* [PATCH] rsync: Update to version 3.4.0
@ 2025-01-15 13:25 Adolf Belka
2025-01-16 10:21 ` Michael Tremer
0 siblings, 1 reply; 3+ messages in thread
From: Adolf Belka @ 2025-01-15 13:25 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 4002 bytes --]
- Update from version 3.3.0 to 3.4.0
- Update of rootfile not required
- Changelog
3.4.0
Release 3.4.0 is a security release that fixes a number of important
vulnerabilities. For more details on the vulnerabilities please see the CERT
report https://kb.cert.org/vuls/id/952657
PROTOCOL NUMBER:
- The protocol number was changed to 32 to make it easier for
administrators to check their servers have been updated
SECURITY FIXES:
Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at
Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for
discovering these vulnerabilities and working with the rsync project
to develop and test fixes.
- CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing.
- CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats ASLR.
- CVE-2024-12086 - Server leaks arbitrary client files.
- CVE-2024-12087 - Server can make client write files outside of destination directory using symbolic links.
- CVE-2024-12088 - --safe-links Bypass.
- CVE-2024-12747 - symlink race condition.
BUG FIXES:
- Fixed the included popt to avoid a memory error on modern gcc versions.
- Fixed an incorrect extern variable's type that caused an ACL issue on macOS.
- Fixed IPv6 configure check
INTERNAL:
- Updated included popt to version 1.19.
DEVELOPER RELATED:
- Various improvements to the release scripts and git setup.
- Improved packaging/var-checker to identify variable type issues.
- added FreeBSD and Solaris CI builds
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
lfs/rsync | 20 ++++++++------------
1 file changed, 8 insertions(+), 12 deletions(-)
diff --git a/lfs/rsync b/lfs/rsync
index fcbcd0ab9..a680a9cca 100644
--- a/lfs/rsync
+++ b/lfs/rsync
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = Versatile tool for fast incremental file transfer
-VER = 3.3.0
+VER = 3.4.0
THISAPP = rsync-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = rsync
-PAK_VER = 19
+PAK_VER = 20
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 75a3cc50452086aebd16f42d7a309c173cbc1ea156227afb10d2106d0b9043e973676995b8199d22840775ae3df8db97d1c0de5f3aa58afa130c5b1348c3f825
+$(DL_FILE)_BLAKE2 = ce88fdbc44cbb4522d48b5f8a11ce70b2d4c794612915390a865b478efd05aa1f17a0a4e1d4e698a968994b5e47ef4df16315c93e87398b848fdcef9e8dc71a1
install : $(TARGET)
@@ -81,18 +81,14 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-
# Replace shebang in rsync-ssl
cd $(DIR_APP) && sed -i -e "s@^#!.*@#!/bin/bash@" rsync-ssl
-
cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --without-included-popt \
- --without-included-zlib \
- --disable-xxhash
-
+ --prefix=/usr \
+ --without-included-popt \
+ --without-included-zlib \
+ --disable-xxhash
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
-
@rm -rf $(DIR_APP)
@$(POSTBUILD)
--
2.47.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] rsync: Update to version 3.4.0
2025-01-15 13:25 [PATCH] rsync: Update to version 3.4.0 Adolf Belka
@ 2025-01-16 10:21 ` Michael Tremer
0 siblings, 0 replies; 3+ messages in thread
From: Michael Tremer @ 2025-01-16 10:21 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 4318 bytes --]
Thank you for this patch. I have merged this straight away back into c190 and pushed the new package out last night.
> On 15 Jan 2025, at 13:25, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>
> - Update from version 3.3.0 to 3.4.0
> - Update of rootfile not required
> - Changelog
> 3.4.0
> Release 3.4.0 is a security release that fixes a number of important
> vulnerabilities. For more details on the vulnerabilities please see the CERT
> report https://kb.cert.org/vuls/id/952657
> PROTOCOL NUMBER:
> - The protocol number was changed to 32 to make it easier for
> administrators to check their servers have been updated
> SECURITY FIXES:
> Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at
> Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for
> discovering these vulnerabilities and working with the rsync project
> to develop and test fixes.
> - CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing.
> - CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats ASLR.
> - CVE-2024-12086 - Server leaks arbitrary client files.
> - CVE-2024-12087 - Server can make client write files outside of destination directory using symbolic links.
