pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2017Q4]: pkgsrc/net/rsync Pullup ticket #5723 - requested by agc



details:   https://anonhg.NetBSD.org/pkgsrc/rev/bcbfd527c5d0
branches:  pkgsrc-2017Q4
changeset: 373166:bcbfd527c5d0
user:      spz <spz%pkgsrc.org@localhost>
date:      Fri Mar 16 22:06:26 2018 +0000

description:
Pullup ticket #5723 - requested by agc
net/rsync: security update

Revisions pulled up:
- net/rsync/Makefile                                            1.107-1.108
- net/rsync/distinfo                                            1.47-1.48
- net/rsync/patches/patch-Makefile.in                           1.2
- net/rsync/patches/patch-ab                                    deleted
- net/rsync/patches/patch-receiver.c                            deleted
- net/rsync/patches/patch-rsync.c                               deleted
- net/rsync/patches/patch-xattrs.c                              deleted

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   snj
   Date:           Sat Jan 27 04:21:18 UTC 2018

   Modified Files:
           pkgsrc/net/rsync: Makefile distinfo
   Added Files:
           pkgsrc/net/rsync/patches: patch-options.c

   Log Message:
   Fix CVE-2018-5764.

   Bump PKGREVISION to 3.


   To generate a diff of this commit:
   cvs rdiff -u -r1.106 -r1.107 pkgsrc/net/rsync/Makefile
   cvs rdiff -u -r1.46 -r1.47 pkgsrc/net/rsync/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/net/rsync/patches/patch-options.c

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Mon Jan 29 11:32:59 UTC 2018

   Modified Files:
           pkgsrc/net/rsync: Makefile distinfo
           pkgsrc/net/rsync/patches: patch-Makefile.in
   Removed Files:
           pkgsrc/net/rsync/patches: patch-ab patch-options.c patch-receiver.c
               patch-rsync.c patch-xattrs.c

   Log Message:
   rsync: updated to 3.1.3

   Changes since 3.1.2:

   SECURITY FIXES:
     - Fixed a buffer overrun in the protocol's handling of xattr names and
       ensure that the received name is null terminated.
     - Fix an issue with --protect-args where the user could specify the arg in
       the protected-arg list and short-circuit some of the arg-sanitizing code.

   BUG FIXES:
     - Don't output about a new backup dir without appropriate info verbosity.
     - Fixed some issues with the sort functions in support/rsyncstats script.
     - Added a way to specify daemon config lists (e.g. users, groups, etc) that
       contain spaces (see "auth users" in the latest rsyncd.conf manpage).
     - If a backup fails (e.g. full disk) rsync exits with an error.
     - Fixed a problem with a doubled --fuzzy option combined with --link-dest.
     - Avoid invalid output in the summary if either the start or end time had
       an error.
     - We don't allow a popt alias to affect the --daemon or --server options.
     - Fix daemon exclude code to disallow attribute changes in addition to
       disallowing transfers.
     - Don't force nanoseconds to match if a non-transferred, non-checksummed
       file only passed the quick-check w/o comparing nanosecods.

   ENHANCEMENTS:
     - Added the ability for rsync to compare nanosecond times in its file-check
       comparisons, and added support nanosecond times on Mac OS X.
     - Added a short-option (-@) for --modify-window.
     - Added the --checksum-choice=NAME[,NAME] option to choose the checksum
       algorithms.
     - Added hashing of xattr names (with using -X) to improve the handling of
       files with large numbers of xattrs.
     - Added a way to filter xattr names using include/exclude/filter rules (see
       the --xattrs option in the manpage for details).
     - Added "daemon chroot|uid|gid" to the daemon config (in addition to the
       old chroot|uid|gid settings that affect the daemon's transfer process).
     - Added "syslog tag" to the daemon configuration.
     - Some manpage improvements.

   DEVELOPER RELATED:
     - Tweak the "make" output when yodl isn't around to create the man pages.
     - Changed an obsolete autoconf compile macro.
     - Support newer yodl versions when converting man pages.


