rsync: fix CVE-2022-29154

[feed/packages.git] / net / rsync / patches / 013-handle-a-trailing-slash.patch

diff --git a/net/rsync/patches/013-handle-a-trailing-slash.patch b/net/rsync/patches/013-handle-a-trailing-slash.patch
new file mode 100644 (file)
index 0000000..8a5ae9a
--- /dev/null
+++ b/net/rsync/patches/013-handle-a-trailing-slash.patch
@@ -0,0 +1,24 @@
+From d659610afc8a3ee53fe68a8a4bbd7fc768fcd6e9 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Mon, 8 Aug 2022 17:36:36 -0700
+Subject: [PATCH] Handle a trailing "/." at the end of a source arg.
+
+---
+ exclude.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/exclude.c
++++ b/exclude.c
+@@ -315,8 +315,11 @@ void add_implied_include(const char *arg
+       if (relative_paths) {
+               if ((cp = strstr(arg, "/./")) != NULL)
+                       arg = cp + 3;
+-      } else if ((cp = strrchr(arg, '/')) != NULL)
++      } else if ((cp = strrchr(arg, '/')) != NULL) {
+               arg = cp + 1;
++              if (*arg == '.' && arg[1] == '\0')
++                  arg++;
++      }
+       arg_len = strlen(arg);
+       if (arg_len) {
+               if (strpbrk(arg, "*[?")) {