Date: Thu, 4 Dec 2003 15:24:14 +0200 From: Peter Pentchev <roam@ringlet.net> To: Lukas Ertl <l.ertl@univie.ac.at> Cc: hubs@freebsd.org Subject: Re: HEADS UP! Watch out for security on your machines and exploits! Message-ID: <20031204132414.GC347@straylight.m.ringlet.net> In-Reply-To: <20031204132303.GB347@straylight.m.ringlet.net> References: <20031203234849.7238C2A7EA@canning.wemm.org> <20031204133520.A748@korben.in.tern> <20031204132303.GB347@straylight.m.ringlet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Qrgsu6vtpU/OV/zm Content-Type: multipart/mixed; boundary="RIYY1s2vRbPFwWeW" Content-Disposition: inline --RIYY1s2vRbPFwWeW Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 04, 2003 at 03:23:03PM +0200, Peter Pentchev wrote: > On Thu, Dec 04, 2003 at 01:37:20PM +0100, Lukas Ertl wrote: > > On Wed, 3 Dec 2003, Peter Wemm wrote: > >=20 > > > Please take EXTRA care to watch your mirrors for 'funny stuff' and ma= ke damn > > > sure that you're fully up todate with patches. > > > > > > Being a cvsup*/ftp*/etc mirror means that you're going to be scanned = and > > > probed. Especially now. > >=20 > > (I'm cc'ing ports@ on this.) > >=20 > > Since the gentoo hack was obviously made through a vunerable version of > > rsync, I ask if it's possible to update the rsync port to the new versi= on. >=20 > I sent a patch to update rsync to 2.5.7 to Oliver Eikemeier, the port > maintainer, earlier today. Err.. for those who would like to use the fixed version of rsync, here is the patch. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If this sentence didn't exist, somebody would have invented it. --RIYY1s2vRbPFwWeW Content-Type: text/plain; charset=windows-1251 Content-Disposition: attachment; filename="net-rsync.patch" Content-Transfer-Encoding: quoted-printable Index: ports/net/rsync/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/ports/net/rsync/Makefile,v retrieving revision 1.86 diff -u -r1.86 Makefile --- ports/net/rsync/Makefile 16 Nov 2003 23:08:12 -0000 1.86 +++ ports/net/rsync/Makefile 4 Dec 2003 08:30:44 -0000 @@ -7,8 +7,8 @@ # =20 PORTNAME=3D rsync -PORTVERSION=3D 2.5.6 -PORTREVISION=3D 2 +PORTVERSION=3D 2.5.7 +PORTREVISION=3D 0 CATEGORIES=3D net ipv6 MASTER_SITES=3D ftp://samba.anu.edu.au/pub/rsync/ \ ftp://sunsite.auc.dk/pub/unix/rsync/ \ Index: ports/net/rsync/distinfo =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/ports/net/rsync/distinfo,v retrieving revision 1.33 diff -u -r1.33 distinfo --- ports/net/rsync/distinfo 28 Jan 2003 16:50:01 -0000 1.33 +++ ports/net/rsync/distinfo 4 Dec 2003 08:32:17 -0000 @@ -1 +1 @@ -MD5 (rsync-2.5.6.tar.gz) =3D ec39fcea433df4d6a3a4e0896c655535 +MD5 (rsync-2.5.7.tar.gz) =3D 9b3ec929091d7849f42b973247918a55 Index: ports/net/rsync/files/patch-util.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: ports/net/rsync/files/patch-util.c diff -N ports/net/rsync/files/patch-util.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ ports/net/rsync/files/patch-util.c 4 Dec 2003 08:58:32 -0000 @@ -0,0 +1,14 @@ +--- util.c.old Thu Dec 4 10:57:42 2003 ++++ util.c Thu Dec 4 10:58:23 2003 +@@ -936,7 +936,11 @@ + #endif +=20 +=20 ++#ifdef SIZE_T_MAX ++#define MALLOC_MAX (SIZE_T_MAX / 2) ++#else /* SIZE_T_MAX */ + #define MALLOC_MAX 0x40000000 ++#endif /* SIZE_T_MAX */ +=20 + void *_new_array(unsigned int size, unsigned long num) + { --RIYY1s2vRbPFwWeW-- --Qrgsu6vtpU/OV/zm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/zzV+7Ri2jRYZRVMRAm2IAKC+aQOw/4gijKzOZKrKZAGl6GKQFwCdHda5 WvK2DPFkqPgJfLLNwEmlia4= =KN6+ -----END PGP SIGNATURE----- --Qrgsu6vtpU/OV/zm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031204132414.GC347>