   To generate a diff of this commit:
   cvs rdiff -u -r1.107 -r1.108 pkgsrc/net/rsync/Makefile
   cvs rdiff -u -r1.47 -r1.48 pkgsrc/net/rsync/distinfo
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/rsync/patches/patch-Makefile.in
   cvs rdiff -u -r1.16 -r0 pkgsrc/net/rsync/patches/patch-ab
   cvs rdiff -u -r1.1 -r0 pkgsrc/net/rsync/patches/patch-options.c \
       pkgsrc/net/rsync/patches/patch-receiver.c \
       pkgsrc/net/rsync/patches/patch-rsync.c \
       pkgsrc/net/rsync/patches/patch-xattrs.c

diffstat:

 net/rsync/Makefile                  |   5 +--
 net/rsync/distinfo                  |  16 ++++-------
 net/rsync/patches/patch-Makefile.in |  23 +++++++++++++++--
 net/rsync/patches/patch-ab          |  20 ---------------
 net/rsync/patches/patch-receiver.c  |  47 -------------------------------------
 net/rsync/patches/patch-rsync.c     |  28 ----------------------
 net/rsync/patches/patch-xattrs.c    |  18 --------------
 7 files changed, 28 insertions(+), 129 deletions(-)

diffs (198 lines):

diff -r 11b65317da25 -r bcbfd527c5d0 net/rsync/Makefile
--- a/net/rsync/Makefile        Fri Mar 16 21:44:18 2018 +0000
+++ b/net/rsync/Makefile        Fri Mar 16 22:06:26 2018 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.105.2.1 2018/01/06 22:51:51 spz Exp $
+# $NetBSD: Makefile,v 1.105.2.2 2018/03/16 22:06:26 spz Exp $
 
-DISTNAME=      rsync-3.1.2
-PKGREVISION=   2
+DISTNAME=      rsync-3.1.3
 CATEGORIES=    net
 MASTER_SITES=  http://rsync.samba.org/ftp/rsync/
 MASTER_SITES+= http://rsync.samba.org/ftp/rsync/old-versions/
diff -r 11b65317da25 -r bcbfd527c5d0 net/rsync/distinfo
--- a/net/rsync/distinfo        Fri Mar 16 21:44:18 2018 +0000
+++ b/net/rsync/distinfo        Fri Mar 16 22:06:26 2018 +0000
@@ -1,12 +1,8 @@
-$NetBSD: distinfo,v 1.45.2.1 2018/01/06 22:51:51 spz Exp $
+$NetBSD: distinfo,v 1.45.2.2 2018/03/16 22:06:26 spz Exp $
 
-SHA1 (rsync-3.1.2.tar.gz) = 0d4c7fb7fe3fc80eeff922a7c1d81df11dbb8a1a
-RMD160 (rsync-3.1.2.tar.gz) = f7d6c0c9752af8d9eb933cffc6032c1763490a04
-SHA512 (rsync-3.1.2.tar.gz) = 4c55fd69f436ead0cb5a0b7c6fdfef9bb28ddb9c63534eb619e756b118d5b08cfc5e696498650932c86e865b37e06633da947e6720ca0c27ed5c034313ae208b
-Size (rsync-3.1.2.tar.gz) = 892724 bytes
-SHA1 (patch-Makefile.in) = df3479e93de86524a391433a3d6e6108a797835a
-SHA1 (patch-ab) = 98aa07a50314e3309b48f803d6febb1138eae1f2
+SHA1 (rsync-3.1.3.tar.gz) = 82e7829c0b3cefbd33c233005341e2073c425629
+RMD160 (rsync-3.1.3.tar.gz) = 95a040e0c32e09d01f37fc7d2defd2c41a184db6
+SHA512 (rsync-3.1.3.tar.gz) = 8385f4c0ea37e7a1da3cf45794154f5bc4d1c49bc625ba3b5f85adaf3eafe6d71c15bdcb1410bde731e5d4c19aff3331606637462fa27a68dc3e13192dd78f99
+Size (rsync-3.1.3.tar.gz) = 905908 bytes
+SHA1 (patch-Makefile.in) = 14d261cc65d00864bfb0acdba1d5a8bdf989c288
 SHA1 (patch-authenticate.c) = 0612fb141cea1509b882df78f1b90fa52b1092b0
-SHA1 (patch-receiver.c) = 5bf0b7ceaaf79e0fd5f93e1c433162e9248fe37c
-SHA1 (patch-rsync.c) = e390038a9592d9bc3e77ebc2aabfa62bdd6778b3
-SHA1 (patch-xattrs.c) = 9883ea79a60c786dd5a3dc74f4872621823c9377
diff -r 11b65317da25 -r bcbfd527c5d0 net/rsync/patches/patch-Makefile.in
--- a/net/rsync/patches/patch-Makefile.in       Fri Mar 16 21:44:18 2018 +0000
+++ b/net/rsync/patches/patch-Makefile.in       Fri Mar 16 22:06:26 2018 +0000
@@ -1,10 +1,27 @@
-$NetBSD: patch-Makefile.in,v 1.1 2015/11/13 13:41:39 wiz Exp $
+$NetBSD: patch-Makefile.in,v 1.1.20.1 2018/03/16 22:06:26 spz Exp $
 
 https://bugzilla.samba.org/show_bug.cgi?id=11594
+Fix installation.
 
