File rsync-CVE-2022-29154-trust-sender-1.patch of Package rsync.36939

Index: rsync-3.2.3/exclude.c
===================================================================
--- rsync-3.2.3.orig/exclude.c
+++ rsync-3.2.3/exclude.c
@@ -39,6 +39,7 @@ extern int cvs_exclude;
 extern int sanitize_paths;
 extern int protocol_version;
 extern int list_only;
+extern int trust_sender_args;
 extern int module_id;
 
 extern int local_server;
@@ -54,6 +55,7 @@ filter_rule_list daemon_filter_list = {
 filter_rule_list implied_filter_list = { .debug_type = " [implied]" };
 
 int saw_xattr_filter = 0;
+int trust_sender_args = 0;
 int trust_sender_filter = 0;
 
 /* Need room enough for ":MODS " prefix plus some room to grow. */
@@ -306,6 +308,8 @@ void add_implied_include(const char *arg
 	int slash_cnt = 1; /* We know we're adding a leading slash. */
 	const char *cp;
 	char *p;
+	if (trust_sender_args)
+		return;
 
 	int old_style_args = -1;
 
Index: rsync-3.2.3/main.c
===================================================================
--- rsync-3.2.3.orig/main.c
+++ rsync-3.2.3/main.c
@@ -87,7 +87,6 @@ extern BOOL shutting_down;
 extern int backup_dir_len;
 extern int basis_dir_cnt;
 extern int default_af_hint;
-extern int trust_sender_filter;
 extern struct stats stats;
 extern char *stdout_format;
 extern char *logfile_format;
@@ -643,7 +642,6 @@ static pid_t do_cmd(char *cmd, char *mac
 #ifdef ICONV_CONST
 		setup_iconv();
 #endif
-		trust_sender_filter = 1;
 	} else if (local_server) {
 		/* If the user didn't request --[no-]whole-file, force
 		 * it on, but only if we're not batch processing. */
Index: rsync-3.2.3/options.c
===================================================================
--- rsync-3.2.3.orig/options.c
+++ rsync-3.2.3/options.c
@@ -27,6 +27,8 @@
 extern int module_id;
 extern int local_server;
 extern int sanitize_paths;
+extern int trust_sender_args;
+extern int trust_sender_filter;
 extern unsigned int module_dirlen;
 extern filter_rule_list filter_list;
 extern filter_rule_list daemon_filter_list;
@@ -61,6 +63,7 @@ int preserve_gid = 0;
 int preserve_times = 0;
 int preserve_atimes = 0;
 int preserve_crtimes = 0;
+int trust_sender = 0;
 int update_only = 0;
 int open_noatime = 0;
 int cvs_exclude = 0;
@@ -780,6 +783,7 @@ static struct poptOption long_options[]
   {"protect-args",    's', POPT_ARG_VAL,    &protect_args, 1, 0, 0},
   {"no-protect-args",  0,  POPT_ARG_VAL,    &protect_args, 0, 0, 0},
   {"no-s",             0,  POPT_ARG_VAL,    &protect_args, 0, 0, 0},
+  {"trust-sender",     0,  POPT_ARG_VAL,    &trust_sender, 1, 0, 0},
   {"numeric-ids",      0,  POPT_ARG_VAL,    &numeric_ids, 1, 0, 0 },
   {"no-numeric-ids",   0,  POPT_ARG_VAL,    &numeric_ids, 0, 0, 0 },
   {"usermap",          0,  POPT_ARG_STRING, 0, OPT_USERMAP, 0, 0 },
@@ -2436,6 +2440,11 @@ int parse_arguments(int *argc_p, const c
 		}
 	}
 
+	if (trust_sender || am_server || read_batch)
+		trust_sender_args = trust_sender_filter = 1;
+	else if (filesfrom_host != NULL)
+		trust_sender_args = 1;
+
 	am_starting_up = 0;
 
 	return 1;