pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2007Q2]: pkgsrc/net/rsync Pullup ticket 2179 - requested by tron
details: https://anonhg.NetBSD.org/pkgsrc/rev/16f16561b751
branches: pkgsrc-2007Q2
changeset: 530497:16f16561b751
user: ghen <ghen%pkgsrc.org@localhost>
date: Thu Aug 23 14:18:51 2007 +0000
description:
Pullup ticket 2179 - requested by tron
security fix for rsync
- pkgsrc/net/rsync/Makefile 1.68
- pkgsrc/net/rsync/distinfo 1.26
- pkgsrc/net/rsync/patches/patch-aa 1.11
Module Name: pkgsrc
Committed By: tron
Date: Thu Aug 23 13:47:51 UTC 2007
Modified Files:
pkgsrc/net/rsync: Makefile distinfo
Added Files:
pkgsrc/net/rsync/patches: patch-aa
Log Message:
Add SuSE's patch to fix the vulnerability reported in CVE-2007-4091.
Bump package revision.
diffstat:
net/rsync/Makefile | 3 +-
net/rsync/distinfo | 3 +-
net/rsync/patches/patch-aa | 62 ++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 66 insertions(+), 2 deletions(-)
diffs (91 lines):
diff -r 8d910479aa74 -r 16f16561b751 net/rsync/Makefile
--- a/net/rsync/Makefile Tue Aug 14 07:03:38 2007 +0000
+++ b/net/rsync/Makefile Thu Aug 23 14:18:51 2007 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.67 2006/11/18 09:12:53 adam Exp $
+# $NetBSD: Makefile,v 1.67.6.1 2007/08/23 14:18:51 ghen Exp $
DISTNAME= rsync-2.6.9
CATEGORIES= net
+PKGREVISION= 1
MASTER_SITES= http://rsync.samba.org/ftp/rsync/ \
ftp://rsync.samba.org/pub/rsync/ \
http://rsync.samba.org/ftp/rsync/old-versions/ \
diff -r 8d910479aa74 -r 16f16561b751 net/rsync/distinfo
--- a/net/rsync/distinfo Tue Aug 14 07:03:38 2007 +0000
+++ b/net/rsync/distinfo Thu Aug 23 14:18:51 2007 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.25 2006/11/18 09:12:53 adam Exp $
+$NetBSD: distinfo,v 1.25.6.1 2007/08/23 14:18:51 ghen Exp $
SHA1 (rsync-2.6.9.tar.gz) = 341618e230ea2e0e551d0ccf06f840d4f824c843
RMD160 (rsync-2.6.9.tar.gz) = 36d270d9f01e9a8e808f426196796001bdd3d5d2
Size (rsync-2.6.9.tar.gz) = 811841 bytes
+SHA1 (patch-aa) = f8193d10197d44f78d923b9c2e4809072d25e988
SHA1 (patch-ab) = 1666dbc37c04c219886b2e5d160792e9b9e2b97d
diff -r 8d910479aa74 -r 16f16561b751 net/rsync/patches/patch-aa
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/rsync/patches/patch-aa Thu Aug 23 14:18:51 2007 +0000
@@ -0,0 +1,62 @@
+$NetBSD: patch-aa,v 1.10.22.1 2007/08/23 14:19:11 ghen Exp $
+
+--- sender.c.orig 2006-09-20 02:53:32.000000000 +0100
++++ sender.c 2007-08-23 14:43:38.000000000 +0100
+@@ -123,6 +123,7 @@
+ char fname[MAXPATHLEN];
+ struct file_struct *file;
+ unsigned int offset;
++ size_t l = 0;
+
+ if (ndx < 0 || ndx >= the_file_list->count)
+ return;
+@@ -133,6 +134,20 @@
+ file->dir.root, "/", NULL);
+ } else
+ offset = 0;
++
++ l = offset + 1;
++ if (file) {
++ if (file->dirname)
++ l += strlen(file->dirname);
++ if (file->basename)
++ l += strlen(file->basename);
++ }
++
++ if (l >= sizeof(fname)) {
++ rprintf(FERROR, "Overlong pathname\n");
++ exit_cleanup(RERR_FILESELECT);
++ }
++
+ f_name(file, fname + offset);
+ if (remove_source_files) {
+ if (do_unlink(fname) == 0) {
+@@ -224,6 +239,7 @@
+ enum logcode log_code = log_before_transfer ? FLOG : FINFO;
+ int f_xfer = write_batch < 0 ? batch_fd : f_out;
+ int i, j;
++ size_t l = 0;
+
+ if (verbose > 2)
+ rprintf(FINFO, "send_files starting\n");
+@@ -259,6 +275,20 @@
+ fname[offset++] = '/';
+ } else
+ offset = 0;
++
++ l = offset + 1;
++ if (file) {
++ if (file->dirname)
++ l += strlen(file->dirname);
++ if (file->basename)
++ l += strlen(file->basename);
++ }
++
++ if (l >= sizeof(fname)) {
++ rprintf(FERROR, "Overlong pathname\n");
++ exit_cleanup(RERR_FILESELECT);
++ }
++
+ fname2 = f_name(file, fname + offset);
+
+ if (verbose > 2)
Home |
Main Index |
Thread Index |
Old Index