net-misc/rsync: update to v3.2.4-r1

Update net-misc/rsync to v3.2.4-r1, mainly to address CVE-2018-25032. The CVE is actually a zlib issue, but we need to update rsync and its bundled zlib as well, because the USE flag `system-zlib` is disabled in Flatcar.
2025-09-30 10:01:32 +02:00 · 2022-05-05 17:13:45 +02:00 · 2022-05-05 17:13:45 +02:00 · 52fa3d1ea8
commit 52fa3d1ea8
parent d9036dbd28
4 changed files with 120 additions and 40 deletions
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/Manifest
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/Manifest
@ -1 +1,4 @@
 DIST rsync-3.2.3.tar.gz 1069784 BLAKE2B 085adb55d0d7e3d063fa198912fd09df67b63800a65baff5315ccb7dfc0e9d703eef30a7f2e72e3b271162c280abd9809b3f736704752c1663eed65ad8e0ac25 SHA512 48b68491f3ef644dbbbfcaec5ab90a1028593e02d50367ce161fd9d3d0bd0a3628bc57c5e5dec4be3a1d213f784f879b8a8fcdfd789ba0f99837cba16e1ae70e
+DIST rsync-3.2.3.tar.gz.asc 195 BLAKE2B cc18dd2589c09f869e35ecaf94a610e5b605dcb10ceaf01e6c0eb2667666a9a73feb7dcb2325638686c772f91a74d6d1f15ea33fdb6a38e89640f32a8cd0e04a SHA512 b7e512d8bb0aaff7c48571b918a7b0362942c65ef2a0aa076574ec86c05822dc5df41f8796fdf62b762b12d166a671c9e979f9962357b89e3649459c4567525b
+DIST rsync-3.2.4.tar.gz 1114853 BLAKE2B a67fcb9619874f1c5346a876138e59f4bf508a90736f830fb2b4eaf180ab11f15a0a7db9b3b28c3b990b77c2b0973d8e668bf509e4134f464159ed3172f53d80 SHA512 96318e2754fbddf84d16df671c721e577766969dfa415925c4dc1be2e4e60a51246623747a8aec0c6e9c0824e6aa7335235ccd07f3d6fd901f8cf28e2d6e91b6
+DIST rsync-3.2.4.tar.gz.asc 195 BLAKE2B 9bc2fbd59e5396a91de82f27a461367ad2a129820e2d1926c3b1e26dacf93c676a7231f186c341b6dec9c764a9619b504bc9b5f95925982e78de4607eddf6c65 SHA512 7e1bbebc777d5710345fdec1efd4c2ef1079d6c0ec90272a1a4a51a59ae3cb619b9d1c0ae2f337ecdd06827bb3536b969b6f21f9108f8d21114713aa1750012b
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.3-r5.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.3-r5.ebuild
@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI=7
@ -9,14 +9,16 @@ if [[ ${PV} != 3.2.3 ]]; then
 fi

 WANT_LIBTOOL=none
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/waynedavison.asc

-inherit autotools prefix systemd
+inherit autotools flag-o-matic prefix systemd verify-sig

 DESCRIPTION="File transfer program to keep remote files into sync"
 HOMEPAGE="https://rsync.samba.org/"
 SRC_DIR="src"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
+	verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )"
 S="${WORKDIR}/${P/_/}"

 LICENSE="GPL-3"
@ -33,6 +35,7 @@ RDEPEND="acl? ( virtual/acl )
 	>=dev-libs/popt-1.5
 	iconv? ( virtual/libiconv )"
 DEPEND="${RDEPEND}"
+BDEPEND="verify-sig? ( sec-keys/openpgp-keys-waynedavison )"

 src_prepare() {
 	local PATCHES=(
@ -47,6 +50,10 @@ src_prepare() {
 }

 src_configure() {
+	# Force enable IPv6 on musl - upstream bug:
+	# https://bugzilla.samba.org/show_bug.cgi?id=10715
+	use elibc_musl && use ipv6 && append-cppflags -DINET6
+
 	local myeconfargs=(
 		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
 		--without-included-popt
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.4-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.4-r1.ebuild
@ -1,29 +1,44 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI=7

