rsync: upgraded package to upstream
Upgraded net-misc/rsync to version 3.2.3-r5 on amd64
BUG=b/205321622
TEST=presubmit
RELEASE_NOTE=Fixed CVE-2020-14387 in rsync
Change-Id: If9b61ca0b0c3e2aac10db260c8b5b6e767d371d1
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/portage-stable/+/25320
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
diff --git a/metadata/md5-cache/net-misc/rsync-3.2.3-r3 b/metadata/md5-cache/net-misc/rsync-3.2.3-r3
deleted file mode 100644
index 4d08817..0000000
--- a/metadata/md5-cache/net-misc/rsync-3.2.3-r3
+++ /dev/null
@@ -1,14 +0,0 @@
-BDEPEND=virtual/pkgconfig
-DEFINED_PHASES=configure install postinst prepare
-DEPEND=acl? ( virtual/acl ) lz4? ( app-arch/lz4 ) ssl? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl:0= ) ) system-zlib? ( sys-libs/zlib ) xattr? ( kernel_linux? ( sys-apps/attr ) ) xxhash? ( dev-libs/xxhash ) zstd? ( >=app-arch/zstd-1.4 ) >=dev-libs/popt-1.5 iconv? ( virtual/libiconv )
-DESCRIPTION=File transfer program to keep remote files into sync
-EAPI=7
-HOMEPAGE=https://rsync.samba.org/
-IUSE=acl examples iconv ipv6 libressl lz4 ssl stunnel system-zlib xattr xxhash zstd
-KEYWORDS=*
-LICENSE=GPL-3
-RDEPEND=acl? ( virtual/acl ) lz4? ( app-arch/lz4 ) ssl? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl:0= ) ) system-zlib? ( sys-libs/zlib ) xattr? ( kernel_linux? ( sys-apps/attr ) ) xxhash? ( dev-libs/xxhash ) zstd? ( >=app-arch/zstd-1.4 ) >=dev-libs/popt-1.5 iconv? ( virtual/libiconv )
-SLOT=0
-SRC_URI=https://rsync.samba.org/ftp/rsync/src/rsync-3.2.3.tar.gz
-_eclasses_=multilib 2477ebe553d3e4d2c606191fe6c33602 prefix e51c7882b7b721e54e684f7eb143cbfe systemd 71fd8d2065d102753fb9e4d20eaf3e9f toolchain-funcs f783d68a26b62d6b19e070e6bcada5e6
-_md5_=14648bf8bb9ad595af6175ceb176f270
diff --git a/metadata/md5-cache/net-misc/rsync-3.2.3-r4 b/metadata/md5-cache/net-misc/rsync-3.2.3-r4
deleted file mode 100644
index 4d08817..0000000
--- a/metadata/md5-cache/net-misc/rsync-3.2.3-r4
+++ /dev/null
@@ -1,14 +0,0 @@
-BDEPEND=virtual/pkgconfig
-DEFINED_PHASES=configure install postinst prepare
-DEPEND=acl? ( virtual/acl ) lz4? ( app-arch/lz4 ) ssl? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl:0= ) ) system-zlib? ( sys-libs/zlib ) xattr? ( kernel_linux? ( sys-apps/attr ) ) xxhash? ( dev-libs/xxhash ) zstd? ( >=app-arch/zstd-1.4 ) >=dev-libs/popt-1.5 iconv? ( virtual/libiconv )
-DESCRIPTION=File transfer program to keep remote files into sync
-EAPI=7
-HOMEPAGE=https://rsync.samba.org/
-IUSE=acl examples iconv ipv6 libressl lz4 ssl stunnel system-zlib xattr xxhash zstd
-KEYWORDS=*
-LICENSE=GPL-3
-RDEPEND=acl? ( virtual/acl ) lz4? ( app-arch/lz4 ) ssl? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl:0= ) ) system-zlib? ( sys-libs/zlib ) xattr? ( kernel_linux? ( sys-apps/attr ) ) xxhash? ( dev-libs/xxhash ) zstd? ( >=app-arch/zstd-1.4 ) >=dev-libs/popt-1.5 iconv? ( virtual/libiconv )
-SLOT=0
-SRC_URI=https://rsync.samba.org/ftp/rsync/src/rsync-3.2.3.tar.gz
-_eclasses_=multilib 2477ebe553d3e4d2c606191fe6c33602 prefix e51c7882b7b721e54e684f7eb143cbfe systemd 71fd8d2065d102753fb9e4d20eaf3e9f toolchain-funcs f783d68a26b62d6b19e070e6bcada5e6
-_md5_=14648bf8bb9ad595af6175ceb176f270
diff --git a/metadata/md5-cache/net-misc/rsync-3.2.3-r5 b/metadata/md5-cache/net-misc/rsync-3.2.3-r5
new file mode 100644
index 0000000..ae315c6
--- /dev/null
+++ b/metadata/md5-cache/net-misc/rsync-3.2.3-r5
