From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Dec 4 06:20:16 2003 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5601916A4CE for ; Thu, 4 Dec 2003 06:20:16 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 864DF43FDD for ; Thu, 4 Dec 2003 06:20:12 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id hB4EKCFY047454 for ; Thu, 4 Dec 2003 06:20:12 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id hB4EKC6n047453; Thu, 4 Dec 2003 06:20:12 -0800 (PST) (envelope-from gnats) Resent-Date: Thu, 4 Dec 2003 06:20:12 -0800 (PST) Resent-Message-Id: <200312041420.hB4EKC6n047453@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Simon Barner Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4237916A4CE; Thu, 4 Dec 2003 06:13:59 -0800 (PST) Received: from mailout.informatik.tu-muenchen.de (mailout.informatik.tu-muenchen.de [131.159.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20BD043FBF; Thu, 4 Dec 2003 06:13:58 -0800 (PST) (envelope-from barner@in.tum.de) Received: from zi025.glhnet.mhn.de (localhost.glhnet.mhn.de. [127.0.0.1]) by zi025.glhnet.mhn.de (8.12.9p2/8.12.9) with ESMTP id hB4ECcou008572; Thu, 4 Dec 2003 15:12:38 +0100 (CET) (envelope-from simon@zi025.glhnet.mhn.de) Received: (from simon@localhost) by zi025.glhnet.mhn.de (8.12.9p2/8.12.9/Submit) id hB4ECcmi008571; Thu, 4 Dec 2003 15:12:38 +0100 (CET) (envelope-from simon) Message-Id: <200312041412.hB4ECcmi008571@zi025.glhnet.mhn.de> Date: Thu, 4 Dec 2003 15:12:38 +0100 (CET) From: Simon Barner To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: eik@FreeBSD.org Subject: ports/59952: [security update] [non-maintainer] rsync -> 2.5.7 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Simon Barner List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Dec 2003 14:20:16 -0000 >Number: 59952 >Category: ports >Synopsis: [security update] [non-maintainer] rsync -> 2.5.7 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Dec 04 06:20:12 PST 2003 >Closed-Date: >Last-Modified: >Originator: Simon Barner >Release: FreeBSD 4.9-PRERELEASE i386 >Organization: >Environment: System: FreeBSD zi025.glhnet.mhn.de 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #1: Thu Sep 4 20:49:53 CEST 2003 simon@zi025.glhnet.mhn.de:/usr/src/sys/compile/KISTE i386 >Description: According to http://rsync.samba.org/, there is a remotely exploitable heap overflow in the rsync daemon. (This bug and a recent local Linux exploit were used to compromise one of the Gentoo project's rsync servers!) >How-To-Repeat: N/A >Fix: Index: rsync/Makefile =================================================================== RCS file: /home/ncvs/ports/net/rsync/Makefile,v retrieving revision 1.86 diff -u -r1.86 Makefile --- rsync/Makefile 16 Nov 2003 23:08:12 -0000 1.86 +++ rsync/Makefile 4 Dec 2003 14:05:35 -0000 @@ -7,8 +7,7 @@ # PORTNAME= rsync -PORTVERSION= 2.5.6 -PORTREVISION= 2 +PORTVERSION= 2.5.7 CATEGORIES= net ipv6 MASTER_SITES= ftp://samba.anu.edu.au/pub/rsync/ \ ftp://sunsite.auc.dk/pub/unix/rsync/ \ Index: rsync/distinfo =================================================================== RCS file: /home/ncvs/ports/net/rsync/distinfo,v retrieving revision 1.33 diff -u -r1.33 distinfo --- rsync/distinfo 28 Jan 2003 16:50:01 -0000 1.33 +++ rsync/distinfo 4 Dec 2003 14:05:35 -0000 @@ -1 +1 @@ -MD5 (rsync-2.5.6.tar.gz) = ec39fcea433df4d6a3a4e0896c655535 +MD5 (rsync-2.5.7.tar.gz) = 9b3ec929091d7849f42b973247918a55 >Release-Note: >Audit-Trail: >Unformatted: