pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/rsync Fix path-sanitizing bug which allows unautho...
details: https://anonhg.NetBSD.org/pkgsrc/rev/c0a24f8efba0
branches: trunk
changeset: 479440:c0a24f8efba0
user: tron <tron%pkgsrc.org@localhost>
date: Sat Aug 14 14:15:51 2004 +0000
description:
Fix path-sanitizing bug which allows unauthorized remote file access.
Bump package revision because of that.
diffstat:
net/rsync/Makefile | 3 ++-
net/rsync/distinfo | 3 ++-
net/rsync/patches/patch-ac | 13 +++++++++++++
3 files changed, 17 insertions(+), 2 deletions(-)
diffs (41 lines):
diff -r 0c3424a3b2cb -r c0a24f8efba0 net/rsync/Makefile
--- a/net/rsync/Makefile Sat Aug 14 14:02:26 2004 +0000
+++ b/net/rsync/Makefile Sat Aug 14 14:15:51 2004 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.54 2004/05/11 07:15:59 uebayasi Exp $
+# $NetBSD: Makefile,v 1.55 2004/08/14 14:15:51 tron Exp $
DISTNAME= rsync-2.6.2
+PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= http://rsync.samba.org/ftp/rsync/ \
ftp://rsync.samba.org/pub/rsync/ \
diff -r 0c3424a3b2cb -r c0a24f8efba0 net/rsync/distinfo
--- a/net/rsync/distinfo Sat Aug 14 14:02:26 2004 +0000
+++ b/net/rsync/distinfo Sat Aug 14 14:15:51 2004 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.14 2004/05/04 11:36:19 tron Exp $
+$NetBSD: distinfo,v 1.15 2004/08/14 14:15:51 tron Exp $
SHA1 (rsync-2.6.2.tar.gz) = 0262108be42883c394865a447ffa32f5407ebf3f
Size (rsync-2.6.2.tar.gz) = 515402 bytes
SHA1 (patch-aa) = ebf163297b20362cf1f9f6629490398a8a9a265b
SHA1 (patch-ab) = bfd70127ce8946879c73b673dc983755abab83ad
+SHA1 (patch-ac) = 9bfdd91c7d53258f981f332fe4dbf2ad1c39a86b
diff -r 0c3424a3b2cb -r c0a24f8efba0 net/rsync/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/rsync/patches/patch-ac Sat Aug 14 14:15:51 2004 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ac,v 1.9 2004/08/14 14:15:51 tron Exp $
+
+--- util.c.orig 2004-04-27 21:59:37.000000000 +0200
++++ util.c 2004-08-14 16:11:22.000000000 +0200
+@@ -743,7 +743,7 @@
+ allowdotdot = 1;
+ } else {
+ p += 2;
+- if (*p == '/')
++ while (*p == '/')
+ p++;
+ if (sanp != start) {
+ /* back up sanp one level */
Home |
Main Index |
Thread Index |
Old Index