summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authortron <tron@pkgsrc.org>2004-08-14 14:15:51 +0000
committertron <tron@pkgsrc.org>2004-08-14 14:15:51 +0000
commit6a4753f93ebdd6aa89e2b5209c47a0a04c6a9651 (patch)
tree291ff4f1fd6537923148dc499182e28bc479b363 /net
parent62461cc8570292b8e5c4b1bde872e554e4c52946 (diff)
downloadpkgsrc-6a4753f93ebdd6aa89e2b5209c47a0a04c6a9651.tar.gz
Fix path-sanitizing bug which allows unauthorized remote file access.
Bump package revision because of that.
Diffstat (limited to 'net')
-rw-r--r--net/rsync/Makefile3
-rw-r--r--net/rsync/distinfo3
-rw-r--r--net/rsync/patches/patch-ac13
3 files changed, 17 insertions, 2 deletions
diff --git a/net/rsync/Makefile b/net/rsync/Makefile
index c678e8fc54c..19890ae5d85 100644
--- a/net/rsync/Makefile
+++ b/net/rsync/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.54 2004/05/11 07:15:59 uebayasi Exp $
+# $NetBSD: Makefile,v 1.55 2004/08/14 14:15:51 tron Exp $
DISTNAME= rsync-2.6.2
+PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= http://rsync.samba.org/ftp/rsync/ \
ftp://rsync.samba.org/pub/rsync/ \
diff --git a/net/rsync/distinfo b/net/rsync/distinfo
index a0955894a47..898a67f3ef0 100644
--- a/net/rsync/distinfo
+++ b/net/rsync/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.14 2004/05/04 11:36:19 tron Exp $
+$NetBSD: distinfo,v 1.15 2004/08/14 14:15:51 tron Exp $
SHA1 (rsync-2.6.2.tar.gz) = 0262108be42883c394865a447ffa32f5407ebf3f
Size (rsync-2.6.2.tar.gz) = 515402 bytes
SHA1 (patch-aa) = ebf163297b20362cf1f9f6629490398a8a9a265b
SHA1 (patch-ab) = bfd70127ce8946879c73b673dc983755abab83ad
+SHA1 (patch-ac) = 9bfdd91c7d53258f981f332fe4dbf2ad1c39a86b
diff --git a/net/rsync/patches/patch-ac b/net/rsync/patches/patch-ac
new file mode 100644
index 00000000000..646fbf5d51e
--- /dev/null
+++ b/net/rsync/patches/patch-ac
@@ -0,0 +1,13 @@
+$NetBSD: patch-ac,v 1.9 2004/08/14 14:15:51 tron Exp $
+
+--- util.c.orig 2004-04-27 21:59:37.000000000 +0200
++++ util.c 2004-08-14 16:11:22.000000000 +0200
+@@ -743,7 +743,7 @@
+ allowdotdot = 1;
+ } else {
+ p += 2;
+- if (*p == '/')
++ while (*p == '/')
+ p++;
+ if (sanp != start) {
+ /* back up sanp one level */