From owner-freebsd-ports  Tue Apr  6 15: 2:11 1999
Delivered-To: freebsd-ports@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id CEE0815041
	for <freebsd-ports@FreeBSD.org>; Tue,  6 Apr 1999 15:01:59 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.2/8.9.2) id PAA35018;
	Tue, 6 Apr 1999 15:00:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 21AF214BE0
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  6 Apr 1999 14:59:09 -0700 (PDT)
	(envelope-from Cy.Schubert@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id OAA00717
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 6 Apr 1999 14:59:14 -0700
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda00715; Tue Apr  6 14:59:11 1999
Received: (from cschuber@localhost)
	by passer.osg.gov.bc.ca (8.9.3/8.9.1) id OAA12241;
	Tue, 6 Apr 1999 14:57:07 -0700 (PDT)
Message-Id: <199904062157.OAA12241@passer.osg.gov.bc.ca>
Date: Tue, 6 Apr 1999 14:57:07 -0700 (PDT)
From: Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>
Reply-To: cschuber@uumail.gov.bc.ca
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: ports/10987: New Rsync Fixes Security Hole
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         10987
>Category:       ports
>Synopsis:       New Rsync Fixes Security Hole
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr  6 15:00:01 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator:     Cy Schubert
>Release:        FreeBSD 3.1-RELEASE i386
>Organization:
ITSD Province of BC
>Environment:

	FreeBSD passer.osg.gov.bc.ca 3.1-RELEASE FreeBSD 3.1-RELEASE #0: Wed Mar 31 06:51:21 PST 1999     root@passer.osg.gov.bc.ca:/opt/usr_src-310/sys/compile/PASSER  i386

>Description:

	Please see http://rsync.samba.org/cgi-bin/rsync?findid=1706
	for a full description of the problem.  The security bug
	exists in all previous versions or rsync.

>How-To-Repeat:

	Please see http://rsync.samba.org/cgi-bin/rsync?findid=1706.

>Fix:
	
	Enclosed is a new port in uuencode format that will build
	rsync-2.3.1.

