Index: Makefile
===================================================================
RCS file: /cvs/ports/net/rsync/Makefile,v
retrieving revision 1.92
diff -u -p -u -p -r1.92 Makefile
--- Makefile 20 Apr 2022 08:43:59 -0000 1.92
+++ Makefile 26 Apr 2022 02:21:00 -0000
@@ -1,7 +1,6 @@
COMMENT = mirroring/synchronization over low bandwidth links
-DISTNAME = rsync-3.2.3
-REVISION = 1
+DISTNAME = rsync-3.2.4
CATEGORIES = net
HOMEPAGE = https://rsync.samba.org/
@@ -23,8 +22,10 @@ CONFIGURE_ARGS =--disable-lz4 \
--disable-zstd \
--with-included-popt \
--with-included-zlib \
+ --enable-md5-asm \
--with-rsyncd-conf="${SYSCONFDIR}/rsyncd.conf" \
--with-rsh=/usr/bin/ssh \
+ --with-nobody-user=_rsync \
--with-nobody-group=_rsync
.if ${FLAVOR:Miconv}
@@ -45,5 +46,7 @@ post-install:
${INSTALL_DATA_DIR} ${DOCDIR}
${INSTALL_DATA} ${WRKSRC}/tech_report.tex ${DOCDIR}
${INSTALL_SCRIPT} ${WRKSRC}/support/rrsync ${PREFIX}/bin
+ ${INSTALL_MAN_DIR} ${PREFIX}/man/man1
+ ${INSTALL_MAN} ${WRKSRC}/rrsync.1 ${PREFIX}/man/man1
.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/rsync/distinfo,v
retrieving revision 1.31
diff -u -p -u -p -r1.31 distinfo
--- distinfo 26 Aug 2020 12:15:56 -0000 1.31
+++ distinfo 26 Apr 2022 02:21:00 -0000
@@ -1,2 +1,2 @@
-SHA256 (rsync-3.2.3.tar.gz) = vsw8UEzupJn0FnomAEDM9Nny75SZrVaDwXmmlxRs5Q4=
-SIZE (rsync-3.2.3.tar.gz) = 1069784
+SHA256 (rsync-3.2.4.tar.gz) = b3YYONCAUrC2V5z39nN9k+R/AfTaBMXSTTRHt/Kl+tE=
+SIZE (rsync-3.2.4.tar.gz) = 1114853
Index: patches/patch-compat_c
===================================================================
RCS file: patches/patch-compat_c
diff -N patches/patch-compat_c
--- patches/patch-compat_c 11 Mar 2022 19:47:20 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,14 +0,0 @@
-https://github.com/WayneD/rsync/issues/84
-
-Index: compat.c
---- compat.c.orig
-+++ compat.c
-@@ -705,7 +705,7 @@ void setup_protocol(int f_out,int f_in)
- do_negotiated_strings = 1;
- compat_flags |= CF_VARINT_FLIST_FLAGS;
- }
-- if (strchr(client_info, 'V') != NULL) { /* Support a pre-release 'V' that got superseded */
-+ if (!local_server && strchr(client_info, 'V') != NULL) { /* Support a pre-release 'V' that got superseded */
- if (!write_batch)
- compat_flags |= CF_VARINT_FLIST_FLAGS;
- write_byte(f_out, compat_flags);
Index: patches/patch-configure_sh
===================================================================
RCS file: patches/patch-configure_sh
diff -N patches/patch-configure_sh
--- patches/patch-configure_sh 11 Mar 2022 19:47:20 -0000 1.7
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,12 +0,0 @@
-Index: configure.sh
---- configure.sh.orig
-+++ configure.sh
-@@ -4908,7 +4908,7 @@ fi
-
-
- cat >>confdefs.h <<_ACEOF
--#define NOBODY_USER "nobody"
-+#define NOBODY_USER "_rsync"
- _ACEOF
-
-
Index: patches/patch-receiver_c
===================================================================
RCS file: patches/patch-receiver_c
diff -N patches/patch-receiver_c
--- patches/patch-receiver_c 11 Mar 2022 19:47:20 -0000 1.6
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,17 +0,0 @@
-Fixes regression introduced with commit 3a7bf54ad520 (A resumed
-partial-dir file is transferred in-place.)
