- up to 3.2.3; disabled fadvise/noatime patches (need updating); dropped acl/xattrs...

diff --git a/CVE-2016-9840.patch b/CVE-2016-9840.patch
deleted file mode 100644 (file)
index 83a14df..0000000
--- a/CVE-2016-9840.patch
+++ /dev/null
@@ -1,71 +0,0 @@
->From 6a043145ca6e9c55184013841a67b2fef87e44c0 Mon Sep 17 00:00:00 2001
-From: Mark Adler <madler@alumni.caltech.edu>
-Date: Wed, 21 Sep 2016 23:35:50 -0700
-Subject: [PATCH] Remove offset pointer optimization in inftrees.c.
-
-inftrees.c was subtracting an offset from a pointer to an array,
-in order to provide a pointer that allowed indexing starting at
-the offset. This is not compliant with the C standard, for which
-the behavior of a pointer decremented before its allocated memory
-is undefined. Per the recommendation of a security audit of the
-zlib code by Trail of Bits and TrustInSoft, in support of the
-Mozilla Foundation, this tiny optimization was removed, in order
-to avoid the possibility of undefined behavior.
----
- inftrees.c | 18 ++++++++----------
- 1 file changed, 8 insertions(+), 10 deletions(-)
-
-diff --git a/zlib/inftrees.c b/zlib/inftrees.c
-index 22fcd666..0d2670d5 100644
---- a/zlib/inftrees.c
-+++ b/zlib/inftrees.c
-@@ -54,7 +54,7 @@ unsigned short FAR *work;
-     code FAR *next;             /* next available space in table */
-     const unsigned short FAR *base;     /* base value table to use */
-     const unsigned short FAR *extra;    /* extra bits table to use */
--    int end;                    /* use base and extra for symbol > end */
-+    unsigned match;             /* use base and extra for symbol >= match */
-     unsigned short count[MAXBITS+1];    /* number of codes of each length */
-     unsigned short offs[MAXBITS+1];     /* offsets in table for each length */
-     static const unsigned short lbase[31] = { /* Length codes 257..285 base */
-@@ -181,19 +181,17 @@ unsigned short FAR *work;
-     switch (type) {
-     case CODES:
-         base = extra = work;    /* dummy value--not used */
--        end = 19;
-+        match = 20;
-         break;
-     case LENS:
-         base = lbase;
--        base -= 257;
-         extra = lext;
--        extra -= 257;
--        end = 256;
-+        match = 257;
-         break;
-     default:            /* DISTS */
-         base = dbase;
-         extra = dext;
--        end = -1;
-+        match = 0;
-     }
- 
-     /* initialize state for loop */
-@@ -216,13 +214,13 @@ unsigned short FAR *work;
-     for (;;) {
-         /* create table entry */
-         here.bits = (unsigned char)(len - drop);
--        if ((int)(work[sym]) < end) {
-+        if (work[sym] + 1 < match) {
-             here.op = (unsigned char)0;
-             here.val = work[sym];
-         }
--        else if ((int)(work[sym]) > end) {
--            here.op = (unsigned char)(extra[work[sym]]);
--            here.val = base[work[sym]];
-+        else if (work[sym] >= match) {
-+            here.op = (unsigned char)(extra[work[sym] - match]);
-+            here.val = base[work[sym] - match];
-         }
-         else {
-             here.op = (unsigned char)(32 + 64);         /* end of block */

