diff options
| author | tron <tron@pkgsrc.org> | 2007-08-23 13:47:50 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2007-08-23 13:47:50 +0000 |
| commit | a8492608b487452889e051b71acdf4aa16e476a2 (patch) | |
| tree | 7bcc28dea1083a3ddb007d5f54865aada20ce6f9 /net/rsync | |
| parent | 25d369403fc4ef5052e5cae4ec245a50f386ec11 (diff) | |
| download | pkgsrc-a8492608b487452889e051b71acdf4aa16e476a2.tar.gz | |
Add SuSE's patch to fix the vulnerability reported in CVE-2007-4091.
Bump package revision.
Diffstat (limited to 'net/rsync')
| -rw-r--r-- | net/rsync/Makefile | 3 | ||||
| -rw-r--r-- | net/rsync/distinfo | 3 | ||||
| -rw-r--r-- | net/rsync/patches/patch-aa | 62 |
3 files changed, 66 insertions, 2 deletions
diff --git a/net/rsync/Makefile b/net/rsync/Makefile index 4b3f46e57e7..252ab1b5c44 100644 --- a/net/rsync/Makefile +++ b/net/rsync/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.67 2006/11/18 09:12:53 adam Exp $ +# $NetBSD: Makefile,v 1.68 2007/08/23 13:47:50 tron Exp $ DISTNAME= rsync-2.6.9 CATEGORIES= net +PKGREVISION= 1 MASTER_SITES= http://rsync.samba.org/ftp/rsync/ \ ftp://rsync.samba.org/pub/rsync/ \ http://rsync.samba.org/ftp/rsync/old-versions/ \ diff --git a/net/rsync/distinfo b/net/rsync/distinfo index 41809e042a4..0c8e1dab10c 100644 --- a/net/rsync/distinfo +++ b/net/rsync/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.25 2006/11/18 09:12:53 adam Exp $ +$NetBSD: distinfo,v 1.26 2007/08/23 13:47:50 tron Exp $ SHA1 (rsync-2.6.9.tar.gz) = 341618e230ea2e0e551d0ccf06f840d4f824c843 RMD160 (rsync-2.6.9.tar.gz) = 36d270d9f01e9a8e808f426196796001bdd3d5d2 Size (rsync-2.6.9.tar.gz) = 811841 bytes +SHA1 (patch-aa) = f8193d10197d44f78d923b9c2e4809072d25e988 SHA1 (patch-ab) = 1666dbc37c04c219886b2e5d160792e9b9e2b97d diff --git a/net/rsync/patches/patch-aa b/net/rsync/patches/patch-aa new file mode 100644 index 00000000000..cde3138330d --- /dev/null +++ b/net/rsync/patches/patch-aa @@ -0,0 +1,62 @@ +$NetBSD: patch-aa,v 1.11 2007/08/23 13:47:50 tron Exp $ + +--- sender.c.orig 2006-09-20 02:53:32.000000000 +0100 ++++ sender.c 2007-08-23 14:43:38.000000000 +0100 +@@ -123,6 +123,7 @@ + char fname[MAXPATHLEN]; + struct file_struct *file; + unsigned int offset; ++ size_t l = 0; + + if (ndx < 0 || ndx >= the_file_list->count) + return; +@@ -133,6 +134,20 @@ + file->dir.root, "/", NULL); + } else + offset = 0; ++ ++ l = offset + 1; ++ if (file) { ++ if (file->dirname) ++ l += strlen(file->dirname); ++ if (file->basename) ++ l += strlen(file->basename); ++ } ++ ++ if (l >= sizeof(fname)) { ++ rprintf(FERROR, "Overlong pathname\n"); ++ exit_cleanup(RERR_FILESELECT); ++ } ++ + f_name(file, fname + offset); + if (remove_source_files) { + if (do_unlink(fname) == 0) { +@@ -224,6 +239,7 @@ + enum logcode log_code = log_before_transfer ? FLOG : FINFO; + int f_xfer = write_batch < 0 ? batch_fd : f_out; + int i, j; ++ size_t l = 0; + + if (verbose > 2) + rprintf(FINFO, "send_files starting\n"); +@@ -259,6 +275,20 @@ + fname[offset++] = '/'; + } else + offset = 0; ++ ++ l = offset + 1; ++ if (file) { ++ if (file->dirname) ++ l += strlen(file->dirname); ++ if (file->basename) ++ l += strlen(file->basename); ++ } ++ ++ if (l >= sizeof(fname)) { ++ rprintf(FERROR, "Overlong pathname\n"); ++ exit_cleanup(RERR_FILESELECT); ++ } ++ + fname2 = f_name(file, fname + offset); + + if (verbose > 2) |