pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2017Q4]: pkgsrc/net/rsync Pullup ticket #5723 - requested by agc
details: https://anonhg.NetBSD.org/pkgsrc/rev/bcbfd527c5d0
branches: pkgsrc-2017Q4
changeset: 373166:bcbfd527c5d0
user: spz <spz%pkgsrc.org@localhost>
date: Fri Mar 16 22:06:26 2018 +0000
description:
Pullup ticket #5723 - requested by agc
net/rsync: security update
Revisions pulled up:
- net/rsync/Makefile 1.107-1.108
- net/rsync/distinfo 1.47-1.48
- net/rsync/patches/patch-Makefile.in 1.2
- net/rsync/patches/patch-ab deleted
- net/rsync/patches/patch-receiver.c deleted
- net/rsync/patches/patch-rsync.c deleted
- net/rsync/patches/patch-xattrs.c deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: snj
Date: Sat Jan 27 04:21:18 UTC 2018
Modified Files:
pkgsrc/net/rsync: Makefile distinfo
Added Files:
pkgsrc/net/rsync/patches: patch-options.c
Log Message:
Fix CVE-2018-5764.
Bump PKGREVISION to 3.
To generate a diff of this commit:
cvs rdiff -u -r1.106 -r1.107 pkgsrc/net/rsync/Makefile
cvs rdiff -u -r1.46 -r1.47 pkgsrc/net/rsync/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/net/rsync/patches/patch-options.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Mon Jan 29 11:32:59 UTC 2018
Modified Files:
pkgsrc/net/rsync: Makefile distinfo
pkgsrc/net/rsync/patches: patch-Makefile.in
Removed Files:
pkgsrc/net/rsync/patches: patch-ab patch-options.c patch-receiver.c
patch-rsync.c patch-xattrs.c
Log Message:
rsync: updated to 3.1.3
Changes since 3.1.2:
SECURITY FIXES:
- Fixed a buffer overrun in the protocol's handling of xattr names and
ensure that the received name is null terminated.
- Fix an issue with --protect-args where the user could specify the arg in
the protected-arg list and short-circuit some of the arg-sanitizing code.
BUG FIXES:
- Don't output about a new backup dir without appropriate info verbosity.
- Fixed some issues with the sort functions in support/rsyncstats script.
- Added a way to specify daemon config lists (e.g. users, groups, etc) that
contain spaces (see "auth users" in the latest rsyncd.conf manpage).
- If a backup fails (e.g. full disk) rsync exits with an error.
- Fixed a problem with a doubled --fuzzy option combined with --link-dest.
- Avoid invalid output in the summary if either the start or end time had
an error.
- We don't allow a popt alias to affect the --daemon or --server options.
- Fix daemon exclude code to disallow attribute changes in addition to
disallowing transfers.
- Don't force nanoseconds to match if a non-transferred, non-checksummed
file only passed the quick-check w/o comparing nanosecods.
ENHANCEMENTS:
- Added the ability for rsync to compare nanosecond times in its file-check
comparisons, and added support nanosecond times on Mac OS X.
- Added a short-option (-@) for --modify-window.
- Added the --checksum-choice=NAME[,NAME] option to choose the checksum
algorithms.
- Added hashing of xattr names (with using -X) to improve the handling of
files with large numbers of xattrs.
- Added a way to filter xattr names using include/exclude/filter rules (see
the --xattrs option in the manpage for details).
- Added "daemon chroot|uid|gid" to the daemon config (in addition to the
old chroot|uid|gid settings that affect the daemon's transfer process).
- Added "syslog tag" to the daemon configuration.
- Some manpage improvements.
DEVELOPER RELATED:
- Tweak the "make" output when yodl isn't around to create the man pages.
- Changed an obsolete autoconf compile macro.
- Support newer yodl versions when converting man pages.
