Index: branches/2018Q1/net/rsync/Makefile =================================================================== --- branches/2018Q1/net/rsync/Makefile (revision 461734) +++ branches/2018Q1/net/rsync/Makefile (revision 461735) @@ -1,114 +1,113 @@ # Created by: David O'Brien (obrien@cs.ucdavis.edu) # $FreeBSD$ PORTNAME= rsync -PORTVERSION= 3.1.2 -PORTREVISION= 8 +DISTVERSION= 3.1.3 CATEGORIES= net ipv6 MASTER_SITES= http://rsync.samba.org/ftp/rsync/ \ https://rsync.samba.org/ftp/rsync/ \ ftp://ftp.fu-berlin.de/pub/unix/network/rsync/ \ http://www.mirrorservice.org/sites/rsync.samba.org/ \ https://www.mirrorservice.org/sites/rsync.samba.org/ \ LOCAL/ehaupt/rsync DISTFILES= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= ehaupt@FreeBSD.org COMMENT= Network file distribution/synchronization utility LICENSE= GPLv3 USES= cpe shebangfix SHEBANG_FILES= support/rrsync CPE_VENDOR= samba CPE_PRODUCT= rsync PATCH_STRIP= -p1 GNU_CONFIGURE= yes USE_RC_SUBR= rsyncd SUB_LIST= NAME=rsyncd INSTALL_TARGET= install-strip TEST_TARGET= check CONFIGURE_ARGS= --disable-debug --enable-ipv6 \ --with-rsyncd-conf=${ETCDIR}/rsyncd.conf PORTDOCS= NEWS README csprotocol.txt tech_report.tex # define options OPTIONS_DEFINE= DOCS POPT_PORT ZLIB_BASE SSH ICONV OPTIONS_RADIO= PTS OPTIONS_RADIO_PTS= TIMELIMIT RENAMED FLAGS ATIMES ACL # options provided upstream POPT_PORT_DESC= Use popt from devel/popt instead of bundled one ZLIB_BASE_DESC= Use zlib from base instead of bundled one SSH_DESC= Use SSH instead of RSH # options provided by patch (mutually exclusive) PTS_DESC= Functionality provided by third party patches TIMELIMIT_DESC= Time limit patch RENAMED_DESC= Add support for renamed file detection FLAGS_DESC= File system flags support patch, adds --fileflags ATIMES_DESC= Preserve access times, adds --atimes (BROKEN) ACL_DESC= Add backward-compatibility for the --acls option # define default options OPTIONS_DEFAULT=FLAGS ICONV SSH ZLIB_BASE_CONFIGURE_ON= --with-included-zlib=no TIMELIMIT_EXTRA_PATCHES= ${WRKSRC}/patches/time-limit.diff ATIMES_EXTRA_PATCHES= ${WRKSRC}/patches/atimes.diff FLAGS_EXTRA_PATCHES= ${WRKSRC}/patches/fileflags.diff \ ${FILESDIR}/extrapatch-main.c RENAMED_EXTRA_PATCHES= ${WRKSRC}/patches/detect-renamed.diff ACL_EXTRA_PATCHES= ${WRKSRC}/patches/acls.diff \ ${FILESDIR}/extrapatch-acl ICONV_USES= iconv:translit ICONV_CPPFLAGS= -I${LOCALBASE}/include ICONV_LDFLAGS= -L${LOCALBASE}/lib ICONV_CONFIGURE_ENABLE= iconv iconv-open POPT_PORT_LIB_DEPENDS= libpopt.so:devel/popt POPT_PORT_CPPFLAGS= -I${LOCALBASE}/include POPT_PORT_LDFLAGS= -L${LOCALBASE}/lib POPT_PORT_CONFIGURE_OFF= --with-included-popt SSH_CONFIGURE_ON= --with-rsh=ssh SSH_CONFIGURE_OFF= --with-rsh=rsh ACL_DISTFILES= ${PORTNAME}-patches-${PORTVERSION}${EXTRACT_SUFX} ATIMES_DISTFILES= ${PORTNAME}-patches-${PORTVERSION}${EXTRACT_SUFX} FLAGS_DISTFILES= ${PORTNAME}-patches-${PORTVERSION}${EXTRACT_SUFX} ICONV_DISTFILES= ${PORTNAME}-patches-${PORTVERSION}${EXTRACT_SUFX} RENAMED_DISTFILES= ${PORTNAME}-patches-${PORTVERSION}${EXTRACT_SUFX} TIMELIMIT_DISTFILES= ${PORTNAME}-patches-${PORTVERSION}${EXTRACT_SUFX} .if make(makesum) DISTFILES+= ${PORTNAME}-patches-${PORTVERSION}${EXTRACT_SUFX} .endif .include .if empty(ICONV_LIB) || ! ${PORT_OPTIONS:MICONV} CONFIGURE_ARGS+=ac_cv_search_libiconv_open=no .endif post-patch: @${REINPLACE_CMD} -e 's|perl.