guix/gnu/packages/patches/rsync-CVE-2017-17433-fix-tests.patch
Efraim Flashner 91675d5082
gnu: rsync: Patch CVE-2017-{16548,17433,17434}.
* gnu/packages/rsync.scm (rsync)[source]: Add patches.
[properties]: Mark CVE-2017-15994 as not relevant.
* gnu/packages/patches/rsync-CVE-2017-16548.patch,
gnu/packages/patches/rsync-CVE-2017-17433.patch,
gnu/packages/patches/rsync-CVE-2017-17433-fix-tests.patch,
gnu/packages/patches/rsync-CVE-2017-17434-pt1.patch,
gnu/packages/patches/rsync-CVE-2017-17434-pt2.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register them.
2017-12-18 22:53:46 +02:00

42 lines
1.4 KiB
Diff

https://git.samba.org/?p=rsync.git;a=patch;h=f5e8a17e093065fb20fea00a29540fe2c7896441
minor edits were made to get the patch to apply
From f5e8a17e093065fb20fea00a29540fe2c7896441 Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayned@samba.org>
Date: Sun, 3 Dec 2017 15:49:56 -0800
Subject: [PATCH] Fix issue with earlier path-check (fixes "make check") and
make a BOOL more explicit.
---
checksum.c | 2 +-
receiver.c | 10 +++++-----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/receiver.c b/receiver.c
index 9c46242..75cb00d 100644
--- a/receiver.c
+++ b/receiver.c
@@ -574,15 +574,15 @@ int recv_files(int f_in, int f_out, char *local_name)
file = dir_flist->files[cur_flist->parent_ndx];
fname = local_name ? local_name : f_name(file, fbuf);
- if (daemon_filter_list.head
- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+ if (DEBUG_GTE(RECV, 1))
+ rprintf(FINFO, "recv_files(%s)\n", fname);
+
+ if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0')
+ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
rprintf(FERROR, "attempt to hack rsync failed.\n");
exit_cleanup(RERR_PROTOCOL);
}
- if (DEBUG_GTE(RECV, 1))
- rprintf(FINFO, "recv_files(%s)\n", fname);
-
#ifdef SUPPORT_XATTRS
if (preserve_xattrs && iflags & ITEM_REPORT_XATTR && do_xfers
&& !(want_xattr_optim && BITS_SET(iflags, ITEM_XNAME_FOLLOWS|ITEM_LOCAL_CHANGE)))
--
1.9.1