From 9a0f13f9b24b5c7b67a06d8bf75b9a52ff4af91d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Tue, 22 Sep 2020 14:37:48 +0200 Subject: [PATCH] - up to 3.2.3; disabled fadvise/noatime patches (need updating); dropped acl/xattrs patches (upstream: Dump some patches that have outlived their usefulness.) --- CVE-2016-9840.patch | 71 -------------- CVE-2016-9841.patch | 224 ------------------------------------------ CVE-2016-9842.patch | 29 ------ CVE-2016-9843.patch | 49 ---------- rsync-config.patch | 153 ++++++----------------------- rsync-fixes.patch | 231 -------------------------------------------- rsync-noatime.patch | 53 ++++++++++ rsync.spec | 30 ++---- 8 files changed, 92 insertions(+), 748 deletions(-) delete mode 100644 CVE-2016-9840.patch delete mode 100644 CVE-2016-9841.patch delete mode 100644 CVE-2016-9842.patch delete mode 100644 CVE-2016-9843.patch delete mode 100644 rsync-fixes.patch diff --git a/CVE-2016-9840.patch b/CVE-2016-9840.patch deleted file mode 100644 index 83a14df..0000000 --- a/CVE-2016-9840.patch +++ /dev/null @@ -1,71 +0,0 @@ ->From 6a043145ca6e9c55184013841a67b2fef87e44c0 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Wed, 21 Sep 2016 23:35:50 -0700 -Subject: [PATCH] Remove offset pointer optimization in inftrees.c. - -inftrees.c was subtracting an offset from a pointer to an array, -in order to provide a pointer that allowed indexing starting at -the offset. This is not compliant with the C standard, for which -the behavior of a pointer decremented before its allocated memory -is undefined. Per the recommendation of a security audit of the -zlib code by Trail of Bits and TrustInSoft, in support of the -Mozilla Foundation, this tiny optimization was removed, in order -to avoid the possibility of undefined behavior. ---- - inftrees.c | 18 ++++++++---------- - 1 file changed, 8 insertions(+), 10 deletions(-) - -diff --git a/zlib/inftrees.c b/zlib/inftrees.c -index 22fcd666..0d2670d5 100644 ---- a/zlib/inftrees.c -+++ b/zlib/inftrees.c -@@ -54,7 +54,7 @@ unsigned short FAR *work; - code FAR *next; /* next available space in table */ - const unsigned short FAR *base; /* base value table to use */ - const unsigned short FAR *extra; /* extra bits table to use */ -- int end; /* use base and extra for symbol > end */ -+ unsigned match; /* use base and extra for symbol >= match */ - unsigned short count[MAXBITS+1]; /* number of codes of each length */ - unsigned short offs[MAXBITS+1]; /* offsets in table for each length */ - static const unsigned short lbase[31] = { /* Length codes 257..285 base */ -@@ -181,19 +181,17 @@ unsigned short FAR *work; - switch (type) { - case CODES: - base = extra = work; /* dummy value--not used */ -- end = 19; -+ match = 20; - break; - case LENS: - base = lbase; -- base -= 257; - extra = lext; -- extra -= 257; -- end = 256; -+ match = 257; - break; - default: /* DISTS */ - base = dbase; - extra = dext; -- end = -1; -+ match = 0; - } - - /* initialize state for loop */ -@@ -216,13 +214,13 @@ unsigned short FAR *work; - for (;;) { - /* create table entry */ - here.bits = (unsigned char)(len - drop); -- if ((int)(work[sym]) < end) { -+ if (work[sym] + 1 < match) { - here.op = (unsigned char)0; - here.val = work[sym]; - } -- else if ((int)(work[sym]) > end) { -- here.op = (unsigned char)(extra[work[sym]]); -- here.val = base[work[sym]]; -+ else if (work[sym] >= match) { -+ here.op = (unsigned char)(extra[work[sym] - match]); -+ here.val = base[work[sym] - match]; - } - else { - here.op = (unsigned char)(32 + 64); /* end of block */ diff --git a/CVE-2016-9841.patch b/CVE-2016-9841.patch deleted file mode 100644 index f8291b3..0000000 --- a/CVE-2016-9841.patch +++ /dev/null @@ -1,224 +0,0 @@ ->From 9aaec95e82117c1cb0f9624264c3618fc380cecb Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Wed, 21 Sep 2016 