-
-Fixes https://github.com/WayneD/rsync/issues/192
-
-Index: receiver.c
---- receiver.c.orig
-+++ receiver.c
-@@ -878,7 +878,7 @@ int recv_files(int f_in, int f_out, char *local_name)
- do_unlink(partialptr);
- handle_partial_dir(partialptr, PDIR_DELETE);
- }
-- } else if (keep_partial && partialptr && !one_inplace) {
-+ } else if (keep_partial && partialptr && (!one_inplace || delay_updates)) {
- if (!handle_partial_dir(partialptr, PDIR_CREATE)) {
- rprintf(FERROR,
- "Unable to create partial-dir for %s -- discarding %s.\n",
Index: patches/patch-rsync_1
===================================================================
RCS file: /cvs/ports/net/rsync/patches/patch-rsync_1,v
retrieving revision 1.9
diff -u -p -u -p -r1.9 patch-rsync_1
--- patches/patch-rsync_1 11 Mar 2022 19:47:20 -0000 1.9
+++ patches/patch-rsync_1 26 Apr 2022 02:21:00 -0000
@@ -1,12 +1,12 @@
Index: rsync.1
--- rsync.1.orig
+++ rsync.1
-@@ -4253,7 +4253,7 @@ documentation.
+@@ -4594,7 +4594,7 @@ does \fBnot\fP supply a password to a remote shell tra
.IP "\fBUSER\fP or \fBLOGNAME\fP"
The USER or LOGNAME environment variables are used to determine the default
username sent to an rsync daemon. If neither is set, the username defaults
--to "nobody".
-+to "_rsync".
- .IP "\fBHOME\fP"
- The HOME environment variable is used to find the user's default .cvsignore
- file.
+-to "nobody". If both are set, \fBUSER\fP takes precedence.
++to "_rsync". If both are set, \fBUSER\fP takes precedence.
+ .IP "\fBRSYNC_PARTIAL_DIR\fP"
+ This environment variable specifies the directory to use for a
+ \fB\-\-partial\fP transfer without implying that partial transfers be
Index: patches/patch-rsyncd_conf_5
===================================================================
RCS file: /cvs/ports/net/rsync/patches/patch-rsyncd_conf_5,v
retrieving revision 1.10
diff -u -p -u -p -r1.10 patch-rsyncd_conf_5
--- patches/patch-rsyncd_conf_5 11 Mar 2022 19:47:20 -0000 1.10
+++ patches/patch-rsyncd_conf_5 26 Apr 2022 02:21:00 -0000
@@ -1,12 +1,12 @@
Index: rsyncd.conf.5
--- rsyncd.conf.5.orig
+++ rsyncd.conf.5
-@@ -68,12 +68,11 @@ and a single line something like this to /etc/inetd.co
+@@ -71,12 +71,11 @@ and a single line something like this to /etc/inetd.co
.RS 4
.P
.nf
-rsync stream tcp nowait root /usr/bin/rsync rsyncd --daemon
-+rsync stream tcp nowait root ${PREFIX}/rsync rsyncd --daemon
++rsync stream tcp nowait root ${PREFIX}/bin/rsync rsyncd --daemon
.fi
.RE
.P
@@ -16,7 +16,7 @@ Index: rsyncd.conf.5
reread its config file.
.P
Note that you should \fBnot\fP send the rsync daemon a HUP signal to force it to
-@@ -438,7 +437,7 @@ This parameter specifies the user name or user ID that
+@@ -441,7 +440,7 @@ This parameter specifies the user name or user ID that
and from that module should take place as when the daemon was run as root.
In combination with the "gid" parameter this determines what file
permissions are available. The default when run by a super-user is to
@@ -25,7 +25,7 @@ Index: rsyncd.conf.5
to not try to change the user. See also the "gid" parameter.
.IP
The RSYNC_USER_NAME environment variable may be used to request that rsync
-@@ -458,7 +457,7 @@ accessing the module. The first one will be the defau
+@@ -461,7 +460,7 @@ accessing the module. The first one will be the defau
extra ones be set as supplemental groups. You may also specify a "\fB*\fP" as
the first gid in the list, which will be replaced by all the normal groups
for the transfer's user (see "uid"). The default when run by a super-user
@@ -34,16 +34,7 @@ Index: rsyncd.conf.5
other supplementary groups. The default for a non-super-user is to not
change any group attributes (and indeed, your OS may not allow a
non-super-user to try to change their group settings).
-@@ -632,7 +631,7 @@ require that you specify a group password if you do no
- passwords.
