File mirror-2.9.patch of Package mirror.9822
Index: do_unlinks.pl
===================================================================
--- do_unlinks.pl.orig
+++ do_unlinks.pl
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl -s
+#!/usr/bin/perl -s
#
#
#
Index: makefile
===================================================================
--- makefile.orig
+++ makefile
@@ -65,25 +65,26 @@ PLMODE = 644
# mode to install executables
EXMODE = 755
# group to own all the files
-GRP = gnu
+GRP = root
# directory to install .pl (perl library) files
PLDIR = /usr/local/perl5/lib/perl5
# directory to install public executables
-BINDIR = /usr/local/sbin
+BINDIR = /usr/bin
# directory to install man pages
-MANDIR = /usr/local/man/man1
+MANDIR = /usr/share/man/man1
install:
- install -m $(PLMODE) -g $(GRP) lchat.pl $(PLDIR)
- install -m $(PLMODE) -g $(GRP) dateconv.pl $(PLDIR)
- install -m $(PLMODE) -g $(GRP) ftp.pl $(PLDIR)
- install -m $(PLMODE) -g $(GRP) lsparse.pl $(PLDIR)
- install -m $(EXMODE) -g $(GRP) mirror.pl $(BINDIR)/mirror
- install -m $(EXMODE) -g $(GRP) do_unlinks.pl $(BINDIR)/do_unlinks
- install -m $(EXMODE) -g $(GRP) pkgs_to_mmin.pl $(BINDIR)/pkgs_to_mmin
- install -m $(EXMODE) -g $(GRP) mm.pl $(BINDIR)/mirror-master
- install -m $(PLMODE) -g $(GRP) mirror.man $(MANDIR)/mirror.1
- install -m $(PLMODE) -g $(GRP) mm.man $(MANDIR)/mirror-master.1
+ install -m $(PLMODE) -g $(GRP) lchat.pl $(DESTDIR)$(PLDIR)
+ install -m $(PLMODE) -g $(GRP) dateconv.pl $(DESTDIR)$(PLDIR)
+ install -m $(PLMODE) -g $(GRP) ftp.pl $(DESTDIR)$(PLDIR)/lftp.pl
+ install -m $(PLMODE) -g $(GRP) lsparse.pl $(DESTDIR)$(PLDIR)
+ install -m $(PLMODE) -g $(GRP) mirror.defaults $(DESTDIR)$(PLDIR)
+ install -m $(EXMODE) -g $(GRP) mirror.pl $(DESTDIR)$(BINDIR)/mirror
+ install -m $(EXMODE) -g $(GRP) do_unlinks.pl $(DESTDIR)$(BINDIR)/do_unlinks
+ install -m $(EXMODE) -g $(GRP) pkgs_to_mmin.pl $(DESTDIR)$(BINDIR)/pkgs_to_mmin
+ install -m $(EXMODE) -g $(GRP) mm.pl $(DESTDIR)$(BINDIR)/mirror-master
+ install -m $(PLMODE) -g $(GRP) mirror.man $(DESTDIR)$(MANDIR)/mirror.1
+ install -m $(PLMODE) -g $(GRP) mm.man $(DESTDIR)$(MANDIR)/mirror-master.1
# directory to install .pl (perl library) files for rperl
RPLDIR = /usr/local/rperl5/lib/perl5
Index: mirror.defaults
===================================================================
--- mirror.defaults.orig
+++ mirror.defaults
@@ -11,12 +11,12 @@ package=defaults
# The LOCAL hostname - if not the same as `hostname`
# (I advertise the name sunsite.org.uk but the machine is
# really swallow.sunsite.org.uk.)
- hostname=sunsite.org.uk
+ # hostname=sunsite.org.uk
# Keep all local_dirs relative to here
- local_dir=/public/
+ # local_dir=/public/
# The local_dir must exist FIRST
#local_dir_check=true
- remote_password=wizards@sunsite.org.uk
+ # remote_password=wizards@sunsite.org.uk
mail_to=
# Don't mirror file modes. Set all dirs/files to these
dir_mode=0755
@@ -49,11 +49,16 @@ package=defaults
# Don't delete own mirror log, .notar or .cache files (incl in subdirs)
# delete_excl=(^|/)\.(mirror|notar|cache)$
# Ignore any local readme and .mirror files
- local_ignore=README.doc.ic|(^|/)\.(mirror|notar)$
+ # local_ignore=README.doc.ic|(^|/)\.(mirror|notar)$
+ local_ignore=(^|/)\.(mirror|notar)$
# Automatically delete local copies of files that the
# remote site has zapped
do_deletes=true
+
+# max % of files that will be deleted, otherwise just report them via email
max_delete_files=50%
+ # the same for directories...
max_delete_dirs=50%
+
timeout=300
#failed_gets_excl=\:\ Permission denied\.$
Index: mirror.pl
===================================================================
--- mirror.pl.orig
+++ mirror.pl
@@ -163,8 +163,8 @@ $sum_prog = &find_prog( 'sum' );
# SPECIAL NOTE: This is eval'd, so DONT put double-quotes (") in it.
# You can get local variables to appear as in the second example:
-$mail_subject = '-s \'mirror update\'';
-# $mail_subject = ' -s \'mirror update of $package\'';
+# $mail_subject = '-s \'mirror update\'';
+$mail_subject = ' -s \'mirror update of $package\'';
# When scanning the local directory, how often to prod the remote
# system to keep the connection alive
@@ -183,7 +183,7 @@ $win_getcwd = 'Win32::GetCwd';
# Make sure that your PERLLIB environment variable can get you
# all these or that they are installed.
-require 'ftp.pl';
+require 'lftp.pl';
require 'lsparse.pl';
require 'dateconv.pl';
@@ -2332,6 +2332,15 @@ sub compare_dirs
next;
}
+ # important security check - marc@suse.de
+ # we don't use an allow list but an deny list because otherwise
+ # we will get problems with umlaute and other stuff. And the
+ # hole is very small anyway.
+ if ( $src_path =~ m/[\\\n;&<>#\`!\$\*\|]/ || $src_path =~ m/\.\./) {
+ print STDERR "Error: source filename contains illegal characters: \"$src_path\"\n";
+ next;
+ }
+
# Just create any needed directories (the timestamps
# should be ignored)
if( $src_type[ $srci ] eq 'd' ){