @@ int recv_files(int f_in, int f_out, char
+ 
+               cleanup_got_literal = 0;
+ 
+-              if (daemon_filter_list.head
+-                  && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+-                      rprintf(FERROR, "attempt to hack rsync failed.\n");
+-                      exit_cleanup(RERR_PROTOCOL);
+-              }
+-
+               if (read_batch) {
+                       int wanted = redoing
+                                  ? we_want_redo(ndx)
+@@ -728,7 +728,7 @@ int recv_files(int f_in, int f_out, char
+                               break;
+                       }
+                       if (!fnamecmp || (daemon_filter_list.head
+-                        && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0)) {
++                        && check_filter(&daemon_filter_list, FLOG, fnamecmp, 0) < 0)) {
+                               fnamecmp = fname;
+                               fnamecmp_type = FNAMECMP_FNAME;
+                       }
diff -r ff32835b37d6 -r d4653e877c78 net/rsync/patches/patch-rsync.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/rsync/patches/patch-rsync.c   Sun Dec 31 20:55:43 2017 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-rsync.c,v 1.1 2017/12/31 20:55:43 snj Exp $
+
+Fix for CVE-2017-17434, taken from:
+
+https://git.samba.org/?p=rsync.git;a=commitdiff;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9
+
+--- rsync.c.orig       2015-08-08 12:47:03.000000000 -0700
++++ rsync.c    2017-12-31 12:40:50.353165397 -0800
+@@ -49,6 +49,7 @@ extern int flist_eof;
+ extern int file_old_total;
+ extern int keep_dirlinks;
+ extern int make_backups;
++extern int sanitize_paths;
+ extern struct file_list *cur_flist, *first_flist, *dir_flist;
+ extern struct chmod_mode_struct *daemon_chmod_modes;
+ #ifdef ICONV_OPTION
+@@ -396,6 +397,11 @@ int read_ndx_and_attrs(int f_in, int f_o
+       if (iflags & ITEM_XNAME_FOLLOWS) {
+               if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0)
+                       exit_cleanup(RERR_PROTOCOL);
++
++              if (sanitize_paths) {
++                      sanitize_path(buf, buf, "", 0, SP_DEFAULT);
++                      len = strlen(buf);
++              }
+       } else {
+               *buf = '\0';
+               len = -1;