---- Makefile.in.orig   2013-06-15 23:40:10.000000000 +0000
+--- Makefile.in.orig   2016-07-20 15:34:26.000000000 +0000
 +++ Makefile.in
-@@ -205,7 +205,7 @@ proto: proto.h-tstamp
+@@ -66,12 +66,9 @@ CHECK_OBJS=tls.o testrun.o getgroups.o g
+ all: Makefile rsync$(EXEEXT) rsync-ssl stunnel-rsync stunnel-rsyncd.conf @MAKE_MAN@
+ 
+ install: all
+-      -${MKDIR_P} ${DESTDIR}${bindir}
+-      ${INSTALLCMD} ${INSTALL_STRIP} -m 755 rsync$(EXEEXT) ${DESTDIR}${bindir}
+-      -${MKDIR_P} ${DESTDIR}${mandir}/man1
+-      -${MKDIR_P} ${DESTDIR}${mandir}/man5
+-      if test -f rsync.1; then ${INSTALLMAN} -m 644 rsync.1 ${DESTDIR}${mandir}/man1; fi
+-      if test -f rsyncd.conf.5; then ${INSTALLMAN} -m 644 rsyncd.conf.5 ${DESTDIR}${mandir}/man5; fi
++      ${BSD_INSTALL_PROGRAM} rsync$(EXEEXT) ${DESTDIR}${bindir}
++      if test -f rsync.1; then ${BSD_INSTALL_MAN} rsync.1 ${DESTDIR}${mandir}/man1; fi
++      if test -f rsyncd.conf.5; then ${BSD_INSTALL_MAN} rsyncd.conf.5 ${DESTDIR}${mandir}/man5; fi
+ 
+ install-ssl-client: rsync-ssl stunnel-rsync
+       -${MKDIR_P} ${DESTDIR}${bindir}
+@@ -209,7 +206,7 @@ proto: proto.h-tstamp
  proto.h: proto.h-tstamp
        @if test -f proto.h; then :; else cp -p $(srcdir)/proto.h .; fi
  
diff -r 11b65317da25 -r bcbfd527c5d0 net/rsync/patches/patch-ab
--- a/net/rsync/patches/patch-ab        Fri Mar 16 21:44:18 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-$NetBSD: patch-ab,v 1.16 2013/10/02 18:06:19 adam Exp $
-
---- Makefile.in.orig   2013-06-15 23:40:10.000000000 +0000
-+++ Makefile.in
-@@ -65,12 +65,9 @@ CHECK_OBJS=tls.o testrun.o getgroups.o g
- all: Makefile rsync$(EXEEXT) rsync-ssl stunnel-rsync stunnel-rsyncd.conf @MAKE_MAN@
- 
- install: all
--      -${MKDIR_P} ${DESTDIR}${bindir}
--      ${INSTALLCMD} ${INSTALL_STRIP} -m 755 rsync$(EXEEXT) ${DESTDIR}${bindir}
--      -${MKDIR_P} ${DESTDIR}${mandir}/man1
--      -${MKDIR_P} ${DESTDIR}${mandir}/man5
--      if test -f rsync.1; then ${INSTALLMAN} -m 644 rsync.1 ${DESTDIR}${mandir}/man1; fi
--      if test -f rsyncd.conf.5; then ${INSTALLMAN} -m 644 rsyncd.conf.5 ${DESTDIR}${mandir}/man5; fi
-+      ${BSD_INSTALL_PROGRAM} rsync$(EXEEXT) ${DESTDIR}${bindir}
-+      if test -f rsync.1; then ${BSD_INSTALL_MAN} rsync.1 ${DESTDIR}${mandir}/man1; fi
-+      if test -f rsyncd.conf.5; then ${BSD_INSTALL_MAN} rsyncd.conf.5 ${DESTDIR}${mandir}/man5; fi
- 
- install-ssl-client: rsync-ssl stunnel-rsync
-       -${MKDIR_P} ${DESTDIR}${bindir}
diff -r 11b65317da25 -r bcbfd527c5d0 net/rsync/patches/patch-receiver.c
--- a/net/rsync/patches/patch-receiver.c        Fri Mar 16 21:44:18 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,47 +0,0 @@
-$NetBSD: patch-receiver.c,v 1.1.2.2 2018/01/06 22:51:51 spz Exp $
-
-Fix for CVE-2017-17433, taken from:
-
-https://git.samba.org/?p=rsync.git;a=commitdiff;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
-
-Fix for CVE-2017-17434, taken from:
-
-https://git.samba.org/?p=rsync.git;a=commitdiff;h=5509597decdbd7b91994210f700329d8a35e70a1
-
---- receiver.c.orig    2015-09-07 10:07:17.000000000 -0700
-+++ receiver.c 2017-12-31 12:46:27.078487190 -0800
-@@ -580,6 +580,12 @@ int recv_files(int f_in, int f_out, char
-                       file = dir_flist->files[cur_flist->parent_ndx];
-               fname = local_name ? local_name : f_name(file, fbuf);
- 
-+              if (daemon_filter_list.head
-+                  && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
-+                      rprintf(FERROR, "attempt to hack rsync failed.\n");
-+                      exit_cleanup(RERR_PROTOCOL);
-+              }
-+
-               if (DEBUG_GTE(RECV, 1))
-                       rprintf(FINFO, "recv_files(%s)\n", fname);
- 
-@@ -651,12 +657,6 @@ int recv_files(int f_in, int f_out, char
- 
-               cleanup_got_literal = 0;
- 
--              if (daemon_filter_list.head
--                  && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
--                      rprintf(FERROR, "attempt to hack rsync failed.\n");
--                      exit_cleanup(RERR_PROTOCOL);
--              }
--
-               if (read_batch) {
-                       int wanted = redoing
-                                  ? we_want_redo(ndx)
-@@ -728,7 +728,7 @@ int recv_files(int f_in, int f_out, char
-                               break;
-                       }
-                       if (!fnamecmp || (daemon_filter_list.head
--                        && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0)) {
-+                        && check_filter(&daemon_filter_list, FLOG, fnamecmp, 0) < 0)) {
-                               fnamecmp = fname;
-                               fnamecmp_type = FNAMECMP_FNAME;
-                       }
diff -r 11b65317da25 -r bcbfd527c5d0 net/rsync/patches/patch-rsync.c
--- a/net/rsync/patches/patch-rsync.c   Fri Mar 16 21:44:18 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-$NetBSD: patch-rsync.c,v 1.1.2.2 2018/01/06 22:51:51 spz Exp $
-
-Fix for CVE-2017-17434, taken from:
-
-https://git.samba.org/?p=rsync.git;a=commitdiff;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9
-
---- rsync.c.orig       2015-08-08 12:47:03.000000000 -0700
-+++ rsync.c    2017-12-31 12:40:50.353165397 -0800
-@@ -49,6 +49,7 @@ extern int flist_eof;
- extern int file_old_total;
- extern int keep_dirlinks;
- extern int make_backups;
-+extern int sanitize_paths;
- extern struct file_list *cur_flist, *first_flist, *dir_flist;
- extern struct chmod_mode_struct *daemon_chmod_modes;
- #ifdef ICONV_OPTION
-@@ -396,6 +397,11 @@ int read_ndx_and_attrs(int f_in, int f_o
-       if (iflags & ITEM_XNAME_FOLLOWS) {
-               if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0)
-                       exit_cleanup(RERR_PROTOCOL);
-+
-+              if (sanitize_paths) {
-+                      sanitize_path(buf, buf, "", 0, SP_DEFAULT);
-+                      len = strlen(buf);
-+              }
-       } else {
-               *buf = '\0';
-               len = -1;
diff -r 11b65317da25 -r bcbfd527c5d0 net/rsync/patches/patch-xattrs.c
--- a/net/rsync/patches/patch-xattrs.c  Fri Mar 16 21:44:18 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-$NetBSD: patch-xattrs.c,v 1.1 2017/11/10 06:59:16 spz Exp $
-
-patch for CVE-2017-16548 from
-https://git.samba.org/rsync.git/?p=rsync.git;a=blobdiff;f=xattrs.c;h=4867e6f5b8ad2934d43b06f3b99b7b3690a6dc7a;hp=68305d7559b34f5cc2f196b74429b82fa6ff49dd;hb=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1;hpb=bc112b0e7feece62ce98708092306639a8a53cce
-
---- xattrs.c.orig      2015-08-08 19:47:03.000000000 +0000
-+++ xattrs.c
-@@ -696,6 +696,10 @@ void receive_xattr(int f, struct file_st
-                       out_of_memory("receive_xattr");
-               name = ptr + dget_len + extra_len;
-               read_buf(f, name, name_len);
-+              if (name_len < 1 || name[name_len-1] != '\0') {
-+                      rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n");
-+                      exit_cleanup(RERR_FILEIO);
-+              }
-               if (dget_len == datum_len)
-                       read_buf(f, ptr, dget_len);
-               else {



Home | Main Index | Thread Index | Old Index