To generate a diff of this commit:
cvs rdiff -u -r1.107 -r1.108 pkgsrc/net/rsync/Makefile
cvs rdiff -u -r1.47 -r1.48 pkgsrc/net/rsync/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/rsync/patches/patch-Makefile.in
cvs rdiff -u -r1.16 -r0 pkgsrc/net/rsync/patches/patch-ab
cvs rdiff -u -r1.1 -r0 pkgsrc/net/rsync/patches/patch-options.c \
pkgsrc/net/rsync/patches/patch-receiver.c \
pkgsrc/net/rsync/patches/patch-rsync.c \
pkgsrc/net/rsync/patches/patch-xattrs.c
diffstat:
net/rsync/Makefile | 5 +--
net/rsync/distinfo | 16 ++++-------
net/rsync/patches/patch-Makefile.in | 23 +++++++++++++++--
net/rsync/patches/patch-ab | 20 ---------------
net/rsync/patches/patch-receiver.c | 47 -------------------------------------
net/rsync/patches/patch-rsync.c | 28 ----------------------
net/rsync/patches/patch-xattrs.c | 18 --------------
7 files changed, 28 insertions(+), 129 deletions(-)
diffs (198 lines):
diff -r 11b65317da25 -r bcbfd527c5d0 net/rsync/Makefile
--- a/net/rsync/Makefile Fri Mar 16 21:44:18 2018 +0000
+++ b/net/rsync/Makefile Fri Mar 16 22:06:26 2018 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.105.2.1 2018/01/06 22:51:51 spz Exp $
+# $NetBSD: Makefile,v 1.105.2.2 2018/03/16 22:06:26 spz Exp $
-DISTNAME= rsync-3.1.2
-PKGREVISION= 2
+DISTNAME= rsync-3.1.3
CATEGORIES= net
MASTER_SITES= http://rsync.samba.org/ftp/rsync/
MASTER_SITES+= http://rsync.samba.org/ftp/rsync/old-versions/
diff -r 11b65317da25 -r bcbfd527c5d0 net/rsync/distinfo
--- a/net/rsync/distinfo Fri Mar 16 21:44:18 2018 +0000
+++ b/net/rsync/distinfo Fri Mar 16 22:06:26 2018 +0000
@@ -1,12 +1,8 @@
-$NetBSD: distinfo,v 1.45.2.1 2018/01/06 22:51:51 spz Exp $
+$NetBSD: distinfo,v 1.45.2.2 2018/03/16 22:06:26 spz Exp $
-SHA1 (rsync-3.1.2.tar.gz) = 0d4c7fb7fe3fc80eeff922a7c1d81df11dbb8a1a
-RMD160 (rsync-3.1.2.tar.gz) = f7d6c0c9752af8d9eb933cffc6032c1763490a04
-SHA512 (rsync-3.1.2.tar.gz) = 4c55fd69f436ead0cb5a0b7c6fdfef9bb28ddb9c63534eb619e756b118d5b08cfc5e696498650932c86e865b37e06633da947e6720ca0c27ed5c034313ae208b
-Size (rsync-3.1.2.tar.gz) = 892724 bytes
-SHA1 (patch-Makefile.in) = df3479e93de86524a391433a3d6e6108a797835a
-SHA1 (patch-ab) = 98aa07a50314e3309b48f803d6febb1138eae1f2
+SHA1 (rsync-3.1.3.tar.gz) = 82e7829c0b3cefbd33c233005341e2073c425629
+RMD160 (rsync-3.1.3.tar.gz) = 95a040e0c32e09d01f37fc7d2defd2c41a184db6
+SHA512 (rsync-3.1.3.tar.gz) = 8385f4c0ea37e7a1da3cf45794154f5bc4d1c49bc625ba3b5f85adaf3eafe6d71c15bdcb1410bde731e5d4c19aff3331606637462fa27a68dc3e13192dd78f99
+Size (rsync-3.1.3.tar.gz) = 905908 bytes
+SHA1 (patch-Makefile.in) = 14d261cc65d00864bfb0acdba1d5a8bdf989c288
SHA1 (patch-authenticate.c) = 0612fb141cea1509b882df78f1b90fa52b1092b0
-SHA1 (patch-receiver.c) = 5bf0b7ceaaf79e0fd5f93e1c433162e9248fe37c
-SHA1 (patch-rsync.c) = e390038a9592d9bc3e77ebc2aabfa62bdd6778b3
-SHA1 (patch-xattrs.c) = 9883ea79a60c786dd5a3dc74f4872621823c9377
diff -r 11b65317da25 -r bcbfd527c5d0 net/rsync/patches/patch-Makefile.in
--- a/net/rsync/patches/patch-Makefile.in Fri Mar 16 21:44:18 2018 +0000
+++ b/net/rsync/patches/patch-Makefile.in Fri Mar 16 22:06:26 2018 +0000
@@ -1,10 +1,27 @@
-$NetBSD: patch-Makefile.in,v 1.1 2015/11/13 13:41:39 wiz Exp $
+$NetBSD: patch-Makefile.in,v 1.1.20.1 2018/03/16 22:06:26 spz Exp $
https://bugzilla.samba.org/show_bug.cgi?id=11594
+Fix installation.
---- Makefile.in.orig 2013-06-15 23:40:10.000000000 +0000
+--- Makefile.in.orig 2016-07-20 15:34:26.000000000 +0000
+++ Makefile.in
-@@ -205,7 +205,7 @@ proto: proto.h-tstamp
+@@ -66,12 +66,9 @@ CHECK_OBJS=tls.o testrun.o getgroups.o g
+ all: Makefile rsync$(EXEEXT) rsync-ssl stunnel-rsync stunnel-rsyncd.conf @MAKE_MAN@
+
+ install: all
+- -${MKDIR_P} ${DESTDIR}${bindir}
+- ${INSTALLCMD} ${INSTALL_STRIP} -m 755 rsync$(EXEEXT) ${DESTDIR}${bindir}
+- -${MKDIR_P} ${DESTDIR}${mandir}/man1
+- -${MKDIR_P} ${DESTDIR}${mandir}/man5
+- if test -f rsync.1; then ${INSTALLMAN} -m 644 rsync.1 ${DESTDIR}${mandir}/man1; fi
+- if test -f rsyncd.conf.5; then ${INSTALLMAN} -m 644 rsyncd.conf.5 ${DESTDIR}${mandir}/man5; fi
++ ${BSD_INSTALL_PROGRAM} rsync$(EXEEXT) ${DESTDIR}${bindir}
++ if test -f rsync.1; then ${BSD_INSTALL_MAN} rsync.1 ${DESTDIR}${mandir}/man1; fi
++ if test -f rsyncd.conf.5; then ${BSD_INSTALL_MAN} rsyncd.conf.5 ${DESTDIR}${mandir}/man5; fi
+
+ install-ssl-client: rsync-ssl stunnel-rsync
+ -${MKDIR_P} ${DESTDIR}${bindir}
+@@ -209,7 +206,7 @@ proto: proto.h-tstamp
proto.h: proto.h-tstamp
@if test -f proto.h; then :; else cp -p $(srcdir)/proto.h .; fi
diff -r 11b65317da25 -r bcbfd527c5d0 net/rsync/patches/patch-ab
--- a/net/rsync/patches/patch-ab Fri Mar 16 21:44:18 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-$NetBSD: patch-ab,v 1.16 2013/10/02 18:06:19 adam Exp $
-
---- Makefile.in.orig 2013-06-15 23:40:10.000000000 +0000
-+++ Makefile.in
-@@ -65,12 +65,9 @@ CHECK_OBJS=tls.o testrun.o getgroups.o g
- all: Makefile rsync$(EXEEXT) rsync-ssl stunnel-rsync stunnel-rsyncd.conf @MAKE_MAN@
-
- install: all
-- -${MKDIR_P} ${DESTDIR}${bindir}
-- ${INSTALLCMD} ${INSTALL_STRIP} -m 755 rsync$(EXEEXT) ${DESTDIR}${bindir}
-- -${MKDIR_P} ${DESTDIR}${mandir}/man1
-- -${MKDIR_P} ${DESTDIR}${mandir}/man5
-- if test -f rsync.1; then ${INSTALLMAN} -m 644 rsync.1 ${DESTDIR}${mandir}/man1; fi
-- if test -f rsyncd.conf.5; then ${INSTALLMAN} -m 644 rsyncd.conf.5 ${DESTDIR}${mandir}/man5; fi
-+ ${BSD_INSTALL_PROGRAM} rsync$(EXEEXT) ${DESTDIR}${bindir}
-+ if test -f rsync.1; then ${BSD_INSTALL_MAN} rsync.1 ${DESTDIR}${mandir}/man1; fi
-+ if test -f rsyncd.conf.5; then ${BSD_INSTALL_MAN} rsyncd.conf.5 ${DESTDIR}${mandir}/man5; fi
-
- install-ssl-client: rsync-ssl stunnel-rsync
- -${MKDIR_P} ${DESTDIR}${bindir}
diff -r 11b65317da25 -r bcbfd527c5d0 net/rsync/patches/patch-receiver.c
--- a/net/rsync/patches/patch-receiver.c Fri Mar 16 21:44:18 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,47 +0,0 @@
-$NetBSD: patch-receiver.c,v 1.1.2.2 2018/01/06 22:51:51 spz Exp $
-
-Fix for CVE-2017-17433, taken from:
-
-https://git.samba.org/?p=rsync.git;a=commitdiff;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
-
-Fix for CVE-2017-17434, taken from:
-
-https://git.samba.org/?p=rsync.git;a=commitdiff;h=5509597decdbd7b91994210f700329d8a35e70a1
-
---- receiver.c.orig 2015-09-07 10:07:17.000000000 -0700
-+++ receiver.c 2017-12-31 12:46:27.078487190 -0800
-@@ -580,6 +580,12 @@ int recv_files(int f_in, int f_out, char
- file = dir_flist->files[cur_flist->parent_ndx];