*|${DO_NADA}|' ${WRKSRC}/Makefile.in @${REINPLACE_CMD} -e 's:/etc/:${ETCDIR}/:g' \ ${WRKSRC}/rsync.h ${WRKSRC}/rsync.1 ${WRKSRC}/rsyncd.conf.5 @${REINPLACE_CMD} -e 's|/usr/bin/rsync|${PREFIX}/bin/rsync|g' ${WRKSRC}/support/rrsync post-install: @${MKDIR} ${STAGEDIR}${ETCDIR} ${INSTALL_DATA} ${FILESDIR}/rsyncd.conf.sample ${STAGEDIR}${ETCDIR}/ @${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR} ${INSTALL_SCRIPT} ${WRKSRC}/support/rrsync ${STAGEDIR}${PREFIX}/sbin .include Index: branches/2018Q1/net/rsync/distinfo =================================================================== --- branches/2018Q1/net/rsync/distinfo (revision 461734) +++ branches/2018Q1/net/rsync/distinfo (revision 461735) @@ -1,4 +1,5 @@ -SHA256 (rsync-3.1.2.tar.gz) = ecfa62a7fa3c4c18b9eccd8c16eaddee4bd308a76ea50b5c02a5840f09c0a1c2 -SIZE (rsync-3.1.2.tar.gz) = 892724 -SHA256 (rsync-patches-3.1.2.tar.gz) = edeebe9f2532ae291ce43fb86c9d7aaf80ba4edfdad25dce6d42dc33286b2326 -SIZE (rsync-patches-3.1.2.tar.gz) = 174333 +TIMESTAMP = 1518368927 +SHA256 (rsync-3.1.3.tar.gz) = 55cc554efec5fdaad70de921cd5a5eeb6c29a95524c715f3bbf849235b0800c0 +SIZE (rsync-3.1.3.tar.gz) = 905908 +SHA256 (rsync-patches-3.1.3.tar.gz) = 0dc2848f20ca75c07a30c3237ccf8d61b61082ae7de94758a27dac350c99fb98 +SIZE (rsync-patches-3.1.3.tar.gz) = 174524 Index: branches/2018Q1/net/rsync/files/patch-CVE-2017-17434-1 =================================================================== --- branches/2018Q1/net/rsync/files/patch-CVE-2017-17434-1 (revision 461734) +++ branches/2018Q1/net/rsync/files/patch-CVE-2017-17434-1 (nonexistent) @@ -1,38 +0,0 @@ -From: Jeriko One -Date: Thu, 16 Nov 2017 17:05:42 -0800 -Subject: [1/2] Sanitize xname in read_ndx_and_attrs. -Origin: https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9 -Bug-Debian: https://bugs.debian.org/883665 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17434 - ---- - rsync.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/rsync.c b/rsync.c -index b82e5988..a0945ba4 100644 ---- a/rsync.c -+++ b/rsync.c -@@ -49,6 +49,7 @@ extern int flist_eof; - extern int file_old_total; - extern int keep_dirlinks; - extern int make_backups; -+extern int sanitize_paths; - extern struct file_list *cur_flist, *first_flist, *dir_flist; - extern struct chmod_mode_struct *daemon_chmod_modes; - #ifdef ICONV_OPTION -@@ -396,6 +397,11 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, - if (iflags & ITEM_XNAME_FOLLOWS) { - if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0) - exit_cleanup(RERR_PROTOCOL); -+ -+ if (sanitize_paths) { -+ sanitize_path(buf, buf, "", 0, SP_DEFAULT); -+ len = strlen(buf); -+ } - } else { - *buf = '\0'; - len = -1; --- -2.15.1 - Property changes on: branches/2018Q1/net/rsync/files/patch-CVE-2017-17434-1 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: branches/2018Q1/net/rsync/files/patch-CVE-2017-17434-2 =================================================================== --- branches/2018Q1/net/rsync/files/patch-CVE-2017-17434-2 (revision 461734) +++ branches/2018Q1/net/rsync/files/patch-CVE-2017-17434-2 (nonexistent) @@ -1,27 +0,0 @@ -From: Jeriko One -Date: Thu, 16 Nov 2017 17:26:03 -0800 -Subject: [2/2] Check daemon filter against fnamecmp in recv_files(). -Origin: https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1 -Bug-Debian: https://bugs.debian.org/883665 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17434 - ---- - receiver.