commit 27fd1b15acacb177555d5a3a139e3018b3b24a21 Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 11:16:28 2019 -0400 Package init diff --git a/Avoid-a-compiler-error-warning-about-shifting-a-nega.patch b/Avoid-a-compiler-error-warning-about-shifting-a-nega.patch new file mode 100644 index 0000000..9dc243f --- /dev/null +++ b/Avoid-a-compiler-error-warning-about-shifting-a-nega.patch @@ -0,0 +1,27 @@ +From eec6ab7615535e02cfcb691d44575268bdcf656f Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Sun, 25 Mar 2018 19:07:22 -0700 +Subject: [PATCH 03/36] Avoid a compiler error/warning about shifting a + negative value. Fixes bug #13268. + +Signed-off-by: root +--- + zlib/inflate.c | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/zlib/inflate.c b/zlib/inflate.c +index a7555738..cea8e7e4 100644 +--- a/zlib/inflate.c ++++ b/zlib/inflate.c +@@ -1525,7 +1525,7 @@ z_streamp strm; + { + struct inflate_state FAR *state; + +- if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16; ++ if (strm == Z_NULL || strm->state == Z_NULL) return -(1L << 16); + state = (struct inflate_state FAR *)strm->state; + return ((long)(state->back) << 16) + + (state->mode == COPY ? state->length : +-- +2.19.1 + diff --git a/Avoid-a-potential-out-of-bounds-read-in-daemon-mode-.patch b/Avoid-a-potential-out-of-bounds-read-in-daemon-mode-.patch new file mode 100644 index 0000000..ccc36e2 --- /dev/null +++ b/Avoid-a-potential-out-of-bounds-read-in-daemon-mode-.patch @@ -0,0 +1,30 @@ +From a3668685354e7457ac3e29634083906ee5435bf2 Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Sat, 15 Dec 2018 16:52:53 -0800 +Subject: [PATCH 09/36] Avoid a potential out-of-bounds read in daemon mode if + argc is 0. + +Signed-off-by: root +--- + NEWS | 3 +++ + options.c | 4 ++++ + 2 files changed, 7 insertions(+) + +diff --git a/options.c b/options.c +index 1c5b42d0..a07c8e13 100644 +--- a/options.c ++++ b/options.c +@@ -1315,6 +1315,10 @@ int parse_arguments(int *argc_p, const char ***argv_p) + int opt; + int orig_protect_args = protect_args; + ++ if (argc == 0) { ++ strlcpy(err_buf, "argc is zero!\n", sizeof err_buf); ++ return 0; ++ } + if (ref && *ref) + set_refuse_options(ref); + if (am_daemon) { +-- +2.19.1 + diff --git a/Avoid-leaving-a-file-open-on-error-return.patch b/Avoid-leaving-a-file-open-on-error-return.patch new file mode 100644 index 0000000..c044592 --- /dev/null +++ b/Avoid-leaving-a-file-open-on-error-return.patch @@ -0,0 +1,25 @@ +From f233dffbd6bf65a08d0d6ce1050eb9c6ed7723cb Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Tue, 15 Jan 2019 10:38:00 -0800 +Subject: [PATCH 21/36] Avoid leaving a file open on error return. + +Signed-off-by: root +--- + util.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/util.c b/util.c +index fbbfd8ba..235afa82 100644 +--- a/util.c ++++ b/util.c +@@ -346,6 +346,7 @@ int copy_file(const char *source, const char *dest, int ofd, mode_t mode) + if (robust_unlink(dest) && errno != ENOENT) { + int save_errno = errno; + rsyserr(FERROR_XFER, errno, "unlink %s", full_fname(dest)); ++ close(ifd); + errno = save_errno; + return -1; + } +-- +2.19.1 + diff --git a/CVE-2017-17433.patch b/CVE-2017-17433.patch new file mode 100644 index 0000000..c9f8aac --- /dev/null +++ b/CVE-2017-17433.patch @@ -0,0 +1,29 @@ +From 3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 Mon Sep 17 00:00:00 2001 +From: Jeriko One +Date: Thu, 2 Nov 2017 23:44:19 -0700 +Subject: [PATCH] Check fname in recv_files sooner. + +--- + receiver.c | 6 ++++++ + 1 file changed, 6 insertions(+), 0 deletions(-) + +diff --git a/receiver.c b/receiver.c +index baae3a91..9fdafa15 100644 +--- a/receiver.c ++++ b/receiver.c +@@ -574,6 +574,12 @@ int recv_files(int f_in, int f_out, char *local_name) + file = dir_flist->files[cur_flist->parent_ndx]; + fname = local_name ? local_name : f_name(file, fbuf); + ++ if (daemon_filter_list.head ++ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { ++ rprintf(FERROR, "attempt to hack rsync failed.