new file mode 100644

@@ -0,0 +1,28 @@

+From 47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 Mon Sep 17 00:00:00 2001

+From: Wayne Davison <wayned@samba.org>

+Date: Sun, 5 Nov 2017 11:33:15 -0800

+Subject: [PATCH] Enforce trailing \0 when receiving xattr name values. Fixes

+ bug 13112.

+

+---

+ xattrs.c | 4 ++++

+ 1 file changed, 4 insertions(+)

+

+diff --git a/xattrs.c b/xattrs.c

+index 68305d7..4867e6f 100644

+--- a/xattrs.c

+@@ -824,6 +824,10 @@ void receive_xattr(int f, struct file_struct *file)

+ 			out_of_memory("receive_xattr");

+ 		name = ptr + dget_len + extra_len;

+ 		read_buf(f, name, name_len);

++		if (name_len < 1 || name[name_len-1] != '\0') {

++			rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n");

++			exit_cleanup(RERR_FILEIO);

++		}

+ 		if (dget_len == datum_len)

+ 			read_buf(f, ptr, dget_len);

+ 		else {

+-- 

+1.9.1

+

@@ -1,20 +1,22 @@

-Summary:	Fast incremental file transfer. 

-Name:		rsync

-Version:	3.1.2

-Release:	3%{?dist}

-License:	GPLv3+

-URL:		https://rsync.samba.org/

-Source0:	https://download.samba.org/pub/rsync/src/%{name}-%{version}.tar.gz

-%define sha1 rsync=0d4c7fb7fe3fc80eeff922a7c1d81df11dbb8a1a

-Group:		Appication/Internet

-Vendor:		VMware, Inc.

-Distribution:	Photon

-BuildRequires:	systemd

-Requires:	systemd

+Summary:        Fast incremental file transfer. 

+Name:           rsync

+Version:        3.1.2

+Release:        4%{?dist}

+License:        GPLv3+

+URL:            https://rsync.samba.org/

+Source0:        https://download.samba.org/pub/rsync/src/%{name}-%{version}.tar.gz

+%define sha1    rsync=0d4c7fb7fe3fc80eeff922a7c1d81df11dbb8a1a

+Patch0:         rsync-CVE-2017-16548.patch

+Group:          Appication/Internet

+Vendor:         VMware, Inc.

+Distribution:   Photon

+BuildRequires:  systemd

+Requires:       systemd

 %description

 Rsync is a fast and extraordinarily versatile file copying tool. It can copy locally, to/from another host over any remote shell, or to/from a remote rsync daemon. It offers a large number of options that control every aspect of its behavior and permit very flexible specification of the set of files to be copied. It is famous for its delta-transfer algorithm, which reduces the amount of data sent over the network by sending only the differences between the source files and the existing files in the destination. Rsync is widely used for backups and mirroring and as an improved copy command for everyday use.

 %prep

 %setup -q

+%patch0 -p1

 %build

 %configure --prefix=/usr

 make %{?_smp_mflags}

@@ -43,7 +45,7 @@ make %{?_smp_mflags} check

 %post

 /sbin/ldconfig

-%postun	-p /sbin/ldconfig

+%postun -p /sbin/ldconfig

 %files

 %defattr(-,root,root)

 %exclude %{_libdir}/debug

@@ -54,12 +56,14 @@ make %{?_smp_mflags} check

 %{_libdir}/systemd/system/rsyncd.service

 %{_sysconfdir}/rsyncd.conf

 %changelog

-*       Wed Oct 05 2016 ChangLee <changlee@vmware.com> 3.1.2-3

--       Modified %check

-*	Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 3.1.2-2

--	GA - Bump release of all rpms

+*   Wed Nov 29 2017 Xiaolin Li <xiaolinl@vmware.com> 3.1.2-4

+-   Fix CVE-2017-16548

+*   Wed Oct 05 2016 ChangLee <changlee@vmware.com> 3.1.2-3

+-   Modified %check

+*   Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 3.1.2-2

+-   GA - Bump release of all rpms

 *   Thu Jan 21 2016 Xiaolin Li <xiaolinl@vmware.com> 3.1.2-1

 -   Updated to version 3.1.2

-*	Mon Dec 14 2015 Xiaolin Li < xiaolinl@vmware.com> 3.1.1-1

--	Initial build. First version

+*   Mon Dec 14 2015 Xiaolin Li < xiaolinl@vmware.com> 3.1.1-1

+-   Initial build. First version