diff options
| author | ghen <ghen@pkgsrc.org> | 2007-08-23 14:18:51 +0000 |
|---|---|---|
| committer | ghen <ghen@pkgsrc.org> | 2007-08-23 14:18:51 +0000 |
| commit | fb22dddccfd8ff0dd81fbeb116fc9159a610b52d (patch) | |
| tree | b6a97ebbc4006471bba41fcb3c76e84555fbc3a0 | |
| parent | fed2985ec1a61d8450552fde673793a126486783 (diff) | |
| download | pkgsrc-fb22dddccfd8ff0dd81fbeb116fc9159a610b52d.tar.gz | |
Pullup ticket 2179 - requested by tron
security fix for rsync
- pkgsrc/net/rsync/Makefile 1.68
- pkgsrc/net/rsync/distinfo 1.26
- pkgsrc/net/rsync/patches/patch-aa 1.11
Module Name: pkgsrc
Committed By: tron
Date: Thu Aug 23 13:47:51 UTC 2007
Modified Files:
pkgsrc/net/rsync: Makefile distinfo
Added Files:
pkgsrc/net/rsync/patches: patch-aa
Log Message:
Add SuSE's patch to fix the vulnerability reported in CVE-2007-4091.
Bump package revision.
| -rw-r--r-- | net/rsync/Makefile | 3 | ||||
| -rw-r--r-- | net/rsync/distinfo | 3 | ||||
| -rw-r--r-- | net/rsync/patches/patch-aa | 62 |
3 files changed, 66 insertions, 2 deletions
diff --git a/net/rsync/Makefile b/net/rsync/Makefile index 4b3f46e57e7..0b7a21a9256 100644 --- a/net/rsync/Makefile +++ b/net/rsync/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.67 2006/11/18 09:12:53 adam Exp $ +# $NetBSD: Makefile,v 1.67.6.1 2007/08/23 14:18:51 ghen Exp $ DISTNAME= rsync-2.6.9 CATEGORIES= net +PKGREVISION= 1 MASTER_SITES= http://rsync.samba.org/ftp/rsync/ \ ftp://rsync.samba.org/pub/rsync/ \ http://rsync.samba.org/ftp/rsync/old-versions/ \ diff --git a/net/rsync/distinfo b/net/rsync/distinfo index 41809e042a4..02a91c907ba 100644 --- a/net/rsync/distinfo +++ b/net/rsync/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.25 2006/11/18 09:12:53 adam Exp $ +$NetBSD: distinfo,v 1.25.6.1 2007/08/23 14:18:51 ghen Exp $ SHA1 (rsync-2.6.9.tar.gz) = 341618e230ea2e0e551d0ccf06f840d4f824c843 RMD160 (rsync-2.6.9.tar.gz) = 36d270d9f01e9a8e808f426196796001bdd3d5d2 Size (rsync-2.6.9.tar.gz) = 811841 bytes +SHA1 (patch-aa) = f8193d10197d44f78d923b9c2e4809072d25e988 SHA1 (patch-ab) = 1666dbc37c04c219886b2e5d160792e9b9e2b97d diff --git a/net/rsync/patches/patch-aa b/net/rsync/patches/patch-aa new file mode 100644 index 00000000000..a17ada35da8 --- /dev/null +++ b/net/rsync/patches/patch-aa @@ -0,0 +1,62 @@ +$NetBSD: patch-aa,v 1.10.22.1 2007/08/23 14:19:11 ghen Exp $ + +--- sender.c.orig 2006-09-20 02:53:32.000000000 +0100 ++++ sender.c 2007-08-23 14:43:38.000000000 +0100 +@@ -123,6 +123,7 @@ + char fname[MAXPATHLEN]; + struct file_struct *file; + unsigned int offset; ++ size_t l = 0; + + if (ndx < 0 || ndx >= the_file_list->count) + return; +@@ -133,6 +134,20 @@ + file->dir.root, "/", NULL); + } else + offset = 0; ++ ++ l = offset + 1; ++ if (file) { ++ if (file->dirname) ++ l += strlen(file->dirname); ++ if (file->basename) ++ l += strlen(file->basename); ++ } ++ ++ if (l >= sizeof(fname)) { ++ rprintf(FERROR, "Overlong pathname\n"); ++ exit_cleanup(RERR_FILESELECT); ++ } ++ + f_name(file, fname + offset); + if (remove_source_files) { + if (do_unlink(fname) == 0) { +@@ -224,6 +239,7 @@ + enum logcode log_code = log_before_transfer ? FLOG : FINFO; + int f_xfer = write_batch < 0 ? batch_fd : f_out; + int i, j; ++ size_t l = 0; + + if (verbose > 2) + rprintf(FINFO, "send_files starting\n"); +@@ -259,6 +275,20 @@ + fname[offset++] = '/'; + } else + offset = 0; ++ ++ l = offset + 1; ++ if (file) { ++ if (file->dirname) ++ l += strlen(file->dirname); ++ if (file->basename) ++ l += strlen(file->basename); ++ } ++ ++ if (l >= sizeof(fname)) { ++ rprintf(FERROR, "Overlong pathname\n"); ++ exit_cleanup(RERR_FILESELECT); ++ } ++ + fname2 = f_name(file, fname + offset); + + if (verbose > 2) |