forked from pool/rsync
Accepting request 337025 from network
1 OBS-URL: https://build.opensuse.org/request/show/337025 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rsync?expand=0&rev=57
This commit is contained in:
commit
a9c55393ff
@ -1,7 +1,7 @@
|
|||||||
Index: rsync-3.1.1/clientserver.c
|
Index: rsync-3.1.1/clientserver.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- rsync-3.1.1.orig/clientserver.c 2015-08-11 11:10:05.445550476 +0200
|
--- rsync-3.1.1.orig/clientserver.c 2015-10-07 14:58:43.767379915 +0200
|
||||||
+++ rsync-3.1.1/clientserver.c 2015-08-11 11:11:12.922400586 +0200
|
+++ rsync-3.1.1/clientserver.c 2015-10-07 14:59:24.515920754 +0200
|
||||||
@@ -1200,7 +1200,7 @@ int daemon_main(void)
|
@@ -1200,7 +1200,7 @@ int daemon_main(void)
|
||||||
* local address??? */
|
* local address??? */
|
||||||
|
|
||||||
@ -13,8 +13,8 @@ Index: rsync-3.1.1/clientserver.c
|
|||||||
}
|
}
|
||||||
Index: rsync-3.1.1/loadparm.c
|
Index: rsync-3.1.1/loadparm.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- rsync-3.1.1.orig/loadparm.c 2015-08-11 11:10:05.445550476 +0200
|
--- rsync-3.1.1.orig/loadparm.c 2015-10-07 14:58:43.767379915 +0200
|
||||||
+++ rsync-3.1.1/loadparm.c 2015-08-11 11:32:41.294010307 +0200
|
+++ rsync-3.1.1/loadparm.c 2015-10-07 14:59:24.515920754 +0200
|
||||||
@@ -101,6 +101,7 @@ typedef struct {
|
@@ -101,6 +101,7 @@ typedef struct {
|
||||||
int rsync_port;
|
int rsync_port;
|
||||||
#ifdef HAVE_LIBSLP
|
#ifdef HAVE_LIBSLP
|
||||||
@ -23,7 +23,18 @@ Index: rsync-3.1.1/loadparm.c
|
|||||||
#endif
|
#endif
|
||||||
} global_vars;
|
} global_vars;
|
||||||
|
|
||||||
@@ -322,6 +323,7 @@ static struct parm_struct parm_table[] =
|
@@ -181,6 +182,10 @@ static const all_vars Defaults = {
|
||||||
|
|
||||||
|
/* listen_backlog; */ 5,
|
||||||
|
/* rsync_port; */ 0,
|
||||||
|
+#ifdef HAVE_LIBSLP
|
||||||
|
+ /* slp_refresh; */ 0,
|
||||||
|
+ /* use_slp; */ False,
|
||||||
|
+#endif
|
||||||
|
},
|
||||||
|
|
||||||
|
/* ==== local_vars ==== */
|
||||||
|
@@ -322,6 +327,7 @@ static struct parm_struct parm_table[] =
|
||||||
{"port", P_INTEGER,P_GLOBAL,&Vars.g.rsync_port, NULL,0},
|
{"port", P_INTEGER,P_GLOBAL,&Vars.g.rsync_port, NULL,0},
|
||||||
#ifdef HAVE_LIBSLP
|
#ifdef HAVE_LIBSLP
|
||||||
{"slp refresh", P_INTEGER,P_GLOBAL,&Vars.g.slp_refresh, NULL,0},
|
{"slp refresh", P_INTEGER,P_GLOBAL,&Vars.g.slp_refresh, NULL,0},
|
||||||
@ -31,15 +42,7 @@ Index: rsync-3.1.1/loadparm.c