diff --git a/CVE-2016-9841.patch b/CVE-2016-9841.patch
deleted file mode 100644 (file)
index f8291b3..0000000
--- a/CVE-2016-9841.patch
+++ /dev/null
@@ -1,224 +0,0 @@
->From 9aaec95e82117c1cb0f9624264c3618fc380cecb Mon Sep 17 00:00:00 2001
-From: Mark Adler <madler@alumni.caltech.edu>
-Date: Wed, 21 Sep 2016 22:25:21 -0700
-Subject: [PATCH] Use post-increment only in inffast.c.
-
-An old inffast.c optimization turns out to not be optimal anymore
-with modern compilers, and furthermore was not compliant with the
-C standard, for which decrementing a pointer before its allocated
-memory is undefined. Per the recommendation of a security audit of
-the zlib code by Trail of Bits and TrustInSoft, in support of the
-Mozilla Foundation, this "optimization" was removed, in order to
-avoid the possibility of undefined behavior.
----
- inffast.c | 81 +++++++++++++++++++++----------------------------------
- 1 file changed, 31 insertions(+), 50 deletions(-)
-
-diff --git a/zlib/inffast.c b/zlib/inffast.c
-index bda59ceb..f0d163db 100644
---- a/zlib/inffast.c
-+++ b/zlib/inffast.c
-@@ -10,25 +10,6 @@
- 
- #ifndef ASMINF
- 
--/* Allow machine dependent optimization for post-increment or pre-increment.
--   Based on testing to date,
--   Pre-increment preferred for:
--   - PowerPC G3 (Adler)
--   - MIPS R5000 (Randers-Pehrson)
--   Post-increment preferred for:
--   - none
--   No measurable difference:
--   - Pentium III (Anderson)
--   - M68060 (Nikl)
-- */
--#ifdef POSTINC
--#  define OFF 0
--#  define PUP(a) *(a)++
--#else
--#  define OFF 1
--#  define PUP(a) *++(a)
--#endif
--
- /*
-    Decode literal, length, and distance codes and write out the resulting
-    literal and match bytes until either not enough input or output is
-@@ -96,9 +77,9 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
- 
-     /* copy state to local variables */
-     state = (struct inflate_state FAR *)strm->state;
--    in = strm->next_in - OFF;
-+    in = strm->next_in;
-     last = in + (strm->avail_in - 5);
--    out = strm->next_out - OFF;
-+    out = strm->next_out;
-     beg = out - (start - strm->avail_out);
-     end = out + (strm->avail_out - 257);
- #ifdef INFLATE_STRICT
-@@ -119,9 +100,9 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
-        input data or output space */
-     do {
-         if (bits < 15) {
--            hold += (unsigned long)(PUP(in)) << bits;
-+            hold += (unsigned long)(*in++) << bits;
-             bits += 8;
--            hold += (unsigned long)(PUP(in)) << bits;
-+            hold += (unsigned long)(*in++) << bits;
-             bits += 8;
-         }
-         here = lcode[hold & lmask];
-@@ -134,14 +115,14 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
-             Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?
-                     "inflate:         literal '%c'\n" :
-                     "inflate:         literal 0x%02x\n", here.val));
--            PUP(out) = (unsigned char)(here.val);
-+            *out++ = (unsigned char)(here.val);
-         }
-         else if (op & 16) {                     /* length base */
-             len = (unsigned)(here.val);
-             op &= 15;                           /* number of extra bits */
-             if (op) {
-                 if (bits < op) {
--                    hold += (unsigned long)(PUP(in)) << bits;
-+                    hold += (unsigned long)(*in++) << bits;
-                     bits += 8;
-                 }
-                 len += (unsigned)hold & ((1U << op) - 1);
-@@ -150,9 +131,9 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
-             }
-             Tracevv((stderr, "inflate:         length %u\n", len));
-             if (bits < 15) {
--                hold += (unsigned long)(PUP(in)) << bits;
-+                hold += (unsigned long)(*in++) << bits;
-                 bits += 8;
--                hold += (unsigned long)(PUP(in)) << bits;
-+                hold += (unsigned long)(*in++) << bits;
-                 bits += 8;
-             }
-             here = dcode[hold & dmask];
-@@ -165,10 +146,10 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
-                 dist = (unsigned)(here.val);
-                 op &= 15;                       /* number of extra bits */
-                 if (bits < op) {
--                    hold += (unsigned long)(PUP(in)) << bits;
-+                    hold += (unsigned long)(*in++) << bits;
-                     bits += 8;
-                     if (bits < op) {
--                        hold += (unsigned long)(PUP(in)) << bits;
-+                        hold += (unsigned long)(*in++) << bits;
-                         bits += 8;
-                     }
-                 }
-@@ -196,30 +177,30 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
- #ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
-                         if (len <= op - whave) {
-                             do {
--                                PUP(out) = 0;
-+                                *out++ = 0;
-                             } while (--len);
-                             continue;
-                         }
-                         len -= op - whave;
-                         do {
--                            PUP(out) = 0;
-+                            *out++ = 0;
-                         } while (--op > whave);
-                         if (op == 0) {
-                             from = out - dist;
-                             do {
--                                PUP(out) = PUP(from);
-+                                *out++ = *from++;
-                             } while (--len);
-                             continue;
-                         }
- #endif
-                     }
--                    from = window - OFF;
-+                    from = window;
-                     if (wnext == 0) {           /* very common case */
-                         from += wsize - op;
-                         if (op < len) {         /* some from window */
-                             len -= op;
-                             do {
--                                PUP(out) = PUP(from);
-+                                *out++ = *from++;
-                             } while (--op);
-                             from = out - dist;  /* rest from output */
-                         }
-@@ -230,14 +211,14 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
-                         if (op < len) {         /* some from end of window */
-                             len -= op;
-                             do {
--                                PUP(out) = PUP(from);
-+                                *out++ = *from++;
-                             } while (--op);
--                            from = window - OFF;
-+                            from = window;
-                             if (wnext < len) {  /* some from start of window */
-                                 op = wnext;
-                                 len -= op;
-                                 do {
--                                    PUP(out) = PUP(from);
-+                                    *out++ = *from++;
-                                 } while (--op);
-                                 from = out - dist;      /* rest from output */
-                             }
-@@ -248,35 +229,35 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
-                         if (op < len) {         /* some from window */
-                             len -= op;
-                             do {
--                                PUP(out) = PUP(from);
-+                                *out++ = *from++;
-                             } while (--op);
-                             from = out - dist;  /* rest from output */
-                         }
-                     }
-                     while (len > 2) {
--                        PUP(out) = PUP(from);
--                        PUP(out) = PUP(from);
--                        PUP(out) = PUP(from);
-+                        *out++ = *from++;
-+                        *out++ = *from++;
-+                        *out++ = *from++;
-                         len -= 3;
-                     }
-                     if (len) {
--                        PUP(out) = PUP(from);
-+                        *out++ = *from++;
-                         if (len > 1)
--                            PUP(out) = PUP(from);
-+                            *out++ = *from++;
-                     }
-                 }
-                 else {
-                     from = out - dist;          /* copy direct from output */
-                     do {                        /* minimum length is three */
--                        PUP(out) = PUP(from);
--                        PUP(out) = PUP(from);
--                        PUP(out) = PUP(from);
-+                        *out++ = *from++;
-+                        *out++ = *from++;
-+                        *out++ = *from++;
-                         len -= 3;
-                     } while (len > 2);
-                     if (len) {
--                        PUP(out) = PUP(from);
-+                        *out++ = *from++;
-                         if (len > 1)
--                            PUP(out) = PUP(from);
-+                            *out++ = *from++;
-                     }
-                 }
-             }
-@@ -313,8 +294,8 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
-     hold &= (1U << bits) - 1;
- 
-     /* update state and return */
--    strm->next_in = in + OFF;
--    strm->next_out = out + OFF;
-+    strm->next_in = in;
-+    strm->next_out = out;
-     strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last));
-     strm->avail_out = (unsigned)(out < end ?
-                                  257 + (end - out) : 257 - (out - end));

