From eb5939fb797dd73e0561c4b5a3cef0ffe2b77512 Mon Sep 17 00:00:00 2001 From: Vojtech Vitek (V-Teq) Date: Sep 14 2011 16:12:26 +0000 Subject: Fix security context of symbolic links --- diff --git a/rsync-3.0.8-no-symlink-user-xattrs.patch b/rsync-3.0.8-no-symlink-user-xattrs.patch new file mode 100644 index 0000000..5c8914e --- /dev/null +++ b/rsync-3.0.8-no-symlink-user-xattrs.patch @@ -0,0 +1,38 @@ +From e2c1e482e004b8f992156bf436d4bf34cee1ee1d Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Sat, 18 Jun 2011 10:12:47 -0700 +Subject: [PATCH] Set NO_SYMLINK_USER_XATTRS on linux. Fixes bug 7109. + +--- + configure.ac | 1 + + syscall.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletions(-) + +diff --git a/configure.ac b/configure.ac +index c261b4a..dfe3101 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1021,6 +1021,7 @@ else + AC_MSG_RESULT(Using Linux xattrs) + AC_DEFINE(HAVE_LINUX_XATTRS, 1, [True if you have Linux xattrs]) + AC_DEFINE(SUPPORT_XATTRS, 1) ++ AC_DEFINE(NO_SYMLINK_USER_XATTRS, 1, [True if symlinks do not support user xattrs]) + ;; + darwin*) + AC_MSG_RESULT(Using OS X xattrs) +diff --git a/syscall.c b/syscall.c +index 1ed36f3..eab25a5 100644 +--- a/syscall.c ++++ b/syscall.c +@@ -64,7 +64,7 @@ int do_symlink(const char *lnk, const char *fname) + if (dry_run) return 0; + RETURN_ERROR_IF_RO_OR_LO; + +-#ifdef NO_SYMLINK_XATTRS ++#if defined NO_SYMLINK_XATTRS || defined NO_SYMLINK_USER_XATTRS + /* For --fake-super, we create a normal file with mode 0600 + * and write the lnk into it. */ + if (am_root < 0) { +-- +1.7.6 + diff --git a/rsync.spec b/rsync.spec index 63368f0..b90bcfe 100644 --- a/rsync.spec +++ b/rsync.spec @@ -17,6 +17,8 @@ Source2: rsync.xinetd BuildRequires: libacl-devel, libattr-devel, autoconf, popt-devel License: GPLv3+ +Patch0: rsync-3.0.8-no-symlink-user-xattrs.patch + %description Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences @@ -46,6 +48,8 @@ patch -p1 -i patches/xattrs.diff #Enable --copy-devices parameter patch -p1 -i patches/copy-devices.diff +patch0 -p1 -b .no-symlink-user-xattrs + %build rm -fr autom4te.cache autoconf @@ -73,6 +77,8 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man5/rsyncd.conf.5* %changelog +- Fix security context of symbolic links (#709779) + * Tue Mar 29 2011 Vojtech Vitek - 3.0.8-1 - Rebase to 3.0.8, remove buffer overflow patch (#691362, #675036)