From 4415c5e23ea93f566287e4e78ee1141107da4ac4 Mon Sep 17 00:00:00 2001 From: Archana Polampalli Date: Fri, 17 Jan 2025 06:33:58 +0000 Subject: rsync: upgrade 3.3.0 -> 3.4.1 CVEs addressed in this release: CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 Refreshed below patches: makefile-no-rebuild.patch determism.patch 0001-Add-missing-prototypes-to-function-declarations.patch Changelog: https://github.com/RsyncProject/rsync/blob/v3.4.1/NEWS.md https://github.com/RsyncProject/rsync/blob/v3.4.0/NEWS.md (From OE-Core rev: 25e139d8b2a52c85cf1353c8da246aedaedb40d1) Signed-off-by: Archana Polampalli Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --- ...ssing-prototypes-to-function-declarations.patch | 69 ++++------------------ meta/recipes-devtools/rsync/files/determism.patch | 20 +++++-- .../rsync/files/makefile-no-rebuild.patch | 10 ++-- meta/recipes-devtools/rsync/rsync_3.3.0.bb | 64 -------------------- meta/recipes-devtools/rsync/rsync_3.4.1.bb | 64 ++++++++++++++++++++ 5 files changed, 95 insertions(+), 132 deletions(-) delete mode 100644 meta/recipes-devtools/rsync/rsync_3.3.0.bb create mode 100644 meta/recipes-devtools/rsync/rsync_3.4.1.bb diff --git a/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch b/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch index 2379de84f2..3011308c61 100644 --- a/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch +++ b/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch @@ -1,4 +1,4 @@ -From 2beb35c34c45320144f37b12ef4d72fb8734280e Mon Sep 17 00:00:00 2001 +From 073caa67f2aa221de113a21f8105940421a2da90 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Mon, 29 Aug 2022 19:53:28 -0700 Subject: [PATCH] Add missing prototypes to function declarations @@ -15,21 +15,19 @@ Fixes errors like Upstream-Status: Submitted [https://lists.samba.org/archive/rsync/2022-August/032858.html] Signed-off-by: Khem Raj +Signed-off-by: Archana Polampalli --- - checksum.c | 2 +- - exclude.c | 2 +- - hlink.c | 3 +-- - lib/pool_alloc.c | 2 +- - log.c | 2 +- - main.c | 2 +- - syscall.c | 4 ++-- - zlib/crc32.c | 2 +- - zlib/trees.c | 2 +- - zlib/zutil.c | 4 ++-- - 10 files changed, 12 insertions(+), 13 deletions(-) + checksum.c | 2 +- + exclude.c | 2 +- + log.c | 2 +- + main.c | 2 +- + zlib/crc32.c | 2 +- + zlib/trees.c | 2 +- + zlib/zutil.c | 4 ++-- + 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/checksum.c b/checksum.c -index cb21882..736818b 100644 +index 66e8089..b24b202 100644 --- a/checksum.c +++ b/checksum.c @@ -779,7 +779,7 @@ static void verify_digest(struct name_num_item *nni, BOOL check_auth_list) @@ -54,33 +52,6 @@ index 87edbcf..ae0de2f 100644 { if (partial_string_buf) { if (partial_string_len) -diff --git a/hlink.c b/hlink.c -index 20291f2..5c26a6b 100644 ---- a/hlink.c -+++ b/hlink.c -@@ -117,8 +117,7 @@ static void match_gnums(int32 *ndx_list, int ndx_count) - struct ht_int32_node *node = NULL; - int32 gnum, gnum_next; - -- qsort(ndx_list, ndx_count, sizeof ndx_list[0], (int (*)()) hlink_compare_gnum); -- -+ qsort(ndx_list, ndx_count, sizeof ndx_list[0], (int (*)(const void *, const void *)) hlink_compare_gnum); - for (from = 0; from < ndx_count; from++) { - file = hlink_flist->sorted[ndx_list[from]]; - gnum = F_HL_GNUM(file); -diff --git a/lib/pool_alloc.c b/lib/pool_alloc.c -index