From fefc4c8eaf89253bbc604adf6446ea5c7d7ab8888401ef5c709be32b5042e5b9 Mon Sep 17 00:00:00 2001 From: Angel Yankov Date: Wed, 15 Jan 2025 13:43:40 +0000 Subject: [PATCH] - Update to 3.4 * Bump to protocol 32 Drop CVE patches: * Removed rsync-CVE-2024-12084-overflow-01.patch * Removed rsync-CVE-2024-12084-overflow-02.patch * Removed rsync-CVE-2024-12085.patch * Removed rsync-CVE-2024-12086_01.patch * Removed rsync-CVE-2024-12086_02.patch * Removed rsync-CVE-2024-12086_03.patch * Removed rsync-CVE-2024-12086_04.patch * Removed rsync-CVE-2024-12087_01.patch * Removed rsync-CVE-2024-12087_02.patch * Removed rsync-CVE-2024-12088.patch * Removed rsync-CVE-2024-12747.patch OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=130 --- rsync-3.3.0.tar.gz | 3 - rsync-3.3.0.tar.gz.asc | 6 - rsync-3.4.0.tar.gz | 3 + rsync-3.4.0.tar.gz.asc | 17 ++ rsync-CVE-2024-12084-overflow-01.patch | 152 ----------------- rsync-CVE-2024-12084-overflow-02.patch | 40 ----- rsync-CVE-2024-12085.patch | 28 ---- rsync-CVE-2024-12086_01.patch | 38 ----- rsync-CVE-2024-12086_02.patch | 104 ------------ rsync-CVE-2024-12086_03.patch | 104 ------------ rsync-CVE-2024-12086_04.patch | 38 ----- rsync-CVE-2024-12087_01.patch | 46 ------ rsync-CVE-2024-12087_02.patch | 28 ---- rsync-CVE-2024-12088.patch | 137 ---------------- rsync-CVE-2024-12747.patch | 163 ------------------- rsync-gcc14.patch | 13 -- rsync-patches-3.3.0.tar.gz | 3 - rsync-patches-3.3.0.tar.gz.asc | 6 - rsync-patches-3.4.0.tar.gz | 3 + rsync-patches-3.4.0.tar.gz.asc | 18 ++ rsync-usr-etc.patch | 29 ++-- rsync.changes | 18 ++ rsync.keyring | 156 ++++++++++++++---- rsync.spec | 20 +-- rsyncd-return-from-list-command-with-0.patch | 13 +- 25 files changed, 208 insertions(+), 978 deletions(-) delete mode 100644 rsync-3.3.0.tar.gz delete mode 100644 rsync-3.3.0.tar.gz.asc create mode 100644 rsync-3.4.0.tar.gz create mode 100644 rsync-3.4.0.tar.gz.asc delete mode 100644 rsync-CVE-2024-12084-overflow-01.patch delete mode 100644 rsync-CVE-2024-12084-overflow-02.patch delete mode 100644 rsync-CVE-2024-12085.patch delete mode 100644 rsync-CVE-2024-12086_01.patch delete mode 100644 rsync-CVE-2024-12086_02.patch delete mode 100644 rsync-CVE-2024-12086_03.patch delete mode 100644 rsync-CVE-2024-12086_04.patch delete mode 100644 rsync-CVE-2024-12087_01.patch delete mode 100644 rsync-CVE-2024-12087_02.patch delete mode 100644 rsync-CVE-2024-12088.patch delete mode 100644 rsync-CVE-2024-12747.patch delete mode 100644 rsync-gcc14.patch delete mode 100644 rsync-patches-3.3.0.tar.gz delete mode 100644 rsync-patches-3.3.0.tar.gz.asc create mode 100644 rsync-patches-3.4.0.tar.gz create mode 100644 rsync-patches-3.4.0.tar.gz.asc diff --git a/rsync-3.3.0.tar.gz b/rsync-3.3.0.tar.gz deleted file mode 100644 index 342d518..0000000 --- a/rsync-3.3.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7399e9a6708c32d678a72a63219e96f23be0be2336e50fd1348498d07041df90 -size 1153969 diff --git a/rsync-3.3.0.tar.gz.asc b/rsync-3.3.0.tar.gz.asc deleted file mode 100644 index ca8740f..0000000 --- a/rsync-3.3.0.tar.gz.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCZhF6vQAKCRBshZ+xS5ao -xZ6kAKDZkE3C9w/cu8o3/Ic5KNycbcTw8gCdH/pdNo6kSGF3qLelFI6uK5Q4jdA= -=vJGJ ------END PGP SIGNATURE----- diff --git a/rsync-3.4.0.tar.gz b/rsync-3.4.0.tar.gz new file mode 100644 index 0000000..d68c7bb --- /dev/null +++ b/rsync-3.4.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8e942f95a44226a012fe822faffa6c7fc38c34047add3a0c941e9bc8b8b93aa4 +size 1167983 diff --git a/rsync-3.4.0.tar.gz.asc b/rsync-3.4.0.tar.gz.asc new file mode 100644 index 0000000..1dc4b48 --- /dev/null +++ b/rsync-3.4.0.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJIBAABCgAyFiEEn+8RLc4ZoNx+iCy4G7JJl6hTX28FAmeGuIAUHGFuZHJld0B0 +cmlkZ2VsbC5uZXQACgkQG7JJl6hTX29nyRAAn8QQ88FiH7auK/Jsw876mHGrvwv6 +U4ny4S7GXaWjmk3gsl8U7U1agst18az39nsKmf4ILo29JuLtMRb3qMrOPCemOJF5 +qKTNQNn0H2qKkyAJQHivtKDxI++ZW0O7dtoEcoMVbuR8S/f1z0xH4cOcP52XnLSa +4/ycwDTS2MC1o5OIoVdgSSyB7/WYwU/b/0DR9ZUpRlPa4M3Six5cOJeu22+XQx9O +MXQ6xHMCzyN52jNs449TrXzFU1cGtliA4ug/FkgXD5Tkdn+Ktrb2oeWk37bDvYx6 +waL5SBGrSiMmDAHHnmRCW+0xWxBe8fR5RgQRiyMmIVIewZmH6PczsB3z8Q6bTwLU +7fhBVd4jX3kxsv7t+VkeVTsw6bAKIw/vDNKnhwpOTLGLkLvVmt+r6OBRXl5CuhT8 +sU3+Jj4cZ7XSPgcAA3P/nVX9Lbrj5iff1/bebIHXcNNh30gMP89PFaVoAr0O/XOm +94pqiLAFPwnzhc8QJN8VRc+ERB6Mjp6aTozLGoDIfLGEs5PUOyY5RC4x6mjUKzla +zu7lCNEJ2U4+nQr33qKBrvPCmz/Ku4bwsqtPbUUVPUsSBmLJdZCcLD7yHbTSYTbG +NRQXZ19pzhGJWYoNZsiobveLK/C3Qgx8ZH3DFw4vqNHVV/sk05zrIT3WC+twagJl +aLNsQ67nthgXqmk= +=6bD5 +-----END PGP SIGNATURE----- diff --git a/rsync-CVE-2024-12084-overflow-01.patch b/rsync-CVE-2024-12084-overflow-01.patch deleted file mode 100644 index 7902c0c..0000000 --- a/rsync-CVE-2024-12084-overflow-01.patch +++ /dev/null @@ -1,152 +0,0 @@ -From 0902b52f6687b1f7952422080d50b93108742e53 Mon Sep 17 00:00:00 2001 -From: Wayne Davison -Date: Tue, 29 Oct 2024 22:55:29 -0700 -Subject: [PATCH 1/2] Some checksum buffer fixes. - -- Put sum2_array into sum_struct to hold an array of sum2 checksums - that are each xfer_sum_len bytes. -- Remove sum2 buf from sum_buf. -- Add macro sum2_at() to access each sum2 array element. -- Throw an error if a sums header has an s2length larger than - xfer_sum_len. ---- - io.c | 3 ++- - match.c | 8 ++++---- - rsync.c | 5 ++++- - rsync.h | 4 +++- - sender.c | 4 +++- - 5 files changed, 16 insertions(+), 8 deletions(-) - -diff --git a/io.c b/io.c -index a99ac0ec..bb60eeca 100644 ---- a/io.c -+++ b/io.c -@@ -55,6 +55,7 @@ extern int read_batch; - extern int compat_flags; - extern int protect_args; - extern int checksum_seed; -+extern int xfer_sum_len; - extern int daemon_connection; - extern int protocol_version; - extern int remove_source_files; -@@ -1977,7 +1978,7 @@ void read_sum_head(int f, struct sum_struct *sum) - exit_cleanup(RERR_PROTOCOL); - } - sum->s2length = protocol_version < 27 ? csum_length : (int)read_int(f); -- if (sum->s2length < 0 || sum->s2length > MAX_DIGEST_LEN) { -+ if (sum->s2length < 0 || sum->s2length > xfer_sum_len) { - rprintf(FERROR, "Invalid checksum length %d [%s]\n", - sum->s2length, who_am_i()); - exit_cleanup(RERR_PROTOCOL); -diff --git a/match.c b/match.c -index cdb30a15..36e78ed2 100644 ---- a/match.c -+++ b/match.c -@@ -232,7 +232,7 @@ static void hash_search(int f,struct sum_struct *s, - done_csum2 = 1; - } - -- if (memcmp(sum2,s->sums[i].sum2,s->s2length) != 0) { -+ if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) { - false_alarms++; - continue; - } -@@ -252,7 +252,7 @@ static void hash_search(int f,struct sum_struct *s, - if (i != aligned_i) { - if (sum != s->sums[aligned_i].sum1 - || l != s->sums[aligned_i].len -- || memcmp(sum2, s->sums[aligned_i].sum2, s->s2length) != 0) -+ || memcmp(sum2, sum2_at(s, aligned_i), s->s2length) != 0) - goto check_want_i; - i = aligned_i; - } -@@ -271,7 +271,7 @@ static void hash_search(int f,struct sum_struct *s, - if (sum != s->sums[i].sum1) - goto check_want_i; - get_checksum2((char *)map, l, sum2); -- if (memcmp(sum2, s->sums[i].sum2, s->s2length) != 0) -+ if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) - goto check_want_i; - /* OK, we have a re-alignment match. Bump the offset - * forward to the new match point. */ -@@ -290,7 +290,7 @@ static void hash_search(int f,struct sum_struct *s, - && (!updating_basis_file || s->sums[want_i].offset >= offset - || s->sums[want_i].flags & SUMFLG_SAME_OFFSET) - && sum == s->sums[want_i].sum1 -- && memcmp(sum2, s->sums[want_i].sum2, s->s2length) == 0) { -+ && memcmp(sum2, sum2_at(s, want_i), s->s2length) == 0) { - /* we've found an adjacent match - the RLL coder - * will be happy */ - i = want_i; -diff --git a/rsync.c b/rsync.c -index cd288f57..b130aba5 100644 ---- a/rsync.c -+++ b/rsync.c -@@ -437,7 +437,10 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, cha - */ - void free_sums(struct sum_struct *s) - { -- if (s->sums) free(s->sums); -+ if (s->sums) { -+ free(s->sums); -+ free(s->sum2_array); -+ } - free(s); - } - -diff --git a/rsync.h b/rsync.h -index d3709fe0..8ddbe702 100644 ---- a/rsync.h -+++ b/rsync.h -@@ -958,12 +958,12 @@ struct sum_buf { - uint32 sum1; /**< simple checksum */ - int32 chain; /**< next hash-table collision */ - short flags; /**< flag bits */ -- char sum2[SUM_LENGTH]; /**< checksum */ - }; - - struct sum_struct { - OFF_T flength; /**< total file length */ - struct sum_buf *sums; /**< points to info for each chunk */ -+ char *sum2_array; /**< checksums of length xfer_sum_len */ - int32 count; /**< how many chunks */ - int32 blength; /**< block_length */ - int32 remainder; /**< flength % block_length */ -@@ -982,6 +982,8 @@ struct map_struct { - int status; /* first errno from read errors */ - }; - -+#define sum2_at(s, i) ((s)->sum2_array + ((OFF_T)(i) * xfer_sum_len)) -+ - #define NAME_IS_FILE (0) /* filter name as a file */ - #define NAME_IS_DIR (1<<0) /* filter name as a dir */ - #define NAME_IS_XATTR (1<<2) /* filter name as an xattr */ -diff --git a/sender.c b/sender.c -index 3d4f052e..ab205341 100644 ---- a/sender.c -+++ b/sender.c -@@ -31,6 +31,7 @@ extern int log_before_transfer; - extern int stdout_format_has_i; - extern int logfile_format_has_i; - extern int want_xattr_optim; -+extern int xfer_sum_len; - extern int csum_length; - extern int append_mode; - extern int copy_links; -@@ -94,10 +95,11 @@ static struct sum_struct *receive_sums(int f) - return(s); - - s->sums = new_array(struct sum_buf, s->count); -+ s->sum2_array = new_array(char, s->count * xfer_sum_len); - - for (i = 0; i < s->count; i++) { - s->sums[i].sum1 = read_int(f); -- read_buf(f, s->sums[i].sum2, s->s2length); -+ read_buf(f, sum2_at(s, i), s->s2length); - - s->sums[i].offset = offset; - s->sums[i].flags = 0; --- -2.34.1 - - diff --git a/rsync-CVE-2024-12084-overflow-02.patch b/rsync-CVE-2024-12084-overflow-02.patch deleted file mode 100644 index 79b53c5..0000000 --- a/rsync-CVE-2024-12084-overflow-02.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 42e2b56c4ede3ab164f9a5c6dae02aa84606a6c1 Mon Sep 17 00:00:00 2001 -From: Wayne Davison -Date: Tue, 5 Nov 2024 11:01:03 -0800 -Subject: [PATCH 2/2] Another cast when multiplying integers. - ---- - rsync.h | 2 +- - sender.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/rsync.h b/rsync.h -index 8ddbe702..0f9e277f 100644 ---- a/rsync.h -+++ b/rsync.h -@@ -982,7 +982,7 @@ struct map_struct { - int status; /* first errno from read errors */ - }; - --#define sum2_at(s, i) ((s)->sum2_array + ((OFF_T)(i) * xfer_sum_len)) -+#define sum2_at(s, i) ((s)->sum2_array + ((size_t)(i) * xfer_sum_len)) - - #define NAME_IS_FILE (0) /* filter name as a file */ - #define NAME_IS_DIR (1<<0) /* filter name as a dir */ -diff --git a/sender.c b/sender.c -index ab205341..2bbff2fa 100644 ---- a/sender.c -+++ b/sender.c -@@ -95,7 +95,7 @@ static struct sum_struct *receive_sums(int f) - return(s); - - s->sums = new_array(struct sum_buf, s->count); -- s->sum2_array = new_array(char, s->count * xfer_sum_len); -+ s->sum2_array = new_array(char, (size_t)s->count * xfer_sum_len); - - for (i = 0; i < s->count; i++) { - s->sums[i].sum1 = read_int(f); --- -2.34.1 - - diff --git a/rsync-CVE-2024-12085.patch b/rsync-CVE-2024-12085.patch deleted file mode 100644 index 669b1c5..0000000 --- a/rsync-CVE-2024-12085.patch +++ /dev/null @@ -1,28 +0,0 @@ -From cf620065502f065d4ea44f5df4f81295a738aa21 Mon Sep 17 00:00:00 2001 -From: Andrew Tridgell -Date: Thu, 14 Nov 2024 09:57:08 +1100 -Subject: [PATCH] prevent information leak off the stack - -prevent leak of uninitialised stack data in hash_search ---- - match.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/match.c b/match.c -index 36e78ed2..dfd6af2c 100644 ---- a/match.c -+++ b/match.c -@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s, - int more; - schar *map; - -+ // prevent possible memory leaks -+ memset(sum2, 0, sizeof sum2); -+ - /* want_i is used to encourage adjacent matches, allowing the RLL - * coding of the output to work more efficiently. */ - want_i = 0; --- -2.34.1 - - diff --git a/rsync-CVE-2024-12086_01.patch b/rsync-CVE-2024-12086_01.patch deleted file mode 100644 index f1a6e6f..0000000 --- a/rsync-CVE-2024-12086_01.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 3feb8669d875d03c9ceb82e208ef40ddda8eb908 Mon Sep 17 00:00:00 2001 -From: Andrew Tridgell -Date: Sat, 23 Nov 2024 11:08:03 +1100 -Subject: [PATCH 1/4] refuse fuzzy options when fuzzy not selected - -this prevents a malicious server providing a file to compare to when -the user has not given the fuzzy option ---- - receiver.