From 84f99af59c1772d7deeec3461170a8d446dabbec Mon Sep 17 00:00:00 2001 From: Michal Ruprich Date: Apr 08 2024 09:53:47 +0000 Subject: New version 3.3.0 --- diff --git a/.gitignore b/.gitignore index 8a30fa8..e6c8d7e 100644 --- a/.gitignore +++ b/.gitignore @@ -24,3 +24,5 @@ rsync-patches-3.0.8.tar.gz /rsync-patches-3.2.6.tar.gz /rsync-3.2.7.tar.gz /rsync-patches-3.2.7.tar.gz +/rsync-3.3.0.tar.gz +/rsync-patches-3.3.0.tar.gz diff --git a/rsync-3.2.7-buffer-overflow.patch b/rsync-3.2.7-buffer-overflow.patch deleted file mode 100644 index 54fe6fb..0000000 --- a/rsync-3.2.7-buffer-overflow.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001 -From: Jiri Slaby -Date: Fri, 18 Aug 2023 08:26:20 +0200 -Subject: [PATCH] exclude: fix crashes with fortified strlcpy() - -Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when -its third parameter (size) is larger than the buffer: - $ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx - sending incremental file list - *** buffer overflow detected ***: terminated - -It's in the exclude code in setup_merge_file(): - strlcpy(y, save, MAXPATHLEN); - -Note the 'y' pointer was incremented, so it no longer points to memory -with MAXPATHLEN "owned" bytes. - -Fix it by remembering the number of copied bytes into the 'save' buffer -and use that instead of MAXPATHLEN which is clearly incorrect. - -Fixes #511. ---- - exclude.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/exclude.c b/exclude.c -index ffe55b167..1a5de3b9e 100644 ---- a/exclude.c -+++ b/exclude.c -@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex, - parent_dirscan = True; - while (*y) { - char save[MAXPATHLEN]; -- strlcpy(save, y, MAXPATHLEN); -+ /* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */ -+ size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1; - *y = '\0'; - dirbuf_len = y - dirbuf; - strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf)); -@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex, - lp->head = NULL; - } - lp->tail = NULL; -- strlcpy(y, save, MAXPATHLEN); -+ strlcpy(y, save, copylen); - while ((*x++ = *y++) != '/') {} - } - parent_dirscan = False; diff --git a/rsync.spec b/rsync.spec index 36876ae..9f49391 100644 --- a/rsync.spec +++ b/rsync.spec @@ -8,8 +8,8 @@ Summary: A program for synchronizing files over a network Name: rsync -Version: 3.2.7 -Release: 7%{?prerelease}%{?dist} +Version: 3.3.0 +Release: 1%{?prerelease}%{?dist} URL: https://rsync.samba.org/ Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz @@ -41,7 +41,6 @@ Provides: bundled(zlib) = 1.2.8 License: GPL-3.0-or-later Patch1: rsync-3.2.2-runtests.patch -Patch2: rsync-3.2.7-buffer-overflow.patch %description Rsync uses a reliable algorithm to bring remote and host files into @@ -74,7 +73,6 @@ package provides the anonymous rsync service. #%patch0 -p1 -b .verify-hostname %patch 1 -p1 -b .runtests -%patch 2 -p1 -b .buffer-overflow %build %configure \ @@ -125,6 +123,9 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service %systemd_postun_with_restart rsyncd.service %changelog +* Mon Apr 08 2024 Michal Ruprich - 3.3.0-1 +- New version 3.3.0 + * Fri Jan 26 2024 Fedora Release Engineering - 3.2.7-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild diff --git a/sources b/sources index f507222..89d992f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (rsync-3.2.7.tar.gz) = c2afba11a352fd88133f9e96e19d6df80eb864450c83eced13a7faa23df947bccf2ef093f2101df6ee30abff4cbbd39ac802e9aa5f726e42c9caff274fad8377 -SHA512 (rsync-patches-3.2.7.tar.gz) = e675f6a3b0f875965b49bb1d655628d646d384e989e93e6d873c86f2c72743c7c8d16e481bc3bd5e9b49ad2c41191acf8d1cb32b2c4394776ce63a3185116743 +SHA512 (rsync-3.3.0.tar.gz) = df5c53bc2f2b0e7e30f475903e5e4296dc2fbcf08e9ea6c3c61462d0e52b067c27e82deeb4be79102c86e9aa55a825182e126f22df44dabf5b7328acb2a01d10 +SHA512 (rsync-patches-3.3.0.tar.gz) = f82aac81865fca1bf9dbc5964cc18a084029d8bca232d56f07a598a67eaa9cb01c3293c3a491d2147b9b14a51a4008c85ce0091bcae42e5776a5ffeebb84da11