rpms/rsync
6
0
Fork 1
Code Issues Pull Requests Releases Activity

import CS rsync-3.2.5-3.el9

Browse Source
This commit is contained in:
eabdullin 2025-03-11 08:08:08 +00:00
parent a68cceb373
commit d20ac1739d
20 changed files with 530 additions and 1814 deletions

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/rsync-3.2.3.tar.gz
SOURCES/rsync-patches-3.2.3.tar.gz
SOURCES/rsync-3.2.5.tar.gz
SOURCES/rsync-patches-3.2.5.tar.gz

4
.rsync.metadata
View File

@ -1,2 +1,2 @@
00823f43901e7da39f3f0daf20ec9efae47e959e SOURCES/rsync-3.2.3.tar.gz
5c4c2866931b0f4dbb0d07567b2963c9dc66ec87 SOURCES/rsync-patches-3.2.3.tar.gz
26baded8871b9e2406add210cdbfa744c94642d2 SOURCES/rsync-3.2.5.tar.gz
db897ede46e509347a84ca4e0cb02c452eeabdbe SOURCES/rsync-patches-3.2.5.tar.gz

343
SOURCES/rsync-3.1.3-cve-2018-25032.patch
View File

@ -1,343 +0,0 @@
From 5c44459c3b28a9bd3283aaceab7c615f8020c531 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Tue, 17 Apr 2018 22:09:22 -0700
Subject: [PATCH] Fix a bug that can crash deflate on some input when using
Z_FIXED.
This bug was reported by Danilo Ramos of Eideticom, Inc. It has
lain in wait 13 years before being found! The bug was introduced
in zlib 1.2.2.2, with the addition of the Z_FIXED option. That
option forces the use of fixed Huffman codes. For rare inputs with
a large number of distant matches, the pending buffer into which
the compressed data is written can overwrite the distance symbol
table which it overlays. That results in corrupted output due to
invalid distances, and can result in out-of-bound accesses,
crashing the application.
The fix here combines the distance buffer and literal/length
buffers into a single symbol buffer. Now three bytes of pending
buffer space are opened up for each literal or length/distance
pair consumed, instead of the previous two bytes. This assures
that the pending buffer cannot overwrite the symbol table, since
the maximum fixed code compressed length/distance is 31 bits, and
since there are four bytes of pending space for every three bytes
of symbol space.
---
deflate.c | 74 ++++++++++++++++++++++++++++++++++++++++---------------
deflate.h | 25 +++++++++----------
trees.c | 50 +++++++++++--------------------------
3 files changed, 79 insertions(+), 70 deletions(-)
diff --git a/zlib/deflate.c b/zlib/deflate.c
index 425babc00..19cba873a 100644
--- a/zlib/deflate.c
+++ b/zlib/deflate.c
@@ -255,11 +255,6 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
int wrap = 1;
static const char my_version[] = ZLIB_VERSION;
- ushf *overlay;
- /* We overlay pending_buf and d_buf+l_buf. This works since the average
- * output size for (length,distance) codes is <= 24 bits.
- */
-
if (version == Z_NULL || version[0] != my_version[0] ||
stream_size != sizeof(z_stream)) {
return Z_VERSION_ERROR;
@@ -329,9 +324,47 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);
- s->pending_buf = (uchf *) overlay;
- s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L);
+ /* We overlay pending_buf and sym_buf. This works since the average size
+ * for length/distance pairs over any compressed block is assured to be 31
+ * bits or less.
+ *
+ * Analysis: The longest fixed codes are a length code of 8 bits plus 5
+ * extra bits, for lengths 131 to 257. The longest fixed distance codes are
+ * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest
+ * possible fixed-codes length/distance pair is then 31 bits total.
+ *
+ * sym_buf starts one-fourth of the way into pending_buf. So there are
+ * three bytes in sym_buf for every four bytes in pending_buf. Each symbol
+ * in sym_buf is three bytes -- two for the distance and one for the
+ * literal/length. As each symbol is consumed, the pointer to the next
+ * sym_buf value to read moves forward three bytes. From that symbol, up to
+ * 31 bits are written to pending_buf. The closest the written pending_buf
+ * bits gets to the next sym_buf symbol to read is just before the last
+ * code is written. At that time, 31*(n-2) bits have been written, just
+ * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at
+ * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1
+ * symbols are written.) The closest the writing gets to what is unread is
+ * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and
+ * can range from 128 to 32768.
+ *
+ * Therefore, at a minimum, there are 142 bits of space between what is
+ * written and what is read in the overlain buffers, so the symbols cannot
+ * be overwritten by the compressed data. That space is actually 139 bits,
+ * due to the three-bit fixed-code block header.
+ *
+ * That covers the case where either Z_FIXED is specified, forcing fixed
+ * codes, or when the use of fixed codes is chosen, because that choice
+ * results in a smaller compressed block than dynamic codes. That latter
+ * condition then assures that the above analysis also covers all dynamic
+ * blocks. A dynamic-code block will only be chosen to be emitted if it has
+ * fewer bits than a fixed-code block would for the same set of symbols.
+ * Therefore its average symbol length is assured to be less than 31. So
+ * the compressed data for a dynamic block also cannot overwrite the
+ * symbols from which it is being constructed.
+ */
+
+ s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4);
+ s->pending_buf_size = (ulg)s->lit_bufsize * 4;
if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
s->pending_buf == Z_NULL) {
@@ -340,8 +373,12 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
deflateEnd (strm);
return Z_MEM_ERROR;
}
- s->d_buf = overlay + s->lit_bufsize/sizeof(ush);
- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;
+ s->sym_buf = s->pending_buf + s->lit_bufsize;
+ s->sym_end = (s->lit_bufsize - 1) * 3;
+ /* We avoid equality with lit_bufsize*3 because of wraparound at 64K
+ * on 16 bit machines and because stored blocks are restricted to
+ * 64K-1 bytes.
+ */
s->level = level;
s->strategy = strategy;
@@ -552,7 +589,7 @@ int ZEXPORT deflatePrime (strm, bits, value)
if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
s = strm->state;
- if ((Bytef *)(s->d_buf) < s->pending_out + ((Buf_size + 7) >> 3))
+ if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3))
return Z_BUF_ERROR;
do {
put = Buf_size - s->bi_valid;
@@ -1113,7 +1150,6 @@ int ZEXPORT deflateCopy (dest, source)
#else
deflate_state *ds;
deflate_state *ss;
- ushf *overlay;
if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) {
@@ -1133,8 +1169,7 @@ int ZEXPORT deflateCopy (dest, source)
ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos));
ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos));
- overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2);
- ds->pending_buf = (uchf *) overlay;
+ ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4);
if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
ds->pending_buf == Z_NULL) {
@@ -1148,8 +1183,7 @@ int ZEXPORT deflateCopy (dest, source)
zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
- ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush);
- ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize;
+ ds->sym_buf = ds->pending_buf + ds->lit_bufsize;
ds->l_desc.dyn_tree = ds->dyn_ltree;
ds->d_desc.dyn_tree = ds->dyn_dtree;
@@ -1771,7 +1771,7 @@ local block_state deflate_fast(s, flush)
FLUSH_BLOCK(s, 1);
return finish_done;
}
- if (s->last_lit)
+ if (s->sym_next)
FLUSH_BLOCK(s, 0);
return block_done;
}
@@ -1912,7 +1912,7 @@ local block_state deflate_slow(s, flush)
FLUSH_BLOCK(s, 1);
return finish_done;
}
- if (s->last_lit)
+ if (s->sym_next)
FLUSH_BLOCK(s, 0);
return block_done;
}
@@ -1987,7 +1987,7 @@ local block_state deflate_rle(s, flush)
FLUSH_BLOCK(s, 1);
return finish_done;
}
- if (s->last_lit)
+ if (s->sym_next)
FLUSH_BLOCK(s, 0);
return block_done;
}
@@ -2026,7 +2026,7 @@ local block_state deflate_huff(s, flush)
FLUSH_BLOCK(s, 1);
return finish_done;
}
- if (s->last_lit)
+ if (s->sym_next)
FLUSH_BLOCK(s, 0);
return block_done;
}
diff --git a/zlib/deflate.h b/zlib/deflate.h
index 23ecdd312..d4cf1a98b 100644
--- a/zlib/deflate.h
+++ b/zlib/deflate.h
@@ -217,7 +217,7 @@ typedef struct internal_state {
/* Depth of each subtree used as tie breaker for trees of equal frequency
*/
- uchf *l_buf; /* buffer for literals or lengths */
+ uchf *sym_buf; /* buffer for distances and literals/lengths */
uInt lit_bufsize;
/* Size of match buffer for literals/lengths. There are 4 reasons for
@@ -239,13 +239,8 @@ typedef struct internal_state {
* - I can't count above 4
*/
- uInt last_lit; /* running index in l_buf */
-
- ushf *d_buf;
- /* Buffer for distances. To simplify the code, d_buf and l_buf have
- * the same number of elements. To use different lengths, an extra flag
- * array would be necessary.
- */
+ uInt sym_next; /* running index in sym_buf */
+ uInt sym_end; /* symbol table full when sym_next reaches this */
ulg opt_len; /* bit length of current block with optimal trees */
ulg static_len; /* bit length of current block with static trees */
@@ -317,20 +317,22 @@ void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf,
# define _tr_tally_lit(s, c, flush) \
{ uch cc = (c); \
- s->d_buf[s->last_lit] = 0; \
- s->l_buf[s->last_lit++] = cc; \
+ s->sym_buf[s->sym_next++] = 0; \
+ s->sym_buf[s->sym_next++] = 0; \
+ s->sym_buf[s->sym_next++] = cc; \
s->dyn_ltree[cc].Freq++; \
- flush = (s->last_lit == s->lit_bufsize-1); \
+ flush = (s->sym_next == s->sym_end); \
}
# define _tr_tally_dist(s, distance, length, flush) \
{ uch len = (length); \
ush dist = (distance); \
- s->d_buf[s->last_lit] = dist; \
- s->l_buf[s->last_lit++] = len; \
+ s->sym_buf[s->sym_next++] = dist; \
+ s->sym_buf[s->sym_next++] = dist >> 8; \
+ s->sym_buf[s->sym_next++] = len; \
dist--; \
s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
s->dyn_dtree[d_code(dist)].Freq++; \
- flush = (s->last_lit == s->lit_bufsize-1); \
+ flush = (s->sym_next == s->sym_end); \
}
#else
# define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
diff --git a/zlib/trees.c b/zlib/trees.c
index 4f4a65011..decaeb7c3 100644
--- a/zlib/trees.c
+++ b/zlib/trees.c
@@ -416,7 +416,7 @@ local void init_block(s)
s->dyn_ltree[END_BLOCK].Freq = 1;
s->opt_len = s->static_len = 0L;
- s->last_lit = s->matches = 0;
+ s->sym_next = s->matches = 0;
}
#define SMALLEST 1
@@ -948,7 +948,7 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last)
Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
- s->last_lit));
+ s->sym_next / 3));
if (static_lenb <= opt_lenb) opt_lenb = static_lenb;
@@ -1017,8 +1017,9 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
unsigned dist; /* distance of matched string */
unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */
{
- s->d_buf[s->last_lit] = (ush)dist;
- s->l_buf[s->last_lit++] = (uch)lc;
+ s->sym_buf[s->sym_next++] = dist;
+ s->sym_buf[s->sym_next++] = dist >> 8;
+ s->sym_buf[s->sym_next++] = lc;
if (dist == 0) {
/* lc is the unmatched char */
s->dyn_ltree[lc].Freq++;
@@ -1033,30 +1034,7 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++;
s->dyn_dtree[d_code(dist)].Freq++;
}
-
-#ifdef TRUNCATE_BLOCK
- /* Try to guess if it is profitable to stop the current block here */
- if ((s->last_lit & 0x1fff) == 0 && s->level > 2) {
- /* Compute an upper bound for the compressed length */
- ulg out_length = (ulg)s->last_lit*8L;
- ulg in_length = (ulg)((long)s->strstart - s->block_start);
- int dcode;
- for (dcode = 0; dcode < D_CODES; dcode++) {
- out_length += (ulg)s->dyn_dtree[dcode].Freq *
- (5L+extra_dbits[dcode]);
- }
- out_length >>= 3;
- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ",
- s->last_lit, in_length, out_length,
- 100L - out_length*100L/in_length));
- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1;
- }
-#endif
- return (s->last_lit == s->lit_bufsize-1);
- /* We avoid equality with lit_bufsize because of wraparound at 64K
- * on 16 bit machines and because stored blocks are restricted to
- * 64K-1 bytes.
- */
+ return (s->sym_next == s->sym_end);
}
/* ===========================================================================
@@ -1069,13 +1047,14 @@ local void compress_block(s, ltree, dtree)
{
unsigned dist; /* distance of matched string */
int lc; /* match length or unmatched char (if dist == 0) */
- unsigned lx = 0; /* running index in l_buf */
+ unsigned sx = 0; /* running index in sym_buf */
unsigned code; /* the code to send */
int extra; /* number of extra bits to send */
- if (s->last_lit != 0) do {
- dist = s->d_buf[lx];
- lc = s->l_buf[lx++];
+ if (s->sym_next != 0) do {
+ dist = s->sym_buf[sx++] & 0xff;
+ dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8;
+ lc = s->sym_buf[sx++];
if (dist == 0) {
send_code(s, lc, ltree); /* send a literal byte */
Tracecv(isgraph(lc), (stderr," '%c' ", lc));
@@ -1100,11 +1079,10 @@ local void compress_block(s, ltree, dtree)
}
} /* literal or match pair ? */
- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */
- Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx,
- "pendingBuf overflow");
+ /* Check that the overlay between pending_buf and sym_buf is ok: */
+ Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow");
- } while (lx < s->last_lit);
+ } while (sx < s->sym_next);
send_code(s, END_BLOCK, ltree);
}