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/receiver.c b/receiver.c -index 6b4b369e..2d7f6033 100644 ---- a/receiver.c -+++ b/receiver.c -@@ -66,6 +66,7 @@ extern char sender_file_sum[MAX_DIGEST_LEN]; - extern struct file_list *cur_flist, *first_flist, *dir_flist; - extern filter_rule_list daemon_filter_list; - extern OFF_T preallocated_len; -+extern int fuzzy_basis; - - extern struct name_num_item *xfer_sum_nni; - extern int xfer_sum_len; -@@ -716,6 +717,10 @@ int recv_files(int f_in, int f_out, char *local_name) - fnamecmp = get_backup_name(fname); - break; - case FNAMECMP_FUZZY: -+ if (fuzzy_basis == 0) { -+ rprintf(FERROR_XFER, "rsync: refusing malicious fuzzy operation for %s\n", xname); -+ exit_cleanup(RERR_PROTOCOL); -+ } - if (file->dirname) { - pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname); - fnamecmp = fnamecmpbuf; --- -2.34.1 - - diff --git a/rsync-CVE-2024-12086_02.patch b/rsync-CVE-2024-12086_02.patch deleted file mode 100644 index 769a0b1..0000000 --- a/rsync-CVE-2024-12086_02.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 33385aefe4773e7a3982d41995681eb079c92d12 Mon Sep 17 00:00:00 2001 -From: Andrew Tridgell -Date: Sat, 23 Nov 2024 12:26:10 +1100 -Subject: [PATCH 2/4] added secure_relative_open() - -this is an open that enforces no symlink following for all path -components in a relative path ---- - syscall.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 74 insertions(+) - -diff --git a/syscall.c b/syscall.c -index d92074aa..a4b7f542 100644 ---- a/syscall.c -+++ b/syscall.c -@@ -33,6 +33,8 @@ - #include - #endif - -+#include "ifuncs.h" -+ - extern int dry_run; - extern int am_root; - extern int am_sender; -@@ -712,3 +714,75 @@ int do_open_nofollow(const char *pathname, int flags) - - return fd; - } -+ -+/* -+ open a file relative to a base directory. The basedir can be NULL, -+ in which case the current working directory is used. The relpath -+ must be a relative path, and the relpath must not contain any -+ elements in the path which follow symlinks (ie. like O_NOFOLLOW, but -+ applies to all path components, not just the last component) -+*/ -+int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode) -+{ -+ if (!relpath || relpath[0] == '/') { -+ // must be a relative path -+ errno = EINVAL; -+ return -1; -+ } -+ -+#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) -+ // really old system, all we can do is live with the risks -+ if (!basedir) { -+ return open(relpath, flags, mode); -+ } -+ char fullpath[MAXPATHLEN]; -+ pathjoin(fullpath, sizeof fullpath, basedir, relpath); -+ return open(fullpath, flags, mode); -+#else -+ int dirfd = AT_FDCWD; -+ if (basedir != NULL) { -+ dirfd = openat(AT_FDCWD, basedir, O_RDONLY | O_DIRECTORY); -+ if (dirfd == -1) { -+ return -1; -+ } -+ } -+ int retfd = -1; -+ -+ char *path_copy = my_strdup(relpath, __FILE__, __LINE__); -+ if (!path_copy) { -+ return -1; -+ } -+ -+ for (const char *part = strtok(path_copy, "/"); -+ part != NULL; -+ part = strtok(NULL, "/")) -+ { -+ int next_fd = openat(dirfd, part, O_RDONLY | O_DIRECTORY | O_NOFOLLOW); -+ if (next_fd == -1 && errno == ENOTDIR) { -+ if (strtok(NULL, "/") != NULL) { -+ // this is not the last component of the path -+ errno = ELOOP; -+ goto cleanup; -+ } -+ // this could be the last component of the path, try as a file -+ retfd = openat(dirfd, part, flags | O_NOFOLLOW, mode); -+ goto cleanup; -+ } -+ if (next_fd == -1) { -+ goto cleanup; -+ } -+ if (dirfd != AT_FDCWD) close(dirfd); -+ dirfd = next_fd; -+ } -+ -+ // the path must be a directory -+ errno = EINVAL; -+ -+cleanup: -+ free(path_copy); -+ if (dirfd != AT_FDCWD) { -+ close(dirfd); -+ } -+ return retfd; -+#endif // O_NOFOLLOW, O_DIRECTORY -+} --- -2.34.1 - - diff --git a/rsync-CVE-2024-12086_03.patch b/rsync-CVE-2024-12086_03.patch deleted file mode 100644 index c28f2a3..0000000 --- a/rsync-CVE-2024-12086_03.patch +++ /dev/null @@ -1,104 +0,0 @@ -From e59ef9939d3f0ccc8f9bab51442989a81be0c914 Mon Sep 17 00:00:00 2001 -From: Andrew Tridgell -Date: Sat, 23 Nov 2024 12:28:13 +1100 -Subject: [PATCH 3/4] receiver: use secure_relative_open() for basis file - -this prevents attacks where the basis file is manipulated by a -malicious sender to gain information about files outside the -destination tree ---- - receiver.c | 42 ++++++++++++++++++++++++++---------------- - 1 file changed, 26 insertions(+), 16 deletions(-) - -diff --git a/receiver.c b/receiver.c -index 2d7f6033..8031b8f4 100644 ---- a/receiver.c -+++ b/receiver.c -@@ -552,6 +552,8 @@ int recv_files(int f_in, int f_out, char *local_name) - progress_init(); - - while (1) { -+ const char *basedir = NULL; -+ - cleanup_disable(); - - /* This call also sets cur_flist. */ -@@ -722,27 +724,29 @@ int recv_files(int f_in, int f_out, char *local_name) - exit_cleanup(RERR_PROTOCOL); - } - if (file->dirname) { -- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname); -- fnamecmp = fnamecmpbuf; -- } else -- fnamecmp = xname; -+ basedir = file->dirname; -+ } -+ fnamecmp = xname; - break; - default: - if (fnamecmp_type > FNAMECMP_FUZZY && fnamecmp_type-FNAMECMP_FUZZY <= basis_dir_cnt) { - fnamecmp_type -= FNAMECMP_FUZZY + 1; - if (file->dirname) { -- stringjoin(fnamecmpbuf, sizeof fnamecmpbuf, -- basis_dir[fnamecmp_type], "/", file->dirname, "/", xname, NULL); -- } else -- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], xname); -+ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], file->dirname); -+ basedir = fnamecmpbuf; -+ } else { -+ basedir = basis_dir[fnamecmp_type]; -+ } -+ fnamecmp = xname; - } else if (fnamecmp_type >= basis_dir_cnt) { - rprintf(FERROR, - "invalid basis_dir index: %d.