@@ -0,0 +1,14 @@
+BDEPEND=>=app-portage/elt-patches-20170815 virtual/pkgconfig
+DEFINED_PHASES=configure install postinst prepare
+DEPEND=acl? ( virtual/acl ) lz4? ( app-arch/lz4 ) ssl? ( dev-libs/openssl:0= ) system-zlib? ( sys-libs/zlib ) xattr? ( kernel_linux? ( sys-apps/attr ) ) xxhash? ( dev-libs/xxhash ) zstd? ( >=app-arch/zstd-1.4 ) >=dev-libs/popt-1.5 iconv? ( virtual/libiconv ) !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.16.1:1.16 >=sys-devel/automake-1.15.1:1.15 ) >=sys-devel/autoconf-2.69
+DESCRIPTION=File transfer program to keep remote files into sync
+EAPI=7
+HOMEPAGE=https://rsync.samba.org/
+IUSE=acl examples iconv ipv6 lz4 ssl stunnel system-zlib xattr xxhash zstd
+KEYWORDS=*
+LICENSE=GPL-3
+RDEPEND=acl? ( virtual/acl ) lz4? ( app-arch/lz4 ) ssl? ( dev-libs/openssl:0= ) system-zlib? ( sys-libs/zlib ) xattr? ( kernel_linux? ( sys-apps/attr ) ) xxhash? ( dev-libs/xxhash ) zstd? ( >=app-arch/zstd-1.4 ) >=dev-libs/popt-1.5 iconv? ( virtual/libiconv )
+SLOT=0
+SRC_URI=https://rsync.samba.org/ftp/rsync/src/rsync-3.2.3.tar.gz
+_eclasses_=autotools d0e5375d47f4c809f406eb892e531513 libtool f143db5a74ccd9ca28c1234deffede96 multilib 2477ebe553d3e4d2c606191fe6c33602 prefix e51c7882b7b721e54e684f7eb143cbfe systemd 71fd8d2065d102753fb9e4d20eaf3e9f toolchain-funcs f783d68a26b62d6b19e070e6bcada5e6
+_md5_=ba19991f13ca1b53dae3aeafc2e51257
diff --git a/net-misc/rsync/files/rsync-3.2.3-cross.patch b/net-misc/rsync/files/rsync-3.2.3-cross.patch
new file mode 100644
index 0000000..c61090b
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.2.3-cross.patch
@@ -0,0 +1,129 @@
+From 9f9240b661c5f381831b62d72b6ea928a91ff43a Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Thu, 3 Sep 2020 10:07:36 -0700
+Subject: [PATCH] Set CXX_OK=no when cross compiling.
+
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 64d2e6d6..109546a6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -233,7 +233,7 @@ __attribute__ ((target("ssse3"))) void more_testing(char* buf, int len)
+ in8_2 = _mm_lddqu_si128((__m128i_u*)&buf[i + 16]);
+ }
+ }
+-]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no])
++]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no],[CXX_OK=no])
+ AC_LANG(C)
+ if test x"$CXX_OK" = x"yes"; then
+ # AC_MSG_RESULT() is called below.
+From 7eb59a9152a2ace7bc7858e9915c671b3ab54344 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Tue, 22 Sep 2020 17:19:45 -0700
+Subject: [PATCH] Change from $build_cpu to $host_cpu as edo1 suggested.
+
+---
+ configure.ac | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 109546a6..e8c06f42 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -211,7 +211,7 @@ CXXFLAGS=`echo "$CXXFLAGS" | sed 's/-g //'`
+
+ if test x"$enable_simd" != x"no"; then
+ # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
+- if test x"$build_cpu" = x"x86_64"; then
++ if test x"$host_cpu" = x"x86_64"; then
+ AC_LANG(C++)
+ AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
+ #include <immintrin.h>
+@@ -283,8 +283,8 @@ AC_ARG_ENABLE(asm,
+ AS_HELP_STRING([--disable-asm],[disable ASM optimizations]))
+
+ if test x"$enable_asm" != x"no"; then
+- if test x"$build_cpu" = x"x86_64"; then
+- ASM="$build_cpu"
++ if test x"$host_cpu" = x"x86_64"; then
++ ASM="$host_cpu"
+ elif test x"$enable_asm" = x"yes"; then
+ AC_MSG_RESULT(unavailable)
+ AC_MSG_ERROR(The ASM optimizations are currently x86_64 only.