22:25:21 -0700 -Subject: [PATCH] Use post-increment only in inffast.c. - -An old inffast.c optimization turns out to not be optimal anymore -with modern compilers, and furthermore was not compliant with the -C standard, for which decrementing a pointer before its allocated -memory is undefined. Per the recommendation of a security audit of -the zlib code by Trail of Bits and TrustInSoft, in support of the -Mozilla Foundation, this "optimization" was removed, in order to -avoid the possibility of undefined behavior. ---- - inffast.c | 81 +++++++++++++++++++++---------------------------------- - 1 file changed, 31 insertions(+), 50 deletions(-) - -diff --git a/zlib/inffast.c b/zlib/inffast.c -index bda59ceb..f0d163db 100644 ---- a/zlib/inffast.c -+++ b/zlib/inffast.c -@@ -10,25 +10,6 @@ - - #ifndef ASMINF - --/* Allow machine dependent optimization for post-increment or pre-increment. -- Based on testing to date, -- Pre-increment preferred for: -- - PowerPC G3 (Adler) -- - MIPS R5000 (Randers-Pehrson) -- Post-increment preferred for: -- - none -- No measurable difference: -- - Pentium III (Anderson) -- - M68060 (Nikl) -- */ --#ifdef POSTINC --# define OFF 0 --# define PUP(a) *(a)++ --#else --# define OFF 1 --# define PUP(a) *++(a) --#endif -- - /* - Decode literal, length, and distance codes and write out the resulting - literal and match bytes until either not enough input or output is -@@ -96,9 +77,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - - /* copy state to local variables */ - state = (struct inflate_state FAR *)strm->state; -- in = strm->next_in - OFF; -+ in = strm->next_in; - last = in + (strm->avail_in - 5); -- out = strm->next_out - OFF; -+ out = strm->next_out; - beg = out - (start - strm->avail_out); - end = out + (strm->avail_out - 257); - #ifdef INFLATE_STRICT -@@ -119,9 +100,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - input data or output space */ - do { - if (bits < 15) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - } - here = lcode[hold & lmask]; -@@ -134,14 +115,14 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? - "inflate: literal '%c'\n" : - "inflate: literal 0x%02x\n", here.val)); -- PUP(out) = (unsigned char)(here.val); -+ *out++ = (unsigned char)(here.val); - } - else if (op & 16) { /* length base */ - len = (unsigned)(here.val); - op &= 15; /* number of extra bits */ - if (op) { - if (bits < op) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - } - len += (unsigned)hold & ((1U << op) - 1); -@@ -150,9 +131,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - } - Tracevv((stderr, "inflate: length %u\n", len)); - if (bits < 15) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - } - here = dcode[hold & dmask]; -@@ -165,10 +146,10 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - dist = (unsigned)(here.val); - op &= 15; /* number of extra bits */ - if (bits < op) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - if (bits < op) { -- hold += (unsigned long)(PUP(in)) << bits; -+ hold += (unsigned long)(*in++) << bits; - bits += 8; - } - } -@@ -196,30 +177,30 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - #ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR - if (len <= op - whave) { - do { -- PUP(out) = 0; -+ *out++ = 0; - } while (--len); - continue; - } - len -= op - whave; - do { -- PUP(out) = 0; -+ *out++ = 0; - } while (--op > whave); - if (op == 0) { - from = out - dist; - do { -- PUP(out) = PUP(from); -+ *out++ = *from++; - } while (--len); - continue; - } - #endif - } -- from = window - OFF; -+ from = window; - if (wnext == 0) { /* very common case */ - from += wsize - op; - if (op < len) { /* some from window */ - len -= op; - do { -- PUP(out) = PUP(from); -+ *out++ = *from++; - } while (--op); - from = out - dist; /* rest from output */ - } -@@ -230,14 +211,14 