rpms/rsync
5
0
Fork 1
Code Issues Pull Requests Releases Activity

import UBI rsync-3.3.0-1.el8

Browse Source
This commit is contained in:
Andrew Lukoshko 2024-04-17 12:44:40 +00:00
parent 781f938bf9
commit dc34118ecc
13 changed files with 86 additions and 2067 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/rsync-3.2.3.tar.gz
SOURCES/rsync-patches-3.2.3.tar.gz
SOURCES/rsync-3.3.0.tar.gz
SOURCES/rsync-patches-3.3.0.tar.gz

4
.rsync.metadata
View File

@ -1,2 +1,2 @@
00823f43901e7da39f3f0daf20ec9efae47e959e SOURCES/rsync-3.2.3.tar.gz
5c4c2866931b0f4dbb0d07567b2963c9dc66ec87 SOURCES/rsync-patches-3.2.3.tar.gz
e03db4fbaaebc5aa4934468cd31d22963b6ff888 SOURCES/rsync-3.3.0.tar.gz
36ff077d3c38277ac1b62245e3ae0c9be28a3646 SOURCES/rsync-patches-3.3.0.tar.gz

343
SOURCES/rsync-3.1.3-cve-2018-25032.patch
View File

@ -1,343 +0,0 @@
From 5c44459c3b28a9bd3283aaceab7c615f8020c531 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Tue, 17 Apr 2018 22:09:22 -0700
Subject: [PATCH] Fix a bug that can crash deflate on some input when using
Z_FIXED.
This bug was reported by Danilo Ramos of Eideticom, Inc. It has
lain in wait 13 years before being found! The bug was introduced
in zlib 1.2.2.2, with the addition of the Z_FIXED option. That
option forces the use of fixed Huffman codes. For rare inputs with
a large number of distant matches, the pending buffer into which
the compressed data is written can overwrite the distance symbol
table which it overlays. That results in corrupted output due to
invalid distances, and can result in out-of-bound accesses,
crashing the application.
The fix here combines the distance buffer and literal/length
buffers into a single symbol buffer. Now three bytes of pending
buffer space are opened up for each literal or length/distance
pair consumed, instead of the previous two bytes. This assures
that the pending buffer cannot overwrite the symbol table, since
the maximum fixed code compressed length/distance is 31 bits, and
since there are four bytes of pending space for every three bytes
of symbol space.
---
deflate.c | 74 ++++++++++++++++++++++++++++++++++++++++---------------
deflate.h | 25 +++++++++----------
trees.c | 50 +++++++++++--------------------------
3 files changed, 79 insertions(+), 70 deletions(-)
diff --git a/zlib/deflate.c b/zlib/deflate.c
index 425babc00..19cba873a 100644
--- a/zlib/deflate.c
+++ b/zlib/deflate.c
@@ -255,11 +255,6 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
int wrap = 1;
static const char my_version[] = ZLIB_VERSION;
- ushf *overlay;
- /* We overlay pending_buf and d_buf+l_buf. This works since the average
- * output size for (length,distance) codes is <= 24 bits.
- */
-
if (version == Z_NULL || version[0] != my_version[0] ||
stream_size != sizeof(z_stream)) {
return Z_VERSION_ERROR;
@@ -329,9 +324,47 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);
- s->pending_buf = (uchf *) overlay;
- s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L);
+ /* We overlay pending_buf and sym_buf. This works since the average size
+ * for length/distance pairs over any compressed block is assured to be 31
+ * bits or less.
+ *
+ * Analysis: The longest fixed codes are a length code of 8 bits plus 5
+ * extra bits, for lengths 131 to 257. The longest fixed distance codes are
+ * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest
+ * possible fixed-codes length/distance pair is then 31 bits total.
+ *
+ * sym_buf starts one-fourth of the way into pending_buf. So there are
+ * three bytes in sym_buf for every four bytes in pending_buf. Each symbol
+ * in sym_buf is three bytes -- two for the distance and one for the
+ * literal/length. As each symbol is consumed, the pointer to the next
+ * sym_buf value to read moves forward three bytes. From that symbol, up to
+ * 31 bits are written to pending_buf. The closest the written pending_buf
+ * bits gets to the next sym_buf symbol to read is just before the last
+ * code is written. At that time, 31*(n-2) bits have been written, just
+ * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at
+ * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1
+ * symbols are written.) The closest the writing gets to what is unread is
+ * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and
+ * can range from 128 to 32768.
+ *
+ * Therefore, at a minimum, there are 142 bits of space between what is
+ * written and what is read in the overlain buffers, so the symbols cannot
+ * be overwritten by the compressed data. That space is actually 139 bits,
+ * due to the three-bit fixed-code block header.
+ *
+ * That covers the case where either Z_FIXED is specified, forcing fixed
+ * codes, or when the use of fixed codes is chosen, because that choice
+ * results in a smaller compressed block than dynamic codes. That latter
+ * condition then assures that the above analysis also covers all dynamic
+ * blocks. A dynamic-code block will only be chosen to be emitted if it has
+ * fewer bits than a fixed-code block would for the same set of symbols.
+ * Therefore its average symbol length is assured to be less than 31. So
+ * the compressed data for a dynamic block also cannot overwrite the
+ * symbols from which it is being constructed.
+ */
+
+ s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4);
+ s->pending_buf_size = (ulg)s->lit_bufsize * 4;
if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
s->pending_buf == Z_NULL) {
@@ -340,8 +373,12 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
deflateEnd (strm);
return Z_MEM_ERROR;
}
- s->d_buf = overlay + s->lit_bufsize/sizeof(ush);
- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;
+ s->sym_buf = s->pending_buf + s->lit_bufsize;
+ s->sym_end = (s->lit_bufsize - 1) * 3;
+ /* We avoid equality with lit_bufsize*3 because of wraparound at 64K
+ * on 16 bit machines and because stored blocks are restricted to
+ * 64K-1 bytes.
+ */
s->level = level;
s->strategy = strategy;
@@ -552,7 +589,7 @@ int ZEXPORT deflatePrime (strm, bits, value)
if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
s = strm->state;
- if ((Bytef *)(s->d_buf) < s->pending_out + ((Buf_size + 7) >> 3))
+ if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3))
return Z_BUF_ERROR;
do {
put = Buf_size - s->bi_valid;
@@ -1113,7 +1150,6 @@ int ZEXPORT deflateCopy (dest, source)
#else
deflate_state *ds;
deflate_state *ss;
- ushf *overlay;
if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) {
@@ -1133,8 +1169,7 @@ int ZEXPORT deflateCopy (dest, source)
ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos));
ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos));
- overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2);
- ds->pending_buf = (uchf *) overlay;
+ ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4);
if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
ds->pending_buf == Z_NULL) {
@@ -1148,8 +1183,7 @@ int ZEXPORT deflateCopy (dest, source)
zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
- ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush);
- ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize;
+ ds->sym_buf = ds->pending_buf + ds->lit_bufsize;
ds->l_desc.dyn_tree = ds->dyn_ltree;
ds->d_desc.dyn_tree = ds->dyn_dtree;
@@ -1771,7 +1771,7 @@ local block_state deflate_fast(s, flush)
FLUSH_BLOCK(s, 1);
return finish_done;
}
- if (s->last_lit)
+ if (s->sym_next)
FLUSH_BLOCK(s, 0);
return block_done;
}
@@ -1912,7 +1912,7 @@ local block_state deflate_slow(s, flush)
FLUSH_BLOCK(s, 1);
return finish_done;
}
- if (s->last_lit)
+ if (s->sym_next)
FLUSH_BLOCK(s, 0);
return block_done;
}
@@ -1987,7 +1987,7 @@ local block_state deflate_rle(s, flush)
FLUSH_BLOCK(s, 1);
return finish_done;
}
- if (s->last_lit)
+ if (s->sym_next)
FLUSH_BLOCK(s, 0);
return block_done;
}
@@ -2026,7 +2026,7 @@ local block_state deflate_huff(s, flush)
FLUSH_BLOCK(s, 1);
return finish_done;
}
- if (s->last_lit)
+ if (s->sym_next)
FLUSH_BLOCK(s, 0);
return block_done;
}
diff --git a/zlib/deflate.h b/zlib/deflate.h
index 23ecdd312..d4cf1a98b 100644
--- a/zlib/deflate.h
+++ b/zlib/deflate.h
@@ -217,7 +217,7 @@ typedef struct internal_state {
/* Depth of each subtree used as tie breaker for trees of equal frequency
*/
- uchf *l_buf; /* buffer for literals or lengths */
+ uchf *sym_buf; /* buffer for distances and literals/lengths */
uInt lit_bufsize;
/* Size of match buffer for literals/lengths. There are 4 reasons for
@@ -239,13 +239,8 @@ typedef struct internal_state {
* - I can't count above 4
*/
- uInt last_lit; /* running index in l_buf */
-
- ushf *d_buf;
- /* Buffer for distances. To simplify the code, d_buf and l_buf have
- * the same number of elements. To use different lengths, an extra flag
- * array would be necessary.
- */
+ uInt sym_next; /* running index in sym_buf */
+ uInt sym_end; /* symbol table full when sym_next reaches this */
ulg opt_len; /* bit length of current block with optimal trees */
ulg static_len; /* bit length of current block with static trees */
@@ -317,20 +317,22 @@ void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf,
# define _tr_tally_lit(s, c, flush) \
{ uch cc = (c); \
- s->d_buf[s->last_lit] = 0; \
- s->l_buf[s->last_lit++] = cc; \
+ s->sym_buf[s->sym_next++] = 0; \
+ s->sym_buf[s->sym_next++] = 0; \
+ s->sym_buf[s->sym_next++] = cc; \
s->dyn_ltree[cc].Freq++; \
- flush = (s->last_lit == s->lit_bufsize-1); \
+ flush = (s->sym_next == s->sym_end); \
}
# define _tr_tally_dist(s, distance, length, flush) \
{ uch len = (length); \
ush dist = (distance); \
- s->d_buf[s->last_lit] = dist; \
- s->l_buf[s->last_lit++] = len; \
+ s->sym_buf[s->sym_next++] = dist; \
+ s->sym_buf[s->sym_next++] = dist >> 8; \
+ s->sym_buf[s->sym_next++] = len; \
dist--; \
s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
s->dyn_dtree[d_code(dist)].Freq++; \
- flush = (s->last_lit == s->lit_bufsize-1); \
+ flush = (s->sym_next == s->sym_end); \
}
#else
# define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
diff --git a/zlib/trees.c b/zlib/trees.c
index 4f4a65011..decaeb7c3 100644
--- a/zlib/trees.c
+++ b/zlib/trees.c
@@ -416,7 +416,7 @@ local void init_block(s)
s->dyn_ltree[END_BLOCK].Freq = 1;
s->opt_len = s->static_len = 0L;
- s->last_lit = s->matches = 0;
+ s->sym_next = s->matches = 0;
}
#define SMALLEST 1
@@ -948,7 +948,7 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last)
Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
- s->last_lit));
+ s->sym_next / 3));
if (static_lenb <= opt_lenb) opt_lenb = static_lenb;
@@ -1017,8 +1017,9 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
unsigned dist; /* distance of matched string */
unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */
{
- s->d_buf[s->last_lit] = (ush)dist;
- s->l_buf[s->last_lit++] = (uch)lc;
+ s->sym_buf[s->sym_next++] = dist;
+ s->sym_buf[s->sym_next++] = dist >> 8;
+ s->sym_buf[s->sym_next++] = lc;
if (dist == 0) {
/* lc is the unmatched char */
s->dyn_ltree[lc].Freq++;
@@ -1033,30 +1034,7 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++;
s->dyn_dtree[d_code(dist)].Freq++;
}
-
-#ifdef TRUNCATE_BLOCK
- /* Try to guess if it is profitable to stop the current block here */
- if ((s->last_lit & 0x1fff) == 0 && s->level > 2) {
- /* Compute an upper bound for the compressed length */
- ulg out_length = (ulg)s->last_lit*8L;
- ulg in_length = (ulg)((long)s->strstart - s->block_start);
- int dcode;
- for (dcode = 0; dcode < D_CODES; dcode++) {
- out_length += (ulg)s->dyn_dtree[dcode].Freq *
- (5L+extra_dbits[dcode]);
- }
- out_length >>= 3;
- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ",
- s->last_lit, in_length, out_length,
- 100L - out_length*100L/in_length));
- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1;
- }
-#endif
- return (s->last_lit == s->lit_bufsize-1);
- /* We avoid equality with lit_bufsize because of wraparound at 64K
- * on 16 bit machines and because stored blocks are restricted to
- * 64K-1 bytes.
- */
+ return (s->sym_next == s->sym_end);
}
/* ===========================================================================
@@ -1069,13 +1047,14 @@ local void compress_block(s, ltree, dtree)
{
unsigned dist; /* distance of matched string */
int lc; /* match length or unmatched char (if dist == 0) */
- unsigned lx = 0; /* running index in l_buf */
+ unsigned sx = 0; /* running index in sym_buf */
unsigned code; /* the code to send */
int extra; /* number of extra bits to send */
- if (s->last_lit != 0) do {
- dist = s->d_buf[lx];
- lc = s->l_buf[lx++];
+ if (s->sym_next != 0) do {
+ dist = s->sym_buf[sx++] & 0xff;
+ dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8;
+ lc = s->sym_buf[sx++];
if (dist == 0) {
send_code(s, lc, ltree); /* send a literal byte */
Tracecv(isgraph(lc), (stderr," '%c' ", lc));
@@ -1100,11 +1079,10 @@ local void compress_block(s, ltree, dtree)
}
} /* literal or match pair ? */
- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */
- Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx,
- "pendingBuf overflow");
+ /* Check that the overlay between pending_buf and sym_buf is ok: */
+ Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow");
- } while (lx < s->last_lit);
+ } while (sx < s->sym_next);
send_code(s, END_BLOCK, ltree);
}

