Fix path-sanitizing bug which allows unauthorized remote file access.

Bump package revision because of that.

3 files changed, 17 insertions, 2 deletions

diff --git a/net/rsync/Makefile b/net/rsync/Makefile
index c678e8fc54c..19890ae5d85 100644
--- a/net/rsync/Makefile
+++ b/net/rsync/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.54 2004/05/11 07:15:59 uebayasi Exp $
+# $NetBSD: Makefile,v 1.55 2004/08/14 14:15:51 tron Exp $
 
 DISTNAME=	rsync-2.6.2
+PKGREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	http://rsync.samba.org/ftp/rsync/ \
 		ftp://rsync.samba.org/pub/rsync/ \
diff --git a/net/rsync/distinfo b/net/rsync/distinfo
index a0955894a47..898a67f3ef0 100644
--- a/net/rsync/distinfo
+++ b/net/rsync/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.14 2004/05/04 11:36:19 tron Exp $
+$NetBSD: distinfo,v 1.15 2004/08/14 14:15:51 tron Exp $
 
 SHA1 (rsync-2.6.2.tar.gz) = 0262108be42883c394865a447ffa32f5407ebf3f
 Size (rsync-2.6.2.tar.gz) = 515402 bytes
 SHA1 (patch-aa) = ebf163297b20362cf1f9f6629490398a8a9a265b
 SHA1 (patch-ab) = bfd70127ce8946879c73b673dc983755abab83ad
+SHA1 (patch-ac) = 9bfdd91c7d53258f981f332fe4dbf2ad1c39a86b
diff --git a/net/rsync/patches/patch-ac b/net/rsync/patches/patch-ac
new file mode 100644
index 00000000000..646fbf5d51e
--- /dev/null
+++ b/net/rsync/patches/patch-ac
@@ -0,0 +1,13 @@
+$NetBSD: patch-ac,v 1.9 2004/08/14 14:15:51 tron Exp $
+
+--- util.c.orig	2004-04-27 21:59:37.000000000 +0200
++++ util.c	2004-08-14 16:11:22.000000000 +0200
+@@ -743,7 +743,7 @@
+ 				allowdotdot = 1;
+ 			} else {
+ 				p += 2;
+-				if (*p == '/')
++				while (*p == '/')
+ 					p++;
+ 				if (sanp != start) {
+ 					/* back up sanp one level */