22
SOURCES/rsync-3.2.2-ssl-verify-hostname.patch
View File

@ -1,22 +0,0 @@
From Mon Sep 17 00:00:00 2001
From: Matt McCutchen <matt@mattmccutchen.net>
Date: Wed, 26 Aug 2020 12:16:08 -0400
rsync-ssl: Verify the hostname in the certificate when using openssl.
---
rsync-ssl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rsync-ssl b/rsync-ssl
index 8101975a..46701af1 100755
--- a/rsync-ssl
+++ b/rsync-ssl
@@ -129,7 +129,7 @@ function rsync_ssl_helper {
fi
if [[ $RSYNC_SSL_TYPE == openssl ]]; then
- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
+ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
else

36
SOURCES/rsync-3.2.3-append-mode.patch
View File

@ -1,36 +0,0 @@
diff --git a/rsync.1.md b/rsync.1.md
index ec971ecc..7bb4c5a1 100644
--- a/rsync.1.md
+++ b/rsync.1.md
@@ -949,7 +949,9 @@ your home directory (remove the '=' for that).
existing content in the file (it only verifies the content that it is
appending). Rsync skips any files that exist on the receiving side that
are not shorter than the associated file on the sending side (which means
- that new files are trasnferred).
+ that new files are trasnferred). It also skips any files whose size on the
+ sending side gets shorter during the send negotiations (rsync warns about a
+ "diminished" file when this happens).
This does not interfere with the updating of a file's non-content
attributes (e.g. permissions, ownership, etc.) when the file does not need
diff --git a/sender.c b/sender.c
index 94761c26..9cfca134 100644
--- a/sender.c
+++ b/sender.c
@@ -362,6 +362,16 @@ void send_files(int f_in, int f_out)
exit_cleanup(RERR_FILEIO);
}
+ if (append_mode > 0 && st.st_size < F_LENGTH(file)) {
+ rprintf(FWARNING, "skipped diminished file: %s\n",
+ full_fname(fname));
+ free_sums(s);
+ close(fd);
+ if (protocol_version >= 30)
+ send_msg_int(MSG_NO_SEND, ndx);
+ continue;
+ }
+
if (IS_DEVICE(st.st_mode) && st.st_size == 0)
st.st_size = get_device_size(fd, fname);

48
SOURCES/rsync-3.2.3-atimes.patch
View File

@ -1,48 +0,0 @@
diff --git a/rsync.c b/rsync.c
index bcecac63..ff9489be 100644
--- a/rsync.c
+++ b/rsync.c
@@ -63,8 +63,7 @@ extern char *iconv_opt;
#define UPDATED_ATIME (1<<3)
#define UPDATED_ACLS (1<<4)
#define UPDATED_MODE (1<<5)
-
-#define UPDATED_TIMES (UPDATED_MTIME|UPDATED_ATIME)
+#define UPDATED_CRTIME (1<<6)
#ifdef ICONV_CONST
iconv_t ic_chck = (iconv_t)-1;
@@ -576,10 +575,11 @@ int set_file_attrs(const char *fname, struct file_struct *file, stat_x *sxp,
set_xattr(fname, file, fnamecmp, sxp);
#endif
- if (!preserve_times
- || (!(preserve_times & PRESERVE_DIR_TIMES) && S_ISDIR(sxp->st.st_mode))
- || (!(preserve_times & PRESERVE_LINK_TIMES) && S_ISLNK(sxp->st.st_mode)))
- flags |= ATTRS_SKIP_MTIME | ATTRS_SKIP_ATIME;
+ if (!preserve_times)
+ flags |= ATTRS_SKIP_MTIME | (atimes_ndx ? 0 : ATTRS_SKIP_ATIME) | (crtimes_ndx ? 0 : ATTRS_SKIP_CRTIME);
+ else if ((!(preserve_times & PRESERVE_DIR_TIMES) && S_ISDIR(sxp->st.st_mode))
+ || (!(preserve_times & PRESERVE_LINK_TIMES) && S_ISLNK(sxp->st.st_mode)))
+ flags |= ATTRS_SKIP_MTIME | ATTRS_SKIP_ATIME | ATTRS_SKIP_CRTIME;
else if (sxp != &sx2)
memcpy(&sx2.st, &sxp->st, sizeof (sx2.st));
if (!atimes_ndx || S_ISDIR(sxp->st.st_mode))
@@ -606,7 +606,7 @@ int set_file_attrs(const char *fname, struct file_struct *file, stat_x *sxp,
updated |= UPDATED_ATIME;
}
}
- if (updated & UPDATED_TIMES) {
+ if (updated & (UPDATED_MTIME|UPDATED_ATIME)) {
int ret = set_times(fname, &sx2.st);
if (ret < 0) {
rsyserr(FERROR_XFER, errno, "failed to set times on %s",
@@ -614,7 +614,7 @@ int set_file_attrs(const char *fname, struct file_struct *file, stat_x *sxp,
goto cleanup;
}
if (ret > 0) { /* ret == 1 if symlink could not be set */
- updated &= ~UPDATED_TIMES;
+ updated &= ~(UPDATED_MTIME|UPDATED_ATIME);
file->flags |= FLAG_TIME_FAILED;
}
}

1085
SOURCES/rsync-3.2.3-cve-2022-29154.patch
View File

File diff suppressed because it is too large Load Diff

16
SOURCES/rsync-3.2.3-cve-2022-37434.patch
View File

@ -1,16 +0,0 @@
diff --git a/zlib/inflate.c b/zlib/inflate.c
index e43abd9..bd33c19 100644
--- a/zlib/inflate.c
+++ b/zlib/inflate.c
@@ -740,8 +740,9 @@ int flush;
if (copy > have) copy = have;
if (copy) {
if (state->head != Z_NULL &&
- state->head->extra != Z_NULL) {
- len = state->head->extra_len - state->length;
+ state->head->extra != Z_NULL &&
+ (len = state->head->extra_len - state->length) <
+ state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);