\n", - fnamecmp_type); - exit_cleanup(RERR_PROTOCOL); -- } else -- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], fname); -- fnamecmp = fnamecmpbuf; -+ } else { -+ basedir = basis_dir[fnamecmp_type]; -+ fnamecmp = fname; -+ } - break; - } - if (!fnamecmp || (daemon_filter_list.head -@@ -765,7 +769,7 @@ int recv_files(int f_in, int f_out, char *local_name) - } - - /* open the file */ -- fd1 = do_open(fnamecmp, O_RDONLY, 0); -+ fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0); - - if (fd1 == -1 && protocol_version < 29) { - if (fnamecmp != fname) { -@@ -776,14 +780,20 @@ int recv_files(int f_in, int f_out, char *local_name) - - if (fd1 == -1 && basis_dir[0]) { - /* pre-29 allowed only one alternate basis */ -- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, -- basis_dir[0], fname); -- fnamecmp = fnamecmpbuf; -+ basedir = basis_dir[0]; -+ fnamecmp = fname; - fnamecmp_type = FNAMECMP_BASIS_DIR_LOW; -- fd1 = do_open(fnamecmp, O_RDONLY, 0); -+ fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0); - } - } - -+ if (basedir) { -+ // for the following code we need the full -+ // path name as a single string -+ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basedir, fnamecmp); -+ fnamecmp = fnamecmpbuf; -+ } -+ - one_inplace = inplace_partial && fnamecmp_type == FNAMECMP_PARTIAL_DIR; - updating_basis_or_equiv = one_inplace - || (inplace && (fnamecmp == fname || fnamecmp_type == FNAMECMP_BACKUP)); --- -2.34.1 - - diff --git a/rsync-CVE-2024-12086_04.patch b/rsync-CVE-2024-12086_04.patch deleted file mode 100644 index c2aa98d..0000000 --- a/rsync-CVE-2024-12086_04.patch +++ /dev/null @@ -1,38 +0,0 @@ -From c78e53edb802d04f7e4e070fe8314f2544749e7a Mon Sep 17 00:00:00 2001 -From: Andrew Tridgell -Date: Tue, 26 Nov 2024 09:16:31 +1100 -Subject: [PATCH 4/4] disallow ../ elements in relpath for secure_relative_open - ---- - syscall.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/syscall.c b/syscall.c -index a4b7f542..47c5ea57 100644 ---- a/syscall.c -+++ b/syscall.c -@@ -721,6 +721,8 @@ int do_open_nofollow(const char *pathname, int flags) - must be a relative path, and the relpath must not contain any - elements in the path which follow symlinks (ie. like O_NOFOLLOW, but - applies to all path components, not just the last component) -+ -+ The relpath must also not contain any ../ elements in the path - */ - int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode) - { -@@ -729,6 +731,11 @@ int secure_relative_open(const char *basedir, const char *relpath, int flags, mo - errno = EINVAL; - return -1; - } -+ if (strncmp(relpath, "../", 3) == 0 || strstr(relpath, "/../")) { -+ // no ../ elements allowed in the relpath -+ errno = EINVAL; -+ return -1; -+ } - - #if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) - // really old system, all we can do is live with the risks --- -2.34.1 - - diff --git a/rsync-CVE-2024-12087_01.patch b/rsync-CVE-2024-12087_01.patch deleted file mode 100644 index f9b258b..0000000 --- a/rsync-CVE-2024-12087_01.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0ebc19ee486a8e928a68d8f98d07d40f176770aa Mon Sep 17 00:00:00 2001 -From: Wayne Davison -Date: Thu, 14 Nov 2024 15:46:50 -0800 -Subject: [PATCH 1/2] Refuse a duplicate dirlist. - ---- - flist.c | 9 +++++++++ - rsync.h | 1 + - 2 files changed, 10 insertions(+) - -diff --git a/flist.c b/flist.c -index 464d556e..847b1054 100644 ---- a/flist.c -+++ b/flist.c -@@ -2584,6 +2584,15 @@ struct file_list *recv_file_list(int f, int dir_ndx) - init_hard_links(); - #endif - -+ if (inc_recurse && dir_ndx >= 0) { -+ struct file_struct *file = dir_flist->files[dir_ndx]; -+ if (file->flags & FLAG_GOT_DIR_FLIST) { -+ rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx); -+ exit_cleanup(RERR_PROTOCOL); -+ } -+ file->flags |= FLAG_GOT_DIR_FLIST; -+ } -+ - flist = flist_new(0, "recv_file_list"); - flist_expand(flist, FLIST_START_LARGE); - -diff --git a/rsync.h b/rsync.h -index 0f9e277f..b9a7101a 100644 ---- a/rsync.h -+++ b/rsync.h -@@ -84,6 +84,7 @@ - #define FLAG_DUPLICATE (1<<4) /* sender */ - #define FLAG_MISSING_DIR (1<<4) /* generator */ - #define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */ -+#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */ - #define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */ - #define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */ - #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */ --- -2.34.1 - - diff --git a/rsync-CVE-2024-12087_02.patch b/rsync-CVE-2024-12087_02.patch deleted file mode 100644 index 86d7942..0000000 --- a/rsync-CVE-2024-12087_02.patch +++ /dev/null @@ -1,28 +0,0 @@ -From b3e16be18d582dac1513c0a932d146b36e867b1b Mon Sep 17 00:00:00 2001 -From: Andrew Tridgell -Date: Tue, 26 Nov 2024 16:12:45 +1100 -Subject: [PATCH 2/2] range check dir_ndx before use - ---- - flist.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/flist.c b/flist.c -index 847b1054..087f9da6 100644 ---- a/flist.c -+++ b/flist.c -@@ -2585,6 +2585,10 @@ struct file_list *recv_file_list(int f, int dir_ndx) - #endif - - if (inc_recurse && dir_ndx >= 0) { -+ if (dir_ndx >= dir_flist->used) { -+ rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used); -+ exit_cleanup(RERR_PROTOCOL); -+ } - struct file_struct *file = dir_flist->files[dir_ndx]; - if (file->flags & FLAG_GOT_DIR_FLIST) { - rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx); --- -2.34.1 - - diff --git a/rsync-CVE-2024-12088.patch b/rsync-CVE-2024-12088.patch deleted file mode 100644 index 3b993ae..0000000 --- a/rsync-CVE-2024-12088.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 535f8f816539ba681ef0f12015d2cb587ae61b6d Mon Sep 17 00:00:00 2001 -From: Andrew Tridgell -Date: Sat, 23 Nov 2024 15:15:53 +1100 -Subject: [PATCH] make --safe-links stricter - -when --safe-links is used also reject links where a '../' component is -included in the destination as other than the leading part of the -filename ---- - testsuite/safe-links.test | 55 ++++++++++++++++++++++++++++++++++++ - testsuite/unsafe-byname.test | 2 +- - util1.c | 26 ++++++++++++++++- - 3 files changed, 81 insertions(+), 2 deletions(-) - create mode 100644 testsuite/safe-links.test - -diff --git a/testsuite/safe-links.test b/testsuite/safe-links.test -new file mode 100644 -index 00000000..6e95a4b9 ---- /dev/null -+++ b/testsuite/safe-links.test -@@ -0,0 +1,55 @@ -+#!/bin/sh -+ -+. "$suitedir/rsync.fns" -+ -+test_symlink() { -+ is_a_link "$1" || test_fail "File $1 is not a symlink" -+} -+ -+test_regular() { -+ if [ ! -f "$1" ]; then -+ test_fail "File $1 is not regular file or not exists" -+ fi -+} -+ -+test_notexist() { -+ if [ -e "$1" ]; then -+ test_fail "File $1 exists" -+ fi -+ if [ -h "$1" ]; then -+ test_fail "File $1 exists as a symlink" -+ fi -+} -+ -+cd "$tmpdir" -+ -+mkdir from -+ -+mkdir "from/safe" -+mkdir "from/unsafe" -+ -+mkdir "from/safe/files" -+mkdir "from/safe/links" -+ -+touch "from/safe/files/file1" -+touch "from/safe/files/file2" -+touch "from/unsafe/unsafefile" -+ -+ln -s ../files/file1 "from/safe/links/" -+ln -s ../files/file2 "from/safe/links/" -+ln -s ../../unsafe/unsafefile "from/safe/links/" -+ln -s a/a/a/../../../unsafe2 "from/safe/links/" -+ -+#echo "LISTING FROM" -+#ls -lR from -+ -+echo "rsync with relative path and just -a" -+$RSYNC -avv --safe-links from/safe/ to -+ -+#echo "LISTING TO" -+#ls -lR to -+ -+test_symlink to/links/file1 -+test_symlink to/links/file2 -+test_notexist to/links/unsafefile -+test_notexist to/links/unsafe2 -diff --git a/testsuite/unsafe-byname.test b/testsuite/unsafe-byname.test -index 75e72014..d2e318ef 100644 ---- a/testsuite/unsafe-byname.test -+++ b/testsuite/unsafe-byname.test -@@ -40,7 +40,7 @@ test_unsafe ..