Bug#884721: rsyncrypto: Segmentation fault with --delete

2019-02-09 Thread Sascha Steinbiss 
user debian-rele...@lists.debian.org

usertag 884721 + bsp-2019-02-de-berlin
usertag 912051 + bsp-2019-02-de-berlin
thank you

Dear maintainers,

Greetings from the BSP at the DCSO office in Berlin.

I have fixed this bug and NMU'd rsyncrypto_1.14-1.1 to DELAYED/5. Please
feel free to reschedule or cancel my upload as you see fit. I have
attached the diff.

Cheers
Sascha
diff -Nru rsyncrypto-1.14/debian/changelog rsyncrypto-1.14/debian/changelog
--- rsyncrypto-1.14/debian/changelog	2017-09-06 19:30:22.0 +0200
+++ rsyncrypto-1.14/debian/changelog	2019-02-09 15:11:50.0 +0100
@@ -1,3 +1,13 @@
+rsyncrypto (1.14-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add explicit build dependency on automake-1.15.
+Closes: #912051   
+  * Fix segfault with --delete. Thanks to Chris Boot for the patch.
+Closes: #884721
+
+ -- Sascha Steinbiss   Sat, 09 Feb 2019 15:11:50 +0100
+
 rsyncrypto (1.14-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru rsyncrypto-1.14/debian/control rsyncrypto-1.14/debian/control
--- rsyncrypto-1.14/debian/control	2017-09-06 19:30:22.0 +0200
+++ rsyncrypto-1.14/debian/control	2019-02-09 15:11:50.0 +0100
@@ -2,7 +2,7 @@
 Section: utils
 Priority: optional
 Maintainer: Shachar Shemesh 
-Build-Depends: debhelper (>= 9), libssl-dev (>= 1.1.0), libargtable2-dev, autotools-dev
+Build-Depends: debhelper (>= 9), libssl-dev (>= 1.1.0), libargtable2-dev, autotools-dev, automake-1.15
 Standards-Version: 4.1.0
 Homepage: https://rsyncrypto.lingnu.com
 
diff -Nru rsyncrypto-1.14/debian/patches/fix_segfault_in_unlink rsyncrypto-1.14/debian/patches/fix_segfault_in_unlink
--- rsyncrypto-1.14/debian/patches/fix_segfault_in_unlink	1970-01-01 01:00:00.0 +0100
+++ rsyncrypto-1.14/debian/patches/fix_segfault_in_unlink	2019-02-09 15:11:50.0 +0100
@@ -0,0 +1,17 @@
+Description: fix segfault
+ This fixes a crash when using rsyncrypto to refresh an
+ encrypted directory tree with --delete enabled.
+ This happens because of an infinite recursion in autofd::unlink()
+Author: Chris Boot 
+Last-Update: 2019-02-09
+--- a/autofd.h
 b/autofd.h
+@@ -216,7 +216,7 @@
+ // unless it failed with ENOENT - the file already doesn't exist
+ static int unlink(const char *pathname)
+ {
+-bool success=unlink( pathname )==0;
++bool success=::unlink( pathname )==0;
+ if( !success && errno!=ENOENT )
+ throw rscerror("Erasing file", errno, pathname );
+ 
diff -Nru rsyncrypto-1.14/debian/patches/series rsyncrypto-1.14/debian/patches/series
--- rsyncrypto-1.14/debian/patches/series	2017-09-06 19:30:22.0 +0200
+++ rsyncrypto-1.14/debian/patches/series	2019-02-09 15:11:50.0 +0100
@@ -1 +1,2 @@
 remove_precompiled_headers
+fix_segfault_in_unlink

Bug#884721: rsyncrypto: Segmentation fault with --delete

2017-12-18 Thread Chris Boot 
Package: rsyncrypto
Version: 1.13-1
Severity: serious
Tags: patch upstream
Justification: crash on basic functionality

Dear maintainer,

I have recently been exposed to rsyncrypto through a client of my
work's, and have encountered a crash when using rsyncrypto to refresh an
encrypted directory tree with --delete enabled.

This happens because of an infinite recursion in autofd::unlink():

https://sources.debian.org/src/rsyncrypto/1.13-1/autofd.h/#L217

static int unlink(const char *pathname)
{
bool success=unlink( pathname )==0;
[...]
}

I came up with the following patch which simply calls unlink() in the
top scope. This seems to fix the problem for me:

--- rsyncrypto-1.14.orig/autofd.h
+++ rsyncrypto-1.14/autofd.h
@@ -216,7 +216,7 @@ public:
 // unless it failed with ENOENT - the file already doesn't exist
 static int unlink(const char *pathname)
 {
-bool success=unlink( pathname )==0;
+bool success=::unlink( pathname )==0;
 if( !success && errno!=ENOENT )
 throw rscerror("Erasing file", errno, pathname );
 

This affects 1.13-1 and 1.14-1 in Debian in the same way. Please let me
know if you would like any further information.

Best regards,
Chris

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'testing'), (100, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.13.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rsyncrypto depends on:
ii  gzip1.6-5+b1
pn  libargtable2-0  
ii  libc6   2.25-3
ii  libgcc1 1:7.2.0-17
ii  libssl1.1   1.1.0g-2
ii  libstdc++6  7.2.0-17

Versions of packages rsyncrypto recommends:
ii  rsync  3.1.2-2

rsyncrypto suggests no packages.