96
SOURCES/rsync-3.2.3-delay-updates.patch
View File

@ -1,96 +0,0 @@
From ce51c1b0ae4c0cc35fa14f69271776e3e3ae6354 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Wed, 21 Jul 2021 16:38:22 +0200
Subject: [PATCH 1/3] Add regression test for --delay-updates (#192)
to test https://github.com/WayneD/rsync/issues/192
---
testsuite/delay-updates.test | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
create mode 100644 testsuite/delay-updates.test
diff --git a/testsuite/delay-updates.test b/testsuite/delay-updates.test
new file mode 100644
index 000000000..54961dfa9
--- /dev/null
+++ b/testsuite/delay-updates.test
@@ -0,0 +1,21 @@
+#! /bin/sh
+
+# Test rsync --delay-updates
+
+. "$suitedir/rsync.fns"
+
+mkdir "$fromdir"
+
+echo 1 > "$fromdir/foo"
+
+checkit "$RSYNC -avvv --delay-updates \"$fromdir/\" \"$todir/\"" "$fromdir" "$todir"
+
+mkdir "$todir/.~tmp~"
+echo 2 > "$todir/.~tmp~/foo"
+touch -r .. "$todir/.~tmp~/foo" "$todir/foo"
+echo 3 > "$fromdir/foo"
+
+checkit "$RSYNC -avvv --delay-updates \"$fromdir/\" \"$todir/\"" "$fromdir" "$todir"
+
+# The script would have aborted on error, so getting here means we've won.
+exit 0
From 5a4ea7e468ae53c09b98803da3519727becb48ad Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Thu, 22 Jul 2021 13:30:17 +0200
Subject: [PATCH 2/3] Fix regression with --delay-updates (#192)
Fixes regression introduced with commit 3a7bf54ad520 (A resumed
partial-dir file is transferred in-place.)
Fixes https://github.com/WayneD/rsync/issues/192
---
receiver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/receiver.c b/receiver.c
index e85c4779c..b5020d074 100644
--- a/receiver.c
+++ b/receiver.c
@@ -881,7 +881,7 @@ int recv_files(int f_in, int f_out, char *local_name)
do_unlink(partialptr);
handle_partial_dir(partialptr, PDIR_DELETE);
}
- } else if (keep_partial && partialptr && !one_inplace) {
+ } else if (keep_partial && partialptr && (!one_inplace || delay_updates)) {
if (!handle_partial_dir(partialptr, PDIR_CREATE)) {
rprintf(FERROR,
"Unable to create partial-dir for %s -- discarding %s.\n",
From 15ec7de5503c57860fb73ea6e4a349f1e70b72db Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayne@opencoder.net>
Date: Wed, 28 Jul 2021 09:03:10 -0700
Subject: [PATCH 3/3] Tweak rsync options.
---
testsuite/delay-updates.test | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/testsuite/delay-updates.test b/testsuite/delay-updates.test
index 54961dfa9..5896a9c7c 100644
--- a/testsuite/delay-updates.test
+++ b/testsuite/delay-updates.test
@@ -8,14 +8,14 @@ mkdir "$fromdir"
echo 1 > "$fromdir/foo"
-checkit "$RSYNC -avvv --delay-updates \"$fromdir/\" \"$todir/\"" "$fromdir" "$todir"
+checkit "$RSYNC -aiv --delay-updates \"$fromdir/\" \"$todir/\"" "$fromdir" "$todir"
mkdir "$todir/.~tmp~"
echo 2 > "$todir/.~tmp~/foo"
touch -r .. "$todir/.~tmp~/foo" "$todir/foo"
echo 3 > "$fromdir/foo"
-checkit "$RSYNC -avvv --delay-updates \"$fromdir/\" \"$todir/\"" "$fromdir" "$todir"
+checkit "$RSYNC -aiv --delay-updates \"$fromdir/\" \"$todir/\"" "$fromdir" "$todir"
# The script would have aborted on error, so getting here means we've won.
exit 0

19
SOURCES/rsync-3.2.3-filtering-rules.patch
View File

@ -40,9 +40,9 @@ index 13c4253..232249f 100644
+ int slash_cnt = 0;
const char *cp;
char *p;
if (am_server || old_style_args || list_only || read_batch || filesfrom_host != NULL)
if (trust_sender_args)
@@ -407,6 +413,7 @@ void add_implied_include(const char *arg, int skip_daemon_module)
}
arg++;
arg_len = strlen(arg);
if (arg_len) {
+ char *new_pat;
@ -287,21 +287,6 @@ index 13c4253..232249f 100644
}
/* This is only called by the client. */
diff --git a/options.c b/options.c
index afc33ce..4d0a1a6 100644
--- a/options.c
+++ b/options.c
@@ -2426,7 +2426,9 @@ char *safe_arg(const char *opt, const char *arg)
char *ret;
if (!protect_args && old_style_args < 2 && (!old_style_args || (!is_filename_arg && opt != SPLIT_ARG_WHEN_OLD))) {
const char *f;
- if (!old_style_args && *arg == '~' && (relative_paths || !strchr(arg, '/'))) {
+ if (!old_style_args && *arg == '~'
+ && ((relative_paths && !strstr(arg, "/./"))
+ || !strchr(arg, '/'))) {
extras++;
escape_leading_tilde = 1;
}
diff --git a/flist.c b/flist.c
index 630d685..8c2397b 100644
--- a/flist.c

53
SOURCES/rsync-3.2.3-lchmod.patch
View File

@ -1,53 +0,0 @@
diff --git a/syscall.c b/syscall.c
index b9c3b4ef..11d10e4a 100644
--- a/syscall.c
+++ b/syscall.c
@@ -227,27 +227,35 @@ int do_open(const char *pathname, int flags, mode_t mode)
#ifdef HAVE_CHMOD
int do_chmod(const char *path, mode_t mode)
{
+ static int switch_step = 0;
int code;
if (dry_run) return 0;
RETURN_ERROR_IF_RO_OR_LO;
+ switch (switch_step) {
#ifdef HAVE_LCHMOD
- code = lchmod(path, mode & CHMOD_BITS);
-#else
- if (S_ISLNK(mode)) {
+#include "case_N.h"
+ if ((code = lchmod(path, mode & CHMOD_BITS)) == 0 || errno != ENOTSUP)
+ break;
+ switch_step++;
+#endif
+
+#include "case_N.h"
+ if (S_ISLNK(mode)) {
# if defined HAVE_SETATTRLIST
- struct attrlist attrList;
- uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
+ struct attrlist attrList;
+ uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
- memset(&attrList, 0, sizeof attrList);
- attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
- attrList.commonattr = ATTR_CMN_ACCESSMASK;
- code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
+ memset(&attrList, 0, sizeof attrList);
+ attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
+ attrList.commonattr = ATTR_CMN_ACCESSMASK;
+ code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
# else
- code = 1;
+ code = 1;
# endif
- } else
- code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
-#endif /* !HAVE_LCHMOD */
+ } else
+ code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
+ break;
+ }
if (code != 0 && (preserve_perms || preserve_executability))
return code;
return 0;

