openbsd-ports/net/rsync/pkg/SECURITY

$OpenBSD: SECURITY,v 1.4 1999/11/21 23:42:53 espie Exp $

${WRKDIR}/receiver.c
	call to mktemp (wrapper function do_mktemp) does seem to be correct.

The server makes extensive use of strlcpy/strlcat/snprintf.

rsync upto 2.3.0 has a security hole. If rsync --version is less or equal
to that, you should upgrade.

rsync 2.3.1 has security holes in the rsyncd daemon when run with
chroot=no.   If you are using that feature, you should upgrade.
Update to 2.3.2. See package cvs.log for details. This includes fixing an obscure security hole. Patch to avoid spinning in select on non-blocking descriptors (will probably be fixed in rsync 2.3.3) 1999-11-21 18:42:52 -05:00			$OpenBSD: SECURITY,v 1.4 1999/11/21 23:42:53 espie Exp $
Security audit for rsync. 1998-12-21 18:21:34 -05:00
			`${WRKDIR}/receiver.c`
			`call to mktemp (wrapper function do_mktemp) does seem to be correct.`

			`The server makes extensive use of strlcpy/strlcat/snprintf.`
Patch ups rsync to the same functionality as 2.3.1. Specifically, it fixes the security hole that is described in pkg/SECURITY... Wedged in as security fixes are important, especially when they're small. Real 2.3.1 will wait after tree thaws. 1999-04-08 22:20:14 -04:00
Upgrade to 2.3.1 1999-04-18 16:59:00 -04:00			`rsync upto 2.3.0 has a security hole. If rsync --version is less or equal`
			`to that, you should upgrade.`
Update to 2.3.2. See package cvs.log for details. This includes fixing an obscure security hole. Patch to avoid spinning in select on non-blocking descriptors (will probably be fixed in rsync 2.3.3) 1999-11-21 18:42:52 -05:00
			`rsync 2.3.1 has security holes in the rsyncd daemon when run with`
			`chroot=no. If you are using that feature, you should upgrade.`