begin 644 rsync-990406.tar.gz
M'XL(`..`"C<``^T\;7O:QK+]:OV*"4EC""!+XLW&)8\=3!(W-N8:)VGN21^Z
M2`NH%A)'+W9HZO/;[\RN!#(F=GKJ.O><:IX$A#0[.SNS\[*S*_O!W#7+.SM:
M5:MO???7`%2U1JT&WP'HC5HU_9V`!E!O:$9-TRH:7NL(M>^@]A?Q<PVB(&0^
MP'>N>1'<AG?7\_]0\-/Z']D.#^Y_%GRU_JN-6AT?@&X8U7JF_X>`-?J?6O<L
M>%W3ZM5$W]H:_3>JJ_JO&VC_VOVRL1X2_?N>%]Z&]U^J_^.#&N3E)##4BJJK
M*`UU_%L!6K"C-9C&N*97]895J_):Q1QN5X=:?6?(]+JA*=^:]PS^/%RS_QD+
MS<G]1X"O\__U2KU:,_1ZA>R_5F]D_O\A8*W^Q7>9L7OJ8^G_U^J_4A7^'UT_
M9H"8^.'CJD'Z?U#__S?5?[E<!M-S1_8X\KGJ^?9XXZ5OPX^1@TH"K=&LUILU
M'?2=G6VE6"PN<07:?C1&98%F-#6]6=N1:'M[4,:+>JD.1?FMP]Z>`B-;`<MS
MN0)*<>3YP,S!*')-L%V8G@<AG\Z4HN4I16Y./'B"3UW(X70TSVUW#-3@2=PB
MEU-55?PR<Z`_?UJ/V^06S#4-7$DT87UK>/ZTIA3M$?`+YD`NY$$('W._"!*;
M3S8W/V\2Y0N!/$A:;18#'EYM_O(QAY$1+W.[$$ZXJQ0!TOSF38:=6H45[IR`
M$Z;)0G@N1$B=JH3#/X7PPP^=DY=*\;%CNQR0\^W42')XWW9-)[*XO&OQ4:!.
M\/;6,^C/26PPX<SB/H0>X$.B,1@$832$*3-]+P#F6C#Q9GP4.<X<1OP29KX7
M>N%\QH,2L05P.;'-";+G"N8<VPSAT@[QSH0M!9<O[,*0.]ZE"O!L*\77#RP(
MN!^JD^>"JY,+[OLVWF?N',:F::"&0^Z[*.Q%Q\0LN_!L"Y$`T3T_)HKMWW.(
M`B[['G*3T0^D`%-[/,%/\DTD>_!Y&/DN"'+>")CH2XYG&-E.B/.*ADYJ`CM$
M.?CC:,J1T)*+2R]R+`A"VW&`S6;./.9B==Q*$2<,L<!L-U^`S_0;.3U#+EYU
MWT(;''OH,W\>*R#`3NU`S#HB$-J>&\0RMD.PIS.'$R.!9)9$X5RR.39@MB,%
MW^F>]#_TD9N^-^4I(LQ'L9IAQ$B5+IMR2](($`W[Q*E.[BRD"T%G,$AD`*[G
M3U$%U`ALFA78J\V"A3)',?,6Y.7\6<S]`OS^^XV'@^5CDI=WSF&*D_RQG.O7
M9/>8NY8](IGM)DK3=N%**8IICQU_AKRP16%):2.NZ$TT32*&MG'^,5<@@ZKM
MQNC)_0(8XNX5/'T*PIS+P<+*EG;J3Z'LCQ8/G@G;%2Y@C;VWYCS(+2UWU;\(
M5:$T<"J-?3:%2Q8T8\<BS?R&D<?/_A@3KH<\H-\L4K-KK>CFEYU8BM9F0DRZ
M+AK6BNL2\@US.7H4.RR:4G33EVR\WG_7&?RR\'/":_\.H0^;;&CBQ!A/[%_/
MG:GKS?[IX^2XN/PT_VT3-O=?M`\Z+U^]/OSQS=%Q]Z3W/Z?]L[?OWO_TX7\W
M?UFX0^D/I5=;>,+8CSU9\@!Z/%U@52DQ]RBJF'D2C8@S18PT\,5H<NGY\MH5
M+F494A1`L0J!YIZ0`PT&IC>=V3C3QK$$8P%^Z]A]'W!;_C>\IS[NR/^@:C0H
M_ZMI>EW#58#(_ZH/O?[_&^=_8@ZH$YG]O4>O]F/D4O9G5)K56E,SEME?C'D3
M";/V1>YGZ*4&%,4GI7V),9_V/W3;@]/^ZT&G^PYRBY\YLM+K2-W]XP[D1&<Y
MI7SMV<&@?=)]";DM'II;`L-2R8'(A.CK4"G@I?I\L=]^\[8WZ+]]^?+P)\C]
MBQCZUFIY,+C-_LU[ZN,N^\<%X$W[S]9_#P)D_\?LG%/I5[7=I0\X9G-`OVP8
MS5JU6=&6/B"%O>H'&DTCM0;<)C>P'7L!!8X.7_1;>_2)/]OMUEZ[O:>4VR^/