diff --git a/CVE-2016-9842.patch b/CVE-2016-9842.patch
deleted file mode 100644 (file)
index 0cf57e3..0000000
--- a/CVE-2016-9842.patch
+++ /dev/null
@@ -1,29 +0,0 @@
->From e54e1299404101a5a9d0cf5e45512b543967f958 Mon Sep 17 00:00:00 2001
-From: Mark Adler <madler@alumni.caltech.edu>
-Date: Sat, 5 Sep 2015 17:45:55 -0700
-Subject: [PATCH] Avoid shifts of negative values inflateMark().
-
-The C standard says that bit shifts of negative integers is
-undefined.  This casts to unsigned values to assure a known
-result.
----
- inflate.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/zlib/inflate.c b/zlib/inflate.c
-index 2889e3a0..a7184167 100644
---- a/zlib/inflate.c
-+++ b/zlib/inflate.c
-@@ -1506,9 +1506,10 @@ z_streamp strm;
- {
-     struct inflate_state FAR *state;
- 
--    if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16;
-+    if (strm == Z_NULL || strm->state == Z_NULL)
-+        return (long)(((unsigned long)0 - 1) << 16);
-     state = (struct inflate_state FAR *)strm->state;
--    return ((long)(state->back) << 16) +
-+    return (long)(((unsigned long)((long)state->back)) << 16) +
-         (state->mode == COPY ? state->length :
-             (state->mode == MATCH ? state->was - state->length : 0));
- }

diff --git a/CVE-2016-9843.patch b/CVE-2016-9843.patch
deleted file mode 100644 (file)
index 9327b2c..0000000
--- a/CVE-2016-9843.patch
+++ /dev/null
@@ -1,49 +0,0 @@
->From d1d577490c15a0c6862473d7576352a9f18ef811 Mon Sep 17 00:00:00 2001
-From: Mark Adler <madler@alumni.caltech.edu>
-Date: Wed, 28 Sep 2016 20:20:25 -0700
-Subject: [PATCH] Avoid pre-decrement of pointer in big-endian CRC calculation.
-
-There was a small optimization for PowerPCs to pre-increment a
-pointer when accessing a word, instead of post-incrementing. This
-required prefacing the loop with a decrement of the pointer,
-possibly pointing before the object passed. This is not compliant
-with the C standard, for which decrementing a pointer before its
-allocated memory is undefined. When tested on a modern PowerPC
-with a modern compiler, the optimization no longer has any effect.
-Due to all that, and per the recommendation of a security audit of
-the zlib code by Trail of Bits and TrustInSoft, in support of the
-Mozilla Foundation, this "optimization" was removed, in order to
-avoid the possibility of undefined behavior.
----
- crc32.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/zlib/crc32.c b/zlib/crc32.c
-index 979a7190..05733f4e 100644
---- a/zlib/crc32.c
-+++ b/zlib/crc32.c
-@@ -278,7 +278,7 @@ local unsigned long crc32_little(crc, buf, len)
- }
- 
- /* ========================================================================= */
--#define DOBIG4 c ^= *++buf4; \
-+#define DOBIG4 c ^= *buf4++; \
-         c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \
-             crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24]
- #define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4
-@@ -300,7 +300,6 @@ local unsigned long crc32_big(crc, buf, len)
-     }
- 
-     buf4 = (const z_crc_t FAR *)(const void FAR *)buf;
--    buf4--;
-     while (len >= 32) {
-         DOBIG32;
-         len -= 32;
-@@ -309,7 +308,6 @@ local unsigned long crc32_big(crc, buf, len)
-         DOBIG4;
-         len -= 4;
-     }
--    buf4++;
-     buf = (const unsigned char FAR *)buf4;
- 
-     if (len) do {

diff --git a/rsync-config.patch b/rsync-config.patch
index 6ce39586fec6934bc56872d1dc4473dd62cabfc4..f756a29a7aa148752e7765b9ded398693c2c8112 100644 (file)
--- a/rsync-config.patch
+++ b/rsync-config.patch
@@ -1,24 +1,3 @@
-diff -ur rsync-3.0.8.orig/rsync.1 rsync-3.0.8/rsync.1
---- rsync-3.0.8.orig/rsync.1   2011-03-26 22:37:52.000000000 +0100
-+++ rsync-3.0.8/rsync.1        2011-04-07 10:27:01.761502719 +0200
-@@ -2566,7 +2566,7 @@
- .IP "\fB\-\-config=FILE\fP"
- This specifies an alternate config file than
- the default.  This is only relevant when \fB\-\-daemon\fP is specified.
--The default is /etc/rsyncd.conf unless the daemon is running over
-+The default is /etc/rsyncd/rsyncd.conf unless the daemon is running over
- a remote shell program and the remote user is not the super\-user; in that case
- the default is rsyncd.conf in the current directory (typically $HOME).
- .IP 
-@@ -3474,7 +3474,7 @@
- .SH "FILES"
- 
- .PP 
--/etc/rsyncd.conf or rsyncd.conf
-+/etc/rsyncd/rsyncd.conf or rsyncd.conf
- .PP 
- .SH "SEE ALSO"
- 

