From 2771f79232c273bc2a57d23bf335dd81ccf6af28 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Sun, 5 Dec 2021 02:47:11 +0000
Subject: gentoo resync : 05.12.2021

---
 net-misc/rsync/Manifest                            |   2 +
 .../files/rsync-3.2.3-verify-certificate.patch     |  26 +++++
 net-misc/rsync/rsync-3.2.3-r5.ebuild               | 124 +++++++++++++++++++++
 3 files changed, 152 insertions(+)
 create mode 100644 net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch
 create mode 100644 net-misc/rsync/rsync-3.2.3-r5.ebuild

(limited to 'net-misc/rsync')

diff --git a/net-misc/rsync/Manifest b/net-misc/rsync/Manifest
index d4eae6d30e3c..989b68a0096f 100644
--- a/net-misc/rsync/Manifest
+++ b/net-misc/rsync/Manifest
@@ -1,5 +1,6 @@
 AUX rsync-3.2.3-cross.patch 4964 BLAKE2B 0f782eb6bf88e848d9ada93ac66dd4ca13c85ee9007e4e0509bca79f054e28915bed0dd78afeb3c3642ab284dbb54b3431abadc809328d0dfb0e78565c570812 SHA512 0d1c119b89be482e2348e265516452b29adde4eec40596af3e55bb309ce12702bfe7887cb3d8c86f59cfa6a24f71e113a9dd75d74353590c98ece11365636e0e
 AUX rsync-3.2.3-glibc-lchmod.patch 1836 BLAKE2B 14b2e4246c6c2d4623500e346bea3ad430defbb81de65ecb29672b390024e34e5116c660a87013f8d489a32d1841d535d03fa442cdc9e962d530355f389ad008 SHA512 76864a9002ef3e8c42a840906915de2bb8cfb1dea2597cbe657ee418b5d00b6d409a88cd441658f7a1ce3cab148a9889193ddd75d19b6ef2069379c728434231
+AUX rsync-3.2.3-verify-certificate.patch 944 BLAKE2B 2a6a088df102204e5c53f4eb1ca20f7ce54d46337044dd0e8a450013b7a1d59563ab43ee1c9e0edd947d8c64c79d0d8866fc1bdb1bd0d9f5209deef73a0532bc SHA512 bd0c3dabb3dc6a4b89d58970b4320639a0df7940d338dcbcc13a12f89e311ab549d246b14da2f6135cd9cfc807d7c9c82eb53a95c19fbe81e97dd48e090ed0c0
 AUX rsyncd.conf-3.0.9-r1 462 BLAKE2B 45a7dde876368e7392ee7a05edf593f55cf6b3b4dc913745f4322ebd75f97bcdf1a24240a54e11469bd659fd565fc74cd8eeaa9490434d88444b5a076803cea7 SHA512 5c57f633aa3daa6513b5d35a1157a50308559ad993257374ce4eea0269f6bf384938f95bed749acb19538e8c4672355351fcee5cef9607153463b19227d343d7
 AUX rsyncd.conf.d 149 BLAKE2B fd2556d0c270c2baa83d4d474d44ab1d16e35f112279a339f179f9af693d977cc0863bf4cd7139363c58e4e6a1a18a24c06474ecc248167224261dbaf04ae0a8 SHA512 8ea9a2f1fea508fa132313fa16513eac84a9ed3ce75741c42769b56bbcd3f1bd2eb8bfdfe40a6c7f619e4281e8fc8d95d1bd84096d0b64aaacf606cd614ae5b3
 AUX rsyncd.init.d-r1 247 BLAKE2B ec4f7a875a51bae10cff7e15df18d285b01dddaa99a03127ba242ec535b7c8a3af3ad4489661ba7b5f6b074e2af38b12da394c0f8992bd28328d807a89757bb0 SHA512 df2ef4d9e65fa72daa9a7d91d69a06027d0e0fbc48f9ebd485e2d51990c8d00985b7ccf41314f984975e8073e2075bbdfe5543754718381497c334dc7d96451a