22
SOURCES/rsync-3.2.2-ssl-verify-hostname.patch
View File

@ -1,22 +0,0 @@
From Mon Sep 17 00:00:00 2001
From: Matt McCutchen <matt@mattmccutchen.net>
Date: Wed, 26 Aug 2020 12:16:08 -0400
rsync-ssl: Verify the hostname in the certificate when using openssl.
---
rsync-ssl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rsync-ssl b/rsync-ssl
index 8101975a..46701af1 100755
--- a/rsync-ssl
+++ b/rsync-ssl
@@ -129,7 +129,7 @@ function rsync_ssl_helper {
fi
if [[ $RSYNC_SSL_TYPE == openssl ]]; then
- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
+ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
else

36
SOURCES/rsync-3.2.3-append-mode.patch
View File

@ -1,36 +0,0 @@
diff --git a/rsync.1.md b/rsync.1.md
index ec971ecc..7bb4c5a1 100644
--- a/rsync.1.md
+++ b/rsync.1.md
@@ -949,7 +949,9 @@ your home directory (remove the '=' for that).
existing content in the file (it only verifies the content that it is
appending). Rsync skips any files that exist on the receiving side that
are not shorter than the associated file on the sending side (which means
- that new files are trasnferred).
+ that new files are trasnferred). It also skips any files whose size on the
+ sending side gets shorter during the send negotiations (rsync warns about a
+ "diminished" file when this happens).
This does not interfere with the updating of a file's non-content
attributes (e.g. permissions, ownership, etc.) when the file does not need
diff --git a/sender.c b/sender.c
index 94761c26..9cfca134 100644
--- a/sender.c
+++ b/sender.c
@@ -362,6 +362,16 @@ void send_files(int f_in, int f_out)
exit_cleanup(RERR_FILEIO);
}
+ if (append_mode > 0 && st.st_size < F_LENGTH(file)) {
+ rprintf(FWARNING, "skipped diminished file: %s\n",
+ full_fname(fname));
+ free_sums(s);
+ close(fd);
+ if (protocol_version >= 30)
+ send_msg_int(MSG_NO_SEND, ndx);
+ continue;
+ }
+
if (IS_DEVICE(st.st_mode) && st.st_size == 0)
st.st_size = get_device_size(fd, fname);

