Re: git: 0076d20a9671 - 2025Q1 - net/rsync: update to 3.4.0
Date: Wed, 15 Jan 2025 15:50:51 UTC
In message <20250115153146.221C01B6@slippy.cwsent.com>, Cy Schubert writes:
> In message <20250115052757.0111628C@slippy.cwsent.com>, Cy Schubert writes:
> > In message <20250115044542.02F9C2F@slippy.cwsent.com>, Cy Schubert writes:
> > > In message <20250115044157.4FB92114@slippy.cwsent.com>, Cy Schubert write
> s:
> > > > In message <202501150008.50F08gFm067796@gitrepo.freebsd.org>, Rodrigo
> > > > Osorio wr
> > > > ites:
> > > > > The branch 2025Q1 has been updated by rodrigo:
> > > > >
> > > > > URL: https://cgit.FreeBSD.org/ports/commit/?id=0076d20a96718a28f956cb
> 35
> > 89
> > > f1
> > > > 03
> > > > > 6e48a75f04
> > > > >
> > > > > commit 0076d20a96718a28f956cb3589f1036e48a75f04
> > > > > Author: Rodrigo Osorio <rodrigo@FreeBSD.org>
> > > > > AuthorDate: 2025-01-14 23:21:25 +0000
> > > > > Commit: Rodrigo Osorio <rodrigo@FreeBSD.org>
> > > > > CommitDate: 2025-01-14 23:58:53 +0000
> > > > >
> > > > > net/rsync: update to 3.4.0
> > > > >
> > > > > Full changelog: https://download.samba.org/pub/rsync/NEWS#3.4.0
> > > > >
> > > > > Security: CVE-2024-12084 - Heap Buffer Overflow in Checksum
> P
> > ar
> > > si
> > > > ng
> > > > > Security: CVE-2024-12085 - Info Leak via uninitialized Stac
> k
> > co
> > > nt
> > > > en
> > > > > ts defeats ASLR
> > > > > Security: CVE-2024-12086 - Server leaks arbitrary client fi
> le
> > s
> > > > > Security: CVE-2024-12087 - Server can make client write fil
> es
> > o
> > > ut
> > > > si
> > > > > de of destination directory using symbolic links
> > > > > Security: CVE-2024-12088 - --safe-links Bypass
> > > > > Security: CVE-2024-12747 - symlink race condition
> > > > >
> > > > > PR: 284064
> > > > > Reported by: osa
> > > > >
> > > > > (cherry picked from commit 6afdd4c669193f2041216071d5723e474ae041
> bf
> > )
> > > > > ---
> > > > > net/rsync/Makefile | 4 ++--
> > > > > net/rsync/distinfo | 10 +++++-----
> > > > > net/rsync/pkg-plist | 2 +-
> > > > > 3 files changed, 8 insertions(+), 8 deletions(-)
> > > > >
> > > > > diff --git a/net/rsync/Makefile b/net/rsync/Makefile
> > > > > index 4fefdced0380..996d4edd997e 100644
> > > > > --- a/net/rsync/Makefile
> > > > > +++ b/net/rsync/Makefile
> > > > > @@ -1,5 +1,5 @@
> > > > > PORTNAME= rsync
> > > > > -DISTVERSION= 3.3.0
> > > > > +DISTVERSION= 3.4.0
> > > > > CATEGORIES= net
> > > > > MASTER_SITES= https://www.mirrorservice.org/sites/rsync.samba
> .org/src
> > > > > / \
> > > > > http://rsync.mirror.garr.it/src/ \
> > > > > @@ -100,10 +100,10 @@ post-install:
> > > > > @${MKDIR} ${STAGEDIR}${ETCDIR}
> > > > > ${INSTALL_DATA} ${FILESDIR}/rsyncd.conf.sample ${STAGEDIR}${ETC
> > DIR}/
> > > > > ${INSTALL_SCRIPT} ${WRKSRC}/support/rrsync ${STAGEDIR}${PREFIX}
> > /sbin
> > > > > - ${INSTALL_MAN} ${WRKSRC}/rrsync.1 ${STAGEDIR}${PREFIX}/share/ma
> > n/man1/
> > > > >
> > > > > post-install-DOCS-on:
> > > > > @${MKDIR} ${STAGEDIR}${DOCSDIR}
> > > > > ${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDI
> > R}
> > > > > + ${INSTALL_DATA} ${WRKSRC}/support/rrsync.1.md ${STAGEDIR}${DOCS
> > DIR}
> > > > >
> > > > > .include <bsd.port.post.mk>
> > > > > diff --git a/net/rsync/distinfo b/net/rsync/distinfo
> > > > > index 2e28240fb164..afe59a503dff 100644
> > > > > --- a/net/rsync/distinfo
> > > > > +++ b/net/rsync/distinfo
> > > > > @@ -1,5 +1,5 @@
> > > > > -TIMESTAMP = 1712443181
> > > > > -SHA256 (rsync-3.3.0.tar.gz) = 7399e9a6708c32d678a72a63219e96f23be0be
> 23
> > 36
> > > e5
> > > > 0f
> > > > > d1348498d07041df90
> > > > > -SIZE (rsync-3.3.0.tar.gz) = 1153969
> > > > > -SHA256 (rsync-patches-3.3.0.tar.gz) = 3dd51cd88d25133681106f68622ebe
> db
> > f1
> > > 91
> > > > ab
> > > > > 25a21ea336ba409136591864b0
> > > > > -SIZE (rsync-patches-3.3.0.tar.gz) = 98487
> > > > > +TIMESTAMP = 1736887703
> > > > > +SHA256 (rsync-3.4.0.tar.gz) = 8e942f95a44226a012fe822faffa6c7fc38c34
> 04
> > 7a
> > > dd
> > > > 3a
> > > > > 0c941e9bc8b8b93aa4
> > > > > +SIZE (rsync-3.4.0.tar.gz) = 1167983
> > > > > +SHA256 (rsync-patches-3.4.0.tar.gz) = 51533dc5b9b4293d3499b673df185c
> 93
> > 48
> > > 4f
> > > > 3e
> > > > > 6fcf2de52f9bf1f07fa3d7cbc1
> > > > > +SIZE (rsync-patches-3.4.0.tar.gz) = 103831
> > > > > diff --git a/net/rsync/pkg-plist b/net/rsync/pkg-plist
> > > > > index c0f2998051d5..6614a2d1b5a3 100644
> > > > > --- a/net/rsync/pkg-plist
> > > > > +++ b/net/rsync/pkg-plist
> > > > > @@ -1,8 +1,8 @@
> > > > > bin/rsync
> > > > > bin/rsync-ssl
> > > > > sbin/rrsync
> > > > > -share/man/man1/rrsync.1.gz
> > > > > share/man/man1/rsync.1.gz
> > > > > share/man/man1/rsync-ssl.1.gz
> > > > > share/man/man5/rsyncd.conf.5.gz
> > > > > +%%PORTDOCS%%%%DOCSDIR%%/rrsync.1.md
> > > > > @sample %%ETCDIR%%/rsyncd.conf.sample
> > > > >
> > > >
> > > > rsync appears to be broken.