+From b7fab6f285ff0ff3816b109a8c3131b6ded0b484 Mon Sep 17 00:00:00 2001
+From: edo <edo.rus@gmail.com>
+Date: Wed, 7 Oct 2020 08:33:57 +0300
+Subject: [PATCH] Allow cross-compilation with SIMD (x86_84) (#104)
+
+Replace runtime SIMD check with a compile-only test in case of
+cross-compilation.
+
+You can still use '--enable-simd=no' to build x86_64 code without
+SIMD instructions.
+---
+ configure.ac | 20 +++++++++++++-------
+ 1 file changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 3fd7e5d5..e469981b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -208,12 +208,7 @@ AC_ARG_ENABLE(simd,
+
+ # Clag is crashing with -g -O2, so we'll get rid of -g for now.
+ CXXFLAGS=`echo "$CXXFLAGS" | sed 's/-g //'`
+-
+-if test x"$enable_simd" != x"no"; then
+- # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
+- if test x"$host_cpu" = x"x86_64"; then
+- AC_LANG(C++)
+- AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
++m4_define(SIMD_X86_64_TEST, [[#include <stdio.h>
+ #include <immintrin.h>
+ __attribute__ ((target("default"))) int test_ssse3(int x) { return x; }
+ __attribute__ ((target("default"))) int test_sse2(int x) { return x; }
+@@ -233,7 +228,18 @@ __attribute__ ((target("ssse3"))) void more_testing(char* buf, int len)
+ in8_2 = _mm_lddqu_si128((__m128i_u*)&buf[i + 16]);
+ }
+ }
+-]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no],[CXX_OK=no])
++]])
++
++if test x"$enable_simd" != x"no"; then
++ # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
++ if test x"$host_cpu" = x"x86_64"; then
++ AC_LANG(C++)
++ if test x"$host_cpu" = x"$build_cpu"; then
++ AC_RUN_IFELSE([AC_LANG_PROGRAM([SIMD_X86_64_TEST],[[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],
++ [CXX_OK=yes],[CXX_OK=no])
++ else
++ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([SIMD_X86_64_TEST])],[CXX_OK=yes],[CXX_OK=no])
++ fi
+ AC_LANG(C)
+ if test x"$CXX_OK" = x"yes"; then
+ # AC_MSG_RESULT() is called below.
+From 7d830ff52ff7b01f528f39aa27b1ab36ea8c1356 Mon Sep 17 00:00:00 2001
+From: Andrew Aladjev <aladjev.andrew@gmail.com>
+Date: Sun, 7 Nov 2021 22:45:49 +0300
+Subject: [PATCH] improved cross compilation detection (#252)
+
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index fbdd17d8..9e7338cf 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -264,7 +264,7 @@ if test x"$enable_simd" != x"no"; then
+ # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
+ if test x"$host_cpu" = x"x86_64" || test x"$host_cpu" = x"amd64"; then
+ AC_LANG(C++)
+- if test x"$host_cpu" = x"$build_cpu"; then
++ if test x"$host" = x"$build"; then
+ AC_RUN_IFELSE([AC_LANG_PROGRAM([SIMD_X86_64_TEST],[[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],
+ [CXX_OK=yes],[CXX_OK=no])
+ else
diff --git a/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch b/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch
new file mode 100644
index 0000000..9b462a1
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch
@@ -0,0 +1,26 @@
+From c3f7414c450faaf6a8281cc4a4403529aeb7d859 Mon Sep 17 00:00:00 2001
+From: Matt McCutchen <matt@mattmccutchen.net>
+Date: Wed, 26 Aug 2020 12:16:08 -0400
+Subject: [PATCH] rsync-ssl: Verify the hostname in the certificate when using
+ openssl.
