diff --git a/backport-CVE-2020-14387-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch b/backport-CVE-2020-14387-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch deleted file mode 100644 index ad0672697ab4247f8171fa17c4382a7879b9a938..0000000000000000000000000000000000000000 --- a/backport-CVE-2020-14387-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch +++ /dev/null @@ -1,23 +0,0 @@ -From c3f7414c450faaf6a8281cc4a4403529aeb7d859 Mon Sep 17 00:00:00 2001 -From: Matt McCutchen -Date: Wed, 26 Aug 2020 12:16:08 -0400 -Subject: [PATCH] rsync-ssl: Verify the hostname in the certificate when using - openssl. - ---- - rsync-ssl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rsync-ssl b/rsync-ssl -index 8101975a..46701af1 100755 ---- a/rsync-ssl -+++ b/rsync-ssl -@@ -129,7 +129,7 @@ function rsync_ssl_helper { - fi - - if [[ $RSYNC_SSL_TYPE == openssl ]]; then -- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port -+ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port - elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then - exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port - else diff --git a/backport-Work-around-glibc-lchmod-issue-a-better-way.patch b/backport-Work-around-glibc-lchmod-issue-a-better-way.patch deleted file mode 100644 index 68b4941fd677c8f6f566b0ca79ef3ac842e12a90..0000000000000000000000000000000000000000 --- a/backport-Work-around-glibc-lchmod-issue-a-better-way.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 9dd62525f3b98d692e031f22c02be8f775966503 Mon Sep 17 00:00:00 2001 -From: Wayne Davison -Date: Sun, 29 Nov 2020 09:33:54 -0800 -Subject: [PATCH] Work around glibc's lchmod() issue a better way. - ---- - syscall.c | 34 +++++++++++++++++++++------------- - 1 files changed, 21 insertions(+), 13 deletions(-) - -diff --git a/syscall.c b/syscall.c -index b9c3b4e..11d10e4 100644 ---- a/syscall.c -+++ b/syscall.c -@@ -227,27 +227,35 @@ int do_open(const char *pathname, int flags, mode_t mode) - #ifdef HAVE_CHMOD - int do_chmod(const char *path, mode_t mode) - { -+ static int switch_step = 0; - int code; - if (dry_run) return 0; - RETURN_ERROR_IF_RO_OR_LO; -+ switch (switch_step) { - #ifdef HAVE_LCHMOD -- code = lchmod(path, mode & CHMOD_BITS); --#else -- if (S_ISLNK(mode)) { -+#include "case_N.h" -+ if ((code = lchmod(path, mode & CHMOD_BITS)) == 0 || errno != ENOTSUP) -+ break; -+ switch_step++; -+#endif -+ -+#include "case_N.h" -+ if (S_ISLNK(mode)) { - # if defined HAVE_SETATTRLIST -- struct attrlist attrList; -- uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */ -+ struct attrlist attrList; -+ uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */ - -- memset(&attrList, 0, sizeof attrList); -- attrList.bitmapcount = ATTR_BIT_MAP_COUNT; -- attrList.commonattr = ATTR_CMN_ACCESSMASK; -- code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW); -+ memset(&attrList, 0, sizeof attrList); -+ attrList.bitmapcount = ATTR_BIT_MAP_COUNT; -+ attrList.commonattr = ATTR_CMN_ACCESSMASK; -+ code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW); - # else -- code = 1; -+ code = 1; - # endif -- } else -- code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */ --#endif /* !HAVE_LCHMOD */ -+ } else -+ code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */ -+ break; -+ } - if (code != 0 && (preserve_perms || preserve_executability)) - return code; - return 0; --- -1.8.3.1 - diff --git a/rsync-3.2.3.tar.gz b/rsync-3.2.3.tar.gz deleted file mode 100644 index a3ecb71ad81e0e8b77720ef9356a368999ae9490..0000000000000000000000000000000000000000 Binary files a/rsync-3.2.3.tar.gz and /dev/null differ diff --git a/rsync-3.2.5.tar.gz b/rsync-3.2.5.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..b7328721be7aed1608439e7547b0a3b275585dd1 Binary files /dev/null and b/rsync-3.2.5.tar.gz differ diff --git a/rsync-patches-3.2.3.tar.gz b/rsync-patches-3.2.3.tar.gz deleted file mode 100644 index 7f5b9f2ce8ad35b228d5ccd6755e157cd9e063bf..0000000000000000000000000000000000000000 Binary files a/rsync-patches-3.2.3.tar.gz and /dev/null differ diff --git a/rsync-patches-3.2.5.tar.gz b/rsync-patches-3.2.5.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..a50d615864cf8a71470b6ed16c94de5439dc8e3a Binary files /dev/null and b/rsync-patches-3.2.5.tar.gz differ diff --git a/rsync.spec b/rsync.spec index 777a5d588716e29aa0985efdbdc774e73261935e..3e091bf35b87efa6f690611c092ffdeaed969179 100644 --- a/rsync.spec +++ b/rsync.spec @@ -1,10 +1,10 @@ Name: rsync -Version: 3.2.3 -Release: 2 +Version: 3.2.5 +Release: 1 Summary: Fast incremental file transfer utility License: GPLv3+ URL: http://rsync.samba.org/ -Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz +Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}.tar.gz Source1: https://download.samba.org/pub/rsync/src/rsync-patches-%{version}.tar.gz Source2: rsyncd.socket Source3: rsyncd.service @@ -18,9 +18,6 @@ Provides: bundled(zlib) = 1.2.8 rsync-daemon Obsoletes: rsync-daemon %{?systemd_requires} -Patch1: backport-Work-around-glibc-lchmod-issue-a-better-way.patch -Patch2: backport-CVE-2020-14387-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch - %description Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing @@ -33,8 +30,6 @@ at one of the ends of the link beforehand. %prep %autosetup -b 1 -n %{name}-%{version} -p1 -patch -p1 -i patches/copy-devices.diff - %build %configure --disable-xxhash %make_build @@ -80,6 +75,10 @@ install -D -m644 %{SOURCE6} %{buildroot}/%{_unitdir}/rsyncd@.service %{_mandir}/man5/rsyncd.conf.5* %changelog +* Wed Aug 17 2022 panxiaohe - 3.2.5-1 +- update to 3.2.5 +- fix CVE-2022-29154, CVE-2022-37434 + * Fri Jun 18 2021 yangzhuangzhuang - 3.2.3-2 - Type:bugfix - ID:NA