apply security fix

rsync/rsync.patch

@@ -40,3 +40,30 @@ Index: flist.c
  		lastdir_len = -1;
  
  	if (strlcpy(thisname, fname, sizeof thisname)
+
+=============================================================================
+
+Security Fix:
+
+There is a path-sanitizing bug that affects daemon mode in all recent
+rsync versions (including 2.6.2) but only if chroot is disabled. It
+does NOT affect the normal send/receive filenames that specify what
+files should be transferred (this is because these names happen to get
+sanitized twice, and thus the second call removes any lingering leading
+slash(es) that the first call left behind). It does affect certain
+option paths that cause auxilliary files to be read or written. One
+potential fix that doesn't require recompiling rsync is to set "use
+chroot = true" for all the modules in the rsyncd.conf file.
+
+Index: util.c
+--- util.c.orig	2004-04-27 21:59:37 +0200
++++ util.c	2004-08-15 11:45:47 +0200
+@@ -743,7 +743,7 @@
+ 				allowdotdot = 1;
+ 			} else {
+ 				p += 2;
+-				if (*p == '/')
++				while (*p == '/')
+ 					p++;
+ 				if (sanp != start) {
+ 					/* back up sanp one level */

rsync/rsync.spec

@@ -34,7 +34,7 @@ Class:        CORE
 Group:        Filesystem
 License:      GPL
 Version:      2.6.2
-Release:      20040706
+Release:      20040815
 
 #   package options
 %option       with_timelimit  no