Author: jw Date: 2006-04-05 00:13:20 +0200 (Wed, 05 Apr 2006) New Revision: 1148 Modified: crux-2.1/ports/core/httpup/.md5sum crux-2.1/ports/core/httpup/Pkgfile Log: [SECURITY] there's a potential security problem in httpup < 0.4.0h, allowing malicious repository maintainers to delete files outside the httpup tree. A fixed version 0.4.0h is available for 2.1 cvsup, 2.1 rsync, 2.1 httpup from crux.nu, and 2.2. If you subscribe to untrusted repositories, upgrading is highly recommended. Modified: crux-2.1/ports/core/httpup/.md5sum =================================================================== --- crux-2.1/ports/core/httpup/.md5sum 2006-04-04 22:05:34 UTC (rev 1147) +++ crux-2.1/ports/core/httpup/.md5sum 2006-04-04 22:13:20 UTC (rev 1148) @@ -1,2 +1,2 @@ faa600a1b0349fe78b0eb463cab444df httpup -0c34610acd857265cf259cd7402ca306 httpup-0.4.0g.tar.gz +e8bfabf5853848df60242170c5d288d4 httpup-0.4.0h.tar.gz Modified: crux-2.1/ports/core/httpup/Pkgfile =================================================================== --- crux-2.1/ports/core/httpup/Pkgfile 2006-04-04 22:05:34 UTC (rev 1147) +++ crux-2.1/ports/core/httpup/Pkgfile 2006-04-04 22:13:20 UTC (rev 1148) @@ -4,7 +4,7 @@ # Depends on: curl name=httpup -version=0.4.0g +version=0.4.0h release=1 source=(http://jw.tks6.net/files/crux/${name}-$version.tar.gz httpup)