From 90546886a2c05cb137ac7a4105f78f0363b08201 Mon Sep 17 00:00:00 2001 From: Nagy Karoly Gabriel Date: Mon, 9 Feb 2015 13:37:48 +0100 Subject: [PATCH] rsync: Updated (3.1.0 -> 3.1.1) also removed obsolete patch. --- network/rsync/CVE-2014-2855.patch | 91 ------------------------------- network/rsync/rsync.desc | 6 +- 2 files changed, 3 insertions(+), 94 deletions(-) delete mode 100644 network/rsync/CVE-2014-2855.patch diff --git a/network/rsync/CVE-2014-2855.patch b/network/rsync/CVE-2014-2855.patch deleted file mode 100644 index 39d096780..000000000 --- a/network/rsync/CVE-2014-2855.patch +++ /dev/null @@ -1,91 +0,0 @@ -# --- SDE-COPYRIGHT-NOTE-BEGIN --- -# This copyright note is auto-generated by ./scripts/Create-CopyPatch. -# -# Filename: package/.../rsync/CVE-2014-2855.patch -# Copyright (C) 2014 The OpenSDE Project -# -# More information can be found in the files COPYING and README. -# -# This patch file is dual-licensed. It is available under the license the -# patched project is licensed under, as long as it is an OpenSource license -# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms -# of the GNU General Public License as published by the Free Software -# Foundation; either version 2 of the License, or (at your option) any later -# version. -# --- SDE-COPYRIGHT-NOTE-END --- - -X-Git-Url: -https://git.samba.org/?p=rsync.git;a=blobdiff_plain;f=authenticate.c;h=c92746c6926f49e23fd38ce7b76c2e74d9c17df0;hp=3381b8c77a747a7a47a273f6272a6db6def1ed02;hb=0dedfbce2c1b851684ba658861fe9d620636c56a;hpb=4cad402ea8a91031f86c53961d78bb7f4f174790 - -diff --git a/authenticate.c b/authenticate.c -index 3381b8c..c92746c 100644 ---- a/authenticate.c -+++ b/authenticate.c -@@ -102,15 +102,16 @@ static const char *check_secret(int module, const char *user, const char *group, - char pass2[MAX_DIGEST_LEN*2]; - const char *fname = lp_secrets_file(module); - STRUCT_STAT st; -- int fd, ok = 1; -+ int ok = 1; - int user_len = strlen(user); - int group_len = group ? strlen(group) : 0; - char *err; -+ FILE *fh; - -- if (!fname || !*fname || (fd = open(fname, O_RDONLY)) < 0) -+ if (!fname || !*fname || (fh = fopen(fname, "r")) == NULL) - return "no secrets file"; - -- if (do_fstat(fd, &st) == -1) { -+ if (do_fstat(fileno(fh), &st) == -1) { - rsyserr(FLOG, errno, "fstat(%s)", fname); - ok = 0; - } else if (lp_strict_modes(module)) { -@@ -123,29 +124,30 @@ static const char *check_secret(int module, const char *user, const char *group, - } - } - if (!ok) { -- close(fd); -+ fclose(fh); - return "ignoring secrets file"; - } - - if (*user == '#') { - /* Reject attempt to match a comment. */ -- close(fd); -+ fclose(fh); - return "invalid username"; - } - - /* Try to find a line that starts with the user (or @group) name and a ':'. */ - err = "secret not found"; -- while ((user || group) && read_line_old(fd, line, sizeof line, 1)) { -- const char **ptr, *s; -+ while ((user || group) && fgets(line, sizeof line, fh) != NULL) { -+ const char **ptr, *s = strtok(line, "\n\r"); - int len; -- if (*line == '@') { -+ if (!s) -+ continue; -+ if (*s == '@') { - ptr = &group; - len = group_len; -- s = line+1; -+ s++; - } else { - ptr = &user; - len = user_len; -- s = line; - } - if (!*ptr || strncmp(s, *ptr, len) != 0 || s[len] != ':') - continue; -@@ -158,7 +160,7 @@ static const char *check_secret(int module, const char *user, const char *group, - *ptr = NULL; /* Don't look for name again. */ - } - -- close(fd); -+ fclose(fh); - - memset(line, 0, sizeof line); - memset(pass2, 0, sizeof pass2); - diff --git a/network/rsync/rsync.desc b/network/rsync/rsync.desc index 66332dc13..86cecce22 100644 --- a/network/rsync/rsync.desc +++ b/network/rsync/rsync.desc @@ -2,7 +2,7 @@ [COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch. [COPY] [COPY] Filename: package/.../rsync/rsync.desc -[COPY] Copyright (C) 2006 - 2014 The OpenSDE Project +[COPY] Copyright (C) 2006 - 2015 The OpenSDE Project [COPY] Copyright (C) 2004 - 2006 The T2 SDE Project [COPY] Copyright (C) 1998 - 2004 Clifford Wolf [COPY] @@ -36,7 +36,7 @@ [L] GPL [S] Stable -[V] 3.1.0 +[V] 3.1.1 [P] X -?---5---9 118.200 -[D] 173190626 rsync-3.1.0.tar.gz http://rsync.samba.org/ftp/rsync/ +[D] 4181143356 rsync-3.1.1.tar.gz http://rsync.samba.org/ftp/rsync/