From: Archana Polampalli <archana.polampa...@windriver.com> CVEs addressed in this release: CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747
Refreshed below patches: makefile-no-rebuild.patch determism.patch 0001-Add-missing-prototypes-to-function-declarations.patch Changelog: https://github.com/RsyncProject/rsync/blob/v3.4.1/NEWS.md https://github.com/RsyncProject/rsync/blob/v3.4.0/NEWS.md Signed-off-by: Archana Polampalli <archana.polampa...@windriver.com> --- ...-prototypes-to-function-declarations.patch | 69 ++++--------------- .../rsync/files/determism.patch | 20 ++++-- .../rsync/files/makefile-no-rebuild.patch | 10 +-- .../rsync/{rsync_3.3.0.bb => rsync_3.4.1.bb} | 2 +- 4 files changed, 32 insertions(+), 69 deletions(-) rename meta/recipes-devtools/rsync/{rsync_3.3.0.bb => rsync_3.4.1.bb} (96%) diff --git a/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch b/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch index 2379de84f2..3011308c61 100644 --- a/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch +++ b/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch @@ -1,4 +1,4 @@ -From 2beb35c34c45320144f37b12ef4d72fb8734280e Mon Sep 17 00:00:00 2001 +From 073caa67f2aa221de113a21f8105940421a2da90 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.k...@gmail.com> Date: Mon, 29 Aug 2022 19:53:28 -0700 Subject: [PATCH] Add missing prototypes to function declarations @@ -15,21 +15,19 @@ Fixes errors like Upstream-Status: Submitted [https://lists.samba.org/archive/rsync/2022-August/032858.html] Signed-off-by: Khem Raj <raj.k...@gmail.com> +Signed-off-by: Archana Polampalli <archana.polampa...@windriver.com> --- - checksum.c | 2 +- - exclude.c | 2 +- - hlink.c | 3 +-- - lib/pool_alloc.c | 2 +- - log.c | 2 +- - main.c | 2 +- - syscall.c | 4 ++-- - zlib/crc32.c | 2 +- - zlib/trees.c | 2 +- - zlib/zutil.c | 4 ++-- - 10 files changed, 12 insertions(+), 13 deletions(-) + checksum.c | 2 +- + exclude.c | 2 +- + log.c | 2 +- + main.c | 2 +- + zlib/crc32.c | 2 +- + zlib/trees.c | 2 +- + zlib/zutil.c | 4 ++-- + 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/checksum.c b/checksum.c -index cb21882..736818b 100644 +index 66e8089..b24b202 100644 --- a/checksum.c +++ b/checksum.c @@ -779,7 +779,7 @@ static void verify_digest(struct name_num_item *nni, BOOL check_auth_list) @@ -54,33 +52,6 @@ index 87edbcf..ae0de2f 100644 { if (partial_string_buf) { if (partial_string_len) -diff --git a/hlink.c b/hlink.c -index 20291f2..5c26a6b 100644 ---- a/hlink.c -+++ b/hlink.c -@@ -117,8 +117,7 @@ static void match_gnums(int32 *ndx_list, int ndx_count) - struct ht_int32_node *node = NULL; - int32 gnum, gnum_next; - -- qsort(ndx_list, ndx_count, sizeof ndx_list[0], (int (*)()) hlink_compare_gnum); -- -+ qsort(ndx_list, ndx_count, sizeof ndx_list[0], (int (*)(const void *, const void *)) hlink_compare_gnum); - for (from = 0; from < ndx_count; from++) { - file = hlink_flist->sorted[ndx_list[from]]; - gnum = F_HL_GNUM(file); -diff --git a/lib/pool_alloc.c b/lib/pool_alloc.c -index a1a7245..4eae062 100644 ---- a/lib/pool_alloc.c -+++ b/lib/pool_alloc.c -@@ -9,7 +9,7 @@ struct alloc_pool - size_t size; /* extent size */ - size_t quantum; /* allocation quantum */ - struct pool_extent *extents; /* top extent is "live" */ -- void (*bomb)(); /* called if malloc fails */ -+ void (*bomb)(const char *, const char *, int); /* called if malloc fails */ - int flags; - - /* statistical data */ diff --git a/log.c b/log.c index e4ba1cc..8482b71 100644 --- a/log.c @@ -95,7 +66,7 @@ index e4ba1cc..8482b71 100644 int options = LOG_PID; diff --git a/main.c b/main.c -index 0c60b86..4bc664a 100644 +index 4f070ac..f59eaec 100644 --- a/main.c +++ b/main.c @@ -246,7 +246,7 @@ void read_del_stats(int f) @@ -107,22 +78,6 @@ index 0c60b86..4bc664a 100644 { char *gname; uid_t uid; -diff --git a/syscall.c b/syscall.c -index d92074a..92ca86d 100644 ---- a/syscall.c -+++ b/syscall.c -@@ -389,9 +389,9 @@ OFF_T do_lseek(int fd, OFF_T offset, int whence) - { - #ifdef HAVE_LSEEK64 - #if !SIZEOF_OFF64_T -- OFF_T lseek64(); -+ OFF_T lseek64(int fd, OFF_T offset, int