Maybe the package changelog?
rpm -q --changelog mirror
Thanks Lenz.
If the (binary) package doesn't have a long changelog history, then the source rpm has. In doubt, see the spec file (available at /usr/src/packages/SPECS after installing the source rpm).
And that changelog doesn't mention the hack either. The only related information is:
- added change against ".." in pathnames provided from remote, mirror-2.9.name_map-default.dif (against mirror.defaults).
The fashion that changelogs are made with has increased in quality lately, and it will continue to do so in the future.
But this is a standard patch and is done in the right place (IMHO): mirror.defaults.
I agree that the patch added fixes a security problem at the wrong end. It was my opinion, too, long before I came to SuSE (Security). But since nobody complained in three years and since such files with obnoxious names don't really need to be placed on a tidy ftp server, I currently see no reason to change it back.
Simon Oliver
Roman.
--
- -
| Roman Drahtmüller