rpms/rsync
5
0
Fork 1
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:c8
Branches Tags
rpms:c8
rpms:c10s
rpms:a8-backports
rpms:a9-backports
rpms:c9
rpms:a10s
rpms:a9
rpms:a8
rpms:c9s
rpms:c9-beta
rpms:c8-beta
rpms:c8s
rpms:imports/c10s/rsync-3.4.1-1.el10
rpms:imports/c9/rsync-3.2.3-20.el9_5.1
rpms:imports/c8/rsync-3.1.3-20.el8_10
rpms:changed/a10s/rsync-3.3.0-6.el10.alma.1
rpms:changed/a9/rsync-3.2.5-1.el9.alma.1
rpms:imports/a9/rsync-3.2.5-1.el9
rpms:changed/a8/rsync-3.1.3-19.el8_7.1.alma.1
rpms:imports/c9/rsync-3.2.3-20.el9
rpms:imports/c10s/rsync-3.3.0-6.el10
rpms:imports/c9-beta/rsync-3.2.3-20.el9
rpms:imports/c10s/rsync-3.3.0-5.el10
rpms:imports/c10s/rsync-3.3.0-3.el10
rpms:imports/a9-backports/rsync-3.3.0-1.el9
rpms:imports/a8-backports/rsync-3.3.0-1.el8
rpms:imports/c9/rsync-3.2.3-19.el9
rpms:imports/c9-beta/rsync-3.2.3-19.el9
rpms:imports/c8-beta/rsync-3.1.3-19.el8_7.1
rpms:imports/c8/rsync-3.1.3-19.el8_7.1
rpms:imports/c9/rsync-3.2.3-18.el9
rpms:imports/c8s/rsync-3.1.3-19.el8_7.1
rpms:imports/c8/rsync-3.1.3-19.el8
rpms:imports/c9-beta/rsync-3.2.3-18.el9
rpms:imports/c8-beta/rsync-3.1.3-19.el8
rpms:imports/c8s/rsync-3.1.3-19.el8
rpms:imports/c9/rsync-3.2.3-9.el9_0.2
rpms:imports/c8/rsync-3.1.3-14.el8_6.3
rpms:imports/c8s/rsync-3.1.3-17.el8
rpms:imports/c8s/rsync-3.1.3-16.el8
rpms:imports/c9/rsync-3.2.3-9.el9_0.1
rpms:imports/c9/rsync-3.2.3-9.el9
rpms:imports/c8s/rsync-3.1.3-12.el8_5.1
rpms:imports/c8/rsync-3.1.3-14.el8_6.2
rpms:imports/c8/rsync-3.1.3-14.el8
rpms:imports/c8-beta/rsync-3.1.3-14.el8
rpms:imports/c9-beta/rsync-3.2.3-9.el9
rpms:imports/c8s/rsync-3.1.3-14.el8
rpms:imports/c8-beta/rsync-3.1.3-12.el8
rpms:imports/c8-beta/rsync-3.1.3-8.el8
rpms:imports/c8-beta/rsync-3.1.3-7.el8
rpms:imports/c8-beta/rsync-3.1.3-6.el8
rpms:imports/c8s/rsync-3.1.3-13.el8
rpms:imports/c8s/rsync-3.1.3-12.el8
rpms:imports/c8s/rsync-3.1.3-11.el8
rpms:imports/c8s/rsync-3.1.3-9.el8
rpms:imports/c8s/rsync-3.1.3-8.el8
rpms:imports/c8s/rsync-3.1.3-7.el8
rpms:imports/c8/rsync-3.1.3-12.el8
rpms:imports/c8/rsync-3.1.3-9.el8
rpms:imports/c8/rsync-3.1.3-7.el8
rpms:imports/c8/rsync-3.1.3-6.el8
rpms:imports/c8/rsync-3.1.3-4.el8
..
compare: rpms:a10s
Branches Tags
rpms:c10s
rpms:a8-backports
rpms:a9-backports
rpms:c9
rpms:c8
rpms:a10s
rpms:a9
rpms:a8
rpms:c9s
rpms:c9-beta
rpms:c8-beta
rpms:c8s
rpms:imports/c10s/rsync-3.4.1-1.el10
rpms:imports/c9/rsync-3.2.3-20.el9_5.1
rpms:imports/c8/rsync-3.1.3-20.el8_10
rpms:changed/a10s/rsync-3.3.0-6.el10.alma.1
rpms:changed/a9/rsync-3.2.5-1.el9.alma.1
rpms:imports/a9/rsync-3.2.5-1.el9
rpms:changed/a8/rsync-3.1.3-19.el8_7.1.alma.1
rpms:imports/c9/rsync-3.2.3-20.el9
rpms:imports/c10s/rsync-3.3.0-6.el10
rpms:imports/c9-beta/rsync-3.2.3-20.el9
rpms:imports/c10s/rsync-3.3.0-5.el10
rpms:imports/c10s/rsync-3.3.0-3.el10
rpms:imports/a9-backports/rsync-3.3.0-1.el9
rpms:imports/a8-backports/rsync-3.3.0-1.el8
rpms:imports/c9/rsync-3.2.3-19.el9
rpms:imports/c9-beta/rsync-3.2.3-19.el9
rpms:imports/c8-beta/rsync-3.1.3-19.el8_7.1
rpms:imports/c8/rsync-3.1.3-19.el8_7.1
rpms:imports/c9/rsync-3.2.3-18.el9
rpms:imports/c8s/rsync-3.1.3-19.el8_7.1
rpms:imports/c8/rsync-3.1.3-19.el8
rpms:imports/c9-beta/rsync-3.2.3-18.el9
rpms:imports/c8-beta/rsync-3.1.3-19.el8
rpms:imports/c8s/rsync-3.1.3-19.el8
rpms:imports/c9/rsync-3.2.3-9.el9_0.2
rpms:imports/c8/rsync-3.1.3-14.el8_6.3
rpms:imports/c8s/rsync-3.1.3-17.el8
rpms:imports/c8s/rsync-3.1.3-16.el8
rpms:imports/c9/rsync-3.2.3-9.el9_0.1
rpms:imports/c9/rsync-3.2.3-9.el9
rpms:imports/c8s/rsync-3.1.3-12.el8_5.1
rpms:imports/c8/rsync-3.1.3-14.el8_6.2
rpms:imports/c8/rsync-3.1.3-14.el8
rpms:imports/c8-beta/rsync-3.1.3-14.el8
rpms:imports/c9-beta/rsync-3.2.3-9.el9
rpms:imports/c8s/rsync-3.1.3-14.el8
rpms:imports/c8-beta/rsync-3.1.3-12.el8
rpms:imports/c8-beta/rsync-3.1.3-8.el8
rpms:imports/c8-beta/rsync-3.1.3-7.el8
rpms:imports/c8-beta/rsync-3.1.3-6.el8
rpms:imports/c8s/rsync-3.1.3-13.el8
rpms:imports/c8s/rsync-3.1.3-12.el8
rpms:imports/c8s/rsync-3.1.3-11.el8
rpms:imports/c8s/rsync-3.1.3-9.el8
rpms:imports/c8s/rsync-3.1.3-8.el8
rpms:imports/c8s/rsync-3.1.3-7.el8
rpms:imports/c8/rsync-3.1.3-12.el8
rpms:imports/c8/rsync-3.1.3-9.el8
rpms:imports/c8/rsync-3.1.3-7.el8
rpms:imports/c8/rsync-3.1.3-6.el8
rpms:imports/c8/rsync-3.1.3-4.el8

No commits in common. "c8" and "a10s" have entirely different histories.
c8 ... a10s

38 changed files with 1062 additions and 2284 deletions
Show Stats Expand all files Collapse all files

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

30
.gitignore vendored
View File

@ -1,2 +1,28 @@
SOURCES/rsync-3.1.3.tar.gz rsync-3.0.8.tar.gz
SOURCES/rsync-patches-3.1.3.tar.gz rsync-patches-3.0.8.tar.gz
/rsync-3.0.9.tar.gz
/rsync-patches-3.0.9.tar.gz
/rsync-3.1.0pre1.tar.gz
/rsync-patches-3.1.0pre1.tar.gz
/rsync-3.1.0.tar.gz
/rsync-patches-3.1.0.tar.gz
/rsync-3.1.2.tar.gz
/rsync-patches-3.1.2.tar.gz
/rsync-3.1.3.tar.gz
/rsync-patches-3.1.3.tar.gz
/rsync-3.2.2.tar.gz
/rsync-patches-3.2.2.tar.gz
/rsync-3.2.3.tar.gz
/rsync-patches-3.2.3.tar.gz
/rsync-3.2.4pre3.tar.gz
/rsync-patches-3.2.4pre3.tar.gz
/rsync-3.2.4.tar.gz
/rsync-patches-3.2.4.tar.gz
/rsync-3.2.5.tar.gz
/rsync-patches-3.2.5.tar.gz
/rsync-3.2.6.tar.gz
/rsync-patches-3.2.6.tar.gz
/rsync-3.2.7.tar.gz
/rsync-patches-3.2.7.tar.gz
/rsync-3.3.0.tar.gz
/rsync-patches-3.3.0.tar.gz

2
.rsync.metadata
View File

@ -1,2 +0,0 @@
82e7829c0b3cefbd33c233005341e2073c425629 SOURCES/rsync-3.1.3.tar.gz
74c16510a18ef43d797f9ceba6150f0862568cc0 SOURCES/rsync-patches-3.1.3.tar.gz

21
Makefile Normal file
View File

@ -0,0 +1,21 @@
# Makefile for source rpm: rsync
# $Id$
NAME := rsync
SPECFILE = $(firstword $(wildcard *.spec))
define find-makefile-common
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
endef
MAKEFILE_COMMON := $(shell $(find-makefile-common))
ifeq ($(MAKEFILE_COMMON),)
# attempt a checkout
define checkout-makefile-common
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
endef
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
endif
include $(MAKEFILE_COMMON)

33
SOURCES/rsync-3.1.2-remove-symlinks.patch
View File

@ -1,33 +0,0 @@
diff --git a/sender.c b/sender.c
index 03e4aadd..9b432ed9 100644
--- a/sender.c
+++ b/sender.c
@@ -32,6 +32,7 @@ extern int logfile_format_has_i;
extern int want_xattr_optim;
extern int csum_length;
extern int append_mode;
+extern int copy_links;
extern int io_error;
extern int flist_eof;
extern int allowed_lull;
@@ -138,17 +139,16 @@ void successful_send(int ndx)
return;
f_name(file, fname);
- if (do_lstat(fname, &st) < 0) {
+ if ((copy_links ? do_stat(fname, &st) : do_lstat(fname, &st)) < 0) {
failed_op = "re-lstat";
goto failed;
}
- if (S_ISREG(file->mode) /* Symlinks & devices don't need this check: */
- && (st.st_size != F_LENGTH(file) || st.st_mtime != file->modtime
+ if (st.st_size != F_LENGTH(file) || st.st_mtime != file->modtime
#ifdef ST_MTIME_NSEC
|| (NSEC_BUMP(file) && (uint32)st.ST_MTIME_NSEC != F_MOD_NSEC(file))
#endif
- )) {
+ ) {
rprintf(FERROR_XFER, "ERROR: Skipping sender remove for changed file: %s\n", fname);
return;
}

33
SOURCES/rsync-3.1.2-vvv-hang.patch
View File

@ -1,33 +0,0 @@
diff --git a/io.c b/io.c
index 999c34e5..ceff3784 100644
--- a/io.c
+++ b/io.c
@@ -954,8 +954,17 @@ int send_msg(enum msgcode code, const char *buf, size_t len, int convert)
} else
#endif
needed = len + 4 + 3;
- if (iobuf.msg.len + needed > iobuf.msg.size)
- perform_io(needed, PIO_NEED_MSGROOM);
+ if (iobuf.msg.len + needed > iobuf.msg.size) {
+ if (!am_receiver)
+ perform_io(needed, PIO_NEED_MSGROOM);
+ else { /* We allow the receiver to increase their iobuf.msg size to avoid a deadlock. */
+ size_t old_size = iobuf.msg.size;
+ restore_iobuf_size(&iobuf.msg);
+ realloc_xbuf(&iobuf.msg, iobuf.msg.size * 2);
+ if (iobuf.msg.pos + iobuf.msg.len > old_size)
+ memcpy(iobuf.msg.buf + old_size, iobuf.msg.buf, iobuf.msg.pos + iobuf.msg.len - old_size);
+ }
+ }
pos = iobuf.msg.pos + iobuf.msg.len; /* Must be set after any flushing. */
if (pos >= iobuf.msg.size)
@@ -1176,7 +1185,7 @@ int read_line(int fd, char *buf, size_t bufsiz, int flags)
#ifdef ICONV_OPTION
if (flags & RL_CONVERT && iconv_buf.size < bufsiz)
- realloc_xbuf(&iconv_buf, bufsiz + 1024);
+ realloc_xbuf(&iconv_buf, ROUND_UP_1024(bufsiz) + 1024);
#endif
start:

