Accepting request 1168828 from home:david.anes:branches:network

- Update to 3.3.0 
  * BUG FIXES:
    - Fixed a bug with --sparse --inplace where a trailing gap in 
      the source file would not clear out the trailing data in the 
      destination file.
    - Fixed an buffer overflow in the checksum2 code if SHA1 is 
      being used for the checksum2 algorithm.
    - Fixed an issue when rsync is compiled using _FORTIFY_SOURCE so
      that the extra tests don't complain about a strlcpy() limit 
      value (which was too large, even though it wasn't possible for
      the larger value to cause an overflow). 
      (fix bsc#1214616, bsc#1214249)
    - Add a backtick to the list of characters that the filename 
      quoting needs to escape using backslashes.
    - Fixed a string-comparison issue in the internal handling of 
      --progress (a locale such as tr_TR.utf-8 needed the internal
      triggering of --info options to use upper-case flag names to
      ensure that they match).
    - Make sure that a local transfer marks the sender side as
      trusted.
    - Change the argv handling to work with a newer popt library 
      -⁠-⁠ one that likes to free more data than it used to.
    - Rsync now calls OpenSSL_add_all_algorithms() when compiled 
      against an older openssl library.
    - Fixed a problem in the daemon auth for older protocols 
      (29 and before) if the openssl library is being used to 
      compute MD4 checksums.
    - Fixed rsync -VV on Cygwin -⁠-⁠ it needed a flush of stdout.
    - Fixed an old stats bug that counted devices as symlinks.
  * ENHANCEMENTS:

OBS-URL: https://build.opensuse.org/request/show/1168828
OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=119

rsync-3.2.7.tar.gz.asc

@@ -1,6 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCY1HvAwAKCRBshZ+xS5ao
-xZFiAKC3MJgYOMf5VfpfAbld/+ydZRznMQCgkF/yaDJvKMNOslSRNuMZ/eXZ84g=
-=Q+uI
------END PGP SIGNATURE-----

rsync-3.3.0.tar.gz.asc

@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCZhF6vQAKCRBshZ+xS5ao
+xZ6kAKDZkE3C9w/cu8o3/Ic5KNycbcTw8gCdH/pdNo6kSGF3qLelFI6uK5Q4jdA=
+=vJGJ
+-----END PGP SIGNATURE-----

rsync-fortified-strlcpy-fix.patch

@@ -1,48 +0,0 @@
-From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001
-From: Jiri Slaby <jslaby@suse.cz>
-Date: Fri, 18 Aug 2023 08:26:20 +0200
-Subject: [PATCH] exclude: fix crashes with fortified strlcpy()
-
-Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when
-its third parameter (size) is larger than the buffer:
-  $ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx
-  sending incremental file list
-  *** buffer overflow detected ***: terminated
-
-It's in the exclude code in setup_merge_file():
-  strlcpy(y, save, MAXPATHLEN);
-
-Note the 'y' pointer was incremented, so it no longer points to memory
-with MAXPATHLEN "owned" bytes.
-
-Fix it by remembering the number of copied bytes into the 'save' buffer
-and use that instead of MAXPATHLEN which is clearly incorrect.
-
-Fixes #511.
----
- exclude.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/exclude.c b/exclude.c
-index ffe55b167..1a5de3b9e 100644
---- a/exclude.c
-+++ b/exclude.c
-@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
- 	parent_dirscan = True;
- 	while (*y) {
- 		char save[MAXPATHLEN];
--		strlcpy(save, y, MAXPATHLEN);
-+		/* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */
-+		size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1;
- 		*y = '\0';
- 		dirbuf_len = y - dirbuf;
- 		strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf));
-@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
- 			lp->head = NULL;
- 		}
- 		lp->tail = NULL;
--		strlcpy(y, save, MAXPATHLEN);
-+		strlcpy(y, save, copylen);
- 		while ((*x++ = *y++) != '/') {}
- 	}
- 	parent_dirscan = False;