- fname = local_name ? local_name : f_name(file, fbuf);
-
-+ if (daemon_filter_list.head
-+ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
-+ rprintf(FERROR, "attempt to hack rsync failed.\n");
-+ exit_cleanup(RERR_PROTOCOL);
-+ }
-+
- if (DEBUG_GTE(RECV, 1))
- rprintf(FINFO, "recv_files(%s)\n", fname);
-
-@@ -651,12 +657,6 @@ int recv_files(int f_in, int f_out, char
-
- cleanup_got_literal = 0;
-
-- if (daemon_filter_list.head
-- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
-- rprintf(FERROR, "attempt to hack rsync failed.\n");
-- exit_cleanup(RERR_PROTOCOL);
-- }
--
- if (read_batch) {
- int wanted = redoing
- ? we_want_redo(ndx)
-@@ -728,7 +728,7 @@ int recv_files(int f_in, int f_out, char
- break;
- }
- if (!fnamecmp || (daemon_filter_list.head
-- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0)) {
-+ && check_filter(&daemon_filter_list, FLOG, fnamecmp, 0) < 0)) {
- fnamecmp = fname;
- fnamecmp_type = FNAMECMP_FNAME;
- }
diff -r 11b65317da25 -r bcbfd527c5d0 net/rsync/patches/patch-rsync.c
--- a/net/rsync/patches/patch-rsync.c Fri Mar 16 21:44:18 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-$NetBSD: patch-rsync.c,v 1.1.2.2 2018/01/06 22:51:51 spz Exp $
-
-Fix for CVE-2017-17434, taken from:
-
-https://git.samba.org/?p=rsync.git;a=commitdiff;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9
-
---- rsync.c.orig 2015-08-08 12:47:03.000000000 -0700
-+++ rsync.c 2017-12-31 12:40:50.353165397 -0800
-@@ -49,6 +49,7 @@ extern int flist_eof;
- extern int file_old_total;
- extern int keep_dirlinks;
- extern int make_backups;
-+extern int sanitize_paths;
- extern struct file_list *cur_flist, *first_flist, *dir_flist;
- extern struct chmod_mode_struct *daemon_chmod_modes;
- #ifdef ICONV_OPTION
-@@ -396,6 +397,11 @@ int read_ndx_and_attrs(int f_in, int f_o
- if (iflags & ITEM_XNAME_FOLLOWS) {
- if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0)
- exit_cleanup(RERR_PROTOCOL);
-+
-+ if (sanitize_paths) {
-+ sanitize_path(buf, buf, "", 0, SP_DEFAULT);
-+ len = strlen(buf);
-+ }
- } else {
- *buf = '\0';
- len = -1;
diff -r 11b65317da25 -r bcbfd527c5d0 net/rsync/patches/patch-xattrs.c
--- a/net/rsync/patches/patch-xattrs.c Fri Mar 16 21:44:18 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-$NetBSD: patch-xattrs.c,v 1.1 2017/11/10 06:59:16 spz Exp $
-
-patch for CVE-2017-16548 from
-https://git.samba.org/rsync.git/?p=rsync.git;a=blobdiff;f=xattrs.c;h=4867e6f5b8ad2934d43b06f3b99b7b3690a6dc7a;hp=68305d7559b34f5cc2f196b74429b82fa6ff49dd;hb=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1;hpb=bc112b0e7feece62ce98708092306639a8a53cce
-
---- xattrs.c.orig 2015-08-08 19:47:03.000000000 +0000
-+++ xattrs.c
-@@ -696,6 +696,10 @@ void receive_xattr(int f, struct file_st
- out_of_memory("receive_xattr");
- name = ptr + dget_len + extra_len;
- read_buf(f, name, name_len);
-+ if (name_len < 1 || name[name_len-1] != '\0') {
-+ rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n");
-+ exit_cleanup(RERR_FILEIO);
-+ }
- if (dget_len == datum_len)
- read_buf(f, ptr, dget_len);
- else {
Home |
Main Index |
Thread Index |
Old Index