48
SOURCES/rsync-3.2.3-atimes.patch
View File

@ -1,48 +0,0 @@
diff --git a/rsync.c b/rsync.c
index bcecac63..ff9489be 100644
--- a/rsync.c
+++ b/rsync.c
@@ -63,8 +63,7 @@ extern char *iconv_opt;
#define UPDATED_ATIME (1<<3)
#define UPDATED_ACLS (1<<4)
#define UPDATED_MODE (1<<5)
-
-#define UPDATED_TIMES (UPDATED_MTIME|UPDATED_ATIME)
+#define UPDATED_CRTIME (1<<6)
#ifdef ICONV_CONST
iconv_t ic_chck = (iconv_t)-1;
@@ -576,10 +575,11 @@ int set_file_attrs(const char *fname, struct file_struct *file, stat_x *sxp,
set_xattr(fname, file, fnamecmp, sxp);
#endif
- if (!preserve_times
- || (!(preserve_times & PRESERVE_DIR_TIMES) && S_ISDIR(sxp->st.st_mode))
- || (!(preserve_times & PRESERVE_LINK_TIMES) && S_ISLNK(sxp->st.st_mode)))
- flags |= ATTRS_SKIP_MTIME | ATTRS_SKIP_ATIME;
+ if (!preserve_times)
+ flags |= ATTRS_SKIP_MTIME | (atimes_ndx ? 0 : ATTRS_SKIP_ATIME) | (crtimes_ndx ? 0 : ATTRS_SKIP_CRTIME);
+ else if ((!(preserve_times & PRESERVE_DIR_TIMES) && S_ISDIR(sxp->st.st_mode))
+ || (!(preserve_times & PRESERVE_LINK_TIMES) && S_ISLNK(sxp->st.st_mode)))
+ flags |= ATTRS_SKIP_MTIME | ATTRS_SKIP_ATIME | ATTRS_SKIP_CRTIME;
else if (sxp != &sx2)
memcpy(&sx2.st, &sxp->st, sizeof (sx2.st));
if (!atimes_ndx || S_ISDIR(sxp->st.st_mode))
@@ -606,7 +606,7 @@ int set_file_attrs(const char *fname, struct file_struct *file, stat_x *sxp,
updated |= UPDATED_ATIME;
}
}
- if (updated & UPDATED_TIMES) {
+ if (updated & (UPDATED_MTIME|UPDATED_ATIME)) {
int ret = set_times(fname, &sx2.st);
if (ret < 0) {
rsyserr(FERROR_XFER, errno, "failed to set times on %s",
@@ -614,7 +614,7 @@ int set_file_attrs(const char *fname, struct file_struct *file, stat_x *sxp,
goto cleanup;
}
if (ret > 0) { /* ret == 1 if symlink could not be set */
- updated &= ~UPDATED_TIMES;
+ updated &= ~(UPDATED_MTIME|UPDATED_ATIME);
file->flags |= FLAG_TIME_FAILED;
}
}

1085
SOURCES/rsync-3.2.3-cve-2022-29154.patch
View File

File diff suppressed because it is too large Load Diff

16
SOURCES/rsync-3.2.3-cve-2022-37434.patch
View File

@ -1,16 +0,0 @@
diff --git a/zlib/inflate.c b/zlib/inflate.c
index e43abd9..bd33c19 100644
--- a/zlib/inflate.c
+++ b/zlib/inflate.c
@@ -740,8 +740,9 @@ int flush;
if (copy > have) copy = have;
if (copy) {
if (state->head != Z_NULL &&
- state->head->extra != Z_NULL) {
- len = state->head->extra_len - state->length;
+ state->head->extra != Z_NULL &&
+ (len = state->head->extra_len - state->length) <
+ state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);