44
SOURCES/rsync-3.1.3-append-check.patch
View File

@ -1,44 +0,0 @@
commit bd17c2a4e237ca1f38544db65053ecfea6054009
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Thu Sep 24 13:17:45 2020 +0200
Skip files for transfer that has been truncated during negotiation
diff --git a/rsync.1 b/rsync.1
index 6cabd44..855dd47 100644
--- a/rsync.1
+++ b/rsync.1
@@ -1004,8 +1004,10 @@ This causes rsync to update a file by appending data onto
the end of the file, which presumes that the data that already exists on
the receiving side is identical with the start of the file on the sending
side. If a file needs to be transferred and its size on the receiver is
-the same or longer than the size on the sender, the file is skipped. This
-does not interfere with the updating of a file\(cq\&s non\-content attributes
+the same or longer than the size on the sender, the file is skipped. It
+also skips any files whose size on the sending side gets shorter during
+the send negotiations (rsync warns about a "diminished" file when this
+happens). This does not interfere with the updating of a file\(cq\&s non\-content attributes
(e.g. permissions, ownership, etc.) when the file does not need to be
transferred, nor does it affect the updating of any non\-regular files.
Implies \fB\-\-inplace\fP.
diff --git a/sender.c b/sender.c
index 1cc28a1..e22eadd 100644
--- a/sender.c
+++ b/sender.c
@@ -379,6 +379,16 @@ void send_files(int f_in, int f_out)
}
}
+ if (append_mode > 0 && st.st_size < F_LENGTH(file)) {
+ rprintf(FWARNING, "skipped diminished file: %s\n",
+ full_fname(fname));
+ free_sums(s);
+ close(fd);
+ if (protocol_version >= 30)
+ send_msg_int(MSG_NO_SEND, ndx);
+ continue;
+ }
+
if (st.st_size) {
int32 read_size = MAX(s->blength * 3, MAX_MAP_SIZE);
mbuf = map_file(fd, st.st_size, read_size, s->blength);

57
SOURCES/rsync-3.1.3-covscan.patch
View File

@ -1,57 +0,0 @@
diff --git a/util.c b/util.c
index fbbfd8ba..235afa82 100644
--- a/util.c
+++ b/util.c
@@ -342,6 +342,7 @@ int copy_file(const char *source, const char *dest, int ofd, mode_t mode)
if (robust_unlink(dest) && errno != ENOENT) {
int save_errno = errno;
rsyserr(FERROR_XFER, errno, "unlink %s", full_fname(dest));
+ close(ifd);
errno = save_errno;
return -1;
}
diff --git a/lib/pool_alloc.c b/lib/pool_alloc.c
index 5856d591..a70a3f1a 100644
--- a/lib/pool_alloc.c
+++ b/lib/pool_alloc.c
@@ -49,15 +49,15 @@ pool_create(size_t size, size_t quantum, void (*bomb)(const char *), int flags)
{
struct alloc_pool *pool;
- if (!(pool = new0(struct alloc_pool)))
- return NULL;
-
if ((MINALIGN & (MINALIGN - 1)) != 0) {
if (bomb)
(*bomb)("Compiler error: MINALIGN is not a power of 2\n");
return NULL;
}
+ if (!(pool = new0(struct alloc_pool)))
+ return NULL;
+
if (!size)
size = POOL_DEF_EXTENT;
if (!quantum)
diff --git a/batch.c b/batch.c
index 21c632fc..1ab66e90 100644
--- a/batch.c
+++ b/batch.c
@@ -216,7 +216,7 @@ static void write_filter_rules(int fd)
void write_batch_shell_file(int argc, char *argv[], int file_arg_cnt)
{
int fd, i, len, err = 0;
- char *p, filename[MAXPATHLEN];
+ char *p, *p2, filename[MAXPATHLEN];
stringjoin(filename, sizeof filename,
batch_name, ".sh", NULL);
@@ -267,7 +267,7 @@ void write_batch_shell_file(int argc, char *argv[], int file_arg_cnt)
err = 1;
}
}
- if (!(p = check_for_hostspec(argv[argc - 1], &p, &i)))
+ if (!(p = check_for_hostspec(argv[argc - 1], &p2, &i)))
p = argv[argc - 1];
if (write(fd, " ${1:-", 6) != 6
|| write_arg(fd, p) < 0)

343
SOURCES/rsync-3.1.3-cve-2018-25032.patch
View File

@ -1,343 +0,0 @@
From 5c44459c3b28a9bd3283aaceab7c615f8020c531 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Tue, 17 Apr 2018 22:09:22 -0700
Subject: [PATCH] Fix a bug that can crash deflate on some input when using
Z_FIXED.
This bug was reported by Danilo Ramos of Eideticom, Inc. It has
lain in wait 13 years before being found! The bug was introduced
in zlib 1.2.2.2, with the addition of the Z_FIXED option. That
option forces the use of fixed Huffman codes. For rare inputs with
a large number of distant matches, the pending buffer into which
the compressed data is written can overwrite the distance symbol
table which it overlays. That results in corrupted output due to
invalid distances, and can result in out-of-bound accesses,
crashing the application.
The fix here combines the distance buffer and literal/length
buffers into a single symbol buffer. Now three bytes of pending
buffer space are opened up for each literal or length/distance
pair consumed, instead of the previous two bytes. This assures
that the pending buffer cannot overwrite the symbol table, since
the maximum fixed code compressed length/distance is 31 bits, and
since there are four bytes of pending space for every three bytes
of symbol space.
---
deflate.c | 74 ++++++++++++++++++++++++++++++++++++++++---------------
deflate.h | 25 +++++++++----------
trees.c | 50 +++++++++++--------------------------
3 files changed, 79 insertions(+), 70 deletions(-)
diff --git a/zlib/deflate.c b/zlib/deflate.c
index 425babc00..19cba873a 100644
--- a/zlib/deflate.c
+++ b/zlib/deflate.c
@@ -255,11 +255,6 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
int wrap = 1;
static const char my_version[] = ZLIB_VERSION;
- ushf *overlay;
- /* We overlay pending_buf and d_buf+l_buf. This works since the average
- * output size for (length,distance) codes is <= 24 bits.
- */
-
if (version == Z_NULL || version[0] != my_version[0] ||
stream_size != sizeof(z_stream)) {
return Z_VERSION_ERROR;
@@ -329,9 +324,47 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);
- s->pending_buf = (uchf *) overlay;
- s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L);
+ /* We overlay pending_buf and sym_buf. This works since the average size
+ * for length/distance pairs over any compressed block is assured to be 31
+ * bits or less.
+ *
+ * Analysis: The longest fixed codes are a length code of 8 bits plus 5
+ * extra bits, for lengths 131 to 257. The longest fixed distance codes are
+ * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest
+ * possible fixed-codes length/distance pair is then 31 bits total.
+ *
+ * sym_buf starts one-fourth of the way into pending_buf. So there are
+ * three bytes in sym_buf for every four bytes in pending_buf. Each symbol
+ * in sym_buf is three bytes -- two for the distance and one for the
+ * literal/length. As each symbol is consumed, the pointer to the next
+ * sym_buf value to read moves forward three bytes. From that symbol, up to
+ * 31 bits are written to pending_buf. The closest the written pending_buf
+ * bits gets to the next sym_buf symbol to read is just before the last
+ * code is written. At that time, 31*(n-2) bits have been written, just
+ * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at
+ * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1
+ * symbols are written.) The closest the writing gets to what is unread is
+ * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and
+ * can range from 128 to 32768.
+ *
+ * Therefore, at a minimum, there are 142 bits of space between what is
+ * written and what is read in the overlain buffers, so the symbols cannot
+ * be overwritten by the compressed data. That space is actually 139 bits,
+ * due to the three-bit fixed-code block header.
+ *
+ * That covers the case where either Z_FIXED is specified, forcing fixed
+ * codes, or when the use of fixed codes is chosen, because that choice
+ * results in a smaller compressed block than dynamic codes. That latter
+ * condition then assures that the above analysis also covers all dynamic
+ * blocks. A dynamic-code block will only be chosen to be emitted if it has
+ * fewer bits than a fixed-code block would for the same set of symbols.
+ * Therefore its average symbol length is assured to be less than 31. So
+ * the compressed data for a dynamic block also cannot overwrite the
+ * symbols from which it is being constructed.
+ */
+
+ s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4);
+ s->pending_buf_size = (ulg)s->lit_bufsize * 4;
if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
s->pending_buf == Z_NULL) {
@@ -340,8 +373,12 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
deflateEnd (strm);
return Z_MEM_ERROR;
}
- s->d_buf = overlay + s->lit_bufsize/sizeof(ush);
- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;
+ s->sym_buf = s->pending_buf + s->lit_bufsize;
+ s->sym_end = (s->lit_bufsize - 1) * 3;
+ /* We avoid equality with lit_bufsize*3 because of wraparound at 64K
+ * on 16 bit machines and because stored blocks are restricted to
+ * 64K-1 bytes.
+ */
s->level = level;
s->strategy = strategy;
@@ -552,7 +589,7 @@ int ZEXPORT deflatePrime (strm, bits, value)
if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
s = strm->state;
- if ((Bytef *)(s->d_buf) < s->pending_out + ((Buf_size + 7) >> 3))
+ if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3))
return Z_BUF_ERROR;
do {
put = Buf_size - s->bi_valid;
@@ -1113,7 +1150,6 @@ int ZEXPORT deflateCopy (dest, source)
#else
deflate_state *ds;
deflate_state *ss;
- ushf *overlay;
if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) {
@@ -1133,8 +1169,7 @@ int ZEXPORT deflateCopy (dest, source)
ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos));
ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos));
- overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2);
- ds->pending_buf = (uchf *) overlay;
+ ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4);
if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
ds->pending_buf == Z_NULL) {
@@ -1148,8 +1183,7 @@ int ZEXPORT deflateCopy (dest, source)
zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
- ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush);
- ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize;
+ ds->sym_buf = ds->pending_buf + ds->lit_bufsize;
ds->l_desc.dyn_tree = ds->dyn_ltree;
ds->d_desc.dyn_tree = ds->dyn_dtree;
@@ -1771,7 +1771,7 @@ local block_state deflate_fast(s, flush)
FLUSH_BLOCK(s, 1);
return finish_done;
}
- if (s->last_lit)
+ if (s->sym_next)
FLUSH_BLOCK(s, 0);
return block_done;
}
@@ -1912,7 +1912,7 @@ local block_state deflate_slow(s, flush)
FLUSH_BLOCK(s, 1);
return finish_done;
}
- if (s->last_lit)
+ if (s->sym_next)
FLUSH_BLOCK(s, 0);
return block_done;
}
@@ -1987,7 +1987,7 @@ local block_state deflate_rle(s, flush)
FLUSH_BLOCK(s, 1);
return finish_done;
}
- if (s->last_lit)
+ if (s->sym_next)
FLUSH_BLOCK(s, 0);
return block_done;
}
@@ -2026,7 +2026,7 @@ local block_state deflate_huff(s, flush)
FLUSH_BLOCK(s, 1);
return finish_done;
}
- if (s->last_lit)
+ if (s->sym_next)
FLUSH_BLOCK(s, 0);
return block_done;
}
diff --git a/zlib/deflate.h b/zlib/deflate.h
index 23ecdd312..d4cf1a98b 100644
--- a/zlib/deflate.h
+++ b/zlib/deflate.h
@@ -217,7 +217,7 @@ typedef struct internal_state {
/* Depth of each subtree used as tie breaker for trees of equal frequency
*/
- uchf *l_buf; /* buffer for literals or lengths */
+ uchf *sym_buf; /* buffer for distances and literals/lengths */
uInt lit_bufsize;
/* Size of match buffer for literals/lengths. There are 4 reasons for
@@ -239,13 +239,8 @@ typedef struct internal_state {
* - I can't count above 4
*/
- uInt last_lit; /* running index in l_buf */
-
- ushf *d_buf;
- /* Buffer for distances. To simplify the code, d_buf and l_buf have
- * the same number of elements. To use different lengths, an extra flag
- * array would be necessary.
- */
+ uInt sym_next; /* running index in sym_buf */
+ uInt sym_end; /* symbol table full when sym_next reaches this */
ulg opt_len; /* bit length of current block with optimal trees */
ulg static_len; /* bit length of current block with static trees */
@@ -317,20 +317,22 @@ void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf,
# define _tr_tally_lit(s, c, flush) \
{ uch cc = (c); \
- s->d_buf[s->last_lit] = 0; \
- s->l_buf[s->last_lit++] = cc; \
+ s->sym_buf[s->sym_next++] = 0; \
+ s->sym_buf[s->sym_next++] = 0; \
+ s->sym_buf[s->sym_next++] = cc; \
s->dyn_ltree[cc].Freq++; \
- flush = (s->last_lit == s->lit_bufsize-1); \
+ flush = (s->sym_next == s->sym_end); \
}
# define _tr_tally_dist(s, distance, length, flush) \
{ uch len = (length); \
ush dist = (distance); \
- s->d_buf[s->last_lit] = dist; \
- s->l_buf[s->last_lit++] = len; \
+ s->sym_buf[s->sym_next++] = dist; \
+ s->sym_buf[s->sym_next++] = dist >> 8; \
+ s->sym_buf[s->sym_next++] = len; \
dist--; \
s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
s->dyn_dtree[d_code(dist)].Freq++; \
- flush = (s->last_lit == s->lit_bufsize-1); \
+ flush = (s->sym_next == s->sym_end); \
}
#else
# define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
diff --git a/zlib/trees.c b/zlib/trees.c
index 4f4a65011..decaeb7c3 100644
--- a/zlib/trees.c
+++ b/zlib/trees.c
@@ -416,7 +416,7 @@ local void init_block(s)
s->dyn_ltree[END_BLOCK].Freq = 1;
s->opt_len = s->static_len = 0L;
- s->last_lit = s->matches = 0;
+ s->sym_next = s->matches = 0;
}
#define SMALLEST 1
@@ -948,7 +948,7 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last)
Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
- s->last_lit));
+ s->sym_next / 3));
if (static_lenb <= opt_lenb) opt_lenb = static_lenb;
@@ -1017,8 +1017,9 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
unsigned dist; /* distance of matched string */
unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */
{
- s->d_buf[s->last_lit] = (ush)dist;
- s->l_buf[s->last_lit++] = (uch)lc;
+ s->sym_buf[s->sym_next++] = dist;
+ s->sym_buf[s->sym_next++] = dist >> 8;
+ s->sym_buf[s->sym_next++] = lc;
if (dist == 0) {
/* lc is the unmatched char */
s->dyn_ltree[lc].Freq++;
@@ -1033,30 +1034,7 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++;
s->dyn_dtree[d_code(dist)].Freq++;
}
-
-#ifdef TRUNCATE_BLOCK
- /* Try to guess if it is profitable to stop the current block here */
- if ((s->last_lit & 0x1fff) == 0 && s->level > 2) {
- /* Compute an upper bound for the compressed length */
- ulg out_length = (ulg)s->last_lit*8L;
- ulg in_length = (ulg)((long)s->strstart - s->block_start);
- int dcode;
- for (dcode = 0; dcode < D_CODES; dcode++) {
- out_length += (ulg)s->dyn_dtree[dcode].Freq *
- (5L+extra_dbits[dcode]);
- }
- out_length >>= 3;
- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ",
- s->last_lit, in_length, out_length,
- 100L - out_length*100L/in_length));
- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1;
- }
-#endif
- return (s->last_lit == s->lit_bufsize-1);
- /* We avoid equality with lit_bufsize because of wraparound at 64K
- * on 16 bit machines and because stored blocks are restricted to
- * 64K-1 bytes.
- */
+ return (s->sym_next == s->sym_end);
}
/* ===========================================================================
@@ -1069,13 +1047,14 @@ local void compress_block(s, ltree, dtree)
{
unsigned dist; /* distance of matched string */
int lc; /* match length or unmatched char (if dist == 0) */
- unsigned lx = 0; /* running index in l_buf */
+ unsigned sx = 0; /* running index in sym_buf */
unsigned code; /* the code to send */
int extra; /* number of extra bits to send */
- if (s->last_lit != 0) do {
- dist = s->d_buf[lx];
- lc = s->l_buf[lx++];
+ if (s->sym_next != 0) do {
+ dist = s->sym_buf[sx++] & 0xff;
+ dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8;
+ lc = s->sym_buf[sx++];
if (dist == 0) {
send_code(s, lc, ltree); /* send a literal byte */
Tracecv(isgraph(lc), (stderr," '%c' ", lc));
@@ -1100,11 +1079,10 @@ local void compress_block(s, ltree, dtree)
}
} /* literal or match pair ? */
- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */
- Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx,
- "pendingBuf overflow");
+ /* Check that the overlay between pending_buf and sym_buf is ok: */
+ Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow");
- } while (lx < s->last_lit);
+ } while (sx < s->sym_next);
send_code(s, END_BLOCK, ltree);
}

