File rsync-CVE-2022-29154-trust-sender-2.patch of Package rsync

Overview Repositories Revisions Requests Users Attributes Meta

File rsync-CVE-2022-29154-trust-sender-2.patch of Package rsync

Index: rsync-3.2.3/NEWS.md
===================================================================
--- rsync-3.2.3.orig/NEWS.md
+++ rsync-3.2.3/NEWS.md
@@ -2,6 +2,10 @@
 
 # NEWS for rsync 3.2.3 (6 Aug 2020)
 
+### ENHANCEMENTS:
+  - The --trust-sender option was added as a way to bypass the
+    extra file-list safety checking (should that be required).
+
 ## Changes in this version:
 
 ### BUG FIXES:
Index: rsync-3.2.3/rsync.1
===================================================================
--- rsync-3.2.3.orig/rsync.1
+++ rsync-3.2.3/rsync.1
@@ -536,6 +536,7 @@ detailed description below for a complet
 --from0, -0              all *-from/filter files are delimited by 0s
 --protect-args, -s       no space-splitting; wildcard chars only
 --copy-as=USER[:GROUP]   specify user & optional group for the copy
+--trust-sender           trust the remote sender's file list
 --address=ADDRESS        bind address for outgoing socket to daemon
 --port=PORT              specify double-colon alternate port number
 --sockopts=OPTIONS       specify custom TCP options
@@ -2695,6 +2696,41 @@ option to have any effect, the \fB\-g\fP
 implied), and the receiver will need to have permissions to set that group.
 .IP
 If your shell complains about the wildcards, use \fB\-\-protect-args\fP (\fB\-s\fP).
+.IP "\fB\-\-trust-sender\fP"
+Disable the extra validation of the file list from a remote sender.
+This should only be done if you trust
+the sender to not try to do something malicious, which should be the case
+if they\(cq\&re running a stock rsync.
+.IP
+Normally when pulling files from a remote rsync, the client runs 2 extra
+validation checks:
+.RS
+.IP o
+Verify that additional arg items didn\(cq\&t get added at the top of the transfer.
+.IP o
+Verify that none of the items in the file list should have been excluded.
+.RE
+.IP
+Note that various options can turn off one or both of these checks if the
+option interferes with the validation.  For instance:
+.RS
+.IP o
+Using a per-directory filter file reads filter rules that only the server
+knows about, so the filter checking is disabled.
+.IP o
+Reading the files-from list from the server side means that the client
+doesn\(cq\&t know the arg list, so the arg checking is disabled.
+.IP o
+Using \fB\-\-read\-batch\fP disables both checks since the batch file\(cq\&s
+contents will have been verified when it was created.
+.RE
+.IP
+This option may help an under-powered client server if the extra pattern
+matching is slowing things down on a huge transfer.  It can also be used
+to work around a bug in the verification logic, possibly after using the
+\fB\-\-list\-only\fP option combined with \fB\-\-trust\-sender\fP to look
+over the full file list.
+.IP
 .IP "\fB\-\-chown=USER:GROUP\fP"
 This option forces all files to be owned by USER with group GROUP.  This is
 a simpler interface than using \fB\-\-usermap\fP and \fB\-\-groupmap\fP directly, but

Places

File rsync-CVE-2022-29154-trust-sender-2.patch of Package rsync

Places