|
|||||||
#endif
|
#endif
|
||||||
{"socket options", P_STRING, P_GLOBAL,&Vars.g.socket_options, NULL,0},
|
{"socket options", P_STRING, P_GLOBAL,&Vars.g.socket_options, NULL,0},
|
||||||
|
|
||||||
@@ -376,6 +378,7 @@ static struct parm_struct parm_table[] =
|
@@ -458,6 +464,7 @@ FN_GLOBAL_INTEGER(lp_listen_backlog, &Va
|
||||||
static void reset_all_vars(void)
|
|
||||||
{
|
|
||||||
memcpy(&Vars, &Defaults, sizeof Vars);
|
|
||||||
+ Vars.g.use_slp = True;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Expand %VAR% references. Any unknown vars or unrecognized
|
|
||||||
@@ -458,6 +461,7 @@ FN_GLOBAL_INTEGER(lp_listen_backlog, &Va
|
|
||||||
FN_GLOBAL_INTEGER(lp_rsync_port, &Vars.g.rsync_port)
|
FN_GLOBAL_INTEGER(lp_rsync_port, &Vars.g.rsync_port)
|
||||||
#ifdef HAVE_LIBSLP
|
#ifdef HAVE_LIBSLP
|
||||||
FN_GLOBAL_INTEGER(lp_slp_refresh, &Vars.g.slp_refresh)
|
FN_GLOBAL_INTEGER(lp_slp_refresh, &Vars.g.slp_refresh)
|
||||||
@ -49,14 +52,14 @@ Index: rsync-3.1.1/loadparm.c
|
|||||||
FN_LOCAL_STRING(lp_auth_users, auth_users)
|
FN_LOCAL_STRING(lp_auth_users, auth_users)
|
||||||
Index: rsync-3.1.1/rsyncd.conf.yo
|
Index: rsync-3.1.1/rsyncd.conf.yo
|
||||||
===================================================================
|
===================================================================
|
||||||
--- rsync-3.1.1.orig/rsyncd.conf.yo 2015-08-11 11:10:05.447550501 +0200
|
--- rsync-3.1.1.orig/rsyncd.conf.yo 2015-10-07 14:58:43.767379915 +0200
|
||||||
+++ rsync-3.1.1/rsyncd.conf.yo 2015-08-11 11:34:15.206231147 +0200
|
+++ rsync-3.1.1/rsyncd.conf.yo 2015-10-07 14:59:24.516920767 +0200
|
||||||
@@ -124,6 +124,10 @@ via the bf(--sockopts) command-line opti
|
@@ -124,6 +124,10 @@ via the bf(--sockopts) command-line opti
|
||||||
dit(bf(listen backlog)) You can override the default backlog value when the
|
dit(bf(listen backlog)) You can override the default backlog value when the
|
||||||
daemon listens for connections. It defaults to 5.
|
daemon listens for connections. It defaults to 5.
|
||||||
|
|
||||||
+dit(bf(use slp)) This parameter is used to determine if the module names are
|
+dit(bf(use slp)) This parameter is used to determine if the module names are
|
||||||
+advertised via slp. The default is for this to be enabled, which will
|
+advertised via slp. The default is for this to be disabled, which won't
|
||||||
+advertise your public modules.
|
+advertise your public modules.