> - CVE-2024-12088 - --safe-links Bypass.
> - CVE-2024-12747 - symlink race condition.
> BUG FIXES:
> - Fixed the included popt to avoid a memory error on modern gcc versions.
> - Fixed an incorrect extern variable's type that caused an ACL issue on macOS.
> - Fixed IPv6 configure check
> INTERNAL:
> - Updated included popt to version 1.19.
> DEVELOPER RELATED:
> - Various improvements to the release scripts and git setup.
> - Improved packaging/var-checker to identify variable type issues.
> - added FreeBSD and Solaris CI builds
>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> lfs/rsync | 20 ++++++++------------
> 1 file changed, 8 insertions(+), 12 deletions(-)
>
> diff --git a/lfs/rsync b/lfs/rsync
> index fcbcd0ab9..a680a9cca 100644
> --- a/lfs/rsync
> +++ b/lfs/rsync
> @@ -1,7 +1,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
> +# Copyright (C) 2007-2025 IPFire Team <info(a)ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -26,7 +26,7 @@ include Config
>
> SUMMARY = Versatile tool for fast incremental file transfer
>
> -VER = 3.3.0
> +VER = 3.4.0
>
> THISAPP = rsync-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
> DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
> PROG = rsync
> -PAK_VER = 19
> +PAK_VER = 20
>
> DEPS =
>
> @@ -48,7 +48,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = 75a3cc50452086aebd16f42d7a309c173cbc1ea156227afb10d2106d0b9043e973676995b8199d22840775ae3df8db97d1c0de5f3aa58afa130c5b1348c3f825
> +$(DL_FILE)_BLAKE2 = ce88fdbc44cbb4522d48b5f8a11ce70b2d4c794612915390a865b478efd05aa1f17a0a4e1d4e698a968994b5e47ef4df16315c93e87398b848fdcef9e8dc71a1
>
> install : $(TARGET)
>
> @@ -81,18 +81,14 @@ $(subst %,%_BLAKE2,$(objects)) :
> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> -
> # Replace shebang in rsync-ssl
> cd $(DIR_APP) && sed -i -e "s@^#!.*@#!/bin/bash@" rsync-ssl
> -
> cd $(DIR_APP) && ./configure \
> - --prefix=/usr \
> - --without-included-popt \
> - --without-included-zlib \
> - --disable-xxhash
> -
> + --prefix=/usr \
> + --without-included-popt \
> + --without-included-zlib \
> + --disable-xxhash
> cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
> cd $(DIR_APP) && make install
> -
> @rm -rf $(DIR_APP)
> @$(POSTBUILD)
> --
> 2.47.1
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] rsync: Update to version 3.4.0
[not found] <H000007e0085ebb8.1737036355.mail.at4b.com@MHS>
@ 2025-01-17 9:34 ` Michael Tremer
0 siblings, 0 replies; 3+ messages in thread
From: Michael Tremer @ 2025-01-17 9:34 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 5334 bytes --]
Hello Fred,
Thank you for the heads up. Adolf has provided a patch and it was merged into Core Update 191 which is currently available for testing:
https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=a32de1bbaec84e18a3284015fda0b0467ca60831
-Michael
> On 16 Jan 2025, at 14:05, Kienker, Fred <fred.kienker(a)at4b.com> wrote:
>
> There are several very significant regressions in rsync 3.4.0 which are
> fixed in 3.4.1. Highly recommend pushing the newer version.
>
> Fred Kienker
> fred.kienker(a)at4b.com
> 770.518.6166
>
>
> -----Original Message-----
> From: Michael Tremer <michael.tremer(a)ipfire.org>
> Sent: Thursday, 16 January, 2025 5:21 AM
> To: Adolf Belka <adolf.belka(a)ipfire.org>
> Cc: development(a)lists.ipfire.org
> Subject: Re: [PATCH] rsync: Update to version 3.4.0
>
> Thank you for this patch. I have merged this straight away back into
> c190 and pushed the new package out last night.
>
>> On 15 Jan 2025, at 13:25, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> - Update from version 3.3.0 to 3.4.0
>> - Update of rootfile not required
>> - Changelog
>> 3.4.0
>> Release 3.4.0 is a security release that fixes a number of important
>> vulnerabilities. For more details on the vulnerabilities please see
>> the CERT report https://kb.cert.org/vuls/id/952657
>> PROTOCOL NUMBER:
>> - The protocol number was changed to 32 to make it easier for
>> administrators to check their servers have been updated
>> SECURITY FIXES:
>> Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at
>> Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for
>> discovering these vulnerabilities and working with the rsync project
>> to develop and test fixes.
>> - CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing.
>> - CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats
> ASLR.
>> - CVE-2024-12086 - Server leaks arbitrary client files.
>> - CVE-2024-12087 - Server can make client write files outside of
> destination directory using symbolic links.
>> - CVE-2024-12088 - --safe-links Bypass.
>> - CVE-2024-12747 - symlink race condition.
>> BUG FIXES:
>> - Fixed the included popt to avoid a memory error on modern gcc
> versions.
>> - Fixed an incorrect extern variable's type that caused an ACL issue
> on macOS.
>> - Fixed IPv6 configure check
>> INTERNAL:
>> - Updated included popt to version 1.19.
>> DEVELOPER RELATED:
>> - Various improvements to the release scripts and git setup.
>> - Improved packaging/var-checker to identify variable type issues.
>> - added FreeBSD and Solaris CI builds
>>
>> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
>> ---
>> lfs/rsync | 20 ++++++++------------
>> 1 file changed, 8 insertions(+), 12 deletions(-)
>>
>> diff --git a/lfs/rsync b/lfs/rsync
>> index fcbcd0ab9..a680a9cca 100644
>> --- a/lfs/rsync
>> +++ b/lfs/rsync
>> @@ -1,7 +1,7 @@
>>
> ########################################################################
> #######
>> #
> #
>> # IPFire.org - A linux based firewall
> #
>> -# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org>
> #
>> +# Copyright (C) 2007-2025 IPFire Team <info(a)ipfire.org>
> #
>> #
> #
>> # This program is free software: you can redistribute it and/or modify
> #
>> # it under the terms of the GNU General Public License as published by
> #
>> @@ -26,7 +26,7 @@ include Config
>>
>> SUMMARY = Versatile tool for fast incremental file transfer
>>
>> -VER = 3.3.0
>> +VER = 3.4.0
>>
>> THISAPP = rsync-$(VER)
>> DL_FILE = $(THISAPP).tar.gz
>> @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
>> DIR_APP = $(DIR_SRC)/$(THISAPP)
>> TARGET = $(DIR_INFO)/$(THISAPP)
>> PROG = rsync
>> -PAK_VER = 19
>> +PAK_VER = 20
>>
>> DEPS =
>>
>> @@ -48,7 +48,7 @@ objects = $(DL_FILE)
>>
>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>
>> -$(DL_FILE)_BLAKE2 =
>> 75a3cc50452086aebd16f42d7a309c173cbc1ea156227afb10d2106d0b9043e9736769
>> 95b8199d22840775ae3df8db97d1c0de5f3aa58afa130c5b1348c3f825
>> +$(DL_FILE)_BLAKE2 =
>> +ce88fdbc44cbb4522d48b5f8a11ce70b2d4c794612915390a865b478efd05aa1f17a0
>> +a4e1d4e698a968994b5e47ef4df16315c93e87398b848fdcef9e8dc71a1
>>
>> install : $(TARGET)
>>
>> @@ -81,18 +81,14 @@ $(subst %,%_BLAKE2,$(objects)) :
>> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>> @$(PREBUILD)
>> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
>> -
>> # Replace shebang in rsync-ssl
>> cd $(DIR_APP) && sed -i -e "s@^#!.*@#!/bin/bash@" rsync-ssl
>> -
>> cd $(DIR_APP) && ./configure \
>> - --prefix=/usr \
>> - --without-included-popt \
>> - --without-included-zlib \
>> - --disable-xxhash
>> -
>> + --prefix=/usr \
>> + --without-included-popt \
>> + --without-included-zlib \
>> + --disable-xxhash
>> cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) &&
>> make install
>> -
>> @rm -rf $(DIR_APP)
>> @$(POSTBUILD)
>> --
>> 2.47.1
>>
>
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-01-17 9:34 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-01-15 13:25 [PATCH] rsync: Update to version 3.4.0 Adolf Belka
2025-01-16 10:21 ` Michael Tremer
[not found] <H000007e0085ebb8.1737036355.mail.at4b.com@MHS>
2025-01-17 9:34 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox