tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: security update of net/rsync



On Wed, Dec 23, 2015 at 07:07:13AM +0900, Ryo ONODERA wrote:
> Hi,
> 
> Rsync 3.1.2 has released.
> It has security fix. See:
> 
> https://rsync.samba.org/security.html#s3_1_2
> File-list validation in 3.1.2
> December 21st, 2015
> 
> If you're using a version of rsync older than 3.1.2 as a client and receiving files from an rsync server that you might not fully trust, this version adds extra checking to the file list to prevent the sender from tweaking the paths and/or the transfer requests in a way that could cause a file to be received outside the transfer destination. 
> 
> 
> It also needs perl to build.
> And it works fine on netbsd-6/amd64.
> 
> I would like to include latest rsync in pkgsrc-2015Q4.
> Can I commit it during freeze?

Please go ahead!

Thanks,
 Thomas


Home | Main Index | Thread Index | Old Index