> > > >
> > > > slippy# rsync -aHW --delete git-doc cwsys:`pwd`
> > > > ABORTING due to invalid path from sender: git-doc/website/shared
> > > > rsync error: requested action not supported (code 4) at flist.c(2693)
> > > > [generator=3.4.0]
> > > > slippy#
> > > >
> > > > Seems it can't handle symlinks anymore.
> > > >
> > > >
> > > > --
> > > > Cheers,
> > > > Cy Schubert <Cy.Schubert@cschubert.com>
> > > > FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org
> > > > NTP: <cy@nwtime.org> Web: https://nwtime.org
> > > >
> > > > e^(i*pi)+1=0
> > > >
> > > >
> > > >
> > >
> > > Another error:
> > >
> > > slippy# rsync -aHW --delete git-src cwsys:`pwd`
> > > Internal hashtable error: illegal key supplied!
> > > rsync error: errors with program diagnostics (code 13) at hashtable.c(88)
>
> > > [generator=3.4.0]
> > > slippy#
> >
> > It's the -H (preserve hard links) flag that's causing the issue. Without
> > the -H flag rsync will behave live cp -r, creating a new file for each
> > symlink rather than linking them. Certainly an issue upstream will need to
> > resolve.
>
> I reported this upstream (https://github.com/RsyncProject/rsync/issues/702).
> They have a pull request. The bug is related to another. I expect this to
> be fixed shortly, probably resulting in a new point release.
Here is a patch based on the pull request. It does fix the problem.
From 57184562019441b1c9246d1da04684e3ed9e8baf Mon Sep 17 00:00:00 2001
From: Cy Schubert <cy@FreeBSD.org>
Date: Wed, 15 Jan 2025 07:46:31 -0800
Subject: [PATCH] net/rsync: Fix FLAG_GOT_DIR_FLIST collission with
FLAG_HLINKED
Obtained from: https://github.com/RsyncProject/rsync/pull/705
Upstream issues:
https://github.com/RsyncProject/rsync/issues/702
https://github.com/RsyncProject/rsync/issues/697
---
net/rsync/Makefile | 1 +
net/rsync/files/patch-rsync.h | 18 ++++++++++++++++++
2 files changed, 19 insertions(+)
create mode 100644 net/rsync/files/patch-rsync.h
diff --git a/net/rsync/Makefile b/net/rsync/Makefile
index 996d4edd997e..f82c3ab76fb8 100644
--- a/net/rsync/Makefile
+++ b/net/rsync/Makefile
@@ -1,5 +1,6 @@
PORTNAME= rsync
DISTVERSION= 3.4.0
+PORTREVISION= 1
CATEGORIES= net
MASTER_SITES= https://www.mirrorservice.org/sites/rsync.samba.org/src/ \
http://rsync.mirror.garr.it/src/ \
diff --git a/net/rsync/files/patch-rsync.h b/net/rsync/files/patch-rsync.h
new file mode 100644
index 000000000000..ace1bf9794da
--- /dev/null
+++ b/net/rsync/files/patch-rsync.h
@@ -0,0 +1,18 @@
+--- rsync.h.orig 2025-01-14 10:30:32.000000000 -0800
++++ rsync.h 2025-01-15 07:41:40.301824000 -0800
+@@ -84,7 +84,6 @@
+ #define FLAG_DUPLICATE (1<<4) /* sender */
+ #define FLAG_MISSING_DIR (1<<4) /* generator */
+ #define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types)
*/
+-#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist
only */
+ #define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */
+ #define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only)
*/
+ #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */
+@@ -93,6 +92,7 @@
+ #define FLAG_SKIP_GROUP (1<<10) /* receiver/generator */
+ #define FLAG_TIME_FAILED (1<<11)/* generator */
+ #define FLAG_MOD_NSEC (1<<12) /* sender/receiver/generator */
++#define FLAG_GOT_DIR_FLIST (1<<13)/* sender/receiver/generator -
dir_flist only */
+
+ /* These flags are passed to functions but not stored. */
+
--
2.48.1
--
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org
NTP: <cy@nwtime.org> Web: https://nwtime.org
e^(i*pi)+1=0