On Wed, 31 Jan 2018 09:46:00 -0800, Bryan Vyhmeister <[email protected]> wrote:
> On Wed, Jan 31, 2018 at 12:39:42PM -0500, Daniel Jakots wrote: > > cvs rm -f /path/to/patch and then cvs diff ;) > > Thanks! That was exactly what I was missing. Updated diff with the > patches removed below. I don't know how you did the patch but I had to specify the patch files as it didn't find them. No worry though, I appreciate the effort. Here's a diff that should apply cleanly with also regenerated patches. <espie> anything actually new, or they're just folding patches ? -> there are: > ENHANCEMENTS: > > - Added the ability for rsync to compare nanosecond times in its > file-check comparisons, and added support nanosecond times on Mac OS > X. > - Added a short-option (-@) for --modify-window. > - Added the --checksum-choice=NAME[,NAME] option to choose the > checksum algorithms. > - Added hashing of xattr names (with using -X) to improve the > handling of files with large numbers of xattrs. > - Added a way to filter xattr names using include/exclude/filter > rules (see the --xattrs option in the manpage for details). > - Added "daemon chroot|uid|gid" to the daemon config (in addition > to the old chroot|uid|gid settings that affect the daemon's transfer > process). > - Added "syslog tag" to the daemon configuration. > - Some manpage improvements. other than that NEWS is filled with security fixes and bug fixes. Cheers, Daniel Index: Makefile =================================================================== RCS file: /cvs/ports/net/rsync/Makefile,v retrieving revision 1.79 diff -u -p -r1.79 Makefile --- Makefile 11 Jan 2018 19:27:07 -0000 1.79 +++ Makefile 5 Feb 2018 13:45:21 -0000 @@ -2,8 +2,7 @@ COMMENT = mirroring/synchronization over low bandwidth links -DISTNAME = rsync-3.1.2 -REVISION = 2 +DISTNAME = rsync-3.1.3 CATEGORIES = net HOMEPAGE = https://rsync.samba.org/ Index: distinfo =================================================================== RCS file: /cvs/ports/net/rsync/distinfo,v retrieving revision 1.28 diff -u -p -r1.28 distinfo --- distinfo 10 Jan 2016 21:36:22 -0000 1.28 +++ distinfo 5 Feb 2018 13:45:21 -0000 @@ -1,2 +1,2 @@ -SHA256 (rsync-3.1.2.tar.gz) = 7Ppip/o8TBi57M2MFurd7kvTCKdupQtcAqWEDwnAocI= -SIZE (rsync-3.1.2.tar.gz) = 892724 +SHA256 (rsync-3.1.3.tar.gz) = VcxVTv7F/arXDekhzVpe62wpqVUkxxXzu/hJI1sIAMA= +SIZE (rsync-3.1.3.tar.gz) = 905908 Index: patches/patch-receiver_c =================================================================== RCS file: patches/patch-receiver_c diff -N patches/patch-receiver_c --- patches/patch-receiver_c 19 Dec 2017 19:58:39 -0000 1.3 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,45 +0,0 @@ -$OpenBSD: patch-receiver_c,v 1.3 2017/12/19 19:58:39 danj Exp $ - -Backport from upstream -3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 -5509597decdbd7b91994210f700329d8a35e70a1 -f5e8a17e093065fb20fea00a29540fe2c7896441 - -Index: receiver.c ---- receiver.c.orig -+++ receiver.c -@@ -583,6 +583,12 @@ int recv_files(int f_in, int f_out, char *local_name) - if (DEBUG_GTE(RECV, 1)) - rprintf(FINFO, "recv_files(%s)\n", fname); - -+ if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0') -+ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { -+ rprintf(FERROR, "attempt to hack rsync failed.\n"); -+ exit_cleanup(RERR_PROTOCOL); -+ } -+ - #ifdef SUPPORT_XATTRS - if (preserve_xattrs && iflags & ITEM_REPORT_XATTR && do_xfers - && !