[gentoo-commits] repo/gentoo:master commit in: net-misc/rsync/, net-misc/rsync/files/

[gentoo-commits] repo/gentoo:master commit in: net-misc/rsync/, net-misc/rsync/files/

[Lars Wendler]

commit:     90f6117132f72305b9ef08c0dd2c15123164a23a
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 22 10:05:02 2015 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Dec 22 10:05:02 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90f61171

net-misc/rsync: Removed old.

Package-Manager: portage-2.2.26
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 net-misc/rsync/Manifest                            |  3 -
 ...-avoid_infinite_wait_reading_secrets_file.patch | 79 ----------------------
 net-misc/rsync/rsync-3.0.9-r3.ebuild               | 75 --------------------
 net-misc/rsync/rsync-3.1.0-r1.ebuild               | 76 ---------------------
 net-misc/rsync/rsync-3.1.2_pre1.ebuild             | 77 ---------------------
 5 files changed, 310 deletions(-)

diff --git a/net-misc/rsync/Manifest b/net-misc/rsync/Manifest
index a1ed572..4774bc2 100644
--- a/net-misc/rsync/Manifest
+++ b/net-misc/rsync/Manifest
@@ -1,5 +1,2 @@
-DIST rsync-3.0.9.tar.gz 792725 SHA256 30f10f8dd5490d28240d4271bb652b1da7a60b22ed2b9ae28090668de9247c05 SHA512 b08f9525d7af981b6010e99cc1fa2e39fea94db317a5078ad687adf2716160b0f67b9fad6d9e5b7db63749f031c925fe3b47599379a14a5565c71be85987d5ff WHIRLPOOL 0b1c6c6a310f813a0628b7bac36bc8bdbfffff4b641b93f5da0c6fd9f482958da40486c16ae9694af5382c63aa8e2ee733d79d7baef6e8e9b591cfb83617dcea
-DIST rsync-3.1.0.tar.gz 883901 SHA256 81ca23f77fc9b957eb9845a6024f41af0ff0c619b7f38576887c63fa38e2394e SHA512 bc8dfc90cac1a83cbb34e33cea805bfaa9597694a285fb69d55224fc52987c0199415b380f83a6ac55d17548e6888d1ab0d7bb5951ae4c3a3412c4e3ccf932f3 WHIRLPOOL 3b45271e9cd17eb42c7f06c2b516dc1e4a9333c03e6b5c3c80563ad8121870abdb92db401075a54ae7abe60e875938a4b5e4780eea8e3f30ca1ff75f95a6d00e
 DIST rsync-3.1.1.tar.gz 890124 SHA256 7de4364fcf5fe42f3bdb514417f1c40d10bbca896abe7e7f2c581c6ea08a2621 SHA512 ec0e46ff532a09a711282aaa822f5f1c133593ee6c1c474acd67284619236e6a202f0f369d3e67a95ceb3a3b1c39ea7fb609d6d6fb950f3be6e0f6372e903e21 WHIRLPOOL 0622646c10a0b4553fddbc0c3c48e6a87f78eaa56dc0cc0f0db86ed45e2c6572d23e4c379fae50ced012c2c0e75a364cae55f7c49f88918a9d62fb9ae17805b9
 DIST rsync-3.1.2.tar.gz 892724 SHA256 ecfa62a7fa3c4c18b9eccd8c16eaddee4bd308a76ea50b5c02a5840f09c0a1c2 SHA512 4c55fd69f436ead0cb5a0b7c6fdfef9bb28ddb9c63534eb619e756b118d5b08cfc5e696498650932c86e865b37e06633da947e6720ca0c27ed5c034313ae208b WHIRLPOOL ba793bfc7f0bdd70dba812a4a782c6ed703c7e83e2d04ca714e67e6153b31f6fc49e224ef7622bf5abb1e0ba0f633bc88b2640548028944b5dfa0443ae8c585e
-DIST rsync-3.1.2pre1.tar.gz 892074 SHA256 35348ccf7d5cb02a4a0b2c398ac639663baf0dc6d602dd2f5804946e69a61b97 SHA512 39f3574618c45c1486131277526511a4b0b13c96928f913bebfb192b7ef8b4d186f93217e46225622d72e2691300eb617df29067a7331062391062182ddb6a49 WHIRLPOOL 14cd62800246b01d42d0f141dfbb4273914a25ad4b86b86a9f2be09f56546d08fdd3cf95b40b3ecee87237985c2a4da3e12cf2de0c526f40f77cf123458c7cdc

diff --git a/net-misc/rsync/files/rsync-3.1.1_pre1-avoid_infinite_wait_reading_secrets_file.patch b/net-misc/rsync/files/rsync-3.1.1_pre1-avoid_infinite_wait_reading_secrets_file.patch
deleted file mode 100644
index a3469a1..0000000
--- a/net-misc/rsync/files/rsync-3.1.1_pre1-avoid_infinite_wait_reading_secrets_file.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From: Wayne Davison <wayned@samba.org>
-Date: Sun, 13 Apr 2014 20:44:58 +0000 (-0700)
-Subject: Avoid infinite wait reading secrets file.
-X-Git-Url: https://git.samba.org/?p=rsync.git;a=commitdiff_plain;h=0dedfbce2c1b851684ba658861fe9d620636c56a
-
-Avoid infinite wait reading secrets file.
----
-
-diff --git a/authenticate.c b/authenticate.c
-index 3381b8c..c92746c 100644
---- a/authenticate.c
-+++ b/authenticate.c
-@@ -102,15 +102,16 @@ static const char *check_secret(int module, const char *user, const char *group,
- 	char pass2[MAX_DIGEST_LEN*2];
- 	const char *fname = lp_secrets_file(module);
- 	STRUCT_STAT st;
--	int fd, ok = 1;
-+	int ok = 1;
- 	int user_len = strlen(user);
- 	int group_len = group ? strlen(group) : 0;
- 	char *err;
-+	FILE *fh;
- 
--	if (!fname || !*fname || (fd = open(fname, O_RDONLY)) < 0)
-+	if (!fname || !*fname || (fh = fopen(fname, "r")) == NULL)
- 		return "no secrets file";
- 
--	if (do_fstat(fd, &st) == -1) {
-+	if (do_fstat(fileno(fh), &st) == -1) {
- 		rsyserr(FLOG, errno, "fstat(%s)", fname);
- 		ok = 0;
- 	} else if (lp_strict_modes(module)) {
-@@ -123,29 +124,30 @@ static const char *check_secret(int module, const char *user, const char *group,
- 		}
- 	}
- 	if (!ok) {
--		close(fd);
-+		fclose(fh);
- 		return "ignoring secrets file";
- 	}
- 
- 	if (*user == '#') {
- 		/* Reject attempt to match a comment. */
--		close(fd);
-+		fclose(fh);
- 		return "invalid username";
- 	}
- 
- 	/* Try to find a line that starts with the user (or @group) name and a ':'. */
- 	err = "secret not found";
--	while ((user || group) && read_line_old(fd, line, sizeof line, 1)) {
--		const char **ptr, *s;
-+	while ((user || group) && fgets(line, sizeof line, fh) != NULL) {
-+		const char **ptr, *s = strtok(line, "\n\r");
- 		int len;
--		if (*line == '@') {
-+		if (!s)
-+			continue;
-+		if (*s == '@') {
- 			ptr = &group;
- 			len = group_len;
--			s = line+1;
-+			s++;
- 		} else {
- 			ptr = &user;
- 			len = user_len;
--			s = line;
- 		}
- 		if (!*ptr || strncmp(s, *ptr, len) != 0 || s[len] != ':')
- 			continue;
-@@ -158,7 +160,7 @@ static const char *check_secret(int module, const char *user, const char *group,
- 		*ptr = NULL; /* Don't look for name again. */
- 	}
- 
--	close(fd);
-+	fclose(fh);
- 
- 	memset(line, 0, sizeof line);
- 	memset(pass2, 0, sizeof pass2);

diff --git a/net-misc/rsync/rsync-3.0.9-r3.ebuild b/net-misc/rsync/rsync-3.0.9-r3.ebuild
deleted file mode 100644
index 700bdc0..0000000
--- a/net-misc/rsync/rsync-3.0.9-r3.ebuild
+++ /dev/null
@@ -1,75 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-inherit eutils flag-o-matic prefix systemd
-
-DESCRIPTION="File transfer program to keep remote files into sync"
-HOMEPAGE="http://rsync.samba.org/"
-SRC_URI="http://rsync.samba.org/ftp/rsync/src/${P/_/}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="acl iconv ipv6 static xattr"
-
-LIB_DEPEND="acl? ( virtual/acl[static-libs(+)] )
-	xattr? ( kernel_linux? ( sys-apps/attr[static-libs(+)] ) )
-	>=dev-libs/popt-1.5[static-libs(+)]"
-RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
-	iconv? ( virtual/libiconv )"
-DEPEND="${RDEPEND}
-	static? ( ${LIB_DEPEND} )"
-
-S=${WORKDIR}/${P/_/}
-
-src_prepare() {
-	epatch_user
-}
-
-src_configure() {
-	use static && append-ldflags -static
-	econf \
-		--without-included-popt \
-		$(use_enable acl acl-support) \
-		$(use_enable xattr xattr-support) \
-		$(use_enable ipv6) \
-		$(use_enable iconv) \
-		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
-	touch proto.h-tstamp #421625
-}
-
-src_install() {
-	emake DESTDIR="${D}" install
-	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
-	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
-	dodoc NEWS OLDNEWS README TODO tech_report.tex
-	insinto /etc
-	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
-
-	insinto /etc/xinetd.d
-	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
-
-	# Install the useful contrib scripts
-	exeinto /usr/share/rsync
-	doexe support/*
-	rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
-
-	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
-
-	systemd_dounit "${FILESDIR}/rsyncd.service"
-}
-
-pkg_postinst() {
-	if egrep -qis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
-		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
-		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
-		ewarn "is a security risk which you should fix.  Please check your"
-		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
-	fi
-}

diff --git a/net-misc/rsync/rsync-3.1.0-r1.ebuild b/net-misc/rsync/rsync-3.1.0-r1.ebuild
deleted file mode 100644
index f1f7e84..0000000
--- a/net-misc/rsync/rsync-3.1.0-r1.ebuild
+++ /dev/null
@@ -1,76 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic prefix systemd
-
-DESCRIPTION="File transfer program to keep remote files into sync"
-HOMEPAGE="http://rsync.samba.org/"
-SRC_URI="http://rsync.samba.org/ftp/rsync/src/${P/_/}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="acl iconv ipv6 static xattr"
-
-LIB_DEPEND="acl? ( virtual/acl[static-libs(+)] )
-	xattr? ( kernel_linux? ( sys-apps/attr[static-libs(+)] ) )
-	>=dev-libs/popt-1.5[static-libs(+)]"
-RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
-	iconv? ( virtual/libiconv )"
-DEPEND="${RDEPEND}
-	static? ( ${LIB_DEPEND} )"
-
-S=${WORKDIR}/${P/_/}
-
-src_prepare() {
-	epatch "${FILESDIR}"/${PN}-3.1.1_pre1-avoid_infinite_wait_reading_secrets_file.patch
-	epatch_user
-}
-
-src_configure() {
-	use static && append-ldflags -static
-	econf \
-		--without-included-popt \
-		$(use_enable acl acl-support) \
-		$(use_enable xattr xattr-support) \
-		$(use_enable ipv6) \
-		$(use_enable iconv) \
-		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
-	touch proto.h-tstamp #421625
-}
-
-src_install() {
-	emake DESTDIR="${D}" install
-	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
-	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
-	dodoc NEWS OLDNEWS README TODO tech_report.tex
-	insinto /etc
-	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
-
-	insinto /etc/xinetd.d
-	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
-
-	# Install the useful contrib scripts
-	exeinto /usr/share/rsync
-	doexe support/*
-	rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
-
-	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
-
-	systemd_dounit "${FILESDIR}/rsyncd.service"
-}
-
-pkg_postinst() {
-	if egrep -qis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
-		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
-		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
-		ewarn "is a security risk which you should fix.  Please check your"
-		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
-	fi
-}

diff --git a/net-misc/rsync/rsync-3.1.2_pre1.ebuild b/net-misc/rsync/rsync-3.1.2_pre1.ebuild
deleted file mode 100644
index f2ce27c..0000000
--- a/net-misc/rsync/rsync-3.1.2_pre1.ebuild
+++ /dev/null
@@ -1,77 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic prefix systemd
-
-DESCRIPTION="File transfer program to keep remote files into sync"
-HOMEPAGE="http://rsync.samba.org/"
-SRC_URI="http://rsync.samba.org/ftp/rsync/src/${P}.tar.gz"
-[[ "${PV}" = *_pre* ]] && SRC_URI="http://rsync.samba.org/ftp/rsync/src-previews/${P/_/}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-[[ "${PV}" = *_pre* ]] && KEYWORDS=""
-IUSE="acl iconv ipv6 static xattr"
-
-LIB_DEPEND="acl? ( virtual/acl[static-libs(+)] )
-	xattr? ( kernel_linux? ( sys-apps/attr[static-libs(+)] ) )
-	>=dev-libs/popt-1.5[static-libs(+)]"
-RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
-	iconv? ( virtual/libiconv )"
-DEPEND="${RDEPEND}
-	static? ( ${LIB_DEPEND} )"
-
-S=${WORKDIR}/${P/_/}
-
-src_prepare() {
-	epatch_user
-}
-
-src_configure() {
-	use static && append-ldflags -static
-	econf \
-		--without-included-popt \
-		$(use_enable acl acl-support) \
-		$(use_enable xattr xattr-support) \
-		$(use_enable ipv6) \
-		$(use_enable iconv) \
-		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
-	touch proto.h-tstamp #421625
-}
-
-src_install() {
-	emake DESTDIR="${D}" install
-	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
-	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
-	dodoc NEWS OLDNEWS README TODO tech_report.tex
-	insinto /etc
-	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
-
-	insinto /etc/xinetd.d
-	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
-
-	# Install the useful contrib scripts
-	exeinto /usr/share/rsync
-	doexe support/*
-	rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
-
-	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
-
-	systemd_dounit "${FILESDIR}/rsyncd.service"
-}
-
-pkg_postinst() {
-	if egrep -qis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
-		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
-		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
-		ewarn "is a security risk which you should fix.  Please check your"
-		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: net-misc/rsync/, net-misc/rsync/files/