1065
SOURCES/rsync-3.1.3-cve-2022-29154.patch
View File

File diff suppressed because it is too large Load Diff

16
SOURCES/rsync-3.1.3-cve-2022-37434.patch
View File

@ -1,16 +0,0 @@
diff --git a/zlib/inflate.c b/zlib/inflate.c
index e43abd9..bd33c19 100644
--- a/zlib/inflate.c
+++ b/zlib/inflate.c
@@ -740,8 +740,9 @@ int flush;
if (copy > have) copy = have;
if (copy) {
if (state->head != Z_NULL &&
- state->head->extra != Z_NULL) {
- len = state->head->extra_len - state->length;
+ state->head->extra != Z_NULL &&
+ (len = state->head->extra_len - state->length) <
+ state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);

333
SOURCES/rsync-3.1.3-filtering-rules.patch
View File

@ -1,333 +0,0 @@
diff --git a/exclude.c b/exclude.c
index 13c4253..232249f 100644
--- a/exclude.c
+++ b/exclude.c
@@ -79,6 +79,10 @@ static filter_rule **mergelist_parents;
static int mergelist_cnt = 0;
static int mergelist_size = 0;
+#define LOCAL_RULE 1
+#define REMOTE_RULE 2
+static uchar cur_elide_value = REMOTE_RULE;
+
/* Each filter_list_struct describes a singly-linked list by keeping track
* of both the head and tail pointers. The list is slightly unusual in that
* a parent-dir's content can be appended to the end of the local list in a
@@ -218,6 +222,7 @@ static void add_rule(filter_rule_list *listp, const char *pat, unsigned int pat_
slash_cnt++;
}
}
+ rule->elide = 0;
strlcpy(rule->pattern + pre_len, pat, pat_len + 1);
pat_len += pre_len;
if (suf_len) {
@@ -364,6 +369,8 @@ void implied_include_partial_string(const char *s_start, const char *s_end)
void free_implied_include_partial_string()
{
if (partial_string_buf) {
+ if (partial_string_len)
+ add_implied_include("", 0);
free(partial_string_buf);
partial_string_buf = NULL;
}
@@ -374,9 +381,8 @@ void free_implied_include_partial_string()
* that the receiver uses to validate the file list from the sender. */
void add_implied_include(const char *arg, int skip_daemon_module)
{
- filter_rule *rule;
int arg_len, saw_wild = 0, saw_live_open_brkt = 0, backslash_cnt = 0;
- int slash_cnt = 1; /* We know we're adding a leading slash. */
+ int slash_cnt = 0;
const char *cp;
char *p;
if (am_server || old_style_args || list_only || read_batch || filesfrom_host != NULL)
@@ -407,6 +413,7 @@ void add_implied_include(const char *arg, int skip_daemon_module)
arg++;
arg_len = strlen(arg);
if (arg_len) {
+ char *new_pat;
if (strpbrk(arg, "*[?")) {
/* We need to add room to escape backslashes if wildcard chars are present. */
for (cp = arg; (cp = strchr(cp, '\\')) != NULL; cp++)
@@ -414,16 +421,9 @@ void add_implied_include(const char *arg, int skip_daemon_module)
saw_wild = 1;
}
arg_len++; /* Leave room for the prefixed slash */
- rule = new0(filter_rule);
- if (!implied_filter_list.head)
- implied_filter_list.head = implied_filter_list.tail = rule;
- else {
- rule->next = implied_filter_list.head;
- implied_filter_list.head = rule;
- }
- rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0);
- p = rule->pattern = new_array(char, arg_len + 1);
+ p = new_pat = new_array(char, arg_len + 1);
*p++ = '/';
+ slash_cnt++;
for (cp = arg; *cp; ) {
switch (*cp) {
case '\\':
@@ -439,15 +439,70 @@ void add_implied_include(const char *arg, int skip_daemon_module)
break;
case '/':
if (p[-1] == '/') { /* This is safe because of the initial slash. */
+ if (*++cp == '\0') {
+ slash_cnt--;
+ p--;
+ }
+ } else if (cp[1] == '\0') {
cp++;
- break;
+ } else {
+ slash_cnt++;
+ *p++ = *cp++;
}
- if (relative_paths) {
- filter_rule const *ent;
+ break;
+ case '.':
+ if (p[-1] == '/') {
+ if (cp[1] == '/') {
+ cp += 2;
+ if (!*cp) {
+ slash_cnt--;
+ p--;
+ }
+ } else if (cp[1] == '\0') {
+ cp++;
+ slash_cnt--;
+ p--;
+ } else
+ *p++ = *cp++;
+ } else
+ *p++ = *cp++;
+ break;
+ case '[':
+ saw_live_open_brkt = 1;
+ *p++ = *cp++;
+ break;
+ default:
+ *p++ = *cp++;
+ break;
+ }
+ }
+ *p = '\0';
+ arg_len = p - new_pat;
+ if (!arg_len)
+ free(new_pat);
+ else {
+ filter_rule *rule = new0(filter_rule);
+ rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0);
+ rule->u.slash_cnt = slash_cnt;
+ arg = rule->pattern = new_pat;
+ if (!implied_filter_list.head)
+ implied_filter_list.head = implied_filter_list.tail = rule;
+ else {
+ rule->next = implied_filter_list.head;
+ implied_filter_list.head = rule;
+ }
+ if (DEBUG_GTE(FILTER, 3))
+ rprintf(FINFO, "[%s] add_implied_include(%s)\n", who_am_i(), arg);
+ if (saw_live_open_brkt)
+ maybe_add_literal_brackets_rule(rule, arg_len);
+ if (relative_paths && slash_cnt) {
+ filter_rule const *ent;
+ slash_cnt = 1;
+ for (p = new_pat + 1; (p = strchr(p, '/')) != NULL; p++) {
int found = 0;
*p = '\0';
for (ent = implied_filter_list.head; ent; ent = ent->next) {
- if (ent != rule && strcmp(ent->pattern, rule->pattern) == 0) {
+ if (ent != rule && strcmp(ent->pattern, new_pat) == 0) {
found = 1;
break;
}
@@ -456,9 +511,9 @@ void add_implied_include(const char *arg, int skip_daemon_module)
filter_rule *R_rule = new0(filter_rule);
R_rule->rflags = FILTRULE_INCLUDE | FILTRULE_DIRECTORY;
/* Check if our sub-path has wildcards or escaped backslashes */
- if (saw_wild && strpbrk(rule->pattern, "*[?\\"))
+ if (saw_wild && strpbrk(new_pat, "*[?\\"))
R_rule->rflags |= FILTRULE_WILD;
- R_rule->pattern = strdup(rule->pattern);
+ R_rule->pattern = strdup(new_pat);
R_rule->u.slash_cnt = slash_cnt;
R_rule->next = implied_filter_list.head;
implied_filter_list.head = R_rule;
@@ -469,32 +524,16 @@ void add_implied_include(const char *arg, int skip_daemon_module)
if (saw_live_open_brkt)
maybe_add_literal_brackets_rule(R_rule, -1);
}
+ *p = '/';
+ slash_cnt++;
}
- slash_cnt++;
- *p++ = *cp++;
- break;
- case '[':
- saw_live_open_brkt = 1;
- *p++ = *cp++;
- break;
- default:
- *p++ = *cp++;
- break;
}
}
- *p = '\0';
- rule->u.slash_cnt = slash_cnt;
- arg = rule->pattern;
- arg_len = p - arg; /* We recompute it due to backslash weirdness. */
- if (DEBUG_GTE(FILTER, 3))
- rprintf(FINFO, "[%s] add_implied_include(%s)\n", who_am_i(), rule->pattern);
- if (saw_live_open_brkt)
- maybe_add_literal_brackets_rule(rule, arg_len);
}
if (recurse || xfer_dirs) {
/* Now create a rule with an added "/" & "**" or "*" at the end */
- rule = new0(filter_rule);
+ filter_rule *rule = new0(filter_rule);
rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD;
if (recurse)
rule->rflags |= FILTRULE_WILD2;
@@ -502,7 +541,7 @@ void add_implied_include(const char *arg, int skip_daemon_module)
if (!saw_wild && backslash_cnt) {
/* We are appending a wildcard, so now the backslashes need to be escaped. */
p = rule->pattern = new_array(char, arg_len + backslash_cnt + 3 + 1);
- for (cp = arg; *cp; ) {
+ for (cp = arg; *cp; ) { /* Note that arg_len != 0 because backslash_cnt > 0 */
if (*cp == '\\')
*p++ = '\\';
*p++ = *cp++;
@@ -514,13 +553,15 @@ void add_implied_include(const char *arg, int skip_daemon_module)
p += arg_len;
}
}
- if (p[-1] != '/')
+ if (p[-1] != '/') {
*p++ = '/';
+ slash_cnt++;
+ }
*p++ = '*';
if (recurse)
*p++ = '*';
*p = '\0';
- rule->u.slash_cnt = slash_cnt + 1;
+ rule->u.slash_cnt = slash_cnt;
rule->next = implied_filter_list.head;
implied_filter_list.head = rule;
if (DEBUG_GTE(FILTER, 3))
@@ -869,7 +910,7 @@ static int rule_matches(const char *fname, filter_rule *ex, int name_flags)
const char *strings[16]; /* more than enough */
const char *name = fname + (*fname == '/');
- if (!*name)
+ if (!*name || ex->elide == cur_elide_value)
return 0;
if (!(name_flags & NAME_IS_XATTR) ^ !(ex->rflags & FILTRULE_XATTR))
@@ -985,6 +1026,15 @@ int name_is_excluded(const char *fname, int name_flags, int filter_level)
return 0;
}
+int check_server_filter(filter_rule_list *listp, enum logcode code, const char *name, int name_flags)
+{
+ int ret;
+ cur_elide_value = LOCAL_RULE;
+ ret = check_filter(listp, code, name, name_flags);
+ cur_elide_value = REMOTE_RULE;
+ return ret;
+}
+
/* Return -1 if file "name" is defined to be excluded by the specified
* exclude list, 1 if it is included, and 0 if it was not matched. */
int check_filter(filter_rule_list *listp, enum logcode code,
@@ -1550,7 +1600,7 @@ char *get_rule_prefix(filter_rule *rule, const char *pat, int for_xfer,
static void send_rules(int f_out, filter_rule_list *flp)
{
- filter_rule *ent, *prev = NULL;
+ filter_rule *ent;
for (ent = flp->head; ent; ent = ent->next) {
unsigned int len, plen, dlen;
@@ -1565,21 +1615,15 @@ static void send_rules(int f_out, filter_rule_list *flp)
* merge files as an optimization (since they can only have
* include/exclude rules). */
if (ent->rflags & FILTRULE_SENDER_SIDE)
- elide = am_sender ? 1 : -1;
+ elide = am_sender ? LOCAL_RULE : REMOTE_RULE;
if (ent->rflags & FILTRULE_RECEIVER_SIDE)
- elide = elide ? 0 : am_sender ? -1 : 1;
+ elide = elide ? 0 : am_sender ? REMOTE_RULE : LOCAL_RULE;
else if (delete_excluded && !elide
&& (!(ent->rflags & FILTRULE_PERDIR_MERGE)
|| ent->rflags & FILTRULE_NO_PREFIXES))
- elide = am_sender ? 1 : -1;
- if (elide < 0) {
- if (prev)
- prev->next = ent->next;
- else
- flp->head = ent->next;
- } else
- prev = ent;
- if (elide > 0)
+ elide = am_sender ? LOCAL_RULE : REMOTE_RULE;
+ ent->elide = elide;
+ if (elide == LOCAL_RULE)
continue;
if (ent->rflags & FILTRULE_CVS_IGNORE
&& !(ent->rflags & FILTRULE_MERGE_FILE)) {
@@ -1607,7 +1651,6 @@ static void send_rules(int f_out, filter_rule_list *flp)
if (dlen)
write_byte(f_out, '/');
}
- flp->tail = prev;
}
/* This is only called by the client. */
diff --git a/options.c b/options.c
index afc33ce..4d0a1a6 100644
--- a/options.c
+++ b/options.c
@@ -2426,7 +2426,9 @@ char *safe_arg(const char *opt, const char *arg)
char *ret;
if (!protect_args && old_style_args < 2 && (!old_style_args || (!is_filename_arg && opt != SPLIT_ARG_WHEN_OLD))) {
const char *f;
- if (!old_style_args && *arg == '~' && (relative_paths || !strchr(arg, '/'))) {
+ if (!old_style_args && *arg == '~'
+ && ((relative_paths && !strstr(arg, "/./"))
+ || !strchr(arg, '/'))) {
extras++;
escape_leading_tilde = 1;
}
diff --git a/flist.c b/flist.c
index 630d685..8c2397b 100644
--- a/flist.c
+++ b/flist.c
@@ -904,10 +904,10 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x
exit_cleanup(RERR_UNSUPPORTED);
}
- if (*thisname != '.' || thisname[1] != '\0') {
+ if (*thisname == '/' ? thisname[1] != '.' || thisname[2] != '\0' : *thisname != '.' || thisname[1] != '\0') {
int filt_flags = S_ISDIR(mode) ? NAME_IS_DIR : NAME_IS_FILE;
if (!trust_sender_filter /* a per-dir filter rule means we must trust the sender's filtering */
- && filter_list.head && check_filter(&filter_list, FINFO, thisname, filt_flags) < 0) {
+ && filter_list.head && check_server_filter(&filter_list, FINFO, thisname, filt_flags) < 0) {
rprintf(FERROR, "ERROR: rejecting excluded file-list name: %s\n", thisname);
exit_cleanup(RERR_PROTOCOL);
}
diff --git a/rsync.h b/rsync.h
index 53fff2d..b357dad 100644
--- a/rsync.h
+++ b/rsync.h
@@ -899,6 +899,7 @@ typedef struct filter_struct {
int slash_cnt;
struct filter_list_struct *mergelist;
} u;
+ uchar elide;
} filter_rule;
typedef struct filter_list_struct {