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - if (op < len) { /* some from end of window */ - len -= op; - do { -- PUP(out) = PUP(from); -+ *out++ = *from++; - } while (--op); -- from = window - OFF; -+ from = window; - if (wnext < len) { /* some from start of window */ - op = wnext; - len -= op; - do { -- PUP(out) = PUP(from); -+ *out++ = *from++; - } while (--op); - from = out - dist; /* rest from output */ - } -@@ -248,35 +229,35 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - if (op < len) { /* some from window */ - len -= op; - do { -- PUP(out) = PUP(from); -+ *out++ = *from++; - } while (--op); - from = out - dist; /* rest from output */ - } - } - while (len > 2) { -- PUP(out) = PUP(from); -- PUP(out) = PUP(from); -- PUP(out) = PUP(from); -+ *out++ = *from++; -+ *out++ = *from++; -+ *out++ = *from++; - len -= 3; - } - if (len) { -- PUP(out) = PUP(from); -+ *out++ = *from++; - if (len > 1) -- PUP(out) = PUP(from); -+ *out++ = *from++; - } - } - else { - from = out - dist; /* copy direct from output */ - do { /* minimum length is three */ -- PUP(out) = PUP(from); -- PUP(out) = PUP(from); -- PUP(out) = PUP(from); -+ *out++ = *from++; -+ *out++ = *from++; -+ *out++ = *from++; - len -= 3; - } while (len > 2); - if (len) { -- PUP(out) = PUP(from); -+ *out++ = *from++; - if (len > 1) -- PUP(out) = PUP(from); -+ *out++ = *from++; - } - } - } -@@ -313,8 +294,8 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - hold &= (1U << bits) - 1; - - /* update state and return */ -- strm->next_in = in + OFF; -- strm->next_out = out + OFF; -+ strm->next_in = in; -+ strm->next_out = out; - strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last)); - strm->avail_out = (unsigned)(out < end ? - 257 + (end - out) : 257 - (out - end)); diff --git a/CVE-2016-9842.patch b/CVE-2016-9842.patch deleted file mode 100644 index 0cf57e3..0000000 --- a/CVE-2016-9842.patch +++ /dev/null @@ -1,29 +0,0 @@ ->From e54e1299404101a5a9d0cf5e45512b543967f958 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Sat, 5 Sep 2015 17:45:55 -0700 -Subject: [PATCH] Avoid shifts of negative values inflateMark(). - -The C standard says that bit shifts of negative integers is -undefined. This casts to unsigned values to assure a known -result. ---- - inflate.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/zlib/inflate.c b/zlib/inflate.c -index 2889e3a0..a7184167 100644 ---- a/zlib/inflate.c -+++ b/zlib/inflate.c -@@ -1506,9 +1506,10 @@ z_streamp strm; - { - struct inflate_state FAR *state; - -- if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16; -+ if (strm == Z_NULL || strm->state == Z_NULL) -+ return (long)(((unsigned long)0 - 1) << 16); - state = (struct inflate_state FAR *)strm->state; -- return ((long)(state->back) << 16) + -+ return (long)(((unsigned long)((long)state->back)) << 16) + - (state->mode == COPY ? state->length : - (state->mode == MATCH ? state->was - state->length : 0)); - } diff --git a/CVE-2016-9843.patch b/CVE-2016-9843.patch deleted file mode 100644 index 9327b2c..0000000 --- a/CVE-2016-9843.patch +++ /dev/null @@ -1,49 +0,0 @@ ->From d1d577490c15a0c6862473d7576352a9f18ef811 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Wed, 28 Sep 2016 20:20:25 -0700 -Subject: [PATCH] Avoid pre-decrement of pointer in big-endian CRC calculation. - -There was a small optimization for PowerPCs to pre-increment a -pointer when accessing a word, instead of post-incrementing. This -required prefacing the loop with a decrement of the pointer, -possibly pointing before the object passed. This is not compliant -with the C standard, for which decrementing a pointer before its -allocated memory is undefined. When tested on a modern PowerPC -with a modern compiler, the optimization no longer has any effect. -Due to all that, and per the recommendation of a security audit of -the zlib code by Trail of Bits and TrustInSoft, in support of the -Mozilla Foundation, this "optimization" was removed, in order to -avoid the possibility of undefined behavior. ---- - crc32.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/zlib/crc32.c b/zlib/crc32.c -index 979a7190..05733f4e 100644 ---- a/zlib/crc32.c -+++ b/zlib/crc32.c -@@ -278,7 +278,7 @@ local unsigned long crc32_little(crc, buf, len) - } - - /* ========================================================================= */ --#define DOBIG4 c ^= *++buf4; \ -+#define DOBIG4 c ^= *buf4++; \ - c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \ - crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24] - #define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4 -@@ -300,7 +300,6 @@ local unsigned long crc32_big(crc, buf, len) - } - - buf4 = (const z_crc_t FAR *)(const void FAR *)buf; -- buf4--; - while (len >= 32) { - DOBIG32; - len -= 32; -@@ -309,7 +308,6 @@ local unsigned long crc32_big(crc, buf, len) - DOBIG4; - len -= 4; - } -- buf4++; - buf = (const unsigned char FAR *)buf4; - - if (len) do { diff --git a/rsync-config.patch b/rsync-config.patch index 6ce3958..f756a29 100644 --- a/rsync-config.patch +++ b/rsync-config.patch @@ -1,24 +1,3 @@ -diff -ur rsync-3.0.8.orig/rsync.1 rsync-3.0.8/rsync.1 ---- rsync-3.0.8.orig/rsync.1 2011-03-26 22:37:52.000000000 +0100 -+++ rsync-3.0.8/rsync.1 2011-04-07 10:27:01.761502719 +0200 -@@ -2566,7 +2566,7 @@ - .IP "\fB\-\-config=FILE\fP" - This specifies an alternate config file than - the default. This is only relevant when \fB\-\-daemon\fP is specified. --The default is /etc/rsyncd.conf unless the daemon is running over -+The default is /etc/rsyncd/rsyncd.conf unless the daemon is running over - a remote shell program and the remote user is not the super\-user; in that case - the default is rsyncd.conf in the current directory (typically $HOME). - .IP -@@ -3474,7 +3474,7 @@ - .SH "FILES" - - .PP --/etc/rsyncd.conf or rsyncd.conf -+/etc/rsyncd/rsyncd.conf or rsyncd.conf - .PP - .SH "SEE ALSO" - diff -ur rsync-3.0.8.orig/rsync.h rsync-3.0.8/rsync.h --- rsync-3.0.8.orig/rsync.h 2011-02-21 20:32:51.000000000 +0100 +++ rsync-3.0.8/rsync.h 2011-04-07 10:21:07.794002236 +0200 @@ -31,121 +10,47 @@ diff -ur rsync-3.0.8.orig/rsync.h rsync-3.0.8/rsync.h #define URL_PREFIX "rsync://" #define SYMLINK_PREFIX "/rsyncd-munged/" /* This MUST have a trailing slash! */ -diff -ur rsync-3.0.8.orig/rsync.yo rsync-3.0.8/rsync.yo ---- rsync-3.0.8.orig/rsync.yo 2011-03-26 22:34:18.000000000 +0100 -+++ rsync-3.0.8/rsync.yo 2011-04-07 10:21:07.798002324 +0200 -@@ -2220,7 +2220,7 @@ - If standard input is a socket then rsync will assume that it is being - run via inetd, otherwise it will detach from the current terminal and - become a background daemon. The daemon will read the config file --(rsyncd.conf) on each connect made by a client and respond to -+(/etc/rsyncd/rsyncd.conf) on each connect made by a client and respond to - requests accordingly. See the bf(rsyncd.conf)(5) man page for more - details. - -@@ -2238,7 +2238,7 @@ - - dit(bf(--config=FILE)) This specifies an alternate config file than - the default. This is only relevant when bf(--daemon) is specified. --The default is /etc/rsyncd.conf unless the daemon is running over -+The default is /etc/rsyncd/rsyncd.conf unless the daemon is running over - a remote shell program and the remote user is not the super-user; in that case - the default is rsyncd.conf in the current directory (typically $HOME). - -@@ -2972,7 +2972,7 @@ - - manpagefiles() - --/etc/rsyncd.conf or rsyncd.conf -+/etc/rsyncd/rsyncd.conf or rsyncd.conf - - manpageseealso() - diff -ur rsync-3.0.8.orig/rsyncd.conf.5 rsync-3.0.8/rsyncd.conf.5 --- rsync-3.0.8.orig/rsyncd.conf.5 2011-03-26 22:37:52.000000000 +0100 +++ rsync-3.0.8/rsyncd.conf.5 2011-04-07 