a1a7245..4eae062 100644 ---- a/lib/pool_alloc.c -+++ b/lib/pool_alloc.c -@@ -9,7 +9,7 @@ struct alloc_pool - size_t size; /* extent size */ - size_t quantum; /* allocation quantum */ - struct pool_extent *extents; /* top extent is "live" */ -- void (*bomb)(); /* called if malloc fails */ -+ void (*bomb)(const char *, const char *, int); /* called if malloc fails */ - int flags; - - /* statistical data */ diff --git a/log.c b/log.c index e4ba1cc..8482b71 100644 --- a/log.c @@ -95,7 +66,7 @@ index e4ba1cc..8482b71 100644 int options = LOG_PID; diff --git a/main.c b/main.c -index 0c60b86..4bc664a 100644 +index 4f070ac..f59eaec 100644 --- a/main.c +++ b/main.c @@ -246,7 +246,7 @@ void read_del_stats(int f) @@ -107,22 +78,6 @@ index 0c60b86..4bc664a 100644 { char *gname; uid_t uid; -diff --git a/syscall.c b/syscall.c -index d92074a..92ca86d 100644 ---- a/syscall.c -+++ b/syscall.c -@@ -389,9 +389,9 @@ OFF_T do_lseek(int fd, OFF_T offset, int whence) - { - #ifdef HAVE_LSEEK64 - #if !SIZEOF_OFF64_T -- OFF_T lseek64(); -+ OFF_T lseek64(int fd, OFF_T offset, int whence); - #else -- off64_t lseek64(); -+ off64_t lseek64(int fd, off64_t offset, int whence); - #endif - return lseek64(fd, offset, whence); - #else diff --git a/zlib/crc32.c b/zlib/crc32.c index 05733f4..50c6c02 100644 --- a/zlib/crc32.c diff --git a/meta/recipes-devtools/rsync/files/determism.patch b/meta/recipes-devtools/rsync/files/determism.patch index e3494fdded..f915d658c8 100644 --- a/meta/recipes-devtools/rsync/files/determism.patch +++ b/meta/recipes-devtools/rsync/files/determism.patch @@ -1,7 +1,12 @@ +From 41b859a9df9611b7b3f6cbe28af47118d947080f Mon Sep 17 00:00:00 2001 +From: Richard Purdie +Date: Sun, 21 Feb 2021 09:45:48 +0000 +Subject: [PATCH] rsync: Fix a file sorting determinism issue + The Makefile calls awk on a "*.c" glob. The results of this glob are sorted but the order depends on the locale settings, particularly whether "util.c" and "util2.c" sort before or after each other. In en_US.UTF-8 -they sort one way, in C, they sort the other. The sorting order changes +they sort one way, in C, they sort the other. The sorting order changes the output binaries. The behaviour also changes dependning on whether SHELL (/bin/sh) is dash or bash. @@ -15,12 +20,15 @@ Upstream-Status: Backport [ish, see below] After discussion upstream renamed util.c to util1.c which avoids the problem in a different way. This patch can be dropped when we upgrade to include: https://github.com/WayneD/rsync/commit/d3085f7add38a5cf833a0b31cb0637ff46c80f8d +--- + Makefile.in | 5 +++++ + 1 file changed, 5 insertions(+) -Index: rsync-3.2.3/Makefile.in -=================================================================== ---- rsync-3.2.3.orig/Makefile.in -+++ rsync-3.2.3/Makefile.in -@@ -26,6 +26,11 @@ MKDIR_P=@MKDIR_P@ +diff --git a/Makefile.in b/Makefile.in +index 1d13e8c..2c5cf99 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -27,6 +27,11 @@ MKDIR_P=@MKDIR_P@ VPATH=$(srcdir) SHELL=/bin/sh diff --git a/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch b/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch index 0c9ce8b8e3..42af4c55d0 100644 --- a/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch +++ b/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch @@ -1,4 +1,4 @@ -From