From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] rsync: Update to version 3.4.0
Date: Thu, 16 Jan 2025 10:21:26 +0000
Message-ID: <594E468C-A40E-4FDF-BD05-D7C9D5D428CD@ipfire.org>
In-Reply-To: <20250115132549.3265133-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1844013061701286671=="
List-Id: <development.lists.ipfire.org>

--===============1844013061701286671==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Thank you for this patch. I have merged this straight away back into c190 and=
 pushed the new package out last night.

> On 15 Jan 2025, at 13:25, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>=20
> - Update from version 3.3.0 to 3.4.0
> - Update of rootfile not required
> - Changelog
>    3.4.0
> Release 3.4.0 is a security release that fixes a number of important
> vulnerabilities. For more details on the vulnerabilities please see the CERT
> report https://kb.cert.org/vuls/id/952657
>     PROTOCOL NUMBER:
> - The protocol number was changed to 32 to make it easier for
>  administrators to check their servers have been updated
>     SECURITY FIXES:
> Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at
> Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for
> discovering these vulnerabilities and working with the rsync project
> to develop and test fixes.
> - CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing.
> - CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats ASLR.
> - CVE-2024-12086 - Server leaks arbitrary client files.
> - CVE-2024-12087 - Server can make client write files outside of destinatio=
n directory using symbolic links.
> - CVE-2024-12088 - --safe-links Bypass.
> - CVE-2024-12747 - symlink race condition.
>     BUG FIXES:
> - Fixed the included popt to avoid a memory error on modern gcc versions.
> - Fixed an incorrect extern variable's type that caused an ACL issue on mac=
OS.
> - Fixed IPv6 configure check
>     INTERNAL:
> - Updated included popt to version 1.19.
>     DEVELOPER RELATED:
> - Various improvements to the release scripts and git setup.
> - Improved packaging/var-checker to identify variable type issues.
> - added FreeBSD and Solaris CI builds
>=20
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> lfs/rsync | 20 ++++++++------------
> 1 file changed, 8 insertions(+), 12 deletions(-)
>=20
> diff --git a/lfs/rsync b/lfs/rsync
> index fcbcd0ab9..a680a9cca 100644
> --- a/lfs/rsync
> +++ b/lfs/rsync
> @@ -1,7 +1,7 @@
> ###########################################################################=
####
> #                                                                          =
   #
> # IPFire.org - A linux based firewall                                      =
   #
> -# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>               =
      #
> +# Copyright (C) 2007-2025  IPFire Team  <info(a)ipfire.org>               =
      #
> #                                                                          =
   #
> # This program is free software: you can redistribute it and/or modify     =
   #
> # it under the terms of the GNU General Public License as published by     =
   #
> @@ -26,7 +26,7 @@ include Config
>=20
> SUMMARY    =3D Versatile tool for fast incremental file transfer
>=20
> -VER        =3D 3.3.0
> +VER        =3D 3.4.0
>=20
> THISAPP    =3D rsync-$(VER)
> DL_FILE    =3D $(THISAPP).tar.gz
> @@ -34,7 +34,7 @@ DL_FROM    =3D $(URL_IPFIRE)
> DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
> TARGET     =3D $(DIR_INFO)/$(THISAPP)
> PROG       =3D rsync
> -PAK_VER    =3D 19
> +PAK_VER    =3D 20
>=20
> DEPS       =3D
>=20
> @@ -48,7 +48,7 @@ objects =3D $(DL_FILE)
>=20
> $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
>=20
> -$(DL_FILE)_BLAKE2 =3D 75a3cc50452086aebd16f42d7a309c173cbc1ea156227afb10d2=
106d0b9043e973676995b8199d22840775ae3df8db97d1c0de5f3aa58afa130c5b1348c3f825
> +$(DL_FILE)_BLAKE2 =3D ce88fdbc44cbb4522d48b5f8a11ce70b2d4c794612915390a865=
b478efd05aa1f17a0a4e1d4e698a968994b5e47ef4df16315c93e87398b848fdcef9e8dc71a1
>=20
> install : $(TARGET)
>=20
> @@ -81,18 +81,14 @@ $(subst %,%_BLAKE2,$(objects)) :
> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> -
> # Replace shebang in rsync-ssl
> cd $(DIR_APP) && sed -i -e "s@^#!.*@#!/bin/bash@" rsync-ssl
> -
> cd $(DIR_APP) && ./configure \
> - --prefix=3D/usr \
> - --without-included-popt \
> - --without-included-zlib \
> - --disable-xxhash
> -
> + --prefix=3D/usr \
> + --without-included-popt \
> + --without-included-zlib \
> + --disable-xxhash
> cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
> cd $(DIR_APP) && make install
> -
> @rm -rf $(DIR_APP)
> @$(POSTBUILD)
> --=20
> 2.47.1
>=20


--===============1844013061701286671==--