summaryrefslogtreecommitdiff
path: root/net-misc/rsync
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2017-12-15 17:25:28 +0000
committerV3n3RiX <venerix@redcorelinux.org>2017-12-15 17:25:28 +0000
commit6b933047f46efec1aa747570f945344254227457 (patch)
treea12a4b87b38f954c4de435272cf4b90d721df5e8 /net-misc/rsync
parentf45955e60d4da9b7f4a1088c98042f9c06669039 (diff)
gentoo resync : 15.12.2017
Diffstat (limited to 'net-misc/rsync')
-rw-r--r--net-misc/rsync/Manifest7
-rw-r--r--net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433-fixup.patch33
-rw-r--r--net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433.patch39
-rw-r--r--net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part1.patch22
-rw-r--r--net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part2.patch33
-rw-r--r--net-misc/rsync/rsync-3.1.2-r2.ebuild95
6 files changed, 228 insertions, 1 deletions
diff --git a/net-misc/rsync/Manifest b/net-misc/rsync/Manifest
index 53631e0da932..11c3f277e35a 100644
--- a/net-misc/rsync/Manifest
+++ b/net-misc/rsync/Manifest
@@ -1,11 +1,16 @@
AUX rsync-3.1.2-CVE-2017-16548.patch 770 BLAKE2B 1121869250bcf22b5b5aa133f44d49ca50a203d79a66cdcce1177f7b46cda77d8c747e340f9bfc22bac648ae025fece6ac6d4adc086d486a13aa84e9f0a11ca1 SHA512 6b000e1e13f48050e0cea2ff3741d48d73694601911d961baf41d4a2d8571c2385e90dde2054e4f400767cfc3488d805d19d239c30e1049783efce1151a8a0aa
+AUX rsync-3.1.2-CVE-2017-17433-fixup.patch 1303 BLAKE2B dfbec423114ff9925d9720b0448b168d70dd0e85b8857929abff7d7a1ddb1c6e4b4a08826e6e98620700c1d9a72d068688586fd0ec14cd537863b7e18974cd84 SHA512 63ebdf107f18f4bcad0eeed6d230e8aba93dcb4555b46e05566bc256fbd761122675a4bba29bce75f97e927ec6f82336e0445998277b8eb9d1b4414e1e0fcb47
+AUX rsync-3.1.2-CVE-2017-17433.patch 1243 BLAKE2B 137066fa687b0c0f03726151eac143f401cdebf7b7ce54ac8dbdf5f4261861b0a65a8d4f635292423e6bfcd765a402d7fa9014545b5b0e40972c8adc62e0ba22 SHA512 424ce1c502250d7ac21666ef933cb481c30aebb46249bd62f90af80b714a1409df4888cba91af9d9681947e1eab36d69e191e4fc01a75699b6895af624f7e833
+AUX rsync-3.1.2-CVE-2017-17434-part1.patch 774 BLAKE2B 659863169e2cb3ae6848bc9dfec771bb6a780c7056f3c27fd5ec1a891f0db2679ac01c5cd587215cf9729d2bf58e2f3b8246c13a57c793af443411aa231f353f SHA512 977d5fd31c063f6130f20f3b0c3453c8cb4cf5891fc54be2c661c8e89c19a353b4cfbffd934ee80bf44e4de81d1f4a29fa0f8ae01a2d0a9777c081396a87cbdd
+AUX rsync-3.1.2-CVE-2017-17434-part2.patch 1026 BLAKE2B 8b9472c6da4ae584ea665050aa1c6741d443e281bec56acef86b0296e60339e6beab0588ae01b8fe4a4f5c8731d497dede7dd818c1aafe405ae987fe44dc7cdf SHA512 70f94901a0d2762c22c922bd9999c92562a459cc7169392fd67d187570278f6f51cda2c8eec3a59920f48be01f2a12cda6151a07864a4f9a961decf3592e7485
AUX rsyncd.conf-3.0.9-r1 449 BLAKE2B 7cb543dc9430a05d21d10951c065ce588d8f774811b36d2380027bf18760776797d790f5c736eece3176a2dc206e695fc3486587dd8a92fbba96102e63dbf4e9 SHA512 8d51b452be88820c38639aa833490a001abc2edba03133441000634c2ec090d243598b0932fc11abdf1286afdab02eb6532df2b28a48bfde781c3a8b61fe8c6f
AUX rsyncd.conf.d 149 BLAKE2B fd2556d0c270c2baa83d4d474d44ab1d16e35f112279a339f179f9af693d977cc0863bf4cd7139363c58e4e6a1a18a24c06474ecc248167224261dbaf04ae0a8 SHA512 8ea9a2f1fea508fa132313fa16513eac84a9ed3ce75741c42769b56bbcd3f1bd2eb8bfdfe40a6c7f619e4281e8fc8d95d1bd84096d0b64aaacf606cd614ae5b3
AUX rsyncd.init.d-r1 247 BLAKE2B ec4f7a875a51bae10cff7e15df18d285b01dddaa99a03127ba242ec535b7c8a3af3ad4489661ba7b5f6b074e2af38b12da394c0f8992bd28328d807a89757bb0 SHA512 df2ef4d9e65fa72daa9a7d91d69a06027d0e0fbc48f9ebd485e2d51990c8d00985b7ccf41314f984975e8073e2075bbdfe5543754718381497c334dc7d96451a