333
SOURCES/rsync-3.2.3-filtering-rules.patch
View File

@ -1,333 +0,0 @@
diff --git a/exclude.c b/exclude.c
index 13c4253..232249f 100644
--- a/exclude.c
+++ b/exclude.c
@@ -79,6 +79,10 @@ static filter_rule **mergelist_parents;
static int mergelist_cnt = 0;
static int mergelist_size = 0;
+#define LOCAL_RULE 1
+#define REMOTE_RULE 2
+static uchar cur_elide_value = REMOTE_RULE;
+
/* Each filter_list_struct describes a singly-linked list by keeping track
* of both the head and tail pointers. The list is slightly unusual in that
* a parent-dir's content can be appended to the end of the local list in a
@@ -218,6 +222,7 @@ static void add_rule(filter_rule_list *listp, const char *pat, unsigned int pat_
slash_cnt++;
}
}
+ rule->elide = 0;
strlcpy(rule->pattern + pre_len, pat, pat_len + 1);
pat_len += pre_len;
if (suf_len) {
@@ -364,6 +369,8 @@ void implied_include_partial_string(const char *s_start, const char *s_end)
void free_implied_include_partial_string()
{
if (partial_string_buf) {
+ if (partial_string_len)
+ add_implied_include("", 0);
free(partial_string_buf);
partial_string_buf = NULL;
}
@@ -374,9 +381,8 @@ void free_implied_include_partial_string()
* that the receiver uses to validate the file list from the sender. */
void add_implied_include(const char *arg, int skip_daemon_module)
{
- filter_rule *rule;
int arg_len, saw_wild = 0, saw_live_open_brkt = 0, backslash_cnt = 0;
- int slash_cnt = 1; /* We know we're adding a leading slash. */
+ int slash_cnt = 0;
const char *cp;
char *p;
if (am_server || old_style_args || list_only || read_batch || filesfrom_host != NULL)
@@ -407,6 +413,7 @@ void add_implied_include(const char *arg, int skip_daemon_module)
}
arg_len = strlen(arg);
if (arg_len) {
+ char *new_pat;
if (strpbrk(arg, "*[?")) {
/* We need to add room to escape backslashes if wildcard chars are present. */
for (cp = arg; (cp = strchr(cp, '\\')) != NULL; cp++)
@@ -414,16 +421,9 @@ void add_implied_include(const char *arg, int skip_daemon_module)
saw_wild = 1;
}
arg_len++; /* Leave room for the prefixed slash */
- rule = new0(filter_rule);
- if (!implied_filter_list.head)
- implied_filter_list.head = implied_filter_list.tail = rule;
- else {
- rule->next = implied_filter_list.head;
- implied_filter_list.head = rule;
- }
- rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0);
- p = rule->pattern = new_array(char, arg_len + 1);
+ p = new_pat = new_array(char, arg_len + 1);
*p++ = '/';
+ slash_cnt++;
for (cp = arg; *cp; ) {
switch (*cp) {
case '\\':
@@ -439,15 +439,70 @@ void add_implied_include(const char *arg, int skip_daemon_module)
break;
case '/':
if (p[-1] == '/') { /* This is safe because of the initial slash. */
+ if (*++cp == '\0') {
+ slash_cnt--;
+ p--;
+ }
+ } else if (cp[1] == '\0') {
cp++;
- break;
+ } else {
+ slash_cnt++;
+ *p++ = *cp++;
}
- if (relative_paths) {
- filter_rule const *ent;
+ break;
+ case '.':
+ if (p[-1] == '/') {
+ if (cp[1] == '/') {
+ cp += 2;
+ if (!*cp) {
+ slash_cnt--;
+ p--;
+ }
+ } else if (cp[1] == '\0') {
+ cp++;
+ slash_cnt--;
+ p--;
+ } else
+ *p++ = *cp++;
+ } else
+ *p++ = *cp++;
+ break;
+ case '[':
+ saw_live_open_brkt = 1;
+ *p++ = *cp++;
+ break;
+ default:
+ *p++ = *cp++;
+ break;
+ }
+ }
+ *p = '\0';
+ arg_len = p - new_pat;
+ if (!arg_len)
+ free(new_pat);
+ else {
+ filter_rule *rule = new0(filter_rule);
+ rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0);
+ rule->u.slash_cnt = slash_cnt;
+ arg = rule->pattern = new_pat;
+ if (!implied_filter_list.head)
+ implied_filter_list.head = implied_filter_list.tail = rule;
+ else {
+ rule->next = implied_filter_list.head;
+ implied_filter_list.head = rule;
+ }
+ if (DEBUG_GTE(FILTER, 3))
+ rprintf(FINFO, "[%s] add_implied_include(%s)\n", who_am_i(), arg);
+ if (saw_live_open_brkt)
+ maybe_add_literal_brackets_rule(rule, arg_len);
+ if (relative_paths && slash_cnt) {
+ filter_rule const *ent;
+ slash_cnt = 1;
+ for (p = new_pat + 1; (p = strchr(p, '/')) != NULL; p++) {
int found = 0;
*p = '\0';
for (ent = implied_filter_list.head; ent; ent = ent->next) {
- if (ent != rule && strcmp(ent->pattern, rule->pattern) == 0) {
+ if (ent != rule && strcmp(ent->pattern, new_pat) == 0) {
found = 1;
break;
}
@@ -456,9 +511,9 @@ void add_implied_include(const char *arg, int skip_daemon_module)
filter_rule *R_rule = new0(filter_rule);
R_rule->rflags = FILTRULE_INCLUDE | FILTRULE_DIRECTORY;
/* Check if our sub-path has wildcards or escaped backslashes */
- if (saw_wild && strpbrk(rule->pattern, "*[?\\"))
+ if (saw_wild && strpbrk(new_pat, "*[?\\"))
R_rule->rflags |= FILTRULE_WILD;
- R_rule->pattern = strdup(rule->pattern);
+ R_rule->pattern = strdup(new_pat);
R_rule->u.slash_cnt = slash_cnt;
R_rule->next = implied_filter_list.head;
implied_filter_list.head = R_rule;
@@ -469,32 +524,16 @@ void add_implied_include(const char *arg, int skip_daemon_module)
if (saw_live_open_brkt)
maybe_add_literal_brackets_rule(R_rule, -1);
}
+ *p = '/';
+ slash_cnt++;
}
- slash_cnt++;
- *p++ = *cp++;
- break;
- case '[':
- saw_live_open_brkt = 1;
- *p++ = *cp++;
- break;
- default:
- *p++ = *cp++;
- break;
}
}
- *p = '\0';
- rule->u.slash_cnt = slash_cnt;
- arg = rule->pattern;
- arg_len = p - arg; /* We recompute it due to backslash weirdness. */
- if (DEBUG_GTE(FILTER, 3))
- rprintf(FINFO, "[%s] add_implied_include(%s)\n", who_am_i(), rule->pattern);
- if (saw_live_open_brkt)
- maybe_add_literal_brackets_rule(rule, arg_len);
}
if (recurse || xfer_dirs) {
/* Now create a rule with an added "/" & "**" or "*" at the end */
- rule = new0(filter_rule);
+ filter_rule *rule = new0(filter_rule);
rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD;
if (recurse)
rule->rflags |= FILTRULE_WILD2;
@@ -502,7 +541,7 @@ void add_implied_include(const char *arg, int skip_daemon_module)
if (!saw_wild && backslash_cnt) {
/* We are appending a wildcard, so now the backslashes need to be escaped. */
p = rule->pattern = new_array(char, arg_len + backslash_cnt + 3 + 1);
- for (cp = arg; *cp; ) {
+ for (cp = arg; *cp; ) { /* Note that arg_len != 0 because backslash_cnt > 0 */
if (*cp == '\\')
*p++ = '\\';
*p++ = *cp++;
@@ -514,13 +553,15 @@ void add_implied_include(const char *arg, int skip_daemon_module)
p += arg_len;
}
}
- if (p[-1] != '/')
+ if (p[-1] != '/') {
*p++ = '/';
+ slash_cnt++;
+ }
*p++ = '*';
if (recurse)
*p++ = '*';
*p = '\0';
- rule->u.slash_cnt = slash_cnt + 1;
+ rule->u.slash_cnt = slash_cnt;
rule->next = implied_filter_list.head;
implied_filter_list.head = rule;
if (DEBUG_GTE(FILTER, 3))
@@ -869,7 +910,7 @@ static int rule_matches(const char *fname, filter_rule *ex, int name_flags)
const char *strings[16]; /* more than enough */
const char *name = fname + (*fname == '/');
- if (!*name)
+ if (!*name || ex->elide == cur_elide_value)
return 0;
if (!(name_flags & NAME_IS_XATTR) ^ !(ex->rflags & FILTRULE_XATTR))
@@ -985,6 +1026,15 @@ int name_is_excluded(const char *fname, int name_flags, int filter_level)
return 0;
}
+int check_server_filter(filter_rule_list *listp, enum logcode code, const char *name, int name_flags)
+{
+ int ret;
+ cur_elide_value = LOCAL_RULE;
+ ret = check_filter(listp, code, name, name_flags);
+ cur_elide_value = REMOTE_RULE;
+ return ret;
+}
+
/* Return -1 if file "name" is defined to be excluded by the specified
* exclude list, 1 if it is included, and 0 if it was not matched. */
int check_filter(filter_rule_list *listp, enum logcode code,
@@ -1550,7 +1600,7 @@ char *get_rule_prefix(filter_rule *rule, const char *pat, int for_xfer,
static void send_rules(int f_out, filter_rule_list *flp)
{
- filter_rule *ent, *prev = NULL;
+ filter_rule *ent;
for (ent = flp->head; ent; ent = ent->next) {
unsigned int len, plen, dlen;
@@ -1565,21 +1615,15 @@ static void send_rules(int f_out, filter_rule_list *flp)
* merge files as an optimization (since they can only have
* include/exclude rules). */
if (ent->rflags & FILTRULE_SENDER_SIDE)
- elide = am_sender ? 1 : -1;
+ elide = am_sender ? LOCAL_RULE : REMOTE_RULE;
if (ent->rflags & FILTRULE_RECEIVER_SIDE)
- elide = elide ? 0 : am_sender ? -1 : 1;
+ elide = elide ? 0 : am_sender ? REMOTE_RULE : LOCAL_RULE;
else if (delete_excluded && !elide
&& (!(ent->rflags & FILTRULE_PERDIR_MERGE)
|| ent->rflags & FILTRULE_NO_PREFIXES))
- elide = am_sender ? 1 : -1;
- if (elide < 0) {
- if (prev)
- prev->next = ent->next;
- else
- flp->head = ent->next;
- } else
- prev = ent;
- if (elide > 0)
+ elide = am_sender ? LOCAL_RULE : REMOTE_RULE;
+ ent->elide = elide;
+ if (elide == LOCAL_RULE)
continue;
if (ent->rflags & FILTRULE_CVS_IGNORE
&& !(ent->rflags & FILTRULE_MERGE_FILE)) {
@@ -1607,7 +1651,6 @@ static void send_rules(int f_out, filter_rule_list *flp)
if (dlen)
write_byte(f_out, '/');
}
- flp->tail = prev;
}
/* This is only called by the client. */
diff --git a/options.c b/options.c
index afc33ce..4d0a1a6 100644
--- a/options.c
+++ b/options.c
@@ -2426,7 +2426,9 @@ char *safe_arg(const char *opt, const char *arg)
char *ret;
if (!protect_args && old_style_args < 2 && (!old_style_args || (!is_filename_arg && opt != SPLIT_ARG_WHEN_OLD))) {
const char *f;
- if (!old_style_args && *arg == '~' && (relative_paths || !strchr(arg, '/'))) {
+ if (!old_style_args && *arg == '~'
+ && ((relative_paths && !strstr(arg, "/./"))
+ || !strchr(arg, '/'))) {
extras++;
escape_leading_tilde = 1;
}
diff --git a/flist.c b/flist.c
index 630d685..8c2397b 100644
--- a/flist.c
+++ b/flist.c
@@ -904,10 +904,10 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x
exit_cleanup(RERR_UNSUPPORTED);
}
- if (*thisname != '.' || thisname[1] != '\0') {
+ if (*thisname == '/' ? thisname[1] != '.' || thisname[2] != '\0' : *thisname != '.' || thisname[1] != '\0') {
int filt_flags = S_ISDIR(mode) ? NAME_IS_DIR : NAME_IS_FILE;
if (!trust_sender_filter /* a per-dir filter rule means we must trust the sender's filtering */
- && filter_list.head && check_filter(&filter_list, FINFO, thisname, filt_flags) < 0) {
+ && filter_list.head && check_server_filter(&filter_list, FINFO, thisname, filt_flags) < 0) {
rprintf(FERROR, "ERROR: rejecting excluded file-list name: %s\n", thisname);
exit_cleanup(RERR_PROTOCOL);
}
diff --git a/rsync.h b/rsync.h
index 53fff2d..b357dad 100644
--- a/rsync.h
+++ b/rsync.h
@@ -899,6 +899,7 @@ typedef struct filter_struct {
int slash_cnt;
struct filter_list_struct *mergelist;
} u;
+ uchar elide;
} filter_rule;
typedef struct filter_list_struct {

