Skip to content
Commit ae280782 authored by Fabrice Fontaine's avatar Fabrice Fontaine Committed by Yann E. MORIN
Browse files

package/rsync: security bump to version 3.2.5 

- Fix CVE-2022-29154: An issue was discovered in rsync before 3.2.5 that
  allows malicious remote servers to write arbitrary files inside the
  directories of connecting peers. The server chooses which
  files/directories are sent to the client. However, the rsync client
  performs insufficient validation of file names. A malicious rsync
  server (or Man-in-The-Middle attacker) can overwrite arbitrary files
  in the rsync client target directory and subdirectories (for example,
  overwrite the .ssh/authorized_keys file).
- Drop patches (already in version)
- Update hash of COPYING (make openssl license exception clearer by
  having it at the top and use modern links in COPYING:
  https://github.com/WayneD/rsync/commit/dde469513625c0e10216da9b6f6546aa844431f7)

https://github.com/WayneD/rsync/blob/v3.2.5/NEWS.md



Signed-off-by: default avatarFabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: default avatarYann E. MORIN <yann.morin.1998@free.fr>
parent 99338a8a
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment