ae2807821d
- Fix CVE-2022-29154: An issue was discovered in rsync before 3.2.5 that
allows malicious remote servers to write arbitrary files inside the
directories of connecting peers. The server chooses which
files/directories are sent to the client. However, the rsync client
performs insufficient validation of file names. A malicious rsync
server (or Man-in-The-Middle attacker) can overwrite arbitrary files
in the rsync client target directory and subdirectories (for example,
overwrite the .ssh/authorized_keys file).
- Drop patches (already in version)
- Update hash of COPYING (make openssl license exception clearer by
having it at the top and use modern links in COPYING:
dde4695136)
https://github.com/WayneD/rsync/blob/v3.2.5/NEWS.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
31 lines
727 B
Makefile
31 lines
727 B
Makefile
################################################################################
|
|
#
|
|
# rsync
|
|
#
|
|
################################################################################
|
|
|
|
RSYNC_VERSION = 3.2.5
|
|
RSYNC_SITE = http://rsync.samba.org/ftp/rsync/src
|
|
RSYNC_LICENSE = GPL-3.0+ with exceptions
|
|
RSYNC_LICENSE_FILES = COPYING
|
|
RSYNC_CPE_ID_VENDOR = samba
|
|
RSYNC_SELINUX_MODULES = rsync
|
|
RSYNC_DEPENDENCIES = zlib popt
|
|
RSYNC_CONF_OPTS = \
|
|
--with-included-zlib=no \
|
|
--with-included-popt=no \
|
|
--disable-simd \
|
|
--disable-openssl \
|
|
--disable-xxhash \
|
|
--disable-zstd \
|
|
--disable-lz4 \
|
|
--disable-asm
|
|
|
|
ifeq ($(BR2_PACKAGE_ACL),y)
|
|
RSYNC_DEPENDENCIES += acl
|
|
else
|
|
RSYNC_CONF_OPTS += --disable-acl-support
|
|
endif
|
|
|
|
$(eval $(autotools-package))
|