53
SOURCES/rsync-3.2.3-lchmod.patch
View File

@ -1,53 +0,0 @@
diff --git a/syscall.c b/syscall.c
index b9c3b4ef..11d10e4a 100644
--- a/syscall.c
+++ b/syscall.c
@@ -227,27 +227,35 @@ int do_open(const char *pathname, int flags, mode_t mode)
#ifdef HAVE_CHMOD
int do_chmod(const char *path, mode_t mode)
{
+ static int switch_step = 0;
int code;
if (dry_run) return 0;
RETURN_ERROR_IF_RO_OR_LO;
+ switch (switch_step) {
#ifdef HAVE_LCHMOD
- code = lchmod(path, mode & CHMOD_BITS);
-#else
- if (S_ISLNK(mode)) {
+#include "case_N.h"
+ if ((code = lchmod(path, mode & CHMOD_BITS)) == 0 || errno != ENOTSUP)
+ break;
+ switch_step++;
+#endif
+
+#include "case_N.h"
+ if (S_ISLNK(mode)) {
# if defined HAVE_SETATTRLIST
- struct attrlist attrList;
- uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
+ struct attrlist attrList;
+ uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
- memset(&attrList, 0, sizeof attrList);
- attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
- attrList.commonattr = ATTR_CMN_ACCESSMASK;
- code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
+ memset(&attrList, 0, sizeof attrList);
+ attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
+ attrList.commonattr = ATTR_CMN_ACCESSMASK;
+ code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
# else
- code = 1;
+ code = 1;
# endif
- } else
- code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
-#endif /* !HAVE_LCHMOD */
+ } else
+ code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
+ break;
+ }
if (code != 0 && (preserve_perms || preserve_executability))
return code;
return 0;

24
SOURCES/rsync-3.2.3-segfault.patch
View File

@ -1,24 +0,0 @@
From f5a9a1013873580d0ad2ae4f5c5038c324d71bfe Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayne@opencoder.net>
Date: Mon, 21 Feb 2022 14:19:31 -0800
Subject: [PATCH] Fix possible array deref using invalid index.
---
copy-devices.diff | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/patches/copy-devices.diff b/patches/copy-devices.diff
index 797d046..4138474 100644
--- a/patches/copy-devices.diff
+++ b/patches/copy-devices.diff
@@ -111,8 +111,8 @@ diff --git a/rsync.c b/rsync.c
if (iflags & ITEM_TRANSFER) {
int i = ndx - cur_flist->ndx_start;
- if (i < 0 || !S_ISREG(cur_flist->files[i]->mode)) {
-+ struct file_struct *file = cur_flist->files[i];
-+ if (i < 0 || !(S_ISREG(file->mode) || (copy_devices && IS_DEVICE(file->mode)))) {
++ if (i < 0
++ || !(S_ISREG(cur_flist->files[i]->mode) || (copy_devices && IS_DEVICE(cur_flist->files[i]->mode)))) {
rprintf(FERROR,
"received request to transfer non-regular file: %d [%s]\n",
ndx, who_am_i());

38
SOURCES/rsync-3.2.3-xattr.patch
View File

@ -1,38 +0,0 @@
diff --git a/xattrs.c b/xattrs.c
index 508649c0..3c549192 100644
--- a/xattrs.c
+++ b/xattrs.c
@@ -1055,7 +1055,7 @@ int set_xattr(const char *fname, const struct file_struct *file, const char *fna
{
rsync_xa_list *glst = rsync_xal_l.items;
item_list *lst;
- int ndx;
+ int ndx, added_write_perm = 0;
if (dry_run)
return 1; /* FIXME: --dry-run needs to compute this value */
@@ -1084,10 +1084,23 @@ int set_xattr(const char *fname, const struct file_struct *file, const char *fna
}
#endif
+ /* If the target file lacks write permission, we try to add it
+ * temporarily so we can change the extended attributes. */
+ if (!am_root
+#ifdef SUPPORT_LINKS
+ && !S_ISLNK(sxp->st.st_mode)
+#endif
+ && access(fname, W_OK) < 0
+ && do_chmod(fname, (sxp->st.st_mode & CHMOD_BITS) | S_IWUSR) == 0)
+ added_write_perm = 1;
+
ndx = F_XATTR(file);
glst += ndx;
lst = &glst->xa_items;
- return rsync_xal_set(fname, lst, fnamecmp, sxp);
+ int return_value = rsync_xal_set(fname, lst, fnamecmp, sxp);
+ if (added_write_perm) /* remove the temporary write permission */
+ do_chmod(fname, sxp->st.st_mode);
+ return return_value;
}
#ifdef SUPPORT_ACLS