10:21:07.789502107 +0200 -@@ -315,7 +315,7 @@ - support the \(dq\&max connections\(dq\& parameter. The rsync daemon uses record - locking on this file to ensure that the max connections limit is not - exceeded for the modules sharing the lock file. --The default is \f(CW/var/run/rsyncd.lock\fP. -+The default is \f(CW/var/lock/rsyncd.lock\fP. - .IP - .IP "\fBread only\fP" - This parameter determines whether clients -@@ -460,7 +460,7 @@ +@@ -632,7 +632,7 @@ require that you specify a group passwor passwords. - .IP - There is no default for the \(dq\&secrets file\(dq\& parameter, you must choose a name --(such as \f(CW/etc/rsyncd.secrets\fP). The file must normally not be readable -+(such as \f(CW/etc/rsyncd/rsyncd.secrets\fP). The file must normally not be readable - by \(dq\&other\(dq\&; see \(dq\&strict modes\(dq\&. If the file is not found or is rejected, no - logins for a \(dq\&user auth\(dq\& module will be possible. - .IP -@@ -785,12 +785,12 @@ + .IP + There is no default for the "secrets file" parameter, you must choose a +-name (such as \fB/etc/rsyncd.secrets\fP). The file must normally not be ++name (such as \fB/etc/rsyncd/rsyncd.secrets\fP). The file must normally not be + readable by "other"; see "strict modes". If the file is not found or is + rejected, no logins for a "user auth" module will be possible. + .IP "\fBstrict\ modes\fP" +@@ -1092,7 +1092,7 @@ that can be included into multiple modul + global values that will affect connections (such as \fBmotd\ file\fP), or globals + that will affect other include files. + .P +-For example, this is a useful /etc/rsyncd.conf file: ++For example, this is a useful /etc/rsyncd/rsyncd.conf file: + .RS 4 + .P + .nf +@@ -1219,11 +1219,11 @@ pid file = /var/run/rsyncd.pid path = /data/cvs comment = CVS repository (requires authentication) auth users = tridge, susan - secrets file = /etc/rsyncd.secrets + secrets file = /etc/rsyncd/rsyncd.secrets - - .fi - - .PP + .fi + .RE + .P -The /etc/rsyncd.secrets file would look something like this: +The /etc/rsyncd/rsyncd.secrets file would look something like this: - .PP - .RS - \f(CWtridge:mypass\fP -@@ -803,7 +803,7 @@ + .RS 4 + .P + .nf +@@ -1234,7 +1234,7 @@ susan:herpass + .P .SH "FILES" - - .PP + .P -/etc/rsyncd.conf or rsyncd.conf +/etc/rsyncd/rsyncd.conf or rsyncd.conf - .PP + .P .SH "SEE ALSO" - -diff -ur rsync-3.0.8.orig/rsyncd.conf.yo rsync-3.0.8/rsyncd.conf.yo ---- rsync-3.0.8.orig/rsyncd.conf.yo 2011-03-26 22:34:18.000000000 +0100 -+++ rsync-3.0.8/rsyncd.conf.yo 2011-04-07 10:21:07.792002183 +0200 -@@ -66,7 +66,7 @@ - reread its config file. - - Note that you should bf(not) send the rsync daemon a HUP signal to force --it to reread the tt(rsyncd.conf) file. The file is re-read on each client -+it to reread the tt(/etc/rsyncd/rsyncd.conf) file. The file is re-read on each client - connection. - - manpagesection(GLOBAL PARAMETERS) -@@ -125,7 +125,7 @@ - - dit(bf(path)) This parameter specifies the directory in the daemon's - filesystem to make available in this module. You must specify this parameter --for each module in tt(rsyncd.conf). -+for each module in tt(/etc/rsyncd/rsyncd.conf). - - dit(bf(use chroot)) If "use chroot" is true, the rsync daemon will chroot - to the "path" before starting the file transfer with the client. This has -@@ -409,7 +409,7 @@ - passwords. - - There is no default for the "secrets file" parameter, you must choose a name --(such as tt(/etc/rsyncd.secrets)). The file must normally not be readable -+(such as tt(/etc/rsyncd/rsyncd.secrets)). The file must normally not be readable - by "other"; see "strict modes". If the file is not found or is rejected, no - logins for a "user auth" module will be possible. - -@@ -673,10 +673,10 @@ - path = /data/cvs - comment = CVS repository (requires authentication) - auth users = tridge, susan -- secrets