Peter Korsgaard 70d836c618 rsync: add upstream security fix for CVE-2017-16548 ...

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development
does not check for a trailing '\0' character in an xattr name, which allows
remote attackers to cause a denial of service (heap-based buffer over-read
and application crash) or possibly have unspecified other impact by sending
crafted data to the daemon.

For more details, see:
https://bugzilla.samba.org/show_bug.cgi?id=13112

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7f33f1d848)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

2017-12-27 23:29:58 +01:00

..

0001-Check-fname-in-recv_files-sooner.patch

…

0002-Sanitize-xname-in-read_ndx_and_attrs.patch

…

0003-Check-daemon-filter-against-fnamecmp-in-recv_files.patch

…

0004-Enforce-trailing-0-when-receiving-xattr-name-values.patch

…

Config.in

…

rsync.hash

…

rsync.mk

…