commit rsync for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package rsync for openSUSE:Factory checked 
in at 2017-11-29 10:50:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rsync (Old)
 and      /work/SRC/openSUSE:Factory/.rsync.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "rsync"

Wed Nov 29 10:50:13 2017 rev:63 rq:546274 version:3.1.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/rsync/rsync.changes      2017-07-28 
09:44:25.759420866 +0200
+++ /work/SRC/openSUSE:Factory/.rsync.new/rsync.changes 2017-11-29 
10:50:16.269849962 +0100
@@ -1,0 +2,7 @@
+Tue Nov 28 16:18:45 UTC 2017 - pmonrealgonza...@suse.com
+
+- Security fix [bsc#1066644, CVE-2017-16548]
+  * Missing trailing '\0' character check could lead to remote DoS
+  * Added rsync-CVE-2017-16548.patch
+
+-------------------------------------------------------------------

New:
----
  rsync-CVE-2017-16548.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ rsync.spec ++++++
--- /var/tmp/diff_new_pack.p1BiYp/_old  2017-11-29 10:50:18.625764493 +0100
+++ /var/tmp/diff_new_pack.p1BiYp/_new  2017-11-29 10:50:18.625764493 +0100
@@ -40,6 +40,8 @@
 #PATCH-FIX-SUSE boo#922710 slp
 Patch1:         rsync-add_back_use_slp_directive.patch
 Patch2:         rsync-both-compressions.patch
+#PATCH-FIX-UPSTREAM CVE-2017-16548 bsc#1066644 Missing trailing '\0' check 
could lead to remote DoS
+Patch3:         rsync-CVE-2017-16548.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libacl-devel
@@ -73,6 +75,7 @@
 patch -p1 < patches/time-limit.diff
 %patch0 -p1
 %patch2 -p1
+%patch3 -p1
 
 %build
 autoreconf -fiv


++++++ rsync-CVE-2017-16548.patch ++++++
>From 47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 Mon Sep 17 00:00:00 2001
From: Wayne Davison <way...@samba.org>
Date: Sun, 5 Nov 2017 11:33:15 -0800
Subject: [PATCH 1/1] Enforce trailing \0 when receiving xattr name values.
 Fixes bug 13112.

---
 xattrs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/xattrs.c b/xattrs.c
index 68305d7..4867e6f 100644
--- a/xattrs.c
+++ b/xattrs.c
@@ -824,6 +824,10 @@ void receive_xattr(int f, struct file_struct *file)
                        out_of_memory("receive_xattr");
                name = ptr + dget_len + extra_len;
                read_buf(f, name, name_len);
+               if (name_len < 1 || name[name_len-1] != '\0') {
+                       rprintf(FERROR, "Invalid xattr name received (missing 
trailing \\0).\n");
+                       exit_cleanup(RERR_FILEIO);
+               }
                if (dget_len == datum_len)
                        read_buf(f, ptr, dget_len);
                else {
-- 
1.9.1