From daf57cb5d4b325983287a1f2006b29f9fca383f4ae38f37ce8393c7b568973dc Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Tue, 5 Sep 2023 12:08:12 +0000 Subject: [PATCH 1/4] - add fortified-strlcpy-fix.patch (bsc#1214616) OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=106 --- fortified-strlcpy-fix.patch | 48 +++++++++++++++++++++++++++++++++++++ rsync.changes | 5 ++++ rsync.spec | 1 + 3 files changed, 54 insertions(+) create mode 100644 fortified-strlcpy-fix.patch diff --git a/fortified-strlcpy-fix.patch b/fortified-strlcpy-fix.patch new file mode 100644 index 0000000..d01d078 --- /dev/null +++ b/fortified-strlcpy-fix.patch @@ -0,0 +1,48 @@ +From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001 +From: Jiri Slaby +Date: Fri, 18 Aug 2023 08:26:20 +0200 +Subject: [PATCH] exclude: fix crashes with fortified strlcpy() + +Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when +its third parameter (size) is larger than the buffer: + $ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx + sending incremental file list + *** buffer overflow detected ***: terminated + +It's in the exclude code in setup_merge_file(): + strlcpy(y, save, MAXPATHLEN); + +Note the 'y' pointer was incremented, so it no longer points to memory +with MAXPATHLEN "owned" bytes. + +Fix it by remembering the number of copied bytes into the 'save' buffer +and use that instead of MAXPATHLEN which is clearly incorrect. + +Fixes #511. +--- + exclude.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/exclude.c b/exclude.c +index ffe55b167..1a5de3b9e 100644 +--- a/exclude.c ++++ b/exclude.c +@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex, + parent_dirscan = True; + while (*y) { + char save[MAXPATHLEN]; +- strlcpy(save, y, MAXPATHLEN); ++ /* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */ ++ size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1; + *y = '\0'; + dirbuf_len = y - dirbuf; + strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf)); +@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex, + lp->head = NULL; + } + lp->tail = NULL; +- strlcpy(y, save, MAXPATHLEN); ++ strlcpy(y, save, copylen); + while ((*x++ = *y++) != '/') {} + } + parent_dirscan = False; diff --git a/rsync.changes b/rsync.changes index e6a2c80..3328a61 100644 --- a/rsync.changes +++ b/rsync.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Sep 5 12:07:57 UTC 2023 - Dirk Müller + +- add fortified-strlcpy-fix.patch (bsc#1214616) + ------------------------------------------------------------------- Wed Jul 26 15:07:23 UTC 2023 - Antonio Teixeira diff --git a/rsync.spec b/rsync.spec index ba09867..2c59965 100644 --- a/rsync.spec +++ b/rsync.spec @@ -49,6 +49,7 @@ Source11: https://rsync.samba.org/ftp/rsync/src/rsync-patches-%{version}.t Source12: %{name}.keyring Source13: rsyncd Patch0: rsync-no-libattr.patch +Patch1: fortified-strlcpy-fix.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: c++_compiler From 9c24d26be793737e344f09ac0dabbbfbfbd8cb04d4ed68de680058e03c7512e8 Mon Sep 17 00:00:00 2001 From: David Anes Date: Tue, 5 Sep 2023 12:52:25 +0000 Subject: [PATCH 2/4] Accepting request 1109022 from home:favogt:branches:network - Disable openslp support on new distros OBS-URL: https://build.opensuse.org/request/show/1109022 OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=107 --- rsync.changes | 5 +++++ rsync.spec | 10 +++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/rsync.changes b/rsync.changes index 3328a61..39ff475 100644 --- a/rsync.changes +++ b/rsync.changes @@ -3,6 +3,11 @@ Tue Sep 5 12:07:57 UTC 2023 - Dirk Müller - add fortified-strlcpy-fix.patch (bsc#1214616) +------------------------------------------------------------------- +Tue Sep 5 11:11:04 UTC 2023 - Fabian Vogt + +- Disable openslp support