[Thomas Deutschmann]

commit:     c1dd842d0104a10bfe6778597676aaa139f8d360
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 10 19:05:40 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Dec 10 19:06:59 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1dd842d

net-misc/rsync: Rev bump to add patch for CVE-2017-{17433,17434}

Bug: https://bugs.gentoo.org/640570
Package-Manager: Portage-2.3.16, Repoman-2.3.6

 .../files/rsync-3.1.2-CVE-2017-17433-fixup.patch   | 33 ++++++++
 .../rsync/files/rsync-3.1.2-CVE-2017-17433.patch   | 39 +++++++++
 .../files/rsync-3.1.2-CVE-2017-17434-part1.patch   | 22 +++++
 .../files/rsync-3.1.2-CVE-2017-17434-part2.patch   | 33 ++++++++
 net-misc/rsync/rsync-3.1.2-r2.ebuild               | 95 ++++++++++++++++++++++
 5 files changed, 222 insertions(+)

diff --git a/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433-fixup.patch b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433-fixup.patch
new file mode 100644
index 00000000000..0cc9b8256dd
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433-fixup.patch
@@ -0,0 +1,33 @@
+From: Wayne Davison <wayned@samba.org>
+Date: Sun, 3 Dec 2017 23:49:56 +0000 (-0800)
+Subject: Fix issue with earlier path-check (fixes "make check")
+X-Git-Url: https://git.samba.org/?p=rsync.git;a=commitdiff_plain;h=f5e8a17e093065fb20fea00a29540fe2c7896441;hp=5509597decdbd7b91994210f700329d8a35e70a1
+
+Fix issue with earlier path-check (fixes "make check")
+---
+
+diff --git a/receiver.c b/receiver.c
+index 9c46242..75cb00d 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -574,15 +574,15 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 			file = dir_flist->files[cur_flist->parent_ndx];
+ 		fname = local_name ? local_name : f_name(file, fbuf);
+ 
+-		if (daemon_filter_list.head
+-		    && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
++		if (DEBUG_GTE(RECV, 1))
++			rprintf(FINFO, "recv_files(%s)\n", fname);
++
++		if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0')
++		 && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+ 			rprintf(FERROR, "attempt to hack rsync failed.\n");
+ 			exit_cleanup(RERR_PROTOCOL);
+ 		}
+ 
+-		if (DEBUG_GTE(RECV, 1))
+-			rprintf(FINFO, "recv_files(%s)\n", fname);
+-
+ #ifdef SUPPORT_XATTRS
+ 		if (preserve_xattrs && iflags & ITEM_REPORT_XATTR && do_xfers
+ 		 && !(want_xattr_optim && BITS_SET(iflags, ITEM_XNAME_FOLLOWS|ITEM_LOCAL_CHANGE)))

diff --git a/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433.patch b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433.patch
new file mode 100644
index 00000000000..0ab8de1fce3
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17433.patch
@@ -0,0 +1,39 @@
+From 3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 2 Nov 2017 23:44:19 -0700
+Subject: [PATCH] Check fname in recv_files sooner.
+
+---
+ receiver.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+Index: rsync-3.1.2/receiver.c
+===================================================================
+--- rsync-3.1.2.orig/receiver.c
++++ rsync-3.1.2/receiver.c
+@@ -580,6 +580,12 @@ int recv_files(int f_in, int f_out, char
+ 			file = dir_flist->files[cur_flist->parent_ndx];
+ 		fname = local_name ? local_name : f_name(file, fbuf);
+ 
++		if (daemon_filter_list.head
++		    && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
++			rprintf(FERROR, "attempt to hack rsync failed.\n");
++			exit_cleanup(RERR_PROTOCOL);
++		}
++
+ 		if (DEBUG_GTE(RECV, 1))
+ 			rprintf(FINFO, "recv_files(%s)\n", fname);
+ 
+@@ -651,12 +657,6 @@ int recv_files(int f_in, int f_out, char
+ 
+ 		cleanup_got_literal = 0;
+ 
+-		if (daemon_filter_list.head
+-		    && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+-			rprintf(FERROR, "attempt to hack rsync failed.\n");
+-			exit_cleanup(RERR_PROTOCOL);
+-		}
+-
+ 		if (read_batch) {
+ 			int wanted = redoing
+ 				   ? we_want_redo(ndx)

diff --git a/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part1.patch b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part1.patch
new file mode 100644
index 00000000000..aeb8c2ee33c
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part1.patch
@@ -0,0 +1,22 @@
+From 5509597decdbd7b91994210f700329d8a35e70a1 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 16 Nov 2017 17:26:03 -0800
+Subject: [PATCH] Check daemon filter against fnamecmp in recv_files().
+
+---
+ receiver.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: rsync-3.1.2/receiver.c
+===================================================================
+--- rsync-3.1.2.orig/receiver.c
++++ rsync-3.1.2/receiver.c
+@@ -728,7 +728,7 @@ int recv_files(int f_in, int f_out, char
+ 				break;
+ 			}
+ 			if (!fnamecmp || (daemon_filter_list.head
+-			  && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0)) {
++			  && check_filter(&daemon_filter_list, FLOG, fnamecmp, 0) < 0)) {
+ 				fnamecmp = fname;
+ 				fnamecmp_type = FNAMECMP_FNAME;
+ 			}

diff --git a/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part2.patch b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part2.patch
new file mode 100644
index 00000000000..5b94efa0c1a
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-17434-part2.patch
@@ -0,0 +1,33 @@
+From 70aeb5fddd1b2f8e143276f8d5a085db16c593b9 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 16 Nov 2017 17:05:42 -0800
+Subject: [PATCH] Sanitize xname in read_ndx_and_attrs.
+
+---
+ rsync.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+Index: rsync-3.1.2/rsync.c
+===================================================================
+--- rsync-3.1.2.orig/rsync.c
++++ rsync-3.1.2/rsync.c
+@@ -50,6 +50,7 @@ extern int flist_eof;
+ extern int file_old_total;
+ extern int keep_dirlinks;
+ extern int make_backups;
++extern int sanitize_paths;
+ extern struct file_list *cur_flist, *first_flist, *dir_flist;
+ extern struct chmod_mode_struct *daemon_chmod_modes;
+ #ifdef ICONV_OPTION
+@@ -397,6 +398,11 @@ int read_ndx_and_attrs(int f_in, int f_o
+ 	if (iflags & ITEM_XNAME_FOLLOWS) {
+ 		if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0)
+ 			exit_cleanup(RERR_PROTOCOL);
++
++		if (sanitize_paths) {
++			sanitize_path(buf, buf, "", 0, SP_DEFAULT);
++			len = strlen(buf);
++		}
+ 	} else {
+ 		*buf = '\0';
+ 		len = -1;

diff --git a/net-misc/rsync/rsync-3.1.2-r2.ebuild b/net-misc/rsync/rsync-3.1.2-r2.ebuild
new file mode 100644
index 00000000000..d91316b29b7
--- /dev/null
+++ b/net-misc/rsync/rsync-3.1.2-r2.ebuild
@@ -0,0 +1,95 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic prefix systemd
+
+DESCRIPTION="File transfer program to keep remote files into sync"
+HOMEPAGE="https://rsync.samba.org/"
+SRC_URI="https://rsync.samba.org/ftp/rsync/src/${P}.tar.gz"
+[[ "${PV}" = *_pre* ]] && SRC_URI="https://rsync.samba.org/ftp/rsync/src-previews/${P/_/}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+if [[ ${PV} != *_pre ]] ; then
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
+IUSE="acl examples iconv ipv6 static stunnel xattr"
+
+LIB_DEPEND="acl? ( virtual/acl[static-libs(+)] )
+	xattr? ( kernel_linux? ( sys-apps/attr[static-libs(+)] ) )
+	>=dev-libs/popt-1.5[static-libs(+)]"
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+	iconv? ( virtual/libiconv )"
+DEPEND="${RDEPEND}
+	static? ( ${LIB_DEPEND} )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-3.1.2-CVE-2017-16548.patch
+	"${FILESDIR}"/${PN}-3.1.2-CVE-2017-17433.patch
+	"${FILESDIR}"/${PN}-3.1.2-CVE-2017-17434-part1.patch
+	"${FILESDIR}"/${PN}-3.1.2-CVE-2017-17434-part2.patch
+	"${FILESDIR}"/${PN}-3.1.2-CVE-2017-17433-fixup.patch
+)
+
+S=${WORKDIR}/${P/_/}
+
+src_configure() {
+	use static && append-ldflags -static
+	econf \
+		--without-included-popt \
+		$(use_enable acl acl-support) \
+		$(use_enable xattr xattr-support) \
+		$(use_enable ipv6) \
+		$(use_enable iconv) \
+		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
+	touch proto.h-tstamp #421625
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
+	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
+	dodoc NEWS OLDNEWS README TODO tech_report.tex
+	insinto /etc
+	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
+
+	insinto /etc/xinetd.d
+	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
+
+	# Install stunnel helpers
+	if use stunnel ; then
+		emake DESTDIR="${D}" install-ssl-client
+		emake DESTDIR="${D}" install-ssl-daemon
+	fi
+
+	# Install the useful contrib scripts
+	if use examples ; then
+		exeinto /usr/share/rsync
+		doexe support/*
+		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
+	fi
+
+	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
+
+	systemd_dounit "${FILESDIR}/rsyncd.service"
+}
+
+pkg_postinst() {
+	if egrep -qis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
+		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
+		ewarn "is a security risk which you should fix.  Please check your"
+		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
+	fi
+	if use stunnel ; then
+		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
+		einfo
+		einfo "You maybe have to update the certificates configured in"
+		einfo "${EROOT}/etc/stunnel/rsync.conf"
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: net-misc/rsync/, net-misc/rsync/files/

[Lars Wendler]

commit:     6e2a72e6b9381c465f0e95914d044ba373f656ae
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 21 09:30:29 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun Jun 21 09:31:07 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e2a72e6

net-misc/rsync: Revbump fixing stunnel build and removed execstack

Closes: https://bugs.gentoo.org/728882
Closes: https://bugs.gentoo.org/728898
Package-Manager: Portage-2.3.101, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 net-misc/rsync/files/rsync-3.2.0-noexecstack.patch | 24 +++++++++++
 net-misc/rsync/files/rsync-3.2.0-simd_check.patch  | 11 -----
 .../{rsync-3.2.0.ebuild => rsync-3.2.0-r1.ebuild}  | 48 ++++++++++++++--------
 3 files changed, 56 insertions(+), 27 deletions(-)

diff --git a/net-misc/rsync/files/rsync-3.2.0-noexecstack.patch b/net-misc/rsync/files/rsync-3.2.0-noexecstack.patch
new file mode 100644
index 00000000000..918346062e6
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.2.0-noexecstack.patch
@@ -0,0 +1,24 @@
+From 75901616c5f38a9ff6ba736c8281933e8ce64b8b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Holger=20Hoffst=C3=A4tte?= <holger@applied-asynchrony.com>
+Date: Sat, 20 Jun 2020 16:54:11 +0200
+Subject: [PATCH] Pass --noexecstack to assembler.
+
+This prevents Linux from rightfully complaining about an executable
+stack segment, which is widely considered a security hazard.
+---
+ Makefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 31ddc43b..60aff920 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -135,7 +135,7 @@ simd-checksum-x86_64.o: simd-checksum-x86_64.cpp
+ 	$(CXX) $(CXXFLAGS) $(CPPFLAGS) -c -o $@ $(srcdir)/simd-checksum-x86_64.cpp
+ 
+ lib/md5-asm-x86_64.o: lib/md5-asm-x86_64.s
+-	$(CC) -c -o $@ $(srcdir)/lib/md5-asm-x86_64.s
++	$(CC) -Wa,--noexecstack -c -o $@ $(srcdir)/lib/md5-asm-x86_64.s
+ 
+ tls$(EXEEXT): $(TLS_OBJ)
+ 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(TLS_OBJ) $(LIBS)

diff --git a/net-misc/rsync/files/rsync-3.2.0-simd_check.patch b/net-misc/rsync/files/rsync-3.2.0-simd_check.patch
index db3ee83dc0d..255f2792dc0 100644
--- a/net-misc/rsync/files/rsync-3.2.0-simd_check.patch
+++ b/net-misc/rsync/files/rsync-3.2.0-simd_check.patch
@@ -11,14 +11,3 @@ https://github.com/WayneD/rsync/pull/24
  		CXX_VERSION=`$CXX -dumpversion | sed 's/\..*//g'`
  		if test "$CXX_VERSION" -ge "5"; then
  		    CXX_OK=yes
---- rsync-3.2.0/configure.sh	2020-06-19 23:11:01.000000000 +0200
-+++ rsync-3.2.0/configure.sh	2020-06-19 23:11:01.000000000 +0200
-@@ -4889,7 +4889,7 @@
- 	if test x"$CXX" != x""; then
- 	    CXX_VERSION=`$CXX --version 2>/dev/null | head -n 1`
- 	    case "$CXX_VERSION" in
--	    g++*)
-+	    *g++*)
- 		CXX_VERSION=`$CXX -dumpversion | sed 's/\..*//g'`
- 		if test "$CXX_VERSION" -ge "5"; then
- 		    CXX_OK=yes

diff --git a/net-misc/rsync/rsync-3.2.0.ebuild b/net-misc/rsync/rsync-3.2.0-r1.ebuild
similarity index 77%
rename from net-misc/rsync/rsync-3.2.0.ebuild
rename to net-misc/rsync/rsync-3.2.0-r1.ebuild
index a14bbfdf048..672e23e2d33 100644
--- a/net-misc/rsync/rsync-3.2.0.ebuild
+++ b/net-misc/rsync/rsync-3.2.0-r1.ebuild
@@ -3,19 +3,27 @@
 
 EAPI=7
 
-PYTHON_COMPAT=( python3_{6,7,8} )
-
-inherit flag-o-matic prefix python-any-r1 systemd
+inherit autotools flag-o-matic prefix systemd
 
 DESCRIPTION="File transfer program to keep remote files into sync"
 HOMEPAGE="https://rsync.samba.org/"
-SRC_URI="https://rsync.samba.org/ftp/rsync/src/${P}.tar.gz"
-[[ "${PV}" = *_pre* ]] && SRC_URI="https://rsync.samba.org/ftp/rsync/src-previews/${P/_/}.tar.gz"
+if [[ "${PV}" == *9999 ]] ; then
+	PYTHON_COMPAT=( python3_{6,7,8} )
+	inherit git-r3 python-any-r1
+	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
+else
+	if [[ "${PV}" == *_pre* ]] ; then
+		SRC_DIR="src-previews"
+	else
+		SRC_DIR="src"
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	fi
+	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
+	S="${WORKDIR}/${P/_/}"
+fi
 
 LICENSE="GPL-3"
 SLOT="0"
-[[ ${PV} = *_pre* ]] || \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE_CPU_FLAGS_X86=" sse2"
 IUSE="acl examples iconv ipv6 libressl lz4 ssl static stunnel system-zlib xattr xxhash zstd"
 IUSE+=" ${IUSE_CPU_FLAGS_X86// / cpu_flags_x86_}"
@@ -36,20 +44,29 @@ RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
 DEPEND="${RDEPEND}
 	static? ( ${LIB_DEPEND} )"
 
-BDEPEND="${PYTHON_DEPS}
-	$(python_gen_any_dep '
-		dev-python/commonmark[${PYTHON_USEDEP}]
-	')"
-
-S="${WORKDIR}/${P/_/}"
+if [[ "${PV}" == *9999 ]] ; then
+	BDEPEND="${PYTHON_DEPS}
+		$(python_gen_any_dep '
+			dev-python/commonmark[${PYTHON_USEDEP}]
+		')"
+fi
 
+# Only required for live ebuild
 python_check_deps() {
 	has_version "dev-python/commonmark[${PYTHON_USEDEP}]"
 }
 
+PATCHES=(
+	"${FILESDIR}/${P}-simd_check.patch"
+	"${FILESDIR}/${P}-noexecstack.patch" #728882
+)
+
 src_prepare() {
 	default
-	eapply -Z "${FILESDIR}/${PN}-3.2.0-simd_check.patch"
+
+	eaclocal -I m4
+	eautoconf -o configure.sh
+	eautoheader && touch config.h.in
 }
 
 src_configure() {
@@ -76,7 +93,7 @@ src_configure() {
 	fi
 
 	econf "${myeconfargs[@]}"
-	touch proto.h-tstamp #421625
+	[[ "${PV}" == *9999 ]] || touch proto.h-tstamp #421625
 }
 
 src_install() {
@@ -98,7 +115,6 @@ src_install() {
 
 	# Install stunnel helpers
 	if use stunnel ; then
-		emake DESTDIR="${D}" install-ssl-client
 		emake DESTDIR="${D}" install-ssl-daemon
 	fi
 

[gentoo-commits] repo/gentoo:master commit in: net-misc/rsync/, net-misc/rsync/files/

[Mike Gilbert]

commit:     aa02f9c1783dd7bc1bb4ceb1bfe776e33b9536c6
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 19 01:00:13 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Apr 19 01:01:07 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa02f9c1

net-misc/rsync: backport glibc lchmod workaround

Closes: https://bugs.gentoo.org/777483
Closes: https://github.com/gentoo/gentoo/pull/20410
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../rsync/files/rsync-3.2.3-glibc-lchmod.patch     |  58 ++++++++
 net-misc/rsync/rsync-3.2.3-r3.ebuild               | 152 +++++++++++++++++++++
 2 files changed, 210 insertions(+)

diff --git a/net-misc/rsync/files/rsync-3.2.3-glibc-lchmod.patch b/net-misc/rsync/files/rsync-3.2.3-glibc-lchmod.patch
new file mode 100644
index 00000000000..970d7af42ba
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.2.3-glibc-lchmod.patch
@@ -0,0 +1,58 @@
+From 9dd62525f3b98d692e031f22c02be8f775966503 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Sun, 29 Nov 2020 09:33:54 -0800
+Subject: [PATCH] Work around glibc's lchmod() issue a better way.
+
+diff --git a/syscall.c b/syscall.c
+index b9c3b4ef..11d10e4a 100644
+--- a/syscall.c
++++ b/syscall.c
+@@ -227,27 +227,35 @@ int do_open(const char *pathname, int flags, mode_t mode)
+ #ifdef HAVE_CHMOD
+ int do_chmod(const char *path, mode_t mode)
+ {
++	static int switch_step = 0;
+ 	int code;
+ 	if (dry_run) return 0;
+ 	RETURN_ERROR_IF_RO_OR_LO;
++	switch (switch_step) {
+ #ifdef HAVE_LCHMOD
+-	code = lchmod(path, mode & CHMOD_BITS);
+-#else
+-	if (S_ISLNK(mode)) {
++#include "case_N.h"
++		if ((code = lchmod(path, mode & CHMOD_BITS)) == 0 || errno != ENOTSUP)
++			break;
++		switch_step++;
++#endif
++
++#include "case_N.h"
++		if (S_ISLNK(mode)) {
+ # if defined HAVE_SETATTRLIST
+-		struct attrlist attrList;
+-		uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
++			struct attrlist attrList;
++			uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
+ 
+-		memset(&attrList, 0, sizeof attrList);
+-		attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
+-		attrList.commonattr = ATTR_CMN_ACCESSMASK;
+-		code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
++			memset(&attrList, 0, sizeof attrList);
++			attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
++			attrList.commonattr = ATTR_CMN_ACCESSMASK;
++			code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
+ # else
+-		code = 1;
++			code = 1;
+ # endif
+-	} else
+-		code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
+-#endif /* !HAVE_LCHMOD */
++		} else
++			code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
++		break;
++	}
+ 	if (code != 0 && (preserve_perms || preserve_executability))
+ 		return code;
+ 	return 0;

diff --git a/net-misc/rsync/rsync-3.2.3-r3.ebuild b/net-misc/rsync/rsync-3.2.3-r3.ebuild
new file mode 100644
index 00000000000..d71437f679b
--- /dev/null
+++ b/net-misc/rsync/rsync-3.2.3-r3.ebuild
@@ -0,0 +1,152 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit prefix systemd
+
+DESCRIPTION="File transfer program to keep remote files into sync"
+HOMEPAGE="https://rsync.samba.org/"
+if [[ "${PV}" == *9999 ]] ; then
+	PYTHON_COMPAT=( python3_{6,7,8} )
+	inherit autotools git-r3 python-any-r1
+	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
+else
+	if [[ "${PV}" == *_pre* ]] ; then
+		SRC_DIR="src-previews"
+	else
+		SRC_DIR="src"
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	fi
+	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
+	S="${WORKDIR}/${P/_/}"
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE_CPU_FLAGS_X86=" sse2"
+IUSE="acl examples iconv ipv6 libressl lz4 ssl stunnel system-zlib xattr xxhash zstd"
+IUSE+=" ${IUSE_CPU_FLAGS_X86// / cpu_flags_x86_}"
+
+RDEPEND="acl? ( virtual/acl )
+	lz4? ( app-arch/lz4 )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:0= )
+	)
+	system-zlib? ( sys-libs/zlib )
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	xxhash? ( dev-libs/xxhash )
+	zstd? ( >=app-arch/zstd-1.4 )
+	>=dev-libs/popt-1.5
+	iconv? ( virtual/libiconv )"
+DEPEND="${RDEPEND}"
+
+if [[ "${PV}" == *9999 ]] ; then
+	BDEPEND="${PYTHON_DEPS}
+		$(python_gen_any_dep '
+			dev-python/commonmark[${PYTHON_USEDEP}]
+		')"
+fi
+
+# Only required for live ebuild
+python_check_deps() {
+	has_version "dev-python/commonmark[${PYTHON_USEDEP}]"
+}
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/rsync-3.2.3-glibc-lchmod.patch"
+	)
+	default
+	if [[ "${PV}" == *9999 ]] ; then
+		eaclocal -I m4
+		eautoconf -o configure.sh
+		eautoheader && touch config.h.in
+	fi
+}
+
+src_configure() {
+	local myeconfargs=(
+		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
+		--without-included-popt
+		$(use_enable acl acl-support)
+		$(use_enable iconv)
+		$(use_enable ipv6)
+		$(use_enable lz4)
+		$(use_enable ssl openssl)
+		$(use_with !system-zlib included-zlib)
+		$(use_enable xattr xattr-support)
+		$(use_enable xxhash)
+		$(use_enable zstd)
+	)
+
+	if use elibc_glibc && [[ "${ARCH}" == "amd64" ]] ; then
+		# SIMD is only available for x86_64 right now
+		# and only on glibc (#728868)
+		myeconfargs+=( $(use_enable cpu_flags_x86_sse2 simd) )
+	else
+		myeconfargs+=( --disable-simd )
+	fi
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
+	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
+
+	dodoc NEWS.md README.md TODO tech_report.tex
+
+	insinto /etc
+	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
+
+	insinto /etc/xinetd.d
+	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
+
+	# Install stunnel helpers
+	if use stunnel ; then
+		emake DESTDIR="${D}" install-ssl-daemon
+	fi
+
+	# Install the useful contrib scripts
+	if use examples ; then
+		exeinto /usr/share/rsync
+		doexe support/*
+		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
+	fi
+
+	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
+
+	systemd_newunit "packaging/systemd/rsync.service" "rsyncd.service"
+}
+
+pkg_postinst() {
+	if egrep -qis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
+		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
+		ewarn "is a security risk which you should fix.  Please check your"
+		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
+	fi
+	if use stunnel ; then
+		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
+		einfo
+		einfo "You maybe have to update the certificates configured in"
+		einfo "${EROOT}/etc/stunnel/rsync.conf"
+	fi
+	if use system-zlib ; then
+		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
+		ewarn "using the --compress option."
+		ewarn
+		ewarn "When syncing with >=rsync-3.1.1 built with bundled zlib,"
+		ewarn "and the --compress option, add --new-compress (-zz)."
+		ewarn
+		ewarn "For syncing the portage tree, add:"
+		ewarn "PORTAGE_RSYNC_EXTRA_OPTS=\"--new-compress\" to make.conf"
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: net-misc/rsync/, net-misc/rsync/files/

[Mike Gilbert]

commit:     826471502e24d5d22731fe07558260551c802d4c
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 22 18:43:49 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Oct 22 18:46:48 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82647150

net-misc/rsync: backport cross-compile fixes

Closes: https://bugs.gentoo.org/732084
Closes: https://github.com/gentoo/gentoo/pull/22354
Closes: https://github.com/gentoo/gentoo/pull/22667
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 net-misc/rsync/files/rsync-3.2.3-cross.patch | 107 +++++++++++++++++++++++++++
 net-misc/rsync/rsync-3.2.3-r4.ebuild         |  52 ++++---------
 net-misc/rsync/rsync-9999.ebuild             |   5 --
 3 files changed, 122 insertions(+), 42 deletions(-)

diff --git a/net-misc/rsync/files/rsync-3.2.3-cross.patch b/net-misc/rsync/files/rsync-3.2.3-cross.patch
new file mode 100644
index 00000000000..1f23627853b
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.2.3-cross.patch
@@ -0,0 +1,107 @@
+From 9f9240b661c5f381831b62d72b6ea928a91ff43a Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Thu, 3 Sep 2020 10:07:36 -0700
+Subject: [PATCH] Set CXX_OK=no when cross compiling.
+
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 64d2e6d6..109546a6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -233,7 +233,7 @@ __attribute__ ((target("ssse3"))) void more_testing(char* buf, int len)
+ 	in8_2 = _mm_lddqu_si128((__m128i_u*)&buf[i + 16]);
+     }
+ }
+-]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no])
++]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no],[CXX_OK=no])
+ 	AC_LANG(C)
+ 	if test x"$CXX_OK" = x"yes"; then
+ 	    # AC_MSG_RESULT() is called below.
+From 7eb59a9152a2ace7bc7858e9915c671b3ab54344 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Tue, 22 Sep 2020 17:19:45 -0700
+Subject: [PATCH] Change from $build_cpu to $host_cpu as edo1 suggested.
+
+---
+ configure.ac | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 109546a6..e8c06f42 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -211,7 +211,7 @@ CXXFLAGS=`echo "$CXXFLAGS" | sed 's/-g //'`
+ 
+ if test x"$enable_simd" != x"no"; then
+     # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
+-    if test x"$build_cpu" = x"x86_64"; then
++    if test x"$host_cpu" = x"x86_64"; then
+ 	AC_LANG(C++)
+ 	AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
+ #include <immintrin.h>
+@@ -283,8 +283,8 @@ AC_ARG_ENABLE(asm,
+     AS_HELP_STRING([--disable-asm],[disable ASM optimizations]))
+ 
+ if test x"$enable_asm" != x"no"; then
+-    if test x"$build_cpu" = x"x86_64"; then
+-	ASM="$build_cpu"
++    if test x"$host_cpu" = x"x86_64"; then
++	ASM="$host_cpu"
+     elif test x"$enable_asm" = x"yes"; then
+         AC_MSG_RESULT(unavailable)
+         AC_MSG_ERROR(The ASM optimizations are currently x86_64 only.
+From b7fab6f285ff0ff3816b109a8c3131b6ded0b484 Mon Sep 17 00:00:00 2001
+From: edo <edo.rus@gmail.com>
+Date: Wed, 7 Oct 2020 08:33:57 +0300
+Subject: [PATCH] Allow cross-compilation with SIMD (x86_84) (#104)
+
+Replace runtime SIMD check with a compile-only test in case of
+cross-compilation.
+
+You can still use '--enable-simd=no' to build x86_64 code without
+SIMD instructions.
+---
+ configure.ac | 20 +++++++++++++-------
+ 1 file changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 3fd7e5d5..e469981b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -208,12 +208,7 @@ AC_ARG_ENABLE(simd,
+ 
+ # Clag is crashing with -g -O2, so we'll get rid of -g for now.
+ CXXFLAGS=`echo "$CXXFLAGS" | sed 's/-g //'`
+-
+-if test x"$enable_simd" != x"no"; then
+-    # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
+-    if test x"$host_cpu" = x"x86_64"; then
+-	AC_LANG(C++)
+-	AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
++m4_define(SIMD_X86_64_TEST, [[#include <stdio.h>
+ #include <immintrin.h>
+ __attribute__ ((target("default"))) int test_ssse3(int x) { return x; }
+ __attribute__ ((target("default"))) int test_sse2(int x) { return x; }
+@@ -233,7 +228,18 @@ __attribute__ ((target("ssse3"))) void more_testing(char* buf, int len)
+ 	in8_2 = _mm_lddqu_si128((__m128i_u*)&buf[i + 16]);
+     }
+ }
+-]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no],[CXX_OK=no])
++]])
++
++if test x"$enable_simd" != x"no"; then
++    # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
++    if test x"$host_cpu" = x"x86_64"; then
++	AC_LANG(C++)
++	if test x"$host_cpu" = x"$build_cpu"; then
++	    AC_RUN_IFELSE([AC_LANG_PROGRAM([SIMD_X86_64_TEST],[[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],
++		[CXX_OK=yes],[CXX_OK=no])
++	else
++	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([SIMD_X86_64_TEST])],[CXX_OK=yes],[CXX_OK=no])
++	fi
+ 	AC_LANG(C)
+ 	if test x"$CXX_OK" = x"yes"; then
+ 	    # AC_MSG_RESULT() is called below.

diff --git a/net-misc/rsync/rsync-3.2.3-r4.ebuild b/net-misc/rsync/rsync-3.2.3-r4.ebuild
index 34c869e7619..4e5df492e3f 100644
--- a/net-misc/rsync/rsync-3.2.3-r4.ebuild
+++ b/net-misc/rsync/rsync-3.2.3-r4.ebuild
@@ -3,24 +3,21 @@
 
 EAPI=7
 
-inherit prefix systemd toolchain-funcs
+if [[ ${PV} != 3.2.3 ]]; then
+	# Make sure we revert the autotools hackery applied in 3.2.3.
+	die "Please use rsync-9999.ebuild as a basis for version bumps"
+fi
+
+WANT_LIBTOOL=none
+
+inherit autotools prefix systemd toolchain-funcs
 
 DESCRIPTION="File transfer program to keep remote files into sync"
 HOMEPAGE="https://rsync.samba.org/"
-if [[ "${PV}" == *9999 ]] ; then
-	PYTHON_COMPAT=( python3_{6,7,8} )
-	inherit autotools git-r3 python-any-r1
-	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
-else
-	if [[ "${PV}" == *_pre* ]] ; then
-		SRC_DIR="src-previews"
-	else
-		SRC_DIR="src"
-		KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-	fi
-	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
-	S="${WORKDIR}/${P/_/}"
-fi
+SRC_DIR="src"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
+S="${WORKDIR}/${P/_/}"
 
 LICENSE="GPL-3"
 SLOT="0"
@@ -37,28 +34,14 @@ RDEPEND="acl? ( virtual/acl )
 	iconv? ( virtual/libiconv )"
 DEPEND="${RDEPEND}"
 
-if [[ "${PV}" == *9999 ]] ; then
-	BDEPEND="${PYTHON_DEPS}
-		$(python_gen_any_dep '
-			dev-python/commonmark[${PYTHON_USEDEP}]
-		')"
-fi
-
-# Only required for live ebuild
-python_check_deps() {
-	has_version "dev-python/commonmark[${PYTHON_USEDEP}]"
-}
-
 src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/rsync-3.2.3-glibc-lchmod.patch"
+		"${FILESDIR}/rsync-3.2.3-cross.patch"
 	)
 	default
-	if [[ "${PV}" == *9999 ]] ; then
-		eaclocal -I m4
-		eautoconf -o configure.sh
-		eautoheader && touch config.h.in
-	fi
+	eautoconf -o configure.sh
+	touch config.h.in || die
 }
 
 src_configure() {
@@ -76,11 +59,6 @@ src_configure() {
 		$(use_enable zstd)
 	)
 
-	if tc-is-cross-compiler; then
-		# configure check is broken when cross-compiling.
-		myeconfargs+=( --disable-simd )
-	fi
-
 	econf "${myeconfargs[@]}"
 }
 

diff --git a/net-misc/rsync/rsync-9999.ebuild b/net-misc/rsync/rsync-9999.ebuild
index a0178f21af5..6b09d3b0e99 100644
--- a/net-misc/rsync/rsync-9999.ebuild
+++ b/net-misc/rsync/rsync-9999.ebuild
@@ -73,11 +73,6 @@ src_configure() {
 		$(use_enable zstd)
 	)
 
-	if tc-is-cross-compiler; then
-		# configure check is broken when cross-compiling.
-		myeconfargs+=( --disable-simd )
-	fi
-
 	econf "${myeconfargs[@]}"
 }
 

[gentoo-commits] repo/gentoo:master commit in: net-misc/rsync/, net-misc/rsync/files/

[Sam James]

commit:     029532544d5edfe5fc70413a827831932e3c0b21
Author:     Varsha Teratipally <teratipally <AT> google <DOT> com>
AuthorDate: Wed Nov 17 17:30:16 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Nov 18 02:30:46 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=02953254

net-misc/rsync: fix CVE-2020-14387

Bug: https://bugs.gentoo.org/792576
Signed-off-by: Varsha Teratipally <teratipally <AT> google.com>
Closes: https://github.com/gentoo/gentoo/pull/22981
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/rsync-3.2.3-verify-certificate.patch     |  26 +++++
 net-misc/rsync/rsync-3.2.3-r5.ebuild               | 124 +++++++++++++++++++++
 2 files changed, 150 insertions(+)

diff --git a/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch b/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch
new file mode 100644
index 000000000000..9b462a1df721
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch
@@ -0,0 +1,26 @@
+From c3f7414c450faaf6a8281cc4a4403529aeb7d859 Mon Sep 17 00:00:00 2001
+From: Matt McCutchen <matt@mattmccutchen.net>
+Date: Wed, 26 Aug 2020 12:16:08 -0400
+Subject: [PATCH] rsync-ssl: Verify the hostname in the certificate when using
+ openssl.
+
+---
+ rsync-ssl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rsync-ssl b/rsync-ssl
+index 8101975a..46701af1 100755
+--- a/rsync-ssl
++++ b/rsync-ssl
+@@ -129,7 +129,7 @@ function rsync_ssl_helper {
+     fi
+ 
+     if [[ $RSYNC_SSL_TYPE == openssl ]]; then
+-	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
++	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
+     elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
+ 	exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
+     else
+-- 
+2.25.1
+

diff --git a/net-misc/rsync/rsync-3.2.3-r5.ebuild b/net-misc/rsync/rsync-3.2.3-r5.ebuild
new file mode 100644
index 000000000000..826911b13641
--- /dev/null
+++ b/net-misc/rsync/rsync-3.2.3-r5.ebuild
@@ -0,0 +1,124 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+if [[ ${PV} != 3.2.3 ]]; then
+	# Make sure we revert the autotools hackery applied in 3.2.3.
+	die "Please use rsync-9999.ebuild as a basis for version bumps"
+fi
+
+WANT_LIBTOOL=none
+
+inherit autotools prefix systemd
+
+DESCRIPTION="File transfer program to keep remote files into sync"
+HOMEPAGE="https://rsync.samba.org/"
+SRC_DIR="src"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
+S="${WORKDIR}/${P/_/}"
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="acl examples iconv ipv6 lz4 ssl stunnel system-zlib xattr xxhash zstd"
+
+RDEPEND="acl? ( virtual/acl )
+	lz4? ( app-arch/lz4 )
+	ssl? ( dev-libs/openssl:0= )
+	system-zlib? ( sys-libs/zlib )
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	xxhash? ( dev-libs/xxhash )
+	zstd? ( >=app-arch/zstd-1.4 )
+	>=dev-libs/popt-1.5
+	iconv? ( virtual/libiconv )"
+DEPEND="${RDEPEND}"
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/${P}-glibc-lchmod.patch"
+		"${FILESDIR}/${P}-cross.patch"
+		# Fix for (CVE-2020-14387) - net-misc/rsync: improper TLS validation in rsync-ssl script
+		"${FILESDIR}/${P}-verify-certificate.patch"
+	)
+	default
+	eautoconf -o configure.sh
+	touch config.h.in || die
+}
+
+src_configure() {
+	local myeconfargs=(
+		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
+		--without-included-popt
+		$(use_enable acl acl-support)
+		$(use_enable iconv)
+		$(use_enable ipv6)
+		$(use_enable lz4)
+		$(use_enable ssl openssl)
+		$(use_with !system-zlib included-zlib)
+		$(use_enable xattr xattr-support)
+		$(use_enable xxhash)
+		$(use_enable zstd)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
+	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
+
+	dodoc NEWS.md README.md TODO tech_report.tex
+
+	insinto /etc
+	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
+
+	insinto /etc/xinetd.d
+	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
+
+	# Install stunnel helpers
+	if use stunnel ; then
+		emake DESTDIR="${D}" install-ssl-daemon
+	fi
+
+	# Install the useful contrib scripts
+	if use examples ; then
+		exeinto /usr/share/rsync
+		doexe support/*
+		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
+	fi
+
+	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
+
+	systemd_newunit "packaging/systemd/rsync.service" "rsyncd.service"
+}
+
+pkg_postinst() {
+	if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
+		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
+		ewarn "is a security risk which you should fix.  Please check your"
+		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
+	fi
+	if use stunnel ; then
+		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
+		einfo
+		einfo "You maybe have to update the certificates configured in"
+		einfo "${EROOT}/etc/stunnel/rsync.conf"
+	fi
+	if use system-zlib ; then
+		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
+		ewarn "using the --compress option."
+		ewarn
+		ewarn "When syncing with >=rsync-3.1.1 built with bundled zlib,"
+		ewarn "and the --compress option, add --new-compress (-zz)."
+		ewarn
+		ewarn "For syncing the portage tree, add:"
+		ewarn "PORTAGE_RSYNC_EXTRA_OPTS=\"--new-compress\" to make.conf"
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: net-misc/rsync/, net-misc/rsync/files/

[Sam James]

commit:     d6951c6cf52d69f183a00b0f9b4dec5662d4661a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 18 19:58:44 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun 18 20:18:55 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6951c6c

net-misc/rsync: backport unsigned char fix

See: https://lists.samba.org/archive/rsync-announce/2022/000111.html
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/rsync-3.2.4-unsigned-char-checksum.patch |  12 ++
 net-misc/rsync/rsync-3.2.4-r2.ebuild               | 172 +++++++++++++++++++++
 2 files changed, 184 insertions(+)

diff --git a/net-misc/rsync/files/rsync-3.2.4-unsigned-char-checksum.patch b/net-misc/rsync/files/rsync-3.2.4-unsigned-char-checksum.patch
new file mode 100644
index 000000000000..18e56c31ce2a
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.2.4-unsigned-char-checksum.patch
@@ -0,0 +1,12 @@
+https://lists.samba.org/archive/rsync-announce/2022/000111.html
+--- a/configure.ac
++++ b/configure.ac
+@@ -1117,7 +1117,7 @@ else
+ fi
+ 
+ AC_CACHE_CHECK([for unsigned char],rsync_cv_SIGNED_CHAR_OK,[
+-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[signed char *s = ""]])],[rsync_cv_SIGNED_CHAR_OK=yes],[rsync_cv_SIGNED_CHAR_OK=no])])
++AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[signed char *s = (signed char *)""]])],[rsync_cv_SIGNED_CHAR_OK=yes],[rsync_cv_SIGNED_CHAR_OK=no])])
+ if test x"$rsync_cv_SIGNED_CHAR_OK" = x"yes"; then
+     AC_DEFINE(SIGNED_CHAR_OK, 1, [Define to 1 if "signed char" is a valid type])
+ fi

diff --git a/net-misc/rsync/rsync-3.2.4-r2.ebuild b/net-misc/rsync/rsync-3.2.4-r2.ebuild
new file mode 100644
index 000000000000..87315dbcbd91
--- /dev/null
+++ b/net-misc/rsync/rsync-3.2.4-r2.ebuild
@@ -0,0 +1,172 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+if [[ ${PV} != 3.2.4 ]]; then
+	# Make sure we revert the autotools hackery applied in 3.2.4.
+	die "Please use rsync-9999.ebuild as a basis for version bumps"
+fi
+
+WANT_LIBTOOL=none
+
+PYTHON_COMPAT=( python3_{8..10} )
+inherit autotools flag-o-matic prefix python-single-r1 systemd
+
+DESCRIPTION="File transfer program to keep remote files into sync"
+HOMEPAGE="https://rsync.samba.org/"
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
+	inherit autotools git-r3
+
+	REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/waynedavison.asc
+	inherit verify-sig
+
+	if [[ ${PV} == *_pre* ]] ; then
+		SRC_DIR="src-previews"
+	else
+		SRC_DIR="src"
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	fi
+
+	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
+		verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )"
+	S="${WORKDIR}"/${P/_/}
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="acl examples iconv ipv6 lz4 ssl stunnel system-zlib xattr xxhash zstd"
+REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )"
+
+RDEPEND="acl? ( virtual/acl )
+	examples? (
+		${PYTHON_DEPS}
+		dev-lang/perl
+	)
+	lz4? ( app-arch/lz4 )
+	ssl? ( dev-libs/openssl:0= )
+	system-zlib? ( sys-libs/zlib )
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	xxhash? ( dev-libs/xxhash )
+	zstd? ( >=app-arch/zstd-1.4 )
+	>=dev-libs/popt-1.5
+	iconv? ( virtual/libiconv )"
+DEPEND="${RDEPEND}"
+BDEPEND="examples? ( ${PYTHON_DEPS} )"
+
+if [[ ${PV} == *9999 ]] ; then
+	BDEPEND+=" ${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/commonmark[${PYTHON_USEDEP}]
+		')"
+else
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )"
+fi
+
+PATCHES=(
+	"${FILESDIR}"/${P}-unsigned-char-checksum.patch
+)
+
+pkg_setup() {
+	# - USE=examples needs Python itself at runtime, but nothing else
+	# - 9999 needs commonmark at build time
+	if [[ ${PV} == *9999 ]] || use examples ; then
+		python-single-r1_pkg_setup
+	fi
+}
+
+src_prepare() {
+	default
+
+	eautoconf -o configure.sh
+	touch config.h.in || die
+}
+
+src_configure() {
+	# Force enable IPv6 on musl - upstream bug:
+	# https://bugzilla.samba.org/show_bug.cgi?id=10715
+	use elibc_musl && use ipv6 && append-cppflags -DINET6
+
+	local myeconfargs=(
+		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
+		--without-included-popt
+		$(use_enable acl acl-support)
+		$(use_enable iconv)
+		$(use_enable ipv6)
+		$(use_enable lz4)
+		$(use_enable ssl openssl)
+		$(use_with !system-zlib included-zlib)
+		$(use_enable xattr xattr-support)
+		$(use_enable xxhash)
+		$(use_enable zstd)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
+	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
+
+	dodoc NEWS.md README.md TODO tech_report.tex
+
+	insinto /etc
+	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
+
+	insinto /etc/xinetd.d
+	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
+
+	# Install stunnel helpers
+	if use stunnel ; then
+		emake DESTDIR="${D}" install-ssl-daemon
+	fi
+
+	# Install the useful contrib scripts
+	if use examples ; then
+		python_fix_shebang support/
+
+		exeinto /usr/share/rsync
+		doexe support/*
+
+		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
+	fi
+
+	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
+
+	systemd_newunit packaging/systemd/rsync.service rsyncd.service
+}
+
+pkg_postinst() {
+	if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
+		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
+		ewarn "is a security risk which you should fix.  Please check your"
+		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
+	fi
+
+	if use stunnel ; then
+		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
+		einfo
+		einfo "You maybe have to update the certificates configured in"
+		einfo "${EROOT}/etc/stunnel/rsync.conf"
+	fi
+
+	if use system-zlib ; then
+		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
+		ewarn "using the --compress option."
+		ewarn
+		ewarn "When syncing with >=rsync-3.1.1 built with bundled zlib,"
+		ewarn "and the --compress option, add --new-compress (-zz)."
+		ewarn
+		ewarn "For syncing the portage tree, add:"
+		ewarn "PORTAGE_RSYNC_EXTRA_OPTS=\"--new-compress\" to make.conf"
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: net-misc/rsync/, net-misc/rsync/files/

[Sam James]

commit:     2abd7603ecab79ebc5284d6bc56258ed490d2ff8
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sun Jun 19 21:31:46 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 05:03:49 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2abd7603

net-misc/rsync: Fix implicit declaration build failure

Upstream-issue: https://github.com/WayneD/rsync/issues/324
Upstream-commit: 3592ac3c025d ("Include bsd/strings.h if it exists")
Signed-off-by: orbea <orbea <AT> riseup.net>
Closes: https://github.com/gentoo/gentoo/pull/25982
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-misc/rsync/files/rsync-3.2.4-strlcpy.patch |  46 +++++++
 net-misc/rsync/rsync-3.2.4-r3.ebuild           | 174 +++++++++++++++++++++++++
 2 files changed, 220 insertions(+)

diff --git a/net-misc/rsync/files/rsync-3.2.4-strlcpy.patch b/net-misc/rsync/files/rsync-3.2.4-strlcpy.patch
new file mode 100644
index 000000000000..d5a02f0e3159
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.2.4-strlcpy.patch
@@ -0,0 +1,46 @@
+https://github.com/WayneD/rsync/issues/324
+https://github.com/WayneD/rsync/commit/3592ac3c025da23b2dd291561ec6113940b9c11b
+
+From 3592ac3c025da23b2dd291561ec6113940b9c11b Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Sun, 19 Jun 2022 10:02:51 -0700
+Subject: [PATCH] Include bsd/strings.h if it exists
+
+Some systems apparently put strlcpy() into a separate bsd/strings.h file
+without putting the function into a separate library. Thus, configure
+finds that the function exists for linking but the build does not have
+the declaration (which rsync only supplies if it is also supplying its
+own version of the function).
+---
+ configure.ac | 3 ++-
+ rsync.h      | 3 +++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 37dbb18a..37241637 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -13,7 +13,8 @@ AC_CHECK_HEADERS(sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h \
+     netdb.h malloc.h float.h limits.h iconv.h libcharset.h langinfo.h mcheck.h \
+     sys/acl.h acl/libacl.h attr/xattr.h sys/xattr.h sys/extattr.h dl.h \
+     popt.h popt/popt.h linux/falloc.h netinet/in_systm.h netgroup.h \
+-    zlib.h xxhash.h openssl/md4.h openssl/md5.h zstd.h lz4.h sys/file.h)
++    zlib.h xxhash.h openssl/md4.h openssl/md5.h zstd.h lz4.h sys/file.h \
++    bsd/string.h)
+ AC_CHECK_HEADERS([netinet/ip.h], [], [], [[#include <netinet/in.h>]])
+ AC_HEADER_MAJOR_FIXED
+ 
+diff --git a/rsync.h b/rsync.h
+index e5aacd25..1cc037c5 100644
+--- a/rsync.h
++++ b/rsync.h
+@@ -338,6 +338,9 @@ enum delret {
+ # endif
+ # include <string.h>
+ #endif
++#ifdef HAVE_BSD_STRING_H
++# include <bsd/string.h>
++#endif
+ #ifdef HAVE_STRINGS_H
+ # include <strings.h>
+ #endif

diff --git a/net-misc/rsync/rsync-3.2.4-r3.ebuild b/net-misc/rsync/rsync-3.2.4-r3.ebuild
new file mode 100644
index 000000000000..d4fb6dbdd9a5
--- /dev/null
+++ b/net-misc/rsync/rsync-3.2.4-r3.ebuild
@@ -0,0 +1,174 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+if [[ ${PV} != 3.2.4 ]]; then
+	# Make sure we revert the autotools hackery applied in 3.2.4.
+	die "Please use rsync-9999.ebuild as a basis for version bumps"
+fi
+
+WANT_LIBTOOL=none
+
+PYTHON_COMPAT=( python3_{8..10} )
+inherit autotools flag-o-matic prefix python-single-r1 systemd
+
+DESCRIPTION="File transfer program to keep remote files into sync"
+HOMEPAGE="https://rsync.samba.org/"
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
+	inherit autotools git-r3
+
+	REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/waynedavison.asc
+	inherit verify-sig
+
+	if [[ ${PV} == *_pre* ]] ; then
+		SRC_DIR="src-previews"
+	else
+		SRC_DIR="src"
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	fi
+
+	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
+		verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )"
+	S="${WORKDIR}"/${P/_/}
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="acl examples iconv ipv6 lz4 ssl stunnel system-zlib xattr xxhash zstd"
+REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )"
+
+RDEPEND="acl? ( virtual/acl )
+	examples? (
+		${PYTHON_DEPS}
+		dev-lang/perl
+	)
+	lz4? ( app-arch/lz4 )
+	ssl? ( dev-libs/openssl:0= )
+	system-zlib? ( sys-libs/zlib )
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	xxhash? ( dev-libs/xxhash )
+	zstd? ( >=app-arch/zstd-1.4 )
+	>=dev-libs/popt-1.5
+	iconv? ( virtual/libiconv )"
+DEPEND="${RDEPEND}"
+BDEPEND="examples? ( ${PYTHON_DEPS} )"
+
+if [[ ${PV} == *9999 ]] ; then
+	BDEPEND+=" ${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/commonmark[${PYTHON_USEDEP}]
+		')"
+else
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )"
+fi
+
+PATCHES=(
+	"${FILESDIR}"/${P}-unsigned-char-checksum.patch
+	# https://github.com/WayneD/rsync/issues/324
+	"${FILESDIR}"/${P}-strlcpy.patch
+)
+
+pkg_setup() {
+	# - USE=examples needs Python itself at runtime, but nothing else
+	# - 9999 needs commonmark at build time
+	if [[ ${PV} == *9999 ]] || use examples ; then
+		python-single-r1_pkg_setup
+	fi
+}
+
+src_prepare() {
+	default
+
+	eautoconf -o configure.sh
+	eautoheader && touch config.h.in
+}
+
+src_configure() {
+	# Force enable IPv6 on musl - upstream bug:
+	# https://bugzilla.samba.org/show_bug.cgi?id=10715
+	use elibc_musl && use ipv6 && append-cppflags -DINET6
+
+	local myeconfargs=(
+		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
+		--without-included-popt
+		$(use_enable acl acl-support)
+		$(use_enable iconv)
+		$(use_enable ipv6)
+		$(use_enable lz4)
+		$(use_enable ssl openssl)
+		$(use_with !system-zlib included-zlib)
+		$(use_enable xattr xattr-support)
+		$(use_enable xxhash)
+		$(use_enable zstd)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
+	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
+
+	dodoc NEWS.md README.md TODO tech_report.tex
+
+	insinto /etc
+	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
+
+	insinto /etc/xinetd.d
+	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
+
+	# Install stunnel helpers
+	if use stunnel ; then
+		emake DESTDIR="${D}" install-ssl-daemon
+	fi
+
+	# Install the useful contrib scripts
+	if use examples ; then
+		python_fix_shebang support/
+
+		exeinto /usr/share/rsync
+		doexe support/*
+
+		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
+	fi
+
+	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
+
+	systemd_newunit packaging/systemd/rsync.service rsyncd.service
+}
+
+pkg_postinst() {
+	if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
+		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
+		ewarn "is a security risk which you should fix.  Please check your"
+		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
+	fi
+
+	if use stunnel ; then
+		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
+		einfo
+		einfo "You maybe have to update the certificates configured in"
+		einfo "${EROOT}/etc/stunnel/rsync.conf"
+	fi
+
+	if use system-zlib ; then
+		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
+		ewarn "using the --compress option."
+		ewarn
+		ewarn "When syncing with >=rsync-3.1.1 built with bundled zlib,"
+		ewarn "and the --compress option, add --new-compress (-zz)."
+		ewarn
+		ewarn "For syncing the portage tree, add:"
+		ewarn "PORTAGE_RSYNC_EXTRA_OPTS=\"--new-compress\" to make.conf"
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: net-misc/rsync/, net-misc/rsync/files/

[Sam James]

commit:     d2adbf791493b27c42120df242478d5e3b35a9cc
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  7 22:51:23 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Sep  7 22:51:29 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2adbf79

net-misc/rsync: fix build w/ clang 15

Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../rsync/files/rsync-3.2.5-pedantic-errors.patch  | 53 ++++++++++++++++++++++
 net-misc/rsync/rsync-3.2.5-r1.ebuild               | 12 ++++-
 net-misc/rsync/rsync-9999.ebuild                   |  8 +++-
 3 files changed, 71 insertions(+), 2 deletions(-)

diff --git a/net-misc/rsync/files/rsync-3.2.5-pedantic-errors.patch b/net-misc/rsync/files/rsync-3.2.5-pedantic-errors.patch
new file mode 100644
index 000000000000..33afbd954a12
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.2.5-pedantic-errors.patch
@@ -0,0 +1,53 @@
+https://github.com/WayneD/rsync/commit/9a3449a3980421f84ac55498ba565bc112b20d6c
+
+In particular, avoids attr configure test failing.
+
+From 9a3449a3980421f84ac55498ba565bc112b20d6c Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Thu, 18 Aug 2022 17:33:54 -0700
+Subject: [PATCH] Stop enabling -pedantic-errors.
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -1071,21 +1071,6 @@ elif test x"$ac_cv_header_popt_h" != x"yes"; then
+     with_included_popt=yes
+ fi
+ 
+-if test x"$GCC" = x"yes"; then
+-    if test x"$with_included_popt" != x"yes"; then
+-	# Turn pedantic warnings into errors to ensure an array-init overflow is an error.
+-	CFLAGS="$CFLAGS -pedantic-errors"
+-    else
+-	# Our internal popt code cannot be compiled with pedantic warnings as errors, so try to
+-	# turn off pedantic warnings (which will not lose the error for array-init overflow).
+-	# Older gcc versions don't understand -Wno-pedantic, so check if --help=warnings lists
+-	# -Wpedantic and use that as a flag.
+-	case `$CC --help=warnings 2>/dev/null | grep Wpedantic` in
+-	    *-Wpedantic*) CFLAGS="$CFLAGS -pedantic-errors -Wno-pedantic" ;;
+-	esac
+-    fi
+-fi
+-
+ AC_MSG_CHECKING([whether to use included libpopt])
+ if test x"$with_included_popt" = x"yes"; then
+     AC_MSG_RESULT($srcdir/popt)
+
+--- a/configure.sh
++++ b/configure.sh
+@@ -9982,14 +9982,14 @@ fi
+ if test x"$GCC" = x"yes"; then
+     if test x"$with_included_popt" != x"yes"; then
+ 	# Turn pedantic warnings into errors to ensure an array-init overflow is an error.
+-	CFLAGS="$CFLAGS -pedantic-errors"
++	CFLAGS="$CFLAGS "
+     else
+ 	# Our internal popt code cannot be compiled with pedantic warnings as errors, so try to
+ 	# turn off pedantic warnings (which will not lose the error for array-init overflow).
+ 	# Older gcc versions don't understand -Wno-pedantic, so check if --help=warnings lists
+ 	# -Wpedantic and use that as a flag.
+ 	case `$CC --help=warnings 2>/dev/null | grep Wpedantic` in
+-	    *-Wpedantic*) CFLAGS="$CFLAGS -pedantic-errors -Wno-pedantic" ;;
++	    *-Wpedantic*) CFLAGS="$CFLAGS  -Wno-pedantic" ;;
+ 	esac
+     fi
+ fi

diff --git a/net-misc/rsync/rsync-3.2.5-r1.ebuild b/net-misc/rsync/rsync-3.2.5-r1.ebuild
index 1abfebf444ed..6e6e4bd34c3e 100644
--- a/net-misc/rsync/rsync-3.2.5-r1.ebuild
+++ b/net-misc/rsync/rsync-3.2.5-r1.ebuild
@@ -3,6 +3,8 @@
 
 EAPI=8
 
+# Uncomment when introducing a patch which touches configure
+RSYNC_NEEDS_AUTOCONF=1
 PYTHON_COMPAT=( python3_{8..10} )
 inherit prefix python-single-r1 systemd
 
@@ -17,6 +19,10 @@ else
 	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/waynedavison.asc
 	inherit verify-sig
 
+	if [[ -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		inherit autotools
+	fi
+
 	if [[ ${PV} == *_pre* ]] ; then
 		SRC_DIR="src-previews"
 	else
@@ -60,6 +66,10 @@ else
 	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )"
 fi
 
+PATCHES=(
+	"${FILESDIR}"/${P}-pedantic-errors.patch
+)
+
 pkg_setup() {
 	# - USE=examples needs Python itself at runtime, but nothing else
 	# - 9999 needs commonmark at build time
@@ -71,7 +81,7 @@ pkg_setup() {
 src_prepare() {
 	default
 
-	if [[ ${PV} == *9999 ]] ; then
+	if [[ ${PV} == *9999 || -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
 		eaclocal -I m4
 		eautoconf -o configure.sh
 		eautoheader && touch config.h.in

diff --git a/net-misc/rsync/rsync-9999.ebuild b/net-misc/rsync/rsync-9999.ebuild
index 1abfebf444ed..804909ae11e6 100644
--- a/net-misc/rsync/rsync-9999.ebuild
+++ b/net-misc/rsync/rsync-9999.ebuild
@@ -3,6 +3,8 @@
 
 EAPI=8
 
+# Uncomment when introducing a patch which touches configure
+#RSYNC_NEEDS_AUTOCONF=1
 PYTHON_COMPAT=( python3_{8..10} )
 inherit prefix python-single-r1 systemd
 
@@ -17,6 +19,10 @@ else
 	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/waynedavison.asc
 	inherit verify-sig
 
+	if [[ -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		inherit autotools
+	fi
+
 	if [[ ${PV} == *_pre* ]] ; then
 		SRC_DIR="src-previews"
 	else
@@ -71,7 +77,7 @@ pkg_setup() {
 src_prepare() {
 	default
 
-	if [[ ${PV} == *9999 ]] ; then
+	if [[ ${PV} == *9999 || -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
 		eaclocal -I m4
 		eautoconf -o configure.sh
 		eautoheader && touch config.h.in

[gentoo-commits] repo/gentoo:master commit in: net-misc/rsync/, net-misc/rsync/files/

[Sam James]

commit:     ddcd66e295c1744b215ec48a673b9c399bfb481f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 11 07:47:26 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jan 11 07:48:29 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ddcd66e2

net-misc/rsync: backport UB fix

Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../rsync/files/rsync-3.2.7-flist-memcmp-ub.patch  |  21 +++
 net-misc/rsync/rsync-3.2.7-r2.ebuild               | 195 +++++++++++++++++++++
 2 files changed, 216 insertions(+)

diff --git a/net-misc/rsync/files/rsync-3.2.7-flist-memcmp-ub.patch b/net-misc/rsync/files/rsync-3.2.7-flist-memcmp-ub.patch
new file mode 100644
index 000000000000..9aa1b93e2c9c
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.2.7-flist-memcmp-ub.patch
@@ -0,0 +1,21 @@
+https://github.com/WayneD/rsync/issues/427
+https://github.com/WayneD/rsync/issues/429
+https://github.com/WayneD/rsync/commit/90df93e446f9ebbfd4ce97d6755c5fe1f45f9fd0
+
+From 90df93e446f9ebbfd4ce97d6755c5fe1f45f9fd0 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Sun, 8 Jan 2023 21:35:39 -0800
+Subject: [PATCH] Don't call memcmp() on an empty lastdir.
+
+--- a/flist.c
++++ b/flist.c
+@@ -2367,7 +2367,7 @@ struct file_list *send_file_list(int f, int argc, char *argv[])
+ 		}
+ 
+ 		dirlen = dir ? strlen(dir) : 0;
+-		if (dirlen != lastdir_len || memcmp(lastdir, dir, dirlen) != 0) {
++		if (dirlen != lastdir_len || (dirlen && memcmp(lastdir, dir, dirlen) != 0)) {
+ 			if (!change_pathname(NULL, dir, -dirlen))
+ 				goto bad_path;
+ 			lastdir = pathname;
+

diff --git a/net-misc/rsync/rsync-3.2.7-r2.ebuild b/net-misc/rsync/rsync-3.2.7-r2.ebuild
new file mode 100644
index 000000000000..11a98ecdd402
--- /dev/null
+++ b/net-misc/rsync/rsync-3.2.7-r2.ebuild
@@ -0,0 +1,195 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Uncomment when introducing a patch which touches configure
+#RSYNC_NEEDS_AUTOCONF=1
+PYTHON_COMPAT=( python3_{8..11} )
+inherit prefix python-single-r1 systemd
+
+DESCRIPTION="File transfer program to keep remote files into sync"
+HOMEPAGE="https://rsync.samba.org/"
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
+	inherit autotools git-r3
+
+	REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/waynedavison.asc
+	inherit verify-sig
+
+	if [[ -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		inherit autotools
+	fi
+
+	if [[ ${PV} == *_pre* ]] ; then
+		SRC_DIR="src-previews"
+	else
+		SRC_DIR="src"
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	fi
+
+	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
+		verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )"
+	S="${WORKDIR}"/${P/_/}
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="acl examples iconv lz4 rrsync ssl stunnel system-zlib xattr xxhash zstd"
+REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )"
+REQUIRED_USE+=" rrsync? ( ${PYTHON_REQUIRED_USE} )"
+
+RDEPEND="
+	>=dev-libs/popt-1.5
+	acl? ( virtual/acl )
+	examples? (
+		${PYTHON_DEPS}
+		dev-lang/perl
+	)
+	lz4? ( app-arch/lz4:= )
+	rrsync? (
+		${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/bracex[${PYTHON_USEDEP}]
+		')
+	)
+	ssl? ( dev-libs/openssl:= )
+	system-zlib? ( sys-libs/zlib )
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	xxhash? ( >=dev-libs/xxhash-0.8 )
+	zstd? ( >=app-arch/zstd-1.4:= )
+	iconv? ( virtual/libiconv )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	examples? ( ${PYTHON_DEPS} )
+	rrsync? ( ${PYTHON_DEPS} )
+"
+
+if [[ ${PV} == *9999 ]] ; then
+	BDEPEND+=" ${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/commonmark[${PYTHON_USEDEP}]
+		')"
+else
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )"
+fi
+
+PATCHES=(
+	"${FILESDIR}"/${P}-flist-memcmp-ub.patch
+)
+
+pkg_setup() {
+	# - USE=examples needs Python itself at runtime, but nothing else
+	# - 9999 needs commonmark at build time
+	if [[ ${PV} == *9999 ]] || use examples || use rrsync; then
+		python-single-r1_pkg_setup
+	fi
+}
+
+src_prepare() {
+	default
+
+	if [[ ${PV} == *9999 || -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		eaclocal -I m4
+		eautoconf -o configure.sh
+		eautoheader && touch config.h.in
+	fi
+
+	if use examples || use rrsync; then
+		python_fix_shebang support/
+	fi
+
+	if [[ -f rrsync.1 ]]; then
+		# If the pre-build rrsync.1 man page exists, then link to it
+		# from support/rrsync.1 to avoid rsync's build system attempting
+		# re-creating the man page (bug #883049).
+		ln -s ../rrsync.1 support/rrsync.1 || die
+	fi
+}
+
+src_configure() {
+	local myeconfargs=(
+		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
+		--without-included-popt
+		--enable-ipv6
+		$(use_enable acl acl-support)
+		$(use_enable iconv)
+		$(use_enable lz4)
+		$(use_with rrsync)
+		$(use_enable ssl openssl)
+		$(use_with !system-zlib included-zlib)
+		$(use_enable xattr xattr-support)
+		$(use_enable xxhash)
+		$(use_enable zstd)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
+	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
+
+	dodoc NEWS.md README.md TODO tech_report.tex
+
+	insinto /etc
+	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
+
+	insinto /etc/xinetd.d
+	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
+
+	# Install stunnel helpers
+	if use stunnel ; then
+		emake DESTDIR="${D}" install-ssl-daemon
+	fi
+
+	# Install the useful contrib scripts
+	if use examples ; then
+		# The 'rrsync' script is installed conditionally via the 'rrysnc'
+		# USE flag, and not via the 'examples' USE flag.
+		rm support/rrsync* || die
+
+		exeinto /usr/share/rsync
+		doexe support/*
+
+		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
+	fi
+
+	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
+
+	systemd_newunit packaging/systemd/rsync.service rsyncd.service
+}
+
+pkg_postinst() {
+	if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
+		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
+		ewarn "is a security risk which you should fix.  Please check your"
+		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
+	fi
+
+	if use stunnel ; then
+		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
+		einfo
+		einfo "You maybe have to update the certificates configured in"
+		einfo "${EROOT}/etc/stunnel/rsync.conf"
+	fi
+
+	if use system-zlib ; then
+		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
+		ewarn "using the --compress option."
+		ewarn
+		ewarn "When syncing with >=rsync-3.1.1 built with bundled zlib,"
+		ewarn "and the --compress option, add --new-compress (-zz)."
+		ewarn
+		ewarn "For syncing the portage tree, add:"
+		ewarn "PORTAGE_RSYNC_EXTRA_OPTS=\"--new-compress\" to make.conf"
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: net-misc/rsync/, net-misc/rsync/files/

[Sam James]

commit:     49fc4a8567531cb5d8f889832663c784d6a36ddf
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 28 04:11:47 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 28 04:11:47 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=49fc4a85

net-misc/rsync: fix crash w/ FORTIFY_SOURCE=3

Closes: https://bugs.gentoo.org/917517
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../rsync/files/rsync-3.2.7-fortify-source-3.patch |  54 ++++++
 net-misc/rsync/rsync-3.2.7-r3.ebuild               | 204 +++++++++++++++++++++
 2 files changed, 258 insertions(+)

diff --git a/net-misc/rsync/files/rsync-3.2.7-fortify-source-3.patch b/net-misc/rsync/files/rsync-3.2.7-fortify-source-3.patch
new file mode 100644
index 000000000000..952af573dfc7
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.2.7-fortify-source-3.patch
@@ -0,0 +1,54 @@
+https://bugs.gentoo.org/917517
+https://github.com/WayneD/rsync/issues/511
+https://bugzilla.suse.com/show_bug.cgi?id=1214249
+https://bugzilla.redhat.com/show_bug.cgi?id=2229654
+https://src.fedoraproject.org/rpms/rsync/raw/06d55616ec86c3a68a8af917783788b928fefcc4/f/rsync-3.2.7-buffer-overflow.patch
+
+From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001
+From: Jiri Slaby <jslaby@suse.cz>
+Date: Fri, 18 Aug 2023 08:26:20 +0200
+Subject: [PATCH] exclude: fix crashes with fortified strlcpy()
+
+Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when
+its third parameter (size) is larger than the buffer:
+  $ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx
+  sending incremental file list
+  *** buffer overflow detected ***: terminated
+
+It's in the exclude code in setup_merge_file():
+  strlcpy(y, save, MAXPATHLEN);
+
+Note the 'y' pointer was incremented, so it no longer points to memory
+with MAXPATHLEN "owned" bytes.
+
+Fix it by remembering the number of copied bytes into the 'save' buffer
+and use that instead of MAXPATHLEN which is clearly incorrect.
+
+Fixes #511.
+---
+ exclude.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/exclude.c b/exclude.c
+index ffe55b167..1a5de3b9e 100644
+--- a/exclude.c
++++ b/exclude.c
+@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
+ 	parent_dirscan = True;
+ 	while (*y) {
+ 		char save[MAXPATHLEN];
+-		strlcpy(save, y, MAXPATHLEN);
++		/* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */
++		size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1;
+ 		*y = '\0';
+ 		dirbuf_len = y - dirbuf;
+ 		strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf));
+@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
+ 			lp->head = NULL;
+ 		}
+ 		lp->tail = NULL;
+-		strlcpy(y, save, MAXPATHLEN);
++		strlcpy(y, save, copylen);
+ 		while ((*x++ = *y++) != '/') {}
+ 	}
+ 	parent_dirscan = False;

diff --git a/net-misc/rsync/rsync-3.2.7-r3.ebuild b/net-misc/rsync/rsync-3.2.7-r3.ebuild
new file mode 100644
index 000000000000..01c09f3cd5ca
--- /dev/null
+++ b/net-misc/rsync/rsync-3.2.7-r3.ebuild
@@ -0,0 +1,204 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Uncomment when introducing a patch which touches configure
+#RSYNC_NEEDS_AUTOCONF=1
+PYTHON_COMPAT=( python3_{9..11} )
+inherit flag-o-matic prefix python-single-r1 systemd
+
+DESCRIPTION="File transfer program to keep remote files into sync"
+HOMEPAGE="https://rsync.samba.org/"
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
+	inherit autotools git-r3
+
+	REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/waynedavison.asc
+	inherit verify-sig
+
+	if [[ -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		inherit autotools
+	fi
+
+	if [[ ${PV} == *_pre* ]] ; then
+		SRC_DIR="src-previews"
+	else
+		SRC_DIR="src"
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	fi
+
+	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
+		verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )"
+	S="${WORKDIR}"/${P/_/}
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="acl examples iconv lz4 rrsync ssl stunnel system-zlib xattr xxhash zstd"
+REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )"
+REQUIRED_USE+=" rrsync? ( ${PYTHON_REQUIRED_USE} )"
+
+RDEPEND="
+	>=dev-libs/popt-1.5
+	acl? ( virtual/acl )
+	examples? (
+		${PYTHON_DEPS}
+		dev-lang/perl
+	)
+	lz4? ( app-arch/lz4:= )
+	rrsync? (
+		${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/bracex[${PYTHON_USEDEP}]
+		')
+	)
+	ssl? ( dev-libs/openssl:= )
+	system-zlib? ( sys-libs/zlib )
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	xxhash? ( >=dev-libs/xxhash-0.8 )
+	zstd? ( >=app-arch/zstd-1.4:= )
+	iconv? ( virtual/libiconv )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	examples? ( ${PYTHON_DEPS} )
+	rrsync? ( ${PYTHON_DEPS} )
+"
+
+if [[ ${PV} == *9999 ]] ; then
+	BDEPEND+=" ${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/commonmark[${PYTHON_USEDEP}]
+		')"
+else
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )"
+fi
+
+PATCHES=(
+	"${FILESDIR}"/${P}-flist-memcmp-ub.patch
+	"${FILESDIR}"/${P}-fortify-source-3.patch
+)
+
+pkg_setup() {
+	# - USE=examples needs Python itself at runtime, but nothing else
+	# - 9999 needs commonmark at build time
+	if [[ ${PV} == *9999 ]] || use examples || use rrsync; then
+		python-single-r1_pkg_setup
+	fi
+}
+
+src_prepare() {
+	default
+
+	if [[ ${PV} == *9999 || -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		eaclocal -I m4
+		eautoconf -o configure.sh
+		eautoheader && touch config.h.in
+	fi
+
+	if use examples || use rrsync; then
+		python_fix_shebang support/
+	fi
+
+	if [[ -f rrsync.1 ]]; then
+		# If the pre-build rrsync.1 man page exists, then link to it
+		# from support/rrsync.1 to avoid rsync's build system attempting
+		# re-creating the man page (bug #883049).
+		ln -s ../rrsync.1 support/rrsync.1 || die
+	fi
+}
+
+src_configure() {
+	local myeconfargs=(
+		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
+		--without-included-popt
+		--enable-ipv6
+		$(use_enable acl acl-support)
+		$(use_enable iconv)
+		$(use_enable lz4)
+		$(use_with rrsync)
+		$(use_enable ssl openssl)
+		$(use_with !system-zlib included-zlib)
+		$(use_enable xattr xattr-support)
+		$(use_enable xxhash)
+		$(use_enable zstd)
+	)
+
+	# https://github.com/WayneD/rsync/pull/428
+	if is-flagq -fsanitize=undefined ; then
+		sed -E -i \
+			-e 's:#define CAREFUL_ALIGNMENT (0|1):#define CAREFUL_ALIGNMENT 1:' \
+			byteorder.h || die
+		append-flags -DCAREFUL_ALIGNMENT
+	fi
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
+	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
+
+	dodoc NEWS.md README.md TODO tech_report.tex
+
+	insinto /etc
+	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
+
+	insinto /etc/xinetd.d
+	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
+
+	# Install stunnel helpers
+	if use stunnel ; then
+		emake DESTDIR="${D}" install-ssl-daemon
+	fi
+
+	# Install the useful contrib scripts
+	if use examples ; then
+		# The 'rrsync' script is installed conditionally via the 'rrysnc'
+		# USE flag, and not via the 'examples' USE flag.
+		rm support/rrsync* || die
+
+		exeinto /usr/share/rsync
+		doexe support/*
+
+		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
+	fi
+
+	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
+
+	systemd_newunit packaging/systemd/rsync.service rsyncd.service
+}
+
+pkg_postinst() {
+	if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
+		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
+		ewarn "is a security risk which you should fix.  Please check your"
+		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
+	fi
+
+	if use stunnel ; then
+		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
+		einfo
+		einfo "You maybe have to update the certificates configured in"
+		einfo "${EROOT}/etc/stunnel/rsync.conf"
+	fi
+
+	if use system-zlib ; then
+		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
+		ewarn "using the --compress option."
+		ewarn
+		ewarn "When syncing with >=rsync-3.1.1 built with bundled zlib,"
+		ewarn "and the --compress option, add --new-compress (-zz)."
+		ewarn
+		ewarn "For syncing the portage tree, add:"
+		ewarn "PORTAGE_RSYNC_EXTRA_OPTS=\"--new-compress\" to make.conf"
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: net-misc/rsync/, net-misc/rsync/files/