rsync-patches-3.3.0.tar.gz.asc

@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCZhF6vQAKCRBshZ+xS5ao
+xcOpAJ0e/0uM2Ds98F7lwsTWiYdsJJ4EGwCfU4SaBIySxtKPdHh0Qy6Y1dt8uTc=
+=dZu7
+-----END PGP SIGNATURE-----

rsync.changes

@@ -1,3 +1,59 @@
+-------------------------------------------------------------------
+Thu Apr 18 08:22:02 UTC 2024 - David Anes <david.anes@suse.com>
+
+- Update to 3.3.0 
+  * BUG FIXES:
+    - Fixed a bug with --sparse --inplace where a trailing gap in 
+      the source file would not clear out the trailing data in the 
+      destination file.
+    - Fixed an buffer overflow in the checksum2 code if SHA1 is 
+      being used for the checksum2 algorithm.
+    - Fixed an issue when rsync is compiled using _FORTIFY_SOURCE so
+      that the extra tests don't complain about a strlcpy() limit 
+      value (which was too large, even though it wasn't possible for
+      the larger value to cause an overflow). 
+      (fix bsc#1214616, bsc#1214249)
+    - Add a backtick to the list of characters that the filename 
+      quoting needs to escape using backslashes.
+    - Fixed a string-comparison issue in the internal handling of 
+      --progress (a locale such as tr_TR.utf-8 needed the internal
+      triggering of --info options to use upper-case flag names to
+      ensure that they match).
+    - Make sure that a local transfer marks the sender side as
+      trusted.
+    - Change the argv handling to work with a newer popt library 
+      -⁠-⁠ one that likes to free more data than it used to.
+    - Rsync now calls OpenSSL_add_all_algorithms() when compiled 
+      against an older openssl library.
+    - Fixed a problem in the daemon auth for older protocols 
+      (29 and before) if the openssl library is being used to 
+      compute MD4 checksums.
+    - Fixed rsync -VV on Cygwin -⁠-⁠ it needed a flush of stdout.
+    - Fixed an old stats bug that counted devices as symlinks.
+
+  * ENHANCEMENTS:
+    - Enhanced rrsync with the -no-overwrite option that allows you
+      to ensure that existing files on your restricted but writable
+      directory can't be modified.
+    - Enhanced the manpages to mark links with .UR & .UE. If your
+      nroff doesn't support these idioms, touch the file 
+      .md2man-force in the source directory so that md-convert gets
+      called with the --force-link-text option, and that should
+      ensure that your manpages are still readable even with the
+      ignored markup.
+    - Some manpage improvements on the handling of [global] modules.
+    - Changed the mapfrom & mapto perl scripts (in the support dir)
+      into a single python script named idmap. Converted a couple
+      more perl scripts into python.
+    - Changed the mnt-excl perl script (in the support dir) into a
+      python script.
+
+  * DEVELOPER RELATED:
+    - Updated config.guess (timestamp 2023-01-01) and config.sub
+      (timestamp 2023-01-21).
+
+- Drop rsync-fortified-strlcpy-fix.patch (included upstream).
+
 -------------------------------------------------------------------
 Tue Mar 12 08:13:24 UTC 2024 - Bernhard Wiedemann <bwiedemann@suse.com>
 

rsync.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package rsync
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -35,7 +35,7 @@
 %endif
 
 Name:           rsync
-Version:        3.2.7
+Version:        3.3.0
 Release:        0
 Summary:        Versatile tool for fast incremental file transfer
 License:        GPL-3.0-or-later
@@ -55,7 +55,6 @@ Source11:       https://rsync.samba.org/ftp/rsync/src/rsync-patches-%{version}.t
 Source12:       %{name}.keyring
 Source13:       rsyncd
 Patch0:         rsync-no-libattr.patch
-Patch1:         rsync-fortified-strlcpy-fix.patch
 Patch2:         rsync-usr-etc.patch
 BuildRequires:  autoconf
 BuildRequires:  automake