mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-30 12:29:55 +00:00
Code Issues Projects Releases Wiki Activity

rsync: fix for CVE-2026-41035

Browse Source 
Pick patch from [1] also mentioned at Debian report in [2]

[1] https://github.com/RsyncProject/rsync/commit/bb0a8118c2d2ab01140bac5e4e327e5e1ef90c9c
[2] https://security-tracker.debian.org/tracker/CVE-2026-41035
[3] https://nvd.nist.gov/vuln/detail/CVE-2026-41035

(From OE-Core rev: b2b51c4f8521ac4fa490e96257142826f2dfda25)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Hitendra Prajapati
2026-04-24 14:19:56 +05:30
committed by Paul Barker
parent 535e57ab6d
commit 957ae42637
2 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-devtools/rsync/files/CVE-2026-41035.patch
+39
View File
@@ -0,0 +1,39 @@
From bb0a8118c2d2ab01140bac5e4e327e5e1ef90c9c Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <andrew@tridgell.net>
Date: Wed, 22 Apr 2026 09:57:45 +1000
Subject: [PATCH] xattrs: fixed count in qsort
this fixes the count passed to the sort of the xattr list. This issue
was reported here:
https://www.openwall.com/lists/oss-security/2026/04/16/2
the bug is not exploitable due to the fork-per-connection design of
rsync, the attack is the equivalent of the user closing the socket
themselves.
CVE: CVE-2026-41035
Upstream-Status: Backport [https://github.com/RsyncProject/rsync/commit/bb0a8118c2d2ab01140bac5e4e327e5e1ef90c9c]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
xattrs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xattrs.c b/xattrs.c
index 26e50a6..65166ee 100644
--- a/xattrs.c
+++ b/xattrs.c
@@ -860,8 +860,8 @@ void receive_xattr(int f, struct file_struct *file)
rxa->num = num;
}
- if (need_sort && count > 1)
- qsort(temp_xattr.items, count, sizeof (rsync_xa), rsync_xal_compare_names);
+ if (need_sort && temp_xattr.count > 1)
+ qsort(temp_xattr.items, temp_xattr.count, sizeof (rsync_xa), rsync_xal_compare_names);
ndx = rsync_xal_store(&temp_xattr); /* adds item to rsync_xal_l */
--
2.50.1
meta/recipes-devtools/rsync/rsync_3.2.7.bb
+1
View File
@@ -28,6 +28,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
file://CVE-2024-12088.patch \
file://CVE-2024-12747.patch \
file://CVE-2025-10158.patch \
file://CVE-2026-41035.patch \
"
SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"