[pkgsrc/trunk]: pkgsrc/net/rsync Fix path-sanitizing bug which allows unautho...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/net/rsync Fix path-sanitizing bug which allows unautho...
From: tron <tron%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 00:27:44 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c0a24f8efba0
branches:  trunk
changeset: 479440:c0a24f8efba0
user:      tron <tron%pkgsrc.org@localhost>
date:      Sat Aug 14 14:15:51 2004 +0000

description:
Fix path-sanitizing bug which allows unauthorized remote file access.
Bump package revision because of that.

diffstat:

 net/rsync/Makefile         |   3 ++-
 net/rsync/distinfo         |   3 ++-
 net/rsync/patches/patch-ac |  13 +++++++++++++
 3 files changed, 17 insertions(+), 2 deletions(-)

diffs (41 lines):

diff -r 0c3424a3b2cb -r c0a24f8efba0 net/rsync/Makefile
--- a/net/rsync/Makefile        Sat Aug 14 14:02:26 2004 +0000
+++ b/net/rsync/Makefile        Sat Aug 14 14:15:51 2004 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.54 2004/05/11 07:15:59 uebayasi Exp $
+# $NetBSD: Makefile,v 1.55 2004/08/14 14:15:51 tron Exp $
 
 DISTNAME=      rsync-2.6.2
+PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  http://rsync.samba.org/ftp/rsync/ \
                ftp://rsync.samba.org/pub/rsync/ \
diff -r 0c3424a3b2cb -r c0a24f8efba0 net/rsync/distinfo
--- a/net/rsync/distinfo        Sat Aug 14 14:02:26 2004 +0000
+++ b/net/rsync/distinfo        Sat Aug 14 14:15:51 2004 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.14 2004/05/04 11:36:19 tron Exp $
+$NetBSD: distinfo,v 1.15 2004/08/14 14:15:51 tron Exp $
 
 SHA1 (rsync-2.6.2.tar.gz) = 0262108be42883c394865a447ffa32f5407ebf3f
 Size (rsync-2.6.2.tar.gz) = 515402 bytes
 SHA1 (patch-aa) = ebf163297b20362cf1f9f6629490398a8a9a265b
 SHA1 (patch-ab) = bfd70127ce8946879c73b673dc983755abab83ad
+SHA1 (patch-ac) = 9bfdd91c7d53258f981f332fe4dbf2ad1c39a86b
diff -r 0c3424a3b2cb -r c0a24f8efba0 net/rsync/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/rsync/patches/patch-ac        Sat Aug 14 14:15:51 2004 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ac,v 1.9 2004/08/14 14:15:51 tron Exp $
+
+--- util.c.orig        2004-04-27 21:59:37.000000000 +0200
++++ util.c     2004-08-14 16:11:22.000000000 +0200
+@@ -743,7 +743,7 @@
+                               allowdotdot = 1;
+                       } else {
+                               p += 2;
+-                              if (*p == '/')
++                              while (*p == '/')
+                                       p++;
+                               if (sanp != start) {
+                                       /* back up sanp one level */

Prev by Date: [pkgsrc/trunk]: pkgsrc/doc Note update of "rsync" package to version 2.6.2nb1.
Next by Date: [pkgsrc/trunk]: pkgsrc/doc musicpd has been updated to 0.11.4 (thanks Simon!).
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc Note update of "rsync" package to version 2.6.2nb1.
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc musicpd has been updated to 0.11.4 (thanks Simon!).
Indexes:

Home | Main Index | Thread Index | Old Index