pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2004Q1]: pkgsrc/net/rsync Pullup update of rsync to 2.6.2 to t...
details: https://anonhg.NetBSD.org/pkgsrc/rev/c138396ae65f
branches: pkgsrc-2004Q1
changeset: 471406:c138396ae65f
user: agc <agc%pkgsrc.org@localhost>
date: Mon May 10 08:54:30 2004 +0000
description:
Pullup update of rsync to 2.6.2 to the pkgsrc-2004Q1 branch to fix a
security problem (reported as CAN-2004-0426 (cve.mitre.org)).
Requested by taca in ticket pkgsrc/27.
Module Name: pkgsrc
Committed By: tron
Date: Tue May 4 11:36:19 UTC 2004
Modified Files:
pkgsrc/net/rsync: Makefile distinfo
Removed Files:
pkgsrc/net/rsync/patches: patch-af
Log Message:
Update "rsync" package to version 2.6.2. Changes since version 2.6.0:
- Fixed a major bug in the sorting of the filenames when --relative
is used for some sources (probably just "/", but don't depend on
that). This fix ensures that we ask for the right file-list item
when requesting changes from the sender.
- Rsync now checks the return value of the close() function to
better report disk-full problems on an NFS file system.
- Paths sent to an rsync daemon are more thoroughly sanitized when
chroot is not used. If you're running a non-read-only rsync
daemon with chroot disabled, *please upgrade*, ESPECIALLY if the
user privs you run rsync under is anything above "nobody".
- Lower memory use, more optimal transfer of data over the socket,
and lower CPU usage (see the INTERNAL section for details).
- The RSYNC_PROXY environment variable can now contain a
"USER:PASS@" prefix before the "HOST:PORT" information.
(Bardur Arantsson)
- The --progress output now mentions how far along in the transfer
we are, including both a count of files transferred and a
percentage of the total file-count that we've processed. It also
shows better current-rate-of-transfer and remaining-transfer-time
values.
- The configure script now accepts --with-rsyncd-conf=PATH to
override the default value of the /etc/rsyncd.conf file.
- Added a couple extra diffs in the "patches" dir, removed the ones
that got applied, and rebuilt the rest.
- Documentation changes now attempt to describe some often mis-
understood features more clearly.
- When -x (--one-file-system) is combined with -L (--copy-links) or
--copy-unsafe-links, no symlinked files are skipped, even if the
referent file is on a different filesystem.
- The --link-dest code now works properly for a non-root user when
(1) the UIDs of the source and destination differ and -o was
specified, or (2) when the group of the source can't be used on
the destination and -g was specified.
- Fixed a bug in the handling of -H (hard-links) that might cause
the expanded PATH/NAME value of the current item to get
overwritten (due to an expanded-name caching bug).
- We now reset the "new data has been sent" flag at the start of
each file we send. This makes sure that an interrupted transfer
with the --partial option set doesn't keep a shorter temp file
than the current basis file when no new data has been transfered
over the wire for that file.
- Fixed a byte-order problem in --batch-mode on big-endian machines.
(Jay Fenlason)
- Fixed configure bug when running "./configure --disable-ipv6".
- Fixed "make test" bug when build dir is not the source dir.
- When using --cvs-exclude, the exclude items we get from a
per-directory's .cvsignore file once again only affect that one
directory (not all following directories too). The items are also
now properly word-split and parsed without any +/- prefix parsing.
- When specifying the USER@HOST: prefix for a file, the USER part
can now contain an '@', if needed (i.e. the last '@' is used to
find the HOST, not the first).
- Fixed some bugs in the handling of group IDs for non-root users:
(1) It properly handles a group that the sender didn't have a name
for (it would previously skip changing the group on any files in
that group). (2) If --numeric-ids is used, rsync no longer
attempts to set groups that the user doesn't have the permission
to set.
- Fixed the "refuse options" setting in the rsyncd.conf file.
- Improved the -x (--one-file-system) flag's handling of any mount-
point directories we encounter. It is both more optimal (in that
it no longer does a useless scan of the contents of the mount-
point dirs) and also fixes a bug where a remapped mount of the
original filesystem could get discovered in a subdir we should be
ignoring.
- Rsync no longer discards a double-slash at the start of a filename
when trying to open the file. It also no longer constructs names
that start with a double slash (unless the user supplied them).
- Path-specifying options to a daemon should now work the same with
or without chroot turned on. Previously, such a option (such as
--link-dest) would get its absolute path munged into a relative
one if chroot was not on, making that setting fairly useless.
Rsync now transforms the path into one that is based on the
module's base dir when chroot is not enabled.
- Fixed compilation problem on Tru64 Unix (having to do with
sockaddr.sa_len and sockaddr.sin_len).
- Fixed a compatibility problem interacting with older rsync
versions that might send us an empty --suffix value without
telling us that --backup-dir was specified.