M]E_A??F]IQ17;D#Y(&7,+4P&/_=..VBH5ZMF_5$XDL-N_VS_Z*A]?-#:BZ_W
M_D[V_$?A-ONW[JF/.^._OMC_:6@U7=J_EMG_0\"R_H,)0&+_QYZ+9NX#1?5*
M$RU;%Q6@G50%2&!OG$4<]F<HOCKJ#(V_J54EHL@#*O52!1,!_$I\`(;H`QET
M,<6>>Q%,V`47J]/`,\]YN%A'Y\N.O%.0ZU-X'+D8KD&L1,B'G+3?=,[B9?@7
M2,9%I<7J.5GIIB@=O^F?=8Y[2.=;Z^%;P6WV/[FG/NZP?Z-67]I_33>$_3?J
MF?T_!"SS?UW:?LJDM6VTYZ9>7]I^C+EB]Y6=9JVQM'M]FPR^*+_([M7^:\SW
MWW:[A]U7L-^5V3GT.Z?O.J<Y]`IJKX>?^ZXD#P'W+[A/-:I%O<6"**"U.HMO
M`24@<45M**IN+')";**43>9082:5'7Q\*O.#IRKT',X"=#9<>HAKS_.U`DR9
M"S,VYJ)`,/5\KA1C>M]_+]..[[^_+\I@NR,JR9%K(@J)'(2T.C_M'_>..GT4
M#XFTOETIZ>A+Q7=5"-5B?"H;'HZHZ.=:S+>0YBP*17DO\:BB_"D%>RG*G$$0
M38E)AGBA0KA#3K+U,8^[L!F2X*%5`@\;^I<VU5Y#V=+B(4-YCWQO*L9H1K[/
M7201<G]J4WF72HU#;E+)DL&0F>=CWT-OF^*5*J;REZ3I<R:JDZBWE&+S-V5<
M`&S"J7_\Y7*3:K$6)^7CG'!L*NMB[ZBN-)G;E/:5!)'#8.91"=7#RW]&/*!*
MLFEZOH5"<^8TJ/X?4#H)T7:"6.&'O?@S]W'THAS+H/7R\*CS<=0CTSBC.G(P
MXZ8]LGE<M!6U])!?,P54IZN4B8G$%M9/4T$/_WFN,\?Q./R"X4`O:8Z4R[%B
MT(K^NEE?3/-X%_FOY'8A(&N]6&>>'[9Z)Z=G4JAB;5)KB-5)+5F?I&R/Q-]?
M^*7R3=:4XFV,7Z/5[W1@_ZA_LB#WK?W]*MP6_^U[ZN/._=^ZL3C_IU<J<O^W
MDL7_AX!%_)>+:+7VI2R@L9(%)/@KN4"UTJQIRUR@+E*!>I()I%P66DMB*5TO
MC`,2Y>_!1&S*N5Z(?B7>N[J6&#!X_;8'@3VFD(-N&7V+B0$$PY3PT4E(@8^C
M?/O]&L<RZB612+A.]"\^+XM6BX@@_+]27$_RT2-I_(\>_1GB2=A9%_U?'9V\
MV#^"D][9X4DWR0%T0Q14Y)=P6;&#0VN=+,(%AQS]SH$W(]*IV"$<K^UCEQXN
ML&Q7+KN$2`-%<!O([60<\I2=8PB_P$C%AC0*5VYH3CTK$IH#^(":FJ+MQ!W,
M)8+L5"F3NQ>#E2V(P*W:D`<"UK6X6]BK_E[N'=-QOE@HF!_EEC=SI)/0CWCI
MYLP2*8E$BU>P.Z*4+;Y(Y#0_IVR.TA(3$V?L#/.I2TP&`G`\=TR[\!B)85OL
M7C,30W5`9QX^;H9BORD=GU!7OI@@KK<(B"0%XBH7<-/GF&F06A)=EF3W)'1S
MXGD!)5FTFZN4\T&$DF/!.B''E%`6!2'HZ[A?$N]*JQ41!Z%/1P1053Q(S[ST
M_<4,Q(Q'Y(><ML`Y996`HR3S%C*N&D+&\DM,ZZ&/]'`N.AYZ"F;:CAW.H87R
MQ:2D!C%">69;TL1:*ZD./E"*Z:<7S-_"Y/8Z1FQN^'W0CQFI546.'7\3*PF0
M11$EBX5L"^/`\@GFNN)(00O:[_IHZC,OL(5]Y2E91&O#G"VB%#RT39'I%Y9M
MZ0&==,`ITL(9:5MCG)-!%%`FE^"DY\&-D<8/Y7;M&NP[E"M'W\%/*0B1[9`>
MUV+'2R[AFQW/.T\=.7#L<R[LOZD4J?T=_7X=I5A!4B[-Z9P,+5&^4%==N$/Y
M]<<SN-O\RG]6!O?GX+;\[]=[ZN.N^H]>I?-_=:U1J31TV@O2JQ5-S_*_AP#*
M_^A4DVHN2[]T^,_0XFS.:"RW?B2B./EW@GX>=D#7FT:UJ6G+79^=>FD;BN)3
MUGQ1ONC\Q`DNRQN84RLO3E<]PZN2O)IBW,?X$/\BCQA?DM\M4<-GHX'M)E=>
