Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/net-misc
diff options
context:
space:
mode:
authorStuart Shelton <stuart@shelton.me>2017-12-20 15:55:21 +0000
committerStuart Shelton <stuart@shelton.me>2017-12-20 15:55:21 +0000
commit525636b8f3b4cc0c8214a95ed73ae25a43577057 (patch)
tree1b92360ea13cfabe31897740186918eb9478c3f9 /net-misc
parentAdd mail-client/roundcube-1.3.3-r1 (diff)
downloadsrcshelton-525636b8f3b4cc0c8214a95ed73ae25a43577057.tar.gz
srcshelton-525636b8f3b4cc0c8214a95ed73ae25a43577057.tar.bz2
srcshelton-525636b8f3b4cc0c8214a95ed73ae25a43577057.zip
Add net-misc/rsync-3.1.2-r2
Diffstat (limited to 'net-misc')
-rw-r--r--net-misc/rsync/Manifest5
-rw-r--r--net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433-fixup.patch33
-rw-r--r--net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433.patch39
-rw-r--r--net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part1.patch22
-rw-r--r--net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part2.patch33
-rw-r--r--net-misc/rsync/rsync-3.1.2-r2.ebuild95
6 files changed, 227 insertions, 0 deletions
diff --git a/net-misc/rsync/Manifest b/net-misc/rsync/Manifest
index 138ea822..475d9bdf 100644
--- a/net-misc/rsync/Manifest
+++ b/net-misc/rsync/Manifest
@@ -1,4 +1,8 @@
AUX rsync-3.1.2-CVE-2017-16548.patch 770 SHA256 ea290d26365670f1f641e3c43e352340e3fdb337795472b03a24d38c9dd8017c SHA512 6b000e1e13f48050e0cea2ff3741d48d73694601911d961baf41d4a2d8571c2385e90dde2054e4f400767cfc3488d805d19d239c30e1049783efce1151a8a0aa WHIRLPOOL 48437e9d94cb7d43cd2eae08c7be594b848d1548629a1ed25bac512aa5d64e62becd5cdfec9ec3b4845c778e4b75a95ae74804ebe9d5b0c5753d15424c8b5580
+AUX rsync-3.1.2-CVE-2017-17433-fixup.patch 1303 SHA256 e37a26c1b069016fcb3112fa73242b0994b3020a2bd39faed675b44635e80c89 SHA512 63ebdf107f18f4bcad0eeed6d230e8aba93dcb4555b46e05566bc256fbd761122675a4bba29bce75f97e927ec6f82336e0445998277b8eb9d1b4414e1e0fcb47 WHIRLPOOL 289e8aef6ad4c1afa1c1edea9c564752a162571d85806546d7424ed395fec0efd136acc37a7542590ba4e87c75066985a02053d1814b577488db48409c7ec927
+AUX rsync-3.1.2-CVE-2017-17433.patch 1243 SHA256 91085c90f82fc911da3f261512a464133ed975d59f928ce68c7d6f54a8c2dffe SHA512 424ce1c502250d7ac21666ef933cb481c30aebb46249bd62f90af80b714a1409df4888cba91af9d9681947e1eab36d69e191e4fc01a75699b6895af624f7e833 WHIRLPOOL e1ba410dd4dbf589ba4fb31937494429dc6c3d8742025e29eb0425e5182fda4754315da5ce97c4a14df37551fd58fd492fef0ff6585614fe0cf24a1ec7fa8c5e
+AUX rsync-3.1.2-CVE-2017-17434-part1.patch 774 SHA256 278259e1557fde3aa7b8c20d2a38975a955f39b9e4bf4cfc9851f15c91a707aa SHA512 977d5fd31c063f6130f20f3b0c3453c8cb4cf5891fc54be2c661c8e89c19a353b4cfbffd934ee80bf44e4de81d1f4a29fa0f8ae01a2d0a9777c081396a87cbdd WHIRLPOOL 5f941d2e6a117ce416e25343c95abcb4e66700a90c2934d8abc1fbb39482291d22defd36ca6f1da843e79487060a9ed345d7d38d1ece00e4c07f21cdf6db504a
+AUX rsync-3.1.2-CVE-2017-17434-part2.patch 1026 SHA256 93364775523b0a6987bdd70bf58a6d0df48f4138ee35327b7a0a1b2ab1bdb445 SHA512 70f94901a0d2762c22c922bd9999c92562a459cc7169392fd67d187570278f6f51cda2c8eec3a59920f48be01f2a12cda6151a07864a4f9a961decf3592e7485 WHIRLPOOL c2a06f9b8219e42c6d29751a7bf1228834896a0461efa6802c2f4b28884be7e8042df6ccbad88a62b7559cce25ed390fdb8d1238bcd70aab9643969238d738d9
AUX rsyncd.conf-3.0.9-r1 453 SHA256 fff0bc9e6ca76c92d07d4d048e9f93000b0b47301eba71a82af86941b8f30c4b SHA512 9bc723c6d026f42fe53ffc8a1476d9cf85a14f17393686898a5765bd857883bc74056d1efc28265830a9dc35789e69f9680e50b180e31681f725b36388bc4fb1 WHIRLPOOL 6075d5c5a0615e85d2495c8143a4d118f866ec0f725155c2c40203fbfdfc1779bda5a1f397138212d231f215886023d51b153d1715d197ec4b2f4bc75a5563f8
