Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
rsync.26438
rsync-CVE-2022-29154-trust-sender-2.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rsync-CVE-2022-29154-trust-sender-2.patch of Package rsync.26438
diff -urN rsync-3.1.3.save/NEWS rsync-3.1.3/NEWS --- rsync-3.1.3.save/NEWS 2018-01-29 07:24:27.000000000 +0800 +++ rsync-3.1.3/NEWS 2022-09-26 15:29:55.000000000 +0800 @@ -26,6 +26,8 @@ ENHANCEMENTS: + - The --trust-sender option was added as a way to bypass the + extra file-list safety checking (should that be required). - Added the ability for rsync to compare nanosecond times in its file-check comparisons, and added support nanosecond times on Mac OS X. - Added a short-option (-@) for --modify-window. diff -urN rsync-3.1.3.save/rsync.1 rsync-3.1.3/rsync.1 --- rsync-3.1.3.save/rsync.1 2022-09-15 10:39:47.000000000 +0800 +++ rsync-3.1.3/rsync.1 2022-09-26 16:10:33.000000000 +0800 @@ -518,6 +518,7 @@ \-\-files\-from=FILE read list of source\-file names from FILE \-0, \-\-from0 all *from/filter files are delimited by 0s \-s, \-\-protect\-args no space\-splitting; wildcard chars only + \-\-trust-sender trust the remote sender'\&s file list \-\-address=ADDRESS bind address for outgoing socket to daemon \-\-port=PORT specify double\-colon alternate port number \-\-sockopts=OPTIONS specify custom TCP options @@ -2368,6 +2369,41 @@ (or implied), and the receiver will need to have permissions to set that group. .IP +.IP "\fB\-\-trust-sender\fP" +Disable the extra validation of the file list from a remote sender. +This should only be done if you trust +the sender to not try to do something malicious, which should be the case +if they\(cq\&re running a stock rsync. +.IP +Normally when pulling files from a remote rsync, the client runs 2 extra +validation checks: +.RS +.IP o +Verify that additional arg items didn\(cq\&t get added at the top of the transfer. +.IP o +Verify that none of the items in the file list should have been excluded. +.RE +.IP +Note that various options can turn off one or both of these checks if the +option interferes with the validation. For instance: +.RS +.IP o +Using a per-directory filter file reads filter rules that only the server +knows about, so the filter checking is disabled. +.IP o +Reading the files-from list from the server side means that the client +doesn\(cq\&t know the arg list, so the arg checking is disabled. +.IP o +Using \fB\-\-read\-batch\fP disables both checks since the batch file\(cq\&s +contents will have been verified when it was created. +.RE +.IP +This option may help an under-powered client server if the extra pattern +matching is slowing things down on a huge transfer. It can also be used +to work around a bug in the verification logic, possibly after using the +\fB\-\-list\-only\fP option combined with \fB\-\-trust\-sender\fP to look +over the full file list. +.IP .IP "\fB\-\-chown=USER:GROUP\fP" This option forces all files to be owned by USER with group GROUP. This is a simpler interface than using \fB\-\-usermap\fP and
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor