summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2018-07-22 23:53:13 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2018-07-22 23:53:27 +0000
commitb922ea7c8f3fa0433e51a2355313597e85ec3c74 (patch)
tree6cce862f1674633a122ec454251e90dbac81fb92
parentReleasing progress-linux version 3.1.2-2.1~dschinn1. (diff)
downloadrsync-b922ea7c8f3fa0433e51a2355313597e85ec3c74.zip
rsync-b922ea7c8f3fa0433e51a2355313597e85ec3c74.tar.xz
Merging debian version 3.1.2-2.2.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/changelog15
-rw-r--r--debian/control2
-rw-r--r--debian/patches/CVE-2018-5764.patch41
-rwxr-xr-xdebian/rules20
4 files changed, 59 insertions, 19 deletions
diff --git a/debian/changelog b/debian/changelog
index 1c1be3b..b3cab69 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+rsync (3.1.2-2.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Ignore --protect-args when already sent by client
+ (CVE-2018-5764) (Closes: #887588)
+
+ [Helmut Grohne]
+ * Fix Architecture field of cross built packages. (Closes: #866353)
+
+ [Aurelien Jarno]
+ * Update config.guess for new ports: mips*r6* and riscv64.
+ (Closes: #892968, #883048)
+
+ -- YunQiang Su <syq@debian.org> Sat, 21 Jul 2018 21:44:31 +0800
+
rsync (3.1.2-2.1~dschinn1) dschinn-backports; urgency=medium
* Uploading to dschinn-backports, remaining changes:
diff --git a/debian/control b/debian/control
index d94693a..bf10fe5 100644
--- a/debian/control
+++ b/debian/control
@@ -5,7 +5,7 @@ Maintainer: Progress Linux Maintainers <maintainers@lists.progress-linux.org>
XSBC-Uploaders: Daniel Baumann <daniel.baumann@progress-linux.org>
XSBC-Original-Maintainer: Paul Slootman <paul@debian.org>
Bugs: mailto:maintainers@lists.progress-linux.org
-Build-Depends: libpopt-dev,libacl1-dev,libattr1-dev
+Build-Depends: libpopt-dev,libacl1-dev,libattr1-dev, autotools-dev
Standards-Version: 3.9.8
Homepage: http://rsync.samba.org/
Vcs-Browser: https://sources.progress-linux.org/distributions/dschinn-backports/packages/rsync
diff --git a/debian/patches/CVE-2018-5764.patch b/debian/patches/CVE-2018-5764.patch
new file mode 100644
index 0000000..0d41086
--- /dev/null
+++ b/debian/patches/CVE-2018-5764.patch
@@ -0,0 +1,41 @@
+From 7706303828fcde524222babb2833864a4bd09e07 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Mon, 20 Nov 2017 14:42:30 -0800
+Subject: [PATCH] Ignore --protect-args when already sent by client
+
+In parse_arguments when --protect-args is encountered the function exits
+early. The caller is expected to check protect_args, and recall
+parse_arguments setting protect_args to 2. This patch prevents the
+client from resetting protect_args during the second pass of
+parse_arguments. This prevents parse_arguments returning early the
+second time before it's able to sanitize the arguments it received.
+---
+ options.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/options.c b/options.c
+index 64ec8b8..cb94ef0 100644
+--- a/options.c
++++ b/options.c
+@@ -1313,6 +1313,7 @@ int parse_arguments(int *argc_p, const char ***argv_p)
+ const char *arg, **argv = *argv_p;
+ int argc = *argc_p;
+ int opt;
++ int orig_protect_args = protect_args;
+
+ if (ref && *ref)
+ set_refuse_options(ref);
+@@ -1934,6 +1935,10 @@ int parse_arguments(int *argc_p, const char ***argv_p)
+ if (fuzzy_basis > 1)
+ fuzzy_basis = basis_dir_cnt + 1;
+
++ /* Don't let the client reset protect_args if it was already processed */
++ if (orig_protect_args == 2 && am_server)
++ protect_args = orig_protect_args;
++
+ if (protect_args == 1 && am_server)
+ return 1;
+
+--
+2.7.4
+
diff --git a/debian/rules b/debian/rules
index c428370..5c8fb58 100755
--- a/debian/rules
+++ b/debian/rules
@@ -25,24 +25,6 @@ CPPFLAGS := -Izlib $(shell $(dpkg_buildflags) --get CPPFLAGS)
CFLAGS := -Wall $(shell $(dpkg_buildflags) --get CFLAGS)
LDFLAGS := $(shell $(dpkg_buildflags) --get LDFLAGS)
-# backwards compatibility stuff, from dpkg-architecture manpage
-DEB_BUILD_ARCH := $(shell dpkg --print-architecture)
-DEB_BUILD_GNU_CPU := $(patsubst hurd-%,%,$(DEB_BUILD_ARCH))
-ifeq ($(filter-out hurd-%,$(DEB_BUILD_ARCH)),)
-DEB_BUILD_GNU_SYSTEM := gnu
-else
-DEB_BUILD_GNU_SYSTEM := linux
-endif
-DEB_BUILD_GNU_TYPE=$(DEB_BUILD_GNU_CPU)-$(DEB_BUILD_GNU_SYSTEM)
-
-DEB_HOST_ARCH=$(DEB_BUILD_ARCH)
-DEB_HOST_GNU_CPU=$(DEB_BUILD_GNU_CPU)
-DEB_HOST_GNU_SYSTEM=$(DEB_BUILD_GNU_SYSTEM)
-DEB_HOST_GNU_TYPE=$(DEB_BUILD_GNU_TYPE)
-
-DEB_BUILD_GNU_TYPE := $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
-DEB_HOST_GNU_TYPE := $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
-
ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
INSTALL_CROSS :=
else
@@ -60,6 +42,8 @@ build-stamp:
mkdir debian/buildtree
cp -p * debian/buildtree || true
cp -pr lib m4 popt support testsuite zlib debian/buildtree
+ # update config.guess/sub
+ cp /usr/share/misc/config.guess /usr/share/misc/config.sub debian/buildtree
# work around newer autoconf stuff (runstatedir)
touch debian/buildtree/aclocal.m4
@echo applying misc Debian patches