//../dest from/dir unsafe - test_unsafe .. from/file safe - test_unsafe ../.. from/file unsafe - test_unsafe ..//.. from//file unsafe --test_unsafe dir/.. from safe -+test_unsafe dir/.. from unsafe - test_unsafe dir/../.. from unsafe - test_unsafe dir/..//.. from unsafe - -diff --git a/util1.c b/util1.c -index da50ff1e..f260d398 100644 ---- a/util1.c -+++ b/util1.c -@@ -1318,7 +1318,14 @@ int handle_partial_dir(const char *fname, int create) - * - * "src" is the top source directory currently applicable at the level - * of the referenced symlink. This is usually the symlink's full path -- * (including its name), as referenced from the root of the transfer. */ -+ * (including its name), as referenced from the root of the transfer. -+ * -+ * NOTE: this also rejects dest names with a .. component in other -+ * than the first component of the name ie. it rejects names such as -+ * a/b/../x/y. This needs to be done as the leading subpaths 'a' or -+ * 'b' could later be replaced with symlinks such as a link to '.' -+ * resulting in the link being transferred now becoming unsafe -+ */ - int unsafe_symlink(const char *dest, const char *src) - { - const char *name, *slash; -@@ -1328,6 +1335,23 @@ int unsafe_symlink(const char *dest, const char *src) - if (!dest || !*dest || *dest == '/') - return 1; - -+ // reject destinations with /../ in the name other than at the start of the name -+ const char *dest2 = dest; -+ while (strncmp(dest2, "../", 3) == 0) { -+ dest2 += 3; -+ while (*dest2 == '/') { -+ // allow for ..//..///../foo -+ dest2++; -+ } -+ } -+ if (strstr(dest2, "/../")) -+ return 1; -+ -+ // reject if the destination ends in /.. -+ const size_t dlen = strlen(dest); -+ if (dlen > 3 && strcmp(&dest[dlen-3], "/..") == 0) -+ return 1; -+ - /* find out what our safety margin is */ - for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) { - /* ".." segment starts the count over. "." segment is ignored. */ --- -2.34.1 - - diff --git a/rsync-CVE-2024-12747.patch b/rsync-CVE-2024-12747.patch deleted file mode 100644 index 4ff5b86..0000000 --- a/rsync-CVE-2024-12747.patch +++ /dev/null @@ -1,163 +0,0 @@ -diff --git a/checksum.c b/checksum.c -index cb21882..66e8089 100644 ---- a/checksum.c -+++ b/checksum.c -@@ -406,7 +406,7 @@ void file_checksum(const char *fname, const STRUCT_STAT *st_p, char *sum) - int32 remainder; - int fd; - -- fd = do_open(fname, O_RDONLY, 0); -+ fd = do_open_checklinks(fname); - if (fd == -1) { - memset(sum, 0, file_sum_len); - return; -diff --git a/flist.c b/flist.c -index 087f9da..1783253 100644 ---- a/flist.c -+++ b/flist.c -@@ -1390,7 +1390,7 @@ struct file_struct *make_file(const char *fname, struct file_list *flist, - - if (copy_devices && am_sender && IS_DEVICE(st.st_mode)) { - if (st.st_size == 0) { -- int fd = do_open(fname, O_RDONLY, 0); -+ int fd = do_open_checklinks(fname); - if (fd >= 0) { - st.st_size = get_device_size(fd, fname); - close(fd); -diff --git a/generator.c b/generator.c -index 110db28..3f13bb9 100644 ---- a/generator.c -+++ b/generator.c -@@ -1798,7 +1798,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx, - - if (write_devices && IS_DEVICE(sx.st.st_mode) && sx.st.st_size == 0) { - /* This early open into fd skips the regular open below. */ -- if ((fd = do_open(fnamecmp, O_RDONLY, 0)) >= 0) -+ if ((fd = do_open_nofollow(fnamecmp, O_RDONLY)) >= 0) - real_sx.st.st_size = sx.st.st_size = get_device_size(fd, fnamecmp); - } - -@@ -1867,7 +1867,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx, - } - - /* open the file */ -- if (fd < 0 && (fd = do_open(fnamecmp, O_RDONLY, 0)) < 0) { -+ if (fd < 0 && (fd = do_open_checklinks(fnamecmp)) < 0) { - rsyserr(FERROR, errno, "failed to open %s, continuing", - full_fname(fnamecmp)); - pretend_missing: -diff --git a/receiver.c b/receiver.c -index 8031b8f..edfbb21 100644 ---- a/receiver.c -+++ b/receiver.c -@@ -775,7 +775,7 @@ int recv_files(int f_in, int f_out, char *local_name) - if (fnamecmp != fname) { - fnamecmp = fname; - fnamecmp_type = FNAMECMP_FNAME; -- fd1 = do_open(fnamecmp, O_RDONLY, 0); -+ fd1 = do_open_nofollow(fnamecmp, O_RDONLY); - } - - if (fd1 == -1 && basis_dir[0]) { -diff --git a/sender.c b/sender.c -index 2bbff2f..a4d46c3 100644 ---- a/sender.c -+++ b/sender.c -@@ -350,7 +350,7 @@ void send_files(int f_in, int f_out) - exit_cleanup(RERR_PROTOCOL); - } - -- fd = do_open(fname, O_RDONLY, 0); -+ fd = do_open_checklinks(fname); - if (fd == -1) { - if (errno == ENOENT) { - enum logcode c = am_daemon && protocol_version < 28 ? FERROR : FWARNING; -diff --git a/syscall.c b/syscall.c -index 47c5ea5..c55ae5f 100644 ---- a/syscall.c -+++ b/syscall.c -@@ -45,6 +45,8 @@ extern int preallocate_files; - extern int preserve_perms; - extern int preserve_executability; - extern int open_noatime; -+extern int copy_links; -+extern int copy_unsafe_links; - - #ifndef S_BLKSIZE - # if defined hpux || defined __hpux__ || defined __hpux -@@ -793,3 +795,21 @@ cleanup: - return retfd; - #endif // O_NOFOLLOW, O_DIRECTORY - } -+ -+/* -+ varient of do_open/do_open_nofollow which does do_open() if the -+ copy_links or copy_unsafe_links options are set and does -+ do_open_nofollow() otherwise -+ -+ This is used to prevent a race condition where an attacker could be -+ switching a file between being a symlink and being a normal file -+ -+ The open is always done with O_RDONLY flags -+ */ -+int do_open_checklinks(const char *pathname) -+{ -+ if (copy_links || copy_unsafe_links) { -+ return do_open(pathname, O_RDONLY, 0); -+ } -+ return do_open_nofollow(pathname, O_RDONLY); -+} -diff --git a/t_unsafe.c b/t_unsafe.c -index 010cac5..e10619a 100644 ---- a/t_unsafe.c -+++ b/t_unsafe.c -@@ -28,6 +28,9 @@ int am_root = 0; - int am_sender = 1; - int read_only = 0; - int list_only = 0; -+int copy_links = 0; -+int