[Sam James]

commit:     d83ea18a4efe4f59fd7c399f6545f9996168b892
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Sat Jul  6 18:54:55 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jul  8 10:11:42 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d83ea18a

net-misc/rsync: do not export lost+found in portage dir

Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-misc/rsync/files/rsyncd.conf-3.2.7-r5 |  15 +++
 net-misc/rsync/rsync-3.2.7-r5.ebuild      | 207 ++++++++++++++++++++++++++++++
 net-misc/rsync/rsync-3.3.0-r1.ebuild      | 201 +++++++++++++++++++++++++++++
 3 files changed, 423 insertions(+)

diff --git a/net-misc/rsync/files/rsyncd.conf-3.2.7-r5 b/net-misc/rsync/files/rsyncd.conf-3.2.7-r5
new file mode 100644
index 000000000000..fe9189182f83
--- /dev/null
+++ b/net-misc/rsync/files/rsyncd.conf-3.2.7-r5
@@ -0,0 +1,15 @@
+# /etc/rsyncd.conf
+
+# Minimal configuration file for rsync daemon
+# See rsync(1) and rsyncd.conf(5) man pages for help
+
+# This line is required by the /etc/init.d/rsyncd script
+pid file = @GENTOO_PORTAGE_EPREFIX@/run/rsyncd.pid
+use chroot = yes
+read only = yes
+
+# Simple example for enabling your own local rsync server
+#[gentoo-portage]
+#	path = @GENTOO_PORTAGE_EPREFIX@/var/db/repos/gentoo
+#	comment = Gentoo ebuild repository
+#	exclude = /distfiles /packages /lost+found

diff --git a/net-misc/rsync/rsync-3.2.7-r5.ebuild b/net-misc/rsync/rsync-3.2.7-r5.ebuild
new file mode 100644
index 000000000000..d3fe9c36b093
--- /dev/null
+++ b/net-misc/rsync/rsync-3.2.7-r5.ebuild
@@ -0,0 +1,207 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Uncomment when introducing a patch which touches configure
+RSYNC_NEEDS_AUTOCONF=1
+PYTHON_COMPAT=( python3_{9..11} )
+inherit flag-o-matic prefix python-single-r1 systemd
+
+DESCRIPTION="File transfer program to keep remote files into sync"
+HOMEPAGE="https://rsync.samba.org/"
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
+	inherit autotools git-r3
+
+	REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/waynedavison.asc
+	inherit verify-sig
+
+	if [[ -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		inherit autotools
+	fi
+
+	if [[ ${PV} == *_pre* ]] ; then
+		SRC_DIR="src-previews"
+	else
+		SRC_DIR="src"
+		KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	fi
+
+	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
+		verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )"
+	S="${WORKDIR}"/${P/_/}
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="acl examples iconv lz4 rrsync ssl stunnel system-zlib xattr xxhash zstd"
+REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )"
+REQUIRED_USE+=" rrsync? ( ${PYTHON_REQUIRED_USE} )"
+
+RDEPEND="
+	>=dev-libs/popt-1.5
+	acl? ( virtual/acl )
+	examples? (
+		${PYTHON_DEPS}
+		dev-lang/perl
+	)
+	lz4? ( app-arch/lz4:= )
+	rrsync? (
+		${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/bracex[${PYTHON_USEDEP}]
+		')
+	)
+	ssl? ( dev-libs/openssl:= )
+	system-zlib? ( sys-libs/zlib )
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	xxhash? ( >=dev-libs/xxhash-0.8 )
+	zstd? ( >=app-arch/zstd-1.4:= )
+	iconv? ( virtual/libiconv )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	examples? ( ${PYTHON_DEPS} )
+	rrsync? ( ${PYTHON_DEPS} )
+"
+
+if [[ ${PV} == *9999 ]] ; then
+	BDEPEND+=" ${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/commonmark[${PYTHON_USEDEP}]
+		')"
+else
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )"
+fi
+
+PATCHES=(
+	"${FILESDIR}"/${P}-flist-memcmp-ub.patch
+	"${FILESDIR}"/${P}-fortify-source-3.patch
+	"${FILESDIR}"/${PN}-3.2.7-ipv6-configure-c99.patch
+)
+
+pkg_setup() {
+	# - USE=examples needs Python itself at runtime, but nothing else
+	# - 9999 needs commonmark at build time
+	if [[ ${PV} == *9999 ]] || use examples || use rrsync; then
+		python-single-r1_pkg_setup
+	fi
+}
+
+src_prepare() {
+	default
+
+	sed -i -e 's/AC_HEADER_MAJOR_FIXED/AC_HEADER_MAJOR/' configure.ac
+
+	if [[ ${PV} == *9999 || -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		eaclocal -I m4
+		eautoconf -o configure.sh
+		eautoheader && touch config.h.in
+	fi
+
+	if use examples || use rrsync; then
+		python_fix_shebang support/
+	fi
+
+	if [[ -f rrsync.1 ]]; then
+		# If the pre-build rrsync.1 man page exists, then link to it
+		# from support/rrsync.1 to avoid rsync's build system attempting
+		# re-creating the man page (bug #883049).
+		ln -s ../rrsync.1 support/rrsync.1 || die
+	fi
+}
+
+src_configure() {
+	local myeconfargs=(
+		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
+		--without-included-popt
+		--enable-ipv6
+		$(use_enable acl acl-support)
+		$(use_enable iconv)
+		$(use_enable lz4)
+		$(use_with rrsync)
+		$(use_enable ssl openssl)
+		$(use_with !system-zlib included-zlib)
+		$(use_enable xattr xattr-support)
+		$(use_enable xxhash)
+		$(use_enable zstd)
+	)
+
+	# https://github.com/WayneD/rsync/pull/428
+	if is-flagq -fsanitize=undefined ; then
+		sed -E -i \
+			-e 's:#define CAREFUL_ALIGNMENT (0|1):#define CAREFUL_ALIGNMENT 1:' \
+			byteorder.h || die
+		append-flags -DCAREFUL_ALIGNMENT
+	fi
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
+	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
+
+	dodoc NEWS.md README.md TODO tech_report.tex
+
+	insinto /etc
+	newins "${FILESDIR}"/rsyncd.conf-3.2.7-r5 rsyncd.conf
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
+
+	insinto /etc/xinetd.d
+	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
+
+	# Install stunnel helpers
+	if use stunnel ; then
+		emake DESTDIR="${D}" install-ssl-daemon
+	fi
+
+	# Install the useful contrib scripts
+	if use examples ; then
+		# The 'rrsync' script is installed conditionally via the 'rrysnc'
+		# USE flag, and not via the 'examples' USE flag.
+		rm support/rrsync* || die
+
+		exeinto /usr/share/rsync
+		doexe support/*
+
+		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
+	fi
+
+	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
+
+	systemd_newunit packaging/systemd/rsync.service rsyncd.service
+}
+
+pkg_postinst() {
+	if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
+		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
+		ewarn "is a security risk which you should fix.  Please check your"
+		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
+	fi
+
+	if use stunnel ; then
+		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
+		einfo
+		einfo "You maybe have to update the certificates configured in"
+		einfo "${EROOT}/etc/stunnel/rsync.conf"
+	fi
+
+	if use system-zlib ; then
+		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
+		ewarn "using the --compress option."
+		ewarn
+		ewarn "When syncing with >=rsync-3.1.1 built with bundled zlib,"
+		ewarn "and the --compress option, add --new-compress (-zz)."
+		ewarn
+		ewarn "For syncing the portage tree, add:"
+		ewarn "PORTAGE_RSYNC_EXTRA_OPTS=\"--new-compress\" to make.conf"
+	fi
+}

diff --git a/net-misc/rsync/rsync-3.3.0-r1.ebuild b/net-misc/rsync/rsync-3.3.0-r1.ebuild
new file mode 100644
index 000000000000..ebe9b1a3ec8a
--- /dev/null
+++ b/net-misc/rsync/rsync-3.3.0-r1.ebuild
@@ -0,0 +1,201 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Uncomment when introducing a patch which touches configure
+RSYNC_NEEDS_AUTOCONF=1
+PYTHON_COMPAT=( python3_{10..12} )
+inherit flag-o-matic prefix python-single-r1 systemd
+
+DESCRIPTION="File transfer program to keep remote files into sync"
+HOMEPAGE="https://rsync.samba.org/"
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
+	inherit autotools git-r3
+
+	REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/waynedavison.asc
+	inherit verify-sig
+
+	if [[ -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		inherit autotools
+	fi
+
+	if [[ ${PV} == *_pre* ]] ; then
+		SRC_DIR="src-previews"
+	else
+		SRC_DIR="src"
+		KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	fi
+
+	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
+		verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )"
+	S="${WORKDIR}"/${P/_/}
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="acl examples iconv lz4 rrsync ssl stunnel system-zlib xattr xxhash zstd"
+REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )"
+REQUIRED_USE+=" rrsync? ( ${PYTHON_REQUIRED_USE} )"
+
+RDEPEND="
+	>=dev-libs/popt-1.5
+	acl? ( virtual/acl )
+	examples? (
+		${PYTHON_DEPS}
+		dev-lang/perl
+	)
+	lz4? ( app-arch/lz4:= )
+	rrsync? (
+		${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/bracex[${PYTHON_USEDEP}]
+		')
+	)
+	ssl? ( dev-libs/openssl:= )
+	system-zlib? ( sys-libs/zlib )
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	xxhash? ( >=dev-libs/xxhash-0.8 )
+	zstd? ( >=app-arch/zstd-1.4:= )
+	iconv? ( virtual/libiconv )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	examples? ( ${PYTHON_DEPS} )
+	rrsync? ( ${PYTHON_DEPS} )
+"
+
+if [[ ${PV} == *9999 ]] ; then
+	BDEPEND+=" ${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/commonmark[${PYTHON_USEDEP}]
+		')"
+else
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )"
+fi
+
+pkg_setup() {
+	# - USE=examples needs Python itself at runtime, but nothing else
+	# - 9999 needs commonmark at build time
+	if [[ ${PV} == *9999 ]] || use examples || use rrsync; then
+		python-single-r1_pkg_setup
+	fi
+}
+
+src_prepare() {
+	default
+
+	sed -i -e 's/AC_HEADER_MAJOR_FIXED/AC_HEADER_MAJOR/' configure.ac
+
+	if [[ ${PV} == *9999 || -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		eaclocal -I m4
+		eautoconf -o configure.sh
+		eautoheader && touch config.h.in
+	fi
+
+	if use examples || use rrsync; then
+		python_fix_shebang support/
+	fi
+
+	if [[ -f rrsync.1 ]]; then
+		# If the pre-build rrsync.1 man page exists, then link to it
+		# from support/rrsync.1 to avoid rsync's build system attempting
+		# re-creating the man page (bug #883049).
+		ln -s ../rrsync.1 support/rrsync.1 || die
+	fi
+}
+
+src_configure() {
+	local myeconfargs=(
+		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
+		--without-included-popt
+		--enable-ipv6
+		$(use_enable acl acl-support)
+		$(use_enable iconv)
+		$(use_enable lz4)
+		$(use_with rrsync)
+		$(use_enable ssl openssl)
+		$(use_with !system-zlib included-zlib)
+		$(use_enable xattr xattr-support)
+		$(use_enable xxhash)
+		$(use_enable zstd)
+	)
+
+	# https://github.com/WayneD/rsync/pull/428
+	if is-flagq -fsanitize=undefined ; then
+		sed -E -i \
+			-e 's:#define CAREFUL_ALIGNMENT (0|1):#define CAREFUL_ALIGNMENT 1:' \
+			byteorder.h || die
+		append-flags -DCAREFUL_ALIGNMENT
+	fi
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
+	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
+
+	dodoc NEWS.md README.md TODO tech_report.tex
+
+	insinto /etc
+	newins "${FILESDIR}"/rsyncd.conf-3.2.7-r5 rsyncd.conf
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
+
+	insinto /etc/xinetd.d
+	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
+
+	# Install stunnel helpers
+	if use stunnel ; then
+		emake DESTDIR="${D}" install-ssl-daemon
+	fi
+
+	# Install the useful contrib scripts
+	if use examples ; then
+		# The 'rrsync' script is installed conditionally via the 'rrysnc'
+		# USE flag, and not via the 'examples' USE flag.
+		rm support/rrsync* || die
+
+		exeinto /usr/share/rsync
+		doexe support/*
+
+		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
+	fi
+
+	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
+
+	systemd_newunit packaging/systemd/rsync.service rsyncd.service
+}
+
+pkg_postinst() {
+	if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
+		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
+		ewarn "is a security risk which you should fix.  Please check your"
+		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
+	fi
+
+	if use stunnel ; then
+		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
+		einfo
+		einfo "You maybe have to update the certificates configured in"
+		einfo "${EROOT}/etc/stunnel/rsync.conf"
+	fi
+
+	if use system-zlib ; then
+		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
+		ewarn "using the --compress option."
+		ewarn
+		ewarn "When syncing with >=rsync-3.1.1 built with bundled zlib,"
+		ewarn "and the --compress option, add --new-compress (-zz)."
+		ewarn
+		ewarn "For syncing the portage tree, add:"
+		ewarn "PORTAGE_RSYNC_EXTRA_OPTS=\"--new-compress\" to make.conf"
+	fi
+}