on new distros + ------------------------------------------------------------------- Wed Jul 26 15:07:23 UTC 2023 - Antonio Teixeira diff --git a/rsync.spec b/rsync.spec index 2c59965..cd28911 100644 --- a/rsync.spec +++ b/rsync.spec @@ -28,6 +28,12 @@ %bcond_with gcc11 %endif +%if 0%{?suse_version} < 1600 +%bcond_without openslp +%else +%bcond_with openslp +%endif + Name: rsync Version: 3.2.7 Release: 0 @@ -56,7 +62,6 @@ BuildRequires: c++_compiler BuildRequires: libacl-devel BuildRequires: liblz4-devel BuildRequires: libzstd-devel -BuildRequires: openslp-devel BuildRequires: pkgconfig BuildRequires: popt-devel BuildRequires: systemd-rpm-macros @@ -67,6 +72,9 @@ BuildRequires: pkgconfig(libxxhash) >= 0.8.0 %if %{with gcc11} BuildRequires: gcc11-c++ %endif +%if %{with openslp} +BuildRequires: openslp-devel +%endif BuildRequires: pkgconfig(openssl) Requires(post): grep Requires(post): sed From a21828dc08630ea86a86c3769290f501a76a7720f73b0a68ca5cc620e217a361 Mon Sep 17 00:00:00 2001 From: David Anes Date: Tue, 5 Sep 2023 12:59:17 +0000 Subject: [PATCH 3/4] Accepting request 1109040 from home:david.anes:branches:network Add missing bug number in changelog OBS-URL: https://build.opensuse.org/request/show/1109040 OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=108 --- rsync.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rsync.changes b/rsync.changes index 39ff475..23de69c 100644 --- a/rsync.changes +++ b/rsync.changes @@ -6,7 +6,7 @@ Tue Sep 5 12:07:57 UTC 2023 - Dirk Müller ------------------------------------------------------------------- Tue Sep 5 11:11:04 UTC 2023 - Fabian Vogt -- Disable openslp support on new distros +- Disable openslp support on new distros (bsc#1214884) ------------------------------------------------------------------- Wed Jul 26 15:07:23 UTC 2023 - Antonio Teixeira From 2bc1e2ae43805e05be97365fe1231128c9497b243dd152647e1eae2d76e96514 Mon Sep 17 00:00:00 2001 From: David Anes Date: Wed, 6 Sep 2023 09:58:37 +0000 Subject: [PATCH 4/4] Accepting request 1109229 from home:kukuk:branches:network - Use "slp" for bcond, not "openslp", like we use for all other packages, too. - Disable slp patch and configure option if bcond slp is disabled. OBS-URL: https://build.opensuse.org/request/show/1109229 OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=109 --- rsync.changes | 7 +++++++ rsync.spec | 10 +++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/rsync.changes b/rsync.changes index 23de69c..d965750 100644 --- a/rsync.changes +++ b/rsync.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Sep 6 09:19:36 UTC 2023 - Thorsten Kukuk + +- Use "slp" for bcond, not "openslp", like we use for all other + packages, too. +- Disable slp patch and configure option if bcond slp is disabled. + ------------------------------------------------------------------- Tue Sep 5 12:07:57 UTC 2023 - Dirk Müller diff --git a/rsync.spec b/rsync.spec index cd28911..6df139c 100644 --- a/rsync.spec +++ b/rsync.spec @@ -29,9 +29,9 @@ %endif %if 0%{?suse_version} < 1600 -%bcond_without openslp +%bcond_without slp %else -%bcond_with openslp +%bcond_with slp %endif Name: rsync @@ -72,7 +72,7 @@ BuildRequires: pkgconfig(libxxhash) >= 0.8.0 %if %{with gcc11} BuildRequires: gcc11-c++ %endif -%if %{with openslp} +%if %{with slp} BuildRequires: openslp-devel %endif BuildRequires: pkgconfig(openssl) @@ -94,7 +94,9 @@ for backups and mirroring and as an improved copy command for everyday use. %setup -q -b 1 rm -f zlib/*.h zlib/*.c +%if %{with slp} patch -p1 < patches/slp.diff +%endif %autopatch -p1 @@ -117,7 +119,9 @@ export LDFLAGS="-Wl,-z,relro,-z,now -fPIE -pie" %ifarch x86_64 --enable-simd \ %endif +%if %{with slp} --enable-slp \ +%endif --enable-acl-support \ --enable-xattr-support %make_build reconfigure