24
SOURCES/rsync-3.2.3-segfault.patch
View File

@ -1,24 +0,0 @@
From f5a9a1013873580d0ad2ae4f5c5038c324d71bfe Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayne@opencoder.net>
Date: Mon, 21 Feb 2022 14:19:31 -0800
Subject: [PATCH] Fix possible array deref using invalid index.
---
copy-devices.diff | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/patches/copy-devices.diff b/patches/copy-devices.diff
index 797d046..4138474 100644
--- a/patches/copy-devices.diff
+++ b/patches/copy-devices.diff
@@ -111,8 +111,8 @@ diff --git a/rsync.c b/rsync.c
if (iflags & ITEM_TRANSFER) {
int i = ndx - cur_flist->ndx_start;
- if (i < 0 || !S_ISREG(cur_flist->files[i]->mode)) {
-+ struct file_struct *file = cur_flist->files[i];
-+ if (i < 0 || !(S_ISREG(file->mode) || (copy_devices && IS_DEVICE(file->mode)))) {
++ if (i < 0
++ || !(S_ISREG(cur_flist->files[i]->mode) || (copy_devices && IS_DEVICE(cur_flist->files[i]->mode)))) {
rprintf(FERROR,
"received request to transfer non-regular file: %d [%s]\n",
ndx, who_am_i());

38
SOURCES/rsync-3.2.3-xattr.patch
View File

@ -1,38 +0,0 @@
diff --git a/xattrs.c b/xattrs.c
index 508649c0..3c549192 100644
--- a/xattrs.c
+++ b/xattrs.c
@@ -1055,7 +1055,7 @@ int set_xattr(const char *fname, const struct file_struct *file, const char *fna
{
rsync_xa_list *glst = rsync_xal_l.items;
item_list *lst;
- int ndx;
+ int ndx, added_write_perm = 0;
if (dry_run)
return 1; /* FIXME: --dry-run needs to compute this value */
@@ -1084,10 +1084,23 @@ int set_xattr(const char *fname, const struct file_struct *file, const char *fna
}
#endif
+ /* If the target file lacks write permission, we try to add it
+ * temporarily so we can change the extended attributes. */
+ if (!am_root
+#ifdef SUPPORT_LINKS
+ && !S_ISLNK(sxp->st.st_mode)
+#endif
+ && access(fname, W_OK) < 0
+ && do_chmod(fname, (sxp->st.st_mode & CHMOD_BITS) | S_IWUSR) == 0)
+ added_write_perm = 1;
+
ndx = F_XATTR(file);
glst += ndx;
lst = &glst->xa_items;
- return rsync_xal_set(fname, lst, fnamecmp, sxp);
+ int return_value = rsync_xal_set(fname, lst, fnamecmp, sxp);
+ if (added_write_perm) /* remove the temporary write permission */
+ do_chmod(fname, sxp->st.st_mode);
+ return return_value;
}
#ifdef SUPPORT_ACLS

14
SOURCES/rsync-3.2.5-cve-2024-12085.patch Normal file
View File

@ -0,0 +1,14 @@
diff --git a/match.c b/match.c
index 36e78ed..dfd6af2 100644
--- a/match.c
+++ b/match.c
@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s,
int more;
schar *map;
+ // prevent possible memory leaks
+ memset(sum2, 0, sizeof sum2);
+
/* want_i is used to encourage adjacent matches, allowing the RLL
* coding of the output to work more efficiently. */
want_i = 0;

36
SOURCES/rsync-3.2.5-cve-2024-12087.patch Normal file
View File

@ -0,0 +1,36 @@
diff --git a/flist.c b/flist.c
index 464d556..087f9da 100644
--- a/flist.c
+++ b/flist.c
@@ -2584,6 +2584,19 @@ struct file_list *recv_file_list(int f, int dir_ndx)
init_hard_links();
#endif
+ if (inc_recurse && dir_ndx >= 0) {
+ if (dir_ndx >= dir_flist->used) {
+ rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used);
+ exit_cleanup(RERR_PROTOCOL);
+ }
+ struct file_struct *file = dir_flist->files[dir_ndx];
+ if (file->flags & FLAG_GOT_DIR_FLIST) {
+ rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx);
+ exit_cleanup(RERR_PROTOCOL);
+ }
+ file->flags |= FLAG_GOT_DIR_FLIST;
+ }
+
flist = flist_new(0, "recv_file_list");
flist_expand(flist, FLIST_START_LARGE);
diff --git a/rsync.h b/rsync.h
index f8bd024..fbaf312 100644
--- a/rsync.h
+++ b/rsync.h
@@ -92,6 +92,7 @@
#define FLAG_SKIP_GROUP (1<<10) /* receiver/generator */
#define FLAG_TIME_FAILED (1<<11)/* generator */
#define FLAG_MOD_NSEC (1<<12) /* sender/receiver/generator */
+#define FLAG_GOT_DIR_FLIST (1<<13)/* sender/receiver/generator - dir_flist only */
/* These flags are passed to functions but not stored. */

57
SOURCES/rsync-3.2.5-cve-2024-12088.patch Normal file
View File

@ -0,0 +1,57 @@
diff --git a/testsuite/unsafe-byname.test b/testsuite/unsafe-byname.test
index 75e7201..d2e318e 100644
--- a/testsuite/unsafe-byname.test
+++ b/testsuite/unsafe-byname.test
@@ -40,7 +40,7 @@ test_unsafe ..//../dest from/dir unsafe
test_unsafe .. from/file safe
test_unsafe ../.. from/file unsafe
test_unsafe ..//.. from//file unsafe
-test_unsafe dir/.. from safe
+test_unsafe dir/.. from unsafe
test_unsafe dir/../.. from unsafe
test_unsafe dir/..//.. from unsafe
diff --git a/util1.c b/util1.c
index da50ff1..f260d39 100644
--- a/util1.c
+++ b/util1.c
@@ -1318,7 +1318,14 @@ int handle_partial_dir(const char *fname, int create)
*
* "src" is the top source directory currently applicable at the level
* of the referenced symlink. This is usually the symlink's full path
- * (including its name), as referenced from the root of the transfer. */
+ * (including its name), as referenced from the root of the transfer.
+ *
+ * NOTE: this also rejects dest names with a .. component in other
+ * than the first component of the name ie. it rejects names such as
+ * a/b/../x/y. This needs to be done as the leading subpaths 'a' or
+ * 'b' could later be replaced with symlinks such as a link to '.'
+ * resulting in the link being transferred now becoming unsafe
+ */
int unsafe_symlink(const char *dest, const char *src)
{
const char *name, *slash;
@@ -1328,6 +1335,23 @@ int unsafe_symlink(const char *dest, const char *src)
if (!dest || !*dest || *dest == '/')
return 1;
+ // reject destinations with /../ in the name other than at the start of the name
+ const char *dest2 = dest;
+ while (strncmp(dest2, "../", 3) == 0) {
+ dest2 += 3;
+ while (*dest2 == '/') {
+ // allow for ..//..///../foo
+ dest2++;
+ }
+ }
+ if (strstr(dest2, "/../"))
+ return 1;
+
+ // reject if the destination ends in /..
+ const size_t dlen = strlen(dest);
+ if (dlen > 3 && strcmp(&dest[dlen-3], "/..") == 0)
+ return 1;
+
/* find out what our safety margin is */
for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) {
/* ".." segment starts the count over. "." segment is ignored. */