 diff -ur rsync-3.0.8.orig/rsync.h rsync-3.0.8/rsync.h
 --- rsync-3.0.8.orig/rsync.h   2011-02-21 20:32:51.000000000 +0100
 +++ rsync-3.0.8/rsync.h        2011-04-07 10:21:07.794002236 +0200
 diff -ur rsync-3.0.8.orig/rsync.h rsync-3.0.8/rsync.h
 --- rsync-3.0.8.orig/rsync.h   2011-02-21 20:32:51.000000000 +0100
 +++ rsync-3.0.8/rsync.h        2011-04-07 10:21:07.794002236 +0200


@@ -31,121 +10,47 @@ diff -ur rsync-3.0.8.orig/rsync.h rsync-3.0.8/rsync.h
  #define URL_PREFIX "rsync://"
  
  #define SYMLINK_PREFIX "/rsyncd-munged/"  /* This MUST have a trailing slash! */
  #define URL_PREFIX "rsync://"
  
  #define SYMLINK_PREFIX "/rsyncd-munged/"  /* This MUST have a trailing slash! */

-diff -ur rsync-3.0.8.orig/rsync.yo rsync-3.0.8/rsync.yo
---- rsync-3.0.8.orig/rsync.yo  2011-03-26 22:34:18.000000000 +0100
-+++ rsync-3.0.8/rsync.yo       2011-04-07 10:21:07.798002324 +0200
-@@ -2220,7 +2220,7 @@
- If standard input is a socket then rsync will assume that it is being
- run via inetd, otherwise it will detach from the current terminal and
- become a background daemon.  The daemon will read the config file
--(rsyncd.conf) on each connect made by a client and respond to
-+(/etc/rsyncd/rsyncd.conf) on each connect made by a client and respond to
- requests accordingly.  See the bf(rsyncd.conf)(5) man page for more
- details.
- 
-@@ -2238,7 +2238,7 @@
- 
- dit(bf(--config=FILE)) This specifies an alternate config file than
- the default.  This is only relevant when bf(--daemon) is specified.
--The default is /etc/rsyncd.conf unless the daemon is running over
-+The default is /etc/rsyncd/rsyncd.conf unless the daemon is running over
- a remote shell program and the remote user is not the super-user; in that case
- the default is rsyncd.conf in the current directory (typically $HOME).
- 
-@@ -2972,7 +2972,7 @@
- 
- manpagefiles()
- 
--/etc/rsyncd.conf or rsyncd.conf
-+/etc/rsyncd/rsyncd.conf or rsyncd.conf
- 
- manpageseealso()
- 

 diff -ur rsync-3.0.8.orig/rsyncd.conf.5 rsync-3.0.8/rsyncd.conf.5
 --- rsync-3.0.8.orig/rsyncd.conf.5     2011-03-26 22:37:52.000000000 +0100
 +++ rsync-3.0.8/rsyncd.conf.5  2011-04-07 10:21:07.789502107 +0200
 diff -ur rsync-3.0.8.orig/rsyncd.conf.5 rsync-3.0.8/rsyncd.conf.5
 --- rsync-3.0.8.orig/rsyncd.conf.5     2011-03-26 22:37:52.000000000 +0100
 +++ rsync-3.0.8/rsyncd.conf.5  2011-04-07 10:21:07.789502107 +0200

-@@ -315,7 +315,7 @@
- support the \(dq\&max connections\(dq\& parameter. The rsync daemon uses record
- locking on this file to ensure that the max connections limit is not
- exceeded for the modules sharing the lock file.
--The default is \f(CW/var/run/rsyncd.lock\fP.
-+The default is \f(CW/var/lock/rsyncd.lock\fP.
- .IP 
- .IP "\fBread only\fP"
- This parameter determines whether clients
-@@ -460,7 +460,7 @@
+@@ -632,7 +632,7 @@ require that you specify a group passwor

  passwords.
  passwords.

- .IP 
- There is no default for the \(dq\&secrets file\(dq\& parameter, you must choose a name
--(such as \f(CW/etc/rsyncd.secrets\fP).  The file must normally not be readable
-+(such as \f(CW/etc/rsyncd/rsyncd.secrets\fP).  The file must normally not be readable
- by \(dq\&other\(dq\&; see \(dq\&strict modes\(dq\&.  If the file is not found or is rejected, no
- logins for a \(dq\&user auth\(dq\& module will be possible.
- .IP 
-@@ -785,12 +785,12 @@
+ .IP
+ There is no default for the "secrets file" parameter, you must choose a
+-name (such as \fB/etc/rsyncd.secrets\fP).  The file must normally not be
++name (such as \fB/etc/rsyncd/rsyncd.secrets\fP).  The file must normally not be
+ readable by "other"; see "strict modes".  If the file is not found or is
+ rejected, no logins for a "user auth" module will be possible.
+ .IP "\fBstrict\ modes\fP"
+@@ -1092,7 +1092,7 @@ that can be included into multiple modul
+ global values that will affect connections (such as \fBmotd\ file\fP), or globals
+ that will affect other include files.
+ .P
+-For example, this is a useful /etc/rsyncd.conf file:
++For example, this is a useful /etc/rsyncd/rsyncd.conf file:
+ .RS 4
+ .P
+ .nf
+@@ -1219,11 +1219,11 @@ pid file = /var/run/rsyncd.pid

          path = /data/cvs
          comment = CVS repository (requires authentication)
          auth users = tridge, susan
 -        secrets file = /etc/rsyncd.secrets
 +        secrets file = /etc/rsyncd/rsyncd.secrets
          path = /data/cvs
          comment = CVS repository (requires authentication)
          auth users = tridge, susan
 -        secrets file = /etc/rsyncd.secrets
 +        secrets file = /etc/rsyncd/rsyncd.secrets

