integer overflow -> heap-based buffer overflow on rsync 3.0 and later, only when xattr is enabled. This issue is currently under embargo until rsync upstream announces the fix.
Tomas Hoger: Seems that the code that is fixed by your patch is included in rsync-2.6.9/patches/acls.diff, so it seems it may be used by 2.6.9 as well.
rsync-3.0.2 was released with the fix and in the tree
Vapier, thanks for noting this. 2.6.9 also needs to be fixed because it applies the xattr patches. Or should 3.0.2 go through straight stabling? http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff
while i dont have a problem with rsync-3.0.2 going stable, it may be a little too soon for the rsync-3 series rsync-2.6.9-r6 in the tree with the upstream fix
Arches, please test and mark stable: =net-misc/rsync-2.6.9-r6 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86"
On x86: rsync 2.6.9 configuration successful make i686-pc-linux-gnu-gcc -std=gnu99 -I. -I. -O2 -march=pentium-m -fomit-frame-pointer -pipe -DHAVE_CONFIG_H -Wall -W -c rsync.c -o rsync.o i686-pc-linux-gnu-gcc -std=gnu99 -I. -I. -O2 -march=pentium-m -fomit-frame-pointer -pipe -DHAVE_CONFIG_H -Wall -W -c generator.c -o generator.o i686-pc-linux-gnu-gcc -std=gnu99 -I. -I. -O2 -march=pentium-m -fomit-frame-pointer -pipe -DHAVE_CONFIG_H -Wall -W -c receiver.c -o receiver.o i686-pc-linux-gnu-gcc -std=gnu99 -I. -I. -O2 -march=pentium-m -fomit-frame-pointer -pipe -DHAVE_CONFIG_H -Wall -W -c cleanup.c -o cleanup.o i686-pc-linux-gnu-gcc -std=gnu99 -I. -I. -O2 -march=pentium-m -fomit-frame-pointer -pipe -DHAVE_CONFIG_H -Wall -W -c sender.c -o sender.o i686-pc-linux-gnu-gcc -std=gnu99 -I. -I. -O2 -march=pentium-m -fomit-frame-pointer -pipe -DHAVE_CONFIG_H -Wall -W -c exclude.c -o exclude.o i686-pc-linux-gnu-gcc -std=gnu99 -I. -I. -O2 -march=pentium-m -fomit-frame-pointer -pipe -DHAVE_CONFIG_H -Wall -W -c util.c -o util.o util.c:1264: error: conflicting types for '_realloc_array' proto.h:325: error: previous declaration of '_realloc_array' was here make: *** [util.o] Error 1 Portage 2.1.4.4 (default-linux/x86/2007.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-tuxonice-r10 i686) ================================================================= System uname: 2.6.23-tuxonice-r10 i686 Intel(R) Celeron(R) M processor 1.50GHz Timestamp of tree: Thu, 10 Apr 2008 12:45:03 +0000 app-shells/bash: 3.2_p17-r1 dev-lang/python: 2.4.4-r9, 2.5.1-r5 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 2.0.0 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium-m -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -march=pentium-m -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer parallel-fetch sandbox sfperms sign strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://gentoo.virginmedia.com/ ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo http://gentoo.tiscali.nl/" LC_ALL="en_GB.UTF-8" LINGUAS="pl en_GB" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X acl acpi alsa berkdb cairo cdr cli cracklib crypt dbus dri dvd dvdr dvdread eds emboss encode esd evo fam firefox fortran gdbm gif gpm gstreamer hal iconv ipv6 isdnlog jpeg kde kdehiddenvisibility kerberos ldap mad midi mikmod mp3 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp oss pam pcre pdf perl png pppd python qt3 qt3support qt4 quicktime readline reflection sdl session slang spell spl ssl svg tcpd tiff truetype unicode vorbis win32codecs x86 xml xorg xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="mouse keyboard synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="pl en_GB" USERLAND="GNU" VIDEO_CARDS="i810" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
ppc stable
alpha/ia64/sparc stable, and compiles fine on x86
ppc64 stable
I can reproduce the failure on x86, if the acl USE-flag is set.
amd64 stable (no acl-related problems here)
Stable for HPPA.
base-system, please advise wrt comments #6 and #10. btw, updating severity to major, dunno why it was on trivial.
Yup, works here if USE="-acl".
odd that it builds for so many of us should be fixed in cvs now
x86 stable
A2->A1 since this affects the server too.
GLSA 200804-16
Fixed in release snapshot.