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/receiver.c b/receiver.c -index 9fdafa15..9c46242e 100644 ---- a/receiver.c -+++ b/receiver.c -@@ -722,7 +722,7 @@ int recv_files(int f_in, int f_out, char *local_name) - break; - } - if (!fnamecmp || (daemon_filter_list.head -- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0)) { -+ && check_filter(&daemon_filter_list, FLOG, fnamecmp, 0) < 0)) { - fnamecmp = fname; - fnamecmp_type = FNAMECMP_FNAME; - } --- -2.15.1 - Property changes on: branches/2018Q1/net/rsync/files/patch-CVE-2017-17434-2 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: branches/2018Q1/net/rsync/files/patch-CVE-2017-16548 =================================================================== --- branches/2018Q1/net/rsync/files/patch-CVE-2017-16548 (revision 461734) +++ branches/2018Q1/net/rsync/files/patch-CVE-2017-16548 (nonexistent) @@ -1,31 +0,0 @@ -From: Wayne Davison -Date: Sun, 5 Nov 2017 11:33:15 -0800 -Subject: Enforce trailing \0 when receiving xattr name values. Fixes bug - 13112. -Origin: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 -Bug: https://bugzilla.samba.org/show_bug.cgi?id=13112 -Bug-Debian: https://bugs.debian.org/880954 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-16548 - ---- - xattrs.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/xattrs.c b/xattrs.c -index 68305d75..4867e6f5 100644 ---- a/xattrs.c -+++ b/xattrs.c -@@ -824,6 +824,10 @@ void receive_xattr(int f, struct file_struct *file) - out_of_memory("receive_xattr"); - name = ptr + dget_len + extra_len; - read_buf(f, name, name_len); -+ if (name_len < 1 || name[name_len-1] != '\0') { -+ rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n"); -+ exit_cleanup(RERR_FILEIO); -+ } - if (dget_len == datum_len) - read_buf(f, ptr, dget_len); - else { --- -2.15.1 - Property changes on: branches/2018Q1/net/rsync/files/patch-CVE-2017-16548 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: branches/2018Q1/net/rsync/files/patch-CVE-2017-17433 =================================================================== --- branches/2018Q1/net/rsync/files/patch-CVE-2017-17433 (revision 461734) +++ branches/2018Q1/net/rsync/files/patch-CVE-2017-17433 (nonexistent) @@ -1,44 +0,0 @@ -From: Jeriko One -Date: Thu, 2 Nov 2017 23:44:19 -0700 -Subject: Check fname in recv_files sooner. -Origin: https://git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 -Bug-Debian: https://bugs.debian.org/883667 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17433 - ---- - receiver.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/receiver.c b/receiver.c -index baae3a91..9fdafa15 100644 ---- a/receiver.c -+++ b/receiver.c -@@ -574,6 +574,12 @@ int recv_files(int f_in, int f_out, char *local_name) - file = dir_flist->files[cur_flist->parent_ndx]; - fname = local_name ? local_name : f_name(file, fbuf); - -+ if (daemon_filter_list.head -+ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { -+ rprintf(FERROR, "attempt to hack rsync failed.\n"); -+ exit_cleanup(RERR_PROTOCOL); -+ } -+ - if (DEBUG_GTE(RECV, 1)) - rprintf(FINFO, "recv_files(%s)\n", fname); - -@@ -645,12 +651,6 @@ int recv_files(int f_in, int f_out, char *local_name) - - cleanup_got_literal = 0; - -- if (daemon_filter_list.head -- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { -- rprintf(FERROR, "attempt to hack rsync failed.\n"); -- exit_cleanup(RERR_PROTOCOL); -- } -- - if (read_batch) { - int wanted = redoing - ? we_want_redo(ndx) --- -2.15.1 - Property changes on: branches/2018Q1/net/rsync/files/patch-CVE-2017-17433 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: branches/2018Q1 =================================================================== --- branches/2018Q1 (revision 461734) +++ branches/2018Q1 (revision 461735) Property changes on: branches/2018Q1 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r461533