Hello Fred, Thank you for the heads up. Adolf has provided a patch and it was merged into Core Update 191 which is currently available for testing: https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=a32de1bbaec84e18a3284015fda0b0467ca60831 -Michael > On 16 Jan 2025, at 14:05, Kienker, Fred wrote: > > There are several very significant regressions in rsync 3.4.0 which are > fixed in 3.4.1. Highly recommend pushing the newer version. > > Fred Kienker > fred.kienker(a)at4b.com > 770.518.6166 > > > -----Original Message----- > From: Michael Tremer > Sent: Thursday, 16 January, 2025 5:21 AM > To: Adolf Belka > Cc: development(a)lists.ipfire.org > Subject: Re: [PATCH] rsync: Update to version 3.4.0 > > Thank you for this patch. I have merged this straight away back into > c190 and pushed the new package out last night. > >> On 15 Jan 2025, at 13:25, Adolf Belka wrote: >> >> - Update from version 3.3.0 to 3.4.0 >> - Update of rootfile not required >> - Changelog >> 3.4.0 >> Release 3.4.0 is a security release that fixes a number of important >> vulnerabilities. For more details on the vulnerabilities please see >> the CERT report https://kb.cert.org/vuls/id/952657 >> PROTOCOL NUMBER: >> - The protocol number was changed to 32 to make it easier for >> administrators to check their servers have been updated >> SECURITY FIXES: >> Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at >> Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for >> discovering these vulnerabilities and working with the rsync project >> to develop and test fixes. >> - CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing. >> - CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats > ASLR. >> - CVE-2024-12086 - Server leaks arbitrary client files. >> - CVE-2024-12087 - Server can make client write files outside of > destination directory using symbolic links. >> - CVE-2024-12088 - --safe-links Bypass. >> - CVE-2024-12747 - symlink race condition. >> BUG FIXES: >> - Fixed the included popt to avoid a memory error on modern gcc > versions. >> - Fixed an incorrect extern variable's type that caused an ACL issue > on macOS. >> - Fixed IPv6 configure check >> INTERNAL: >> - Updated included popt to version 1.19. >> DEVELOPER RELATED: >> - Various improvements to the release scripts and git setup. >> - Improved packaging/var-checker to identify variable type issues. >> - added FreeBSD and Solaris CI builds >> >> Signed-off-by: Adolf Belka >> --- >> lfs/rsync | 20 ++++++++------------ >> 1 file changed, 8 insertions(+), 12 deletions(-) >> >> diff --git a/lfs/rsync b/lfs/rsync >> index fcbcd0ab9..a680a9cca 100644 >> --- a/lfs/rsync >> +++ b/lfs/rsync >> @@ -1,7 +1,7 @@ >> > ######################################################################## > ####### >> # > # >> # IPFire.org - A linux based firewall > # >> -# Copyright (C) 2007-2024 IPFire Team > # >> +# Copyright (C) 2007-2025 IPFire Team > # >> # > # >> # This program is free software: you can redistribute it and/or modify > # >> # it under the terms of the GNU General Public License as published by > # >> @@ -26,7 +26,7 @@ include Config >> >> SUMMARY = Versatile tool for fast incremental file transfer >> >> -VER = 3.3.0 >> +VER = 3.4.0 >> >> THISAPP = rsync-$(VER) >> DL_FILE = $(THISAPP).tar.gz >> @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) >> DIR_APP = $(DIR_SRC)/$(THISAPP) >> TARGET = $(DIR_INFO)/$(THISAPP) >> PROG = rsync >> -PAK_VER = 19 >> +PAK_VER = 20 >> >> DEPS = >> >> @@ -48,7 +48,7 @@ objects = $(DL_FILE) >> >> $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >> >> -$(DL_FILE)_BLAKE2 = >> 75a3cc50452086aebd16f42d7a309c173cbc1ea156227afb10d2106d0b9043e9736769 >> 95b8199d22840775ae3df8db97d1c0de5f3aa58afa130c5b1348c3f825 >> +$(DL_FILE)_BLAKE2 = >> +ce88fdbc44cbb4522d48b5f8a11ce70b2d4c794612915390a865b478efd05aa1f17a0 >> +a4e1d4e698a968994b5e47ef4df16315c93e87398b848fdcef9e8dc71a1 >> >> install : $(TARGET) >> >> @@ -81,18 +81,14 @@ $(subst %,%_BLAKE2,$(objects)) : >> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >> @$(PREBUILD) >> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) >> - >> # Replace shebang in rsync-ssl >> cd $(DIR_APP) && sed -i -e "s@^#!.*@#!/bin/bash@" rsync-ssl >> - >> cd $(DIR_APP) && ./configure \ >> - --prefix=/usr \ >> - --without-included-popt \ >> - --without-included-zlib \ >> - --disable-xxhash >> - >> + --prefix=/usr \ >> + --without-included-popt \ >> + --without-included-zlib \ >> + --disable-xxhash >> cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && >> make install >> - >> @rm -rf $(DIR_APP) >> @$(POSTBUILD) >> -- >> 2.47.1 >> > > >