copy_unsafe_links = 0; -+ - short info_levels[COUNT_INFO], debug_levels[COUNT_DEBUG]; - - int -diff --git a/tls.c b/tls.c -index e6b0708..858f8f1 100644 ---- a/tls.c -+++ b/tls.c -@@ -49,6 +49,9 @@ int list_only = 0; - int link_times = 0; - int link_owner = 0; - int nsec_times = 0; -+int safe_symlinks = 0; -+int copy_links = 0; -+int copy_unsafe_links = 0; - - #ifdef SUPPORT_XATTRS - -diff --git a/trimslash.c b/trimslash.c -index 1ec928c..f2774cd 100644 ---- a/trimslash.c -+++ b/trimslash.c -@@ -26,6 +26,8 @@ int am_root = 0; - int am_sender = 1; - int read_only = 1; - int list_only = 0; -+int copy_links = 0; -+int copy_unsafe_links = 0; - - int - main(int argc, char **argv) -diff --git a/util1.c b/util1.c -index f260d39..d84bc41 100644 ---- a/util1.c -+++ b/util1.c -@@ -365,7 +365,7 @@ int copy_file(const char *source, const char *dest, int tmpfilefd, mode_t mode) - int len; /* Number of bytes read into `buf'. */ - OFF_T prealloc_len = 0, offset = 0; - -- if ((ifd = do_open(source, O_RDONLY, 0)) < 0) { -+ if ((ifd = do_open_nofollow(source, O_RDONLY)) < 0) { - int save_errno = errno; - rsyserr(FERROR_XFER, errno, "open %s", full_fname(source)); - errno = save_errno; diff --git a/rsync-gcc14.patch b/rsync-gcc14.patch deleted file mode 100644 index 375ac51..0000000 --- a/rsync-gcc14.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: rsync-3.3.0/configure.ac -=================================================================== ---- rsync-3.3.0.orig/configure.ac -+++ rsync-3.3.0/configure.ac -@@ -412,7 +412,7 @@ AS_HELP_STRING([--disable-ipv6],[disable - #include - #include - #include --main() -+int main(void) - { - if (socket(AF_INET6, SOCK_STREAM, 0) < 0) - exit(1); diff --git a/rsync-patches-3.3.0.tar.gz b/rsync-patches-3.3.0.tar.gz deleted file mode 100644 index 7ca95fb..0000000 --- a/rsync-patches-3.3.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3dd51cd88d25133681106f68622ebedbf191ab25a21ea336ba409136591864b0 -size 98487 diff --git a/rsync-patches-3.3.0.tar.gz.asc b/rsync-patches-3.3.0.tar.gz.asc deleted file mode 100644 index d97f549..0000000 --- a/rsync-patches-3.3.0.tar.gz.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCZhF6vQAKCRBshZ+xS5ao -xcOpAJ0e/0uM2Ds98F7lwsTWiYdsJJ4EGwCfU4SaBIySxtKPdHh0Qy6Y1dt8uTc= -=dZu7 ------END PGP SIGNATURE----- diff --git a/rsync-patches-3.4.0.tar.gz b/rsync-patches-3.4.0.tar.gz new file mode 100644 index 0000000..f0f5570 --- /dev/null +++ b/rsync-patches-3.4.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:51533dc5b9b4293d3499b673df185c93484f3e6fcf2de52f9bf1f07fa3d7cbc1 +size 103831 diff --git a/rsync-patches-3.4.0.tar.gz.asc b/rsync-patches-3.4.0.tar.gz.asc new file mode 100644 index 0000000..05fedde --- /dev/null +++ b/rsync-patches-3.4.0.tar.gz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQJIBAABCgAyFiEEn+8RLc4ZoNx+iCy4G7JJl6hTX28FAmeGuIAUHGFuZHJld0B0 +cmlkZ2VsbC5uZXQACgkQG7JJl6hTX2/6cg/+LZBcaBsD6AAIDRQeBh5XvGWqZowx +Zb66c52bSJ4WmruG2ccnBsxQLUhwHws/Rxqak7M5bUP11Z54ub+exSXxMVB8yFs7 +KZ1TyQKfiV1TJSspK8LQT6+mndlHAkpXAZWChWrKiQLUC1hrEpqRN+kFGEEqpNAB ++8+dtnGf4x3WQpMRybadvw5WR6y1EgkJbZrqikLgi9edmi9UVE1VWfDoA96yR8eA +d5g9daNSx+QdqlWXt8L3djZG56l+QQhcKb6h/35+wHjaV1PgCq+zDdujn1v34ZtR +7FMdqeEXWudiGU3U1xLay/sz057ZGhVXO7fRmcC4OhBEMTYNyzHO42yz0O3Sxe8j +oK7+qJGqzsyLDtgpsHJFKXG8xBqGNoW/9c6RaJhEQyCgF0VhifE5aWbId7IwlSB3 +IzZuXcuGWUG0EhodNMQjYLxpdWfZexxkExu6Fx7D3RiOx04p5Rgb3EX9dP1tjVkt +iWWVuHE9WI4NO85YXtKNYkRz9jESIhc9m+B7BzWmD/R9/r4OjfY0nlrrE9l9bTWg +lm44bVRofY2SfO8cJgH3wCa4znUUBud7hAgBpKjnOXDEedLtmQOdbbDBvWGj64kS +V9pZ4tSkaZT+ojgHhPAfqLqkQoVlHWs0q9R5PqjCRTWFynzi85rl9ForJXpo7UHU +lJaIYEmTUu5Ub50= +=MYKy +-----END PGP SIGNATURE----- + diff --git a/rsync-usr-etc.patch b/rsync-usr-etc.patch index 8d4f59e..74ea855 100644 --- a/rsync-usr-etc.patch +++ b/rsync-usr-etc.patch @@ -1,7 +1,8 @@ -diff -ur a/clientserver.c b/clientserver.c ---- a/clientserver.c 2023-11-28 17:12:41.643268046 +0100 -+++ b/clientserver.c 2023-11-28 17:25:30.476279700 +0100 -@@ -1261,10 +1261,16 @@ +Index: rsync-3.4.0/clientserver.c +=================================================================== +--- rsync-3.4.0.orig/clientserver.c ++++ rsync-3.4.0/clientserver.c +@@ -1261,10 +1261,16 @@ static void send_listing(int fd) static int load_config(int globals_only) { if (!config_file) { @@ -20,10 +21,11 @@ diff -ur a/clientserver.c b/clientserver.c } return lp_load(config_file, globals_only); } -diff -ur a/configure.ac b/configure.ac ---- a/configure.ac 2023-11-28 17:12:41.647268046 +0100 -+++ b/configure.ac 2023-11-28 17:40:15.678280030 +0100 -@@ -175,7 +175,7 @@ +Index: rsync-3.4.0/configure.ac +=================================================================== +--- rsync-3.4.0.orig/configure.ac ++++ rsync-3.4.0/configure.ac +@@ -175,7 +175,7 @@ AC_ARG_WITH(rsync-path, AC_DEFINE_UNQUOTED(RSYNC_PATH, "$RSYNC_PATH", [location of rsync on remote machine]) AC_ARG_WITH(rsyncd-conf, @@ -32,7 +34,7 @@ diff -ur a/configure.ac b/configure.ac [ if test ! -z "$with_rsyncd_conf" ; then case $with_rsyncd_conf in yes|no) -@@ -193,7 +193,27 @@ +@@ -193,7 +193,27 @@ AC_ARG_WITH(rsyncd-conf, fi ], [ RSYNCD_SYSCONF="/etc/rsyncd.conf" ]) @@ -61,10 +63,11 @@ diff -ur a/configure.ac b/configure.ac AC_ARG_WITH(rsh, AS_HELP_STRING([--with-rsh=CMD],[set remote shell command to CMD (default: ssh)])) -diff -ur a/rsyncd.conf.5.md b/rsyncd.conf.5.md ---- a/rsyncd.conf.5.md 2023-11-28 17:12:41.643268046 +0100 -+++ b/rsyncd.conf.5.md 2023-11-29 13:08:32.125333095 +0100 -@@ -1235,7 +1235,7 @@ +Index: rsync-3.4.0/rsyncd.conf.5.md +=================================================================== +--- rsync-3.4.0.orig/rsyncd.conf.5.md ++++ rsync-3.4.0/rsyncd.conf.5.md +@@ -1242,7 +1242,7 @@ The /etc/rsyncd.secrets file would look ## FILES diff --git a/rsync.changes b/rsync.changes index 2a8f886..95a0517 100644 --- a/rsync.changes +++ b/rsync.