(want_xattr_optim && BITS_SET(iflags, ITEM_XNAME_FOLLOWS|ITEM_LOCAL_CHANGE))) -@@ -651,12 +657,6 @@ int recv_files(int f_in, int f_out, char *local_name) - - cleanup_got_literal = 0; - -- if (daemon_filter_list.head -- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { -- rprintf(FERROR, "attempt to hack rsync failed.\n"); -- exit_cleanup(RERR_PROTOCOL); -- } -- - if (read_batch) { - int wanted = redoing - ? we_want_redo(ndx) -@@ -728,7 +728,7 @@ int recv_files(int f_in, int f_out, char *local_name) - break; - } - if (!fnamecmp || (daemon_filter_list.head -- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0)) { -+ && check_filter(&daemon_filter_list, FLOG, fnamecmp, 0) < 0)) { - fnamecmp = fname; - fnamecmp_type = FNAMECMP_FNAME; - } Index: patches/patch-rsync_1 =================================================================== RCS file: /cvs/ports/net/rsync/patches/patch-rsync_1,v retrieving revision 1.5 diff -u -p -r1.5 patch-rsync_1 --- patches/patch-rsync_1 10 Jan 2016 21:36:22 -0000 1.5 +++ patches/patch-rsync_1 5 Feb 2018 13:45:21 -0000 @@ -1,7 +1,8 @@ $OpenBSD: patch-rsync_1,v 1.5 2016/01/10 21:36:22 naddy Exp $ ---- rsync.1.orig Mon Dec 21 21:22:41 2015 -+++ rsync.1 Tue Dec 22 21:23:23 2015 -@@ -3917,7 +3917,7 @@ consult the remote shell\(cq\&s documentation. +Index: rsync.1 +--- rsync.1.orig ++++ rsync.1 +@@ -3990,7 +3990,7 @@ consult the remote shell\(cq\&s documentation. .IP "\fBUSER\fP or \fBLOGNAME\fP" The USER or LOGNAME environment variables are used to determine the default username sent to an rsync daemon. Index: patches/patch-rsync_c =================================================================== RCS file: patches/patch-rsync_c diff -N patches/patch-rsync_c --- patches/patch-rsync_c 19 Dec 2017 19:58:39 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,28 +0,0 @@ -$OpenBSD: patch-rsync_c,v 1.2 2017/12/19 19:58:39 danj Exp $ - -Backport from upstream -70aeb5fddd1b2f8e143276f8d5a085db16c593b9 - -Index: rsync.c ---- rsync.c.orig -+++ rsync.c -@@ -49,6 +49,7 @@ extern int flist_eof; - extern int file_old_total; - extern int keep_dirlinks; - extern int make_backups; -+extern int sanitize_paths; - extern struct file_list *cur_flist, *first_flist, *dir_flist; - extern struct chmod_mode_struct *daemon_chmod_modes; - #ifdef ICONV_OPTION -@@ -396,6 +397,11 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag - if (iflags & ITEM_XNAME_FOLLOWS) { - if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0) - exit_cleanup(RERR_PROTOCOL); -+ -+ if (sanitize_paths) { -+ sanitize_path(buf, buf, "", 0, SP_DEFAULT); -+ len = strlen(buf); -+ } - } else { - *buf = '\0'; - len = -1; Index: patches/patch-rsyncd_conf_5 =================================================================== RCS file: /cvs/ports/net/rsync/patches/patch-rsyncd_conf_5,v retrieving revision 1.6 diff -u -p -r1.6 patch-rsyncd_conf_5 --- patches/patch-rsyncd_conf_5 10 Jan 2016 21:36:22 -0000 1.6 +++ patches/patch-rsyncd_conf_5 5 Feb 2018 13:45:21 -0000 @@ -1,6 +1,7 @@ $OpenBSD: patch-rsyncd_conf_5,v 1.6 2016/01/10 21:36:22 naddy Exp $ ---- rsyncd.conf.5.orig Mon Dec 21 21:20:56 2015 -+++ rsyncd.conf.5 Tue Dec 22 21:23:23 2015 +Index: rsyncd.conf.5 +--- rsyncd.conf.5.orig ++++ rsyncd.conf.5 @@ -68,12 +68,11 @@ When run via inetd you should add a line like this to and a single line something like this to /etc/inetd.conf: .PP @@ -16,7 +17,7 @@ $OpenBSD: patch-rsyncd_conf_5,v 1.6 2016 reread its config file. .PP Note that you should \fBnot\fP send the rsync daemon a HUP signal to force -@@ -405,7 +404,7 @@ This parameter specifies the user name or user ID that +@@ -433,7 +432,7 @@ This parameter specifies the user name or user ID that file transfers to and from that module should take place as when the daemon was run as root. In combination with the \(dq\&gid\(dq\& parameter this determines what file permissions are available. The default when run by a super\-user is to @@ -25,7 +26,7 @@ $OpenBSD: patch-rsyncd_conf_5,v 1.6 2016 not try to change the user. See also the \(dq\&gid\(dq\& parameter. .IP The RSYNC_USER_NAME environment variable may be used to request that rsync run -@@ -424,7 +423,7 @@ used when accessing the module. The first one will be +@@ -452,7 +451,7 @@ used when accessing the module. The first one will be any extra ones be set as supplemental groups. You may also specify a \(dq\&*\(dq\& as the first gid in the list, which will be replaced by all the normal groups for the transfer\(cq\&s user (see \(dq\&uid\(dq\&). The default when run by a super\-user is to @@ -34,7 +35,7 @@ $OpenBSD: patch-rsyncd_conf_5,v 1.6 2016 supplementary groups. The default for a non\-super\-user is to not change any group attributes (and indeed, your OS may not allow a non\-super\-user to try to change their group settings). -@@ -584,7 +583,7 @@ require that you specify a group password if you do no +@@ -632,7 +631,7 @@ require that you specify a group password if you do no passwords. .IP There is no default for the \(dq\&secrets file\(dq\& parameter, you must choose a name @@ -43,7 +44,7 @@ $OpenBSD: patch-rsyncd_conf_5,v 1.6 2016 by \(dq\&other\(dq\&; see \(dq\&strict modes\(dq\&. If the file is not found or is rejected, no logins for a \(dq\&user auth\(dq\& module will be possible. .IP -@@ -985,8 +984,8 @@ A more sophisticated example would be: +@@ -1033,8 +1032,8 @@ A more sophisticated example would be: .PP .nf @@ -54,7 +55,7 @@ $OpenBSD: patch-rsyncd_conf_5,v 1.6 2016 use chroot = yes max connections = 4 syslog facility = local5 -@@ -1012,12 +1011,12 @@ pid file = /var/run/rsyncd.pid +@@ -1060,12 +1059,12 @@ pid file = /var/run/rsyncd.pid path = /data/cvs comment = CVS repository (requires authentication) auth users = tridge, susan @@ -69,7 +70,7 @@ $OpenBSD: patch-rsyncd_conf_5,v 1.6 2016 .PP .RS \f(CWtridge:mypass\fP -@@ -1030,7 +1029,7 @@ The /etc/rsyncd.secrets file would look something like +@@ -1078,7 +1077,7 @@ The /etc/rsyncd.secrets file would look something like .SH "FILES" .PP Index: patches/patch-xattrs_c =================================================================== RCS file: patches/patch-xattrs_c diff -N patches/patch-xattrs_c --- patches/patch-xattrs_c 19 Dec 2017 19:58:39 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,19 +0,0 @@ -$OpenBSD: patch-xattrs_c,v 1.1 2017/12/19 19:58:39 danj Exp $ - -Backport from upstream -47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 - -Index: xattrs.c ---- xattrs.c.orig -+++ xattrs.c -@@ -696,6 +696,10 @@ void receive_xattr(int f, struct file_struct *file) - out_of_memory("receive_xattr"); - name = ptr + dget_len + extra_len; - read_buf(f, name, name_len); -+ if (name_len < 1 || name[name_len-1] != '\0') { -+ rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n"); -+ exit_cleanup(RERR_FILEIO); -+ } - if (dget_len == datum_len) - read_buf(f, ptr, dget_len); - else {
