import rsync-3.1.3-19.el8

2022-11-08 01:58:33 -05:00 · 2022-11-08 01:58:33 -05:00 · 2e4f62936a
commit 2e4f62936a
parent 0eccb1b202
3 changed files with 157 additions and 9 deletions
--- a/SOURCES/rsync-3.1.3-cve-2022-37434.patch
+++ b/SOURCES/rsync-3.1.3-cve-2022-37434.patch
@ -0,0 +1,16 @@
+diff --git a/zlib/inflate.c b/zlib/inflate.c
+index e43abd9..bd33c19 100644
+--- a/zlib/inflate.c
+++ b/zlib/inflate.c
+@@ -740,8 +740,9 @@ int flush;
+                 if (copy > have) copy = have;
+                 if (copy) {
+                     if (state->head != Z_NULL &&
+-                        state->head->extra != Z_NULL) {
+-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        (len = state->head->extra_len - state->length) <
+			    state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
--- a/SOURCES/rsync-3.1.3-sparse-block.patch
+++ b/SOURCES/rsync-3.1.3-sparse-block.patch
@ -0,0 +1,122 @@
+diff --git a/fileio.c b/fileio.c
+index b183e20..72d6076 100644
+--- a/fileio.c
+++ b/fileio.c
+@@ -34,6 +34,7 @@
+ #define ALIGNED_LENGTH(len) ((((len) - 1) | (ALIGN_BOUNDRY-1)) + 1)
+ 
+ extern int sparse_files;
+extern int sparse_files_block_size;
+ 
+ OFF_T preallocated_len = 0;
+ 
+@@ -147,7 +148,7 @@ int write_file(int f, int use_seek, OFF_T offset, const char *buf, int len)
+ 	while (len > 0) {
+ 		int r1;
+ 		if (sparse_files > 0) {
+-			int len1 = MIN(len, SPARSE_WRITE_SIZE);
+			int len1 = MIN(len, sparse_files_block_size ? sparse_files_block_size : SPARSE_WRITE_SIZE);
+ 			r1 = write_sparse(f, use_seek, offset, buf, len1);
+ 			offset += r1;
+ 		} else {
+diff --git a/options.c b/options.c
+index 195672e..d08c05a 100644
+--- a/options.c
+++ b/options.c
+@@ -76,6 +76,7 @@ int remove_source_files = 0;
+ int one_file_system = 0;
+ int protocol_version = PROTOCOL_VERSION;
+ int sparse_files = 0;
+long sparse_files_block_size = 0;
+ int preallocate_files = 0;
+ int do_compression = 0;
+ int def_compress_level = NOT_SPECIFIED;
+@@ -717,6 +718,7 @@ void usage(enum logcode F)
+   rprintf(F,"     --fake-super            store/recover privileged attrs using xattrs\n");
+ #endif
+   rprintf(F," -S, --sparse                turn sequences of nulls into sparse blocks\n");
+  rprintf(F,"     --sparse-block=SIZE     set block size used to handle sparse files\n");
+ #ifdef SUPPORT_PREALLOCATION
+   rprintf(F,"     --preallocate           allocate dest files before writing them\n");
+ #else
+@@ -927,6 +929,7 @@ static struct poptOption long_options[] = {
+   {"sparse",          'S', POPT_ARG_VAL,    &sparse_files, 1, 0, 0 },
+   {"no-sparse",        0,  POPT_ARG_VAL,    &sparse_files, 0, 0, 0 },
+   {"no-S",             0,  POPT_ARG_VAL,    &sparse_files, 0, 0, 0 },
+  {"sparse-block",     0,  POPT_ARG_LONG,   &sparse_files_block_size, 0, 0, 0 },
+   {"preallocate",      0,  POPT_ARG_NONE,   &preallocate_files, 0, 0, 0},
+   {"inplace",          0,  POPT_ARG_VAL,    &inplace, 1, 0, 0 },
+   {"no-inplace",       0,  POPT_ARG_VAL,    &inplace, 0, 0, 0 },
+diff --git a/options.c b/options.c
+index b12da55..5a27452 100644
+--- a/options.c
+++ b/options.c
+@@ -2606,6 +2606,12 @@ void server_options(char **args, int *argc_p)
+ 		args[ac++] = arg;
+ 	}
+ 
+	if (sparse_files_block_size) {
+		if (asprintf(&arg, "--sparse-block=%lu", sparse_files_block_size) < 0)
+			goto oom;
+		args[ac++] = arg;
+	}
+
+ 	if (io_timeout) {
+ 		if (asprintf(&arg, "--timeout=%d", io_timeout) < 0)
+ 			goto oom;
+diff --git a/rsync.yo b/rsync.yo
+--- a/rsync.yo
+++ b/rsync.yo
+@@ -377,6 +377,7 @@ to the detailed description below for a complete description.  verb(
+      --super                 receiver attempts super-user activities
+      --fake-super            store/recover privileged attrs using xattrs
+  -S, --sparse                turn sequences of nulls into sparse blocks
+     --sparse-block=SIZE     set block size used to handle sparse files
+      --preallocate           allocate dest files before writing
+  -n, --dry-run               perform a trial run with no changes made
+  -W, --whole-file            copy files whole (w/o delta-xfer algorithm)
+@@ -1299,6 +1300,15 @@ If combined with bf(--sparse), the file will only have sparse blocks (as
+ opposed to allocated sequences of null bytes) if the kernel version and
+ filesystem type support creating holes in the allocated data.
+
+dit(bf(--sparse-block=SIZE)) Change the block size used to handle sparse files
+to SIZE bytes.  This option only has an effect if the bf(--sparse) (bf(-S))
+option was also specified.  The default block size used by rsync to detect a
+file hole is 1024 bytes; when the receiver writes data to the destination file
+and option bf(--sparse) is used, rsync checks every 1024-bytes chunk to detect
+if they are actually filled with data or not.  With certain filesystems,
+optimized to receive data streams for example, enlarging this block size can
+strongly increase performance.  The option can be used to tune this block size.
+
+ dit(bf(-n, --dry-run)) This makes rsync perform a trial run that doesn't
+ make any changes (and produces mostly the same output as a real run).  It
+ is most commonly used in combination with the bf(-v, --verbose) and/or
+diff --git a/rsync.1 b/rsync.1
+index 855dd47..1d7af3c 100644
+--- a/rsync.1
+++ b/rsync.1
+@@ -454,6 +454,7 @@ to the detailed description below for a complete description.
+      \-\-super                 receiver attempts super\-user activities
+      \-\-fake\-super            store/recover privileged attrs using xattrs
+  \-S, \-\-sparse                turn sequences of nulls into sparse blocks
+     \-\-sparse-block=SIZE      set block size used to handle sparse files
+      \-\-preallocate           allocate dest files before writing
+  \-n, \-\-dry\-run               perform a trial run with no changes made
+  \-W, \-\-whole\-file            copy files whole (w/o delta\-xfer algorithm)
+@@ -1493,6 +1493,16 @@ If combined with \fB\-\-sparse\fP, the file will only have sparse blocks (as
+ opposed to allocated sequences of null bytes) if the kernel version and
+ filesystem type support creating holes in the allocated data.
+ .IP 
+.IP "\fB\-\-sparse\-block=SIZE\fP"
+Change the block size used to handle sparse files
+to SIZE bytes.  This option only has an effect if the \fB\-\-sparse\fP (\fB\-S\fP)
+option was also specified.  The default block size used by rsync to detect a
+file hole is 1024 bytes; when the receiver writes data to the destination file
+and option \fB\-\-sparse\fP is used, rsync checks every 1024\-bytes chunk to detect
+if they are actually filled with data or not.  With certain filesystems,
+optimized to receive data streams for example, enlarging this block size can
+strongly increase performance.  The option can be used to tune this block size.
+.IP
+ .IP "\fB\-n, \-\-dry\-run\fP"
+ This makes rsync perform a trial run that doesn\(cq\&t
+ make any changes (and produces mostly the same output as a real run).  It
--- a/SPECS/rsync.spec
+++ b/SPECS/rsync.spec
@ -9,7 +9,7 @@
 Summary: A program for synchronizing files over a network
 Name: rsync
 Version: 3.1.3
-Release: 14%{?dist}.3
+Release: 19%{?dist}
 Group: Applications/Internet
 URL: http://rsync.samba.org/

