Overview

File rsync-CVE-2022-29154-trust-sender-2.patch of Package rsync.26438

diff -urN rsync-3.1.3.save/NEWS rsync-3.1.3/NEWS
--- rsync-3.1.3.save/NEWS	2018-01-29 07:24:27.000000000 +0800
+++ rsync-3.1.3/NEWS	2022-09-26 15:29:55.000000000 +0800
@@ -26,6 +26,8 @@
 
   ENHANCEMENTS:
 
+    - The --trust-sender option was added as a way to bypass the
+      extra file-list safety checking (should that be required).
     - Added the ability for rsync to compare nanosecond times in its file-check
       comparisons, and added support nanosecond times on Mac OS X.
     - Added a short-option (-@) for --modify-window.
diff -urN rsync-3.1.3.save/rsync.1 rsync-3.1.3/rsync.1
--- rsync-3.1.3.save/rsync.1	2022-09-15 10:39:47.000000000 +0800
+++ rsync-3.1.3/rsync.1	2022-09-26 16:10:33.000000000 +0800
@@ -518,6 +518,7 @@
      \-\-files\-from=FILE       read list of source\-file names from FILE
  \-0, \-\-from0                 all *from/filter files are delimited by 0s
  \-s, \-\-protect\-args          no space\-splitting; wildcard chars only
+     \-\-trust-sender          trust the remote sender'\&s file list
      \-\-address=ADDRESS       bind address for outgoing socket to daemon
      \-\-port=PORT             specify double\-colon alternate port number
      \-\-sockopts=OPTIONS      specify custom TCP options
@@ -2368,6 +2369,41 @@
 (or implied), and the receiver will need to have permissions to set that
 group.
 .IP 
+.IP "\fB\-\-trust-sender\fP"
+Disable the extra validation of the file list from a remote sender.
+This should only be done if you trust
+the sender to not try to do something malicious, which should be the case
+if they\(cq\&re running a stock rsync.
+.IP 
+Normally when pulling files from a remote rsync, the client runs 2 extra
+validation checks:
+.RS 
+.IP o 
+Verify that additional arg items didn\(cq\&t get added at the top of the transfer.
+.IP o 
+Verify that none of the items in the file list should have been excluded.
+.RE 
+.IP 
+Note that various options can turn off one or both of these checks if the
+option interferes with the validation.  For instance:
+.RS 
+.IP o 
+Using a per-directory filter file reads filter rules that only the server
+knows about, so the filter checking is disabled.
+.IP o 
+Reading the files-from list from the server side means that the client
+doesn\(cq\&t know the arg list, so the arg checking is disabled.
+.IP o 
+Using \fB\-\-read\-batch\fP disables both checks since the batch file\(cq\&s
+contents will have been verified when it was created.
+.RE 
+.IP 
+This option may help an under-powered client server if the extra pattern
+matching is slowing things down on a huge transfer.  It can also be used
+to work around a bug in the verification logic, possibly after using the
+\fB\-\-list\-only\fP option combined with \fB\-\-trust\-sender\fP to look
+over the full file list.
+.IP 
 .IP "\fB\-\-chown=USER:GROUP\fP"
 This option forces all files to be owned by USER
 with group GROUP.  This is a simpler interface than using \fB\-\-usermap\fP and
openSUSE Build Service is sponsored by
Places