whence); - #else -- off64_t lseek64(); -+ off64_t lseek64(int fd, off64_t offset, int whence); - #endif - return lseek64(fd, offset, whence); - #else diff --git a/zlib/crc32.c b/zlib/crc32.c index 05733f4..50c6c02 100644 --- a/zlib/crc32.c diff --git a/meta/recipes-devtools/rsync/files/determism.patch b/meta/recipes-devtools/rsync/files/determism.patch index e3494fdded..f915d658c8 100644 --- a/meta/recipes-devtools/rsync/files/determism.patch +++ b/meta/recipes-devtools/rsync/files/determism.patch @@ -1,7 +1,12 @@ +From 41b859a9df9611b7b3f6cbe28af47118d947080f Mon Sep 17 00:00:00 2001 +From: Richard Purdie <richard.pur...@linuxfoundation.org> +Date: Sun, 21 Feb 2021 09:45:48 +0000 +Subject: [PATCH] rsync: Fix a file sorting determinism issue + The Makefile calls awk on a "*.c" glob. The results of this glob are sorted but the order depends on the locale settings, particularly whether "util.c" and "util2.c" sort before or after each other. In en_US.UTF-8 -they sort one way, in C, they sort the other. The sorting order changes +they sort one way, in C, they sort the other. The sorting order changes the output binaries. The behaviour also changes dependning on whether SHELL (/bin/sh) is dash or bash. @@ -15,12 +20,15 @@ Upstream-Status: Backport [ish, see below] After discussion upstream renamed util.c to util1.c which avoids the problem in a different way. This patch can be dropped when we upgrade to include: https://github.com/WayneD/rsync/commit/d3085f7add38a5cf833a0b31cb0637ff46c80f8d +--- + Makefile.in | 5 +++++ + 1 file changed, 5 insertions(+) -Index: rsync-3.2.3/Makefile.in -=================================================================== ---- rsync-3.2.3.orig/Makefile.in -+++ rsync-3.2.3/Makefile.in -@@ -26,6 +26,11 @@ MKDIR_P=@MKDIR_P@ +diff --git a/Makefile.in b/Makefile.in +index 1d13e8c..2c5cf99 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -27,6 +27,11 @@ MKDIR_P=@MKDIR_P@ VPATH=$(srcdir) SHELL=/bin/sh diff --git a/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch b/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch index 0c9ce8b8e3..42af4c55d0 100644 --- a/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch +++ b/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch @@ -1,4 +1,4 @@ -From f446686c26c499e15ef17d495a93cfbc20e16090 Mon Sep 17 00:00:00 2001 +From 603e5862cca832ae925d0c92a8654a57caff5910 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.bur...@intel.com> Date: Tue, 12 Apr 2016 15:51:54 +0100 Subject: [PATCH] rsync: remove upstream's rebuild logic @@ -13,12 +13,12 @@ Signed-off-by: Ross Burton <ross.bur...@intel.com> 1 file changed, 54 deletions(-) diff --git a/Makefile.in b/Makefile.in -index a1253e5..a084935 100644 +index 7c75c26..1d13e8c 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -192,60 +192,6 @@ gensend: gen - fi - rsync -aic $(GENFILES) git-version.h $${SAMBA_HOST-samba.org}:/home/ftp/pub/rsync/generated-files/ || true +@@ -184,60 +184,6 @@ conf: configure.sh config.h.in + .PHONY: gen + gen: conf proto.h man git-version.h -aclocal.m4: $(srcdir)/m4/*.m4 - aclocal -I $(srcdir)/m4 diff --git a/meta/recipes-devtools/rsync/rsync_3.3.0.bb b/meta/recipes-devtools/rsync/rsync_3.4.1.bb similarity index 96% rename from meta/recipes-devtools/rsync/rsync_3.3.0.bb rename to meta/recipes-devtools/rsync/rsync_3.4.1.bb index c03bb270d4..2cf87d379a 100644 --- a/meta/recipes-devtools/rsync/rsync_3.3.0.bb +++ b/meta/recipes-devtools/rsync/rsync_3.4.1.bb @@ -16,7 +16,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://determism.patch \ file://0001-Add-missing-prototypes-to-function-declarations.patch \ " -SRC_URI[sha256sum] = "7399e9a6708c32d678a72a63219e96f23be0be2336e50fd1348498d07041df90" +SRC_URI[sha256sum] = "2924bcb3a1ed8b551fc101f740b9f0fe0a202b115027647cf69850d65fd88c52" # Doesn't use automake inherit autotools-brokensep -- 2.40.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#209976): https://lists.openembedded.org/g/openembedded-core/message/209976 Mute This Topic: https://lists.openembedded.org/mt/110662040/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