- .IP
- There is no default for the "secrets file" parameter, you must choose a
--name (such as \fB/etc/rsyncd.secrets\fP). The file must normally not be
-+name (such as \fB${SYSCONFDIR}/rsyncd.secrets\fP). The file must normally not be
- readable by "other"; see "strict modes". If the file is not found or is
- rejected, no logins for a "user auth" module will be possible.
- .IP "\fBstrict\ modes\fP"
-@@ -1192,8 +1191,8 @@ A more sophisticated example would be:
+@@ -1201,8 +1200,8 @@ A more sophisticated example would be:
.RS 4
.P
.nf
@@ -54,21 +45,3 @@ Index: rsyncd.conf.5
use chroot = yes
max connections = 4
syslog facility = local5
-@@ -1219,7 +1218,7 @@ pid file = /var/run/rsyncd.pid
- path = /data/cvs
- comment = CVS repository (requires authentication)
- auth users = tridge, susan
-- secrets file = /etc/rsyncd.secrets
-+ secrets file = ${SYSCONFDIR}/rsyncd.secrets
- .fi
- .RE
- .P
-@@ -1234,7 +1233,7 @@ susan:herpass
- .P
- .SH "FILES"
- .P
--/etc/rsyncd.conf or rsyncd.conf
-+${SYSCONFDIR}/rsyncd.conf or rsyncd.conf
- .P
- .SH "SEE ALSO"
- .P
Index: patches/patch-support_rrsync
===================================================================
RCS file: /cvs/ports/net/rsync/patches/patch-support_rrsync,v
retrieving revision 1.4
diff -u -p -u -p -r1.4 patch-support_rrsync
--- patches/patch-support_rrsync 11 Mar 2022 19:47:20 -0000 1.4
+++ patches/patch-support_rrsync 26 Apr 2022 02:21:00 -0000
@@ -1,12 +1,12 @@
Index: support/rrsync
--- support/rrsync.orig
+++ support/rrsync
-@@ -11,7 +11,7 @@ use File::Glob ':glob';
+@@ -10,7 +10,7 @@
- # You may configure these values to your liking. See also the section
- # of options if you want to disable any options that rsync accepts.
--use constant RSYNC => '/usr/bin/rsync';
-+use constant RSYNC => '${PREFIX}/bin/rsync';
- use constant LOGFILE => 'rrsync.log';
+ # You may configure these 2 values to your liking. See also the section of
+ # short & long options if you want to disable any options that rsync accepts.
+-RSYNC = '/usr/bin/rsync'
++RSYNC = '${PREFIX}/bin/rsync'
+ LOGFILE = 'rrsync.log' # NOTE: the file must exist for a line to be appended!
- my $Usage = <<EOM;
+ # The following options are mainly the options that a client rsync can send
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/rsync/pkg/PLIST,v
retrieving revision 1.16
diff -u -p -u -p -r1.16 PLIST
--- pkg/PLIST 11 Mar 2022 19:47:20 -0000 1.16
+++ pkg/PLIST 26 Apr 2022 02:21:00 -0000
@@ -4,6 +4,7 @@
bin/rrsync
@bin bin/rsync
bin/rsync-ssl
+@man man/man1/rrsync.1
@man man/man1/rsync-ssl.1
@man man/man1/rsync.1
@man man/man5/rsyncd.conf.5
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/rsync/Makefile,v
retrieving revision 1.91
diff -u -p -u -p -r1.91 Makefile
--- Makefile 11 Mar 2022 19:47:20 -0000 1.91
+++ Makefile 25 Apr 2022 23:16:31 -0000
@@ -1,7 +1,7 @@
COMMENT = mirroring/synchronization over low bandwidth links
DISTNAME = rsync-3.2.3
-REVISION = 0
+REVISION = 1
CATEGORIES = net
HOMEPAGE = https://rsync.samba.org/
Index: patches/patch-zlib_deflate_c
===================================================================
RCS file: patches/patch-zlib_deflate_c
diff -N patches/patch-zlib_deflate_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-zlib_deflate_c 25 Apr 2022 23:16:31 -0000
@@ -0,0 +1,162 @@
+commit 1de71e8a7870fa1be29f562df61f4c5c4685818f
+from: Michal Ruprich <michalruprich@gmail.com>
+date: Mon Apr 11 15:50:50 2022 UTC
+via: GitHub <noreply@github.com>
+
+Fix for CVE-2018-25032 in zlib (#306)
+
+Index: zlib/deflate.c
+--- zlib/deflate.c.orig
++++ zlib/deflate.c
+@@ -227,11 +227,6 @@ int ZEXPORT deflateInit2_(strm, level, method, windowB
+ int wrap = 1;
+ static const char my_version[] = ZLIB_VERSION;
+
+- ushf *overlay;
+- /* We overlay pending_buf and d_buf+l_buf. This works since the average
+- * output size for (length,distance) codes is <= 24 bits.