\n"); ++ exit_cleanup(RERR_PROTOCOL); ++ } ++ + if (DEBUG_GTE(RECV, 1)) + rprintf(FINFO, "recv_files(%s)\n", fname); + +-- +2.17.1 + diff --git a/Fix-bug-in-try_dests_reg-that-Florian-Zumbiehl-point.patch b/Fix-bug-in-try_dests_reg-that-Florian-Zumbiehl-point.patch new file mode 100644 index 0000000..0e5c717 --- /dev/null +++ b/Fix-bug-in-try_dests_reg-that-Florian-Zumbiehl-point.patch @@ -0,0 +1,59 @@ +From d47d3792160210ce14700e38a223eaa0059f3551 Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Sat, 16 Mar 2019 11:12:53 -0700 +Subject: [PATCH 35/36] Fix bug in try_dests_reg that Florian Zumbiehl pointed + out. + +If the alternate-destination code was scanning multiple alt dirs and it +found the right size/mtime/checksum info but not the right xattrs, it +would keep scanning the other dirs for a better xattr match, but it +would omit the unchanged-file check that needs to happen first. + +Signed-off-by: root +--- + generator.c | 21 ++++++++------------- + 1 file changed, 8 insertions(+), 13 deletions(-) + +diff --git a/generator.c b/generator.c +index 6021a220..5538a92d 100644 +--- a/generator.c ++++ b/generator.c +@@ -876,27 +876,22 @@ static int try_dests_reg(struct file_struct *file, char *fname, int ndx, + pathjoin(cmpbuf, MAXPATHLEN, basis_dir[j], fname); + if (link_stat(cmpbuf, &sxp->st, 0) < 0 || !S_ISREG(sxp->st.st_mode)) + continue; +- switch (match_level) { +- case 0: ++ if (match_level == 0) { + best_match = j; + match_level = 1; +- /* FALL THROUGH */ +- case 1: +- if (!unchanged_file(cmpbuf, file, &sxp->st)) +- continue; ++ } ++ if (!unchanged_file(cmpbuf, file, &sxp->st)) ++ continue; ++ if (match_level == 1) { + best_match = j; + match_level = 2; +- /* FALL THROUGH */ +- case 2: +- if (!unchanged_attrs(cmpbuf, file, sxp)) { +- free_stat_x(sxp); +- continue; +- } ++ } ++ if (unchanged_attrs(cmpbuf, file, sxp)) { + best_match = j; + match_level = 3; + break; + } +- break; ++ free_stat_x(sxp); + } while (basis_dir[++j] != NULL); + + if (!match_level) +-- +2.19.1 + diff --git a/Fix-itemizing-of-wrong-dir-name-on-some-iconv-transf.patch b/Fix-itemizing-of-wrong-dir-name-on-some-iconv-transf.patch new file mode 100644 index 0000000..d45d867 --- /dev/null +++ b/Fix-itemizing-of-wrong-dir-name-on-some-iconv-transf.patch @@ -0,0 +1,37 @@ +From 4aeb093206d55c3d886cbcec062f7aa93d0b968e Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Tue, 20 Nov 2018 12:45:36 -0800 +Subject: [PATCH 05/36] Fix itemizing of wrong dir name on some --iconv + transfers. + +Fixes bug #13492. + +Signed-off-by: root +--- + flist.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/flist.c b/flist.c +index 499440cc..60e843cc 100644 +--- a/flist.c ++++ b/flist.c +@@ -1636,6 +1636,7 @@ static void add_dirs_to_tree(int parent_ndx, struct file_list *from_flist, + int32 *parent_dp = parent_ndx < 0 ? NULL + : F_DIR_NODE_P(dir_flist->sorted[parent_ndx]); + ++ /* The sending side is adding entries to dir_flist in sorted order, so sorted & files are the same. */ + flist_expand(dir_flist, dir_cnt); + dir_flist->sorted = dir_flist->files; + +@@ -1970,7 +1971,7 @@ void send_extra_file_list(int f, int at_least) + else + dir_ndx = send_dir_ndx; + write_ndx(f, NDX_FLIST_OFFSET - dir_ndx); +- flist->parent_ndx = dir_ndx; ++ flist->parent_ndx = send_dir_ndx; /* the sending side must remember the sorted ndx value */ + + send1extra(f, file, flist); + prev_flags = file->flags; +-- +2.19.1 + diff --git a/Fix-remove-source-files-sanity-check-w-copy-links-th.patch b/Fix-remove-source-files-sanity-check-w-copy-links-th.patch new file mode 100644 index 0000000..350035e --- /dev/null +++ b/Fix-remove-source-files-sanity-check-w-copy-links-th.patch @@ -0,0 +1,47 @@ +From 79332c0d66d933369a28c63b096addb67514cb38 Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Sat, 16 Mar 2019 09:09:09 -0700 +Subject: [PATCH 27/36] Fix --remove-source-files sanity check w/--copy-links + the right way. Fixes bug #10494. + +Signed-off-by: root +--- + sender.