AUX rsyncd.logrotate 105 BLAKE2B 82430036a5ca123ba20bc80040e98869734b3b397440968909e9ee0f109b9151de8157427b0aa8fb0ed89fa6cc4cab6ac6e0a9986c076531cd4aa87bea4e2d25 SHA512 b8d6c0bb467a5c963317dc55478d2c10874564cd264d943d4a42037e2fce134fe001fabc92af5c6b5775e84dc310b1c8da147afaa61c99e5663c36580d8651a5
AUX rsyncd.service 206 BLAKE2B 3b8bf9165d2410f731c5c2a63fdb5553708aa6aca0fed99acefb38c16b8ae9430a5257440c070b88b71a1295cc6360d89458e1b6696ec9897e722699f162769e SHA512 b848a13856027e4fe1fd206a2aeb32854abd73beb31ebad7ac62c36b433e65507bbb5eef3901a42f46e70a4e887c7f9013617f19712e160ce155f3cb83bfc625
AUX rsyncd.xinetd-3.0.9-r1 194 BLAKE2B 8e3edf4831e020451ba1886e2e8ae86e576016aabcaaf8e84c48adb15ba6a2e8d8c58098af2757011ea4f84fbfd758029d905fb8f5ed21bcc5ac34c3baae2a9c SHA512 fc053fc4748950343e866cc95284d037156a953454e4294d775f01f059e96e805582688bf1de5c965836889192ce4a663ec740e6ec2265406e509c5c6d6c3215
-DIST rsync-3.1.2.tar.gz 892724 SHA256 ecfa62a7fa3c4c18b9eccd8c16eaddee4bd308a76ea50b5c02a5840f09c0a1c2 SHA512 4c55fd69f436ead0cb5a0b7c6fdfef9bb28ddb9c63534eb619e756b118d5b08cfc5e696498650932c86e865b37e06633da947e6720ca0c27ed5c034313ae208b WHIRLPOOL ba793bfc7f0bdd70dba812a4a782c6ed703c7e83e2d04ca714e67e6153b31f6fc49e224ef7622bf5abb1e0ba0f633bc88b2640548028944b5dfa0443ae8c585e
+DIST rsync-3.1.2.tar.gz 892724 BLAKE2B e366514ae9835ba7c201a9e09fb9342c5e52fa36d45d46300d080403de25a64ba3ed7a703e56b4f47a743a597694a2d0a50bb4bab6cfa0aa7b59a4f7b93b9f21 SHA512 4c55fd69f436ead0cb5a0b7c6fdfef9bb28ddb9c63534eb619e756b118d5b08cfc5e696498650932c86e865b37e06633da947e6720ca0c27ed5c034313ae208b
EBUILD rsync-3.1.2-r1.ebuild 2869 BLAKE2B 039b1290b3e5ae9ea76f2d0ae1f8a7f31cb5044a456feeac3a81f450ef6482a145d98b3b9ba611baee40de96fdd266b09ade4a010d5f1aa4769f3add743f3bf2 SHA512 3ebd1ea8837837474c7bd3a791e4b9961470cb52eef482ea2c0b19250bfac98f7b92467299f3c415a56ff5575aef7d9939d09b5b7ad6cf4d461d6ae2a9fb643b
+EBUILD rsync-3.1.2-r2.ebuild 3086 BLAKE2B d41f9189111dc0bee985e6adc32032ab1b199843b76767ea257681894c7c86527c0d3122545680779f5303ad3c9c3ecfb57e876b724ec0be91b80ee3969d08a1 SHA512 70d6331bf555f91b0a1cce977529c535ce854912fd1a722bdd5b0ed14635e2ca47fc2b44236464c1d7777166db293902b27330b101d1918aa5d6d15f865f0586
EBUILD rsync-3.1.2.ebuild 2840 BLAKE2B 2ee399fcfa6ed8b11b2446178653d3ae55a4bd2f920f4ca5430f397741f9161ce6ccfd472030e7f008225fa28f9886d92751767be5b2213a5f0706207f9c448a SHA512 2f0998787e96cfbb29398923998905fc029520a1352ae4420561471f8342e3876e0ed9dec935d4d5677bed2693aa6aa810b7f713914633ba97676a2dfa1edcb1
MISC metadata.xml 449 BLAKE2B 961dae7e8c69c0d452c9eedf67223d14ff8ff481821206d6fe2daed3a23a0da704155d61339b0d32182e5ba9195ff25b3383bd90945ea474b21da7f66f09c77f SHA512 1c0f031c078a7c22b8375b093dcd241e139ca86a61e2d463d9d01946b57b24dff29ab489ac063b70d210d1306106896fe77bd9678331d5954ef3182222d4f920
diff --git a/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433-fixup.patch b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433-fixup.patch
new file mode 100644
index 000000000000..0cc9b8256dd2
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433-fixup.patch
@@ -0,0 +1,33 @@
+From: Wayne Davison <wayned@samba.org>
+Date: Sun, 3 Dec 2017 23:49:56 +0000 (-0800)
+Subject: Fix issue with earlier path-check (fixes "make check")
+X-Git-Url: https://git.samba.org/?p=rsync.git;a=commitdiff_plain;h=f5e8a17e093065fb20fea00a29540fe2c7896441;hp=5509597decdbd7b91994210f700329d8a35e70a1
+
+Fix issue with earlier path-check (fixes "make check")
+---
+
+diff --git a/receiver.c b/receiver.c
+index 9c46242..75cb00d 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -574,15 +574,15 @@ int recv_files(int f_in, int f_out, char *local_name)