+- */
+-
+ if (version == Z_NULL || version[0] != my_version[0] ||
+ stream_size != sizeof(z_stream)) {
+ return Z_VERSION_ERROR;
+@@ -300,10 +295,48 @@ int ZEXPORT deflateInit2_(strm, level, method, windowB
+
+ s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
+
+- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);
+- s->pending_buf = (uchf *) overlay;
+- s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L);
++ /* We overlay pending_buf and sym_buf. This works since the average size
++ * for length/distance pairs over any compressed block is assured to be 31
++ * bits or less.
++ *
++ * Analysis: The longest fixed codes are a length code of 8 bits plus 5
++ * extra bits, for lengths 131 to 257. The longest fixed distance codes are
++ * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest
++ * possible fixed-codes length/distance pair is then 31 bits total.
++ *
++ * sym_buf starts one-fourth of the way into pending_buf. So there are
++ * three bytes in sym_buf for every four bytes in pending_buf. Each symbol
++ * in sym_buf is three bytes -- two for the distance and one for the
++ * literal/length. As each symbol is consumed, the pointer to the next
++ * sym_buf value to read moves forward three bytes. From that symbol, up to
++ * 31 bits are written to pending_buf. The closest the written pending_buf
++ * bits gets to the next sym_buf symbol to read is just before the last
++ * code is written. At that time, 31*(n-2) bits have been written, just
++ * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at
++ * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1
++ * symbols are written.) The closest the writing gets to what is unread is
++ * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and
++ * can range from 128 to 32768.
++ *
++ * Therefore, at a minimum, there are 142 bits of space between what is
++ * written and what is read in the overlain buffers, so the symbols cannot
++ * be overwritten by the compressed data. That space is actually 139 bits,
++ * due to the three-bit fixed-code block header.
++ *
++ * That covers the case where either Z_FIXED is specified, forcing fixed
++ * codes, or when the use of fixed codes is chosen, because that choice
++ * results in a smaller compressed block than dynamic codes. That latter
++ * condition then assures that the above analysis also covers all dynamic
++ * blocks. A dynamic-code block will only be chosen to be emitted if it has
++ * fewer bits than a fixed-code block would for the same set of symbols.
++ * Therefore its average symbol length is assured to be less than 31. So
++ * the compressed data for a dynamic block also cannot overwrite the
++ * symbols from which it is being constructed.
++ */
+
++ s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4);
++ s->pending_buf_size = (ulg)s->lit_bufsize * 4;
++
+ if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
+ s->pending_buf == Z_NULL) {
+ s->status = FINISH_STATE;
+@@ -311,8 +344,12 @@ int ZEXPORT deflateInit2_(strm, level, method, windowB
+ deflateEnd (strm);
+ return Z_MEM_ERROR;
+ }
+- s->d_buf = overlay + s->lit_bufsize/sizeof(ush);
+- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;
++ s->sym_buf = s->pending_buf + s->lit_bufsize;
++ s->sym_end = (s->lit_bufsize - 1) * 3;
++ /* We avoid equality with lit_bufsize*3 because of wraparound at 64K
++ * on 16 bit machines and because stored blocks are restricted to
++ * 64K-1 bytes.
++ */
+
+ s->level = level;
+ s->strategy = strategy;
+@@ -473,7 +510,7 @@ int ZEXPORT deflatePrime (strm, bits, value)
+
+ if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
+ s = strm->state;
+- if ((Bytef *)(s->d_buf) < s->pending_out + ((Buf_size + 7) >> 3))
++ if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3))
+ return Z_BUF_ERROR;
+ do {
+ put = Buf_size - s->bi_valid;
+@@ -1022,7 +1059,6 @@ int ZEXPORT deflateCopy (dest, source)
+ #else
+ deflate_state *ds;
+ deflate_state *ss;
+- ushf *overlay;
+
+
+ if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) {
+@@ -1042,8 +1078,7 @@ int ZEXPORT deflateCopy (dest, source)
+ ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
+ ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos));
+ ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos));
+- overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2);
+- ds->pending_buf = (uchf *) overlay;
++ ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4);
+
+ if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
+ ds->pending_buf == Z_NULL) {
+@@ -1057,8 +1092,7 @@ int ZEXPORT deflateCopy (dest, source)
+ zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
+
+ ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
+- ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush);
+- ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize;
++ ds->sym_buf = ds->pending_buf + ds->lit_bufsize;
+
+ ds->l_desc.dyn_tree = ds->dyn_ltree;
+ ds->d_desc.dyn_tree = ds->dyn_dtree;
+@@ -1737,7 +1771,7 @@ local block_state deflate_fast(s, flush)
+ FLUSH_BLOCK(s, 1);
+ return finish_done;
+ }
+- if (s->last_lit)
++ if (s->sym_next)
+ FLUSH_BLOCK(s, 0);
+ return block_done;
+ }
+@@ -1878,7 +1912,7 @@ local block_state deflate_slow(s, flush)
+ FLUSH_BLOCK(s, 1);
+ return finish_done;
+ }
+- if (s->last_lit)
++ if (s->sym_next)
+ FLUSH_BLOCK(s, 0);
+ return block_done;
+ }
+@@ -1953,7 +1987,7 @@ local block_state deflate_rle(s, flush)
+ FLUSH_BLOCK(s, 1);
+ return finish_done;
+ }
+- if (s->last_lit)
++ if (s->sym_next)
+ FLUSH_BLOCK(s, 0);
+ return block_done;
+ }
+@@ -1992,7 +2026,7 @@ local block_state deflate_huff(s, flush)
+ FLUSH_BLOCK(s, 1);
+ return finish_done;
+ }
+- if (s->last_lit)
++ if (s->sym_next)
+ FLUSH_BLOCK(s, 0);
+ return block_done;
+ }
Index: patches/patch-zlib_deflate_h
===================================================================
RCS file: patches/patch-zlib_deflate_h
diff -N patches/patch-zlib_deflate_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-zlib_deflate_h 25 Apr 2022 23:16:31 -0000
@@ -0,0 +1,65 @@
+commit 1de71e8a7870fa1be29f562df61f4c5c4685818f
+from: Michal Ruprich <michalruprich@gmail.com>
+date: Mon Apr 11 15:50:50 2022 UTC
+via: GitHub <noreply@github.com>
+
+Fix for CVE-2018-25032 in zlib (#306)
+
+Index: zlib/deflate.h
+--- zlib/deflate.h.orig
++++ zlib/deflate.h
+@@ -214,7 +214,7 @@ typedef struct internal_state {
+ /* Depth of each subtree used as tie breaker for trees of equal frequency
+ */
+
+- uchf *l_buf; /* buffer for literals or lengths */
++ uchf *sym_buf; /* buffer for distances and literals/lengths */
+
+ uInt lit_bufsize;
+ /* Size of match buffer for literals/lengths. There are 4 reasons for
+@@ -236,14 +236,9 @@ typedef struct internal_state {
+ * - I can't count above 4
+ */
+
+- uInt last_lit; /* running index in l_buf */
++ uInt sym_next; /* running index in sym_buf */
++ uInt sym_end; /* symbol table full when sym_next reaches this */
+
+- ushf *d_buf;
+- /* Buffer for distances. To simplify the code, d_buf and l_buf have
+- * the same number of elements. To use different lengths, an extra flag
+- * array would be necessary.
