!35 [sync] PR-34: Restrict the doc permission in rsync to 644.

From: @openeuler-sync-bot 
Reviewed-by: @lvying6 
Signed-off-by: @lvying6

backport-Work-around-glibc-lchmod-issue-a-better-way.patch

@@ -1,65 +0,0 @@
-From 9dd62525f3b98d692e031f22c02be8f775966503 Mon Sep 17 00:00:00 2001
-From: Wayne Davison <wayne@opencoder.net>
-Date: Sun, 29 Nov 2020 09:33:54 -0800
-Subject: [PATCH] Work around glibc's lchmod() issue a better way.
-
----
- syscall.c    | 34 +++++++++++++++++++++-------------
- 1 files changed, 21 insertions(+), 13 deletions(-)
-
-diff --git a/syscall.c b/syscall.c
-index b9c3b4e..11d10e4 100644
---- a/syscall.c
-+++ b/syscall.c
-@@ -227,27 +227,35 @@ int do_open(const char *pathname, int flags, mode_t mode)
- #ifdef HAVE_CHMOD
- int do_chmod(const char *path, mode_t mode)
- {
-+	static int switch_step = 0;
- 	int code;
- 	if (dry_run) return 0;
- 	RETURN_ERROR_IF_RO_OR_LO;
-+	switch (switch_step) {
- #ifdef HAVE_LCHMOD
--	code = lchmod(path, mode & CHMOD_BITS);
--#else
--	if (S_ISLNK(mode)) {
-+#include "case_N.h"
-+		if ((code = lchmod(path, mode & CHMOD_BITS)) == 0 || errno != ENOTSUP)
-+			break;
-+		switch_step++;
-+#endif
-+
-+#include "case_N.h"
-+		if (S_ISLNK(mode)) {
- # if defined HAVE_SETATTRLIST
--		struct attrlist attrList;
--		uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
-+			struct attrlist attrList;
-+			uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
- 
--		memset(&attrList, 0, sizeof attrList);
--		attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
--		attrList.commonattr = ATTR_CMN_ACCESSMASK;
--		code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
-+			memset(&attrList, 0, sizeof attrList);
-+			attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
-+			attrList.commonattr = ATTR_CMN_ACCESSMASK;
-+			code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
- # else
--		code = 1;
-+			code = 1;
- # endif
--	} else
--		code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
--#endif /* !HAVE_LCHMOD */
-+		} else
-+			code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
-+		break;
-+	}
- 	if (code != 0 && (preserve_perms || preserve_executability))
- 		return code;
- 	return 0;
--- 
-1.8.3.1
-

rsync.spec

@@ -1,16 +1,15 @@
 Name:           rsync
-Version:        3.2.3
-Release:        1
+Version:        3.2.5
+Release:        2
 Summary:        Fast incremental file transfer utility
 License:        GPLv3+
 URL:            http://rsync.samba.org/
-Source0:        https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
-Source1:        https://download.samba.org/pub/rsync/src/rsync-patches-%{version}.tar.gz
-Source2:        rsyncd.socket
-Source3:        rsyncd.service
-Source4:        rsyncd.conf
-Source5:        rsyncd.sysconfig
-Source6:        rsyncd@.service
+Source0:        https://download.samba.org/pub/rsync/src/rsync-%{version}.tar.gz
+Source1:        rsyncd.socket
+Source2:        rsyncd.service
+Source3:        rsyncd.conf
+Source4:        rsyncd.sysconfig
+Source5:        rsyncd@.service
 
 BuildRequires:  git gcc systemd libacl-devel libattr-devel autoconf popt-devel
 BuildRequires:  lz4-devel openssl-devel libzstd-devel
@@ -18,8 +17,6 @@ Provides:       bundled(zlib) = 1.2.8 rsync-daemon
 Obsoletes:      rsync-daemon
 %{?systemd_requires}
 
-Patch1: backport-Work-around-glibc-lchmod-issue-a-better-way.patch
-
 %description
 Rsync is an open source utility that provides fast incremental file transfer.
 It uses the "rsync algorithm" which provides a very fast method for bringing
@@ -30,9 +27,7 @@ at one of the ends of the link beforehand.
 %package_help
 
 %prep
-%autosetup -b 1 -n %{name}-%{version} -p1
-
-patch -p1 -i patches/copy-devices.diff
+%autosetup -n %{name}-%{version} -p1
 
 %build
 %configure --disable-xxhash
@@ -40,16 +35,15 @@ patch -p1 -i patches/copy-devices.diff
 
 %check
 make check
-chmod -x support/*
 
 %install
 %make_install
 
-install -D -m644 %{SOURCE2} %{buildroot}/%{_unitdir}/rsyncd.socket
-install -D -m644 %{SOURCE3} %{buildroot}/%{_unitdir}/rsyncd.service
-install -D -m644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/rsyncd.conf
-install -D -m644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/sysconfig/rsyncd
-install -D -m644 %{SOURCE6} %{buildroot}/%{_unitdir}/rsyncd@.service
+install -D -m644 %{SOURCE1} %{buildroot}/%{_unitdir}/rsyncd.socket
+install -D -m644 %{SOURCE2} %{buildroot}/%{_unitdir}/rsyncd.service
+install -D -m644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/rsyncd.conf
+install -D -m644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/rsyncd
+install -D -m644 %{SOURCE5} %{buildroot}/%{_unitdir}/rsyncd@.service
 
 %pre
 
@@ -65,7 +59,7 @@ install -D -m644 %{SOURCE6} %{buildroot}/%{_unitdir}/rsyncd@.service
 %files
 %defattr(-,root,root)
 %doc tech_report.tex
-%doc support/*
+%attr(0644,root,root) %doc support/*
 %license COPYING
 %config(noreplace) %{_sysconfdir}/*.conf
 %config(noreplace) %{_sysconfdir}/sysconfig/rsyncd
@@ -79,6 +73,22 @@ install -D -m644 %{SOURCE6} %{buildroot}/%{_unitdir}/rsyncd@.service
 %{_mandir}/man5/rsyncd.conf.5*
 
 %changelog
+* Thu Jun 15 2023 zhoupengcheng <zhoupengcheng11@huawei.com> - 3.2.5-1
+- Type:bugfix
+- CVE:
+- SUG:NA
+- DESC:Restrict the doc permission in rsync to 644.
+
+* Thu Aug 18 2022 fuanan <fuanan3@h-partners.com> - 3.2.5-1
+- Update version to 3.2.5
+- Fix CVE-2022-29154,CVE-2022-37434
+
+* Fri Jun 18 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 3.2.3-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:Fix CVE-2020-14387
+
 * Fri Jan 22 2021 yixiangzhike <zhangxingliang3@huawei.com> - 3.2.3-1
 - Type:requirement
 - ID:NA