49
SOURCES/rsync-3.1.3-ignore-missing.patch
View File

@ -1,49 +0,0 @@
commit af6118d98b3482cbcfc223bf2a0777bc19eccb02
Author: Wayne Davison <wayne@opencoder.net>
Date: Sun Apr 26 18:02:17 2020 -0700
Allow a missing parent dir when --delete-missing-args was specified.
diff --git a/generator.c b/generator.c
index 3c50f63f..b90c7ccd 100644
--- a/generator.c
+++ b/generator.c
@@ -1277,10 +1277,16 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
&& (*dn != '.' || dn[1]) /* Avoid an issue with --relative and the "." dir. */
&& (!prior_dir_file || strcmp(dn, f_name(prior_dir_file, NULL)) != 0)
&& flist_find_name(cur_flist, dn, 1) < 0) {
- rprintf(FERROR,
- "ABORTING due to invalid path from sender: %s/%s\n",
- dn, file->basename);
- exit_cleanup(RERR_PROTOCOL);
+ /* The --delete-missing-args option can actually put invalid entries into
+ * the file list, so if that option was specified, we'll just complain about
+ * it and allow it. */
+ if (missing_args == 2 && file->mode == 0)
+ rprintf(FERROR, "WARNING: parent dir is absent in the file list: %s\n", dn);
+ else {
+ rprintf(FERROR, "ABORTING due to invalid path from sender: %s/%s\n",
+ dn, file->basename);
+ exit_cleanup(RERR_PROTOCOL);
+ }
}
if (relative_paths && !implied_dirs
&& do_stat(dn, &sx.st) < 0) {
@@ -1383,7 +1389,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
added_perms = 0;
if (is_dir < 0) {
if (!(preserve_times & PRESERVE_DIR_TIMES))
- return;
+ goto cleanup;
/* In inc_recurse mode we want to make sure any missing
* directories get created while we're still processing
* the parent dir (which allows us to touch the parent
@@ -1525,7 +1531,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
"ignoring unsafe symlink \"%s\" -> \"%s\"\n",
fname, sl);
}
- return;
+ goto cleanup;
}
if (statret == 0) {
char lnk[MAXPATHLEN];

13
SOURCES/rsync-3.1.3-missing-xattr-filter.patch
View File

@ -1,13 +0,0 @@
diff --git a/exclude.c.old b/exclude.c
index 232249f..2f6dccc 100644
--- a/exclude.c.old
+++ b/exclude.c
@@ -1575,6 +1575,8 @@ char *get_rule_prefix(filter_rule *rule, const char *pat, int for_xfer,
}
if (rule->rflags & FILTRULE_EXCLUDE_SELF)
*op++ = 'e';
+ if (rule->rflags & FILTRULE_XATTR)
+ *op++ = 'x';
if (rule->rflags & FILTRULE_SENDER_SIDE
&& (!for_xfer || protocol_version >= 29))
*op++ = 's';

37
SOURCES/rsync-3.1.3-skip-compress.patch
View File

@ -1,37 +0,0 @@
diff --git a/loadparm.c b/loadparm.c
index 029f358f..534e7b63 100644
--- a/loadparm.c
+++ b/loadparm.c
@@ -449,7 +449,7 @@ static struct parm_struct parm_table[] =
};
/* Initialise the Default all_vars structure. */
-static void reset_all_vars(void)
+void reset_daemon_vars(void)
{
memcpy(&Vars, &Defaults, sizeof Vars);
}
@@ -872,7 +872,7 @@ int lp_load(char *pszFname, int globals_only)
{
bInGlobalSection = True;
- reset_all_vars();
+ reset_daemon_vars();
/* We get sections first, so have to start 'behind' to make up. */
iSectionIndex = -1;
diff --git a/main.c b/main.c
index 1328c504..9af9e5d3 100644
--- a/main.c
+++ b/main.c
@@ -1681,6 +1681,10 @@ int main(int argc,char *argv[])
memset(&stats, 0, sizeof(stats));
+ /* Even a non-daemon runs needs the default config values to be set, e.g.
+ * lp_dont_compress() is queried when no --skip-compress option is set. */
+ reset_daemon_vars();
+
if (argc < 2) {
usage(FERROR);
exit_cleanup(RERR_SYNTAX);