+- */
+-
+ ulg opt_len; /* bit length of current block with optimal trees */
+ ulg static_len; /* bit length of current block with static trees */
+ uInt matches; /* number of string matches in current block */
+@@ -322,20 +317,22 @@ void ZLIB_INTERNAL _tr_stored_block OF((deflate_state
+
+ # define _tr_tally_lit(s, c, flush) \
+ { uch cc = (c); \
+- s->d_buf[s->last_lit] = 0; \
+- s->l_buf[s->last_lit++] = cc; \
++ s->sym_buf[s->sym_next++] = 0; \
++ s->sym_buf[s->sym_next++] = 0; \
++ s->sym_buf[s->sym_next++] = cc; \
+ s->dyn_ltree[cc].Freq++; \
+- flush = (s->last_lit == s->lit_bufsize-1); \
++ flush = (s->sym_next == s->sym_end); \
+ }
+ # define _tr_tally_dist(s, distance, length, flush) \
+ { uch len = (length); \
+ ush dist = (distance); \
+- s->d_buf[s->last_lit] = dist; \
+- s->l_buf[s->last_lit++] = len; \
++ s->sym_buf[s->sym_next++] = dist; \
++ s->sym_buf[s->sym_next++] = dist >> 8; \
++ s->sym_buf[s->sym_next++] = len; \
+ dist--; \
+ s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
+ s->dyn_dtree[d_code(dist)].Freq++; \
+- flush = (s->last_lit == s->lit_bufsize-1); \
++ flush = (s->sym_next == s->sym_end); \
+ }
+ #else
+ # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
Index: patches/patch-zlib_trees_c
===================================================================
RCS file: patches/patch-zlib_trees_c
diff -N patches/patch-zlib_trees_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-zlib_trees_c 25 Apr 2022 23:16:31 -0000
@@ -0,0 +1,106 @@
+commit 1de71e8a7870fa1be29f562df61f4c5c4685818f
+from: Michal Ruprich <michalruprich@gmail.com>
+date: Mon Apr 11 15:50:50 2022 UTC
+via: GitHub <noreply@github.com>
+
+Fix for CVE-2018-25032 in zlib (#306)
+
+Index: zlib/trees.c
+--- zlib/trees.c.orig
++++ zlib/trees.c
+@@ -418,7 +418,7 @@ local void init_block(s)
+
+ s->dyn_ltree[END_BLOCK].Freq = 1;
+ s->opt_len = s->static_len = 0L;
+- s->last_lit = s->matches = 0;
++ s->sym_next = s->matches = 0;
+ }
+
+ #define SMALLEST 1
+@@ -943,7 +943,7 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len,
+
+ Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
+ opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
+- s->last_lit));
++ s->sym_next / 3));
+
+ if (static_lenb <= opt_lenb) opt_lenb = static_lenb;
+
+@@ -1012,8 +1012,9 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
+ unsigned dist; /* distance of matched string */
+ unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */
+ {
+- s->d_buf[s->last_lit] = (ush)dist;
+- s->l_buf[s->last_lit++] = (uch)lc;
++ s->sym_buf[s->sym_next++] = dist;
++ s->sym_buf[s->sym_next++] = dist >> 8;
++ s->sym_buf[s->sym_next++] = lc;
+ if (dist == 0) {
+ /* lc is the unmatched char */
+ s->dyn_ltree[lc].Freq++;
+@@ -1028,30 +1029,7 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
+ s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++;
+ s->dyn_dtree[d_code(dist)].Freq++;
+ }
+-
+-#ifdef TRUNCATE_BLOCK
+- /* Try to guess if it is profitable to stop the current block here */
+- if ((s->last_lit & 0x1fff) == 0 && s->level > 2) {
+- /* Compute an upper bound for the compressed length */
+- ulg out_length = (ulg)s->last_lit*8L;
+- ulg in_length = (ulg)((long)s->strstart - s->block_start);
+- int dcode;
+- for (dcode = 0; dcode < D_CODES; dcode++) {
+- out_length += (ulg)s->dyn_dtree[dcode].Freq *
+- (5L+extra_dbits[dcode]);
+- }
+- out_length >>= 3;
+- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ",
+- s->last_lit, in_length, out_length,
+- 100L - out_length*100L/in_length));
+- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1;
+- }
+-#endif
+- return (s->last_lit == s->lit_bufsize-1);
+- /* We avoid equality with lit_bufsize because of wraparound at 64K
+- * on 16 bit machines and because stored blocks are restricted to
+- * 64K-1 bytes.