147
SPECS/rsync.spec
View File

@ -1,16 +1,15 @@
%global _hardened_build 1
%define isprerelease 0
%define _lto_cflags %{nil}
%if %isprerelease
%define prerelease pre1
%define prerelease pre3
%endif
Summary: A program for synchronizing files over a network
Name: rsync
Version: 3.2.3
Release: 19%{?dist}
Version: 3.3.0
Release: 1%{?prerelease}%{?dist}
URL: https://rsync.samba.org/
Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
@ -22,26 +21,26 @@ Source5: rsyncd.sysconfig
Source6: rsyncd@.service
BuildRequires: make
BuildRequires: gcc gcc-c++
BuildRequires: libacl-devel, libattr-devel, autoconf, popt-devel, systemd
BuildRequires: lz4-devel openssl-devel libzstd-devel
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: libacl-devel
BuildRequires: libattr-devel
BuildRequires: autoconf
BuildRequires: popt-devel
BuildRequires: systemd
BuildRequires: lz4-devel
BuildRequires: openssl-devel
BuildRequires: libzstd-devel
BuildRequires: xxhash-devel
#Added virtual provide for zlib due to https://fedoraproject.org/wiki/Bundled_Libraries?rd=Packaging:Bundled_Libraries
Provides: bundled(zlib) = 1.2.8
License: GPLv3+
#rsync code is distributed under GPLv3+ license. There are files under popt/ directory
#which are provided under X11 license but they are not compiled. Except rsync links to
#popt provided by popt-devel from the system. Should this change, X11 license should be
#mentioned here as well.
License: GPL-3.0-or-later
#Added temporarily until new rebase
Patch0: rsync-3.2.2-ssl-verify-hostname.patch
#Added due to rhbz#1873975 - default-acls test fail on s390x due to libacl
Patch1: rsync-3.2.2-runtests.patch
Patch2: rsync-3.2.3-lchmod.patch
Patch3: rsync-3.2.3-append-mode.patch
Patch4: rsync-3.2.3-xattr.patch
Patch5: rsync-3.2.3-segfault.patch
Patch6: rsync-3.2.3-atimes.patch
Patch7: rsync-3.1.3-cve-2018-25032.patch
Patch8: rsync-3.2.3-cve-2022-37434.patch
Patch9: rsync-3.2.3-cve-2022-29154.patch
Patch10: rsync-3.2.3-filtering-rules.patch
%description
Rsync uses a reliable algorithm to bring remote and host files into
@ -72,24 +71,16 @@ package provides the anonymous rsync service.
%setup -q -b 1
%endif
#Enable --copy-devices parameter
patch -p1 -i patches/copy-devices.diff
%patch0 -p1 -b .verify-hostname
#%patch0 -p1 -b .verify-hostname
%patch1 -p1 -b .runtests
%patch2 -p1 -b .lchmod
%patch3 -p1 -b .append-mode
%patch4 -p1 -b .xattr
%patch5 -p1 -b .segfault
%patch6 -p1 -b .atimes
%patch7 -p1 -b .cve-2018-25032
%patch8 -p1 -b .cve-2022-37434
%patch9 -p1 -b .cve-2022-29154
%patch10 -p1 -b .filtering-rules
%build
%configure --disable-xxhash
# --with-included-zlib=no temporary disabled because of #1043965
%configure \
--enable-openssl \
--enable-xxhash \
--enable-zstd \
--enable-lz4 \
--enable-ipv6
%{make_build}
@ -132,49 +123,75 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
%systemd_postun_with_restart rsyncd.service
%changelog
* Wed Nov 02 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-19
- Resolves: #2139349 - rsync error: protocol incompatibility when using rsync-3.2.3-18.el9
* Wed Apr 17 2024 Andrew Lukoshko <alukoshko@almalinux.org> - 3.3.0-1
- New version 3.3.0
* Thu Aug 25 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-18
- Resolves: #2111177 - remote arbitrary files write inside the directories of connecting peers
* Mon Mar 20 2023 Michal Ruprich <mruprich@redhat.com> - 3.2.7-3
- SPDX migration
* Thu Aug 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-17
- Resolves: #2116669 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed May 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-16
- Related: #2081296 - Adding ci.fmf for separation of testing results
* Fri Oct 21 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.7-1
- New version 3.2.7
* Wed May 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-15
- Related: #2081296 - Disabling STI
* Tue Sep 27 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.6-2
- Resolves: #2128682 - rsync fail with "ERROR: rejecting unrequested file-list name..." depend of parameters order
* Wed May 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-14
- Resolves: #2071514 - A flaw found in zlib when compressing (not decompressing) certain inputs
* Mon Sep 12 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.6-1
- New version 3.2.6
* Wed May 11 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-13
- Resolves: #2079639 - rsync --atimes doesn't work
* Tue Aug 16 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.5-1
- New version 3.2.5
- Resolves: #2115430 - remote arbitrary files write inside the directories of connecting peers
- Fix for CVE-2022-37434
* Tue May 03 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-12
- Resolves: #2081296 - Enable fmf tests in centos stream
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Apr 26 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-11
- Resolves: #2053198 - rsync segmentation fault
* Tue May 17 2022 Adam Williamson <awilliam@redhat.com> - 3.2.4-4
- Bump revision to 4 to be higher than wrongly-versioned 3.2.4-3pre3
* Fri Apr 22 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-10
- Resolves: #2077431 - Read-only files that have changed xattrs fail to allow xattr changes
* Tue May 17 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.4-1
- New version 3.2.4
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.2.3-9
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Apr 14 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.4-3pre3
- Fix for CVE-2018-25032
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2.3-8
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Mon Mar 21 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.4-2pre3
- Removing part of patch that does not belong
* Mon May 31 2021 Michal Ruprich <mruprich@redhat.com> - 3.2.3-7
- Resolves: #1955008 - rsync segfaults in --append mode when file on sender is large (> 2GB) and gets truncated
* Wed Mar 16 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.4-1pre3
- New pre-release version 3.2.4pre3
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2.3-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.3-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Nov 16 2021 Michal Ruprich <mruprich@redhat.com> - 3.2.3-13
- Separating ci tests
* Tue Nov 16 2021 Michal Ruprich <mruprich@redhat.com> - 3.2.3-12
- Disabling STI tests
* Mon Nov 15 2021 Michal Ruprich <mruprich@redhat.com> - 3.2.3-11
- Bumping version to test fixed gating file
* Fri Nov 5 2021 Jan Kratochvil <jan@jankratochvil.net> - 3.2.3-10
- Re-enable xxh128 xxh3 xxh64 disabled during 3.2.2 update.
- Enforce openssl xxhash zstd lz4 ipv6 features by --enable-*.
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 3.2.3-9
- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sun May 09 2021 Jeff Law <jlaw@tachyum.com> - 3.2.3-7
- Re-enable LTO.
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 3.2.3-6
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild