[arch-commits] Commit in rsync/repos (16 files)
Pierre Schmitz
pierre at nymeria.archlinux.org
Sun Jun 22 18:31:07 UTC 2014
Date: Sunday, June 22, 2014 @ 20:31:07
Author: pierre
Revision: 215344
archrelease: copy trunk to testing-i686, testing-x86_64
Added:
rsync/repos/testing-i686/
rsync/repos/testing-i686/CVE-2014-2855.patch
(from rev 215343, rsync/trunk/CVE-2014-2855.patch)
rsync/repos/testing-i686/PKGBUILD
(from rev 215343, rsync/trunk/PKGBUILD)
rsync/repos/testing-i686/rsync.xinetd
(from rev 215343, rsync/trunk/rsync.xinetd)
rsync/repos/testing-i686/rsyncd.conf
(from rev 215343, rsync/trunk/rsyncd.conf)
rsync/repos/testing-i686/rsyncd.service
(from rev 215343, rsync/trunk/rsyncd.service)
rsync/repos/testing-i686/rsyncd.socket
(from rev 215343, rsync/trunk/rsyncd.socket)
rsync/repos/testing-i686/rsyncd at .service
(from rev 215343, rsync/trunk/rsyncd at .service)
rsync/repos/testing-x86_64/
rsync/repos/testing-x86_64/CVE-2014-2855.patch
(from rev 215343, rsync/trunk/CVE-2014-2855.patch)
rsync/repos/testing-x86_64/PKGBUILD
(from rev 215343, rsync/trunk/PKGBUILD)
rsync/repos/testing-x86_64/rsync.xinetd
(from rev 215343, rsync/trunk/rsync.xinetd)
rsync/repos/testing-x86_64/rsyncd.conf
(from rev 215343, rsync/trunk/rsyncd.conf)
rsync/repos/testing-x86_64/rsyncd.service
(from rev 215343, rsync/trunk/rsyncd.service)
rsync/repos/testing-x86_64/rsyncd.socket
(from rev 215343, rsync/trunk/rsyncd.socket)
rsync/repos/testing-x86_64/rsyncd at .service
(from rev 215343, rsync/trunk/rsyncd at .service)
------------------------------------+
testing-i686/CVE-2014-2855.patch | 83 +++++++++++++++++++++++++++++++++++
testing-i686/PKGBUILD | 47 +++++++++++++++++++
testing-i686/rsync.xinetd | 11 ++++
testing-i686/rsyncd.conf | 10 ++++
testing-i686/rsyncd.service | 9 +++
testing-i686/rsyncd.socket | 10 ++++
testing-i686/rsyncd at .service | 11 ++++
testing-x86_64/CVE-2014-2855.patch | 83 +++++++++++++++++++++++++++++++++++
testing-x86_64/PKGBUILD | 47 +++++++++++++++++++
testing-x86_64/rsync.xinetd | 11 ++++
testing-x86_64/rsyncd.conf | 10 ++++
testing-x86_64/rsyncd.service | 9 +++
testing-x86_64/rsyncd.socket | 10 ++++
testing-x86_64/rsyncd at .service | 11 ++++
14 files changed, 362 insertions(+)
Copied: rsync/repos/testing-i686/CVE-2014-2855.patch (from rev 215343, rsync/trunk/CVE-2014-2855.patch)
===================================================================
--- testing-i686/CVE-2014-2855.patch (rev 0)
+++ testing-i686/CVE-2014-2855.patch 2014-06-22 18:31:07 UTC (rev 215344)
@@ -0,0 +1,83 @@
+From 0dedfbce2c1b851684ba658861fe9d620636c56a Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayned at samba.org>
+Date: Sun, 13 Apr 2014 13:44:58 -0700
+Subject: [PATCH] Avoid infinite wait reading secrets file.
+
+---
+ authenticate.c | 24 +++++++++++++-----------
+ 1 files changed, 13 insertions(+), 11 deletions(-)
+
+diff --git a/authenticate.c b/authenticate.c
+index 3381b8c..c92746c 100644
+--- a/authenticate.c
++++ b/authenticate.c
+@@ -102,15 +102,16 @@ static const char *check_secret(int module, const char *user, const char *group,
+ char pass2[MAX_DIGEST_LEN*2];
+ const char *fname = lp_secrets_file(module);
+ STRUCT_STAT st;
+- int fd, ok = 1;
++ int ok = 1;
+ int user_len = strlen(user);
+ int group_len = group ? strlen(group) : 0;
+ char *err;
++ FILE *fh;
+
+- if (!fname || !*fname || (fd = open(fname, O_RDONLY)) < 0)
++ if (!fname || !*fname || (fh = fopen(fname, "r")) == NULL)
+ return "no secrets file";
+
+- if (do_fstat(fd, &st) == -1) {
++ if (do_fstat(fileno(fh), &st) == -1) {
+ rsyserr(FLOG, errno, "fstat(%s)", fname);
+ ok = 0;
+ } else if (lp_strict_modes(module)) {
+@@ -123,29 +124,30 @@ static const char *check_secret(int module, const char *user, const char *group,
+ }
+ }
+ if (!ok) {
+- close(fd);
++ fclose(fh);
+ return "ignoring secrets file";
+ }
+
+ if (*user == '#') {
+ /* Reject attempt to match a comment. */
+- close(fd);
++ fclose(fh);
+ return "invalid username";
+ }
+
+ /* Try to find a line that starts with the user (or @group) name and a ':'. */
+ err = "secret not found";
+- while ((user || group) && read_line_old(fd, line, sizeof line, 1)) {
+- const char **ptr, *s;
++ while ((user || group) && fgets(line, sizeof line, fh) != NULL) {
++ const char **ptr, *s = strtok(line, "\n\r");
+ int len;
+- if (*line == '@') {
++ if (!s)
++ continue;
++ if (*s == '@') {
+ ptr = &group;
+ len = group_len;
+- s = line+1;
++ s++;
+ } else {
+ ptr = &user;
+ len = user_len;
+- s = line;
+ }
+ if (!*ptr || strncmp(s, *ptr, len) != 0 || s[len] != ':')
+ continue;
+@@ -158,7 +160,7 @@ static const char *check_secret(int module, const char *user, const char *group,
+ *ptr = NULL; /* Don't look for name again. */
+ }
+
+- close(fd);
++ fclose(fh);
+
+ memset(line, 0, sizeof line);
+ memset(pass2, 0, sizeof pass2);
+--
+1.7.0.4
+
Copied: rsync/repos/testing-i686/PKGBUILD (from rev 215343, rsync/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD (rev 0)
+++ testing-i686/PKGBUILD 2014-06-22 18:31:07 UTC (rev 215344)
@@ -0,0 +1,47 @@
+# $Id$
+
+pkgname=rsync
+pkgver=3.1.1
+pkgrel=1
+pkgdesc="A file transfer program to keep remote files in sync"
+arch=('i686' 'x86_64')
+url="http://rsync.samba.org/"
+license=('GPL3')
+depends=('perl' 'popt' 'acl' 'zlib')
+backup=('etc/rsyncd.conf' 'etc/xinetd.d/rsync')
+source=("http://rsync.samba.org/ftp/rsync/$pkgname-$pkgver.tar.gz"
+ "http://rsync.samba.org/ftp/rsync/$pkgname-$pkgver.tar.gz.asc"
+ 'rsyncd.conf' 'rsync.xinetd' 'rsyncd.service'
+ 'rsyncd.socket' 'rsyncd at .service')
+md5sums=('43bd6676f0b404326eee2d63be3cdcfe'
+ 'SKIP'
+ 'bce64d122a8e0f86872a4a21a03bc7f3'
+ 'ea3e9277dc908bc51f9eddc0f6b935c1'
+ '084140868d38cf3e937a2db716d47c0f'
+ 'ae4c381e0c02d6132c7f6ded3f473041'
+ '53f94e613e0bc502d38dd61bd2cd7636')
+
+build() {
+ cd "$srcdir/$pkgname-$pkgver"
+ ./configure --prefix=/usr \
+ --with-included-popt=no \
+ --with-included-zlib=no \
+ --disable-debug
+ make
+}
+
+check() {
+ cd "$srcdir/$pkgname-$pkgver"
+ make test
+}
+
+package() {
+ cd "$srcdir/$pkgname-$pkgver"
+ make DESTDIR="$pkgdir" install
+ install -Dm644 ../rsyncd.conf "$pkgdir/etc/rsyncd.conf"
+ install -Dm644 ../rsync.xinetd "$pkgdir/etc/xinetd.d/rsync"
+ install -Dm644 ../rsyncd.service "$pkgdir/usr/lib/systemd/system/rsyncd.service"
+ install -m644 ../rsyncd.socket "$pkgdir/usr/lib/systemd/system/rsyncd.socket"
+ install -m644 ../rsyncd at .service "$pkgdir/usr/lib/systemd/system/rsyncd at .service"
+ install -Dm755 support/rrsync "$pkgdir/usr/lib/rsync/rrsync"
+}
Copied: rsync/repos/testing-i686/rsync.xinetd (from rev 215343, rsync/trunk/rsync.xinetd)
===================================================================
--- testing-i686/rsync.xinetd (rev 0)
+++ testing-i686/rsync.xinetd 2014-06-22 18:31:07 UTC (rev 215344)
@@ -0,0 +1,11 @@
+service rsync
+{
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/bin/rsync
+ server_args = --daemon
+ log_on_success += HOST DURATION
+ log_on_failure += HOST
+ disable = yes
+}
Copied: rsync/repos/testing-i686/rsyncd.conf (from rev 215343, rsync/trunk/rsyncd.conf)
===================================================================
--- testing-i686/rsyncd.conf (rev 0)
+++ testing-i686/rsyncd.conf 2014-06-22 18:31:07 UTC (rev 215344)
@@ -0,0 +1,10 @@
+uid = nobody
+gid = nobody
+use chroot = no
+max connections = 4
+syslog facility = local5
+pid file = /run/rsyncd.pid
+
+[ftp]
+ path = /srv/ftp
+ comment = ftp area
Copied: rsync/repos/testing-i686/rsyncd.service (from rev 215343, rsync/trunk/rsyncd.service)
===================================================================
--- testing-i686/rsyncd.service (rev 0)
+++ testing-i686/rsyncd.service 2014-06-22 18:31:07 UTC (rev 215344)
@@ -0,0 +1,9 @@
+[Unit]
+Description=A file transfer program to keep remote files in sync
+
+[Service]
+ExecStart=/usr/bin/rsync --daemon --no-detach
+RestartSec=1
+
+[Install]
+WantedBy=multi-user.target
Copied: rsync/repos/testing-i686/rsyncd.socket (from rev 215343, rsync/trunk/rsyncd.socket)
===================================================================
--- testing-i686/rsyncd.socket (rev 0)
+++ testing-i686/rsyncd.socket 2014-06-22 18:31:07 UTC (rev 215344)
@@ -0,0 +1,10 @@
+[Unit]
+Description=Rsync Socket
+Conflicts=rsyncd.service
+
+[Socket]
+ListenStream=873
+Accept=true
+
+[Install]
+WantedBy=sockets.target
Copied: rsync/repos/testing-i686/rsyncd at .service (from rev 215343, rsync/trunk/rsyncd at .service)
===================================================================
--- testing-i686/rsyncd at .service (rev 0)
+++ testing-i686/rsyncd at .service 2014-06-22 18:31:07 UTC (rev 215344)
@@ -0,0 +1,11 @@
+[Unit]
+Description=A file transfer program to keep remote files in sync
+After=network.target
+
+[Service]
+ExecStart=-/usr/bin/rsync --daemon
+StandardInput=socket
+StandardOutput=inherit
+StandardError=journal
+User=nobody
+Group=nobody
Copied: rsync/repos/testing-x86_64/CVE-2014-2855.patch (from rev 215343, rsync/trunk/CVE-2014-2855.patch)
===================================================================
--- testing-x86_64/CVE-2014-2855.patch (rev 0)
+++ testing-x86_64/CVE-2014-2855.patch 2014-06-22 18:31:07 UTC (rev 215344)
@@ -0,0 +1,83 @@
+From 0dedfbce2c1b851684ba658861fe9d620636c56a Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayned at samba.org>
+Date: Sun, 13 Apr 2014 13:44:58 -0700
+Subject: [PATCH] Avoid infinite wait reading secrets file.
+
+---
+ authenticate.c | 24 +++++++++++++-----------
+ 1 files changed, 13 insertions(+), 11 deletions(-)
+
+diff --git a/authenticate.c b/authenticate.c
+index 3381b8c..c92746c 100644
+--- a/authenticate.c
++++ b/authenticate.c
+@@ -102,15 +102,16 @@ static const char *check_secret(int module, const char *user, const char *group,
+ char pass2[MAX_DIGEST_LEN*2];
+ const char *fname = lp_secrets_file(module);
+ STRUCT_STAT st;
+- int fd, ok = 1;
++ int ok = 1;
+ int user_len = strlen(user);
+ int group_len = group ? strlen(group) : 0;
+ char *err;
++ FILE *fh;
+
+- if (!fname || !*fname || (fd = open(fname, O_RDONLY)) < 0)
++ if (!fname || !*fname || (fh = fopen(fname, "r")) == NULL)
+ return "no secrets file";
+
+- if (do_fstat(fd, &st) == -1) {
++ if (do_fstat(fileno(fh), &st) == -1) {
+ rsyserr(FLOG, errno, "fstat(%s)", fname);
+ ok = 0;
+ } else if (lp_strict_modes(module)) {
+@@ -123,29 +124,30 @@ static const char *check_secret(int module, const char *user, const char *group,
+ }
+ }
+ if (!ok) {
+- close(fd);
++ fclose(fh);
+ return "ignoring secrets file";
+ }
+
+ if (*user == '#') {
+ /* Reject attempt to match a comment. */
+- close(fd);
++ fclose(fh);
+ return "invalid username";
+ }
+
+ /* Try to find a line that starts with the user (or @group) name and a ':'. */
+ err = "secret not found";
+- while ((user || group) && read_line_old(fd, line, sizeof line, 1)) {
+- const char **ptr, *s;
++ while ((user || group) && fgets(line, sizeof line, fh) != NULL) {
++ const char **ptr, *s = strtok(line, "\n\r");
+ int len;
+- if (*line == '@') {
++ if (!s)
++ continue;
++ if (*s == '@') {
+ ptr = &group;
+ len = group_len;
+- s = line+1;
++ s++;
+ } else {
+ ptr = &user;
+ len = user_len;
+- s = line;
+ }
+ if (!*ptr || strncmp(s, *ptr, len) != 0 || s[len] != ':')
+ continue;
+@@ -158,7 +160,7 @@ static const char *check_secret(int module, const char *user, const char *group,
+ *ptr = NULL; /* Don't look for name again. */
+ }
+
+- close(fd);
++ fclose(fh);
+
+ memset(line, 0, sizeof line);
+ memset(pass2, 0, sizeof pass2);
+--
+1.7.0.4
+
Copied: rsync/repos/testing-x86_64/PKGBUILD (from rev 215343, rsync/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2014-06-22 18:31:07 UTC (rev 215344)
@@ -0,0 +1,47 @@
+# $Id$
+
+pkgname=rsync
+pkgver=3.1.1
+pkgrel=1
+pkgdesc="A file transfer program to keep remote files in sync"
+arch=('i686' 'x86_64')
+url="http://rsync.samba.org/"
+license=('GPL3')
+depends=('perl' 'popt' 'acl' 'zlib')
+backup=('etc/rsyncd.conf' 'etc/xinetd.d/rsync')
+source=("http://rsync.samba.org/ftp/rsync/$pkgname-$pkgver.tar.gz"
+ "http://rsync.samba.org/ftp/rsync/$pkgname-$pkgver.tar.gz.asc"
+ 'rsyncd.conf' 'rsync.xinetd' 'rsyncd.service'
+ 'rsyncd.socket' 'rsyncd at .service')
+md5sums=('43bd6676f0b404326eee2d63be3cdcfe'
+ 'SKIP'
+ 'bce64d122a8e0f86872a4a21a03bc7f3'
+ 'ea3e9277dc908bc51f9eddc0f6b935c1'
+ '084140868d38cf3e937a2db716d47c0f'
+ 'ae4c381e0c02d6132c7f6ded3f473041'
+ '53f94e613e0bc502d38dd61bd2cd7636')
+
+build() {
+ cd "$srcdir/$pkgname-$pkgver"
+ ./configure --prefix=/usr \
+ --with-included-popt=no \
