Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rsync for openSUSE:Factory checked in at 2022-08-18 16:48:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rsync (Old) and /work/SRC/openSUSE:Factory/.rsync.new.2083 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rsync" Thu Aug 18 16:48:50 2022 rev:78 rq:997524 version:3.2.5 Changes: -------- --- /work/SRC/openSUSE:Factory/rsync/rsync.changes 2022-08-03 21:16:44.363448587 +0200 +++ /work/SRC/openSUSE:Factory/.rsync.new.2083/rsync.changes 2022-08-18 16:49:00.477423655 +0200 @@ -1,0 +2,47 @@ +Tue Aug 16 08:19:20 UTC 2022 - David Anes <[email protected]> + +- Add upstream patch rsync-3.2.5-slp.patch, as the one included in + the released tarball doesn't fully apply. + +- Drop patch rsync-CVE-2022-29154.patch, already included upstream. + +- Update to 3.2.5 + * SECURITY FIXES: + - Added some file-list safety checking that helps to ensure that a rogue + sending rsync can't add unrequested top-level names and/or include recursive + names that should have been excluded by the sender. These extra safety + checks only require the receiver rsync to be updated. When dealing with an + untrusted sending host, it is safest to copy into a dedicated destination + directory for the remote content (i.e. don't copy into a destination + directory that contains files that aren't from the remote host unless you + trust the remote host). Fixes CVE-2022-29154. + - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). + * BUG FIXES: + - Fixed the handling of filenames specified with backslash-quoted wildcards + when the default remote-arg-escaping is enabled. + - Fixed the configure check for signed char that was causing a host that + defaults to unsigned characters to generate bogus rolling checksums. This + made rsync send mostly literal data for a copy instead of finding matching + data in the receiver's basis file (for a file that contains high-bit + characters). + - Lots of manpage improvements, including an attempt to better describe how + include/exclude filters work. + - If rsync is compiled with an xxhash 0.8 library and then moved to a system + with a dynamically linked xxhash 0.7 library, we now detect this and disable + the XX3 hashes (since these routines didn't stabilize until 0.8). + * ENHANCEMENTS: + - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the + extra file-list safety checking (should that be required). + * PACKAGING RELATED: + - A note to those wanting to patch older rsync versions: the changes in this + release requires the quoted argument change from 3.2.4. Then, you'll want + every single code change from 3.2.5 since there is no fluff in this release. + - The build date that goes into the manpages is now based on the developer's + release date, not on the build's local-timezone interpretation of the date. + * DEVELOPER RELATED: + - Configure now defaults GETGROUPS_T to gid_t when cross compiling. + - Configure now looks for the bsd/string.h include file in order to fix the + build on a host that has strlcpy() in the main libc but not defined in the + main string.h file. + +------------------------------------------------------------------- @@ -6 +53 @@ - * Added patch rsync-rsync-CVE-2022-29154.patch + * Added patch rsync-CVE-2022-29154.patch Old: ---- rsync-3.2.4.tar.gz rsync-3.2.4.tar.gz.asc rsync-CVE-2022-29154.patch rsync-patches-3.2.4.tar.gz rsync-patches-3.2.4.tar.gz.asc New: ---- rsync-3.2.5-slp.patch rsync-3.2.5.tar.gz rsync-3.2.5.tar.gz.asc rsync-patches-3.2.5.tar.gz rsync-patches-3.2.5.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rsync.spec ++++++ --- /var/tmp/diff_new_pack.hxiN18/_old 2022-08-18 16:49:01.237425425 +0200 +++ /var/tmp/diff_new_pack.hxiN18/_new 2022-08-18 16:49:01.241425433 +0200 @@ -23,7 +23,7 @@ %endif Name: rsync -Version: 3.2.4 +Version: 3.2.5 Release: 0 Summary: Versatile tool for fast incremental file transfer License: GPL-3.0-or-later @@ -41,8 +41,11 @@ Source10: http://rsync.samba.org/ftp/rsync/src/rsync-%{version}.tar.gz.asc Source11: http://rsync.samba.org/ftp/rsync/src/rsync-patches-%{version}.tar.gz.asc Source12: %{name}.keyring +# PATCH-FIX-UPSTREAM: slp.diff included in distribution tar file does not apply +# cleanly, therefore we use the upstream patch directly (for 3.2.5) +Source13: https://raw.githubusercontent.com/WayneD/rsync-patches/d899304ea5daa125417f296bdd6f8bff0ed342ca/slp.diff#:/rsync-3.2.5-slp.patch Patch0: rsync-no-libattr.patch -Patch1: rsync-CVE-2022-29154.patch +Patch1: rsync-3.2.5-slp.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: c++_compiler @@ -76,7 +79,11 @@ %setup -q -b 1 rm -f zlib/*.h -patch -p1 < patches/slp.diff +# TODO: (See Source13/Patch1) we have to re-enable the patching of SLP using +# the patch included in the distributed tar file for next version, for now +# we apply latest upstream patch (for 3.2.5) from Github, the one included +# in tar fiel desn't apply cleanly +# patch -p1 < patches/slp.diff %autopatch -p1 ++++++ rsync-3.2.5-slp.patch ++++++ This adds Service Location Protocol support. To use this patch, run these commands for a successful build: patch -p1 <patches/slp.diff ./prepare-source ./configure --enable-slp make TODO: the configure changes should abort if the user requests --enable-slp and we can't honor that request. based-on: 5fcf20ee9d8abf7aae8578354f82c6f500822e06 diff --git a/Makefile.in b/Makefile.in --- a/Makefile.in +++ b/Makefile.in @@ -17,6 +17,8 @@ CXX=@CXX@ CXXFLAGS=@CXXFLAGS@ EXEEXT=@EXEEXT@ LDFLAGS=@LDFLAGS@ +LIBSLP=@LIBSLP@ +SLPOBJ=@SLPOBJ@ LIBOBJDIR=lib/ INSTALLCMD=@INSTALL@ @@ -48,7 +50,7 @@ OBJS1=flist.o rsync.o generator.o receiver.o cleanup.o sender.o exclude.o \ OBJS2=options.o io.o compat.o hlink.o token.o uidlist.o socket.o hashtable.o \ usage.o fileio.o batch.o clientname.o chmod.o acls.o xattrs.o OBJS3=progress.o pipe.o @MD5_ASM@ @ROLL_SIMD@ @ROLL_ASM@ -DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o +DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o $(SLPOBJ) popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \ popt/popthelp.o popt/poptparse.o OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) @BUILD_ZLIB@ @BUILD_POPT@ @@ -101,7 +103,7 @@ install-strip: $(MAKE) INSTALL_STRIP='-s' install rsync$(EXEEXT): $(OBJS) - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(LIBSLP) rrsync: support/rrsync cp -p $(srcdir)/support/rrsync rrsync diff --git a/clientserver.c b/clientserver.c --- a/clientserver.c +++ b/clientserver.c @@ -1516,6 +1516,13 @@ int daemon_main(void) * address too. In fact, why not just do getnameinfo on the * local address??? */ +#ifdef HAVE_LIBSLP + if (lp_use_slp() && register_services()) { + rprintf(FINFO, + "Couldn't register with service discovery protocol, continuing anyway\n"); + } +#endif + start_accept_loop(rsync_port, start_daemon); return -1; } diff --git a/configure.ac b/configure.ac --- a/configure.ac +++ b/configure.ac @@ -1039,6 +1039,29 @@ if test $rsync_cv_can_hardlink_special = yes; then AC_DEFINE(CAN_HARDLINK_SPECIAL, 1, [Define to 1 if link() can hard-link special files.]) fi +AC_ARG_ENABLE(slp, [ --disable-slp turn off SLP support, defaults to on]) +AC_ARG_WITH(openslp-libs, [ --with-openslp-libs set directory for OpenSLP library], + LDFLAGS="-L$withval $LDFLAGS" + DSOFLAGS="-L$withval $DSOFLAGS",) +AC_ARG_WITH(openslp-includes, [ --with-openslp-includes set directory for OpenSLP includes], + CFLAGS="-I$withval $CFLAGS" + CXXFLAGS="-I$withval $CXXFLAGS" + CPPFLAGS="-I$withval $CPPFLAGS",) + +LIBSLP="" +SLPOBJ="" + +if test x$enable_slp != xno; then + AC_CHECK_HEADER(slp.h, + AC_CHECK_LIB(slp, SLPOpen, + AC_DEFINE(HAVE_LIBSLP, 1, [Define to 1 for SLP