Accepting request 570556 from home:pmonrealgonzalez:branches:network

- Update to version 3.1.3 [bsc#1076503]:
  Protocol: 31 (unchanged)
- SECURITY FIXES:
  * Fixed a buffer overrun in the protocol's handling of xattr names and
    ensure that the received name is null terminated.
  * Fix an issue with --protect-args where the user could specify the arg
    in the protected-arg list and short-circuit some of the arg-sanitizing
    code.
- BUG FIXES:
  * Don't output about a new backup dir without appropriate info verbosity.
  * Fixed some issues with the sort functions in support/rsyncstats script.
  * Added a way to specify daemon config lists (e.g. users, groups, etc)
  * that contain spaces (see "auth users" in the latest rsyncd.conf manpage).
  * If a backup fails (e.g. full disk) rsync exits with an error.
  * Fixed a problem with a doubled --fuzzy option combined with --link-dest.
  * Avoid invalid output in the summary if either the start or end time had
    an error.
  * We don't allow a popt alias to affect the --daemon or --server options.
  * Fix daemon exclude code to disallow attribute changes in addition to
    disallowing transfers.
  * Don't force nanoseconds to match if a non-transferred, non-checksummed
    file only passed the quick-check w/o comparing nanosecods.
- ENHANCEMENTS:
  * Added the ability for rsync to compare nanosecond times in its
    file-check
    comparisons, and added support nanosecond times on Mac OS X.
  * Added a short-option (-@) for --modify-window.
  * Added the --checksum-choice=NAME[,NAME] option to choose the checksum
    algorithms.
  * Added hashing of xattr names (with using -X) to improve the handling of

OBS-URL: https://build.opensuse.org/request/show/570556
OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=67

rsync-3.1.2-CVE-2018-5764.patch

@@ -1,38 +0,0 @@
-From 7706303828fcde524222babb2833864a4bd09e07 Mon Sep 17 00:00:00 2001
-From: Jeriko One <jeriko.one@gmx.us>
-Date: Mon, 20 Nov 2017 14:42:30 -0800
-Subject: [PATCH 1/1] Ignore --protect-args when already sent by client
-
-In parse_arguments when --protect-args is encountered the function exits
-early. The caller is expected to check protect_args, and recall
-parse_arguments setting protect_args to 2. This patch prevents the
-client from resetting protect_args during the second pass of
-parse_arguments. This prevents parse_arguments returning early the
-second time before it's able to sanitize the arguments it received.
----
- options.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-Index: rsync-3.1.2/options.c
-===================================================================
---- rsync-3.1.2.orig/options.c
-+++ rsync-3.1.2/options.c
-@@ -1304,6 +1304,7 @@ int parse_arguments(int *argc_p, const c
- 	const char *arg, **argv = *argv_p;
- 	int argc = *argc_p;
- 	int opt;
-+	int orig_protect_args = protect_args;
- 
- 	if (ref && *ref)
- 		set_refuse_options(ref);
-@@ -1933,6 +1934,10 @@ int parse_arguments(int *argc_p, const c
- 	if (fuzzy_basis > 1)
- 		fuzzy_basis = basis_dir_cnt + 1;
- 
-+	/* Don't let the client reset protect_args if it was already processed */
-+	if (orig_protect_args == 2 && am_server)
-+	   protect_args = orig_protect_args;
-+
- 	if (protect_args == 1 && am_server)
- 		return 1;
- 

rsync-3.1.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ecfa62a7fa3c4c18b9eccd8c16eaddee4bd308a76ea50b5c02a5840f09c0a1c2
-size 892724

rsync-3.1.2.tar.gz.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlZ4YFQACgkQbIWfsUuWqMWrGgCfdPrmx+EiWPvI0JB/NWU+srHj
-Tl8AoPFWFY6WaZjqz95w8208rHO5KmKS
-=3xlH
------END PGP SIGNATURE-----

rsync-3.1.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:55cc554efec5fdaad70de921cd5a5eeb6c29a95524c715f3bbf849235b0800c0
+size 905908

rsync-3.1.3.tar.gz.asc

@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEABECAAYFAlpuY4cACgkQbIWfsUuWqMWfBACgscuEGZltcborW4ye308u05xg
+e/kAoKjkpotybbJNQjZUKsFqpDDKa9AR
+=9BRy
+-----END PGP SIGNATURE-----