122
SOURCES/rsync-3.1.3-sparse-block.patch
View File

@ -1,122 +0,0 @@
diff --git a/fileio.c b/fileio.c
index b183e20..72d6076 100644
--- a/fileio.c
+++ b/fileio.c
@@ -34,6 +34,7 @@
#define ALIGNED_LENGTH(len) ((((len) - 1) | (ALIGN_BOUNDRY-1)) + 1)
extern int sparse_files;
+extern int sparse_files_block_size;
OFF_T preallocated_len = 0;
@@ -147,7 +148,7 @@ int write_file(int f, int use_seek, OFF_T offset, const char *buf, int len)
while (len > 0) {
int r1;
if (sparse_files > 0) {
- int len1 = MIN(len, SPARSE_WRITE_SIZE);
+ int len1 = MIN(len, sparse_files_block_size ? sparse_files_block_size : SPARSE_WRITE_SIZE);
r1 = write_sparse(f, use_seek, offset, buf, len1);
offset += r1;
} else {
diff --git a/options.c b/options.c
index 195672e..d08c05a 100644
--- a/options.c
+++ b/options.c
@@ -76,6 +76,7 @@ int remove_source_files = 0;
int one_file_system = 0;
int protocol_version = PROTOCOL_VERSION;
int sparse_files = 0;
+long sparse_files_block_size = 0;
int preallocate_files = 0;
int do_compression = 0;
int def_compress_level = NOT_SPECIFIED;
@@ -717,6 +718,7 @@ void usage(enum logcode F)
rprintf(F," --fake-super store/recover privileged attrs using xattrs\n");
#endif
rprintf(F," -S, --sparse turn sequences of nulls into sparse blocks\n");
+ rprintf(F," --sparse-block=SIZE set block size used to handle sparse files\n");
#ifdef SUPPORT_PREALLOCATION
rprintf(F," --preallocate allocate dest files before writing them\n");
#else
@@ -927,6 +929,7 @@ static struct poptOption long_options[] = {
{"sparse", 'S', POPT_ARG_VAL, &sparse_files, 1, 0, 0 },
{"no-sparse", 0, POPT_ARG_VAL, &sparse_files, 0, 0, 0 },
{"no-S", 0, POPT_ARG_VAL, &sparse_files, 0, 0, 0 },
+ {"sparse-block", 0, POPT_ARG_LONG, &sparse_files_block_size, 0, 0, 0 },
{"preallocate", 0, POPT_ARG_NONE, &preallocate_files, 0, 0, 0},
{"inplace", 0, POPT_ARG_VAL, &inplace, 1, 0, 0 },
{"no-inplace", 0, POPT_ARG_VAL, &inplace, 0, 0, 0 },
diff --git a/options.c b/options.c
index b12da55..5a27452 100644
--- a/options.c
+++ b/options.c
@@ -2606,6 +2606,12 @@ void server_options(char **args, int *argc_p)
args[ac++] = arg;
}
+ if (sparse_files_block_size) {
+ if (asprintf(&arg, "--sparse-block=%lu", sparse_files_block_size) < 0)
+ goto oom;
+ args[ac++] = arg;
+ }
+
if (io_timeout) {
if (asprintf(&arg, "--timeout=%d", io_timeout) < 0)
goto oom;
diff --git a/rsync.yo b/rsync.yo
--- a/rsync.yo
+++ b/rsync.yo
@@ -377,6 +377,7 @@ to the detailed description below for a complete description. verb(
--super receiver attempts super-user activities
--fake-super store/recover privileged attrs using xattrs
-S, --sparse turn sequences of nulls into sparse blocks
+ --sparse-block=SIZE set block size used to handle sparse files
--preallocate allocate dest files before writing
-n, --dry-run perform a trial run with no changes made
-W, --whole-file copy files whole (w/o delta-xfer algorithm)
@@ -1299,6 +1300,15 @@ If combined with bf(--sparse), the file will only have sparse blocks (as
opposed to allocated sequences of null bytes) if the kernel version and
filesystem type support creating holes in the allocated data.
+dit(bf(--sparse-block=SIZE)) Change the block size used to handle sparse files
+to SIZE bytes. This option only has an effect if the bf(--sparse) (bf(-S))
+option was also specified. The default block size used by rsync to detect a
+file hole is 1024 bytes; when the receiver writes data to the destination file
+and option bf(--sparse) is used, rsync checks every 1024-bytes chunk to detect
+if they are actually filled with data or not. With certain filesystems,
+optimized to receive data streams for example, enlarging this block size can
+strongly increase performance. The option can be used to tune this block size.
+
dit(bf(-n, --dry-run)) This makes rsync perform a trial run that doesn't
make any changes (and produces mostly the same output as a real run). It
is most commonly used in combination with the bf(-v, --verbose) and/or
diff --git a/rsync.1 b/rsync.1
index 855dd47..1d7af3c 100644
--- a/rsync.1
+++ b/rsync.1
@@ -454,6 +454,7 @@ to the detailed description below for a complete description.
\-\-super receiver attempts super\-user activities
\-\-fake\-super store/recover privileged attrs using xattrs
\-S, \-\-sparse turn sequences of nulls into sparse blocks
+ \-\-sparse-block=SIZE set block size used to handle sparse files
\-\-preallocate allocate dest files before writing
\-n, \-\-dry\-run perform a trial run with no changes made
\-W, \-\-whole\-file copy files whole (w/o delta\-xfer algorithm)
@@ -1493,6 +1493,16 @@ If combined with \fB\-\-sparse\fP, the file will only have sparse blocks (as
opposed to allocated sequences of null bytes) if the kernel version and
filesystem type support creating holes in the allocated data.
.IP
+.IP "\fB\-\-sparse\-block=SIZE\fP"
+Change the block size used to handle sparse files
+to SIZE bytes. This option only has an effect if the \fB\-\-sparse\fP (\fB\-S\fP)
+option was also specified. The default block size used by rsync to detect a
+file hole is 1024 bytes; when the receiver writes data to the destination file
+and option \fB\-\-sparse\fP is used, rsync checks every 1024\-bytes chunk to detect
+if they are actually filled with data or not. With certain filesystems,
+optimized to receive data streams for example, enlarging this block size can
+strongly increase performance. The option can be used to tune this block size.
+.IP
.IP "\fB\-n, \-\-dry\-run\fP"
This makes rsync perform a trial run that doesn\(cq\&t
make any changes (and produces mostly the same output as a real run). It

38
SOURCES/rsync-3.1.3-xattr.patch
View File

@ -1,38 +0,0 @@
diff --git a/xattrs.c b/xattrs.c
index 508649c0..3c549192 100644
--- a/xattrs.c
+++ b/xattrs.c
@@ -1055,7 +1055,7 @@ int set_xattr(const char *fname, const struct file_struct *file, const char *fna
{
rsync_xa_list *glst = rsync_xal_l.items;
item_list *lst;
- int ndx;
+ int ndx, added_write_perm = 0;
if (dry_run)
return 1; /* FIXME: --dry-run needs to compute this value */
@@ -1084,10 +1084,23 @@ int set_xattr(const char *fname, const struct file_struct *file, const char *fna
}
#endif
+ /* If the target file lacks write permission, we try to add it
+ * temporarily so we can change the extended attributes. */
+ if (!am_root
+#ifdef SUPPORT_LINKS
+ && !S_ISLNK(sxp->st.st_mode)
+#endif
+ && access(fname, W_OK) < 0
+ && do_chmod(fname, (sxp->st.st_mode & CHMOD_BITS) | S_IWUSR) == 0)
+ added_write_perm = 1;
+
ndx = F_XATTR(file);
glst += ndx;
lst = &glst->xa_items;
- return rsync_xal_set(fname, lst, fnamecmp, sxp);
+ int return_value = rsync_xal_set(fname, lst, fnamecmp, sxp);
+ if (added_write_perm) /* remove the temporary write permission */
+ do_chmod(fname, sxp->st.st_mode);
+ return return_value;
}
#ifdef SUPPORT_ACLS

1
ci.fmf Normal file
View File

@ -0,0 +1 @@
resultsdb-testcase: separate

25
gating.yaml Normal file
View File

@ -0,0 +1,25 @@
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_testing
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
#Rawhide
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_stable
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
#gating rhel
--- !Policy
product_versions:
- rhel-*
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-public.functional}
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}

36
plans.fmf Normal file
View File

@ -0,0 +1,36 @@
/tier1-internal:
plan:
import:
url: https://src.fedoraproject.org/tests/rsync.git
name: /plans/tier1/internal
/tier1-public:
plan:
import:
url: https://src.fedoraproject.org/tests/rsync.git
name: /plans/tier1/public
/tier2-tier3-internal:
plan:
import:
url: https://src.fedoraproject.org/tests/rsync.git
name: /plans/tier2-tier3/internal
/tier2-tier3-public:
plan:
import:
url: https://src.fedoraproject.org/tests/rsync.git
name: /plans/tier2-tier3/public
/others-internal:
plan:
import:
url: https://src.fedoraproject.org/tests/rsync.git
name: /plans/others/internal
/others-public:
plan:
import:
url: https://src.fedoraproject.org/tests/rsync.git
name: /plans/others/public

3
rpminspect.yaml Normal file
View File

@ -0,0 +1,3 @@
---
inspections:
badfuncs: off

0
SOURCES/rsync-3.0.6-iconv-logging.patch → rsync-3.0.6-iconv-logging.patch
View File

12
rsync-3.2.2-runtests.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/runtests.sh.old b/runtests.sh
index ecb383e..1cd1d1a 100755
--- a/runtests.sh.old
+++ b/runtests.sh
@@ -276,6 +276,7 @@ do
case "$testscript" in
*hardlinks*) TESTRUN_TIMEOUT=600 ;;
+ *default-acls*) continue ;;
*) TESTRUN_TIMEOUT=300 ;;
esac

130
rsync-3.3.0-cve-2024-12084.patch Normal file
View File

@ -0,0 +1,130 @@
diff --git a/io.c b/io.c
index a99ac0e..bb60eec 100644
--- a/io.c
+++ b/io.c
@@ -55,6 +55,7 @@ extern int read_batch;
extern int compat_flags;
extern int protect_args;
extern int checksum_seed;
+extern int xfer_sum_len;
extern int daemon_connection;
extern int protocol_version;
extern int remove_source_files;
@@ -1977,7 +1978,7 @@ void read_sum_head(int f, struct sum_struct *sum)
exit_cleanup(RERR_PROTOCOL);
}
sum->s2length = protocol_version < 27 ? csum_length : (int)read_int(f);
- if (sum->s2length < 0 || sum->s2length > MAX_DIGEST_LEN) {
+ if (sum->s2length < 0 || sum->s2length > xfer_sum_len) {
rprintf(FERROR, "Invalid checksum length %d [%s]\n",
sum->s2length, who_am_i());
exit_cleanup(RERR_PROTOCOL);
diff --git a/match.c b/match.c
index cdb30a1..36e78ed 100644
--- a/match.c
+++ b/match.c
@@ -232,7 +232,7 @@ static void hash_search(int f,struct sum_struct *s,
done_csum2 = 1;
}
- if (memcmp(sum2,s->sums[i].sum2,s->s2length) != 0) {
+ if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) {
false_alarms++;
continue;
}
@@ -252,7 +252,7 @@ static void hash_search(int f,struct sum_struct *s,
if (i != aligned_i) {
if (sum != s->sums[aligned_i].sum1
|| l != s->sums[aligned_i].len
- || memcmp(sum2, s->sums[aligned_i].sum2, s->s2length) != 0)
+ || memcmp(sum2, sum2_at(s, aligned_i), s->s2length) != 0)
goto check_want_i;
i = aligned_i;
}
@@ -271,7 +271,7 @@ static void hash_search(int f,struct sum_struct *s,
if (sum != s->sums[i].sum1)
goto check_want_i;
get_checksum2((char *)map, l, sum2);
- if (memcmp(sum2, s->sums[i].sum2, s->s2length) != 0)
+ if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0)
goto check_want_i;
/* OK, we have a re-alignment match. Bump the offset
* forward to the new match point. */
@@ -290,7 +290,7 @@ static void hash_search(int f,struct sum_struct *s,
&& (!updating_basis_file || s->sums[want_i].offset >= offset
|| s->sums[want_i].flags & SUMFLG_SAME_OFFSET)
&& sum == s->sums[want_i].sum1
- && memcmp(sum2, s->sums[want_i].sum2, s->s2length) == 0) {
+ && memcmp(sum2, sum2_at(s, want_i), s->s2length) == 0) {
/* we've found an adjacent match - the RLL coder
* will be happy */
i = want_i;
diff --git a/rsync.c b/rsync.c
index cd288f5..b130aba 100644
--- a/rsync.c
+++ b/rsync.c
@@ -437,7 +437,10 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, cha
*/
void free_sums(struct sum_struct *s)
{
- if (s->sums) free(s->sums);
+ if (s->sums) {
+ free(s->sums);
+ free(s->sum2_array);
+ }
free(s);
}
diff --git a/rsync.h b/rsync.h
index d3709fe..0f9e277 100644
--- a/rsync.h
+++ b/rsync.h
@@ -958,12 +958,12 @@ struct sum_buf {
uint32 sum1; /**< simple checksum */
int32 chain; /**< next hash-table collision */
short flags; /**< flag bits */
- char sum2[SUM_LENGTH]; /**< checksum */
};
struct sum_struct {
OFF_T flength; /**< total file length */
struct sum_buf *sums; /**< points to info for each chunk */
+ char *sum2_array; /**< checksums of length xfer_sum_len */
int32 count; /**< how many chunks */
int32 blength; /**< block_length */
int32 remainder; /**< flength % block_length */
@@ -982,6 +982,8 @@ struct map_struct {
int status; /* first errno from read errors */
};
+#define sum2_at(s, i) ((s)->sum2_array + ((size_t)(i) * xfer_sum_len))
+
#define NAME_IS_FILE (0) /* filter name as a file */
#define NAME_IS_DIR (1<<0) /* filter name as a dir */
#define NAME_IS_XATTR (1<<2) /* filter name as an xattr */
diff --git a/sender.c b/sender.c
index 3d4f052..2bbff2f 100644
--- a/sender.c
+++ b/sender.c
@@ -31,6 +31,7 @@ extern int log_before_transfer;
extern int stdout_format_has_i;
extern int logfile_format_has_i;
extern int want_xattr_optim;
+extern int xfer_sum_len;
extern int csum_length;
extern int append_mode;
extern int copy_links;
@@ -94,10 +95,11 @@ static struct sum_struct *receive_sums(int f)
return(s);
s->sums = new_array(struct sum_buf, s->count);
+ s->sum2_array = new_array(char, (size_t)s->count * xfer_sum_len);
for (i = 0; i < s->count; i++) {
s->sums[i].sum1 = read_int(f);
- read_buf(f, s->sums[i].sum2, s->s2length);
+ read_buf(f, sum2_at(s, i), s->s2length);
s->sums[i].offset = offset;
s->sums[i].flags = 0;

1
SOURCES/rsync-3.1.3-cve-2024-12085.patch → rsync-3.3.0-cve-2024-12085.patch
View File

@ -12,3 +12,4 @@ index 36e78ed..dfd6af2 100644
/* want_i is used to encourage adjacent matches, allowing the RLL /* want_i is used to encourage adjacent matches, allowing the RLL
* coding of the output to work more efficiently. */ * coding of the output to work more efficiently. */
want_i = 0; want_i = 0;

