515e861055
See package cvs.log for details. This includes fixing an obscure security hole. Patch to avoid spinning in select on non-blocking descriptors (will probably be fixed in rsync 2.3.3)
13 lines
445 B
Plaintext
13 lines
445 B
Plaintext
$OpenBSD: SECURITY,v 1.4 1999/11/21 23:42:53 espie Exp $
|
|
|
|
${WRKDIR}/receiver.c
|
|
call to mktemp (wrapper function do_mktemp) does seem to be correct.
|
|
|
|
The server makes extensive use of strlcpy/strlcat/snprintf.
|
|
|
|
rsync upto 2.3.0 has a security hole. If rsync --version is less or equal
|
|
to that, you should upgrade.
|
|
|
|
rsync 2.3.1 has security holes in the rsyncd daemon when run with
|
|
chroot=no. If you are using that feature, you should upgrade.
|