-if [[ ${PV} != 3.2.3 ]]; then
-	# Make sure we revert the autotools hackery applied in 3.2.3.
-	die "Please use rsync-9999.ebuild as a basis for version bumps"
-fi
-
-WANT_LIBTOOL=none
-
-inherit autotools prefix systemd
+PYTHON_COMPAT=( python3_{8,9,10} )
+inherit flag-o-matic prefix python-single-r1 systemd

 DESCRIPTION="File transfer program to keep remote files into sync"
 HOMEPAGE="https://rsync.samba.org/"
-SRC_DIR="src"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
-S="${WORKDIR}/${P/_/}"
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
+	inherit autotools git-r3
+
+	REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/waynedavison.asc
+	inherit verify-sig
+
+	if [[ ${PV} == *_pre* ]] ; then
+		SRC_DIR="src-previews"
+	else
+		SRC_DIR="src"
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	fi
+
+	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
+		verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )"
+	S="${WORKDIR}"/${P/_/}
+fi

 LICENSE="GPL-3"
 SLOT="0"
 IUSE="acl examples iconv ipv6 lz4 ssl stunnel system-zlib xattr xxhash zstd"
+REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )"

 RDEPEND="acl? ( virtual/acl )
+	examples? (
+		${PYTHON_DEPS}
+		dev-lang/perl
+	)
 	lz4? ( app-arch/lz4 )
 	ssl? ( dev-libs/openssl:0= )
 	system-zlib? ( sys-libs/zlib )
@ -33,18 +48,40 @@ RDEPEND="acl? ( virtual/acl )
 	>=dev-libs/popt-1.5
 	iconv? ( virtual/libiconv )"
 DEPEND="${RDEPEND}"
+BDEPEND="examples? ( ${PYTHON_DEPS} )"
+
+if [[ ${PV} == *9999 ]] ; then
+	BDEPEND+=" ${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/commonmark[${PYTHON_USEDEP}]
+		')"
+else
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )"
+fi
+
+pkg_setup() {
+	# - USE=examples needs Python itself at runtime, but nothing else
+	# - 9999 needs commonmark at build time
+	if [[ ${PV} == *9999 ]] || use examples ; then
+		python-single-r1_pkg_setup
+	fi
+}

 src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/rsync-3.2.3-glibc-lchmod.patch"
-		"${FILESDIR}/rsync-3.2.3-cross.patch"
-	)
 	default
-	eautoconf -o configure.sh
-	touch config.h.in || die
+
+	if [[ ${PV} == *9999 ]] ; then
+		eaclocal -I m4
+		eautoconf -o configure.sh
+		eautoheader && touch config.h.in
+	fi
 }

 src_configure() {
+	# Force enable IPv6 on musl - upstream bug:
+	# https://bugzilla.samba.org/show_bug.cgi?id=10715
+	use elibc_musl && use ipv6 && append-cppflags -DINET6
+
 	local myeconfargs=(
 		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
 		--without-included-popt
@ -86,14 +123,17 @@ src_install() {

 	# Install the useful contrib scripts
 	if use examples ; then
+		python_fix_shebang support/
+
 		exeinto /usr/share/rsync
 		doexe support/*
+
 		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
 	fi

 	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*

-	systemd_newunit "packaging/systemd/rsync.service" "rsyncd.service"
+	systemd_newunit packaging/systemd/rsync.service rsyncd.service
 }

 pkg_postinst() {
@ -103,12 +143,14 @@ pkg_postinst() {
 		ewarn "is a security risk which you should fix.  Please check your"
 		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
 	fi
+
 	if use stunnel ; then
 		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
 		einfo
 		einfo "You maybe have to update the certificates configured in"
 		einfo "${EROOT}/etc/stunnel/rsync.conf"
 	fi
+
 	if use system-zlib ; then
 		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
 		ewarn "using the --compress option."
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-9999.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-9999.ebuild
@ -1,32 +1,44 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI=7

-inherit prefix systemd
+PYTHON_COMPAT=( python3_{8,9,10} )
+inherit flag-o-matic prefix python-single-r1 systemd