+
+---
+ rsync-ssl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rsync-ssl b/rsync-ssl
+index 8101975a..46701af1 100755
+--- a/rsync-ssl
++++ b/rsync-ssl
+@@ -129,7 +129,7 @@ function rsync_ssl_helper {
+ fi
+
+ if [[ $RSYNC_SSL_TYPE == openssl ]]; then
+- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
++ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
+ elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
+ exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
+ else
+--
+2.25.1
+
diff --git a/net-misc/rsync/files/rsyncd.logrotate b/net-misc/rsync/files/rsyncd.logrotate
index 34bcf72..ec8a982 100644
--- a/net-misc/rsync/files/rsyncd.logrotate
+++ b/net-misc/rsync/files/rsyncd.logrotate
@@ -2,7 +2,7 @@
compress
maxage 365
rotate 7
- size=+1024k
+ size 1024k
notifempty
missingok
copytruncate
diff --git a/net-misc/rsync/metadata.xml b/net-misc/rsync/metadata.xml
index 1f39f54..6a684b2 100644
--- a/net-misc/rsync/metadata.xml
+++ b/net-misc/rsync/metadata.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>base-system@gentoo.org</email>
diff --git a/net-misc/rsync/rsync-3.2.3-r4.ebuild b/net-misc/rsync/rsync-3.2.3-r4.ebuild
deleted file mode 120000
index 1be1ccb..0000000
--- a/net-misc/rsync/rsync-3.2.3-r4.ebuild
+++ /dev/null
@@ -1 +0,0 @@
-rsync-3.2.3-r3.ebuild
\ No newline at end of file
diff --git a/net-misc/rsync/rsync-3.2.3-r3.ebuild b/net-misc/rsync/rsync-3.2.3-r5.ebuild
similarity index 69%
rename from net-misc/rsync/rsync-3.2.3-r3.ebuild
rename to net-misc/rsync/rsync-3.2.3-r5.ebuild
index 10d910c..eb08474 100644
--- a/net-misc/rsync/rsync-3.2.3-r3.ebuild
+++ b/net-misc/rsync/rsync-3.2.3-r5.ebuild
@@ -3,35 +3,29 @@
EAPI=7
-inherit prefix systemd toolchain-funcs
+if [[ ${PV} != 3.2.3 ]]; then
+ # Make sure we revert the autotools hackery applied in 3.2.3.
+ die "Please use rsync-9999.ebuild as a basis for version bumps"
+fi
+
+WANT_LIBTOOL=none
+
+inherit autotools prefix systemd
DESCRIPTION="File transfer program to keep remote files into sync"
HOMEPAGE="https://rsync.samba.org/"
-if [[ "${PV}" == *9999 ]] ; then
- PYTHON_COMPAT=( python3_{6,7,8} )
- inherit autotools git-r3 python-any-r1
- EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
-else
- if [[ "${PV}" == *_pre* ]] ; then
- SRC_DIR="src-previews"
- else
- SRC_DIR="src"
- KEYWORDS="*"
- fi
- SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
- S="${WORKDIR}/${P/_/}"
-fi
+SRC_DIR="src"
+KEYWORDS="*"
+SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
+S="${WORKDIR}/${P/_/}"
LICENSE="GPL-3"
SLOT="0"
-IUSE="acl examples iconv ipv6 libressl lz4 ssl stunnel system-zlib xattr xxhash zstd"
+IUSE="acl examples iconv ipv6 lz4 ssl stunnel system-zlib xattr xxhash zstd"
RDEPEND="acl? ( virtual/acl )
lz4? ( app-arch/lz4 )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
- )
+ ssl? ( dev-libs/openssl:0= )
system-zlib? ( sys-libs/zlib )
xattr? ( kernel_linux? ( sys-apps/attr ) )
xxhash? ( dev-libs/xxhash )
@@ -40,28 +34,16 @@
iconv? ( virtual/libiconv )"
DEPEND="${RDEPEND}"
-if [[ "${PV}" == *9999 ]] ; then
- BDEPEND="${PYTHON_DEPS}
- $(python_gen_any_dep '
- dev-python/commonmark[${PYTHON_USEDEP}]
- ')"
-fi
-
-# Only required for live ebuild
-python_check_deps() {
- has_version "dev-python/commonmark[${PYTHON_USEDEP}]"
-}
-
src_prepare() {
local PATCHES=(
- "${FILESDIR}/rsync-3.2.3-glibc-lchmod.patch"
+ "${FILESDIR}/${P}-glibc-lchmod.patch"
+ "${FILESDIR}/${P}-cross.patch"
+ # Fix for (CVE-2020-14387) - net-misc/rsync: improper TLS validation in rsync-ssl script
+ "${FILESDIR}/${P}-verify-certificate.patch"
)
default
- if [[ "${PV}" == *9999 ]] ; then
- eaclocal -I m4
- eautoconf -o configure.sh
- eautoheader && touch config.h.in
- fi
+ eautoconf -o configure.sh
+ touch config.h.in || die
}
src_configure() {
@@ -79,11 +61,6 @@
$(use_enable zstd)
)
- if tc-is-cross-compiler; then
- # configure check is broken when cross-compiling.
- myeconfargs+=( --disable-simd )
- fi
-
econf "${myeconfargs[@]}"
}
@@ -122,7 +99,7 @@
}
pkg_postinst() {
- if egrep -qis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+ if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
ewarn "You have disabled chroot support in your rsyncd.conf. This"
ewarn "is a security risk which you should fix. Please check your"