- The "hosts allow" option for a daemon-over-remote-shell process
now has improved support for IPv6 addresses and a fix for systems
that have a length field in their socket structs.
- Fixed the ability to request an empty backup --suffix when sending
files to an rsync daemon.
diffstat:
net/rsync/Makefile | 4 +-
net/rsync/distinfo | 7 +-
net/rsync/patches/patch-af | 220 ---------------------------------------------
3 files changed, 5 insertions(+), 226 deletions(-)
diffs (250 lines):
diff -r d004e5615c32 -r c138396ae65f net/rsync/Makefile
--- a/net/rsync/Makefile Tue Apr 27 08:56:50 2004 +0000
+++ b/net/rsync/Makefile Mon May 10 08:54:30 2004 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.52 2004/01/20 09:33:33 grant Exp $
+# $NetBSD: Makefile,v 1.52.2.1 2004/05/10 08:54:30 agc Exp $
-DISTNAME= rsync-2.6.0
+DISTNAME= rsync-2.6.2
CATEGORIES= net
MASTER_SITES= http://rsync.samba.org/ftp/rsync/ \
ftp://rsync.samba.org/pub/rsync/ \
diff -r d004e5615c32 -r c138396ae65f net/rsync/distinfo
--- a/net/rsync/distinfo Tue Apr 27 08:56:50 2004 +0000
+++ b/net/rsync/distinfo Mon May 10 08:54:30 2004 +0000
@@ -1,7 +1,6 @@
-$NetBSD: distinfo,v 1.13 2004/01/20 05:16:42 grant Exp $
+$NetBSD: distinfo,v 1.13.2.1 2004/05/10 08:54:30 agc Exp $
-SHA1 (rsync-2.6.0.tar.gz) = b28a05c35fa4a3d886d0f65f3412f28fe14955cf
-Size (rsync-2.6.0.tar.gz) = 464920 bytes
+SHA1 (rsync-2.6.2.tar.gz) = 0262108be42883c394865a447ffa32f5407ebf3f
+Size (rsync-2.6.2.tar.gz) = 515402 bytes
SHA1 (patch-aa) = ebf163297b20362cf1f9f6629490398a8a9a265b
SHA1 (patch-ab) = bfd70127ce8946879c73b673dc983755abab83ad
-SHA1 (patch-af) = 360b0dae3b226044045b070cb2d70ed733d80e12
diff -r d004e5615c32 -r c138396ae65f net/rsync/patches/patch-af
--- a/net/rsync/patches/patch-af Tue Apr 27 08:56:50 2004 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,220 +0,0 @@
-$NetBSD: patch-af,v 1.4 2004/01/20 05:16:42 grant Exp $
-
---- socket.c.orig 2003-08-22 00:04:13.000000000 -0500
-+++ socket.c
-@@ -292,59 +292,30 @@ int open_socket_out_wrapped (char *host,
- * @param bind_address Local address to bind, or NULL to allow it to
- * default.
- **/
--static int open_socket_in(int type, int port, const char *bind_address,
-- int af_hint)
-+static int open_socket_in(struct addrinfo *resp)
- {
- int one=1;
- int s;
-- struct addrinfo hints, *all_ai, *resp;
-- char portbuf[10];
-- int error;
--
-- memset(&hints, 0, sizeof(hints));
-- hints.ai_family = af_hint;
-- hints.ai_socktype = type;
-- hints.ai_flags = AI_PASSIVE;
-- snprintf(portbuf, sizeof(portbuf), "%d", port);
-- error = getaddrinfo(bind_address, portbuf, &hints, &all_ai);
-- if (error) {
-- rprintf(FERROR, RSYNC_NAME ": getaddrinfo: bind address %s: %s\n",
-- bind_address, gai_strerror(error));
-- return -1;
-- }
-
- /* We may not be able to create the socket, if for example the
- * machine knows about IPv6 in the C library, but not in the
- * kernel. */
-- for (resp = all_ai; resp; resp = resp->ai_next) {
-- s = socket(resp->ai_family, resp->ai_socktype,
-- resp->ai_protocol);
--
-- if (s == -1)
-- /* See if there's another address that will work... */
-- continue;
--
-- setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-- (char *)&one, sizeof one);
--
-- /* now we've got a socket - we need to bind it */
-- if (bind(s, all_ai->ai_addr, all_ai->ai_addrlen) < 0) {
-- /* Nope, try another */
-- close(s);
-- continue;
-- }
-+ s = socket(resp->ai_family, resp->ai_socktype,
-+ resp->ai_protocol);
-
-- freeaddrinfo(all_ai);
-- return s;
-+ if (s == -1)
-+ return -1;
-+
-+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-+ (char *)&one, sizeof one);
-+