@@ -7,5 +8,6 @@ AUX rsyncd.logrotate 104 BLAKE2B 8e031a851e527815d26816985b8438dd439614cf8753d51
 AUX rsyncd.xinetd-3.0.9-r1 194 BLAKE2B 8e3edf4831e020451ba1886e2e8ae86e576016aabcaaf8e84c48adb15ba6a2e8d8c58098af2757011ea4f84fbfd758029d905fb8f5ed21bcc5ac34c3baae2a9c SHA512 fc053fc4748950343e866cc95284d037156a953454e4294d775f01f059e96e805582688bf1de5c965836889192ce4a663ec740e6ec2265406e509c5c6d6c3215
 DIST rsync-3.2.3.tar.gz 1069784 BLAKE2B 085adb55d0d7e3d063fa198912fd09df67b63800a65baff5315ccb7dfc0e9d703eef30a7f2e72e3b271162c280abd9809b3f736704752c1663eed65ad8e0ac25 SHA512 48b68491f3ef644dbbbfcaec5ab90a1028593e02d50367ce161fd9d3d0bd0a3628bc57c5e5dec4be3a1d213f784f879b8a8fcdfd789ba0f99837cba16e1ae70e
 EBUILD rsync-3.2.3-r4.ebuild 3498 BLAKE2B 7ed62167acab5e725dba71c258a9a4f770595142469ca6c3b43939c2f99669f08fadc5fa6ac0104a14b774f6e679d547065b58135f13b5f0bacfb22e3d1b03b5 SHA512 b1bcf2bc437955ff6c86a9f0dbf492b927103b05d93edbdc44823fa49496f373d11c477af5c0fd83a1894f8e12148f6eddc0767c6535ef78b5ea4394520e0fa6
+EBUILD rsync-3.2.3-r5.ebuild 3621 BLAKE2B 0d6c1e197fef7e354abd57a2e08924c346283d28133bfcd86613af941e606bed3189ddb4936c053b63e041eb2b2ea09084c33ea565dbe2d96812a316476bc6f3 SHA512 bfd4e8a42faee142f9557979d21c08e869da3a42ce778a163a62c4c13da8e38ef093b748271a9d2afa820095dfc4da14669f98d1c8ba9e4f28304a92420ed2e7
 EBUILD rsync-9999.ebuild 3766 BLAKE2B 0343b2bd8957f9073295932f740e298789e0d7d2e5354ca640b1110d0ab47103878d6c3f9f7df57c1f30fb5cf128b98128f32c5ef61da134dc73cdc1ad42d984 SHA512 3f0366d6dd0ca85a75211766e6836d27a93d14006b8fe2718010007596f470c680b67e4a6c8b34ee17b2e3e2c8590d0d80eeca81d6f43700d57a4f45513d03c3
 MISC metadata.xml 655 BLAKE2B 4c3c8c26cf6d9bd27ae43a72408e8d587d7a5d3db588ccf67b2d68a8b697e4dbc531e959ebe57274413f5a1630be54415a56540953e44241d4810baa8bbb06d8 SHA512 de38cb9841631855730caa0630af6acc5413d8460dfb529ab1e972cbb33f557475a37b1fb1544114a8a48f72bcec670b72d2d142e951ac30e9356a4c540d59e4
diff --git a/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch b/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch
new file mode 100644
index 000000000000..9b462a1df721
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch
@@ -0,0 +1,26 @@
+From c3f7414c450faaf6a8281cc4a4403529aeb7d859 Mon Sep 17 00:00:00 2001
+From: Matt McCutchen <matt@mattmccutchen.net>
+Date: Wed, 26 Aug 2020 12:16:08 -0400
+Subject: [PATCH] rsync-ssl: Verify the hostname in the certificate when using
+ openssl.
