[arch-commits] Commit in rsync/trunk (CVE-2014-2855.patch PKGBUILD)

Jan de Groot jgc at nymeria.archlinux.org
Mon Apr 21 17:22:38 UTC 2014 

    Date: Monday, April 21, 2014 @ 19:22:38
  Author: jgc
Revision: 211620

upgpkg: rsync 3.1.0-2

Add security fix (FS#39920)

Added:
  rsync/trunk/CVE-2014-2855.patch
Modified:
  rsync/trunk/PKGBUILD

---------------------+
 CVE-2014-2855.patch |   83 ++++++++++++++++++++++++++++++++++++++++++++++++++
 PKGBUILD            |   15 ++++++---
 2 files changed, 94 insertions(+), 4 deletions(-)

Added: CVE-2014-2855.patch
===================================================================
--- CVE-2014-2855.patch	                        (rev 0)
+++ CVE-2014-2855.patch	2014-04-21 17:22:38 UTC (rev 211620)
@@ -0,0 +1,83 @@
+From 0dedfbce2c1b851684ba658861fe9d620636c56a Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayned at samba.org>
+Date: Sun, 13 Apr 2014 13:44:58 -0700
+Subject: [PATCH] Avoid infinite wait reading secrets file.
+
+---
+ authenticate.c |   24 +++++++++++++-----------
+ 1 files changed, 13 insertions(+), 11 deletions(-)
+
+diff --git a/authenticate.c b/authenticate.c
+index 3381b8c..c92746c 100644
+--- a/authenticate.c
++++ b/authenticate.c
+@@ -102,15 +102,16 @@ static const char *check_secret(int module, const char *user, const char *group,
+ 	char pass2[MAX_DIGEST_LEN*2];
+ 	const char *fname = lp_secrets_file(module);
+ 	STRUCT_STAT st;
+-	int fd, ok = 1;
++	int ok = 1;
+ 	int user_len = strlen(user);
+ 	int group_len = group ? strlen(group) : 0;
+ 	char *err;
++	FILE *fh;
+ 
+-	if (!fname || !*fname || (fd = open(fname, O_RDONLY)) < 0)
++	if (!fname || !*fname || (fh = fopen(fname, "r")) == NULL)
+ 		return "no secrets file";
+ 
+-	if (do_fstat(fd, &st) == -1) {
++	if (do_fstat(fileno(fh), &st) == -1) {
+ 		rsyserr(FLOG, errno, "fstat(%s)", fname);
+ 		ok = 0;
+ 	} else if (lp_strict_modes(module)) {
+@@ -123,29 +124,30 @@ static const char *check_secret(int module, const char *user, const char *group,
+ 		}
+ 	}
+ 	if (!ok) {
+-		close(fd);
++		fclose(fh);
+ 		return "ignoring secrets file";
+ 	}
+ 
+ 	if (*user == '#') {
+ 		/* Reject attempt to match a comment. */
+-		close(fd);
++		fclose(fh);
+ 		return "invalid username";
+ 	}
+ 
+ 	/* Try to find a line that starts with the user (or @group) name and a ':'. */
+ 	err = "secret not found";
+-	while ((user || group) && read_line_old(fd, line, sizeof line, 1)) {
+-		const char **ptr, *s;
++	while ((user || group) && fgets(line, sizeof line, fh) != NULL) {
++		const char **ptr, *s = strtok(line, "\n\r");
+ 		int len;
+-		if (*line == '@') {
++		if (!s)
++			continue;
++		if (*s == '@') {
+ 			ptr = &group;
+ 			len = group_len;
+-			s = line+1;
++			s++;
+ 		} else {
+ 			ptr = &user;
+ 			len = user_len;
+-			s = line;
+ 		}
+ 		if (!*ptr || strncmp(s, *ptr, len) != 0 || s[len] != ':')
+ 			continue;
+@@ -158,7 +160,7 @@ static const char *check_secret(int module, const char *user, const char *group,
+ 		*ptr = NULL; /* Don't look for name again. */
+ 	}
+ 
+-	close(fd);
++	fclose(fh);
+ 
+ 	memset(line, 0, sizeof line);
+ 	memset(pass2, 0, sizeof pass2);
+-- 
+1.7.0.4
+

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-04-21 17:03:55 UTC (rev 211619)
+++ PKGBUILD	2014-04-21 17:22:38 UTC (rev 211620)
@@ -2,10 +2,10 @@
 
 pkgname=rsync
 pkgver=3.1.0
-pkgrel=1
+pkgrel=2
 pkgdesc="A file transfer program to keep remote files in sync"
 arch=('i686' 'x86_64')
-url="http://samba.anu.edu.au/rsync/"
+url="http://rsync.samba.org/"
 license=('GPL3')
 depends=('perl' 'popt')
 backup=('etc/rsyncd.conf' 'etc/xinetd.d/rsync')
@@ -12,7 +12,8 @@
 source=("http://rsync.samba.org/ftp/rsync/$pkgname-$pkgver.tar.gz"
         "http://rsync.samba.org/ftp/rsync/$pkgname-$pkgver.tar.gz.asc"
         'rsyncd.conf' 'rsync.xinetd' 'rsyncd.service'
-        'rsyncd.socket' 'rsyncd at .service')
+        'rsyncd.socket' 'rsyncd at .service'
+        'CVE-2014-2855.patch')
 md5sums=('3be148772a33224771a8d4d2a028b132'
          'SKIP'
          'bce64d122a8e0f86872a4a21a03bc7f3'
@@ -19,8 +20,14 @@
          'ea3e9277dc908bc51f9eddc0f6b935c1'
          '084140868d38cf3e937a2db716d47c0f'
          'ae4c381e0c02d6132c7f6ded3f473041'
-         '53f94e613e0bc502d38dd61bd2cd7636')
+         '53f94e613e0bc502d38dd61bd2cd7636'
+         'dacfe77bd72fbf6b6ba65c741c57f74c')
 
+prepare() {
+  cd $pkgname-$pkgver
+  patch -Np1 -i ../CVE-2014-2855.patch
+}
+
 build() {
 	cd "$srcdir/$pkgname-$pkgver"
 	./configure --prefix=/usr \

More information about the arch-commits mailing list