-+ /* now we've got a socket - we need to bind it */
-+ if (bind(s, resp->ai_addr, resp->ai_addrlen) < 0) {
-+ close(s);
-+ return -1;
- }
-
-- rprintf(FERROR, RSYNC_NAME ": open inbound socket on port %d failed: "
-- "%s\n",
-- port,
-- strerror(errno));
--
-- freeaddrinfo(all_ai);
-- return -1;
-+ return s;
- }
-
-
-@@ -382,24 +353,52 @@ static RETSIGTYPE sigchld_handler(UNUSED
- #endif
- }
-
-+#define MAXSOCK 20
-
- void start_accept_loop(int port, int (*fn)(int, int))
- {
-- int s;
-+ int s[MAXSOCK];
-+ int nsock = 0;
-+ int maxsock = -1;
- extern char *bind_address;
- extern int default_af_hint;
-+ struct addrinfo hints, *res, *res0;
-+ char portstr[NI_MAXSERV];
-+ int i;
-
-- /* open an incoming socket */
-- s = open_socket_in(SOCK_STREAM, port, bind_address, default_af_hint);
-- if (s == -1)
-+ memset(&hints, 0, sizeof(hints));
-+ hints.ai_family = default_af_hint;
-+ hints.ai_socktype = SOCK_STREAM;
-+ hints.ai_flags = AI_PASSIVE;
-+ snprintf(portstr, sizeof(portstr), "%d", port);
-+ if (getaddrinfo(bind_address, portstr, &hints, &res0) != 0)
- exit_cleanup(RERR_SOCKETIO);
-
-- /* ready to listen */
-- if (listen(s, 5) == -1) {
-- close(s);
-- exit_cleanup(RERR_SOCKETIO);
-+ /* open an incoming socket */
-+ for (res = res0; res; res = res->ai_next) {
-+ if (nsock >= sizeof(s) / sizeof(s[0]))
-+ break;
-+ s[nsock] = open_socket_in(res);
-+ if (s[nsock] == -1)
-+ continue;
-+ if (s[nsock] >= FD_SETSIZE) {
-+ close(s[nsock]);
-+ continue;
-+ }
-+
-+ /* ready to listen */
-+ if (listen(s[nsock], 5) == -1) {
-+ close(s[nsock]);
-+ continue;
-+ }
-+
-+ if (s[nsock] > maxsock)
-+ maxsock = s[nsock];
-+ nsock++;
- }
-
-+ if (nsock == 0)
-+ exit_cleanup(RERR_SOCKETIO);
-
- /* now accept incoming connections - forking a new process
- for each incoming connection */
-@@ -416,42 +415,47 @@ void start_accept_loop(int port, int (*f
- log_close();
-
- FD_ZERO(&fds);
-- FD_SET(s, &fds);
-+ for (i = 0; i < nsock; i++)
-+ FD_SET(s[i], &fds);
-
-- if (select(s+1, &fds, NULL, NULL, NULL) != 1) {
-+ if (select(maxsock + 1, &fds, NULL, NULL, NULL) < 0)
- continue;
-- }
--
-- if(!FD_ISSET(s, &fds)) continue;
-
-- fd = accept(s,(struct sockaddr *)&addr,&addrlen);
--
-- if (fd == -1) continue;
--
-- signal(SIGCHLD, sigchld_handler);
--
-- if ((pid = fork()) == 0) {
-- int ret;
-- close(s);
-- /* open log file in child before possibly giving
-- up privileges */
-- log_open();
-- ret = fn(fd, fd);
-- close_all();
-- _exit(ret);
-- } else if (pid < 0) {
-- rprintf(FERROR,
-- RSYNC_NAME
-- ": could not create child server process: %s\n",
-- strerror(errno));
-- close(fd);
-- /* This might have happened because we're
-- * overloaded. Sleep briefly before trying to
-- * accept again. */
-- sleep(2);
-- } else {
-- /* Parent doesn't need this fd anymore. */
-- close(fd);
-+ for (i = 0; i < nsock; i++) {
-+ if (!FD_ISSET(s[i], &fds))
-+ continue;
-+
-+ fd = accept(s[i], (struct sockaddr *)&addr, &addrlen);
-+
-+ if (fd == -1)
-+ continue;
-+
-+ signal(SIGCHLD, sigchld_handler);
-+
-+ if ((pid = fork()) == 0) {
-+ int ret;
-+ for (i = 0; i < nsock; i++)
-+ close(s[i]);
-+ /* open log file in child before possibly giving
-+ up privileges */
-+ log_open();
-+ ret = fn(fd, fd);
-+ close_all();
-+ _exit(ret);
-+ } else if (pid < 0) {
-+ rprintf(FERROR,
-+ RSYNC_NAME
-+ ": could not create child server process: %s\n",
-+ strerror(errno));
-+ close(fd);
-+ /* This might have happened because we're
-+ * overloaded. Sleep briefly before trying to
-+ * accept again. */
-+ sleep(2);
-+ } else {
-+ /* Parent doesn't need this fd anymore. */
-+ close(fd);
-+ }
- }
- }
- }
Home |
Main Index |
Thread Index |
Old Index