4 files changed, 119 insertions, 0 deletions

diff --git a/rp/rcynic/static-rsync/Makefile.in b/rp/rcynic/static-rsync/Makefile.in
new file mode 100644
index 00000000..8a433c7b
--- /dev/null
+++ b/rp/rcynic/static-rsync/Makefile.in
@@ -0,0 +1,44 @@
+# $Id$
+
+VERSION	= 2.6.9
+
+CFG_ENV	= CFLAGS='@CFLAGS@' LDFLAGS='@LDFLAGS@ @LD_STATIC_FLAG@'
+CFG_ARG	=
+
+TARBALL = rsync-${VERSION}.tar.gz
+DIRNAME	= rsync-${VERSION}
+
+CFG_LOG	= > ../config.log 2>&1 
+BIN_LOG	= > ../build.log  2>&1
+
+BIN	= rsync
+
+abs_top_srcdir	 = @abs_top_srcdir@
+abs_top_builddir = @abs_top_builddir@
+
+all: ${BIN}
+
+${BIN}: ${DIRNAME}/${BIN}
+	ln ${DIRNAME}/${BIN} $@
+	file $@
+
+${DIRNAME}/${BIN}: configured.stamp
+	cd ${DIRNAME} && ${MAKE} ${BIN_LOG}
+
+extracted.stamp: ${TARBALL}
+	gzip -c -d ${TARBALL} | tar -xf -
+	touch $@
+
+patched.stamp: extracted.stamp
+	for i in patches/patch-*; do if test -f "$$i"; then patch -d ${DIRNAME} <"$$i"; else :; fi; done
+	touch $@
+
+configured.stamp: patched.stamp
+	cd ${DIRNAME} && ${CFG_ENV} ./configure ${CFG_ARG} ${CFG_LOG}
+	touch $@
+
+clean:
+	rm -rf ${BIN} ${DIRNAME} *.stamp *.log
+
+distclean: clean
+	rm -f Makefile
diff --git a/rp/rcynic/static-rsync/README b/rp/rcynic/static-rsync/README
new file mode 100644
index 00000000..9ff5afa8
--- /dev/null
+++ b/rp/rcynic/static-rsync/README
@@ -0,0 +1,15 @@
+$Id$
+
+Hack to build a static rsync binary suitable for use in a chroot jail.
+
+The default configuration is for gcc, since that's the most widely
+used compiler on the platforms we use.  I've provided hooks intended
+to make it simple to support other compilers just by overriding make
+variables on the command line: if you need to do something more
+drastic than this to get your compiler working, please tell me.
+
+If your platform doesn't support static binaries at all, you're on
+your own (and should whine at your OS vendor, as this is nuts).
+
+We try to stick with rsync release code, but apply security patches
+when necessary.
diff --git a/rp/rcynic/static-rsync/patches/patch-CVE-2007-4091 b/rp/rcynic/static-rsync/patches/patch-CVE-2007-4091
new file mode 100644
index 00000000..201af96a
--- /dev/null
+++ b/rp/rcynic/static-rsync/patches/patch-CVE-2007-4091
@@ -0,0 +1,60 @@
+--- sender.c	2006-09-20 03:53:32.000000000 +0200
++++ sender.c	2007-07-25 15:33:05.000000000 +0200
+@@ -123,6 +123,7 @@
+ 	char fname[MAXPATHLEN];
+ 	struct file_struct *file;
+ 	unsigned int offset;
++	size_t l = 0;
+ 
+ 	if (ndx < 0 || ndx >= the_file_list->count)
+ 		return;
+@@ -133,6 +134,20 @@
+ 				    file->dir.root, "/", NULL);
+ 	} else
+ 		offset = 0;
++
++	l = offset + 1;
++	if (file) {
++		if (file->dirname)
++			l += strlen(file->dirname);
++		if (file->basename)
++			l += strlen(file->basename);
++	}
++
++	if (l >= sizeof(fname)) {
++		rprintf(FERROR, "Overlong pathname\n");
++		exit_cleanup(RERR_FILESELECT);
++	}
++
+ 	f_name(file, fname + offset);
+ 	if (remove_source_files) {
+ 		if (do_unlink(fname) == 0) {
+@@ -224,6 +239,7 @@
+ 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;
+ 	int f_xfer = write_batch < 0 ? batch_fd : f_out;
+ 	int i, j;
++	size_t l = 0;
+ 
+ 	if (verbose > 2)
+ 		rprintf(FINFO, "send_files starting\n");
+@@ -259,6 +275,20 @@
+ 				fname[offset++] = '/';
+ 		} else
+ 			offset = 0;
++
++		l = offset + 1;
++		if (file) {
++			if (file->dirname)
++				l += strlen(file->dirname);
++			if (file->basename)
++				l += strlen(file->basename);
++		}
++
++		if (l >= sizeof(fname)) {
++			rprintf(FERROR, "Overlong pathname\n");
++			exit_cleanup(RERR_FILESELECT);
++		}
++
+ 		fname2 = f_name(file, fname + offset);
+ 
+ 		if (verbose > 2)
diff --git a/rp/rcynic/static-rsync/rsync-2.6.9.tar.gz b/rp/rcynic/static-rsync/rsync-2.6.9.tar.gz
new file mode 100644
index 00000000..6377f639
--- /dev/null
+++ b/rp/rcynic/static-rsync/rsync-2.6.9.tar.gz