commit 4222576ab7fac83dd98447a2f9efb0fe7b9bc272 Author: Juergen Daubert <jue@jue.li> Date: Fri Aug 24 08:33:40 2007 +0200 [notify] rsync: fix for CVE-2007-4091 http://www.securityfocus.com/bid/25336 http://c-skills.blogspot.com/2007/08/cve-2007-4091.html diff --git a/rsync/.md5sum b/rsync/.md5sum index 5eeb02b..651c4f0 100644 --- a/rsync/.md5sum +++ b/rsync/.md5sum @@ -1,3 +1,4 @@ +46fcea1ac64c9e075d0338f8e35b1af6 rsync-2.6.9-fname-obo.diff 996d8d8831dbca17910094e56dcb5942 rsync-2.6.9.tar.gz f8dcfe5cf2afef1ea90107a6ff4540cd rsync.driver a71995f22768c931c5649a1336d25ffb rsyncd diff --git a/rsync/Pkgfile b/rsync/Pkgfile index 5bac4bd..39a8c5b 100644 --- a/rsync/Pkgfile +++ b/rsync/Pkgfile @@ -5,18 +5,22 @@ name=rsync version=2.6.9 -release=1 +release=2 source=(http://rsync.samba.org/ftp/$name/$name-$version.tar.gz \ - rsyncd.conf rsyncd rsync.driver) + rsyncd.conf rsyncd rsync.driver \ + $name-$version-fname-obo.diff) build () { cd $name-$version + + patch -p1 -i $SRC/$name-$version-fname-obo.diff + ./configure --prefix=/usr \ --mandir=/usr/man \ --with-rsh=ssh make make DESTDIR=$PKG install - + mkdir -p $PKG/etc/{rc.d,ports/drivers} $PKG/var/log install -m 755 $SRC/rsyncd $PKG/etc/rc.d install -m 644 $SRC/rsyncd.conf $PKG/etc diff --git a/rsync/rsync-2.6.9-fname-obo.diff b/rsync/rsync-2.6.9-fname-obo.diff new file mode 100644 index 0000000..2fa0113 --- /dev/null +++ b/rsync/rsync-2.6.9-fname-obo.diff @@ -0,0 +1,60 @@ +--- rsync-2.6.9.orig/sender.c 2006-09-20 03:53:32.000000000 +0200 ++++ rsync-2.6.9/sender.c 2007-07-25 15:33:05.000000000 +0200 +@@ -123,6 +123,7 @@ + char fname[MAXPATHLEN]; + struct file_struct *file; + unsigned int offset; ++ size_t l = 0; + + if (ndx < 0 || ndx >= the_file_list->count) + return; +@@ -133,6 +134,20 @@ + file->dir.root, "/", NULL); + } else + offset = 0; ++ ++ l = offset + 1; ++ if (file) { ++ if (file->dirname) ++ l += strlen(file->dirname); ++ if (file->basename) ++ l += strlen(file->basename); ++ } ++ ++ if (l >= sizeof(fname)) { ++ rprintf(FERROR, "Overlong pathname\n"); ++ exit_cleanup(RERR_FILESELECT); ++ } ++ + f_name(file, fname + offset); + if (remove_source_files) { + if (do_unlink(fname) == 0) { +@@ -224,6 +239,7 @@ + enum logcode log_code = log_before_transfer ? FLOG : FINFO; + int f_xfer = write_batch < 0 ? batch_fd : f_out; + int i, j; ++ size_t l = 0; + + if (verbose > 2) + rprintf(FINFO, "send_files starting\n"); +@@ -259,6 +275,20 @@ + fname[offset++] = '/'; + } else + offset = 0; ++ ++ l = offset + 1; ++ if (file) { ++ if (file->dirname) ++ l += strlen(file->dirname); ++ if (file->basename) ++ l += strlen(file->basename); ++ } ++ ++ if (l >= sizeof(fname)) { ++ rprintf(FERROR, "Overlong pathname\n"); ++ exit_cleanup(RERR_FILESELECT); ++ } ++ + fname2 = f_name(file, fname + offset); + + if (verbose > 2)