- Fix CVE-2022-29154: An issue was discovered in rsync before 3.2.5 that
allows malicious remote servers to write arbitrary files inside the
directories of connecting peers. The server chooses which
files/directories are sent to the client. However, the rsync client
performs insufficient validation of file names. A malicious rsync
server (or Man-in-The-Middle attacker) can overwrite arbitrary files
in the rsync client target directory and subdirectories (for example,
overwrite the .ssh/authorized_keys file).
- Drop patches (already in version)
- Update hash of COPYING (make openssl license exception clearer by
having it at the top and use modern links in COPYING:
dde4695136)
https://github.com/WayneD/rsync/blob/v3.2.5/NEWS.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
ae2807821d