AUX rsyncd.conf.d 149 SHA256 de758791b16b89a648c01867af7f51bc9bd44e40cbe868e439b753ff5d9572e5 SHA512 8ea9a2f1fea508fa132313fa16513eac84a9ed3ce75741c42769b56bbcd3f1bd2eb8bfdfe40a6c7f619e4281e8fc8d95d1bd84096d0b64aaacf606cd614ae5b3 WHIRLPOOL ac5098df8772c66d4d8070fbefe0194d8c44345d14a547f2cd59737f2dcb2023b59285117b07bbc2d711302f7736dd761d5e5498913c1878c3512d9fb5d5e36e
AUX rsyncd.init.d-r1 247 SHA256 fc6240c77448d36cf3255e6c264737a6ce69424b5b62d0986eb322c4d8a1a85b SHA512 df2ef4d9e65fa72daa9a7d91d69a06027d0e0fbc48f9ebd485e2d51990c8d00985b7ccf41314f984975e8073e2075bbdfe5543754718381497c334dc7d96451a WHIRLPOOL cd5186d0754f51c1f0298cba332c571d0dbcfea1840a7dfef7139bfb835694bd550362c57ec2be19b15fa30f554303b65eae09a7a709cd3800648d53156d927c
@@ -9,4 +13,5 @@ DIST rsync-3.1.1.tar.gz 890124 SHA256 7de4364fcf5fe42f3bdb514417f1c40d10bbca896a
DIST rsync-3.1.2.tar.gz 892724 SHA256 ecfa62a7fa3c4c18b9eccd8c16eaddee4bd308a76ea50b5c02a5840f09c0a1c2 SHA512 4c55fd69f436ead0cb5a0b7c6fdfef9bb28ddb9c63534eb619e756b118d5b08cfc5e696498650932c86e865b37e06633da947e6720ca0c27ed5c034313ae208b WHIRLPOOL ba793bfc7f0bdd70dba812a4a782c6ed703c7e83e2d04ca714e67e6153b31f6fc49e224ef7622bf5abb1e0ba0f633bc88b2640548028944b5dfa0443ae8c585e
EBUILD rsync-3.1.1.ebuild 2430 SHA256 f93520e4c577f7c8581d44233ea5f1d95ada5d7e2eae836cdf5a6ebebb8f23c4 SHA512 8674f3c66cb7b7cdf8366afaaec18d8a8ceb53f4a12d2f08a5d4f01e4511c355e0393db674c5b3796bf5401031f6329fae986108e47f38086283c4344ea9c8cb WHIRLPOOL 985759676942331e4c0bc8767e054c919f1b126eddd29bd69643589c34d7446caf82ca610cdb3f85085f066cd484a7879fd1bd4d094a7ed77af3701744968add
EBUILD rsync-3.1.2-r1.ebuild 2892 SHA256 9681b5ee2136b92e9c875caacb2a3f2749421b179a3a1e9852fbb62605e6eb77 SHA512 d2118f919d83166b397f595b8c82ba68beda5a5b73fc96077801c6e1d6bed533f71f18671474db5a4c880b53f86c75123a3c63f64ddc5d70e2d2c9d5efffee65 WHIRLPOOL 590c412a92b3a7cddca430b2d2c636f682829cd4c611e548fc7fe67030b50b4f28a904c50ab471a3db5ec52add71cf34b3643b7112c08537517551aea175df62
+EBUILD rsync-3.1.2-r2.ebuild 3109 SHA256 f8dfac078d88c23cc2a3a8b57a59b0edf2a0860739463621f86b4428b1c66cd1 SHA512 274187adfeb2a29714b3172ff6f91d66918a4c700ef00d21e6835cf73c819f3589b49c1af1eecd41e556846d937b21615cbae60e9d0835a795811994e0808792 WHIRLPOOL ab30cc18d2aa376c644dd4900bcf114601c7cd124a83ce4f7dbcae2056ce9f2340a41cc0e8dd4114f36b0b1a6d8bb1b84987155156462bec89f54e90d7125a98
EBUILD rsync-3.1.2.ebuild 2863 SHA256 72455988917433fcd70dc77bf64d10eeff470dd5540a48940acfb70555a5c3da SHA512 967de4dee8dd94735494b173e5727895ce12ac1ee1de3fc125fc2ca61659c56fc6a18a29a9336c2317a0a94ee5b75217507b3f2f0f96bb220bb77773640e07fd WHIRLPOOL 275028c7544619711978a76a980ed75ef3599b1e00c0b089b1803d6dd6ae9a936570d607b281feb06ee96246d99348aacbd12c285c12e551f8a28352aaf00dbb
diff --git a/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433-fixup.patch b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433-fixup.patch
new file mode 100644
index 00000000..0cc9b825
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433-fixup.patch
@@ -0,0 +1,33 @@
+From: Wayne Davison <wayned@samba.org>
+Date: Sun, 3 Dec 2017 23:49:56 +0000 (-0800)
+Subject: Fix issue with earlier path-check (fixes "make check")
+X-Git-Url: https://git.samba.org/?p=rsync.git;a=commitdiff_plain;h=f5e8a17e093065fb20fea00a29540fe2c7896441;hp=5509597decdbd7b91994210f700329d8a35e70a1
+
+Fix issue with earlier path-check (fixes "make check")
+---
+
+diff --git a/receiver.c b/receiver.c
+index 9c46242..75cb00d 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -574,15 +574,15 @@ int recv_files(int f_in, int f_out, char *local_name)
