From owner-cvs-all Wed Jan 23 16:15:19 2002 Delivered-To: cvs-all@freebsd.org Received: from alcatraz.iptelecom.net.ua (alcatraz.iptelecom.net.ua [212.9.224.15]) by hub.freebsd.org (Postfix) with ESMTP id BFCDF37B402; Wed, 23 Jan 2002 16:14:59 -0800 (PST) Received: from ipcard.iptcom.net (ipcard.iptcom.net [212.9.224.5]) by alcatraz.iptelecom.net.ua (8.9.3/8.9.3) with ESMTP id CAA71731; Thu, 24 Jan 2002 02:14:57 +0200 (EET) (envelope-from sobomax@FreeBSD.org) Received: from h198.234.dialup.iptcom.net (h198.234.dialup.iptcom.net [212.9.234.198]) by ipcard.iptcom.net (8.9.3/8.9.3) with ESMTP id CAA75170; Thu, 24 Jan 2002 02:14:54 +0200 (EET) (envelope-from sobomax@FreeBSD.org) Subject: Re: cvs commit: ports/net/rsync Makefile ports/net/rsync/files patch-251-secfix From: Maxim Sobolev To: Robert Watson Cc: "David E. O'Brien" , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, security-officer@FreeBSD.org In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-6qhrSCgRLmiuoxYY7ta8" Message-Id: <1011831273.264.49.camel@notebook> Mime-Version: 1.0 X-Mailer: Evolution/1.0.1 Date: 24 Jan 2002 02:14:39 +0200 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --=-6qhrSCgRLmiuoxYY7ta8 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2002-01-24 at 02:05, Robert Watson wrote: > This might need a ports security advisory, especially since the ports > freeze for RELENG_4_5 has already happened.=20 I think our package-meisters will apply the black magick necessary to include that fix into 4.5. Nevertheless, security advisory is a must because rsync is a very popular beast. -Maxim > Robert N M Watson FreeBSD Core Team, TrustedBSD Project > robert@fledge.watson.org NAI Labs, Safeport Network Services >=20 > On Wed, 23 Jan 2002, David E. O'Brien wrote: >=20 > > obrien 2002/01/23 15:32:21 PST > >=20 > > Modified files: > > net/rsync Makefile=20 > > Added files: > > net/rsync/files patch-251-secfix=20 > > Log: > > Fix a signedness security vunerability discovered by Todd@openbsd.org= where > > rsync was not sufficiently careful about reading integers from the ne= twork. > > This is fixed in the rsync CVS repo by a patch from Sebastian Krahmer > > . > > =20 > > Submitted by: naddy > > Approved by: steve > > Obtained from: rsync CVS repo > > =20 > > Revision Changes Path > > 1.61 +1 -0 ports/net/rsync/Makefile > > 1.1 +315 -0 ports/net/rsync/files/patch-251-secfix (new) > >=20 >=20 >=20 --=-6qhrSCgRLmiuoxYY7ta8 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQA8T1HooNu5t4iCBa8RAq+cAJ9t3vwtyxLawu0uwFeWBaDvnyeP7gCfTRrl jCGptE6AwhNWkEXO+2SfLXY= =OVRz -----END PGP SIGNATURE----- --=-6qhrSCgRLmiuoxYY7ta8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message