f446686c26c499e15ef17d495a93cfbc20e16090 Mon Sep 17 00:00:00 2001 +From 603e5862cca832ae925d0c92a8654a57caff5910 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Tue, 12 Apr 2016 15:51:54 +0100 Subject: [PATCH] rsync: remove upstream's rebuild logic @@ -13,12 +13,12 @@ Signed-off-by: Ross Burton 1 file changed, 54 deletions(-) diff --git a/Makefile.in b/Makefile.in -index a1253e5..a084935 100644 +index 7c75c26..1d13e8c 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -192,60 +192,6 @@ gensend: gen - fi - rsync -aic $(GENFILES) git-version.h $${SAMBA_HOST-samba.org}:/home/ftp/pub/rsync/generated-files/ || true +@@ -184,60 +184,6 @@ conf: configure.sh config.h.in + .PHONY: gen + gen: conf proto.h man git-version.h -aclocal.m4: $(srcdir)/m4/*.m4 - aclocal -I $(srcdir)/m4 diff --git a/meta/recipes-devtools/rsync/rsync_3.3.0.bb b/meta/recipes-devtools/rsync/rsync_3.3.0.bb deleted file mode 100644 index c03bb270d4..0000000000 --- a/meta/recipes-devtools/rsync/rsync_3.3.0.bb +++ /dev/null @@ -1,64 +0,0 @@ -SUMMARY = "File synchronization tool" -HOMEPAGE = "http://rsync.samba.org/" -DESCRIPTION = "rsync is an open source utility that provides fast incremental file transfer." -BUGTRACKER = "http://rsync.samba.org/bugzilla.html" -SECTION = "console/network" -# GPL-2.0-or-later (<< 3.0.0), GPL-3.0-or-later (>= 3.0.0) -# Includes opennsh and xxhash dynamic link exception -LICENSE = "GPL-3.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=24423708fe159c9d12be1ea29fcb18c7" - -DEPENDS = "popt" - -SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ - file://rsyncd.conf \ - file://makefile-no-rebuild.patch \ - file://determism.patch \ - file://0001-Add-missing-prototypes-to-function-declarations.patch \ - " -SRC_URI[sha256sum] = "7399e9a6708c32d678a72a63219e96f23be0be2336e50fd1348498d07041df90" - -# Doesn't use automake -inherit autotools-brokensep - -PACKAGECONFIG ??= "acl attr \ - ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ -" - -PACKAGECONFIG[acl] = "--enable-acl-support,--disable-acl-support,acl," -PACKAGECONFIG[attr] = "--enable-xattr-support,--disable-xattr-support,attr," -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -PACKAGECONFIG[lz4] = "--enable-lz4,--disable-lz4,lz4" -PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl" -PACKAGECONFIG[xxhash] = "--enable-xxhash,--disable-xxhash,xxhash" -PACKAGECONFIG[zstd] = "--enable-zstd,--disable-zstd,zstd" - -# By default, if crosscompiling, rsync disables a number of -# capabilities, hardlinking symlinks and special files (i.e. devices) -CACHED_CONFIGUREVARS += "rsync_cv_can_hardlink_special=yes rsync_cv_can_hardlink_symlink=yes" - -EXTRA_OEMAKE = 'STRIP=""' -EXTRA_OECONF = "--disable-md2man --with-nobody-group=nogroup" - -#| ./simd-checksum-x86_64.cpp: In function 'uint32_t get_checksum1_cpp(char*, int32_t)': -#| ./simd-checksum-x86_64.cpp:89:52: error: multiversioning needs 'ifunc' which is not supported on this target -#| 89 | __attribute__ ((target("default"))) MVSTATIC int32 get_checksum1_avx2_64(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2) { return i; } -#| | ^~~~~~~~~~~~~~~~~~~~~ -#| ./simd-checksum-x86_64.cpp:480:1: error: use of multiversioned function without a default -#| 480 | } -#| | ^ -#| If you can't fix the issue, re-run ./configure with --disable-roll-simd. -EXTRA_OECONF:append:libc-musl = " --disable-roll-simd" - -# rsync uses configure.sh instead of configure, so delete that file -# to avoid confusion as we will generate configure. -do_configure:prepend () { - rm -f ${S}/configure.sh -} - -do_install:append() { - install -d ${D}${sysconfdir} - install -m 0644 ${UNPACKDIR}/rsyncd.conf ${D}${sysconfdir} -} - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-devtools/rsync/rsync_3.4.1.bb b/meta/recipes-devtools/rsync/rsync_3.4.1.bb new file mode 100644 index 0000000000..2cf87d379a --- /dev/null +++ b/meta/recipes-devtools/rsync/rsync_3.4.1.bb @@ -0,0 +1,64 @@ +SUMMARY = "File synchronization tool" +HOMEPAGE = "http://rsync.samba.org/" +DESCRIPTION = "rsync is an open source utility that provides fast incremental file transfer." +BUGTRACKER = "http://rsync.samba.org/bugzilla.html" +SECTION = "console/network" +# GPL-2.0-or-later (<< 3.0.0), GPL-3.0-or-later (>= 3.0.0) +# Includes opennsh and xxhash dynamic link exception +LICENSE = "GPL-3.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=24423708fe159c9d12be1ea29fcb18c7" + +DEPENDS = "popt" + +SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ + file://rsyncd.conf \ + file://makefile-no-rebuild.patch \ + file://determism.patch \ + file://0001-Add-missing-prototypes-to-function-declarations.patch \ + " +SRC_URI[sha256sum] = "2924bcb3a1ed8b551fc101f740b9f0fe0a202b115027647cf69850d65fd88c52" + +# Doesn't use automake +inherit autotools-brokensep + +PACKAGECONFIG ??= "acl attr \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ +" + +PACKAGECONFIG[acl] = "--enable-acl-support,--disable-acl-support,acl," +PACKAGECONFIG[attr] = "--enable-xattr-support,--disable-xattr-support,attr," +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[lz4] = "--enable-lz4,--disable-lz4,lz4" +PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl" +PACKAGECONFIG[xxhash] = "--enable-xxhash,--disable-xxhash,xxhash" +PACKAGECONFIG[zstd] = "--enable-zstd,--disable-zstd,zstd" + +# By default, if crosscompiling, rsync disables a number of +# capabilities, hardlinking symlinks and special files (i.e. devices) +CACHED_CONFIGUREVARS += "rsync_cv_can_hardlink_special=yes rsync_cv_can_hardlink_symlink=yes" + +EXTRA_OEMAKE = 'STRIP=""' +EXTRA_OECONF = "--disable-md2man --with-nobody-group=nogroup" + +#| ./simd-checksum-x86_64.cpp: In function 'uint32_t get_checksum1_cpp(char*, int32_t)': +#| ./simd-checksum-x86_64.cpp:89:52: error: multiversioning needs 'ifunc' which is not supported on this target +#| 89 | __attribute__ ((target("default"))) MVSTATIC int32 get_checksum1_avx2_64(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2) { return i; } +#| | ^~~~~~~~~~~~~~~~~~~~~ +#| ./simd-checksum-x86_64.cpp:480:1: error: use of multiversioned function without a default +#| 480 | } +#| | ^ +#| If you can't fix the issue, re-run ./configure with --disable-roll-simd. +EXTRA_OECONF:append:libc-musl = " --disable-roll-simd" + +# rsync uses configure.sh instead of configure, so delete that file +# to avoid confusion as we will generate configure. +do_configure:prepend () { + rm -f ${S}/configure.sh +} + +do_install:append() { + install -d ${D}${sysconfdir} + install -m 0644 ${UNPACKDIR}/rsyncd.conf ${D}${sysconfdir} +} + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3-54-g00ecf