fix-buffer-overflow.patch: Added some context for why its needed

Ticket: ENT-11309 Changelog: None Signed-off-by: Lars Erik Wik <[email protected]> (cherry picked from commit b6fa334)
cfengine · Jun 4, 2024 · 946133e · 946133e
1 parent 149162d
commit 946133e
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/deps-packaging/rsync/fix-buffer-overflow.patch b/deps-packaging/rsync/fix-buffer-overflow.patch
@@ -1,3 +1,16 @@
+A buffer overflow in rsync 3.3.0 was detected after adding Ubuntu 24.04 to our
+build system. The command triggering the buffer overflow happened in the
+federated reporting script when pulling changes from a feeder hub onto the super
+hub. I modified this script to echo the exact command that was run so that I
+could reproduce it with the GNU debugger. The backtrace revealed that the line
+'poptparse.c:38' produced the buffer overflow. However, the buffer overflow did
+not happen in the rsync master branch. Thus, I hand-picked the relevant changes
+between the master branch and the 3.3.0 release tag.
+
+Neither rsync nor popt mentions anything about buffer overflow. However, popt
+seems to have fixed it, and rsync has updated popt in their master branch. Thus,
+we will not need this patch in the upcoming release of rsync.
+
 diff --git a/popt/poptparse.c b/popt/poptparse.c
 index e003a04a..dbef88cb 100644
 --- a/popt/poptparse.c