163
SOURCES/rsync-3.2.5-cve-2024-12747.patch Normal file
View File

@ -0,0 +1,163 @@
diff --git a/checksum.c b/checksum.c
index cb21882..66e8089 100644
--- a/checksum.c
+++ b/checksum.c
@@ -406,7 +406,7 @@ void file_checksum(const char *fname, const STRUCT_STAT *st_p, char *sum)
memset(sum, 0, MAX_DIGEST_LEN);
- fd = do_open(fname, O_RDONLY, 0);
+ fd = do_open_checklinks(fname);
if (fd == -1)
return;
diff --git a/flist.c b/flist.c
index 087f9da..1783253 100644
--- a/flist.c
+++ b/flist.c
@@ -1390,7 +1390,7 @@ struct file_struct *make_file(const char *fname, struct file_list *flist,
if (copy_devices && am_sender && IS_DEVICE(st.st_mode)) {
if (st.st_size == 0) {
- int fd = do_open(fname, O_RDONLY, 0);
+ int fd = do_open_checklinks(fname);
if (fd >= 0) {
st.st_size = get_device_size(fd, fname);
close(fd);
diff --git a/generator.c b/generator.c
index 110db28..3f13bb9 100644
--- a/generator.c
+++ b/generator.c
@@ -1798,7 +1798,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
if (write_devices && IS_DEVICE(sx.st.st_mode) && sx.st.st_size == 0) {
/* This early open into fd skips the regular open below. */
- if ((fd = do_open(fnamecmp, O_RDONLY, 0)) >= 0)
+ if ((fd = do_open_nofollow(fnamecmp, O_RDONLY)) >= 0)
real_sx.st.st_size = sx.st.st_size = get_device_size(fd, fnamecmp);
}
@@ -1867,7 +1867,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
}
/* open the file */
- if (fd < 0 && (fd = do_open(fnamecmp, O_RDONLY, 0)) < 0) {
+ if (fd < 0 && (fd = do_open_checklinks(fnamecmp)) < 0) {
rsyserr(FERROR, errno, "failed to open %s, continuing",
full_fname(fnamecmp));
pretend_missing:
diff --git a/receiver.c b/receiver.c
index 8031b8f..edfbb21 100644
--- a/receiver.c
+++ b/receiver.c
@@ -775,7 +775,7 @@ int recv_files(int f_in, int f_out, char *local_name)
if (fnamecmp != fname) {
fnamecmp = fname;
fnamecmp_type = FNAMECMP_FNAME;
- fd1 = do_open(fnamecmp, O_RDONLY, 0);
+ fd1 = do_open_nofollow(fnamecmp, O_RDONLY);
}
if (fd1 == -1 && basis_dir[0]) {
diff --git a/sender.c b/sender.c
index 2bbff2f..a4d46c3 100644
--- a/sender.c
+++ b/sender.c
@@ -350,7 +350,7 @@ void send_files(int f_in, int f_out)
exit_cleanup(RERR_PROTOCOL);
}
- fd = do_open(fname, O_RDONLY, 0);
+ fd = do_open_checklinks(fname);
if (fd == -1) {
if (errno == ENOENT) {
enum logcode c = am_daemon && protocol_version < 28 ? FERROR : FWARNING;
diff --git a/syscall.c b/syscall.c
index 47c5ea5..c55ae5f 100644
--- a/syscall.c
+++ b/syscall.c
@@ -45,6 +45,8 @@ extern int preallocate_files;
extern int preserve_perms;
extern int preserve_executability;
extern int open_noatime;
+extern int copy_links;
+extern int copy_unsafe_links;
#ifndef S_BLKSIZE
# if defined hpux || defined __hpux__ || defined __hpux
@@ -714,3 +714,21 @@ int do_open_nofollow(const char *pathname, int flags)
return fd;
}
+
+/*
+ varient of do_open/do_open_nofollow which does do_open() if the
+ copy_links or copy_unsafe_links options are set and does
+ do_open_nofollow() otherwise
+
+ This is used to prevent a race condition where an attacker could be
+ switching a file between being a symlink and being a normal file
+
+ The open is always done with O_RDONLY flags
+ */
+int do_open_checklinks(const char *pathname)
+{
+ if (copy_links || copy_unsafe_links) {
+ return do_open(pathname, O_RDONLY, 0);
+ }
+ return do_open_nofollow(pathname, O_RDONLY);
+}
diff --git a/t_unsafe.c b/t_unsafe.c
index 010cac5..e10619a 100644
--- a/t_unsafe.c
+++ b/t_unsafe.c
@@ -28,6 +28,9 @@ int am_root = 0;
int am_sender = 1;
int read_only = 0;
int list_only = 0;
+int copy_links = 0;
+int copy_unsafe_links = 0;
+
short info_levels[COUNT_INFO], debug_levels[COUNT_DEBUG];
int
diff --git a/tls.c b/tls.c
index e6b0708..858f8f1 100644
--- a/tls.c
+++ b/tls.c
@@ -49,6 +49,9 @@ int list_only = 0;
int link_times = 0;
int link_owner = 0;
int nsec_times = 0;
+int safe_symlinks = 0;
+int copy_links = 0;
+int copy_unsafe_links = 0;
#ifdef SUPPORT_XATTRS
diff --git a/trimslash.c b/trimslash.c
index 1ec928c..f2774cd 100644
--- a/trimslash.c
+++ b/trimslash.c
@@ -26,6 +26,8 @@ int am_root = 0;
int am_sender = 1;
int read_only = 1;
int list_only = 0;
+int copy_links = 0;
+int copy_unsafe_links = 0;
int
main(int argc, char **argv)
diff --git a/util1.c b/util1.c
index f260d39..d84bc41 100644
--- a/util1.c
+++ b/util1.c
@@ -365,7 +365,7 @@ int copy_file(const char *source, const char *dest, int tmpfilefd, mode_t mode)
int len; /* Number of bytes read into `buf'. */
OFF_T prealloc_len = 0, offset = 0;
- if ((ifd = do_open(source, O_RDONLY, 0)) < 0) {
+ if ((ifd = do_open_nofollow(source, O_RDONLY)) < 0) {
int save_errno = errno;
rsyserr(FERROR_XFER, errno, "open %s", full_fname(source));
errno = save_errno;