+ file = dir_flist->files[cur_flist->parent_ndx];
+ fname = local_name ? local_name : f_name(file, fbuf);
+
+- if (daemon_filter_list.head
+- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
++ if (DEBUG_GTE(RECV, 1))
++ rprintf(FINFO, "recv_files(%s)\n", fname);
++
++ if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0')
++ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+ rprintf(FERROR, "attempt to hack rsync failed.\n");
+ exit_cleanup(RERR_PROTOCOL);
+ }
+
+- if (DEBUG_GTE(RECV, 1))
+- rprintf(FINFO, "recv_files(%s)\n", fname);
+-
+ #ifdef SUPPORT_XATTRS
+ if (preserve_xattrs && iflags & ITEM_REPORT_XATTR && do_xfers
+ && !(want_xattr_optim && BITS_SET(iflags, ITEM_XNAME_FOLLOWS|ITEM_LOCAL_CHANGE)))
diff --git a/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433.patch b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433.patch
new file mode 100644
index 000000000000..0ab8de1fce3b
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433.patch
@@ -0,0 +1,39 @@
+From 3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 2 Nov 2017 23:44:19 -0700
+Subject: [PATCH] Check fname in recv_files sooner.
+
+---
+ receiver.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+Index: rsync-3.1.2/receiver.c
+===================================================================
+--- rsync-3.1.2.orig/receiver.c
++++ rsync-3.1.2/receiver.c
+@@ -580,6 +580,12 @@ int recv_files(int f_in, int f_out, char
+ file = dir_flist->files[cur_flist->parent_ndx];
+ fname = local_name ? local_name : f_name(file, fbuf);
+
++ if (daemon_filter_list.head
++ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
++ rprintf(FERROR, "attempt to hack rsync failed.\n");
++ exit_cleanup(RERR_PROTOCOL);
++ }
++
+ if (DEBUG_GTE(RECV, 1))
+ rprintf(FINFO, "recv_files(%s)\n", fname);
+
+@@ -651,12 +657,6 @@ int recv_files(int f_in, int f_out, char
+
+ cleanup_got_literal = 0;
+
+- if (daemon_filter_list.head
+- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+- rprintf(FERROR, "attempt to hack rsync failed.\n");
+- exit_cleanup(RERR_PROTOCOL);
+- }
+-
+ if (read_batch) {
+ int wanted = redoing
+ ? we_want_redo(ndx)
diff --git a/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part1.patch b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part1.patch
new file mode 100644
index 000000000000..aeb8c2ee33cb
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part1.patch
@@ -0,0 +1,22 @@
+From 5509597decdbd7b91994210f700329d8a35e70a1 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 16 Nov 2017 17:26:03 -0800
+Subject: [PATCH] Check daemon filter against fnamecmp in recv_files().
+
+---
+ receiver.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: rsync-3.1.2/receiver.c
+===================================================================
+--- rsync-3.1.2.orig/receiver.c
++++ rsync-3.1.2/receiver.c
+@@ -728,7 +728,7 @@ int recv_files(int f_in, int f_out, char
+ break;
+ }
+ if (!fnamecmp || (daemon_filter_list.head
+- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0)) {
++ && check_filter(&daemon_filter_list, FLOG, fnamecmp, 0) < 0)) {
+ fnamecmp = fname;
+ fnamecmp_type = FNAMECMP_FNAME;
+ }
diff --git a/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part2.patch b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part2.patch
new file mode 100644
index 000000000000..5b94efa0c1a8
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part2.patch
@@ -0,0 +1,33 @@
+From 70aeb5fddd1b2f8e143276f8d5a085db16c593b9 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 16 Nov 2017 17:05:42 -0800
+Subject: [PATCH] Sanitize xname in read_ndx_and_attrs.