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Wed Jan 15 13:30:11 UTC 2025 - Angel Yankov + +- Update to 3.4 + * Bump to protocol 32 + Drop CVE patches: + * Removed rsync-CVE-2024-12084-overflow-01.patch + * Removed rsync-CVE-2024-12084-overflow-02.patch + * Removed rsync-CVE-2024-12085.patch + * Removed rsync-CVE-2024-12086_01.patch + * Removed rsync-CVE-2024-12086_02.patch + * Removed rsync-CVE-2024-12086_03.patch + * Removed rsync-CVE-2024-12086_04.patch + * Removed rsync-CVE-2024-12087_01.patch + * Removed rsync-CVE-2024-12087_02.patch + * Removed rsync-CVE-2024-12088.patch + * Removed rsync-CVE-2024-12747.patch + ------------------------------------------------------------------- Tue Jan 14 08:39:57 UTC 2025 - Angel Yankov diff --git a/rsync.keyring b/rsync.keyring index cc99196..621f111 100644 --- a/rsync.keyring +++ b/rsync.keyring @@ -1,32 +1,130 @@ -pub 1024D/4B96A8C5 2003-12-19 -uid Wayne Davison -uid Wayne Davison -sub 1024g/29C67D63 2003-12-19 - -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.9 (GNU/Linux) +Comment: Hostname: +Version: Hockeypuck 2.2 -mQGiBD/ja2cRBACZqtQ/VnuWd2TA/T4nFitXPOF//7uterTWZVMDBrSE3tJdW1lv -90z2g2RJKktJTC3yjs82IH6wWvvFsHDPGXQRuoBr0dPYHBaVhKX85uewigHiE2M1 -1Ub8Vv1c/JDGAh1cNmCAWazghV+emamrWJWq0f0hz5eqq4LCcPwo4riUVwCg9W37 -YAR8Z4NHa6FWjrEKjl2NIMUD/iXJnp6qJFMK9Fs+2dWyL1m/mRb0h+I/cqgpkUvo -gRhL95Jttg2QQtXJWCsB3hA/L/2Iu2bV8iS1aRlZQsAWogA3/m56ROs8cIyN4ouj -1dpPoG7sKGA8BTvXxuSF9l6ngx7208iX+xiQCDeGfBtBFBy70iJxTFGzp2mP3IiP -pwWtBACJ6l8UPwSRmp0Hz/N6H4RkzqGQnvYsMba/uPkRYou/14JsEGCQqjSB99UX -hsPg9wubCEpo3YFTf1p1j3OlbOhiiMkRFwyYaT1fqGjQK0w8hQ1yXHxbXffnz6e3 -gKELz7fNQxS0L/tZkNOT7uyGuwnPsUDCBAzDPMwYVIFRo+MKZLQgV2F5bmUgRGF2 -aXNvbiA8d2F5bmVkQHNhbWJhLm9yZz6IWwQTEQIAGwUCP+NrZwYLCQgHAwIDFQID -AxYCAQIeAQIXgAAKCRBshZ+xS5aoxbKaAJ98/UHW+BAmnsWCvCXYw5xAvjKQuwCg -7rJUYSl3xpb6YmIaBbyyw5QTKiC0LFdheW5lIERhdmlzb24gPHdheW5lZEB1c2Vy -cy5zb3VyY2Vmb3JnZS5uZXQ+iF4EExECAB4FAkFgW4ACGwMGCwkIBwMCAxUCAwMW -AgECHgECF4AACgkQbIWfsUuWqMXxFQCg9Dgb5SnWZroPGl25DL2OYFHdqV4An0N2 -QQj0mVi18JgadtS4xv7yNiDauQENBD/ja3EQBADkZadXo4zP2P9XjCP9jCel2hIp -E/khYifgu8sLYQ3VOaVM6iczw71a+iM3C44CddioGNv0svJ/cEttbtAE5zZIfqm0 -Rd/CYR+kqOkUydss736olRh+4lXLi9dAzDwHoEmlO+i95V6bDdSCAF9+XLhpfUY/ -xtgistlUGTd+wyeQMwADBQP9HXUGOcR18VJsQtFOmXaXv9MSKZYMjCf9R5Z7gcPF -PSIWINyUvMEgnLIrUKJ7pgoA6cLDnYm/lBVP801u5C+D4s79oCnjS21wlOxA2Go0 -hxG6XpT9mwBOWk4uZUK+g8Emeu7Vi6l3XwH8fACdCIfp3wKlqH/qtkqN7Gts95TM -59uIRgQYEQIABgUCP+NrcQAKCRBshZ+xS5aoxUisAKC2tk0y7PNjh9C9vbfx3fdA -gqiD8gCgg6qjwVbeddcrA0a84BB3zXnb93A= -=0IcW +xsFNBFnFrIoBEAC8ph2kG5EBWVcjjNPsn5nYSktPjkqdJJTupYf1mrQXqmbcW2I0 +6YYEdQ48kqv5EXJI+9hm8kIOi+VjD+JL4OplU1QY4qzclTTzxEZclJ3Ql/2hjfzX +edncmYFe7iuklK3y9cyk5ObzfyZdic7FS/Mu8G+dp3uLVx83ZCbVF/CmdWjVSS9i +IBBI5N/nfvGszAWf8lrGAvwOjp16MHzruW0DHwtO2DdFoSlgSeLSCQJLOK8EQUps +pCofElQf1YhTQugtR4iy3DyZlhRyxmUFPpCHI83hAXKKFbhvsm8IgXUGF2AZY+SL +vy1mheE+dLk8CMzrgHB1su9aDXCOJ/Zt53GqluRaYXroi/vbS0+koqDOukn2UPla +MF5XP2ASJQU6mPm1mY2F0rAeMXapteG1exqoS2ttoQnMXUknXUQh1d7AP40OK/8k +VjX+DapMOFrjoFCcwBxWbaTY7j4JtjaqBHVdALRczrv4AxPhfZRndhRA+uqg5FpG +tsta47U2T/Y38M5qNkpJaHsAOSRorW/efgI6S0f6E/BaJh6AyXqRvJNhvWpEfpTf +Fb/4zlFz7Z4WIrmFFHWbGm2NR8rJOCs02zH6nX1S7XCTXIpK6YuJwam33WOvR2i2 +TgDf/xlsislTVPmWcqEMxLH5/YDqTQXzRtjsuGdjCvlAqN9tO7infXhm7QARAQAB +zSVBbmRyZXcgVHJpZGdlbGwgPGFuZHJld0B0cmlkZ2VsbC5uZXQ+wsF3BBMBAgAh +AhsDAh4BAheABQJZxa9lBQsJCAcDBRUKCQgLBRYCAwEAAAoJEBuySZeoU19v+sQP +/RACMNYGlRP6hcHXbHOo/YeB0EFcyhjrhq0t5/RDCDs36wAPA+/vCNLHun2/Vvve +H1f0SRvzhFL1V0wbu+s5Tvr4dnnpWR3qGMl407uSsj8e2lhB8wB25l3u59HQbTbv +UWiTlspmsiL3u/mLqeczknXk0fabl3xTpTOVgc4Zee5BKC6sOAmnW/4gIK/dOGAq +ooHRDWlZUsvD5tU/y9p2AD6/hGXoUCm2rcUj5HVzoU2B8Dl8BwKgshBIOV6HozRU +7EORnrcwF8VPkVosX6YBQE+c6QCmaxByKkWvU3C1KxxesIdcMO+YEHZEOo3P0LWG +bomGNNJ0s0cbKnuuI59q16OgOz3JLAB0a0pRw9BPzJaJ92YKHFSREbiG0QnUn/hZ +BsidhaCLg7syTkCvdC6jn+CySydpTAjCf7Api18+JbsHMf2Top1lUxZat6OwiZ7V +SsyyMt3QSePhGtyw4XzfNJfk3zqE6grqbhhennnysH13nHQoWJ8Q5vdKXlryHT+w +kaYKMna0CoLfZD/BG2eFUuJyLJttmbwBjE8q80DwgNIWKqfUGb0tzXstZKYppCkt +6M1xkFGPvYa6b6NF2vydW0bwUEE6vrLy1zARYxh8pCc+R8Vr4iDmGBztlIUhI6Us +7GLqabOBy4HXgte32TQYUedb+dxRnbSLvL/OI6w7Gp+GwsGOBBMBAgAhAhsDAh4B +AheABQJZxa9lBQsJCAcDBRUKCQgLBRYCAwEAACEJEBuySZeoU19vFiEEn+8RLc4Z +oNx+iCy4G7JJl6hTX2/6xA/9EAIw1gaVE/qFwddsc6j9h4HQQVzKGOuGrS3n9EMI +OzfrAA8D7+8I0se6fb9W+94fV/RJG/OEUvVXTBu76zlO+vh2eelZHeoYyXjTu5Ky +Px7aWEHzAHbmXe7n0dBtNu9RaJOWymayIve7+Yup5zOSdeTR9puXfFOlM5WBzhl5 +7kEoLqw4Cadb/iAgr904YCqigdENaVlSy8Pm1T/L2nYAPr+EZehQKbatxSPkdXOh +TYHwOXwHAqCyEEg5XoejNFTsQ5GetzAXxU+RWixfpgFAT5zpAKZrEHIqRa9TcLUr +HF6wh1ww75gQdkQ6jc/QtYZuiYY00nSzRxsqe64jn2rXo6A7PcksAHRrSlHD0E/M +lon3ZgocVJERuIbRCdSf+FkGyJ2FoIuDuzJOQK90LqOf4LJLJ2lMCMJ/sCmLXz4l +uwcx/ZOinWVTFlq3o7CJntVKzLIy3dBJ4+Ea3LDhfN80l+TfOoTqCupuGF6eefKw +fXecdChYnxDm90peWvIdP7CRpgoydrQKgt9kP8EbZ4VS4nIsm22ZvAGMTyrzQPCA +0hYqp9QZvS3Ney1kpimkKS3ozXGQUY+9hrpvo0Xa/J1bRvBQQTq+svLXMBFjGHyk +Jz5HxWviIOYYHO2UhSEjpSzsYupps4HLgdeC17fZNBhR51v53FGdtIu8v84jrDsa +n4bCwXgEEwECACIFAlnFrIoCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJ +EBuySZeoU19v7+gP/RyjN35PGwyhGApZNHo8pBfq720RI39LMZ6RXWo2qYIMGQBV +nQmMMv/hlOaTvEiZ/LB589O9CuueGiWr3WVkw2N7+cnx5bSS1RV6OPEBV9ZPbcAD +jUrlCe63g0SSvfED//RWpwQB9srx5h+AvshrtJI8jFF/tbEvI+8twJlBSJbJs8KW +/t8vB+9yILSn4tkMy2xWm0CU8IIZDtvAYJLJECJCEqZop/8r2++j9b8F62AmrxLe +SIgIcML+JOH6UXQmnu/tQuVZf2/uYMmn+hzCtvfawfNbzE5ERiXMczJSM1adhr91 +b4KFj4vfiXa9JpHNSpAAfeSO9eFylzTsK35Y+LcVO3xIeK40FMIBcox0pFFowf3s +klk0NjYJJ1dvuPMH6dAPX5vfSZQH7uFQnxIA7fYyRp6Y2NwJDOtJhs8471nkYsw/ +Pw69Optun7fG0NXupKSrEZaZq44AoY8QvynMExZGoEYC2oVnFEya4pmqBJRyc7Sy +9Y7eaacstTgVg5KhfEsRPpY939LwmH6XPf5YgiVMjw2duGttK09NAr7Lv50CznTJ +bOl4xYVrac1mrF+VB+f6M6LkfvadjOQ2/vdHbLfo8PqloUJMu20krOXENFqBtXyA +k8EtwGcgp3s1nHihjbRw8SnpEPAZsIwlvTsyNxI26VDsSiNoY3A1PVdTQ37fwsGP +BBMBAgAiBQJZxayKAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRAbskmX +qFNfbxYhBJ/vES3OGaDcfogsuBuySZeoU19v7+gP/RyjN35PGwyhGApZNHo8pBfq +720RI39LMZ6RXWo2qYIMGQBVnQmMMv/hlOaTvEiZ/LB589O9CuueGiWr3WVkw2N7 ++cnx5bSS1RV6OPEBV9ZPbcADjUrlCe63g0SSvfED//RWpwQB9srx5h+AvshrtJI8 +jFF/tbEvI+8twJlBSJbJs8KW/t8vB+9yILSn4tkMy2xWm0CU8IIZDtvAYJLJECJC +EqZop/8r2++j9b8F62AmrxLeSIgIcML+JOH6UXQmnu/tQuVZf2/uYMmn+hzCtvfa +wfNbzE5ERiXMczJSM1adhr91b4KFj4vfiXa9JpHNSpAAfeSO9eFylzTsK35Y+LcV +O3xIeK40FMIBcox0pFFowf3sklk0NjYJJ1dvuPMH6dAPX5vfSZQH7uFQnxIA7fYy +Rp6Y2NwJDOtJhs8471nkYsw/Pw69Optun7fG0NXupKSrEZaZq44AoY8QvynMExZG +oEYC2oVnFEya4pmqBJRyc7Sy9Y7eaacstTgVg5KhfEsRPpY939LwmH6XPf5YgiVM +jw2duGttK09NAr7Lv50CznTJbOl4xYVrac1mrF+VB+f6M6LkfvadjOQ2/vdHbLfo +8PqloUJMu20krOXENFqBtXyAk8EtwGcgp3s1nHihjbRw8SnpEPAZsIwlvTsyNxI2 +6VDsSiNoY3A1PVdTQ37fwsFcBBABCgAGBQJZxa2aAAoJELJMpj9uu+hNx5UQALPz +yu1QRLiPW99XvJxt2ikpkSeWQxJSyyUy38/FButoMRyATqY8Z4mPHtXaCSpKw7SP +d1fJR7CZIdAkpsBj/hvSW9Xy+TCGxd7A4ecI3n3fwLnEyZ/vMmgnBsWVwuEQnMhu +vr7uk2kkdbuZirmeBMOGbYsHEMGx0O30VziWi59NmtVrcIMb2HzWqtIpfbfErSJP +HjQX3AsJ3/dnNMLsNwv96xXx8y6Xi7DZau1VouJkNJnt4+jxEWby/5ttIIQ0OKIZ +nS36R1srCBxj4iEK3F9a8JOa2OTUshTwvFnRs5vMyKYPK5nI4YljzEDOrEfWUqyO +ikZPmZJEJGDJ/gVCOFNDwgHJaWHolVQzMbjNcj4AiDjA0W5TaJ5T55IfqeoA2cko +qzp+tcgETHsdcdsCd/V+4w1qzBmJjYdIraSW0CYIsVUhaQOt50Ya3noqz+n6ZEve +lSSbQoZkOZwAd1AHq2ibdOmHd3JVnpKpB2irZUaWN8y+Ju5TOviXoBL+ZWoG+3Ad +Oj68Am2t8Y9hJvjSIOKpef4CJZ5whU7MtKMtzDENWb7HYkvLf1IjWn34u80QlNn8 +uDbDHoxF1s7xyVvg03r5CzvfhOhXTlzYJEhOEn5VQMkZJQ4RlKyVnLBIYN0uidIn +1STEMnRVTKCR99OGWF8balTNbzwJnaYOHJL1bFBSwkYEEBECAAYFAlnFrxgACgkQ +bf9zMVhTZ5G4mwCgn6YnhVJh+y3B8HJcy3B0eSqn12IAnA+2XSxpS3LfnpKLbEAk +YGbRtDO/wl0EEBECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCZ4bC/AAKCRBs +hZ+xS5aoxVgHAJ9rjm2pKx4k+VN+LWertcAoRHlBwQCg5QTqZQafRqf6/uA9R4kI +xRazYX7CwXMEEAEKAB0WIQRx+/F75+UtDCoskUTwthRgsExLVgUCZ4bMVAAKCRDw +thRgsExLVo1PD/9f055Rby4I4A75UHWZ4um76wX0OiU9nq6FVi01a7sT8VOM8sxM +XnDXZvFfWXsRj98jBYsWZ6XA4JJiW3cvrdDPdjxgJDO7tS4nLWztvCnLxrWoKYkI +sIy9XgF5TCcsMNsSqDzq1j78s18N0JMuKKeBZSxSSIhu/jl83v4w2LY0vakdQv0e +hx0qNAPsZ5jrcTtvGycDFa360cVmMny1WP9+TsabSuIO7vQt5FnRMXvKW0xmSmc9 +HmcaszBKd+lrmM2T8DsoAB6lS30DOAibZfEfN3IgOWpK5YzV6a/UxnESKykpUBKg +889IssfGuQQsir29pFcI0HO3BTnpUQY2o6wkPubPduxsaHYdyl9VJtf8bW3Z6EIY +44HpzPhovGvMrzd06W59TIPu0wxWaoNjZQiGUIkGkqAELXL99YfJQnkEDObxKuzS +Ju7nJ2WJIA3jvavcigCchBTojG+8knrkIzl+xEPiQDVJ+LZGBlN6Ql4EFuukBnjf +85pLaOPd2svQF73RCpsjxwT13lmXzXiRnGgKb3F3smbXimIxkSqax26P8S+mC6+p +C4Xt0j8+zfIL+iqhPedGhH/IvMqRqqQDzjya3YzCh0nIR7mrFV9oH3Nje+s0sGNe +LrW7KkAFBgbdy2Ts/HI+l2uupsRn1OEZEyIRB4wHZqtrEUE7L2FqStyRh8JdBBAR +CgAdFiEEAEjIsCbUyW8OWJwvbIWfsUuWqMUFAmeGzLQACgkQbIWfsUuWqMU/FgCe +KC0HvywEeTaT8dmQh3QiMNQlRtMAniZcHMlZl11+z5Aw8UEuUBzdQyV3zsFNBFnF +rIoBEACeU7lE8sgD5BPro6GLzzfsQ1PsN/im4quzDmR66YaHEsZPf5p+cLPY3aZR +zgXTw5+zH5rsy6D/WwxjH265RRZsymfYwiwS9+gcTxP+qyEs8kUHQn0u5iVGK0pf +MO4lUObKEDUa/QGSYtssVv0nwuR/fkwSCpFJNiJ+f3bgpCY+4bWHFj0vINR0slSU +VqyW80cXhED9sgBCkx6fXA9///QMcRkzQM/99N0yO5iDrz6WdJ/4YvgIngezocOV +nds8RKNGoqKgqkxicsNZuAyzplTTKXqlhLNsVwpkcurmYCdq7QjjcypAn8HTvQoY +++n5sY7h+xCTE5dgcQH3NOdeyRvymFs8f+EcCVLISZdCt077FouZ4n9Xa2bhTZEY +PDEdpQM3OYtolvIPjOGB2ONacBndwW//eUhB+YOgIj2dOyRNPwlo6xagtgbXCZo1 +ksEU7tYJKIqDETs5DWFJ58amIRRx8lQki6PABionf2dmawt2C31IY//F9OccWsfn +CkFGg+Q3aAUWYov1ImmPH2E9TMgTq93S+ntMBKUzDGZDo/wJOaT9tHyVFq29B/Jh +Ri5Zhb6rh7OxSKhC0miK0fkK+EzENvm7nB+e4H916Syb1vrS7TUpy6XIv64rgAHN +zFboWiolreYpOhrJ5u2jpuYrVzev0usHfzhf2osi7fNRH0RDLwARAQABwsFfBBgB +AgAJBQJZxayKAhsMAAoJEBuySZeoU19vofIP/10Fpnrkl5tpNLffXYYN8XkyQBDF +e+fDsrcb1lC8fBwWZdceReceptT/OWA2FMsBOK2BCORFRH8xJMc8Qg/Vf/B9pOlJ +wEBQ7Q4NJDdL5AJcPzKF6q5IsdOehK3esJusC2FHviudIG2uTdQM8CY3syNQR3eQ +HhrJ9+aCoNTDT9MS6M5MkYJThnLSyxNU3AyVblaq7LkDlbFPDnB2q9wPkygI+miC +i7645TBzBM8ljkgxC4OlM+s6O/gWawIzJNKwtSBMlyXUcORP0OzGgwnth8Ad5MBB +Y45JXi4CfhqWP8tbkG/VGGudnpeswGsXRH9oVtzWwTbVwC0A8jmBCntqMdNSXSbg +oM3F14O9kvrFy0RXm4k77qkaXVLbJOuq5wCjTzEFDH8pjeZnGDuwpVRBJZxpGLr7 +1oXASroJ3OK6TSLXxAoEzGwBW6y17nX5x5acSQj+lbUO4qWfPDKhiJMnjuEa92/k +5nkyzeZhB37MsIhN5E7bSKavpKK6KP9raEJv3tjspKvghoLfzQj3zsbqZehKFI4Y +Jq5KGqhUEOl3dL/FenobZgRbB3cqOgzN1LSx1oD30nxLSRrouhc/u47hToA75Qgm +yV8OsDZoBe4R36db+arZOmrS5uvZ1I2ZUK+OynPgV6pZhxC4hljD6M25P0fopL4J +tK9NYcSQQ3X8LC4SwsF2BBgBAgAJBQJZxayKAhsMACEJEBuySZeoU19vFiEEn+8R +Lc4ZoNx+iCy4G7JJl6hTX2+h8g//XQWmeuSXm2k0t99dhg3xeTJAEMV758OytxvW +ULx8HBZl1x5F5x6m1P85YDYUywE4rYEI5EVEfzEkxzxCD9V/8H2k6UnAQFDtDg0k +N0vkAlw/MoXqrkix056Erd6wm6wLYUe+K50gba5N1AzwJjezI1BHd5AeGsn35oKg +1MNP0xLozkyRglOGctLLE1TcDJVuVqrsuQOVsU8OcHar3A+TKAj6aIKLvrjlMHME +zyWOSDELg6Uz6zo7+BZrAjMk0rC1IEyXJdRw5E/Q7MaDCe2HwB3kwEFjjkleLgJ+ +GpY/y1uQb9UYa52el6zAaxdEf2hW3NbBNtXALQDyOYEKe2ox01JdJuCgzcXXg72S ++sXLRFebiTvuqRpdUtsk66rnAKNPMQUMfymN5mcYO7ClVEElnGkYuvvWhcBKugnc +4rpNItfECgTMbAFbrLXudfnHlpxJCP6VtQ7ipZ88MqGIkyeO4Rr3b+TmeTLN5mEH +fsywiE3kTttIpq+koroo/2toQm/e2Oykq+CGgt/NCPfOxupl6EoUjhgmrkoaqFQQ +6Xd0v8V6ehtmBFsHdyo6DM3UtLHWgPfSfEtJGui6Fz+7juFOgDvlCCbJXw6wNmgF +7hHfp1v5qtk6atLm69nUjZlQr47Kc+BXqlmHELiGWMPozbk/R+ikvgm0r01hxJBD +dfwsLhI= +=whzx -----END PGP PUBLIC KEY BLOCK----- diff --git a/rsync.spec b/rsync.spec index 1eb40dd..7cdc60d 100644 --- a/rsync.spec +++ b/rsync.spec @@ -35,7 +35,7 @@ %endif Name: rsync -Version: 3.3.0 +Version: 3.4.0 Release: 0 Summary: Versatile tool for fast incremental file transfer License: GPL-3.0-or-later @@ -55,28 +55,10 @@ Source11: https://rsync.samba.org/ftp/rsync/src/rsync-patches-%{version}.t Source12: %{name}.keyring Source13: rsyncd Patch0: rsync-no-libattr.patch -Patch1: rsync-gcc14.patch Patch2: rsync-usr-etc.patch Patch3: rsync-run-dir.patch # https://github.com/RsyncProject/rsync/pull/639 Patch5: rsyncd-return-from-list-command-with-0.patch -# PATCH-FIX-UPSTREAM: rsync CVE-2024-12084 bsc#1234100 -Patch6: rsync-CVE-2024-12084-overflow-01.patch -Patch7: rsync-CVE-2024-12084-overflow-02.patch -# PATCH-FIX-UPSTREAM: rsync CVE-2024-12085 bsc#1234101 -Patch8: rsync-CVE-2024-12085.patch -# PATCH-FIX-UPSTREAM: rsync CVE-2024-12086 bsc#1234102 -Patch9: rsync-CVE-2024-12086_01.patch -Patch10: rsync-CVE-2024-12086_02.patch -Patch11: rsync-CVE-2024-12086_03.patch -Patch12: rsync-CVE-2024-12086_04.patch -# PATCH-FIX-UPSTREAM: rsync CVE-2024-12087 bsc#1234103 -Patch13: rsync-CVE-2024-12087_01.patch -Patch14: rsync-CVE-2024-12087_02.patch -# PATCH-FIX-UPSTREAM: rsync CVE-2024-12088 bsc#1234104 -Patch15: rsync-CVE-2024-12088.patch -# PATCH-FIX-UPSTREAM: rsync CVE-2024-12088 bsc#1235475 -Patch16: rsync-CVE-2024-12747.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: c++_compiler diff --git a/rsyncd-return-from-list-command-with-0.patch b/rsyncd-return-from-list-command-with-0.patch index 3ab511a..b902aa2 100644 --- a/rsyncd-return-from-list-command-with-0.patch +++ b/rsyncd-return-from-list-command-with-0.patch @@ -15,11 +15,11 @@ Signed-off-by: Georg Pfuetzenreuter clientserver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/clientserver.c b/clientserver.c -index 7c897abc..c507ea91 100644 ---- a/clientserver.c -+++ b/clientserver.c -@@ -1371,7 +1371,7 @@ int start_daemon(int f_in, int f_out) +Index: rsync-3.4.0/clientserver.c +=================================================================== +--- rsync-3.4.0.orig/clientserver.c ++++ rsync-3.4.0/clientserver.c +@@ -1377,7 +1377,7 @@ int start_daemon(int f_in, int f_out) rprintf(FLOG, "module-list request from %s (%s)\n", host, addr); send_listing(f_out); @@ -28,6 +28,3 @@ index 7c897abc..c507ea91 100644 } if (*line == '#') { --- -2.46.0 -