rsync-CVE-2017-16548.patch

@@ -1,27 +0,0 @@
-From 47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 Mon Sep 17 00:00:00 2001
-From: Wayne Davison <wayned@samba.org>
-Date: Sun, 5 Nov 2017 11:33:15 -0800
-Subject: [PATCH 1/1] Enforce trailing \0 when receiving xattr name values.
- Fixes bug 13112.
-
----
- xattrs.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/xattrs.c b/xattrs.c
-index 68305d7..4867e6f 100644
---- a/xattrs.c
-+++ b/xattrs.c
-@@ -824,6 +824,10 @@ void receive_xattr(int f, struct file_struct *file)
- 			out_of_memory("receive_xattr");
- 		name = ptr + dget_len + extra_len;
- 		read_buf(f, name, name_len);
-+		if (name_len < 1 || name[name_len-1] != '\0') {
-+			rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n");
-+			exit_cleanup(RERR_FILEIO);
-+		}
- 		if (dget_len == datum_len)
- 			read_buf(f, ptr, dget_len);
- 		else {
--- 
-1.9.1

rsync-patches-3.1.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:edeebe9f2532ae291ce43fb86c9d7aaf80ba4edfdad25dce6d42dc33286b2326
-size 174333

rsync-patches-3.1.2.tar.gz.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlZ4YFQACgkQbIWfsUuWqMVZzQCgvpWP/NwCL5pg6w0pjefTcZVC
-5SQAn15F46MsD/aR6jYWQLCDQVCZJeXp
-=fxKd
------END PGP SIGNATURE-----

rsync-patches-3.1.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0dc2848f20ca75c07a30c3237ccf8d61b61082ae7de94758a27dac350c99fb98
+size 174524

rsync-patches-3.1.3.tar.gz.asc

@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEABECAAYFAlpuY4gACgkQbIWfsUuWqMWGSwCfXA4JjLY1S1lrFUV9EwzBLoFh
+YMYAn07BGWQj08NJfz8HMQirEfiqNj8W
+=QEC2
+-----END PGP SIGNATURE-----

rsync-send_error_to_sender.patch

@@ -1,18 +1,22 @@
 https://bugzilla.samba.org/show_bug.cgi?id=12522#c2
 
---- rsync.h.orig	2017-01-16 18:59:44.580812000 +0100
-+++ rsync.h	2017-01-16 18:59:51.814260000 +0100
-@@ -166,6 +166,7 @@
- #define ATTRS_REPORT		(1<<0)
+Index: rsync.h
+===================================================================
+--- rsync.h.orig
++++ rsync.h
+@@ -167,6 +167,7 @@
  #define ATTRS_SKIP_MTIME	(1<<1)
+ #define ATTRS_SET_NANO		(1<<2)
  
 +#define MSG_FLUSH	2
  #define FULL_FLUSH	1
  #define NORMAL_FLUSH	0
  
---- io.c.orig	2015-08-08 21:47:03.000000000 +0200
-+++ io.c	2017-01-16 19:01:07.000000000 +0100
-@@ -1985,10 +1985,11 @@
+Index: io.c
+===================================================================
+--- io.c.orig
++++ io.c
+@@ -1994,10 +1994,11 @@ static void sleep_for_bwlimit(int bytes_
  void io_flush(int flush_it_all)
  {
  	if (iobuf.out.len > iobuf.out_empty_len) {
@@ -26,9 +30,11 @@ https://bugzilla.samba.org/show_bug.cgi?id=12522#c2
  	}
  	if (iobuf.msg.len)
  		perform_io(iobuf.msg.size, PIO_NEED_MSGROOM);
---- cleanup.c.orig	2015-08-08 21:47:03.000000000 +0200
-+++ cleanup.c	2017-01-18 14:53:35.000000000 +0100
-@@ -26,6 +26,7 @@
+Index: cleanup.c
+===================================================================
+--- cleanup.c.orig
++++ cleanup.c
+@@ -26,6 +26,7 @@ extern int dry_run;
  extern int am_server;
  extern int am_daemon;
  extern int am_receiver;
@@ -36,7 +42,7 @@ https://bugzilla.samba.org/show_bug.cgi?id=12522#c2
  extern int io_error;
  extern int keep_partial;
  extern int got_xfer_error;
-@@ -243,15 +244,21 @@
+@@ -243,15 +244,21 @@ NORETURN void _exit_cleanup(int code, co
  		switch_step++;
  
  		if (exit_code && exit_code != RERR_SOCKETIO && exit_code != RERR_STREAMIO && exit_code != RERR_SIGNAL1
@@ -65,4 +71,3 @@ https://bugzilla.samba.org/show_bug.cgi?id=12522#c2
  		}
  