+
+---
+ rsync.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+Index: rsync-3.1.2/rsync.c
+===================================================================
+--- rsync-3.1.2.orig/rsync.c
++++ rsync-3.1.2/rsync.c
+@@ -50,6 +50,7 @@ extern int flist_eof;
+ extern int file_old_total;
+ extern int keep_dirlinks;
+ extern int make_backups;
++extern int sanitize_paths;
+ extern struct file_list *cur_flist, *first_flist, *dir_flist;
+ extern struct chmod_mode_struct *daemon_chmod_modes;
+ #ifdef ICONV_OPTION
+@@ -397,6 +398,11 @@ int read_ndx_and_attrs(int f_in, int f_o
+ if (iflags & ITEM_XNAME_FOLLOWS) {
+ if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0)
+ exit_cleanup(RERR_PROTOCOL);
++
++ if (sanitize_paths) {
++ sanitize_path(buf, buf, "", 0, SP_DEFAULT);
++ len = strlen(buf);
++ }
+ } else {
+ *buf = '\0';
+ len = -1;
diff --git a/net-misc/rsync/rsync-3.1.2-r2.ebuild b/net-misc/rsync/rsync-3.1.2-r2.ebuild
new file mode 100644
index 000000000000..2464711b82f5
--- /dev/null
+++ b/net-misc/rsync/rsync-3.1.2-r2.ebuild
@@ -0,0 +1,95 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic prefix systemd
+
+DESCRIPTION="File transfer program to keep remote files into sync"
+HOMEPAGE="https://rsync.samba.org/"
+SRC_URI="https://rsync.samba.org/ftp/rsync/src/${P}.tar.gz"
+[[ "${PV}" = *_pre* ]] && SRC_URI="https://rsync.samba.org/ftp/rsync/src-previews/${P/_/}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+if [[ ${PV} != *_pre ]] ; then
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
+IUSE="acl examples iconv ipv6 static stunnel xattr"
+
+LIB_DEPEND="acl? ( virtual/acl[static-libs(+)] )
+ xattr? ( kernel_linux? ( sys-apps/attr[static-libs(+)] ) )
+ >=dev-libs/popt-1.5[static-libs(+)]"
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+ iconv? ( virtual/libiconv )"
+DEPEND="${RDEPEND}
+ static? ( ${LIB_DEPEND} )"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-3.1.2-CVE-2017-16548.patch
+ "${FILESDIR}"/${PN}-3.1.2-CVE-2017-17433.patch
+ "${FILESDIR}"/${PN}-3.1.2-CVE-2017-17434-part1.patch
+ "${FILESDIR}"/${PN}-3.1.2-CVE-2017-17434-part2.patch
+ "${FILESDIR}"/${PN}-3.1.2-CVE-2017-17433-fixup.patch
+)
+
+S=${WORKDIR}/${P/_/}
+
+src_configure() {
+ use static && append-ldflags -static
+ econf \
+ --without-included-popt \
+ $(use_enable acl acl-support) \
+ $(use_enable xattr xattr-support) \
+ $(use_enable ipv6) \
+ $(use_enable iconv) \
+ --with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
+ touch proto.h-tstamp #421625
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
+ newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
+ dodoc NEWS OLDNEWS README TODO tech_report.tex
+ insinto /etc
+ newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/rsyncd.logrotate rsyncd
+
+ insinto /etc/xinetd.d
+ newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
+
+ # Install stunnel helpers
+ if use stunnel ; then
+ emake DESTDIR="${D}" install-ssl-client
+ emake DESTDIR="${D}" install-ssl-daemon
+ fi
+
+ # Install the useful contrib scripts
+ if use examples ; then
+ exeinto /usr/share/rsync
+ doexe support/*
+ rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
+ fi
+
+ eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
+
+ systemd_dounit "${FILESDIR}/rsyncd.service"
+}
+
+pkg_postinst() {
+ if egrep -qis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+ "${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
+ ewarn "You have disabled chroot support in your rsyncd.conf. This"
+ ewarn "is a security risk which you should fix. Please check your"
+ ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
+ fi
+ if use stunnel ; then
+ einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
+ einfo
+ einfo "You maybe have to update the certificates configured in"
+ einfo "${EROOT}/etc/stunnel/rsync.conf"
+ fi
+}