|
||||||
+
|
+
|
||||||
dit(bf(slp refresh)) This parameter is used to determine how long service
|
dit(bf(slp refresh)) This parameter is used to determine how long service
|
||||||
@ -64,8 +67,8 @@ Index: rsync-3.1.1/rsyncd.conf.yo
|
|||||||
you have Service Location Protocol support compiled in. If this is
|
you have Service Location Protocol support compiled in. If this is
|
||||||
Index: rsync-3.1.1/socket.c
|
Index: rsync-3.1.1/socket.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- rsync-3.1.1.orig/socket.c 2015-08-11 11:10:05.447550501 +0200
|
--- rsync-3.1.1.orig/socket.c 2015-10-07 14:58:43.767379915 +0200
|
||||||
+++ rsync-3.1.1/socket.c 2015-08-11 11:35:25.434145276 +0200
|
+++ rsync-3.1.1/socket.c 2015-10-07 14:59:24.516920767 +0200
|
||||||
@@ -546,7 +546,7 @@ void start_accept_loop(int port, int (*f
|
@@ -546,7 +546,7 @@ void start_accept_loop(int port, int (*f
|
||||||
int *sp, maxfd, i;
|
int *sp, maxfd, i;
|
||||||
#ifdef HAVE_LIBSLP
|
#ifdef HAVE_LIBSLP
|
||||||
@ -75,3 +78,42 @@ Index: rsync-3.1.1/socket.c
|
|||||||
if (slp_timeout) {
|
if (slp_timeout) {
|
||||||
if (slp_timeout < SLP_MIN_TIMEOUT)
|
if (slp_timeout < SLP_MIN_TIMEOUT)
|
||||||
slp_timeout = SLP_MIN_TIMEOUT;
|
slp_timeout = SLP_MIN_TIMEOUT;
|
||||||
|
Index: rsync-3.1.1/main.c
|
||||||
|
===================================================================
|
||||||
|
--- rsync-3.1.1.orig/main.c 2015-10-07 14:58:43.767379915 +0200
|
||||||
|
+++ rsync-3.1.1/main.c 2015-10-07 14:59:24.516920767 +0200
|
||||||
|
@@ -1250,11 +1250,14 @@ static int start_client(int argc, char *
|
||||||
|
if (shell_machine && !shell_machine[0]) {
|
||||||
|
#ifdef HAVE_LIBSLP
|
||||||
|
/* User entered just rsync:// URI */
|
||||||
|
- print_service_list();
|
||||||
|
- exit_cleanup(0);
|
||||||
|
-#else /* No SLP, die here */
|
||||||
|
+ if (lp_use_slp()) {
|
||||||
|
+ print_service_list();
|
||||||
|
+ exit_cleanup(0);
|
||||||
|
+ } else {
|
||||||
|
+ rprintf(FINFO, "SLP is disabled, cannot browse\n");
|
||||||
|
+ }
|
||||||
|
+#else /* No SLP */
|
||||||
|
rprintf(FINFO, "No SLP support, cannot browse\n");
|
||||||
|
- exit_cleanup(RERR_SYNTAX);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
Index: rsync-3.1.1/rsyncd.conf.5
|
||||||
|
===================================================================
|
||||||
|
--- rsync-3.1.1.orig/rsyncd.conf.5 2015-10-07 14:36:06.288364061 +0200
|
||||||
|
+++ rsync-3.1.1/rsyncd.conf.5 2015-10-07 15:00:28.309767222 +0200
|
||||||
|
@@ -142,6 +142,11 @@ via the \fB\-\-sockopts\fP command\-line
|
||||||
|
You can override the default backlog value when the
|
||||||
|
daemon listens for connections. It defaults to 5.
|
||||||
|
.IP
|
||||||
|
+.IP "\fBuse slp\fP"
|
||||||
|
+This parameter is used to determine if the module names are
|
||||||
|
+advertised via slp. The default is for this to be disabled, which won't
|
||||||
|
+advertise your public modules.
|
||||||
|
+.IP
|
||||||
|
.IP "\fBslp refresh\fP"
|
||||||
|
This parameter is used to determine how long service
|
||||||
|
advertisements are valid (measured in seconds), and is only applicable if
|
||||||
|
95
rsync-equivalent_of_CVE-2014-8242.patch
Normal file
95
rsync-equivalent_of_CVE-2014-8242.patch
Normal file
@ -0,0 +1,95 @@
|
|||||||
|
From eac858085e3ac94ec0ab5061d11f52652c90a869 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Wayne Davison <wayned@samba.org>
|
||||||
|
Date: Mon, 11 May 2015 12:36:20 -0700
|
||||||
|
Subject: [PATCH] Add compat flag to allow proper seed checksum order. Fixes
|
||||||
|
the equivalent of librsync's CVE-2014-8242 issue.
|
||||||
|
|
||||||
|
---
|
||||||
|
checksum.c | 17 +++++++++++++----
|
||||||
|
compat.c | 5 +++++
|
||||||
|
options.c | 1 +
|
||||||
|
3 files changed, 19 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
Index: rsync-3.1.1/checksum.c
|
||||||
|
===================================================================
|
||||||
|
--- rsync-3.1.1.orig/checksum.c 2015-10-06 11:18:33.293065513 +0200
|
||||||
|
+++ rsync-3.1.1/checksum.c 2015-10-06 11:18:34.382078657 +0200
|
||||||
|
@@ -23,6 +23,7 @@
|
||||||
|
|
||||||
|
extern int checksum_seed;
|
||||||
|
extern int protocol_version;
|
||||||
|
+extern int proper_seed_order;
|
||||||
|
|
||||||
|
/*
|
||||||
|
a simple 32 bit checksum that can be upadted from either end
|
||||||
|
@@ -54,10 +55,18 @@ void get_checksum2(char *buf, int32 len,
|
||||||
|
if (protocol_version >= 30) {
|
||||||
|
uchar seedbuf[4];
|
||||||
|
md5_begin(&m);
|
||||||
|
- md5_update(&m, (uchar *)buf, len);
|
||||||
|
- if (checksum_seed) {
|
||||||
|
- SIVALu(seedbuf, 0, checksum_seed);
|
||||||
|
- md5_update(&m, seedbuf, 4);
|
||||||
|
+ if (proper_seed_order) {
|
||||||
|
+ if (checksum_seed) {
|
||||||
|
+ SIVALu(seedbuf, 0, checksum_seed);
|
||||||
|
+ md5_update(&m, seedbuf, 4);
|
||||||
|
+ }
|
||||||
|
+ md5_update(&m, (uchar *)buf, len);
|
||||||
|
+ } else {
|
||||||
|
+ md5_update(&m, (uchar *)buf, len);
|
||||||
|
+ if (checksum_seed) {
|
||||||
|
+ SIVALu(seedbuf, 0, checksum_seed);
|
||||||
|
+ md5_update(&m, seedbuf, 4);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
md5_result(&m, (uchar *)sum);
|
||||||
|
} else {
|
||||||
|
Index: rsync-3.1.1/compat.c
|
||||||
|
===================================================================
|
||||||
|
--- rsync-3.1.1.orig/compat.c 2015-10-06 11:18:33.293065513 +0200
|
||||||
|
+++ rsync-3.1.1/compat.c 2015-10-06 11:18:34.383078669 +0200
|
||||||
|
@@ -27,6 +27,7 @@ int inc_recurse = 0;
|
||||||
|
int compat_flags = 0;
|
||||||
|
int use_safe_inc_flist = 0;
|
||||||
|
int want_xattr_optim = 0;
|
||||||
|
+int proper_seed_order = 0;
|
||||||
|
|
||||||
|
extern int am_server;
|
||||||
|
extern int am_sender;
|
||||||
|
@@ -78,6 +79,7 @@ int filesfrom_convert = 0;
|
||||||
|
#define CF_SYMLINK_ICONV (1<<2)
|
||||||
|
#define CF_SAFE_FLIST (1<<3)
|
||||||
|
#define CF_AVOID_XATTR_OPTIM (1<<4)
|
||||||
|
+#define CF_CHKSUM_SEED_FIX (1<<5)
|
||||||
|
|
||||||
|
static const char *client_info;
|
||||||
|
|
||||||
|
@@ -257,12 +259,15 @@ void setup_protocol(int f_out,int f_in)
|
||||||
|
compat_flags |= CF_SAFE_FLIST;
|
||||||
|
if (local_server || strchr(client_info, 'x') != NULL)
|
||||||
|
compat_flags |= CF_AVOID_XATTR_OPTIM;
|
||||||
|
+ if (local_server || strchr(client_info, 'C') != NULL)
|
||||||
|
+ compat_flags |= CF_CHKSUM_SEED_FIX;
|
||||||
|
write_byte(f_out, compat_flags);
|
||||||
|
} else
|
||||||
|
compat_flags = read_byte(f_in);
|
||||||
|
/* The inc_recurse var MUST be set to 0 or 1. */
|
||||||
|
inc_recurse = compat_flags & CF_INC_RECURSE ? 1 : 0;
|
||||||
|
want_xattr_optim = protocol_version >= 31 && !(compat_flags & CF_AVOID_XATTR_OPTIM);
|
||||||
|
+ proper_seed_order = compat_flags & CF_CHKSUM_SEED_FIX ? 1 : 0;
|
||||||
|
if (am_sender) {
|
||||||
|
receiver_symlink_times = am_server
|
||||||
|
? strchr(client_info, 'L') != NULL
|
||||||
|
Index: rsync-3.1.1/options.c
|
||||||
|
===================================================================
|
||||||
|
--- rsync-3.1.1.orig/options.c 2015-10-06 11:18:34.383078669 +0200
|
||||||
|
+++ rsync-3.1.1/options.c 2015-10-06 11:19:37.630842114 +0200
|
||||||
|
@@ -2505,6 +2505,7 @@ void server_options(char **args, int *ar
|
||||||
|
#endif
|
||||||
|
argstr[x++] = 'f'; /* flist I/O-error safety support */
|
||||||
|
argstr[x++] = 'x'; /* xattr hardlink optimization not desired */
|
||||||
|
+ argstr[x++] = 'C'; /* support checksum seed order fix */
|
||||||
|
}
|
||||||
|
|
||||||
|
if (x >= (int)sizeof argstr) { /* Not possible... */
|
@ -1,3 +1,19 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 7 12:26:26 UTC 2015 - vcizek@suse.com
|
||||||
|
|
||||||
|
- better disable slp by default, it doesn't seem to be used much
|
||||||
|
and it often caused problems (eg boo#898513, bsc#922710)
|
||||||
|
* set "use slp" in rsyncd.conf to enable
|
||||||
|
* modified rsync-add_back_use_slp_directive.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Oct 6 11:16:55 UTC 2015 - vcizek@suse.com
|
||||||
|
|
||||||
|
- add a compatibility flag to avoid checksum collisions (bsc#900914)
|
||||||
|
* fixes rsync equivalent of librsync's CVE-2014-8242
|
||||||
|
* added rsync-equivalent_of_CVE-2014-8242.patch
|
||||||
|
- modify rsync-add_back_use_slp_directive.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Aug 11 09:40:36 UTC 2015 - vcizek@suse.com
|
Tue Aug 11 09:40:36 UTC 2015 - vcizek@suse.com
|
||||||
|
|
||||||
|
@ -44,7 +44,9 @@ Source12: %{name}.keyring
|
|||||||
Patch3: system-zlib.diff
|
Patch3: system-zlib.diff
|
||||||
Patch4: rsync-CVE-2014-9512.patch
|
Patch4: rsync-CVE-2014-9512.patch
|
||||||
Patch5: rsync-no-libattr.patch
|
Patch5: rsync-no-libattr.patch
|
||||||
|
#PATCH-FIX-SUSE boo#922710 slp
|
||||||
Patch6: rsync-add_back_use_slp_directive.patch
|
Patch6: rsync-add_back_use_slp_directive.patch
|
||||||
|
Patch7: rsync-equivalent_of_CVE-2014-8242.patch
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: libacl-devel
|
BuildRequires: libacl-devel
|
||||||
BuildRequires: openslp-devel
|
BuildRequires: openslp-devel
|
||||||
@ -87,6 +89,7 @@ patch -p1 < patches/acls.diff
|
|||||||
patch -p1 < patches/xattrs.diff
|
patch -p1 < patches/xattrs.diff
|
||||||
patch -p1 < patches/slp.diff
|
patch -p1 < patches/slp.diff
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
|
%patch7 -p1
|
||||||
# fate#312479
|
# fate#312479
|
||||||
patch -p1 < patches/time-limit.diff
|
patch -p1 < patches/time-limit.diff
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
|
Loading…
Reference in New Issue
Block a user