  		/* FALLTHROUGH */
-

rsync.changes

@@ -1,3 +1,59 @@
+-------------------------------------------------------------------
+Mon Jan 29 11:03:42 UTC 2018 - pmonrealgonzalez@suse.com
+
+- Update to version 3.1.3 [bsc#1076503]:
+  Protocol: 31 (unchanged)
+
+- SECURITY FIXES:
+  * Fixed a buffer overrun in the protocol's handling of xattr names and
+    ensure that the received name is null terminated.
+  * Fix an issue with --protect-args where the user could specify the arg
+    in the protected-arg list and short-circuit some of the arg-sanitizing
+    code.
+
+- BUG FIXES:
+  * Don't output about a new backup dir without appropriate info verbosity.
+  * Fixed some issues with the sort functions in support/rsyncstats script.
+  * Added a way to specify daemon config lists (e.g. users, groups, etc)
+  * that contain spaces (see "auth users" in the latest rsyncd.conf manpage).
+  * If a backup fails (e.g. full disk) rsync exits with an error.
+  * Fixed a problem with a doubled --fuzzy option combined with --link-dest.
+  * Avoid invalid output in the summary if either the start or end time had
+    an error.
+  * We don't allow a popt alias to affect the --daemon or --server options.
+  * Fix daemon exclude code to disallow attribute changes in addition to
+    disallowing transfers.
+  * Don't force nanoseconds to match if a non-transferred, non-checksummed
+    file only passed the quick-check w/o comparing nanosecods.
+
+- ENHANCEMENTS:
+  * Added the ability for rsync to compare nanosecond times in its
+    file-check
+    comparisons, and added support nanosecond times on Mac OS X.
+  * Added a short-option (-@) for --modify-window.
+  * Added the --checksum-choice=NAME[,NAME] option to choose the checksum
+    algorithms.
+  * Added hashing of xattr names (with using -X) to improve the handling of
+    files with large numbers of xattrs.
+  * Added a way to filter xattr names using include/exclude/filter rules
+    (see the --xattrs option in the manpage for details).
+  * Added "daemon chroot|uid|gid" to the daemon config (in addition to the
+    old chroot|uid|gid settings that affect the daemon's transfer process).
+  * Added "syslog tag" to the daemon configuration.
+  * Some manpage improvements.
+
+- DEVELOPER RELATED:
+  * Tweak the "make" output when yodl isn't around to create the man pages.
+  * Changed an obsolete autoconf compile macro.
+  * Support newer yodl versions when converting man pages.
+
+- Dropped patches fixed upstream:
+  * rsync-CVE-2017-16548.patch
+  * rsync-3.1.2-CVE-2018-5764.patch
+
+- Refreshed patches:
+  * rsync-send_error_to_sender.patch
+
 -------------------------------------------------------------------
 Thu Jan 18 12:13:48 UTC 2018 - pmonrealgonzalez@suse.com
 

rsync.spec

@@ -17,7 +17,7 @@
 
 
 Name:           rsync
-Version:        3.1.2
+Version:        3.1.3
 Release:        0
 Summary:        Versatile tool for fast incremental file transfer
 License:        GPL-3.0+
@@ -40,13 +40,9 @@ Patch0:         rsync-no-libattr.patch
 #PATCH-FIX-SUSE boo#922710 slp
 Patch1:         rsync-add_back_use_slp_directive.patch
 Patch2:         rsync-both-compressions.patch
-#PATCH-FIX-UPSTREAM CVE-2017-16548 bsc#1066644 Missing trailing '\0' check could lead to remote DoS
-Patch3:         rsync-CVE-2017-16548.patch
 #PATCH-FIX-UPSTREAM bcs#1062063 rsync doesn't stop on errors
 Patch4:         rsync-send_error_to_sender.patch
 Patch5:         rsync-avoid-uploading-after-error.patch
-#PATCH-FIX-UPSTREAM bcs#1076503 CVE-2018-5764 parse_arguments function does not prevent multiple --protect-arg
-Patch6:         rsync-3.1.2-CVE-2018-5764.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libacl-devel
@@ -80,10 +76,8 @@ patch -p1 < patches/slp.diff
 patch -p1 < patches/time-limit.diff
 %patch0 -p1
 %patch2 -p1
-%patch3 -p1
 %patch4
 %patch5
-%patch6 -p1
 
 %build
 autoreconf -fiv