support]) + SLPOBJ="srvreg.o srvloc.o" + LIBSLP="-lslp")) +fi + +AC_SUBST(LIBSLP) +AC_SUBST(SLPOBJ) + AC_CACHE_CHECK([for working socketpair],rsync_cv_HAVE_SOCKETPAIR,[ AC_RUN_IFELSE([AC_LANG_SOURCE([[ #ifdef HAVE_SYS_TYPES_H diff --git a/daemon-parm.txt b/daemon-parm.txt --- a/daemon-parm.txt +++ b/daemon-parm.txt @@ -10,8 +10,10 @@ STRING socket_options NULL INTEGER listen_backlog 5 INTEGER rsync_port|port 0 +INTEGER slp_refresh 0 BOOL proxy_protocol False +BOOL use_slp False Locals: ================================================================= diff --git a/main.c b/main.c --- a/main.c +++ b/main.c @@ -1402,6 +1402,22 @@ static int start_client(int argc, char *argv[]) if (!read_batch) { /* for read_batch, NO source is specified */ char *path = check_for_hostspec(argv[0], &shell_machine, &rsync_port); + + if (shell_machine && !shell_machine[0]) { +#ifdef HAVE_LIBSLP + /* User entered just rsync:// URI */ + if (lp_use_slp()) { + print_service_list(); + exit_cleanup(0); + } + rprintf(FINFO, "SLP is disabled, cannot browse\n"); + exit_cleanup(RERR_SYNTAX); +#else /* No SLP, die here */ + rprintf(FINFO, "No SLP support, cannot browse\n"); + exit_cleanup(RERR_SYNTAX); +#endif + } + if (path) { /* source is remote */ char *dummy_host; int dummy_port = 0; diff --git a/rsync.1.md b/rsync.1.md --- a/rsync.1.md +++ b/rsync.1.md @@ -152,7 +152,19 @@ rsync daemon by leaving off the module name: > rsync somehost.mydomain.com:: -See the following section for more details. +And, if Service Location Protocol is available, the following will list the +available rsync servers: + +> rsync rsync:// + +See the following section for even more usage details. + +One more thing, if Service Location Protocol is available, the following will +list the available rsync servers: + +> rsync rsync:// + +See the following section for even more usage details. ## SORTED TRANSFER ORDER diff --git a/rsync.h b/rsync.h --- a/rsync.h +++ b/rsync.h @@ -234,6 +234,10 @@ #define SIGNIFICANT_ITEM_FLAGS (~(\ ITEM_BASIS_TYPE_FOLLOWS | ITEM_XNAME_FOLLOWS | ITEM_LOCAL_CHANGE)) +/* this is the minimum we'll use, irrespective of config setting */ +/* definitely don't set to less than about 30 seconds */ +#define SLP_MIN_TIMEOUT 120 + #define CFN_KEEP_DOT_DIRS (1<<0) #define CFN_KEEP_TRAILING_SLASH (1<<1) #define CFN_DROP_TRAILING_DOT_DIR (1<<2) diff --git a/rsyncd.conf b/rsyncd.conf new file mode 100644 --- /dev/null +++ b/rsyncd.conf @@ -0,0 +1 @@ +slp refresh = 300 diff --git a/rsyncd.conf.5.md b/rsyncd.conf.5.md --- a/rsyncd.conf.5.md +++ b/rsyncd.conf.5.md @@ -138,6 +138,21 @@ a literal % into a value is to use %%. You can override the default backlog value when the daemon listens for connections. It defaults to 5. +0. `use slp` + + You can enable Service Location Protocol support by enabling this global + parameter. The default is "false". + +0. `slp refresh` + + This parameter is used to determine how long service advertisements are + valid (measured in seconds), and is only applicable if you have Service + Location Protocol support compiled in. If this is not set or is set to + zero, then service advertisements never time out. If this is set to less + than 120 seconds, then 120 seconds is used. If it is set to more than + 65535, then 65535 is used (which is a limitation of SLP). Using 3600 + (one hour) is a good number if you tend to change your configuration. + ## MODULE PARAMETERS After the global parameters you should define a number of modules, each module @@ -1176,6 +1191,7 @@ A more sophisticated example would be: > max connections = 4 > syslog facility = local5 > pid file = /var/run/rsyncd.pid +> slp refresh = 3600 > > [ftp] > path = /var/ftp/./pub diff --git a/socket.c b/socket.c --- a/socket.c +++ b/socket.c @@ -534,6 +534,16 @@ void start_accept_loop(int port, int (*fn)(int, int)) { fd_set deffds; int *sp, maxfd, i; +#ifdef HAVE_LIBSLP + time_t next_slp_refresh; + short slp_timeout = lp_use_slp() ? lp_slp_refresh() : 0; + if (slp_timeout) { + if (slp_timeout < SLP_MIN_TIMEOUT) + slp_timeout = SLP_MIN_TIMEOUT; + /* re-register before slp times out */ + slp_timeout -= 15; + } +#endif #ifdef HAVE_SIGACTION sigact.sa_flags = SA_NOCLDSTOP; @@ -561,14 +571,25 @@ void start_accept_loop(int port, int (*fn)(int, int)) maxfd = sp[i]; } +#ifdef HAVE_LIBSLP + next_slp_refresh = time(NULL) + slp_timeout; +#endif + /* now accept incoming connections - forking a new process * for each incoming connection */ while (1) { fd_set fds; pid_t pid; int fd; + int sel_ret; struct sockaddr_storage addr; socklen_t addrlen = sizeof addr; +#ifdef HAVE_LIBSLP + struct timeval slp_tv; + + slp_tv.tv_sec = 10; + slp_tv.tv_usec = 0; +#endif /* close log file before the potentially very long select so * file can be trimmed by another process instead of growing @@ -581,7 +602,18 @@ void start_accept_loop(int port, int (*fn)(int, int)) fds = deffds; #endif - if (select(maxfd + 1, &fds, NULL, NULL, NULL) < 1) +#ifdef HAVE_LIBSLP + sel_ret = select(maxfd + 1, &fds, NULL, NULL, + slp_timeout ? &slp_tv : NULL); + if (sel_ret == 0 && slp_timeout && time(NULL) > next_slp_refresh) { + rprintf(FINFO, "Service registration expired, refreshing it\n"); + register_services(); + next_slp_refresh = time(NULL) + slp_timeout; + } +#else + sel_ret = select(maxfd + 1, &fds, NULL, NULL, NULL); +#endif + if (sel_ret < 1) continue; for (i = 0, fd = -1; sp[i] >= 0; i++) { diff --git a/srvloc.c b/srvloc.c new file mode 100644 --- /dev/null +++ b/srvloc.c @@ -0,0 +1,103 @@ +/* -*- c-file-style: "linux"; -*- + + Copyright (C) 2002 by Brad Hards <[email protected]> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* This file implements the service location functionality */ +/* Basically, it uses normal Service Location Protocol API */ + +/* It is really a cheap hack - just to show how it might work + in a real application. +*/ + +#include "rsync.h" + +#include <slp.h> +#include <stdio.h> +#include <string.h> + +/* This one just prints out the attributes */ +static SLPBoolean getAttrCallback(UNUSED(SLPHandle hslp), const char *attrlist, + SLPError errcode, UNUSED(void *cookie)) +{ + char *cleanstr; + + if (errcode == SLP_OK) { + if (!strcmp(attrlist, "(comment=)")) + rprintf(FINFO, "\t(No description)\n"); + else { + cleanstr = strrchr(attrlist, ')') ; + *cleanstr = ' '; /* remove last ')' */ + rprintf(FINFO, "\t%s\n", strchr(attrlist, '=') + 1); + } + } + return SLP_FALSE; +} + +static SLPBoolean getSLPSrvURLCallback(UNUSED(SLPHandle hslp), + const char *srvurl, UNUSED(unsigned short lifetime), + SLPError errcode, void *cookie) +{ + SLPError result; + SLPHandle attrhslp; + + if (errcode == SLP_OK) { + /* chop service: off the front */ + rprintf(FINFO, " %s ", (strchr(srvurl, ':') + 1)); + /* check for any attributes */ + if (SLPOpen("en", SLP_FALSE,&attrhslp) == SLP_OK) { + result = SLPFindAttrs(attrhslp, srvurl, + "", /* return all attributes */ + "", /* use configured scopes */ + getAttrCallback, NULL); + if (result != SLP_OK) { + rprintf(FERROR, "errorcode: %i\n",result); + } + SLPClose(attrhslp); + } + *(SLPError*)cookie = SLP_OK; + } else + *(SLPError*)cookie = errcode; + + /* Return SLP_TRUE because we want to be called again + * if more services were found. */ + + return SLP_TRUE; +} + +int print_service_list(void) +{ + SLPError err; + SLPError callbackerr; + SLPHandle hslp; + + err = SLPOpen("en",SLP_FALSE,&hslp); + if (err != SLP_OK) { + rprintf(FERROR, "Error opening slp handle %i\n", err); + return err; + } + + SLPFindSrvs(hslp, "rsync", + 0, /* use configured scopes */ + 0, /* no attr filter */ + getSLPSrvURLCallback, &callbackerr); + + /* Now that we're done using slp, close the slp handle */ + SLPClose(hslp); + + return 0; +} diff --git a/srvreg.c b/srvreg.c new file mode 100644 --- /dev/null +++ b/srvreg.c @@ -0,0 +1,128 @@ +/* -*- c-file-style: "linux"; -*- + + Copyright (C) 2002 by Brad Hards <[email protected]> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* This file implements the service registration functionality */ + +/* Basically, it uses normal Service Location Protocol API */ + +#include "rsync.h" +#include "slp.h" +#include "netdb.h" + +extern int rsync_port; + +static void slp_callback(UNUSED(SLPHandle hslp), SLPError errcode, void *cookie) +{ + /* return the error code in the cookie */ + *(SLPError*)cookie = errcode; + + /* You could do something else here like print out + * the errcode, etc. Remember, as a general rule, + * do not try to do too much in a callback because + * it is being executed by the same thread that is + * reading slp packets from the wire. */ +} + +int register_services(void) +{ + SLPError err, callbackerr; + SLPHandle hslp; + int n; + int i; + char srv[120]; + char attr[120]; + char localhost[256]; + extern char *config_file; + short timeout; + struct addrinfo aih, *ai = 0; + + if (!lp_load(config_file, 0)) { + exit_cleanup(RERR_SYNTAX); + } + + n = lp_num_modules(); + + if (0 == lp_slp_refresh()) + timeout = SLP_LIFETIME_MAXIMUM; /* don't expire, ever */ + else if (SLP_MIN_TIMEOUT > lp_slp_refresh()) + timeout = SLP_MIN_TIMEOUT; /* use a reasonable minimum */ + else if (SLP_LIFETIME_MAXIMUM <= lp_slp_refresh()) + timeout = (SLP_LIFETIME_MAXIMUM - 1); /* as long as possible */ + else + timeout = lp_slp_refresh(); + + rprintf(FINFO, "rsyncd registering %d service%s with slpd for %d seconds:\n", n, ((n==1)? "":"s"), timeout); + err = SLPOpen("en",SLP_FALSE,&hslp); + if (err != SLP_OK) { + rprintf(FINFO, "Error opening slp handle %i\n",err); + return err; + } + if (gethostname(localhost, sizeof localhost)) { + rprintf(FINFO, "Could not get hostname: %s\n", strerror(errno)); + return err; + } + memset(&aih, 0, sizeof aih); + aih.ai_family = PF_UNSPEC; + aih.ai_flags = AI_CANONNAME; + if (0 != (err = getaddrinfo(localhost, 0, &aih, &ai)) || !ai) { + rprintf(FINFO, "Could not resolve hostname: %s\n", gai_strerror(err)); + return err; + } + /* Register each service with SLP */ + for (i = 0; i < n; i++) { + if (!lp_list(i)) + continue; + + snprintf(srv, sizeof srv, "service:rsync://%s:%d/%s", + ai->ai_canonname, + rsync_port, + lp_name(i)); + rprintf(FINFO, " %s\n", srv); + if (lp_comment(i)) { + snprintf(attr, sizeof attr, "(comment=%s)", + lp_comment(i)); + } + err = SLPReg(hslp, + srv, /* service to register */ + timeout, + 0, /* this is ignored */ + attr, /* attributes */ + SLP_TRUE, /* new registration - don't change this */ + slp_callback, /* callback */ + &callbackerr); + + /* err may contain an error code that occurred as the slp library + * _prepared_ to make the call. */ + if (err != SLP_OK || callbackerr != SLP_OK) + rprintf(FINFO, "Error registering service with slp %i\n", err); + + /* callbackerr may contain an error code (that was assigned through + * the callback cookie) that occurred as slp packets were sent on + * the wire. */ + if (callbackerr != SLP_OK) + rprintf(FINFO, "Error registering service with slp %i\n",callbackerr); + } + + /* Now that we're done using slp, close the slp handle */ + freeaddrinfo(ai); + SLPClose(hslp); + + /* refresh is done in main select loop */ + return 0; +} diff --git a/usage.c b/usage.c --- a/usage.c +++ b/usage.c @@ -137,6 +137,11 @@ static void print_info_flags(enum logcode f) #endif "crtimes", +#ifndef HAVE_LIBSLP + "no " +#endif + "SLP", + "*Optimizations", #ifndef USE_ROLL_SIMD ++++++ rsync-3.2.4.tar.gz -> rsync-3.2.5.tar.gz ++++++ ++++ 5063 lines of diff (skipped) ++++++ rsync-patches-3.2.4.tar.gz -> rsync-patches-3.2.5.tar.gz ++++++ ++++ 5213 lines of diff (skipped)