+ file = dir_flist->files[cur_flist->parent_ndx];
+ fname = local_name ? local_name : f_name(file, fbuf);
+
+- if (daemon_filter_list.head
+- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
++ if (DEBUG_GTE(RECV, 1))
++ rprintf(FINFO, "recv_files(%s)\n", fname);
++
++ if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0')
++ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+ rprintf(FERROR, "attempt to hack rsync failed.\n");
+ exit_cleanup(RERR_PROTOCOL);
+ }
+
+- if (DEBUG_GTE(RECV, 1))
+- rprintf(FINFO, "recv_files(%s)\n", fname);
+-
+ #ifdef SUPPORT_XATTRS
+ if (preserve_xattrs && iflags & ITEM_REPORT_XATTR && do_xfers
+ && !(want_xattr_optim && BITS_SET(iflags, ITEM_XNAME_FOLLOWS|ITEM_LOCAL_CHANGE)))
diff --git a/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433.patch b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433.patch
new file mode 100644
index 00000000..0ab8de1f
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433.patch
@@ -0,0 +1,39 @@
+From 3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 2 Nov 2017 23:44:19 -0700
+Subject: [PATCH] Check fname in recv_files sooner.
+
+---
+ receiver.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+Index: rsync-3.1.2/receiver.c
+===================================================================
+--- rsync-3.1.2.orig/receiver.c
++++ rsync-3.1.2/receiver.c
+@@ -580,6 +580,12 @@ int recv_files(int f_in, int f_out, char
+ file = dir_flist->files[cur_flist->parent_ndx];
+ fname = local_name ? local_name : f_name(file, fbuf);
+
++ if (daemon_filter_list.head
++ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
++ rprintf(FERROR, "attempt to hack rsync failed.\n");
++ exit_cleanup(RERR_PROTOCOL);
++ }
++
+ if (DEBUG_GTE(RECV, 1))
+ rprintf(FINFO, "recv_files(%s)\n", fname);
+
+@@ -651,12 +657,6 @@ int recv_files(int f_in, int f_out, char
+
+ cleanup_got_literal = 0;
+
+- if (daemon_filter_list.head
+- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+- rprintf(FERROR, "attempt to hack rsync failed.\n");
+- exit_cleanup(RERR_PROTOCOL);
+- }
+-
+ if (read_batch) {
+ int wanted = redoing
+ ? we_want_redo(ndx)
diff --git a/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part1.patch b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part1.patch
new file mode 100644
index 00000000..aeb8c2ee
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part1.patch
@@ -0,0 +1,22 @@
+From 5509597decdbd7b91994210f700329d8a35e70a1 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 16 Nov 2017 17:26:03 -0800
+Subject: [PATCH] Check daemon filter against fnamecmp in recv_files().
+
+---
+ receiver.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: rsync-3.1.2/receiver.c
+===================================================================
+--- rsync-3.1.2.orig/receiver.c
++++ rsync-3.1.2/receiver.c
+@@ -728,7 +728,7 @@ int recv_files(int f_in, int f_out, char
+ break;
+ }
+ if (!fnamecmp || (daemon_filter_list.head
+- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0)) {
++ && check_filter(&daemon_filter_list, FLOG, fnamecmp, 0) < 0)) {
+ fnamecmp = fname;
+ fnamecmp_type = FNAMECMP_FNAME;
+ }
diff --git a/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part2.patch b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part2.patch
new file mode 100644
index 00000000..5b94efa0
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part2.patch
@@ -0,0 +1,33 @@
+From 70aeb5fddd1b2f8e143276f8d5a085db16c593b9 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 16 Nov 2017 17:05:42 -0800
+Subject: [PATCH] Sanitize xname in read_ndx_and_attrs.