171
SOURCES/rsync-3.2.5-default-compression.patch Normal file
View File

@ -0,0 +1,171 @@
diff --git a/NEWS.md b/NEWS.md
index e32600c..e1f7d41 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -92,7 +92,7 @@
export LC_ALL=C.UTF-8
```
- or if iconv translations are needed:
+ or maybe:
```shell
if [ "${LC_ALL:-}" ]; then
@@ -145,11 +145,6 @@
- Avoid a weird failure if you run a local copy with a (useless)
[`--rsh`](rsync.1#opt) option that contains a `V` in the command.
- - Fixed a long-standing compression bug where the compression level of the
- first file transferred affected the level for all future files. Also, the
- per-file compression skipping has apparently never worked, so it is now
- documented as being ineffective.
-
- Fixed a truncate error when a `--write-devices` copy wrote a file onto a
device that was shorter than the device.
diff --git a/rsync.1.md b/rsync.1.md
index f29495f..d06f231 100644
--- a/rsync.1.md
+++ b/rsync.1.md
@@ -2658,6 +2658,9 @@ expand it.
ignore this weirdness unless the rsync server complains and tells you to
specify `-zz`.
+ See also the `--skip-compress` option for the default list of file suffixes
+ that will be transferred with no (or minimal) compression.
+
0. `--compress-choice=STR`, `--zc=STR`
This option can be used to override the automatic negotiation of the
@@ -2703,8 +2706,8 @@ expand it.
> rsync -aiv --zc=zstd --zl=22 host:src/ dest/
For zlib & zlibx compression the valid values are from 1 to 9 with 6 being
- the default. Specifying `--zl=0` turns compression off, and specifying
- `--zl=-1` chooses the default level of 6.
+ the default. Specifying 0 turns compression off, and specifying -1 chooses
+ the default of 6.
For zstd compression the valid values are from -131072 to 22 with 3 being
the default. Specifying 0 chooses the default of 3.
@@ -2723,15 +2726,14 @@ expand it.
0. `--skip-compress=LIST`
- **NOTE:** no compression method currently supports per-file compression
- changes, so this option has no effect.
-
Override the list of file suffixes that will be compressed as little as
possible. Rsync sets the compression level on a per-file basis based on
- the file's suffix. If the compression algorithm has an "off" level, then
- no compression occurs for those files. Other algorithms that support
- changing the streaming level on-the-fly will have the level minimized to
- reduces the CPU usage as much as possible for a matching file.
+ the file's suffix. If the compression algorithm has an "off" level (such
+ as zlib/zlibx) then no compression occurs for those files. Other
+ algorithms that support changing the streaming level on-the-fly will have
+ the level minimized to reduces the CPU usage as much as possible for a
+ matching file. At this time, only zlib & zlibx compression support this
+ changing of levels on a per-file basis.
The **LIST** should be one or more file suffixes (without the dot) separated
by slashes (`/`). You may specify an empty string to indicate that no files
diff --git a/rsyncd.conf.5.md b/rsyncd.conf.5.md
index 8bcbec0..e28c27a 100644
--- a/rsyncd.conf.5.md
+++ b/rsyncd.conf.5.md
@@ -924,9 +924,8 @@ the values of parameters. See the GLOBAL PARAMETERS section for more details.
> refuse options = * !a !delete* delete-after
- A note on refusing "compress": it may be better to set the "[dont compress](#)"
- daemon parameter to "`*`" and ensure that `RSYNC_COMPRESS_LIST=zlib` is set
- in the environment of the daemon in order to disable compression silently
+ A note on refusing "compress": it may be better to set the "dont compress"
+ daemon parameter to "`*`" because that disables compression silently
instead of returning an error that forces the client to remove the `-z`
option.
@@ -958,10 +957,6 @@ the values of parameters. See the GLOBAL PARAMETERS section for more details.
0. `dont compress`
- **NOTE:** This parameter currently has no effect except in one instance: if
- it is set to "`*`" then it minimizes or disables compression for all files
- (for those that don't want to refuse the `--compress` option completely).
-
This parameter allows you to select filenames based on wildcard patterns
that should not be compressed when pulling files from the daemon (no
analogous parameter exists to govern the pushing of files to a daemon).
@@ -972,14 +967,14 @@ the values of parameters. See the GLOBAL PARAMETERS section for more details.
The "dont compress" parameter takes a space-separated list of
case-insensitive wildcard patterns. Any source filename matching one of the
patterns will be compressed as little as possible during the transfer. If
- the compression algorithm has an "off" level, then no compression occurs
- for those files. If an algorithms has the ability to change the level in
- mid-stream, it will be minimized to reduce the CPU usage as much as
- possible.
+ the compression algorithm has an "off" level (such as zlib/zlibx) then no
+ compression occurs for those files. Other algorithms have the level
+ minimized to reduces the CPU usage as much as possible.
See the `--skip-compress` parameter in the **rsync**(1) manpage for the
- list of file suffixes that are skipped by default if this parameter is not
- set.
+ list of file suffixes that are not compressed by default. Specifying a
+ value for the "dont compress" parameter changes the default when the daemon
+ is the sender.
0. `early exec`, `pre-xfer exec`, `post-xfer exec`
diff --git a/token.c b/token.c
index c108b3a..f5a41c9 100644
--- a/token.c
+++ b/token.c
@@ -39,6 +39,7 @@ extern char *skip_compress;
#define Z_INSERT_ONLY Z_SYNC_FLUSH
#endif
+static int compression_level; /* The compression level for the current file. */
static int skip_compression_level; /* The least possible compressing for handling skip-compress files. */
static int per_file_default_level; /* The default level that each new file gets prior to checking its suffix. */
@@ -223,11 +224,9 @@ static void init_set_compression(void)
/* determine the compression level based on a wildcard filename list */
void set_compression(const char *fname)
{
-#if 0 /* No compression algorithms currently allow mid-stream changing of the level. */
const struct suffix_tree *node;
const char *s;
char ltr;
-#endif
if (!do_compression)
return;
@@ -235,7 +234,6 @@ void set_compression(const char *fname)
if (!match_list)
init_set_compression();
-#if 0
compression_level = per_file_default_level;
if (!*match_list && !suftree)
@@ -272,9 +270,6 @@ void set_compression(const char *fname)
if (!(node = node->child))
return;
}
-#else
- (void)fname;
-#endif
}
/* non-compressing recv token */
@@ -366,7 +361,7 @@ send_deflated_token(int f, int32 token, struct map_struct *buf, OFF_T offset, in
tx_strm.next_in = NULL;
tx_strm.zalloc = NULL;
tx_strm.zfree = NULL;
- if (deflateInit2(&tx_strm, per_file_default_level,
+ if (deflateInit2(&tx_strm, compression_level,
Z_DEFLATED, -15, 8,
Z_DEFAULT_STRATEGY) != Z_OK) {
rprintf(FERROR, "compression init failed\n");

