Debian Patches

Status for rsync/3.4.2+ds1-2

Patch Description Author Forwarded Bugs Origin Last update
disable_reconfigure_req.diff Remove need to run reconfigure target

===================================================================		 Samuel Henrique <samueloph@debian.org> not-needed 2024-04-12
skip_devices_test_non_linux.patch Skip "devices" test as it fails on kfreebsd and hurd
Error log:
sent 160 bytes received 117 bytes 554.00 bytes/sec
total size is 0 speedup is 0.00
check how the directory listings compare with diff:

+ + /<<PKGBUILDDIR>>/rsynctee -aii /<<PKGBUILDDIR>>/testtmp/devices/rsync.out --link-dest=/<<PKGBUILDDIR>>/testtmp/devices/to
/<<PKGBUILDDIR>>/testtmp/devices/from/ /<<PKGBUILDDIR>>/testtmp/devices/chk/
rsync: failed to hard-link /<<PKGBUILDDIR>>/testtmp/devices/to/fifo with fifo: Invalid cross-device link (1073741842)
cd ./
hD block
hD block2
hD block3
hD block3.5
hD char
hD char2
hD char3
cSc........ fifo
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1207) [sender=3.1.3]
+ cat
+ diff -u /<<PKGBUILDDIR>>/testtmp/devices/rsync.chk /<<PKGBUILDDIR>>/testtmp/devices/rsync.out
/--- /<<PKGBUILDDIR>>/testtmp/devices/rsync.chk 2019-10-15 01:26:43.000000000 +0000
/+++ /<<PKGBUILDDIR>>/testtmp/devices/rsync.out 2019-10-15 01:26:43.000000000 +0000
@@ -6,4 +6,4 @@
hD char
hD char2
hD char3
-hS fifo
+cSc........ fifo
+ test_fail test 5 failed
+ echo test 5 failed
test 5 failed
+ exit 1
/bin/fakeauth: Error 1 for child 7541
/bin/settrans: Error 1 for child 7540
----- devices log ends
FAIL devices		 Samuel Henrique <samueloph@debian.org> no 2024-04-12
env_shebang.patch =?utf-8?q?Removes_usage_of_env_on_shebangs_as_per_Debian_Policy_?= =?utf-8?q?=C2=A7_10=2E4?= Samuel Henrique <samueloph@debian.org> not-needed 2024-04-12
fix_rrsync_man_generation.patch Fix manpage installation for rrsync
Otherwise we would get "ERROR: support/rrsync.1 cannot be created."
I'm not confident this is the best approach on solving this issue,
but I know this works with no regressions.
This patch needs to be reviewed before being submitted to upstream.
===================================================================		 Samuel Henrique <samueloph@debian.org> no 2024-04-12
syscall_use_openat2_RESOLVE_BENEATH_on_Linux_for_secure_relative_open.patch syscall: use openat2(RESOLVE_BENEATH) on Linux for secure_relative_open

The CVE fix in commit c35e283 made secure_relative_open() walk every
component of relpath with O_NOFOLLOW. That blocks every symlink in the
path, which is stricter than the threat model required: legitimate
directory symlinks within the destination tree (e.g. when using -K /
--copy-dirlinks) are also rejected, breaking delta transfers with
"failed verification -- update discarded". See issue #715.

On Linux 5.6+, openat2(RESOLVE_BENEATH | RESOLVE_NO_MAGICLINKS) gives
us exactly what we want: the kernel rejects any resolution that would
escape the starting directory (via "..", absolute paths, or symlinks
pointing outside dirfd) while still following symlinks that resolve
within it. /proc magic-links are blocked too.

Use openat2 first; fall back to the existing per-component O_NOFOLLOW
walk on ENOSYS (kernel < 5.6). The lexical "../" checks at the head
of the function are kept as defense in depth. The Linux gate is
plain #ifdef __linux__: the runtime ENOSYS fallback covers the only
case that actually matters (header present + old kernel), and any
Linux build environment without linux/openat2.h will fail with a
clear "no such file" error rather than silently disabling the
protection.

Verified manually that openat2(RESOLVE_BENEATH) blocks all four
escape patterns (absolute symlink, ../ symlink, lexical .., absolute
path) while allowing direct and within-tree symlinks. The new
testsuite/symlink-dirlink-basis.test (taken from PR #864 by Samuel
Henrique) exercises the issue #715 regression and passes; full
make check passes 47/47.		 Andrew Tridgell <andrew@tridgell.net> no 2026-04-30

All known versions for source package 'rsync'

Links