@ -37,7 +37,9 @@ Patch6: rsync-3.1.3-append-check.patch
 Patch7: rsync-3.1.3-skip-compress.patch
 Patch8: rsync-3.1.3-xattr.patch
 Patch9: rsync-3.1.3-cve-2018-25032.patch
-Patch10: rsync-3.1.3-cve-2022-29154.patch
+Patch10: rsync-3.1.3-sparse-block.patch
+Patch11: rsync-3.1.3-cve-2022-29154.patch
+Patch12: rsync-3.1.3-cve-2022-37434.patch

 %description
 Rsync uses a reliable algorithm to bring remote and host files into
@ -85,7 +87,9 @@ patch -p1 -i patches/copy-devices.diff
 %patch7 -p1 -b .skip-compress
 %patch8 -p1 -b .xattr
 %patch9 -p1 -b .cve-2018-25032
-%patch10 -p1 -b .cve-2022-29154
+%patch10 -p1 -b .spars-block
+%patch11 -p1 -b .cve-2022-29154
+%patch12 -p1 -b .cve-2022-37434

 %build
 %configure
@ -132,14 +136,20 @@ chmod -x support/*
 %systemd_postun_with_restart rsyncd.service

 %changelog
-* Mon Aug 15 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-14.3
- Resolves: #2111174 - remote arbitrary files write inside the directories of connecting peers
+* Thu Aug 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-19
+- Resolves: #2116668 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field

-* Wed Apr 20 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-14.2
- Related: #2074783 - Needed to bump this to rebuild correctly
+* Mon Aug 15 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-18
+- Resolves: #2111175 - remote arbitrary files write inside the directories of connecting peers

-* Wed Apr 13 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-14.1
- Resolves: #2074783 - A flaw in zlib-1.2.11 when compressing (not decompressing!) certain inputs
+* Mon Aug 08 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-17
+- Related: #2043753 - New option should not be sent to the server every time
+
+* Thu Jul 28 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-16
+- Resolves: #2043753 - [RFE] Improve defaults for sparse file buffering
+
+* Tue Apr 12 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-15
+- Resolves: #2071513 - A flaw in zlib-1.2.11 when compressing (not decompressing!) certain inputs

 * Mon Oct 11 2021 Michal Ruprich <mruprich@redhat.com> - 3.1.3-14
 - Related: #1907443 - Adding fmf plans to run tests with tmt