198
rsync-3.3.0-cve-2024-12086.patch Normal file
View File

@ -0,0 +1,198 @@
diff --git a/receiver.c b/receiver.c
index 6b4b369..8031b8f 100644
--- a/receiver.c
+++ b/receiver.c
@@ -66,6 +66,7 @@ extern char sender_file_sum[MAX_DIGEST_LEN];
extern struct file_list *cur_flist, *first_flist, *dir_flist;
extern filter_rule_list daemon_filter_list;
extern OFF_T preallocated_len;
+extern int fuzzy_basis;
extern struct name_num_item *xfer_sum_nni;
extern int xfer_sum_len;
@@ -551,6 +552,8 @@ int recv_files(int f_in, int f_out, char *local_name)
progress_init();
while (1) {
+ const char *basedir = NULL;
+
cleanup_disable();
/* This call also sets cur_flist. */
@@ -716,28 +719,34 @@ int recv_files(int f_in, int f_out, char *local_name)
fnamecmp = get_backup_name(fname);
break;
case FNAMECMP_FUZZY:
+ if (fuzzy_basis == 0) {
+ rprintf(FERROR_XFER, "rsync: refusing malicious fuzzy operation for %s\n", xname);
+ exit_cleanup(RERR_PROTOCOL);
+ }
if (file->dirname) {
- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname);
- fnamecmp = fnamecmpbuf;
- } else
- fnamecmp = xname;
+ basedir = file->dirname;
+ }
+ fnamecmp = xname;
break;
default:
if (fnamecmp_type > FNAMECMP_FUZZY && fnamecmp_type-FNAMECMP_FUZZY <= basis_dir_cnt) {
fnamecmp_type -= FNAMECMP_FUZZY + 1;
if (file->dirname) {
- stringjoin(fnamecmpbuf, sizeof fnamecmpbuf,
- basis_dir[fnamecmp_type], "/", file->dirname, "/", xname, NULL);
- } else
- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], xname);
+ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], file->dirname);
+ basedir = fnamecmpbuf;
+ } else {
+ basedir = basis_dir[fnamecmp_type];
+ }
+ fnamecmp = xname;
} else if (fnamecmp_type >= basis_dir_cnt) {
rprintf(FERROR,
"invalid basis_dir index: %d.\n",
fnamecmp_type);
exit_cleanup(RERR_PROTOCOL);
- } else
- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], fname);
- fnamecmp = fnamecmpbuf;
+ } else {
+ basedir = basis_dir[fnamecmp_type];
+ fnamecmp = fname;
+ }
break;
}
if (!fnamecmp || (daemon_filter_list.head
@@ -760,7 +769,7 @@ int recv_files(int f_in, int f_out, char *local_name)
}
/* open the file */
- fd1 = do_open(fnamecmp, O_RDONLY, 0);
+ fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0);
if (fd1 == -1 && protocol_version < 29) {
if (fnamecmp != fname) {
@@ -771,14 +780,20 @@ int recv_files(int f_in, int f_out, char *local_name)
if (fd1 == -1 && basis_dir[0]) {
/* pre-29 allowed only one alternate basis */
- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf,
- basis_dir[0], fname);
- fnamecmp = fnamecmpbuf;
+ basedir = basis_dir[0];
+ fnamecmp = fname;
fnamecmp_type = FNAMECMP_BASIS_DIR_LOW;
- fd1 = do_open(fnamecmp, O_RDONLY, 0);
+ fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0);
}
}
+ if (basedir) {
+ // for the following code we need the full
+ // path name as a single string
+ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basedir, fnamecmp);
+ fnamecmp = fnamecmpbuf;
+ }
+
one_inplace = inplace_partial && fnamecmp_type == FNAMECMP_PARTIAL_DIR;
updating_basis_or_equiv = one_inplace
|| (inplace && (fnamecmp == fname || fnamecmp_type == FNAMECMP_BACKUP));
diff --git a/syscall.c b/syscall.c
index d92074a..47c5ea5 100644
--- a/syscall.c
+++ b/syscall.c
@@ -33,6 +33,8 @@
#include <sys/syscall.h>
#endif
+#include "ifuncs.h"
+
extern int dry_run;
extern int am_root;
extern int am_sender;
@@ -712,3 +714,82 @@ int do_open_nofollow(const char *pathname, int flags)
return fd;
}
+
+/*
+ open a file relative to a base directory. The basedir can be NULL,
+ in which case the current working directory is used. The relpath
+ must be a relative path, and the relpath must not contain any
+ elements in the path which follow symlinks (ie. like O_NOFOLLOW, but
+ applies to all path components, not just the last component)
+
+ The relpath must also not contain any ../ elements in the path
+*/
+int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode)
+{
+ if (!relpath || relpath[0] == '/') {
+ // must be a relative path
+ errno = EINVAL;
+ return -1;
+ }
+ if (strncmp(relpath, "../", 3) == 0 || strstr(relpath, "/../")) {
+ // no ../ elements allowed in the relpath
+ errno = EINVAL;
+ return -1;
+ }
+
+#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY)
+ // really old system, all we can do is live with the risks
+ if (!basedir) {
+ return open(relpath, flags, mode);
+ }
+ char fullpath[MAXPATHLEN];
+ pathjoin(fullpath, sizeof fullpath, basedir, relpath);
+ return open(fullpath, flags, mode);
+#else
+ int dirfd = AT_FDCWD;
+ if (basedir != NULL) {
+ dirfd = openat(AT_FDCWD, basedir, O_RDONLY | O_DIRECTORY);
+ if (dirfd == -1) {
+ return -1;
+ }
+ }
+ int retfd = -1;
+
+ char *path_copy = my_strdup(relpath, __FILE__, __LINE__);
+ if (!path_copy) {
+ return -1;
+ }
+
+ for (const char *part = strtok(path_copy, "/");
+ part != NULL;
+ part = strtok(NULL, "/"))
+ {
+ int next_fd = openat(dirfd, part, O_RDONLY | O_DIRECTORY | O_NOFOLLOW);
+ if (next_fd == -1 && errno == ENOTDIR) {
+ if (strtok(NULL, "/") != NULL) {
+ // this is not the last component of the path
+ errno = ELOOP;
+ goto cleanup;
+ }
+ // this could be the last component of the path, try as a file
+ retfd = openat(dirfd, part, flags | O_NOFOLLOW, mode);
+ goto cleanup;
+ }
+ if (next_fd == -1) {
+ goto cleanup;
+ }
+ if (dirfd != AT_FDCWD) close(dirfd);
+ dirfd = next_fd;
+ }
+
+ // the path must be a directory
+ errno = EINVAL;
+
+cleanup:
+ free(path_copy);
+ if (dirfd != AT_FDCWD) {
+ close(dirfd);
+ }
+ return retfd;
+#endif // O_NOFOLLOW, O_DIRECTORY
+}

37
rsync-3.3.0-cve-2024-12087.patch Normal file
View File

@ -0,0 +1,37 @@
diff --git a/flist.c b/flist.c
index 464d556..087f9da 100644
--- a/flist.c
+++ b/flist.c
@@ -2584,6 +2584,19 @@ struct file_list *recv_file_list(int f, int dir_ndx)
init_hard_links();
#endif
+ if (inc_recurse && dir_ndx >= 0) {
+ if (dir_ndx >= dir_flist->used) {
+ rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used);
+ exit_cleanup(RERR_PROTOCOL);
+ }
+ struct file_struct *file = dir_flist->files[dir_ndx];
+ if (file->flags & FLAG_GOT_DIR_FLIST) {
+ rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx);
+ exit_cleanup(RERR_PROTOCOL);
+ }
+ file->flags |= FLAG_GOT_DIR_FLIST;
+ }
+
flist = flist_new(0, "recv_file_list");
flist_expand(flist, FLIST_START_LARGE);
diff --git a/rsync.h b/rsync.h
index 0f9e277..b9a7101 100644
--- a/rsync.h
+++ b/rsync.h
@@ -84,6 +84,7 @@
#define FLAG_DUPLICATE (1<<4) /* sender */
#define FLAG_MISSING_DIR (1<<4) /* generator */
#define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */
+#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */
#define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */
#define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */
#define FLAG_HLINK_LAST (1<<7) /* receiver/generator */

58
rsync-3.3.0-cve-2024-12088.patch Normal file
View File

@ -0,0 +1,58 @@
diff --git a/testsuite/unsafe-byname.test b/testsuite/unsafe-byname.test
index 75e7201..d2e318e 100644
--- a/testsuite/unsafe-byname.test
+++ b/testsuite/unsafe-byname.test
@@ -40,7 +40,7 @@ test_unsafe ..//../dest from/dir unsafe
test_unsafe .. from/file safe
test_unsafe ../.. from/file unsafe
test_unsafe ..//.. from//file unsafe
-test_unsafe dir/.. from safe
+test_unsafe dir/.. from unsafe
test_unsafe dir/../.. from unsafe
test_unsafe dir/..//.. from unsafe
diff --git a/util1.c b/util1.c
index da50ff1..f260d39 100644
--- a/util1.c
+++ b/util1.c
@@ -1318,7 +1318,14 @@ int handle_partial_dir(const char *fname, int create)
*
* "src" is the top source directory currently applicable at the level
* of the referenced symlink. This is usually the symlink's full path
- * (including its name), as referenced from the root of the transfer. */
+ * (including its name), as referenced from the root of the transfer.
+ *
+ * NOTE: this also rejects dest names with a .. component in other
+ * than the first component of the name ie. it rejects names such as
+ * a/b/../x/y. This needs to be done as the leading subpaths 'a' or
+ * 'b' could later be replaced with symlinks such as a link to '.'
+ * resulting in the link being transferred now becoming unsafe
+ */
int unsafe_symlink(const char *dest, const char *src)
{
const char *name, *slash;
@@ -1328,6 +1335,23 @@ int unsafe_symlink(const char *dest, const char *src)
if (!dest || !*dest || *dest == '/')
return 1;
+ // reject destinations with /../ in the name other than at the start of the name
+ const char *dest2 = dest;
+ while (strncmp(dest2, "../", 3) == 0) {
+ dest2 += 3;
+ while (*dest2 == '/') {
+ // allow for ..//..///../foo
+ dest2++;
+ }
+ }
+ if (strstr(dest2, "/../"))
+ return 1;
+
+ // reject if the destination ends in /..
+ const size_t dlen = strlen(dest);
+ if (dlen > 3 && strcmp(&dest[dlen-3], "/..") == 0)
+ return 1;
+
/* find out what our safety margin is */
for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) {
/* ".." segment starts the count over. "." segment is ignored. */

