HEADS UP! Watch out for security on your machines and exploits!

Peter Pentchev roam at ringlet.net
Thu Dec 4 05:24:19 PST 2003


On Thu, Dec 04, 2003 at 03:23:03PM +0200, Peter Pentchev wrote:
> On Thu, Dec 04, 2003 at 01:37:20PM +0100, Lukas Ertl wrote:
> > On Wed, 3 Dec 2003, Peter Wemm wrote:
> > 
> > > Please take EXTRA care to watch your mirrors for 'funny stuff' and make damn
> > > sure that you're fully up todate with patches.
> > >
> > > Being a cvsup*/ftp*/etc mirror means that you're going to be scanned and
> > > probed.  Especially now.
> > 
> > (I'm cc'ing ports@ on this.)
> > 
> > Since the gentoo hack was obviously made through a vunerable version of
> > rsync, I ask if it's possible to update the rsync port to the new version.
> 
> I sent a patch to update rsync to 2.5.7 to Oliver Eikemeier, the port
> maintainer, earlier today.

Err.. for those who would like to use the fixed version of rsync, here
is the patch.

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net    roam at sbnd.net    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
If this sentence didn't exist, somebody would have invented it.
-------------- next part --------------
Index: ports/net/rsync/Makefile
===================================================================
RCS file: /home/ncvs/ports/net/rsync/Makefile,v
retrieving revision 1.86
diff -u -r1.86 Makefile
--- ports/net/rsync/Makefile	16 Nov 2003 23:08:12 -0000	1.86
+++ ports/net/rsync/Makefile	4 Dec 2003 08:30:44 -0000
@@ -7,8 +7,8 @@
 #
 
 PORTNAME=	rsync
-PORTVERSION=	2.5.6
-PORTREVISION=	2
+PORTVERSION=	2.5.7
+PORTREVISION=	0
 CATEGORIES=	net ipv6
 MASTER_SITES=	ftp://samba.anu.edu.au/pub/rsync/  \
 		ftp://sunsite.auc.dk/pub/unix/rsync/  \
Index: ports/net/rsync/distinfo
===================================================================
RCS file: /home/ncvs/ports/net/rsync/distinfo,v
retrieving revision 1.33
diff -u -r1.33 distinfo
--- ports/net/rsync/distinfo	28 Jan 2003 16:50:01 -0000	1.33
+++ ports/net/rsync/distinfo	4 Dec 2003 08:32:17 -0000
@@ -1 +1 @@
-MD5 (rsync-2.5.6.tar.gz) = ec39fcea433df4d6a3a4e0896c655535
+MD5 (rsync-2.5.7.tar.gz) = 9b3ec929091d7849f42b973247918a55
Index: ports/net/rsync/files/patch-util.c
===================================================================
RCS file: ports/net/rsync/files/patch-util.c
diff -N ports/net/rsync/files/patch-util.c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ ports/net/rsync/files/patch-util.c	4 Dec 2003 08:58:32 -0000
@@ -0,0 +1,14 @@
+--- util.c.old	Thu Dec  4 10:57:42 2003
++++ util.c	Thu Dec  4 10:58:23 2003
+@@ -936,7 +936,11 @@
+ #endif
+ 
+ 
++#ifdef SIZE_T_MAX
++#define MALLOC_MAX (SIZE_T_MAX / 2)
++#else  /* SIZE_T_MAX */
+ #define MALLOC_MAX 0x40000000
++#endif /* SIZE_T_MAX */
+ 
+ void *_new_array(unsigned int size, unsigned long num)
+ {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20031204/0d6edf59/attachment.bin


More information about the freebsd-ports mailing list