- 
- .fi 
- 
- .PP 
+ .fi
+ .RE
+ .P

 -The /etc/rsyncd.secrets file would look something like this:
 +The /etc/rsyncd/rsyncd.secrets file would look something like this:
 -The /etc/rsyncd.secrets file would look something like this:
 +The /etc/rsyncd/rsyncd.secrets file would look something like this:

- .PP 
- .RS 
- \f(CWtridge:mypass\fP
-@@ -803,7 +803,7 @@
+ .RS 4
+ .P
+ .nf
+@@ -1234,7 +1234,7 @@ susan:herpass
+ .P

  .SH "FILES"
  .SH "FILES"

- 
- .PP 
+ .P

 -/etc/rsyncd.conf or rsyncd.conf
 +/etc/rsyncd/rsyncd.conf or rsyncd.conf
 -/etc/rsyncd.conf or rsyncd.conf
 +/etc/rsyncd/rsyncd.conf or rsyncd.conf

- .PP 
+ .P

  .SH "SEE ALSO"
  .SH "SEE ALSO"

- 
-diff -ur rsync-3.0.8.orig/rsyncd.conf.yo rsync-3.0.8/rsyncd.conf.yo
---- rsync-3.0.8.orig/rsyncd.conf.yo    2011-03-26 22:34:18.000000000 +0100
-+++ rsync-3.0.8/rsyncd.conf.yo 2011-04-07 10:21:07.792002183 +0200
-@@ -66,7 +66,7 @@
- reread its config file.
- 
- Note that you should bf(not) send the rsync daemon a HUP signal to force
--it to reread the tt(rsyncd.conf) file. The file is re-read on each client
-+it to reread the tt(/etc/rsyncd/rsyncd.conf) file. The file is re-read on each client
- connection.
- 
- manpagesection(GLOBAL PARAMETERS)
-@@ -125,7 +125,7 @@
- 
- dit(bf(path)) This parameter specifies the directory in the daemon's
- filesystem to make available in this module.  You must specify this parameter
--for each module in tt(rsyncd.conf).
-+for each module in tt(/etc/rsyncd/rsyncd.conf).
- 
- dit(bf(use chroot)) If "use chroot" is true, the rsync daemon will chroot
- to the "path" before starting the file transfer with the client.  This has
-@@ -409,7 +409,7 @@
- passwords.
- 
- There is no default for the "secrets file" parameter, you must choose a name
--(such as tt(/etc/rsyncd.secrets)).  The file must normally not be readable
-+(such as tt(/etc/rsyncd/rsyncd.secrets)).  The file must normally not be readable
- by "other"; see "strict modes".  If the file is not found or is rejected, no
- logins for a "user auth" module will be possible.
- 
-@@ -673,10 +673,10 @@
-         path = /data/cvs
-         comment = CVS repository (requires authentication)
-         auth users = tridge, susan
--        secrets file = /etc/rsyncd.secrets
-+        secrets file = /etc/rsyncd/rsyncd.secrets
- )
- 
--The /etc/rsyncd.secrets file would look something like this:
-+The /etc/rsyncd/rsyncd.secrets file would look something like this:
- 
- quote(
- tt(tridge:mypass)nl()
+ .P