23
SOURCES/rsync-3.2.5-rrsync-man.patch Normal file
View File

@ -0,0 +1,23 @@
diff --git a/Makefile.in b/Makefile.in
index 3cde955..06232f1 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -106,6 +106,9 @@ rsync$(EXEEXT): $(OBJS)
rrsync: support/rrsync
cp -p $(srcdir)/support/rrsync rrsync
+rrsync.1.md: support/rrsync.1.md
+ cp -p $(srcdir)/support/rrsync.1.md rrsync.1.md
+
$(OBJS): $(HEADERS)
$(CHECK_OBJS): $(HEADERS)
tls.o xattrs.o: lib/sysxattrs.h
@@ -269,7 +269,7 @@ rsyncd.conf.5: rsyncd.conf.5.md md-convert version.h Makefile
@$(srcdir)/maybe-make-man rsyncd.conf.5.md
rrsync.1: support/rrsync.1.md md-convert Makefile
- @$(srcdir)/maybe-make-man support/rrsync.1.md
+ @$(srcdir)/maybe-make-man rrsync.1.md
.PHONY: clean
clean: cleantests

92
SPECS/rsync.spec
View File

@ -9,8 +9,8 @@
Summary: A program for synchronizing files over a network
Name: rsync
Version: 3.2.3
Release: 20%{?dist}
Version: 3.2.5
Release: 3%{?dist}
URL: https://rsync.samba.org/
Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
@ -22,27 +22,34 @@ Source5: rsyncd.sysconfig
Source6: rsyncd@.service
BuildRequires: make
BuildRequires: gcc gcc-c++
BuildRequires: libacl-devel, libattr-devel, autoconf, popt-devel, systemd
BuildRequires: lz4-devel openssl-devel libzstd-devel
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: libacl-devel
BuildRequires: libattr-devel
BuildRequires: autoconf
BuildRequires: popt-devel
BuildRequires: systemd
BuildRequires: lz4-devel
BuildRequires: openssl-devel
BuildRequires: libzstd-devel
#Added virtual provide for zlib due to https://fedoraproject.org/wiki/Bundled_Libraries?rd=Packaging:Bundled_Libraries
Provides: bundled(zlib) = 1.2.8
License: GPLv3+
#Added temporarily until new rebase
Patch0: rsync-3.2.2-ssl-verify-hostname.patch
#Added due to rhbz#1873975 - default-acls test fail on s390x due to libacl
Patch1: rsync-3.2.2-runtests.patch
Patch2: rsync-3.2.3-lchmod.patch
Patch3: rsync-3.2.3-append-mode.patch
Patch4: rsync-3.2.3-xattr.patch
Patch5: rsync-3.2.3-segfault.patch
Patch6: rsync-3.2.3-atimes.patch
Patch7: rsync-3.1.3-cve-2018-25032.patch
Patch8: rsync-3.2.3-cve-2022-37434.patch
Patch9: rsync-3.2.3-cve-2022-29154.patch
Patch10: rsync-3.2.3-filtering-rules.patch
Patch11: rsync-3.2.3-delay-updates.patch
#commonmark would be needed to generate manpage, so we simply copy it
Patch2: rsync-3.2.5-rrsync-man.patch
#A couple of fixes for the new filtering code
Patch3: rsync-3.2.3-filtering-rules.patch
Patch4: rsync-3.2.5-cve-2024-12085.patch
Patch5: rsync-3.2.5-cve-2024-12087.patch
Patch6: rsync-3.2.5-cve-2024-12088.patch
Patch7: rsync-3.2.5-cve-2024-12747.patch
# This is here for RHEL9 lifetime to avoid changes in defaults.
# From RHEL10 this will have to be documented as a different
# behaviour for compression.
Patch8: rsync-3.2.5-default-compression.patch
%description
Rsync uses a reliable algorithm to bring remote and host files into
@ -62,6 +69,15 @@ Requires: %{name} = %{version}-%{release}
Rsync can be used to offer read only access to anonymous clients. This
package provides the anonymous rsync service.
%package rrsync
Summary: A script to setup restricted rsync users via ssh logins
BuildArch: noarch
Requires: %{name} = %{version}-%{release}
Requires: %{__python3}
%description rrsync
This subpackage provides rrsync script and its manpage. rrsync
may be used to setup a restricted rsync users via ssh logins.
%prep
# TAG: for pre versions use
@ -73,24 +89,17 @@ package provides the anonymous rsync service.
%setup -q -b 1
%endif
#Enable --copy-devices parameter
patch -p1 -i patches/copy-devices.diff
%patch0 -p1 -b .verify-hostname
%patch1 -p1 -b .runtests
%patch2 -p1 -b .lchmod
%patch3 -p1 -b .append-mode
%patch4 -p1 -b .xattr
%patch5 -p1 -b .segfault
%patch6 -p1 -b .atimes
%patch7 -p1 -b .cve-2018-25032
%patch8 -p1 -b .cve-2022-37434
%patch9 -p1 -b .cve-2022-29154
%patch10 -p1 -b .filtering-rules
%patch11 -p1 -b .delay-updates
%patch2 -p1 -b .rrsync-man
%patch3 -p1 -b .filtering-rules
%patch4 -p1 -b .cve-2024-12085
%patch5 -p1 -b .cve-2024-12087
%patch6 -p1 -b .cve-2024-12088
%patch7 -p1 -b .cve-2024-12747
%patch8 -p1 -b .default-compression
%build
%configure --disable-xxhash
%configure --disable-xxhash --with-rrsync
# --with-included-zlib=no temporary disabled because of #1043965
%{make_build}
@ -124,6 +133,10 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
%{_unitdir}/rsyncd.service
%{_unitdir}/rsyncd@.service
%files rrsync
%{_bindir}/r%{name}
%{_mandir}/man1/r%{name}.1*
%post daemon
%systemd_post rsyncd.service
@ -134,6 +147,21 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
%systemd_postun_with_restart rsyncd.service
%changelog
* Wed Feb 05 2025 Michal Ruprich <mruprich@redhat.com> - 3.2.5-3
- Resolves: RHEL-70265 - Rebase rsync to 3.2.5
* Wed Jan 29 2025 Michal Ruprich <mruprich@redhat.com> - 3.2.5-2
- Resolves: RHEL-70158 - Info Leak via Uninitialized Stack Contents
- Resolves: RHEL-70208 - Path traversal vulnerability in rsync
- Resolves: RHEL-70210 - --safe-links option bypass leads to path traversal
- Resolves: RHEL-71657 - Race Condition in rsync Handling Symbolic Links
* Mon Dec 09 2024 Michal Ruprich <mruprich@redhat.com> - 3.2.3-21
- Resolves: RHEL-70265 - Rebase rsync to 3.2.5
- Resolves: RHEL-67142 - Wrong progress reported by rsync when using copy-devices
- Resolves: RHEL-29340 - Slowness in rsync due to extra validation steps.
- Resolves: RHEL-18216 - rysnc script /usr/share/doc/rsync/support/rrsync is unsecure
* Thu Oct 19 2023 Alex Iribarren <Alex.Iribarren@cern.ch> - 3.2.3-20
- Resolves: RHEL-14228 - rsync regression with --delay-updates