diff --git a/rsync-3.2.7.tar.gz b/rsync-3.2.7.tar.gz deleted file mode 100644 index bf5bef1..0000000 --- a/rsync-3.2.7.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb -size 1149787 diff --git a/rsync-3.2.7.tar.gz.asc b/rsync-3.2.7.tar.gz.asc deleted file mode 100644 index 68ab590..0000000 --- a/rsync-3.2.7.tar.gz.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCY1HvAwAKCRBshZ+xS5ao -xZFiAKC3MJgYOMf5VfpfAbld/+ydZRznMQCgkF/yaDJvKMNOslSRNuMZ/eXZ84g= -=Q+uI ------END PGP SIGNATURE----- diff --git a/rsync-3.3.0.tar.gz b/rsync-3.3.0.tar.gz new file mode 100644 index 0000000..342d518 --- /dev/null +++ b/rsync-3.3.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7399e9a6708c32d678a72a63219e96f23be0be2336e50fd1348498d07041df90 +size 1153969 diff --git a/rsync-3.3.0.tar.gz.asc b/rsync-3.3.0.tar.gz.asc new file mode 100644 index 0000000..ca8740f --- /dev/null +++ b/rsync-3.3.0.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCZhF6vQAKCRBshZ+xS5ao +xZ6kAKDZkE3C9w/cu8o3/Ic5KNycbcTw8gCdH/pdNo6kSGF3qLelFI6uK5Q4jdA= +=vJGJ +-----END PGP SIGNATURE----- diff --git a/rsync-fortified-strlcpy-fix.patch b/rsync-fortified-strlcpy-fix.patch deleted file mode 100644 index d01d078..0000000 --- a/rsync-fortified-strlcpy-fix.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001 -From: Jiri Slaby -Date: Fri, 18 Aug 2023 08:26:20 +0200 -Subject: [PATCH] exclude: fix crashes with fortified strlcpy() - -Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when -its third parameter (size) is larger than the buffer: - $ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx - sending incremental file list - *** buffer overflow detected ***: terminated - -It's in the exclude code in setup_merge_file(): - strlcpy(y, save, MAXPATHLEN); - -Note the 'y' pointer was incremented, so it no longer points to memory -with MAXPATHLEN "owned" bytes. - -Fix it by remembering the number of copied bytes into the 'save' buffer -and use that instead of MAXPATHLEN which is clearly incorrect. - -Fixes #511. ---- - exclude.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/exclude.c b/exclude.c -index ffe55b167..1a5de3b9e 100644 ---- a/exclude.c -+++ b/exclude.c -@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex, - parent_dirscan = True; - while (*y) { - char save[MAXPATHLEN]; -- strlcpy(save, y, MAXPATHLEN); -+ /* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */ -+ size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1; - *y = '\0'; - dirbuf_len = y - dirbuf; - strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf)); -@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex, - lp->head = NULL; - } - lp->tail = NULL; -- strlcpy(y, save, MAXPATHLEN); -+ strlcpy(y, save, copylen); - while ((*x++ = *y++) != '/') {} - } - parent_dirscan = False; diff --git a/rsync-patches-3.3.0.tar.gz b/rsync-patches-3.3.0.tar.gz new file mode 100644 index 0000000..7ca95fb --- /dev/null +++ b/rsync-patches-3.3.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3dd51cd88d25133681106f68622ebedbf191ab25a21ea336ba409136591864b0 +size 98487 diff --git a/rsync-patches-3.3.0.tar.gz.asc b/rsync-patches-3.3.0.tar.gz.asc new file mode 100644 index 0000000..d97f549 --- /dev/null +++ b/rsync-patches-3.3.0.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCZhF6vQAKCRBshZ+xS5ao +xcOpAJ0e/0uM2Ds98F7lwsTWiYdsJJ4EGwCfU4SaBIySxtKPdHh0Qy6Y1dt8uTc= +=dZu7 +-----END PGP SIGNATURE----- diff --git a/rsync.changes b/rsync.changes index 0de02d6..603ff6b 100644 --- a/rsync.changes +++ b/rsync.changes @@ -1,3 +1,59 @@ +------------------------------------------------------------------- +Thu Apr 18 08:22:02 UTC 2024 - David Anes + +- Update to 3.3.0 + * BUG FIXES: + - Fixed a bug with --sparse --inplace where a trailing gap in + the source file would not clear out the trailing data in the + destination file. + - Fixed an buffer overflow in the checksum2 code if SHA1 is + being used for the checksum2 algorithm. + - Fixed an issue when rsync is compiled using _FORTIFY_SOURCE so + that the extra tests don't complain about a strlcpy() limit + value (which was too large, even though it wasn't possible for + the larger value to cause an overflow). + (fix bsc#1214616, bsc#1214249) + - Add a backtick to the list of characters that the filename + quoting needs to escape using backslashes. + - Fixed a string-comparison issue in the internal handling of + --progress (a locale such as tr_TR.utf-8 needed the internal + triggering of --info options to use upper-case flag names to + ensure that they match). + - Make sure that a local transfer marks the sender side as + trusted. + - Change the argv handling to work with a newer popt library + -⁠-⁠ one that likes to free more data than it used to. + - Rsync now calls OpenSSL_add_all_algorithms() when compiled + against an older openssl library. + - Fixed a problem in the daemon auth for older protocols + (29 and before) if the openssl library is being used to + compute MD4 checksums. + - Fixed rsync -VV on Cygwin -⁠-⁠ it needed a flush of stdout. + - Fixed an old stats bug that counted devices as symlinks. + + * ENHANCEMENTS: + - Enhanced rrsync with the -no-overwrite option that allows you + to ensure that existing files on your restricted but writable + directory can't be modified. + - Enhanced the manpages to mark links with .UR & .UE. If your + nroff doesn't support these idioms, touch the file + .md2man-force in the source directory so that md-convert gets + called with the --force-link-text option, and that should + ensure that your manpages are still readable even with the + ignored markup. + - Some manpage improvements on the handling of [global] modules. + - Changed the mapfrom & mapto perl scripts (in the support dir) + into a single python script named idmap. Converted a couple + more perl scripts into python. + - Changed the mnt-excl perl script (in the support dir) into a + python script. + + * DEVELOPER RELATED: + - Updated config.guess (timestamp 2023-01-01) and config.sub + (timestamp 2023-01-21). + +- Drop rsync-fortified-strlcpy-fix.patch (included upstream). + ------------------------------------------------------------------- Tue Mar 12 08:13:24 UTC 2024 - Bernhard Wiedemann diff --git a/rsync.spec b/rsync.spec index 618e855..5c5f7d4 100644 --- a/rsync.spec +++ b/rsync.spec @@ -1,7 +1,7 @@ # # spec file for package rsync # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -35,7 +35,7 @@ %endif Name: rsync -Version: 3.2.7 +Version: 3.3.0 Release: 0 Summary: Versatile tool for fast incremental file transfer License: GPL-3.0-or-later @@ -55,7 +55,6 @@ Source11: https://rsync.samba.org/ftp/rsync/src/rsync-patches-%{version}.t Source12: %{name}.keyring Source13: rsyncd Patch0: rsync-no-libattr.patch -Patch1: rsync-fortified-strlcpy-fix.patch Patch2: rsync-usr-etc.patch BuildRequires: autoconf BuildRequires: automake