diff --git a/rsync-fixes.patch b/rsync-fixes.patch
deleted file mode 100644 (file)
index 2903bb8..0000000
--- a/rsync-fixes.patch
+++ /dev/null
@@ -1,231 +0,0 @@
-commit 1eb7a7061af2f91149233937f3db066d303c7684
-Author: Wayne Davison <wayned@samba.org>
-Date:   Thu Jun 14 15:19:34 2018 -0700
-
-    Need to mark xattr rules in get_rule_prefix().
-    
-    This fixes the bug of xattr filters getting sent as a normal filter rule
-    (since the 'x' was dropped in the prefix).
-
-diff --git a/exclude.c b/exclude.c
-index 7989fb3e..a0090b29 100644
---- a/exclude.c
-+++ b/exclude.c
-@@ -1286,6 +1286,8 @@ char *get_rule_prefix(filter_rule *rule, const char *pat, int for_xfer,
-       }
-       if (rule->rflags & FILTRULE_EXCLUDE_SELF)
-               *op++ = 'e';
-+      if (rule->rflags & FILTRULE_XATTR)
-+              *op++ = 'x';
-       if (rule->rflags & FILTRULE_SENDER_SIDE
-           && (!for_xfer || protocol_version >= 29))
-               *op++ = 's';
-commit 4aeb093206d55c3d886cbcec062f7aa93d0b968e
-Author: Wayne Davison <wayned@samba.org>
-Date:   Tue Nov 20 12:45:36 2018 -0800
-
-    Fix itemizing of wrong dir name on some --iconv transfers.
-    
-    Fixes bug #13492.
-
-diff --git a/flist.c b/flist.c
-index 499440cc..60e843cc 100644
---- a/flist.c
-+++ b/flist.c
-@@ -1636,6 +1636,7 @@ static void add_dirs_to_tree(int parent_ndx, struct file_list *from_flist,
-       int32 *parent_dp = parent_ndx < 0 ? NULL
-                        : F_DIR_NODE_P(dir_flist->sorted[parent_ndx]);
- 
-+      /* The sending side is adding entries to dir_flist in sorted order, so sorted & files are the same. */
-       flist_expand(dir_flist, dir_cnt);
-       dir_flist->sorted = dir_flist->files;
- 
-@@ -1970,7 +1971,7 @@ void send_extra_file_list(int f, int at_least)
-               else
-                       dir_ndx = send_dir_ndx;
-               write_ndx(f, NDX_FLIST_OFFSET - dir_ndx);
--              flist->parent_ndx = dir_ndx;
-+              flist->parent_ndx = send_dir_ndx; /* the sending side must remember the sorted ndx value */
- 
-               send1extra(f, file, flist);
-               prev_flags = file->flags;
-commit a3668685354e7457ac3e29634083906ee5435bf2
-Author: Wayne Davison <wayned@samba.org>
-Date:   Sat Dec 15 16:52:53 2018 -0800
-
-    Avoid a potential out-of-bounds read in daemon mode if argc is 0.
-
-diff --git a/options.c b/options.c
-index 1c5b42d0..a07c8e13 100644
---- a/options.c
-+++ b/options.c
-@@ -1315,6 +1315,10 @@ int parse_arguments(int *argc_p, const char ***argv_p)
-       int opt;
-       int orig_protect_args = protect_args;
- 
-+      if (argc == 0) {
-+              strlcpy(err_buf, "argc is zero!\n", sizeof err_buf);
-+              return 0;
-+      }
-       if (ref && *ref)
-               set_refuse_options(ref);
-       if (am_daemon) {
-commit c2da3809f714d936dec1cab6d5bf8b724b9cd113
-Author: Wayne Davison <wayned@samba.org>
-Date:   Tue Jan 15 08:51:08 2019 -0800
-
-    Fix --prealloc to keep file-size 0 when possible.
-
-diff --git a/syscall.c b/syscall.c
-index dbd556b8..0d1221b3 100644
---- a/syscall.c
-+++ b/syscall.c
-@@ -462,7 +462,7 @@ int do_utime(const char *fname, time_t modtime, UNUSED(uint32 mod_nsec))
- 
- OFF_T do_fallocate(int fd, OFF_T offset, OFF_T length)
- {
--      int opts = inplace || preallocate_files ? 0 : DO_FALLOC_OPTIONS;
-+      int opts = inplace || preallocate_files ? DO_FALLOC_OPTIONS : 0;
-       int ret;
-       RETURN_ERROR_IF(dry_run, 0);
-       RETURN_ERROR_IF_RO_OR_LO;
-commit f233dffbd6bf65a08d0d6ce1050eb9c6ed7723cb
-Author: Wayne Davison <wayned@samba.org>
-Date:   Tue Jan 15 10:38:00 2019 -0800
-
-    Avoid leaving a file open on error return.
-
-diff --git a/util.c b/util.c
-index fbbfd8ba..235afa82 100644
---- a/util.c
-+++ b/util.c
-@@ -342,6 +342,7 @@ int copy_file(const char *source, const char *dest, int ofd, mode_t mode)
-               if (robust_unlink(dest) && errno != ENOENT) {
-                       int save_errno = errno;
-                       rsyserr(FERROR_XFER, errno, "unlink %s", full_fname(dest));
-+                      close(ifd);
-                       errno = save_errno;
-                       return -1;
-               }
-commit 79332c0d66d933369a28c63b096addb67514cb38
-Author: Wayne Davison <wayned@samba.org>
-Date:   Sat Mar 16 09:09:09 2019 -0700
-
-    Fix --remove-source-files sanity check w/--copy-links the right way.
-    Fixes bug #10494.
-
-diff --git a/sender.c b/sender.c
-index 03e4aadd..9b432ed9 100644
---- a/sender.c
-+++ b/sender.c
-@@ -32,6 +32,7 @@ extern int logfile_format_has_i;
- extern int want_xattr_optim;
- extern int csum_length;
- extern int append_mode;
-+extern int copy_links;
- extern int io_error;
- extern int flist_eof;
- extern int allowed_lull;
-@@ -138,17 +139,16 @@ void successful_send(int ndx)
-               return;
-       f_name(file, fname);
- 
--      if (do_lstat(fname, &st) < 0) {
-+      if ((copy_links ? do_stat(fname, &st) : do_lstat(fname, &st)) < 0) {
-               failed_op = "re-lstat";
-               goto failed;
-       }
- 
--      if (S_ISREG(file->mode) /* Symlinks & devices don't need this check: */
--       && (st.st_size != F_LENGTH(file) || st.st_mtime != file->modtime
-+      if (st.st_size != F_LENGTH(file) || st.st_mtime != file->modtime
- #ifdef ST_MTIME_NSEC
-        || (NSEC_BUMP(file) && (uint32)st.ST_MTIME_NSEC != F_MOD_NSEC(file))
- #endif
--      )) {
-+      ) {
-               rprintf(FERROR_XFER, "ERROR: Skipping sender remove for changed file: %s\n", fname);
-               return;
-       }
-commit d47d3792160210ce14700e38a223eaa0059f3551
-Author: Wayne Davison <wayned@samba.org>
-Date:   Sat Mar 16 11:12:53 2019 -0700
-
-    Fix bug in try_dests_reg that Florian Zumbiehl pointed out.
-    
-    If the alternate-destination code was scanning multiple alt dirs and it
-    found the right size/mtime/checksum info but not the right xattrs, it
-    would keep scanning the other dirs for a better xattr match, but it
-    would omit the unchanged-file check that needs to happen first.
-
-diff --git a/generator.c b/generator.c
-index 6021a220..5538a92d 100644
---- a/generator.c
-+++ b/generator.c
-@@ -876,27 +876,22 @@ static int try_dests_reg(struct file_struct *file, char *fname, int ndx,
-               pathjoin(cmpbuf, MAXPATHLEN, basis_dir[j], fname);
-               if (link_stat(cmpbuf, &sxp->st, 0) < 0 || !S_ISREG(sxp->st.st_mode))
-                       continue;
--              switch (match_level) {
--              case 0:
-+              if (match_level == 0) {
-                       best_match = j;
-                       match_level = 1;
--                      /* FALL THROUGH */
--              case 1:
--                      if (!unchanged_file(cmpbuf, file, &sxp->st))
--                              continue;
-+              }
-+              if (!unchanged_file(cmpbuf, file, &sxp->st))
-+                      continue;
-+              if (match_level == 1) {
-                       best_match = j;
-                       match_level = 2;
--                      /* FALL THROUGH */
--              case 2:
--                      if (!unchanged_attrs(cmpbuf, file, sxp)) {
--                              free_stat_x(sxp);
--                              continue;
--                      }
-+              }
-+              if (unchanged_attrs(cmpbuf, file, sxp)) {
-                       best_match = j;
-                       match_level = 3;
-                       break;
-               }
--              break;
-+              free_stat_x(sxp);
-       } while (basis_dir[++j] != NULL);
- 
-       if (!match_level)
-commit c0c6a97c35e8e4fb56ba26dc9c8447e26d94de06
-Author: Wayne Davison <wayned@samba.org>
-Date:   Sat Mar 16 11:49:53 2019 -0700
-
-    Try to fix the iconv crash in bug 11338.
-    
-    Applying Michal Ruprich's suggested patch for the rwrite() function that
-    should hopefully help with a bug that I couldn't reproduce.
-
-diff --git a/log.c b/log.c
-index 21bcdfd9..a86edd74 100644
---- a/log.c
-+++ b/log.c
-@@ -378,10 +378,13 @@ output_msg:
-                               filtered_fwrite(f, convbuf, outbuf.len, 0);
-                               outbuf.len = 0;
-                       }
--                      if (!ierrno || ierrno == E2BIG)
--                              continue;
--                      fprintf(f, "\\#%03o", CVAL(inbuf.buf, inbuf.pos++));
--                      inbuf.len--;
-+                      /* Log one byte of illegal/incomplete sequence and continue with
-+                       * the next character. Check that the buffer is non-empty for the
-+                       * sake of robustness. */
-+                      if ((ierrno == EILSEQ || ierrno == EINVAL) && inbuf.len) {
-+                              fprintf(f, "\\#%03o", CVAL(inbuf.buf, inbuf.pos++));
-+                              inbuf.len--;
-+                      }
-               }
-       } else
- #endif

