Update version to 3.2.5 and Fix CVE-2022-29154 CVE-2022-37434

backport-CVE-2020-14387-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch

@@ -1,23 +0,0 @@
-From c3f7414c450faaf6a8281cc4a4403529aeb7d859 Mon Sep 17 00:00:00 2001
-From: Matt McCutchen <matt@mattmccutchen.net>
-Date: Wed, 26 Aug 2020 12:16:08 -0400
-Subject: [PATCH] rsync-ssl: Verify the hostname in the certificate when using
- openssl.
-
----
- rsync-ssl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/rsync-ssl b/rsync-ssl
-index 8101975a..46701af1 100755
---- a/rsync-ssl
-+++ b/rsync-ssl
-@@ -129,7 +129,7 @@ function rsync_ssl_helper {
-     fi
- 
-     if [[ $RSYNC_SSL_TYPE == openssl ]]; then
--	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
-+	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
-     elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
- 	exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
-     else

backport-Work-around-glibc-lchmod-issue-a-better-way.patch

@@ -1,65 +0,0 @@
-From 9dd62525f3b98d692e031f22c02be8f775966503 Mon Sep 17 00:00:00 2001
-From: Wayne Davison <wayne@opencoder.net>
-Date: Sun, 29 Nov 2020 09:33:54 -0800
-Subject: [PATCH] Work around glibc's lchmod() issue a better way.
-
----
- syscall.c    | 34 +++++++++++++++++++++-------------
- 1 files changed, 21 insertions(+), 13 deletions(-)
-
-diff --git a/syscall.c b/syscall.c
-index b9c3b4e..11d10e4 100644
---- a/syscall.c
-+++ b/syscall.c
-@@ -227,27 +227,35 @@ int do_open(const char *pathname, int flags, mode_t mode)
- #ifdef HAVE_CHMOD
- int do_chmod(const char *path, mode_t mode)
- {
-+	static int switch_step = 0;
- 	int code;
- 	if (dry_run) return 0;
- 	RETURN_ERROR_IF_RO_OR_LO;
-+	switch (switch_step) {
- #ifdef HAVE_LCHMOD
--	code = lchmod(path, mode & CHMOD_BITS);
--#else
--	if (S_ISLNK(mode)) {
-+#include "case_N.h"
-+		if ((code = lchmod(path, mode & CHMOD_BITS)) == 0 || errno != ENOTSUP)
-+			break;
-+		switch_step++;
-+#endif
-+
-+#include "case_N.h"
-+		if (S_ISLNK(mode)) {
- # if defined HAVE_SETATTRLIST
--		struct attrlist attrList;
--		uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
-+			struct attrlist attrList;
-+			uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
- 
--		memset(&attrList, 0, sizeof attrList);
--		attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
--		attrList.commonattr = ATTR_CMN_ACCESSMASK;
--		code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
-+			memset(&attrList, 0, sizeof attrList);
-+			attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
-+			attrList.commonattr = ATTR_CMN_ACCESSMASK;
-+			code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
- # else
--		code = 1;
-+			code = 1;
- # endif
--	} else
--		code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
--#endif /* !HAVE_LCHMOD */
-+		} else
-+			code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
-+		break;
-+	}
- 	if (code != 0 && (preserve_perms || preserve_executability))
- 		return code;
- 	return 0;
--- 
-1.8.3.1
-

rsync.spec

@@ -1,16 +1,15 @@
 Name:           rsync
-Version:        3.2.3
+Version:        3.2.5
-Release:        2
+Release:        1
 Summary:        Fast incremental file transfer utility
 License:        GPLv3+
 URL:            http://rsync.samba.org/
-Source0:        https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
+Source0:        https://download.samba.org/pub/rsync/src/rsync-%{version}.tar.gz
-Source1:        https://download.samba.org/pub/rsync/src/rsync-patches-%{version}.tar.gz
+Source1:        rsyncd.socket
-Source2:        rsyncd.socket
+Source2:        rsyncd.service
-Source3:        rsyncd.service
+Source3:        rsyncd.conf
-Source4:        rsyncd.conf
+Source4:        rsyncd.sysconfig
-Source5:        rsyncd.sysconfig
+Source5:        rsyncd@.service
-Source6:        rsyncd@.service
 
 BuildRequires:  git gcc systemd libacl-devel libattr-devel autoconf popt-devel
 BuildRequires:  lz4-devel openssl-devel libzstd-devel
@@ -18,9 +17,6 @@ Provides:       bundled(zlib) = 1.2.8 rsync-daemon
 Obsoletes:      rsync-daemon
 %{?systemd_requires}
 
-Patch1: backport-Work-around-glibc-lchmod-issue-a-better-way.patch
-Patch2: backport-CVE-2020-14387-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch
-
 %description
 Rsync is an open source utility that provides fast incremental file transfer.
 It uses the "rsync algorithm" which provides a very fast method for bringing
@@ -31,9 +27,7 @@ at one of the ends of the link beforehand.
 %package_help
 
 %prep
-%autosetup -b 1 -n %{name}-%{version} -p1
+%autosetup -n %{name}-%{version} -p1
-
-patch -p1 -i patches/copy-devices.diff
 
 %build
 %configure --disable-xxhash
@@ -46,11 +40,11 @@ chmod -x support/*
 %install
 %make_install
 
-install -D -m644 %{SOURCE2} %{buildroot}/%{_unitdir}/rsyncd.socket
+install -D -m644 %{SOURCE1} %{buildroot}/%{_unitdir}/rsyncd.socket
-install -D -m644 %{SOURCE3} %{buildroot}/%{_unitdir}/rsyncd.service
+install -D -m644 %{SOURCE2} %{buildroot}/%{_unitdir}/rsyncd.service
-install -D -m644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/rsyncd.conf
+install -D -m644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/rsyncd.conf
-install -D -m644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/sysconfig/rsyncd
+install -D -m644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/rsyncd
-install -D -m644 %{SOURCE6} %{buildroot}/%{_unitdir}/rsyncd@.service
+install -D -m644 %{SOURCE5} %{buildroot}/%{_unitdir}/rsyncd@.service
 
 %pre
 
@@ -80,6 +74,10 @@ install -D -m644 %{SOURCE6} %{buildroot}/%{_unitdir}/rsyncd@.service
 %{_mandir}/man5/rsyncd.conf.5*
 
 %changelog
+* Thu Aug 18 2022 fuanan <fuanan3@h-partners.com> - 3.2.5-1
+- Update version to 3.2.5
+- Fix CVE-2022-29154,CVE-2022-37434
+
 * Fri Jun 18 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 3.2.3-2
 - Type:bugfix
 - ID:NA