+- */
++ return (s->sym_next == s->sym_end);
+ }
+
+ /* ===========================================================================
+@@ -1064,13 +1042,14 @@ local void compress_block(s, ltree, dtree)
+ {
+ unsigned dist; /* distance of matched string */
+ int lc; /* match length or unmatched char (if dist == 0) */
+- unsigned lx = 0; /* running index in l_buf */
++ unsigned sx = 0; /* running index in sym_buf */
+ unsigned code; /* the code to send */
+ int extra; /* number of extra bits to send */
+
+- if (s->last_lit != 0) do {
+- dist = s->d_buf[lx];
+- lc = s->l_buf[lx++];
++ if (s->sym_next != 0) do {
++ dist = s->sym_buf[sx++] & 0xff;
++ dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8;
++ lc = s->sym_buf[sx++];
+ if (dist == 0) {
+ send_code(s, lc, ltree); /* send a literal byte */
+ Tracecv(isgraph(lc), (stderr," '%c' ", lc));
+@@ -1095,11 +1074,10 @@ local void compress_block(s, ltree, dtree)
+ }
+ } /* literal or match pair ? */
+
+- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */
+- Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx,
+- "pendingBuf overflow");
++ /* Check that the overlay between pending_buf and sym_buf is ok: */
++ Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow");
+
+- } while (lx < s->last_lit);
++ } while (sx < s->sym_next);
+
+ send_code(s, END_BLOCK, ltree);
+ }
Two diffs are attached, incorporating feedback from espie@ sthen@ and
naddy@. Feedback is welcome. OK?
1. rsync_stable.diff: intended for -stable. brings bundled zlib from
rsync 3.2.4 to 3.2.3 with this commit:
https://github.com/WayneD/rsync/commit/1de71e8a7870fa1be29f562df61f4c5c4685818f
Christian Weisgerber writes:
> I'd say they simply merged in the fix and didn't worry whether there
> is an actual vulnerability. We could do that in -stable without
> pulling in the whole 3.2.4 update.
2. rsync.diff:
- --enable-md5-asm (from naddy@ to retain
checking whether to enable MD5 ASM optimizations... yes (x86_64))
- --with-nobody-user=_rsync
- install rrsync(1) man page. If --with-rrsync is used to build and
install the man page, it introduces python3 as a dependency to run
${WRKSRC}/md-convert script. Drawback: rrsync(1) prints 3.2.4pre4
- remove compat.c (fixed)
- remove configure.sh (use --with-nobody-user=_rsync instead)
- remove receiver.c (upstreamed)
- rsync(1) patch: churn
- rsyncd.conf patch: add missing ${PREFIX}/bin and remove ${SYSCONFDIR}
bits
- rrsync patch: churn and moves from perl to python3
I plan to do the following soon (these don't have to hold up the
update):
- add zstd flavor
- port py-braceexpand for better rrsync support
Stuart Henderson writes:
> (As a cvs repo mirror operator I still want it to build with zstd
> support enabled though! :-)
...
> We could do with a port
> of py-braceexpand to support this script.
Testing
=======
I additionally tested rrsync by transferring files/deadbeef
~/.ssh/authorized_keys: command="rrsync -ro files" ssh-ed25519 key
and transferred files:
scp puffy@localhost:deadbeef /tmp
Extra stuff
===========
bundled zlib
============
- Keep bundled zlib as is. tj@ and I wanted to move to system zlib in
the hopes it would be updated faster. espie@ said rsync has a good
security track record.
Marc Espie writes:
> I don't have time to look very closely, but I'm not quite sure that's wise.
> rsync is very security-conscious, and I wouldn't be surprised if their embedded
> version would be more recent.
Christian Weisgerber writes:
> This requires an explanation.
> I seem to remember that rsync's bundled zlib is modified and the
> bitstream it produces is incompatible with standard zlib.
> Something something... -z -zz... ??
Stuart Henderson writes:
> There was a reason for using the bundled zlib, but I think that the way
> compression negotiation now works, it should be fairly ok to do this.
simd
====
Christian Weisgerber writes:
> Christian Weisgerber:
>
>> * We should try --enable-roll-simd --enable-roll-asm for the
>> checksum asm.
>
> I checked, and it doesn't work:
> --enable-roll-simd adds intrinsics-based C++ code for SSE2 and SSSE3;
> --enable-roll-asm then adds assembly code for AVX2 on top of it.
>
>> In 3.2.3, the configure test for the C++ intrinsics fails
>> with an ld.so error...!?
>
> Same in 3.2.4. That should be investigated, but that's outside of
> the scope of the port.
I see the same compiling this snippet from the configure script:
https://namtsui.com/public/rsync_simd.cpp.txt
$ ./a.out
ld.so: a.out: relocation error 37 idx 3
Killed
upstream says experimental for now.
see: https://github.com/WayneD/rsync/issues/230
--enable-roll-simd enable/disable to control rolling-checksum SIMD
optimizations (requires c++)
--enable-md5-asm enable/disable to control MD5 ASM optimizations
No comments:
Post a Comment