164
rsync-3.3.0-cve-2024-12747.patch Normal file
View File

@ -0,0 +1,164 @@
diff --git a/checksum.c b/checksum.c
index cb21882..66e8089 100644
--- a/checksum.c
+++ b/checksum.c
@@ -406,7 +406,7 @@ void file_checksum(const char *fname, const STRUCT_STAT *st_p, char *sum)
int32 remainder;
int fd;
- fd = do_open(fname, O_RDONLY, 0);
+ fd = do_open_checklinks(fname);
if (fd == -1) {
memset(sum, 0, file_sum_len);
return;
diff --git a/flist.c b/flist.c
index 087f9da..1783253 100644
--- a/flist.c
+++ b/flist.c
@@ -1390,7 +1390,7 @@ struct file_struct *make_file(const char *fname, struct file_list *flist,
if (copy_devices && am_sender && IS_DEVICE(st.st_mode)) {
if (st.st_size == 0) {
- int fd = do_open(fname, O_RDONLY, 0);
+ int fd = do_open_checklinks(fname);
if (fd >= 0) {
st.st_size = get_device_size(fd, fname);
close(fd);
diff --git a/generator.c b/generator.c
index 110db28..3f13bb9 100644
--- a/generator.c
+++ b/generator.c
@@ -1798,7 +1798,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
if (write_devices && IS_DEVICE(sx.st.st_mode) && sx.st.st_size == 0) {
/* This early open into fd skips the regular open below. */
- if ((fd = do_open(fnamecmp, O_RDONLY, 0)) >= 0)
+ if ((fd = do_open_nofollow(fnamecmp, O_RDONLY)) >= 0)
real_sx.st.st_size = sx.st.st_size = get_device_size(fd, fnamecmp);
}
@@ -1867,7 +1867,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
}
/* open the file */
- if (fd < 0 && (fd = do_open(fnamecmp, O_RDONLY, 0)) < 0) {
+ if (fd < 0 && (fd = do_open_checklinks(fnamecmp)) < 0) {
rsyserr(FERROR, errno, "failed to open %s, continuing",
full_fname(fnamecmp));
pretend_missing:
diff --git a/receiver.c b/receiver.c
index 8031b8f..edfbb21 100644
--- a/receiver.c
+++ b/receiver.c
@@ -775,7 +775,7 @@ int recv_files(int f_in, int f_out, char *local_name)
if (fnamecmp != fname) {
fnamecmp = fname;
fnamecmp_type = FNAMECMP_FNAME;
- fd1 = do_open(fnamecmp, O_RDONLY, 0);
+ fd1 = do_open_nofollow(fnamecmp, O_RDONLY);
}
if (fd1 == -1 && basis_dir[0]) {
diff --git a/sender.c b/sender.c
index 2bbff2f..a4d46c3 100644
--- a/sender.c
+++ b/sender.c
@@ -350,7 +350,7 @@ void send_files(int f_in, int f_out)
exit_cleanup(RERR_PROTOCOL);
}
- fd = do_open(fname, O_RDONLY, 0);
+ fd = do_open_checklinks(fname);
if (fd == -1) {
if (errno == ENOENT) {
enum logcode c = am_daemon && protocol_version < 28 ? FERROR : FWARNING;
diff --git a/syscall.c b/syscall.c
index 47c5ea5..c55ae5f 100644
--- a/syscall.c
+++ b/syscall.c
@@ -45,6 +45,8 @@ extern int preallocate_files;
extern int preserve_perms;
extern int preserve_executability;
extern int open_noatime;
+extern int copy_links;
+extern int copy_unsafe_links;
#ifndef S_BLKSIZE
# if defined hpux || defined __hpux__ || defined __hpux
@@ -793,3 +795,21 @@ cleanup:
return retfd;
#endif // O_NOFOLLOW, O_DIRECTORY
}
+
+/*
+ varient of do_open/do_open_nofollow which does do_open() if the
+ copy_links or copy_unsafe_links options are set and does
+ do_open_nofollow() otherwise
+
+ This is used to prevent a race condition where an attacker could be
+ switching a file between being a symlink and being a normal file
+
+ The open is always done with O_RDONLY flags
+ */
+int do_open_checklinks(const char *pathname)
+{
+ if (copy_links || copy_unsafe_links) {
+ return do_open(pathname, O_RDONLY, 0);
+ }
+ return do_open_nofollow(pathname, O_RDONLY);
+}
diff --git a/t_unsafe.c b/t_unsafe.c
index 010cac5..e10619a 100644
--- a/t_unsafe.c
+++ b/t_unsafe.c
@@ -28,6 +28,9 @@ int am_root = 0;
int am_sender = 1;
int read_only = 0;
int list_only = 0;
+int copy_links = 0;
+int copy_unsafe_links = 0;
+
short info_levels[COUNT_INFO], debug_levels[COUNT_DEBUG];
int
diff --git a/tls.c b/tls.c
index e6b0708..858f8f1 100644
--- a/tls.c
+++ b/tls.c
@@ -49,6 +49,9 @@ int list_only = 0;
int link_times = 0;
int link_owner = 0;
int nsec_times = 0;
+int safe_symlinks = 0;
+int copy_links = 0;
+int copy_unsafe_links = 0;
#ifdef SUPPORT_XATTRS
diff --git a/trimslash.c b/trimslash.c
index 1ec928c..f2774cd 100644
--- a/trimslash.c
+++ b/trimslash.c
@@ -26,6 +26,8 @@ int am_root = 0;
int am_sender = 1;
int read_only = 1;
int list_only = 0;
+int copy_links = 0;
+int copy_unsafe_links = 0;
int
main(int argc, char **argv)
diff --git a/util1.c b/util1.c
index f260d39..d84bc41 100644
--- a/util1.c
+++ b/util1.c
@@ -365,7 +365,7 @@ int copy_file(const char *source, const char *dest, int tmpfilefd, mode_t mode)
int len; /* Number of bytes read into `buf'. */
OFF_T prealloc_len = 0, offset = 0;
- if ((ifd = do_open(source, O_RDONLY, 0)) < 0) {
+ if ((ifd = do_open_nofollow(source, O_RDONLY)) < 0) {
int save_errno = errno;
rsyserr(FERROR_XFER, errno, "open %s", full_fname(source));
errno = save_errno;

0
SOURCES/rsync-man.patch → rsync-man.patch
View File

147
rsync-noatime.patch Normal file
View File

@ -0,0 +1,147 @@
Optionally preserve atimes.
Based on https://bugzilla.samba.org/show_bug.cgi?id=7249#c1 by Nicolas George.
Index: rsync-3.1.0/options.c
===================================================================
--- rsync-3.1.0.orig/options.c
+++ rsync-3.1.0/options.c
@@ -125,6 +125,7 @@ int delay_updates = 0;
long block_size = 0; /* "long" because popt can't set an int32. */
char *skip_compress = NULL;
item_list dparam_list = EMPTY_ITEM_LIST;
+int noatime = 0;
/** Network address family. **/
int default_af_hint
@@ -802,6 +803,7 @@ void usage(enum logcode F)
rprintf(F," --iconv=CONVERT_SPEC request charset conversion of filenames\n");
#endif
rprintf(F," --checksum-seed=NUM set block/file checksum seed (advanced)\n");
+ rprintf(F," --noatime do not alter atime when opening source files\n");
rprintf(F," -4, --ipv4 prefer IPv4\n");
rprintf(F," -6, --ipv6 prefer IPv6\n");
rprintf(F," --version print version number\n");
@@ -1019,6 +1021,7 @@ static struct poptOption long_options[]
{"iconv", 0, POPT_ARG_STRING, &iconv_opt, 0, 0, 0 },
{"no-iconv", 0, POPT_ARG_NONE, 0, OPT_NO_ICONV, 0, 0 },
#endif
+ {"noatime", 0, POPT_ARG_VAL, &noatime, 1, 0, 0 },
{"ipv4", '4', POPT_ARG_VAL, &default_af_hint, AF_INET, 0, 0 },
{"ipv6", '6', POPT_ARG_VAL, &default_af_hint, AF_INET6, 0, 0 },
{"8-bit-output", '8', POPT_ARG_VAL, &allow_8bit_chars, 1, 0, 0 },
@@ -2739,6 +2742,12 @@ void server_options(char **args, int *ar
if (preallocate_files && am_sender)
args[ac++] = "--preallocate";
+ /*
+ * Do we want remote atime preservation when we preserve local ones?
+ if (noatime)
+ args[ac++] = "--noatime";
+ */
+
if (ac > MAX_SERVER_ARGS) { /* Not possible... */
rprintf(FERROR, "argc overflow in server_options().\n");
exit_cleanup(RERR_MALLOC);
Index: rsync-3.1.0/rsync.yo
===================================================================
--- rsync-3.1.0.orig/rsync.yo
+++ rsync-3.1.0/rsync.yo
@@ -454,6 +454,7 @@ to the detailed description below for a
--protocol=NUM force an older protocol version to be used
--iconv=CONVERT_SPEC request charset conversion of filenames
--checksum-seed=NUM set block/file checksum seed (advanced)
+ --noatime do not alter atime when opening source files
-4, --ipv4 prefer IPv4
-6, --ipv6 prefer IPv6
--version print version number
@@ -2543,6 +2544,13 @@ daemon uses the charset specified in its
regardless of the remote charset you actually pass. Thus, you may feel free to
specify just the local charset for a daemon transfer (e.g. bf(--iconv=utf8)).
+dit(bf(--noatime)) Use the O_NOATIME open flag on systems that support it.
+The effect of this flag is to avoid altering the access time (atime) of the
+opened files.
+If the system does not support the O_NOATIME flag, this option does nothing.
+Currently, systems known to support O_NOATIME are Linux >= 2.6.8 with glibc
+>= 2.3.4.
+
dit(bf(-4, --ipv4) or bf(-6, --ipv6)) Tells rsync to prefer IPv4/IPv6
when creating sockets. This only affects sockets that rsync has direct
control over, such as the outgoing socket when directly contacting an
diff --git a/syscall.c b/syscall.c
index c46a8b4..6620563 100644
--- a/syscall.c
+++ b/syscall.c
@@ -42,6 +42,7 @@ extern int inplace;
extern int preallocate_files;
extern int preserve_perms;
extern int preserve_executability;
+extern int noatime;
#ifndef S_BLKSIZE
# if defined hpux || defined __hpux__ || defined __hpux
@@ -189,6 +190,10 @@ int do_open(const char *pathname, int fl
RETURN_ERROR_IF(dry_run, 0);
RETURN_ERROR_IF_RO_OR_LO;
}
+#ifdef O_NOATIME
+ if (noatime)
+ flags |= O_NOATIME;
+#endif
return open(pathname, flags | O_BINARY, mode);
}
Index: rsync/tls.c
===================================================================
--- rsync.orig/tls.c
+++ rsync/tls.c
@@ -53,6 +53,7 @@ int preserve_perms = 0;
int preserve_executability = 0;
int preallocate_files = 0;
int inplace = 0;
+int noatime = 0;
#ifdef SUPPORT_XATTRS
Index: rsync/t_unsafe.c
===================================================================
--- rsync.orig/t_unsafe.c
+++ rsync/t_unsafe.c
@@ -33,6 +33,10 @@ int preserve_perms = 0;
int preserve_executability = 0;
short info_levels[COUNT_INFO], debug_levels[COUNT_DEBUG];
+/* This is to make syscall.o shut up. */
+int noatime = 0;
+
+
int
main(int argc, char **argv)
{
Index: rsync/wildtest.c
===================================================================
--- rsync.orig/wildtest.c
+++ rsync/wildtest.c
@@ -32,6 +32,9 @@ int fnmatch_errors = 0;
int wildmatch_errors = 0;
+/* This is to make syscall.o shut up. */
+int noatime = 0;
+
typedef char bool;
int output_iterations = 0;
Index: rsync/trimslash.c
===================================================================
--- rsync.orig/trimslash.c
+++ rsync/trimslash.c
@@ -30,6 +30,7 @@ int preserve_perms = 0;
int preserve_executability = 0;
int preallocate_files = 0;
int inplace = 0;
+int noatime = 0;
int
main(int argc, char **argv)

