From 03a77ce96f3c242b9b6bb2900a55c267de346c0d Mon Sep 17 00:00:00 2001
From: Jan Zeleny <jzeleny@fedoraproject.org>
Date: Mar 29 2010 09:10:56 +0000
Subject: buffer overflow patch replaced by upstream version


---

diff --git a/rsync-3.0.7-buf-overflow.patch b/rsync-3.0.7-buf-overflow.patch
index c93077f..2c6b195 100644
--- a/rsync-3.0.7-buf-overflow.patch
+++ b/rsync-3.0.7-buf-overflow.patch
@@ -1,13 +1,39 @@
---- rsync-3.0.7/flist.c.orig	2010-01-22 22:39:40.000000000 +0100
-+++ rsync-3.0.7/flist.c	2010-01-22 22:45:27.618262042 +0100
-@@ -3025,6 +3025,10 @@ char *f_name(const struct file_struct *f
+index 7139b10..fef15aa 100644
+--- a/flist.c
++++ b/flist.c
+@@ -1640,21 +1640,29 @@ static void send_directory(int f, struct file_list *flist, char *fbuf, int len,
+ 	}
  
- 	if (f->dirname) {
- 		int len = strlen(f->dirname);
-+		if (len >= MAXPATHLEN) {
-+			rprintf(FWARNING,"Path too long!\n");
-+			return NULL;
-+		}
- 		memcpy(fbuf, f->dirname, len);
- 		fbuf[len] = '/';
- 		strlcpy(fbuf + len + 1, f->basename, MAXPATHLEN - (len + 1));
+ 	p = fbuf + len;
+-	if (len != 1 || *fbuf != '/')
++	if (len == 1 && *fbuf == '/')
++		remainder = MAXPATHLEN - 1;
++	else if (len < MAXPATHLEN-1) {
+ 		*p++ = '/';
+-	*p = '\0';
+-	remainder = MAXPATHLEN - (p - fbuf);
++		*p = '\0';
++		remainder = MAXPATHLEN - (len + 1);
++	} else
++		remainder = 0;
+ 
+ 	for (errno = 0, di = readdir(d); di; errno = 0, di = readdir(d)) {
+ 		char *dname = d_name(di);
+ 		if (dname[0] == '.' && (dname[1] == '\0'
+ 		    || (dname[1] == '.' && dname[2] == '\0')))
+ 			continue;
+-		if (strlcpy(p, dname, remainder) >= remainder) {
++		unsigned name_len = strlcpy(p, dname, remainder);
++		if (name_len >= remainder) {
++			char save = fbuf[len];
++			fbuf[len] = '\0';
+ 			io_error |= IOERR_GENERAL;
+ 			rprintf(FERROR_XFER,
+-				"cannot send long-named file %s\n",
+-				full_fname(fbuf));
++				"filename overflows max-path len by %u: %s/%s\n",
++				name_len - remainder + 1, fbuf, dname);
++			fbuf[len] = save;
+ 			continue;
+ 		}
+ 		if (dname[0] == '\0') {
diff --git a/rsync.spec b/rsync.spec
index eed65e6..15cd749 100644
--- a/rsync.spec
+++ b/rsync.spec
@@ -7,7 +7,7 @@
 Summary: A program for synchronizing files over a network
 Name: rsync
 Version: 3.0.7
-Release: 2%{?prerelease}%{?dist}
+Release: 3%{?prerelease}%{?dist}
 Group: Applications/Internet
 URL: http://rsync.samba.org/
 
@@ -77,6 +77,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man5/rsyncd.conf.5*
 
 %changelog
+* Mon Mar 29 2010 Jan Zeleny <jzeleny@redhat.com> - 3.0.7-3
+- buffer overflow patch replaced by upstream version
+
 * Fri Jan 22 2010 Jan Zeleny <jzeleny@redhat.com> - 3.0.7-2
 - fixed issue with buffer overflow when using long filenames (#557916)