packages/net/rsync/patches/013-handle-a-trailing-slash.patch
John Audia 2611b86547 rsync: fix CVE-2022-29154
The rsync package is vulnerable to CVE-2022-29154[1], which is not yet in a
non-preview release. This commit applies the upstream commit to fix it and
several subsequent commits needed to fix bugs the initial fix introduced[2].

1. https://rsync.samba.org/ftp/rsync/NEWS#SECURITY_FIXES-3.2.5
2. https://bugs.archlinux.org/task/75558

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-08-13 11:31:08 +02:00

24 lines
712 B
Diff

From d659610afc8a3ee53fe68a8a4bbd7fc768fcd6e9 Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayne@opencoder.net>
Date: Mon, 8 Aug 2022 17:36:36 -0700
Subject: [PATCH] Handle a trailing "/." at the end of a source arg.
---
exclude.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/exclude.c
+++ b/exclude.c
@@ -315,8 +315,11 @@ void add_implied_include(const char *arg
if (relative_paths) {
if ((cp = strstr(arg, "/./")) != NULL)
arg = cp + 3;
- } else if ((cp = strrchr(arg, '/')) != NULL)
+ } else if ((cp = strrchr(arg, '/')) != NULL) {
arg = cp + 1;
+ if (*arg == '.' && arg[1] == '\0')
+ arg++;
+ }
arg_len = strlen(arg);
if (arg_len) {
if (strpbrk(arg, "*[?")) {