+
+---
+ rsync.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+Index: rsync-3.1.2/rsync.c
+===================================================================
+--- rsync-3.1.2.orig/rsync.c
++++ rsync-3.1.2/rsync.c
+@@ -50,6 +50,7 @@ extern int flist_eof;
+ extern int file_old_total;
+ extern int keep_dirlinks;
+ extern int make_backups;
++extern int sanitize_paths;
+ extern struct file_list *cur_flist, *first_flist, *dir_flist;
+ extern struct chmod_mode_struct *daemon_chmod_modes;
+ #ifdef ICONV_OPTION
+@@ -397,6 +398,11 @@ int read_ndx_and_attrs(int f_in, int f_o
+ if (iflags & ITEM_XNAME_FOLLOWS) {
+ if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0)
+ exit_cleanup(RERR_PROTOCOL);
++
++ if (sanitize_paths) {
++ sanitize_path(buf, buf, "", 0, SP_DEFAULT);
++ len = strlen(buf);
++ }
+ } else {
+ *buf = '\0';
+ len = -1;
diff --git a/net-misc/rsync/rsync-3.1.2-r2.ebuild b/net-misc/rsync/rsync-3.1.2-r2.ebuild
new file mode 100644
index 00000000..80cafe32
--- /dev/null
+++ b/net-misc/rsync/rsync-3.1.2-r2.ebuild
@@ -0,0 +1,95 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic prefix systemd
+
+DESCRIPTION="File transfer program to keep remote files into sync"
+HOMEPAGE="https://rsync.samba.org/"
+SRC_URI="https://rsync.samba.org/ftp/rsync/src/${P}.tar.gz"
+[[ "${PV}" = *_pre* ]] && SRC_URI="https://rsync.samba.org/ftp/rsync/src-previews/${P/_/}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+if [[ ${PV} != *_pre ]] ; then
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
+IUSE="acl examples iconv ipv6 static stunnel systemd xattr"
+
+LIB_DEPEND="acl? ( virtual/acl[static-libs(+)] )
+ xattr? ( kernel_linux? ( sys-apps/attr[static-libs(+)] ) )
+ >=dev-libs/popt-1.5[static-libs(+)]"
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+ iconv? ( virtual/libiconv )"
+DEPEND="${RDEPEND}
+ static? ( ${LIB_DEPEND} )"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-3.1.2-CVE-2017-16548.patch
+ "${FILESDIR}"/${PN}-3.1.2-CVE-2017-17433.patch
+ "${FILESDIR}"/${PN}-3.1.2-CVE-2017-17434-part1.patch
+ "${FILESDIR}"/${PN}-3.1.2-CVE-2017-17434-part2.patch
+ "${FILESDIR}"/${PN}-3.1.2-CVE-2017-17433-fixup.patch
+)
+
+S=${WORKDIR}/${P/_/}
+
+src_configure() {
+ use static && append-ldflags -static
+ econf \
+ --without-included-popt \
+ $(use_enable acl acl-support) \
+ $(use_enable xattr xattr-support) \
+ $(use_enable ipv6) \
+ $(use_enable iconv) \
+ --with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
+ touch proto.h-tstamp #421625
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
+ newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
+ dodoc NEWS OLDNEWS README TODO tech_report.tex
+ insinto /etc
+ newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/rsyncd.logrotate rsyncd
+
+ insinto /etc/xinetd.d
+ newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
+
+ # Install stunnel helpers
+ if use stunnel ; then
+ emake DESTDIR="${D}" install-ssl-client
+ emake DESTDIR="${D}" install-ssl-daemon
+ fi
+
+ # Install the useful contrib scripts
+ if use examples ; then
+ exeinto /usr/share/rsync
+ doexe support/*
+ rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
+ fi
+
+ eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
+
+ use systemd && systemd_dounit "${FILESDIR}/rsyncd.service"
+}
+
+pkg_postinst() {
+ if egrep -qis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+ "${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
+ ewarn "You have disabled chroot support in your rsyncd.conf. This"
+ ewarn "is a security risk which you should fix. Please check your"
+ ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
+ fi
+ if use stunnel ; then
+ einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
+ einfo
+ einfo "You maybe have to update the certificates configured in"
+ einfo "${EROOT}/etc/stunnel/rsync.conf"
+ fi
+}