+ --with-included-zlib=no \
+ --disable-debug
+ make
+}
+
+check() {
+ cd "$srcdir/$pkgname-$pkgver"
+ make test
+}
+
+package() {
+ cd "$srcdir/$pkgname-$pkgver"
+ make DESTDIR="$pkgdir" install
+ install -Dm644 ../rsyncd.conf "$pkgdir/etc/rsyncd.conf"
+ install -Dm644 ../rsync.xinetd "$pkgdir/etc/xinetd.d/rsync"
+ install -Dm644 ../rsyncd.service "$pkgdir/usr/lib/systemd/system/rsyncd.service"
+ install -m644 ../rsyncd.socket "$pkgdir/usr/lib/systemd/system/rsyncd.socket"
+ install -m644 ../rsyncd at .service "$pkgdir/usr/lib/systemd/system/rsyncd at .service"
+ install -Dm755 support/rrsync "$pkgdir/usr/lib/rsync/rrsync"
+}
Copied: rsync/repos/testing-x86_64/rsync.xinetd (from rev 215343, rsync/trunk/rsync.xinetd)
===================================================================
--- testing-x86_64/rsync.xinetd (rev 0)
+++ testing-x86_64/rsync.xinetd 2014-06-22 18:31:07 UTC (rev 215344)
@@ -0,0 +1,11 @@
+service rsync
+{
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/bin/rsync
+ server_args = --daemon
+ log_on_success += HOST DURATION
+ log_on_failure += HOST
+ disable = yes
+}
Copied: rsync/repos/testing-x86_64/rsyncd.conf (from rev 215343, rsync/trunk/rsyncd.conf)
===================================================================
--- testing-x86_64/rsyncd.conf (rev 0)
+++ testing-x86_64/rsyncd.conf 2014-06-22 18:31:07 UTC (rev 215344)
@@ -0,0 +1,10 @@
+uid = nobody
+gid = nobody
+use chroot = no
+max connections = 4
+syslog facility = local5
+pid file = /run/rsyncd.pid
+
+[ftp]
+ path = /srv/ftp
+ comment = ftp area
Copied: rsync/repos/testing-x86_64/rsyncd.service (from rev 215343, rsync/trunk/rsyncd.service)
===================================================================
--- testing-x86_64/rsyncd.service (rev 0)
+++ testing-x86_64/rsyncd.service 2014-06-22 18:31:07 UTC (rev 215344)
@@ -0,0 +1,9 @@
+[Unit]
+Description=A file transfer program to keep remote files in sync
+
+[Service]
+ExecStart=/usr/bin/rsync --daemon --no-detach
+RestartSec=1
+
+[Install]
+WantedBy=multi-user.target
Copied: rsync/repos/testing-x86_64/rsyncd.socket (from rev 215343, rsync/trunk/rsyncd.socket)
===================================================================
--- testing-x86_64/rsyncd.socket (rev 0)
+++ testing-x86_64/rsyncd.socket 2014-06-22 18:31:07 UTC (rev 215344)
@@ -0,0 +1,10 @@
+[Unit]
+Description=Rsync Socket
+Conflicts=rsyncd.service
+
+[Socket]
+ListenStream=873
+Accept=true
+
+[Install]
+WantedBy=sockets.target
Copied: rsync/repos/testing-x86_64/rsyncd at .service (from rev 215343, rsync/trunk/rsyncd at .service)
===================================================================
--- testing-x86_64/rsyncd at .service (rev 0)
+++ testing-x86_64/rsyncd at .service 2014-06-22 18:31:07 UTC (rev 215344)
@@ -0,0 +1,11 @@
+[Unit]
+Description=A file transfer program to keep remote files in sync
+After=network.target
+
+[Service]
+ExecStart=-/usr/bin/rsync --daemon
+StandardInput=socket
+StandardOutput=inherit
+StandardError=journal
+User=nobody
+Group=nobody
More information about the arch-commits
mailing list