M%*(7_:R4-R06\\?!/W"._;R+MPC'+N$MLZ65Z+31KE)<Q2O):R-N5%QI1-\&
M73C<71"!F$CHG9>>81K5ZKX].J+;_!.MQ\7P1(0:R%PB]4@V%(8VH!'MQNG<
M3DFG$Y+X79'A9F/CBCX$G\1$L?@S>O%8.D@P.4<E40R!8TBD-'5\+GD8R`@<
MY`5ZZ:G`+^RN)9!3<]@#"G"U^Q7*]@CR(AP^?2KU4P"Z+>+9*DW92!!=PY#D
MIT!*NR(2F/OD[9:V"_8/@@9>%(N%A#CJ`HHMG$P^7LD!_</^N0!%T,7IO!3?
MU'4\QPI3YJ!6\H']&_=&XF8!GD%>4(-:H2#96QFRD$4\UC35%I#2%RR-/<R4
M/6\J:7Q!,,BP.9NGR)1B.6D_2TU0RH?CUE?&36<,93=$@877*.0@)QM_X?E"
M/`+I*I8.CHY^7P&=GQ+T$ZW=&'O\;-V8;D[09&Y<D;5?5X,TDF_MXS+X,ER/
M_^?CO^(=T*][_Z/6T"L5HVZ(]S\;NI&]__$0<$/_[9/CXT[W[#[[N&O_'W6/
M_PVMIAE:PZ#W/XQ&]O['P\`^N#RDTH1<E5DVK>&'$87I+9H:$]]S[4`L70'O
MTEI<S1SZ?P_<L/^#3K]]>K]]W&'_:.W55?NO-;+S/P\"LOXI-HQ]/G.8*=Y,
M$85(3%QEC7/"`MK)FXL=/!AQ%D8^#U1,]ZAU0#4L65Z61W:!.6-<2X:3:2[>
MHI_YWH5M42T,<!4PAQ$+0J":CV=13\K0M]VQV(/F4]H+$,5H6E)Y(`X<P"&M
M'9/7:H9SL3%`^+]2,92VCW%=-.(^=TW13C`CB8A7H"1W]*I(2;P6@RM(D/4Y
M(B+&./3"B1)0=<H;)4UQL#,<J-@*#L%SQ6M&1`E[#Y)KH@I#CL/@$^9:JB(V
M+:F`'L3%988K!1QH:FQ?Y685>G\),9D3S:#7ZVWUCPY[V/6%C;BD)%51:.>D
M!(M2H^S/D^-'>8>V*TG&:TALL:@Z,VA[TUF$*U3HFS9)#LZX.7%M7,/"*:<]
MTX32BE9IRS5^]<M*A)T>4$F<`Z`N%AL(+%!&X:RYM16PZ9"IS(U4;D4JB[9F
MT5`6W[9"['W@BX[56:`H&^4R'#"<-QMY#R<(=_?,0(U,"V\%U+J0A:%[@!O^
MOW=TV+_7[._N_$^OK^;_1ETS,O__$#"TXXT1)9B@P]NRO+@8OG7:V3\X[MRX
MW3[I?3CLOKIQ/VV^(?^D[%FV[T]A!2VSV?]G<,W^DZ/]]]S'7?5_K=%8_/V7
MFJC_&PT]R_\>!!X#_]0,@]:V\ABZ]&HXVB\=O'0<>39!9#(B9\$,ITGJDG;\
M&-YQ/R"$./NPFM*7JW75P*<'XH2:C[EB\H2@CWD4_<V`2HDV#.J(]W[B39?/
M$Q!Q'TXV7U#<AR_%_\?8_LDADD_F;>D"^S?$^VH[6YJ^I>/E-FU0Z'4(3)_-
M9G/H?)K!$VRJ'&"<HQ?-6ANI/W^CM/?/.J].3@\[_=8&KHR5X_W^6>=TT#\\
MHSMW)C$`'Y6-!"UR`SODB&"JUKE`BES[TQI,_%01FX=JP)=XS)HFSOD&]B@J
M#[F/N:=JI5K$2_FXC8+,'W;/\'_GM"7$&LOQI<_YB_Z!ZOEC1?E@O&EM;$Q"
M05J>[Y7CPZ<QH;EQKD["J:,HK[IOQ7LXAZ_>GJ+@YCS`/KHZ$HA/!M//6O(S
M.2*D*)A&EY<O3RL;>T\^'[^[@B>?WY^^Z9^VK^*.]9MW5-L5Z/W.P164.6P&
MS>7AN^;B9:#F>%.*:!T!>'Z3+O+D!6'9=M'\'8=8H@06I\;B]:)E9%3M$3R*
MWW_/=T_H).'!2;M?D.-X<W!X>I5JMQKQD*7X1:3!P?[9?GK4,L3^>VWC./SO
M-5X)UK<04>6>$\H@^6,/P\!21</I^?,LG&>000899)!!!AEDD$$&&6200089
H9)!!!AEDD$$&&62000899)!!!AEDD$$&&620P;>`_P-#[PO[`'@``&20
`
end


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message