HEADS UP! Watch out for security on your machines and exploits!
Peter Pentchev
roam at ringlet.net
Thu Dec 4 05:24:24 PST 2003
On Thu, Dec 04, 2003 at 03:23:03PM +0200, Peter Pentchev wrote:
> On Thu, Dec 04, 2003 at 01:37:20PM +0100, Lukas Ertl wrote:
> > On Wed, 3 Dec 2003, Peter Wemm wrote:
> >
> > > Please take EXTRA care to watch your mirrors for 'funny stuff' and make damn
> > > sure that you're fully up todate with patches.
> > >
> > > Being a cvsup*/ftp*/etc mirror means that you're going to be scanned and
> > > probed. Especially now.
> >
> > (I'm cc'ing ports@ on this.)
> >
> > Since the gentoo hack was obviously made through a vunerable version of
> > rsync, I ask if it's possible to update the rsync port to the new version.
>
> I sent a patch to update rsync to 2.5.7 to Oliver Eikemeier, the port
> maintainer, earlier today.
Err.. for those who would like to use the fixed version of rsync, here
is the patch.
G'luck,
Peter
--
Peter Pentchev roam at ringlet.net roam at sbnd.net roam at FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
If this sentence didn't exist, somebody would have invented it.
-------------- next part --------------
Index: ports/net/rsync/Makefile
===================================================================
RCS file: /home/ncvs/ports/net/rsync/Makefile,v
retrieving revision 1.86
diff -u -r1.86 Makefile
--- ports/net/rsync/Makefile 16 Nov 2003 23:08:12 -0000 1.86
+++ ports/net/rsync/Makefile 4 Dec 2003 08:30:44 -0000
@@ -7,8 +7,8 @@
#
PORTNAME= rsync
-PORTVERSION= 2.5.6
-PORTREVISION= 2
+PORTVERSION= 2.5.7
+PORTREVISION= 0
CATEGORIES= net ipv6
MASTER_SITES= ftp://samba.anu.edu.au/pub/rsync/ \
ftp://sunsite.auc.dk/pub/unix/rsync/ \
Index: ports/net/rsync/distinfo
===================================================================
RCS file: /home/ncvs/ports/net/rsync/distinfo,v
retrieving revision 1.33
diff -u -r1.33 distinfo
--- ports/net/rsync/distinfo 28 Jan 2003 16:50:01 -0000 1.33
+++ ports/net/rsync/distinfo 4 Dec 2003 08:32:17 -0000
@@ -1 +1 @@
-MD5 (rsync-2.5.6.tar.gz) = ec39fcea433df4d6a3a4e0896c655535
+MD5 (rsync-2.5.7.tar.gz) = 9b3ec929091d7849f42b973247918a55
Index: ports/net/rsync/files/patch-util.c
===================================================================
RCS file: ports/net/rsync/files/patch-util.c
diff -N ports/net/rsync/files/patch-util.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ ports/net/rsync/files/patch-util.c 4 Dec 2003 08:58:32 -0000
@@ -0,0 +1,14 @@
+--- util.c.old Thu Dec 4 10:57:42 2003
++++ util.c Thu Dec 4 10:58:23 2003
+@@ -936,7 +936,11 @@
+ #endif
+
+
++#ifdef SIZE_T_MAX
++#define MALLOC_MAX (SIZE_T_MAX / 2)
++#else /* SIZE_T_MAX */
+ #define MALLOC_MAX 0x40000000
++#endif /* SIZE_T_MAX */
+
+ void *_new_array(unsigned int size, unsigned long num)
+ {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hubs/attachments/20031204/0d6edf59/attachment.bin
More information about the freebsd-hubs
mailing list