diff --git a/rsync-noatime.patch b/rsync-noatime.patch
index 9ca27a89c6a1384d5a1f0202842f928ef18d8f15..85626ef62bc52b51eebfee7343976c83410b8163 100644 (file)
--- a/rsync-noatime.patch
+++ b/rsync-noatime.patch
@@ -92,3 +92,56 @@ index c46a8b4..6620563 100644
  
        return open(pathname, flags | O_BINARY, mode);
  }
  
        return open(pathname, flags | O_BINARY, mode);
  }

+Index: rsync/tls.c
+===================================================================
+--- rsync.orig/tls.c
++++ rsync/tls.c
+@@ -53,6 +53,7 @@ int preserve_perms = 0;
+ int preserve_executability = 0;
+ int preallocate_files = 0;
+ int inplace = 0;
++int noatime = 0;
+ 
+ #ifdef SUPPORT_XATTRS
+ 
+Index: rsync/t_unsafe.c
+===================================================================
+--- rsync.orig/t_unsafe.c
++++ rsync/t_unsafe.c
+@@ -33,6 +33,10 @@ int preserve_perms = 0;
+ int preserve_executability = 0;
+ short info_levels[COUNT_INFO], debug_levels[COUNT_DEBUG];
+ 
++/* This is to make syscall.o shut up. */
++int noatime = 0;
++
++
+ int
+ main(int argc, char **argv)
+ {
+Index: rsync/wildtest.c
+===================================================================
+--- rsync.orig/wildtest.c
++++ rsync/wildtest.c
+@@ -32,6 +32,9 @@ int fnmatch_errors = 0;
+ 
+ int wildmatch_errors = 0;
+ 
++/* This is to make syscall.o shut up. */
++int noatime = 0;
++
+ typedef char bool;
+ 
+ int output_iterations = 0;
+Index: rsync/trimslash.c
+===================================================================
+--- rsync.orig/trimslash.c
++++ rsync/trimslash.c
+@@ -30,6 +30,7 @@ int preserve_perms = 0;
+ int preserve_executability = 0;
+ int preallocate_files = 0;
+ int inplace = 0;
++int noatime = 0;
+ 
+ int
+ main(int argc, char **argv)