295
SPECS/rsync.spec → rsync.spec
View File

@ -3,15 +3,14 @@
%define isprerelease 0 %define isprerelease 0
%if %isprerelease %if %isprerelease
%define prerelease pre1 %define prerelease pre3
%endif %endif
Summary: A program for synchronizing files over a network Summary: A program for synchronizing files over a network
Name: rsync Name: rsync
Version: 3.1.3 Version: 3.3.0
Release: 20%{?dist} Release: 6%{?prerelease}%{?dist}.alma.1
Group: Applications/Internet URL: https://rsync.samba.org/
URL: http://rsync.samba.org/
Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
Source1: https://download.samba.org/pub/rsync/src/rsync-patches-%{version}%{?prerelease}.tar.gz Source1: https://download.samba.org/pub/rsync/src/rsync-patches-%{version}%{?prerelease}.tar.gz
@ -21,28 +20,35 @@ Source4: rsyncd.conf
Source5: rsyncd.sysconfig Source5: rsyncd.sysconfig
Source6: rsyncd@.service Source6: rsyncd@.service
BuildRequires: libacl-devel, libattr-devel, autoconf, popt-devel, systemd BuildRequires: make
#Requires: zlib BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: libacl-devel
BuildRequires: libattr-devel
BuildRequires: autoconf
BuildRequires: popt-devel
BuildRequires: systemd
BuildRequires: lz4-devel
BuildRequires: openssl-devel
BuildRequires: libzstd-devel
%if ! 0%{?rhel} >= 10
BuildRequires: xxhash-devel
%endif
#Added virtual provide for zlib due to https://fedoraproject.org/wiki/Bundled_Libraries?rd=Packaging:Bundled_Libraries #Added virtual provide for zlib due to https://fedoraproject.org/wiki/Bundled_Libraries?rd=Packaging:Bundled_Libraries
Provides: bundled(zlib) = 1.2.8 Provides: bundled(zlib) = 1.2.8
License: GPLv3+ #rsync code is distributed under GPLv3+ license. There are files under popt/ directory
#which are provided under X11 license but they are not compiled. Except rsync links to
#popt provided by popt-devel from the system. Should this change, X11 license should be
#mentioned here as well.
License: GPL-3.0-or-later
Patch0: rsync-man.patch Patch1: rsync-3.2.2-runtests.patch
Patch1: rsync-3.0.6-iconv-logging.patch Patch2: rsync-3.3.0-cve-2024-12084.patch
Patch2: rsync-3.1.3-covscan.patch Patch3: rsync-3.3.0-cve-2024-12085.patch
Patch3: rsync-3.1.2-remove-symlinks.patch Patch4: rsync-3.3.0-cve-2024-12086.patch
Patch4: rsync-3.1.2-vvv-hang.patch Patch5: rsync-3.3.0-cve-2024-12087.patch
Patch5: rsync-3.1.3-ignore-missing.patch Patch6: rsync-3.3.0-cve-2024-12088.patch
Patch6: rsync-3.1.3-append-check.patch Patch7: rsync-3.3.0-cve-2024-12747.patch
Patch7: rsync-3.1.3-skip-compress.patch
Patch8: rsync-3.1.3-xattr.patch
Patch9: rsync-3.1.3-cve-2018-25032.patch
Patch10: rsync-3.1.3-sparse-block.patch
Patch11: rsync-3.1.3-cve-2022-29154.patch
Patch12: rsync-3.1.3-cve-2022-37434.patch
Patch13: rsync-3.1.3-filtering-rules.patch
Patch14: rsync-3.1.3-missing-xattr-filter.patch
Patch15: rsync-3.1.3-cve-2024-12085.patch
%description %description
Rsync uses a reliable algorithm to bring remote and host files into Rsync uses a reliable algorithm to bring remote and host files into
@ -73,38 +79,33 @@ package provides the anonymous rsync service.
%setup -q -b 1 %setup -q -b 1
%endif %endif
#Needed for compatibility with previous patched rsync versions #%patch0 -p1 -b .verify-hostname
patch -p1 -i patches/acls.diff %patch 1 -p1 -b .runtests
patch -p1 -i patches/xattrs.diff %patch 2 -p1 -b .cve-2024-12084
%patch 3 -p1 -b .cve-2024-12085
#Enable --copy-devices parameter %patch 4 -p1 -b .cve-2024-12086
patch -p1 -i patches/copy-devices.diff %patch 5 -p1 -b .cve-2024-12087
%patch 6 -p1 -b .cve-2024-12088
%patch0 -p1 -b .man %patch 7 -p1 -b .cve-2024-12747
%patch1 -p1 -b .iconv
%patch2 -p1 -b .covscan
%patch3 -p1 -b .symlinks
%patch4 -p1 -b .vvv
%patch5 -p1 -b .missing
%patch6 -p1 -b .append
%patch7 -p1 -b .skip-compress
%patch8 -p1 -b .xattr
%patch9 -p1 -b .cve-2018-25032
%patch10 -p1 -b .spars-block
%patch11 -p1 -b .cve-2022-29154
%patch12 -p1 -b .cve-2022-37434
%patch13 -p1 -b .filtering-rules
%patch14 -p1 -b .xattr-filter
%patch15 -p1 -b .cve-2024-12085
%build %build
%configure %configure \
# --with-included-zlib=no temporary disabled because of #1043965 --enable-openssl \
%if 0%{?rhel} >= 10
--disable-xxhash \
%endif
--enable-zstd \
--enable-lz4 \
--enable-ipv6
make %{?_smp_mflags} %{make_build}
%check
make check
chmod -x support/*
%install %install
%makeinstall INSTALLCMD='install -p' INSTALLMAN='install -p' %{make_install} INSTALLCMD='install -p' INSTALLMAN='install -p'
install -D -m644 %{SOURCE3} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd.service install -D -m644 %{SOURCE3} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd.service
install -D -m644 %{SOURCE2} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd.socket install -D -m644 %{SOURCE2} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd.socket
@ -112,21 +113,17 @@ install -D -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/rsyncd.conf
install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/rsyncd install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/rsyncd
install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
%check
make check
#scripts in support/* are needed to run upstream tests but after install these should not be executable
chmod -x support/*
%files %files
%{!?_licensedir:%global license %%doc}
%license COPYING %license COPYING
%doc NEWS OLDNEWS README support/ tech_report.tex %doc support/ tech_report.tex
%{_bindir}/%{name} %{_bindir}/%{name}
%{_bindir}/%{name}-ssl
%{_mandir}/man1/%{name}.1* %{_mandir}/man1/%{name}.1*
%{_mandir}/man1/%{name}-ssl.1*
%files daemon
%{_mandir}/man5/rsyncd.conf.5* %{_mandir}/man5/rsyncd.conf.5*
%config(noreplace) %{_sysconfdir}/rsyncd.conf %config(noreplace) %{_sysconfdir}/rsyncd.conf
%files daemon
%config(noreplace) %{_sysconfdir}/sysconfig/rsyncd %config(noreplace) %{_sysconfdir}/sysconfig/rsyncd
%{_unitdir}/rsyncd.socket %{_unitdir}/rsyncd.socket
%{_unitdir}/rsyncd.service %{_unitdir}/rsyncd.service
@ -142,60 +139,164 @@ chmod -x support/*
%systemd_postun_with_restart rsyncd.service %systemd_postun_with_restart rsyncd.service
%changelog %changelog
* Fri Jan 03 2025 Michal Ruprich <mruprich@redhat.com> - 3.1.3-20 * Tue Jan 14 2025 Jonathan Wright <jonathan@almalinux.org> - 3.3.0-6.alma.1
- Resolves: RHEL-70157 - Info Leak via Uninitialized Stack Contents - Fix for CVE-2024-12084
- Fix for CVE-2024-12085
- Fix for CVE-2024-12086
- Fix for CVE-2024-12087
- Fix for CVE-2024-12088
- Fix for CVE-2024-12747
* Wed Nov 02 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-19.1 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.3.0-6
- Resolves: #2139118 - rsync-daemon fail on 3.1.3 - Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Thu Aug 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-19 * Thu Aug 15 2024 Michal Ruprich <mruprich@redhat.com> - 3.3.0-5
- Resolves: #2116668 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field - Fixing a condition for BuildRequires on xxhash in RHEL
* Mon Aug 15 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-18 * Thu Aug 01 2024 Michal Ruprich <mruprich@redhat.com> - 3.3.0-4
- Resolves: #2111175 - remote arbitrary files write inside the directories of connecting peers - Disabling xxhash because it is being removed from RHEL
* Mon Aug 08 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-17 * Wed Jul 24 2024 Michal Ruprich <mruprich@redhat.com> - 3.3.0-3
- Related: #2043753 - New option should not be sent to the server every time - Adding rpminspect.yaml
* Thu Jul 28 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-16 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.3.0-2
- Resolves: #2043753 - [RFE] Improve defaults for sparse file buffering - Bump release for June 2024 mass rebuild
* Tue Apr 12 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-15 * Fri Apr 12 2024 Michal Ruprich <mruprich@redhat.com> - 3.3.0-1
- Resolves: #2071513 - A flaw in zlib-1.2.11 when compressing (not decompressing!) certain inputs - New version 3.3.0
* Mon Oct 11 2021 Michal Ruprich <mruprich@redhat.com> - 3.1.3-14 * Fri Jan 26 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.7-7
- Related: #1907443 - Adding fmf plans to run tests with tmt - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Sep 27 2021 Tomas Korbar <tkorbar@redhat.com> - 3.1.3-13 * Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.7-6
- Resolves: #1907443 - Read-only files that have changed xattrs fail to allow xattr changes - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Dec 18 2020 Michal Ruprich <mruprich@redhat.com> - 3.1.3-12 * Tue Aug 22 2023 Michal Ruprich <mruprich@redhat.com> - 3.2.7-5
- Resolves: #1816528 - Defaults for --skip-compress are not working, everything is being compressed - Resolves: #2229654 - rsync - buffer overflow detected
* Thu Nov 05 2020 Tomas Korbar <tkorbar@redhat.com> - 3.1.3-11 * Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.7-4
- Resolves: #1855981 - rsync segfaults in --append mode - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Nov 05 2020 Tomas Korbar <tkorbar@redhat.com> - 3.1.3-10 * Mon Mar 20 2023 Michal Ruprich <mruprich@redhat.com> - 3.2.7-3
- Resolves: #1727093 - rsync: "ABORTING due to invalid path from sender" - SPDX migration
* Mon Aug 24 2020 Michal Ruprich <mruprich@redhat.com> - 3.1.3-9 * Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.7-2
- Resolves: #1667436 - rsyncd.service fails to start at boot if address is configured - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jun 10 2020 Michal Ruprich <mruprich@redhat.com> - 3.1.3-8 * Fri Oct 21 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.7-1
- Resolves: #1775561 - rsync 3.1.2 hangs when run with -vvv to sync a large repository - New version 3.2.7
* Tue Oct 29 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-7 * Tue Sep 27 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.6-2
- Resolves: #1693162 - remove-source-files fails with symlinks - Resolves: #2128682 - rsync fail with "ERROR: rejecting unrequested file-list name..." depend of parameters order
* Tue Apr 16 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-6 * Mon Sep 12 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.6-1
- Resolves: #1602683 - Please review important issues found by covscan - New version 3.2.6
* Tue Apr 16 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-5 * Tue Aug 16 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.5-1
- Resolves: #1656761 - [FJ8.0 Bug]: [REG] The rsync command is terminated with SIGSEGV - New version 3.2.5
- Resolves: #2115430 - remote arbitrary files write inside the directories of connecting peers
- Fix for CVE-2022-37434
* Wed Oct 03 2018 Michal Ruprich <mruprich@redhat.com> - 3.1.3-4 * Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.4-5
- Resolves: #1635631 - Remove --noatime option from rsync - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Cleaning spec file
* Tue May 17 2022 Adam Williamson <awilliam@redhat.com> - 3.2.4-4
- Bump revision to 4 to be higher than wrongly-versioned 3.2.4-3pre3
* Tue May 17 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.4-1
- New version 3.2.4
* Thu Apr 14 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.4-3pre3
- Fix for CVE-2018-25032
* Mon Mar 21 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.4-2pre3
- Removing part of patch that does not belong
* Wed Mar 16 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.4-1pre3
- New pre-release version 3.2.4pre3
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.3-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Nov 16 2021 Michal Ruprich <mruprich@redhat.com> - 3.2.3-13
- Separating ci tests
* Tue Nov 16 2021 Michal Ruprich <mruprich@redhat.com> - 3.2.3-12
- Disabling STI tests
* Mon Nov 15 2021 Michal Ruprich <mruprich@redhat.com> - 3.2.3-11
- Bumping version to test fixed gating file
* Fri Nov 5 2021 Jan Kratochvil <jan@jankratochvil.net> - 3.2.3-10
- Re-enable xxh128 xxh3 xxh64 disabled during 3.2.2 update.
- Enforce openssl xxhash zstd lz4 ipv6 features by --enable-*.
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 3.2.3-9
- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sun May 09 2021 Jeff Law <jlaw@tachyum.com> - 3.2.3-7
- Re-enable LTO.
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 3.2.3-6
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Dec 08 2020 Michal Ruprich <mruprich@redhat.com> - 3.2.3-4
- Resolves: #1894485 - rsync is unable to set permissions when chrooted
- Getting rid of deprecated makeinstall macro
* Fri Nov 20 2020 Michal Ruprich <mruprich@redhat.com> - 3.2.3-3
- Disabling LTO as a temporary measure for rhbz#1898912
* Thu Nov 19 2020 Michal Ruprich <mruprich@redhat.com> - 3.2.3-2
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Mon Aug 31 2020 Michal Ruprich <mruprich@redhat.com> - 3.2.3-1
- New version 3.2.3
- Removed upstream patches acls.diff and xattrs.diff
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.2-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 21 2020 Michal Ruprich <michalruprich@gmail.com> - 3.2.2-1
- New version 3.2.2
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.3-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 10 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-10
- Enabling upstream test suite during build rhbz#1533846
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Apr 15 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-8
- Resolves: #1452187 - move man page rsyncd.conf(5) from rsync-daemon to rsync package
- Moving the config file as well
* Tue Mar 19 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-7
- Resolves: #1683737 - [abrt] rsync: utf8_internal_loop(): rsync killed by SIGSEGV
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 02 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-5
- Fix for rhbz#1586346 - rsyncd.service fails to start at boot if address is configured
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 3.1.3-3 * Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 3.1.3-3
- Escape macros in %%changelog - Escape macros in %%changelog

0
SOURCES/rsyncd.conf → rsyncd.conf
View File

0
SOURCES/rsyncd.service → rsyncd.service
View File

0
SOURCES/rsyncd.socket → rsyncd.socket
View File

0
SOURCES/rsyncd.sysconfig → rsyncd.sysconfig
View File

0
SOURCES/rsyncd@.service → rsyncd@.service
View File

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (rsync-3.3.0.tar.gz) = df5c53bc2f2b0e7e30f475903e5e4296dc2fbcf08e9ea6c3c61462d0e52b067c27e82deeb4be79102c86e9aa55a825182e126f22df44dabf5b7328acb2a01d10
SHA512 (rsync-patches-3.3.0.tar.gz) = f82aac81865fca1bf9dbc5964cc18a084029d8bca232d56f07a598a67eaa9cb01c3293c3a491d2147b9b14a51a4008c85ce0091bcae42e5776a5ffeebb84da11