openbsd-ports/net/rsync/pkg/SECURITY

$OpenBSD: SECURITY,v 1.5 2002/01/14 23:07:49 naddy Exp $

The server makes extensive use of strlcpy/strlcat/snprintf.

rsync upto 2.3.0 has a security hole. If rsync --version is less or equal
to that, you should upgrade.

rsync 2.3.1 has security holes in the rsyncd daemon when run with
chroot=no.   If you are using that feature, you should upgrade.
update to 2.5.1; partly from and ok espie@ IPv6 support remains disabled for now 2002-01-14 23:07:49 +00:00			$OpenBSD: SECURITY,v 1.5 2002/01/14 23:07:49 naddy Exp $
Security audit for rsync. 1998-12-21 23:21:34 +00:00
			`The server makes extensive use of strlcpy/strlcat/snprintf.`
Patch ups rsync to the same functionality as 2.3.1. Specifically, it fixes the security hole that is described in pkg/SECURITY... Wedged in as security fixes are important, especially when they're small. Real 2.3.1 will wait after tree thaws. 1999-04-09 02:20:14 +00:00
Upgrade to 2.3.1 1999-04-18 20:59:00 +00:00			`rsync upto 2.3.0 has a security hole. If rsync --version is less or equal`
			`to that, you should upgrade.`
Update to 2.3.2. See package cvs.log for details. This includes fixing an obscure security hole. Patch to avoid spinning in select on non-blocking descriptors (will probably be fixed in rsync 2.3.3) 1999-11-21 23:42:52 +00:00
			`rsync 2.3.1 has security holes in the rsyncd daemon when run with`
			`chroot=no. If you are using that feature, you should upgrade.`