+
+---
+ rsync-ssl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rsync-ssl b/rsync-ssl
+index 8101975a..46701af1 100755
+--- a/rsync-ssl
++++ b/rsync-ssl
+@@ -129,7 +129,7 @@ function rsync_ssl_helper {
+     fi
+ 
+     if [[ $RSYNC_SSL_TYPE == openssl ]]; then
+-	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
++	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
+     elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
+ 	exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
+     else
+-- 
+2.25.1
+
diff --git a/net-misc/rsync/rsync-3.2.3-r5.ebuild b/net-misc/rsync/rsync-3.2.3-r5.ebuild
new file mode 100644
index 000000000000..684a8e105cd7
--- /dev/null
+++ b/net-misc/rsync/rsync-3.2.3-r5.ebuild
@@ -0,0 +1,124 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+if [[ ${PV} != 3.2.3 ]]; then
+	# Make sure we revert the autotools hackery applied in 3.2.3.
+	die "Please use rsync-9999.ebuild as a basis for version bumps"
+fi
+
+WANT_LIBTOOL=none
+
+inherit autotools prefix systemd
+
+DESCRIPTION="File transfer program to keep remote files into sync"
+HOMEPAGE="https://rsync.samba.org/"
+SRC_DIR="src"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
+S="${WORKDIR}/${P/_/}"
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="acl examples iconv ipv6 lz4 ssl stunnel system-zlib xattr xxhash zstd"
+
+RDEPEND="acl? ( virtual/acl )
+	lz4? ( app-arch/lz4 )
+	ssl? ( dev-libs/openssl:0= )
+	system-zlib? ( sys-libs/zlib )
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	xxhash? ( dev-libs/xxhash )
+	zstd? ( >=app-arch/zstd-1.4 )
+	>=dev-libs/popt-1.5
+	iconv? ( virtual/libiconv )"
+DEPEND="${RDEPEND}"
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/${P}-glibc-lchmod.patch"
+		"${FILESDIR}/${P}-cross.patch"
+		# Fix for (CVE-2020-14387) - net-misc/rsync: improper TLS validation in rsync-ssl script
+		"${FILESDIR}/${P}-verify-certificate.patch"
+	)
+	default
+	eautoconf -o configure.sh
+	touch config.h.in || die
+}
+
+src_configure() {
+	local myeconfargs=(
+		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
+		--without-included-popt
+		$(use_enable acl acl-support)
+		$(use_enable iconv)
+		$(use_enable ipv6)
+		$(use_enable lz4)
+		$(use_enable ssl openssl)
+		$(use_with !system-zlib included-zlib)
+		$(use_enable xattr xattr-support)
+		$(use_enable xxhash)
+		$(use_enable zstd)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
+	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
+
+	dodoc NEWS.md README.md TODO tech_report.tex
+
+	insinto /etc
+	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
+
+	insinto /etc/xinetd.d
+	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
+
+	# Install stunnel helpers
+	if use stunnel ; then
+		emake DESTDIR="${D}" install-ssl-daemon
+	fi
+
+	# Install the useful contrib scripts
+	if use examples ; then
+		exeinto /usr/share/rsync
+		doexe support/*
+		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
+	fi
+
+	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
+
+	systemd_newunit "packaging/systemd/rsync.service" "rsyncd.service"
+}
+
+pkg_postinst() {
+	if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
+		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
+		ewarn "is a security risk which you should fix.  Please check your"
+		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
+	fi
+	if use stunnel ; then
+		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
+		einfo
+		einfo "You maybe have to update the certificates configured in"
+		einfo "${EROOT}/etc/stunnel/rsync.conf"
+	fi
+	if use system-zlib ; then
+		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
+		ewarn "using the --compress option."
+		ewarn
+		ewarn "When syncing with >=rsync-3.1.1 built with bundled zlib,"
+		ewarn "and the --compress option, add --new-compress (-zz)."
+		ewarn
+		ewarn "For syncing the portage tree, add:"
+		ewarn "PORTAGE_RSYNC_EXTRA_OPTS=\"--new-compress\" to make.conf"
+	fi
+}
-- 
cgit v1.2.3