diff --git a/rsync.spec b/rsync.spec
index 0100981760295c8dc2ca0a34a3e0924ea0ea4004..8ee6ed8eb2be636540524404e858a8987e3bf432 100644 (file)
--- a/rsync.spec
+++ b/rsync.spec
@@ -4,7 +4,8 @@
 #
 # Conditional build:
 %bcond_with    rsh     # set remote shell command to rsh instead of ssh (old behaviour)
 #
 # Conditional build:
 %bcond_with    rsh     # set remote shell command to rsh instead of ssh (old behaviour)

-%bcond_without fadvise # apply fadvise patch
+%bcond_with    fadvise # apply fadvise patch
+%bcond_with    noatime # apply noatime patch

 %bcond_with    tests   # perform "make test"
 #
 %ifarch alpha
 %bcond_with    tests   # perform "make test"
 #
 %ifarch alpha


@@ -20,33 +21,29 @@ Summary(uk.UTF-8):  Програма для ефективного віддале
 Summary(zh_CN.UTF-8):  [通讯]传输工具
 Summary(zh_TW.UTF-8):  [喙啪]\e$(B6G?i火(c\e(B
 Name:          rsync
 Summary(zh_CN.UTF-8):  [通讯]传输工具
 Summary(zh_TW.UTF-8):  [喙啪]\e$(B6G?i火(c\e(B
 Name:          rsync

-Version:       3.1.3
-Release:       4
+Version:       3.2.3
+Release:       1

 Epoch:         1
 License:       GPL v3+
 Group:         Networking/Utilities
 Source0:       https://rsync.samba.org/ftp/rsync/%{name}-%{version}.tar.gz
 Epoch:         1
 License:       GPL v3+
 Group:         Networking/Utilities
 Source0:       https://rsync.samba.org/ftp/rsync/%{name}-%{version}.tar.gz

-# Source0-md5: 1581a588fde9d89f6bc6201e8129afaf
+# Source0-md5: 209f8326f5137d8817a6276d9577a2f1

 Source1:       https://rsync.samba.org/ftp/rsync/%{name}-patches-%{version}.tar.gz
 Source1:       https://rsync.samba.org/ftp/rsync/%{name}-patches-%{version}.tar.gz

-# Source1-md5: 753fc37ffc277571c69135e8bc5fae9d
+# Source1-md5: 884c872b55c7431f4c4e8d8bf182fafa

 Source2:       %{name}.inet
 Source3:       %{name}.init
 Source4:       %{name}.sysconfig
 Source5:       %{name}d.logrotate
 Source2:       %{name}.inet
 Source3:       %{name}.init
 Source4:       %{name}.sysconfig
 Source5:       %{name}d.logrotate

-Patch100:      %{name}-fixes.patch

 Patch0:                %{name}-config.patch
 Patch1:                %{name}-fadvise.patch
 Patch2:                %{name}-noatime.patch
 Patch0:                %{name}-config.patch
 Patch1:                %{name}-fadvise.patch
 Patch2:                %{name}-noatime.patch

-Patch3:                CVE-2016-9840.patch
-Patch4:                CVE-2016-9841.patch
-Patch5:                CVE-2016-9842.patch
-Patch6:                CVE-2016-9843.patch

 URL:           https://rsync.samba.org/
 BuildRequires: acl-devel
 BuildRequires: autoconf >= 2.59
 BuildRequires: automake
 BuildRequires: popt-devel
 BuildRequires: rpmbuild(macros) >= 1.318
 URL:           https://rsync.samba.org/
 BuildRequires: acl-devel
 BuildRequires: autoconf >= 2.59
 BuildRequires: automake
 BuildRequires: popt-devel
 BuildRequires: rpmbuild(macros) >= 1.318

+BuildRequires: xxHash-devel

 BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %define                _duplicate_files_terminate_build        0
 BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %define                _duplicate_files_terminate_build        0


@@ -166,18 +163,11 @@ techniczna nowego algorytmu została również dołączona do pakietu.
 
 %prep
 %setup -q -b1
 
 %prep
 %setup -q -b1

-%patch100 -p1

 %patch0 -p1
 %{?with_fadvise:%patch1 -p1}
 %patch0 -p1
 %{?with_fadvise:%patch1 -p1}

-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
+%{?with_noatime:%patch2 -p1}

 
 

-# for compat with previous patched version
-patch -p1 -i patches/acls.diff || exit 1
-patch -p1 -i patches/xattrs.diff || exit 1
+sed -i -e 's|#!/usr/bin/env bash|#!/bin/bash|' rsync-ssl

 
 %build
 cp -f /usr/share/automake/config.sub .
 
 %build
 cp -f /usr/share/automake/config.sub .


@@ -259,7 +249,7 @@ fi
 
 %files
 %defattr(644,root,root,755)
 
 %files
 %defattr(644,root,root,755)

-%doc README NEWS OLDNEWS TODO support
+%doc README.md NEWS.md TODO support

 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/CVSIGNORE
 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/RSYNC_PASSWORD
 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/RSYNC_PROXY
 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/CVSIGNORE
 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/RSYNC_PASSWORD
 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/RSYNC_PROXY