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/sender.c b/sender.c +index 03e4aadd..9b432ed9 100644 +--- a/sender.c ++++ b/sender.c +@@ -32,6 +32,7 @@ extern int logfile_format_has_i; + extern int want_xattr_optim; + extern int csum_length; + extern int append_mode; ++extern int copy_links; + extern int io_error; + extern int flist_eof; + extern int allowed_lull; +@@ -138,17 +139,16 @@ void successful_send(int ndx) + return; + f_name(file, fname); + +- if (do_lstat(fname, &st) < 0) { ++ if ((copy_links ? do_stat(fname, &st) : do_lstat(fname, &st)) < 0) { + failed_op = "re-lstat"; + goto failed; + } + +- if (S_ISREG(file->mode) /* Symlinks & devices don't need this check: */ +- && (st.st_size != F_LENGTH(file) || st.st_mtime != file->modtime ++ if (st.st_size != F_LENGTH(file) || st.st_mtime != file->modtime + #ifdef ST_MTIME_NSEC + || (NSEC_BUMP(file) && (uint32)st.ST_MTIME_NSEC != F_MOD_NSEC(file)) + #endif +- )) { ++ ) { + rprintf(FERROR_XFER, "ERROR: Skipping sender remove for changed file: %s\n", fname); + return; + } +-- +2.19.1 + diff --git a/Fix-zlib-CVE-2016-9840.patch b/Fix-zlib-CVE-2016-9840.patch new file mode 100644 index 0000000..060917a --- /dev/null +++ b/Fix-zlib-CVE-2016-9840.patch @@ -0,0 +1,67 @@ +From efcbec3df5277ab14fe2757bd9187e4bb77d1ee2 Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Sat, 16 Mar 2019 09:47:55 -0700 +Subject: [PATCH 29/36] Fix zlib CVE-2016-9840. + +Signed-off-by: root +--- + zlib/inftrees.c | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/zlib/inftrees.c b/zlib/inftrees.c +index 44d89cf2..571e8100 100644 +--- a/zlib/inftrees.c ++++ b/zlib/inftrees.c +@@ -54,7 +54,7 @@ unsigned short FAR *work; + code FAR *next; /* next available space in table */ + const unsigned short FAR *base; /* base value table to use */ + const unsigned short FAR *extra; /* extra bits table to use */ +- int end; /* use base and extra for symbol > end */ ++ unsigned match; /* use base and extra for symbol >= match */ + unsigned short count[MAXBITS+1]; /* number of codes of each length */ + unsigned short offs[MAXBITS+1]; /* offsets in table for each length */ + static const unsigned short lbase[31] = { /* Length codes 257..285 base */ +@@ -181,19 +181,17 @@ unsigned short FAR *work; + switch (type) { + case CODES: + base = extra = work; /* dummy value--not used */ +- end = 19; ++ match = 20; + break; + case LENS: + base = lbase; +- base -= 257; + extra = lext; +- extra -= 257; +- end = 256; ++ match = 257; + break; + default: /* DISTS */ + base = dbase; + extra = dext; +- end = -1; ++ match = 0; + } + + /* initialize state for loop */ +@@ -216,13 +214,13 @@ unsigned short FAR *work; + for (;;) { + /* create table entry */ + here.bits = (unsigned char)(len - drop); +- if ((int)(work[sym]) < end) { ++ if (work[sym] + 1u < match) { + here.op = (unsigned char)0; + here.val = work[sym]; + } +- else if ((int)(work[sym]) > end) { +- here.op = (unsigned char)(extra[work[sym]]); +- here.val = base[work[sym]]; ++ else if (work[sym] >= match) { ++ here.op = (unsigned char)(extra[work[sym] - match]); ++ here.val = base[work[sym] - match]; + } + else { + here.op = (unsigned char)(32 + 64); /* end of block */ +-- +2.19.1 + diff --git a/Fix-zlib-CVE-2016-9841.patch b/Fix-zlib-CVE-2016-9841.patch new file mode 100644 index 0000000..458a8f7 --- /dev/null +++ b/Fix-zlib-CVE-2016-9841.patch @@ -0,0 +1,221 @@ +From fc10fafa252ae1055296831506e6e2dcdc1853c5 Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Sat, 16 Mar 2019 09:48:10 -0700 +Subject: [PATCH 30/36] Fix zlib CVE-2016-9841. + +Signed-off-by: root +--- + zlib/inffast.c | 81 +++++++++++++++++++------------------------------- + 1 file changed, 31 insertions(+), 50 deletions(-) + +diff --git a/zlib/inffast.c b/zlib/inffast.c +index bda59ceb..f0d163db 100644 +--- a/zlib/inffast.c ++++ b/zlib/inffast.c +@@ -10,25 +10,6 @@ + + #ifndef ASMINF + +-/* Allow machine dependent optimization for post-increment or pre-increment. +- Based on testing to date, +- Pre-increment preferred for: +- - PowerPC G3 (Adler) +- - MIPS R5000 (Randers-Pehrson) +- Post-increment preferred for: +- - none +- No measurable difference: +- - Pentium III (Anderson) +- - M68060 (Nikl) +- */ +-#ifdef POSTINC +-# define OFF 0 +-# define PUP(a) *(a)++ +-#else +-# define OFF 1 +-# define PUP(a) *++(a) +-#endif +- + /* + Decode literal, length, and distance codes and write out the resulting + literal and match bytes until either not enough input or output is +@@ -96,9 +77,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + + /* copy state to local variables */ + state = (struct inflate_state FAR *)strm->state; +- in = strm->next_in - OFF; ++ in = strm->next_in; + last = in + (strm->avail_in - 5); +- out = strm->next_out - OFF; ++ out = strm->next_out; + beg = out - (start - strm->avail_out); + end = out + (strm->avail_out - 257); + #ifdef INFLATE_STRICT +@@ -119,9 +100,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + input data or output space */ + do { + if (bits < 15) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + } + here = lcode[hold & lmask]; +@@ -134,14 +115,14 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? + "inflate: literal '%c'\n" : + "inflate: literal 0x%02x\n", here.val)); +- PUP(out) = (unsigned char)(here.val); ++ *out++ = (unsigned char)(here.val); + } + else if (op & 16) { /* length base */ + len = (unsigned)(here.val); + op &= 15; /* number of extra bits */ + if (op) { + if (bits < op) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + } + len += (unsigned)hold & ((1U << op) - 1); +@@ -150,9 +131,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + } + Tracevv((stderr, "inflate: length %u\n", len)); + if (bits < 15) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + } + here = dcode[hold & dmask]; +@@ -165,10 +146,10 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + dist = (unsigned)(here.val); + op &= 15; /* number of extra bits */ + if (bits < op) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + if (bits < op) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + } + } +@@ -196,30 +177,30 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + #ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR + if (len <= op - whave) { + do { +- PUP(out) = 0; ++ *out++ = 0; + } while (--len); + continue; + } + len -= op - whave; + do { +- PUP(out) = 0; ++ *out++ = 0; + } while (--op > whave); + if (op == 0) { + from = out - dist; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--len); + continue; + } + #endif + } +- from = window - OFF; ++ from = window; + if (wnext == 0) { /* very common case */ + from += wsize - op; + if (op < len) { /* some from window */ + len -= op; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--op); + from = out - dist; /* rest from output */ + } +@@ -230,14 +211,14 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + if (op < len) { /* some from end of window */ + len -= op; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--op); +- from = window - OFF; ++ from = window; + if (wnext < len) { /* some from start of window */ + op = wnext; + len -= op; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--op); + from = out - dist; /* rest from output */ + } +@@ -248,35 +229,35 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + if (op < len) { /* some from window */ + len -= op; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--op); + from = out - dist; /* rest from output */ + } + } + while (len > 2) { +- PUP(out) = PUP(from); +- PUP(out) = PUP(from); +- PUP(out) = PUP(from); ++ *out++ = *from++; ++ *out++ = *from++; ++ *out++ = *from++; + len -= 3; + } + if (len) { +- PUP(out) = PUP(from); ++ *out++ = *from++; + if (len > 1) +- PUP(out) = PUP(from); ++ *out++ = *from++; + } + } + else { + from = out - dist; /* copy direct from output */ + do { /* minimum length is three */ +- PUP(out) = PUP(from); +- PUP(out) = PUP(from); +- PUP(out) = PUP(from); ++ *out++ = *from++; ++ *out++ = *from++; ++ *out++ = *from++; + len -= 3; + } while (len > 2); + if (len) { +- PUP(out) = PUP(from); ++ *out++ = *from++; + if (len > 1) +- PUP(out) = PUP(from); ++ *out++ = *from++; + } + } + } +@@ -313,8 +294,8 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + hold &= (1U << bits) - 1; + + /* update state and return */ +- strm->next_in = in + OFF; +- strm->next_out = out + OFF; ++ strm->next_in = in; ++ strm->next_out = out; + strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last)); + strm->avail_out = (unsigned)(out < end ? + 257 + (end - out) : 257 - (out - end)); +-- +2.19.1 + diff --git a/Fix-zlib-CVE-2016-9842.patch b/Fix-zlib-CVE-2016-9842.patch new file mode 100644 index 0000000..a760576 --- /dev/null +++ b/Fix-zlib-CVE-2016-9842.patch @@ -0,0 +1,30 @@ +From 8eb50bce43634b9ef9ae940778ac08a959a7e8e4 Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Sat, 16 Mar 2019 09:52:30 -0700 +Subject: [PATCH 31/36] Fix zlib CVE-2016-9842. + +Signed-off-by: root +--- + zlib/inflate.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/zlib/inflate.c b/zlib/inflate.c +index 5ed2390d..e43abd9e 100644 +--- a/zlib/inflate.c ++++ b/zlib/inflate.c +@@ -1525,9 +1525,10 @@ z_streamp strm; + { + struct inflate_state FAR *state; + +- if (strm == Z_NULL || strm->state == Z_NULL) return -(1L << 16); ++ if (strm == Z_NULL || strm->state == Z_NULL) ++ return (long)(((unsigned long)0 - 1) << 16); + state = (struct inflate_state FAR *)strm->state; +- return ((long)(state->back) << 16) + ++ return (long)(((unsigned long)((long)state->back)) << 16) + + (state->mode == COPY ? state->length : + (state->mode == MATCH ? state->was - state->length : 0)); + } +-- +2.19.1 + diff --git a/Fix-zlib-CVE-2016-9843.patch b/Fix-zlib-CVE-2016-9843.patch new file mode 100644 index 0000000..e8f9a5c --- /dev/null +++ b/Fix-zlib-CVE-2016-9843.patch @@ -0,0 +1,42 @@ +From 3fe4469bfa84ed23414f4f581c798945dcfa41f0 Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Sat, 16 Mar 2019 09:52:46 -0700 +Subject: [PATCH 32/36] Fix zlib CVE-2016-9843. + +Signed-off-by: root +--- + zlib/crc32.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/zlib/crc32.c b/zlib/crc32.c +index 979a7190..05733f4e 100644 +--- a/zlib/crc32.c ++++ b/zlib/crc32.c +@@ -278,7 +278,7 @@ local unsigned long crc32_little(crc, buf, len) + } + + /* ========================================================================= */ +-#define DOBIG4 c ^= *++buf4; \ ++#define DOBIG4 c ^= *buf4++; \ + c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \ + crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24] + #define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4 +@@ -300,7 +300,6 @@ local unsigned long crc32_big(crc, buf, len) + } + + buf4 = (const z_crc_t FAR *)(const void FAR *)buf; +- buf4--; + while (len >= 32) { + DOBIG32; + len -= 32; +@@ -309,7 +308,6 @@ local unsigned long crc32_big(crc, buf, len) + DOBIG4; + len -= 4; + } +- buf4++; + buf = (const unsigned char FAR *)buf4; + + if (len) do { +-- +2.19.1 + diff --git a/Need-to-mark-xattr-rules-in-get_rule_prefix.patch b/Need-to-mark-xattr-rules-in-get_rule_prefix.patch new file mode 100644 index 0000000..a260d63 --- /dev/null +++ b/Need-to-mark-xattr-rules-in-get_rule_prefix.patch @@ -0,0 +1,29 @@ +From 1eb7a7061af2f91149233937f3db066d303c7684 Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Thu, 14 Jun 2018 15:19:34 -0700 +Subject: [PATCH 04/36] Need to mark xattr rules in get_rule_prefix(). + +This fixes the bug of xattr filters getting sent as a normal filter rule +(since the 'x' was dropped in the prefix). + +Signed-off-by: root +--- + exclude.c | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/exclude.c b/exclude.c +index 7989fb3e..a0090b29 100644 +--- a/exclude.c ++++ b/exclude.c +@@ -1286,6 +1286,8 @@ char *get_rule_prefix(filter_rule *rule, const char *pat, int for_xfer, + } + if (rule->rflags & FILTRULE_EXCLUDE_SELF) + *op++ = 'e'; ++ if (rule->rflags & FILTRULE_XATTR) ++ *op++ = 'x'; + if (rule->rflags & FILTRULE_SENDER_SIDE + && (!for_xfer || protocol_version >= 29)) + *op++ = 's'; +-- +2.19.1 + diff --git a/Try-to-fix-the-iconv-crash-in-bug-11338.patch b/Try-to-fix-the-iconv-crash-in-bug-11338.patch new file mode 100644 index 0000000..8bc8aa3 --- /dev/null +++ b/Try-to-fix-the-iconv-crash-in-bug-11338.patch @@ -0,0 +1,38 @@ +From c0c6a97c35e8e4fb56ba26dc9c8447e26d94de06 Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Sat, 16 Mar 2019 11:49:53 -0700 +Subject: [PATCH 36/36] Try to fix the iconv crash in bug 11338. + +Applying Michal Ruprich's suggested patch for the rwrite() function that +should hopefully help with a bug that I couldn't reproduce. + +Signed-off-by: root +--- + log.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/log.c b/log.c +index 21bcdfd9..a86edd74 100644 +--- a/log.c ++++ b/log.c +@@ -378,10 +378,13 @@ output_msg: + filtered_fwrite(f, convbuf, outbuf.len, 0); + outbuf.len = 0; + } +- if (!ierrno || ierrno == E2BIG) +- continue; +- fprintf(f, "\\#%03o", CVAL(inbuf.buf, inbuf.pos++)); +- inbuf.len--; ++ /* Log one byte of illegal/incomplete sequence and continue with ++ * the next character. Check that the buffer is non-empty for the ++ * sake of robustness. */ ++ if ((ierrno == EILSEQ || ierrno == EINVAL) && inbuf.len) { ++ fprintf(f, "\\#%03o", CVAL(inbuf.buf, inbuf.pos++)); ++ inbuf.len--; ++ } + } + } else + #endif +-- +2.19.1 + diff --git a/rsync-3.1.3.tar.gz b/rsync-3.1.3.tar.gz new file mode 100644 index 0000000..4e5cc3d Binary files /dev/null and b/rsync-3.1.3.tar.gz differ diff --git a/rsync-man.patch b/rsync-man.patch new file mode 100644 index 0000000..36ddc53 --- /dev/null +++ b/rsync-man.patch @@ -0,0 +1,10 @@ +--- rsync-3.0.9/rsync.1 2011-09-23 18:42:26.000000000 +0200 ++++ rsync-3.0.9/rsync.1 2012-09-19 10:40:19.698802861 +0200 +@@ -445,6 +445,7 @@ + \-o, \-\-owner preserve owner (super\-user only) + \-g, \-\-group preserve group + \-\-devices preserve device files (super\-user only) ++ \-\-copy-devices copy device contents as regular file + \-\-specials preserve special files + \-D same as \-\-devices \-\-specials + \-t, \-\-times preserve modification times diff --git a/rsync-noatime.patch b/rsync-noatime.patch new file mode 100644 index 0000000..9ca27a8 --- /dev/null +++ b/rsync-noatime.patch @@ -0,0 +1,94 @@ +Optionally preserve atimes. + +Based on https://bugzilla.samba.org/show_bug.cgi?id=7249#c1 by Nicolas George. + +Index: rsync-3.1.0/options.c +=================================================================== +--- rsync-3.1.0.orig/options.c ++++ rsync-3.1.0/options.c +@@ -125,6 +125,7 @@ int delay_updates = 0; + long block_size = 0; /* "long" because popt can't set an int32. */ + char *skip_compress = NULL; + item_list dparam_list = EMPTY_ITEM_LIST; ++int noatime = 0; + + /** Network address family. **/ + int default_af_hint +@@ -802,6 +803,7 @@ void usage(enum logcode F) + rprintf(F," --iconv=CONVERT_SPEC request charset conversion of filenames\n"); + #endif + rprintf(F," --checksum-seed=NUM set block/file checksum seed (advanced)\n"); ++ rprintf(F," --noatime do not alter atime when opening source files\n"); + rprintf(F," -4, --ipv4 prefer IPv4\n"); + rprintf(F," -6, --ipv6 prefer IPv6\n"); + rprintf(F," --version print version number\n"); +@@ -1019,6 +1021,7 @@ static struct poptOption long_options[] + {"iconv", 0, POPT_ARG_STRING, &iconv_opt, 0, 0, 0 }, + {"no-iconv", 0, POPT_ARG_NONE, 0, OPT_NO_ICONV, 0, 0 }, + #endif ++ {"noatime", 0, POPT_ARG_VAL, &noatime, 1, 0, 0 }, + {"ipv4", '4', POPT_ARG_VAL, &default_af_hint, AF_INET, 0, 0 }, + {"ipv6", '6', POPT_ARG_VAL, &default_af_hint, AF_INET6, 0, 0 }, + {"8-bit-output", '8', POPT_ARG_VAL, &allow_8bit_chars, 1, 0, 0 }, +@@ -2739,6 +2742,12 @@ void server_options(char **args, int *ar + if (preallocate_files && am_sender) + args[ac++] = "--preallocate"; + ++ /* ++ * Do we want remote atime preservation when we preserve local ones? ++ if (noatime) ++ args[ac++] = "--noatime"; ++ */ ++ + if (ac > MAX_SERVER_ARGS) { /* Not possible... */ + rprintf(FERROR, "argc overflow in server_options().\n"); + exit_cleanup(RERR_MALLOC); +Index: rsync-3.1.0/rsync.yo +=================================================================== +--- rsync-3.1.0.orig/rsync.yo ++++ rsync-3.1.0/rsync.yo +@@ -454,6 +454,7 @@ to the detailed description below for a + --protocol=NUM force an older protocol version to be used + --iconv=CONVERT_SPEC request charset conversion of filenames + --checksum-seed=NUM set block/file checksum seed (advanced) ++ --noatime do not alter atime when opening source files + -4, --ipv4 prefer IPv4 + -6, --ipv6 prefer IPv6 + --version print version number +@@ -2543,6 +2544,13 @@ daemon uses the charset specified in its + regardless of the remote charset you actually pass. Thus, you may feel free to + specify just the local charset for a daemon transfer (e.g. bf(--iconv=utf8)). + ++dit(bf(--noatime)) Use the O_NOATIME open flag on systems that support it. ++The effect of this flag is to avoid altering the access time (atime) of the ++opened files. ++If the system does not support the O_NOATIME flag, this option does nothing. ++Currently, systems known to support O_NOATIME are Linux >= 2.6.8 with glibc ++>= 2.3.4. ++ + dit(bf(-4, --ipv4) or bf(-6, --ipv6)) Tells rsync to prefer IPv4/IPv6 + when creating sockets. This only affects sockets that rsync has direct + control over, such as the outgoing socket when directly contacting an +diff --git a/syscall.c b/syscall.c +index c46a8b4..6620563 100644 +--- a/syscall.c ++++ b/syscall.c +@@ -42,6 +42,7 @@ extern int inplace; + extern int preallocate_files; + extern int preserve_perms; + extern int preserve_executability; ++extern int noatime; + + #ifndef S_BLKSIZE + # if defined hpux || defined __hpux__ || defined __hpux +@@ -189,6 +190,10 @@ int do_open(const char *pathname, int fl + RETURN_ERROR_IF(dry_run, 0); + RETURN_ERROR_IF_RO_OR_LO; + } ++#ifdef O_NOATIME ++ if (noatime) ++ flags |= O_NOATIME; ++#endif + + return open(pathname, flags | O_BINARY, mode); + } diff --git a/rsync-patches-3.1.3.tar.gz b/rsync-patches-3.1.3.tar.gz new file mode 100644 index 0000000..155b2f5 Binary files /dev/null and b/rsync-patches-3.1.3.tar.gz differ diff --git a/rsync.spec b/rsync.spec new file mode 100644 index 0000000..a8ded3f --- /dev/null +++ b/rsync.spec @@ -0,0 +1,100 @@ +Name: rsync +Version: 3.1.3 +Release: 6 +Summary: Fast incremental file transfer utility +License: GPLv3+ +URL: http://rsync.samba.org/ +Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz +Source1: https://download.samba.org/pub/rsync/src/rsync-patches-%{version}.tar.gz +Source2: rsyncd.socket +Source3: rsyncd.service +Source4: rsyncd.conf +Source5: rsyncd.sysconfig +Source6: rsyncd@.service + +BuildRequires: git gcc systemd libacl-devel libattr-devel autoconf popt-devel +Provides: bundled(zlib) = 1.2.8 rsync-daemon +Obsoletes: rsync-daemon +%{?systemd_requires} + +Patch0: rsync-man.patch +Patch1: rsync-noatime.patch +Patch6000: Avoid-a-compiler-error-warning-about-shifting-a-nega.patch +Patch6001: Need-to-mark-xattr-rules-in-get_rule_prefix.patch +Patch6002: Fix-itemizing-of-wrong-dir-name-on-some-iconv-transf.patch +Patch6003: Avoid-a-potential-out-of-bounds-read-in-daemon-mode-.patch +Patch6004: Avoid-leaving-a-file-open-on-error-return.patch +Patch6005: Fix-remove-source-files-sanity-check-w-copy-links-th.patch +Patch6006: Fix-zlib-CVE-2016-9840.patch +Patch6007: Fix-zlib-CVE-2016-9841.patch +Patch6008: Fix-zlib-CVE-2016-9842.patch +Patch6009: Fix-zlib-CVE-2016-9843.patch +Patch6010: Fix-bug-in-try_dests_reg-that-Florian-Zumbiehl-point.patch +Patch6011: Try-to-fix-the-iconv-crash-in-bug-11338.patch +Patch6012: CVE-2017-17433.patch + +%description +Rsync is an open source utility that provides fast incremental file transfer. +It uses the "rsync algorithm" which provides a very fast method for bringing +remote files into sync. It does this by sending just the differences in the +files across the link, without requiring that both sets of files are present +at one of the ends of the link beforehand. + +%package_help + +%prep +%autosetup -b 1 -n %{name}-%{version} -p1 + +patch -p1 -i patches/acls.diff +patch -p1 -i patches/xattrs.diff +patch -p1 -i patches/copy-devices.diff + +chmod -x support/* + +%build +%configure +%make_build + +%install +%make_install + +install -D -m644 %{SOURCE2} %{buildroot}/%{_unitdir}/rsyncd.socket +install -D -m644 %{SOURCE3} %{buildroot}/%{_unitdir}/rsyncd.service +install -D -m644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/rsyncd.conf +install -D -m644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/sysconfig/rsyncd +install -D -m644 %{SOURCE6} %{buildroot}/%{_unitdir}/rsyncd@.service + +%pre + +%preun +%systemd_preun rsyncd.service + +%post +%systemd_post rsyncd.service + +%postun +%systemd_postun_with_restart rsyncd.service + +%files +%defattr(-,root,root) +%doc NEWS OLDNEWS README tech_report.tex +%doc support/* +%license COPYING +%config(noreplace) %{_sysconfdir}/*.conf +%config(noreplace) %{_sysconfdir}/sysconfig/rsyncd +%{_unitdir}/rsyncd* +%{_bindir}/rsync + +%files help +%{_mandir}/man1/%{name}.1* +%{_mandir}/man5/rsyncd.conf.5* + +%changelog +* Fri Sep 27 2019 chengquan - 3.1.3-6 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix spec rule in openeuler + +* Mon Sep 09 2019 openEuler Buildteam - 3.1.3-5 +- Package init diff --git a/rsyncd.conf b/rsyncd.conf new file mode 100644 index 0000000..6e058aa --- /dev/null +++ b/rsyncd.conf @@ -0,0 +1,20 @@ +# /etc/rsyncd: configuration file for rsync daemon mode + +# See rsyncd.conf man page for more options. + +# configuration example: + +# uid = nobody +# gid = nobody +# use chroot = yes +# max connections = 4 +# pid file = /var/run/rsyncd.pid +# exclude = lost+found/ +# transfer logging = yes +# timeout = 900 +# ignore nonreadable = yes +# dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 + +# [ftp] +# path = /home/ftp +# comment = ftp export area diff --git a/rsyncd.service b/rsyncd.service new file mode 100644 index 0000000..3ffecce --- /dev/null +++ b/rsyncd.service @@ -0,0 +1,10 @@ +[Unit] +Description=fast remote file copy program daemon +ConditionPathExists=/etc/rsyncd.conf + +[Service] +EnvironmentFile=/etc/sysconfig/rsyncd +ExecStart=/usr/bin/rsync --daemon --no-detach "$OPTIONS" + +[Install] +WantedBy=multi-user.target diff --git a/rsyncd.socket b/rsyncd.socket new file mode 100644 index 0000000..7306ad0 --- /dev/null +++ b/rsyncd.socket @@ -0,0 +1,10 @@ +[Unit] +Description=Rsync Server Socket +Conflicts=rsyncd.service + +[Socket] +ListenStream=873 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/rsyncd.sysconfig b/rsyncd.sysconfig new file mode 100644 index 0000000..90a5a43 --- /dev/null +++ b/rsyncd.sysconfig @@ -0,0 +1 @@ +OPTIONS="" diff --git a/rsyncd@.service b/rsyncd@.service new file mode 100644 index 0000000..89f9621 --- /dev/null +++ b/rsyncd@.service @@ -0,0 +1,8 @@ +[Unit] +Description=fast remote file copy program daemon +ConditionPathExists=/etc/rsyncd.conf + +[Service] +EnvironmentFile=/etc/sysconfig/rsyncd +ExecStart=/usr/bin/rsync --daemon --no-detach "$OPTIONS" +StandardInput=socket