Hi Paul, * Paul Slootman <[EMAIL PROTECTED]> [2007-11-30 16:53]: > On Fri 30 Nov 2007, Nico Golde wrote: > > > There is a patch available for 2.6.9 (2.6.9-2etch1 is the current stable > > > version). > > > > http://rsync.samba.org/ftp/rsync/munge-symlinks-2.6.9.diff > > if you mean this patch this at least does not apply to the > > unstable version thats why I ported it. I have not checked > > if this does apply to the stable version. > > Hmm, that patch should apply to both stable and testing... > > > > 2.6.4 is "oldstable". I think first priority is the stable version... > > > > Yes. As I am only in the testing security team and thus > > handling testing and unstable issues please contact > > [EMAIL PROTECTED] to check if this is worth a DSA. > > Well, then I'm even more surprised that the patch you pasted listed > 2.6.4 as the version being patched?!
Ah damnit, you are right. I had the oldstable version in my directory to check if this is vulnerable too and then wanted to build a patch. Somehow I was in the wrong directory so I ported this patch to the old stable version. Ok, not too bad with this the stable guys will have a working patch :) The upstream patch works with unstable and testing then apart from patching the manual: Hunk #1 FAILED at 145. Hunk #2 succeeded at 184 with fuzz 2. 1 out of 2 hunks FAILED -- saving rejects to file ./rsyncd.conf.5.rej Attached is a modified version of the patch which fixes this. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp33hkNzUloJ.pgp
Description: PGP signature