file = /etc/rsyncd.secrets -+ secrets file = /etc/rsyncd/rsyncd.secrets - ) - --The /etc/rsyncd.secrets file would look something like this: -+The /etc/rsyncd/rsyncd.secrets file would look something like this: - - quote( - tt(tridge:mypass)nl() + .P diff --git a/rsync-fixes.patch b/rsync-fixes.patch deleted file mode 100644 index 2903bb8..0000000 --- a/rsync-fixes.patch +++ /dev/null @@ -1,231 +0,0 @@ -commit 1eb7a7061af2f91149233937f3db066d303c7684 -Author: Wayne Davison -Date: Thu Jun 14 15:19:34 2018 -0700 - - Need to mark xattr rules in get_rule_prefix(). - - This fixes the bug of xattr filters getting sent as a normal filter rule - (since the 'x' was dropped in the prefix). - -diff --git a/exclude.c b/exclude.c -index 7989fb3e..a0090b29 100644 ---- a/exclude.c -+++ b/exclude.c -@@ -1286,6 +1286,8 @@ char *get_rule_prefix(filter_rule *rule, const char *pat, int for_xfer, - } - if (rule->rflags & FILTRULE_EXCLUDE_SELF) - *op++ = 'e'; -+ if (rule->rflags & FILTRULE_XATTR) -+ *op++ = 'x'; - if (rule->rflags & FILTRULE_SENDER_SIDE - && (!for_xfer || protocol_version >= 29)) - *op++ = 's'; -commit 4aeb093206d55c3d886cbcec062f7aa93d0b968e -Author: Wayne Davison -Date: Tue Nov 20 12:45:36 2018 -0800 - - Fix itemizing of wrong dir name on some --iconv transfers. - - Fixes bug #13492. - -diff --git a/flist.c b/flist.c -index 499440cc..60e843cc 100644 ---- a/flist.c -+++ b/flist.c -@@ -1636,6 +1636,7 @@ static void add_dirs_to_tree(int parent_ndx, struct file_list *from_flist, - int32 *parent_dp = parent_ndx < 0 ? NULL - : F_DIR_NODE_P(dir_flist->sorted[parent_ndx]); - -+ /* The sending side is adding entries to dir_flist in sorted order, so sorted & files are the same. */ - flist_expand(dir_flist, dir_cnt); - dir_flist->sorted = dir_flist->files; - -@@ -1970,7 +1971,7 @@ void send_extra_file_list(int f, int at_least) - else - dir_ndx = send_dir_ndx; - write_ndx(f, NDX_FLIST_OFFSET - dir_ndx); -- flist->parent_ndx = dir_ndx; -+ flist->parent_ndx = send_dir_ndx; /* the sending side must remember the sorted ndx value */ - - send1extra(f, file, flist); - prev_flags = file->flags; -commit a3668685354e7457ac3e29634083906ee5435bf2 -Author: Wayne Davison -Date: Sat Dec 15 16:52:53 2018 -0800 - - Avoid a potential out-of-bounds read in daemon mode if argc is 0. - -diff --git a/options.c b/options.c -index 1c5b42d0..a07c8e13 100644 ---- a/options.c -+++ b/options.c -@@ -1315,6 +1315,10 @@ int parse_arguments(int *argc_p, const char ***argv_p) - int opt; - int orig_protect_args = protect_args; - -+ if (argc == 0) { -+ strlcpy(err_buf, "argc is zero!\n", sizeof err_buf); -+ return 0; -+ } - if (ref && *ref) - set_refuse_options(ref); - if (am_daemon) { -commit c2da3809f714d936dec1cab6d5bf8b724b9cd113 -Author: Wayne Davison -Date: Tue Jan 15 08:51:08 2019 -0800 - - Fix --prealloc to keep file-size 0 when possible. - -diff --git a/syscall.c b/syscall.c -index dbd556b8..0d1221b3 100644 ---- a/syscall.c -+++ b/syscall.c -@@ -462,7 +462,7 @@ int do_utime(const char *fname, time_t modtime, UNUSED(uint32 mod_nsec)) - - OFF_T do_fallocate(int fd, OFF_T offset, OFF_T length) - { -- int opts = inplace || preallocate_files ? 0 : DO_FALLOC_OPTIONS; -+ int opts = inplace || preallocate_files ? DO_FALLOC_OPTIONS : 0; - int ret; - RETURN_ERROR_IF(dry_run, 0); - RETURN_ERROR_IF_RO_OR_LO; -commit f233dffbd6bf65a08d0d6ce1050eb9c6ed7723cb -Author: Wayne Davison -Date: Tue Jan 15 10:38:00 2019 -0800 - - Avoid leaving a file open on error return. - -diff --git a/util.c b/util.c -index fbbfd8ba..235afa82 100644 ---- a/util.c -+++ b/util.c -@@ -342,6 +342,7 @@ int copy_file(const char *source, const char *dest, int ofd, mode_t mode) - if (robust_unlink(dest) && errno != ENOENT) { - int save_errno = errno; - rsyserr(FERROR_XFER, errno, "unlink %s", full_fname(dest)); -+ close(ifd); - errno = save_errno; - return -1; - } -commit 79332c0d66d933369a28c63b096addb67514cb38 -Author: Wayne Davison -Date: Sat Mar 16 09:09:09 2019 -0700 - - Fix --remove-source-files sanity check w/--copy-links the right way. - Fixes bug #10494. - -diff --git a/sender.c b/sender.c -index 03e4aadd..9b432ed9 100644 ---- a/sender.c -+++ b/sender.c -@@ -32,6 +32,7 @@ extern int logfile_format_has_i; - extern int want_xattr_optim; - extern int csum_length; - extern int append_mode; -+extern int copy_links; - extern int io_error; - extern int flist_eof; - extern int allowed_lull; -@@ -138,17 +139,16 @@ void successful_send(int ndx) - return; - f_name(file, fname); - -- if (do_lstat(fname, &st) < 0) { -+ if ((copy_links ? do_stat(fname, &st) : do_lstat(fname, &st)) < 0) { - failed_op = "re-lstat"; - goto failed; - } - -- if (S_ISREG(file->mode) /* Symlinks & devices don't need this check: */ -- && (st.st_size != F_LENGTH(file) || st.st_mtime != file->modtime -+ if (st.st_size != F_LENGTH(file) || st.st_mtime != file->modtime - #ifdef ST_MTIME_NSEC - || (NSEC_BUMP(file) && (uint32)st.ST_MTIME_NSEC != F_MOD_NSEC(file)) - #endif -- )) { -+ ) { - rprintf(FERROR_XFER, "ERROR: Skipping sender remove for changed file: %s\n", fname); - return; - } -commit d47d3792160210ce14700e38a223eaa0059f3551 -Author: Wayne Davison -Date: Sat Mar 16 11:12:53 2019 -0700 - - Fix bug in try_dests_reg that Florian Zumbiehl pointed out. - - If the alternate-destination code was scanning multiple alt dirs and it - found the right size/mtime/checksum info but not the right xattrs, it - would keep scanning the other dirs for a better xattr match, but it - would omit the unchanged-file check that needs to happen first. - -diff --git a/generator.c b/generator.c -index 6021a220..5538a92d 100644 ---- a/generator.c -+++ b/generator.c -@@ -876,27 +876,22 @@ static int try_dests_reg(struct file_struct *file, char *fname, int ndx, - pathjoin(cmpbuf, MAXPATHLEN, basis_dir[j], fname); - if (link_stat(cmpbuf, &sxp->st, 0) < 0 || !S_ISREG(sxp->st.st_mode)) - continue; -- switch (match_level) { -- case 0: -+ if (match_level == 0) { - best_match = j; - match_level = 1; -- /* FALL THROUGH */ -- case 1: -- if (!unchanged_file(cmpbuf, file, &sxp->st)) -- continue; -+ } -+ if (!unchanged_file(cmpbuf, file, &sxp->st)) -+ continue; -+ if (match_level == 1) { - best_match = j; - match_level = 2; -- /* FALL THROUGH */ -- case 2: -- if (!unchanged_attrs(cmpbuf, file, sxp)) { -- free_stat_x(sxp); -- continue; -- } -+ } -+ if (unchanged_attrs(cmpbuf, file, sxp)) { - best_match = j; - match_level = 3; - break; - } -- break; -+ free_stat_x(sxp); - } while (basis_dir[++j] != NULL); - - if (!match_level) -commit c0c6a97c35e8e4fb56ba26dc9c8447e26d94de06 -Author: Wayne Davison -Date: Sat Mar 16 11:49:53 2019 -0700 - - Try to fix the iconv crash in bug 11338. - - Applying Michal Ruprich's suggested patch for the rwrite() function that - should hopefully help with a bug that I couldn't reproduce. - -diff --git a/log.c b/log.c -index 21bcdfd9..a86edd74 100644 ---- a/log.c -+++ b/log.c -@@ -378,10 +378,13 @@ output_msg: - filtered_fwrite(f, convbuf, outbuf.len, 0); - outbuf.len = 0; - } -- if (!ierrno || ierrno == E2BIG) -- continue; -- fprintf(f, "\\#%03o", CVAL(inbuf.buf, inbuf.pos++)); -- inbuf.len--; -+ /* Log one byte of illegal/incomplete sequence and continue with -+ * the next character. Check that the buffer is non-empty for the -+ * sake of robustness. */ -+ if ((ierrno == EILSEQ || ierrno == EINVAL) && inbuf.len) { -+ fprintf(f, "\\#%03o", CVAL(inbuf.buf, inbuf.pos++)); -+ inbuf.len--; -+ } - } - } else - #endif diff --git a/rsync-noatime.patch b/rsync-noatime.patch index 9ca27a8..85626ef 100644 --- a/rsync-noatime.patch +++ b/rsync-noatime.patch @@ -92,3 +92,56 @@ index c46a8b4..6620563 100644 return open(pathname, flags | O_BINARY, mode); } +Index: rsync/tls.c +=================================================================== +--- rsync.orig/tls.c ++++ rsync/tls.c +@@ -53,6 +53,7 @@ int preserve_perms = 0; + int preserve_executability = 0; + int preallocate_files = 0; + int inplace = 0; ++int noatime = 0; + + #ifdef SUPPORT_XATTRS + +Index: rsync/t_unsafe.c +=================================================================== +--- rsync.orig/t_unsafe.c ++++ rsync/t_unsafe.c +@@ -33,6 +33,10 @@ int preserve_perms = 0; + int preserve_executability = 0; + short info_levels[COUNT_INFO], debug_levels[COUNT_DEBUG]; + ++/* This is to make syscall.o shut up. */ ++int noatime = 0; ++ ++ + int + main(int argc, char **argv) + { +Index: rsync/wildtest.c +=================================================================== +--- rsync.orig/wildtest.c ++++ rsync/wildtest.c +@@ -32,6 +32,9 @@ int fnmatch_errors = 0; + + int wildmatch_errors = 0; + ++/* This is to make syscall.o shut up. */ ++int noatime = 0; ++ + typedef char bool; + + int output_iterations = 0; +Index: rsync/trimslash.c +=================================================================== +--- rsync.orig/trimslash.c ++++ rsync/trimslash.c +@@ -30,6 +30,7 @@ int preserve_perms = 0; + int preserve_executability = 0; + int preallocate_files = 0; + int inplace = 0; ++int noatime = 0; + + int + main(int argc, char **argv) diff --git a/rsync.spec b/rsync.spec index 0100981..8ee6ed8 100644 --- a/rsync.spec +++ b/rsync.spec @@ -4,7 +4,8 @@ # # Conditional build: %bcond_with rsh # set remote shell command to rsh instead of ssh (old behaviour) -%bcond_without fadvise # apply fadvise patch +%bcond_with fadvise # apply fadvise patch +%bcond_with noatime # apply noatime patch %bcond_with tests # perform "make test" # %ifarch alpha @@ -20,33 +21,29 @@ Summary(uk.UTF-8): Програма для ефективного віддале Summary(zh_CN.UTF-8): [通讯]传输工具 Summary(zh_TW.UTF-8): [喙啪]$(B6G?i火(c(B Name: rsync -Version: 3.1.3 -Release: 4 +Version: 3.2.3 +Release: 1 Epoch: 1 License: GPL v3+ Group: Networking/Utilities Source0: https://rsync.samba.org/ftp/rsync/%{name}-%{version}.tar.gz -# Source0-md5: 1581a588fde9d89f6bc6201e8129afaf +# Source0-md5: 209f8326f5137d8817a6276d9577a2f1 Source1: https://rsync.samba.org/ftp/rsync/%{name}-patches-%{version}.tar.gz -# Source1-md5: 753fc37ffc277571c69135e8bc5fae9d +# Source1-md5: 884c872b55c7431f4c4e8d8bf182fafa Source2: %{name}.inet Source3: %{name}.init Source4: %{name}.sysconfig Source5: %{name}d.logrotate -Patch100: %{name}-fixes.patch Patch0: %{name}-config.patch Patch1: %{name}-fadvise.patch Patch2: %{name}-noatime.patch -Patch3: CVE-2016-9840.patch -Patch4: CVE-2016-9841.patch -Patch5: CVE-2016-9842.patch -Patch6: CVE-2016-9843.patch URL: https://rsync.samba.org/ BuildRequires: acl-devel BuildRequires: autoconf >= 2.59 BuildRequires: automake BuildRequires: popt-devel BuildRequires: rpmbuild(macros) >= 1.318 +BuildRequires: xxHash-devel BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) %define _duplicate_files_terminate_build 0 @@ -166,18 +163,11 @@ techniczna nowego algorytmu została również dołączona do pakietu. %prep %setup -q -b1 -%patch100 -p1 %patch0 -p1 %{?with_fadvise:%patch1 -p1} -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 +%{?with_noatime:%patch2 -p1} -# for compat with previous patched version -patch -p1 -i patches/acls.diff || exit 1 -patch -p1 -i patches/xattrs.diff || exit 1 +sed -i -e 's|#!/usr/bin/env bash|#!/bin/bash|' rsync-ssl %build cp -f /usr/share/automake/config.sub . @@ -259,7 +249,7 @@ fi %files %defattr(644,root,root,755) -%doc README NEWS OLDNEWS TODO support +%doc README.md NEWS.md TODO support %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/CVSIGNORE %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/RSYNC_PASSWORD %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/RSYNC_PROXY -- 2.43.0