 DESCRIPTION="File transfer program to keep remote files into sync"
 HOMEPAGE="https://rsync.samba.org/"
-if [[ "${PV}" == *9999 ]] ; then
-	PYTHON_COMPAT=( python3_{6,7,8} )
-	inherit autotools git-r3 python-any-r1
+if [[ ${PV} == *9999 ]] ; then
 	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
+	inherit autotools git-r3
+
+	REQUIRED_USE="${PYTHON_REQUIRED_USE}"
 else
-	if [[ "${PV}" == *_pre* ]] ; then
+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/waynedavison.asc
+	inherit verify-sig
+
+	if [[ ${PV} == *_pre* ]] ; then
 		SRC_DIR="src-previews"
 	else
 		SRC_DIR="src"
 		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 	fi
-	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
-	S="${WORKDIR}/${P/_/}"
+
+	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
+		verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )"
+	S="${WORKDIR}"/${P/_/}
 fi

 LICENSE="GPL-3"
 SLOT="0"
 IUSE="acl examples iconv ipv6 lz4 ssl stunnel system-zlib xattr xxhash zstd"
+REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )"

 RDEPEND="acl? ( virtual/acl )
+	examples? (
+		${PYTHON_DEPS}
+		dev-lang/perl
+	)
 	lz4? ( app-arch/lz4 )
 	ssl? ( dev-libs/openssl:0= )
 	system-zlib? ( sys-libs/zlib )
@ -36,22 +48,29 @@ RDEPEND="acl? ( virtual/acl )
 	>=dev-libs/popt-1.5
 	iconv? ( virtual/libiconv )"
 DEPEND="${RDEPEND}"
+BDEPEND="examples? ( ${PYTHON_DEPS} )"

-if [[ "${PV}" == *9999 ]] ; then
-	BDEPEND="${PYTHON_DEPS}
-		$(python_gen_any_dep '
+if [[ ${PV} == *9999 ]] ; then
+	BDEPEND+=" ${PYTHON_DEPS}
+		$(python_gen_cond_dep '
 			dev-python/commonmark[${PYTHON_USEDEP}]
 		')"
+else
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )"
 fi

-# Only required for live ebuild
-python_check_deps() {
-	has_version "dev-python/commonmark[${PYTHON_USEDEP}]"
+pkg_setup() {
+	# - USE=examples needs Python itself at runtime, but nothing else
+	# - 9999 needs commonmark at build time
+	if [[ ${PV} == *9999 ]] || use examples ; then
+		python-single-r1_pkg_setup
+	fi
 }

 src_prepare() {
 	default
-	if [[ "${PV}" == *9999 ]] ; then
+
+	if [[ ${PV} == *9999 ]] ; then
 		eaclocal -I m4
 		eautoconf -o configure.sh
 		eautoheader && touch config.h.in
@ -59,6 +78,10 @@ src_prepare() {
 }

 src_configure() {
+	# Force enable IPv6 on musl - upstream bug:
+	# https://bugzilla.samba.org/show_bug.cgi?id=10715
+	use elibc_musl && use ipv6 && append-cppflags -DINET6
+
 	local myeconfargs=(
 		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
 		--without-included-popt
@ -100,14 +123,17 @@ src_install() {

 	# Install the useful contrib scripts
 	if use examples ; then
+		python_fix_shebang support/
+
 		exeinto /usr/share/rsync
 		doexe support/*
+
 		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
 	fi

 	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*

-	systemd_newunit "packaging/systemd/rsync.service" "rsyncd.service"
+	systemd_newunit packaging/systemd/rsync.service rsyncd.service
 }

 pkg_postinst() {
@ -117,12 +143,14 @@ pkg_postinst() {
 		ewarn "is a security risk which you should fix.  Please check your"
 		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
 	fi
+
 	if use stunnel ; then
 		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
 		einfo
 		einfo "You maybe have to update the certificates configured in"
 		einfo "${EROOT}/etc/stunnel/rsync.conf"
 	fi
+
 	if use system-zlib ; then
 		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
 		ewarn "using the --compress option."