--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/rsync/patches/z21762187.patch Thu Sep 17 11:19:09 2015 -0700
@@ -0,0 +1,101 @@
+Fix for CVE-2014-9512 from upstream at https://rsync.samba.org
+
+--- rsync-3.1.1/flist.c.old 2015-09-04 14:58:04.610748249 -0700
++++ rsync-3.1.1/flist.c 2015-09-04 15:02:22.838695225 -0700
+@@ -2435,8 +2435,9 @@
+ return flist;
+ }
+
+-struct file_list *recv_file_list(int f)
++struct file_list *recv_file_list(int f, int dir_ndx)
+ {
++ const char *good_dirname = NULL;
+ struct file_list *flist;
+ int dstart, flags;
+ int64 start_read;
+@@ -2491,6 +2492,23 @@
+
+ flist_expand(flist, 1);
+ file = recv_file_entry(f, flist, flags);
++ if (inc_recurse) {
++ static const char empty_dir[] = "\0";
++ const char *cur_dir = file->dirname ? file->dirname : empty_dir;
++ if (relative_paths && *cur_dir == '/')
++ cur_dir++;
++ if (cur_dir != good_dirname) {
++ const char *d = dir_ndx >= 0 ? f_name(dir_flist->files[dir_ndx], NULL) : empty_dir;
++ if (strcmp(cur_dir, d) != 0) {
++ rprintf(FERROR,
++ "ABORTING due to invalid dir prefix from sender: %s (should be: %s)\n",
++ cur_dir, d);
++ exit_cleanup(RERR_PROTOCOL);
++ }
++ good_dirname = cur_dir;
++ }
++ }
++
+
+ if (S_ISREG(file->mode)) {
+ /* Already counted */
+@@ -2615,7 +2633,7 @@
+ rprintf(FINFO, "[%s] receiving flist for dir %d\n",
+ who_am_i(), ndx);
+ }
+- flist = recv_file_list(f);
++ flist = recv_file_list(f, ndx);
+ flist->parent_ndx = ndx;
+ }
+ }
+--- rsync-3.1.1/io.c.old 2015-09-04 14:58:15.706192874 -0700
++++ rsync-3.1.1/io.c 2015-09-04 15:05:23.471180002 -0700
+@@ -1685,7 +1685,7 @@
+ rprintf(FINFO, "[%s] receiving flist for dir %d\n",
+ who_am_i(), ndx);
+ }
+- flist = recv_file_list(iobuf.in_fd);
++ flist = recv_file_list(iobuf.in_fd, ndx);
+ flist->parent_ndx = ndx;
+ #ifdef SUPPORT_HARD_LINKS
+ if (preserve_hard_links)
+--- rsync-3.1.1/main.c.old 2015-09-04 14:58:24.905761717 -0700
++++ rsync-3.1.1/main.c 2015-09-04 15:07:00.835145092 -0700
+@@ -1010,7 +1010,7 @@
+ filesfrom_fd = -1;
+ }
+
+- flist = recv_file_list(f_in);
++ flist = recv_file_list(f_in, -1);
+ if (!flist) {
+ rprintf(FERROR,"server_recv: recv_file_list error\n");
+ exit_cleanup(RERR_FILESELECT);
+@@ -1184,7 +1184,7 @@
+
+ if (write_batch && !am_server)
+ start_write_batch(f_in);
+- flist = recv_file_list(f_in);
++ flist = recv_file_list(f_in, -1);
+ if (inc_recurse && file_total == 1)
+ recv_additional_file_list(f_in);
+
+--- rsync-3.1.1/rsync.c.old 2015-09-04 14:58:51.928552530 -0700
++++ rsync-3.1.1/rsync.c 2015-09-04 15:07:59.696578389 -0700
+@@ -364,7 +364,7 @@
+ }
+ /* Send all the data we read for this flist to the generator. */
+ start_flist_forward(ndx);
+- flist = recv_file_list(f_in);
++ flist = recv_file_list(f_in, ndx);
+ flist->parent_ndx = ndx;
+ stop_flist_forward();
+ }
+--- rsync-3.1.1/proto.h.old 2015-09-04 17:46:09.133140046 -0700
++++ rsync-3.1.1/proto.h 2015-09-04 17:45:12.510951663 -0700
+@@ -89,7 +89,7 @@
+ void unmake_file(struct file_struct *file);
+ void send_extra_file_list(int f, int at_least);
+ struct file_list *send_file_list(int f, int argc, char *argv[]);
+-struct file_list *recv_file_list(int f);
++struct file_list *recv_file_list(int f, int dir_ndx);
+ void recv_additional_file_list(int f);
+ int flist_find(struct file_list *flist, struct file_struct *f);
+ int flist_find_ignore_dirness(struct file_list *flist, struct file_struct *f);