From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer <michael.tremer@ipfire.org> To: development@lists.ipfire.org Subject: Re: [PATCH] rsync: Update to version 3.4.0 Date: Fri, 17 Jan 2025 09:34:00 +0000 Message-ID: <9C99BC9D-4F03-4692-96DA-1BADBD930F60@ipfire.org> In-Reply-To: <H000007e0085ebb8.1737036355.mail.at4b.com@MHS> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4722008520545757072==" List-Id: <development.lists.ipfire.org> --===============4722008520545757072== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Fred, Thank you for the heads up. Adolf has provided a patch and it was merged into= Core Update 191 which is currently available for testing: https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommitdiff;h=3Da32de1bbaec84= e18a3284015fda0b0467ca60831 -Michael > On 16 Jan 2025, at 14:05, Kienker, Fred <fred.kienker(a)at4b.com> wrote: >=20 > There are several very significant regressions in rsync 3.4.0 which are=20 > fixed in 3.4.1. Highly recommend pushing the newer version. >=20 > Fred Kienker > fred.kienker(a)at4b.com > 770.518.6166 >=20 >=20 > -----Original Message----- > From: Michael Tremer <michael.tremer(a)ipfire.org>=20 > Sent: Thursday, 16 January, 2025 5:21 AM > To: Adolf Belka <adolf.belka(a)ipfire.org> > Cc: development(a)lists.ipfire.org > Subject: Re: [PATCH] rsync: Update to version 3.4.0 >=20 > Thank you for this patch. I have merged this straight away back into=20 > c190 and pushed the new package out last night. >=20 >> On 15 Jan 2025, at 13:25, Adolf Belka <adolf.belka(a)ipfire.org> wrote: >>=20 >> - Update from version 3.3.0 to 3.4.0 >> - Update of rootfile not required >> - Changelog >> 3.4.0 >> Release 3.4.0 is a security release that fixes a number of important=20 >> vulnerabilities. For more details on the vulnerabilities please see=20 >> the CERT report https://kb.cert.org/vuls/id/952657 >> PROTOCOL NUMBER: >> - The protocol number was changed to 32 to make it easier for =20 >> administrators to check their servers have been updated >> SECURITY FIXES: >> Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at=20 >> Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for=20 >> discovering these vulnerabilities and working with the rsync project=20 >> to develop and test fixes. >> - CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing. >> - CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats > ASLR. >> - CVE-2024-12086 - Server leaks arbitrary client files. >> - CVE-2024-12087 - Server can make client write files outside of > destination directory using symbolic links. >> - CVE-2024-12088 - --safe-links Bypass. >> - CVE-2024-12747 - symlink race condition. >> BUG FIXES: >> - Fixed the included popt to avoid a memory error on modern gcc > versions. >> - Fixed an incorrect extern variable's type that caused an ACL issue > on macOS. >> - Fixed IPv6 configure check >> INTERNAL: >> - Updated included popt to version 1.19. >> DEVELOPER RELATED: >> - Various improvements to the release scripts and git setup. >> - Improved packaging/var-checker to identify variable type issues. >> - added FreeBSD and Solaris CI builds >>=20 >> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> >> --- >> lfs/rsync | 20 ++++++++------------ >> 1 file changed, 8 insertions(+), 12 deletions(-) >>=20 >> diff --git a/lfs/rsync b/lfs/rsync >> index fcbcd0ab9..a680a9cca 100644 >> --- a/lfs/rsync >> +++ b/lfs/rsync >> @@ -1,7 +1,7 @@ >>=20 > ######################################################################## > ####### >> # =20 > # >> # IPFire.org - A linux based firewall =20 > # >> -# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> =20 > # >> +# Copyright (C) 2007-2025 IPFire Team <info(a)ipfire.org> =20 > # >> # =20 > # >> # This program is free software: you can redistribute it and/or modify > # >> # it under the terms of the GNU General Public License as published by > # >> @@ -26,7 +26,7 @@ include Config >>=20 >> SUMMARY =3D Versatile tool for fast incremental file transfer >>=20 >> -VER =3D 3.3.0 >> +VER =3D 3.4.0 >>=20 >> THISAPP =3D rsync-$(VER) >> DL_FILE =3D $(THISAPP).tar.gz >> @@ -34,7 +34,7 @@ DL_FROM =3D $(URL_IPFIRE) >> DIR_APP =3D $(DIR_SRC)/$(THISAPP) >> TARGET =3D $(DIR_INFO)/$(THISAPP) >> PROG =3D rsync >> -PAK_VER =3D 19 >> +PAK_VER =3D 20 >>=20 >> DEPS =3D >>=20 >> @@ -48,7 +48,7 @@ objects =3D $(DL_FILE) >>=20 >> $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >>=20 >> -$(DL_FILE)_BLAKE2 =3D=20 >> 75a3cc50452086aebd16f42d7a309c173cbc1ea156227afb10d2106d0b9043e9736769 >> 95b8199d22840775ae3df8db97d1c0de5f3aa58afa130c5b1348c3f825 >> +$(DL_FILE)_BLAKE2 =3D=20 >> +ce88fdbc44cbb4522d48b5f8a11ce70b2d4c794612915390a865b478efd05aa1f17a0 >> +a4e1d4e698a968994b5e47ef4df16315c93e87398b848fdcef9e8dc71a1 >>=20 >> install : $(TARGET) >>=20 >> @@ -81,18 +81,14 @@ $(subst %,%_BLAKE2,$(objects)) : >> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >> @$(PREBUILD) >> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) >> - >> # Replace shebang in rsync-ssl >> cd $(DIR_APP) && sed -i -e "s@^#!.*@#!/bin/bash@" rsync-ssl >> - >> cd $(DIR_APP) && ./configure \ >> - --prefix=3D/usr \ >> - --without-included-popt \ >> - --without-included-zlib \ >> - --disable-xxhash >> - >> + --prefix=3D/usr \ >> + --without-included-popt \ >> + --without-included-zlib \ >> + --disable-xxhash >> cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) &&=20 >> make install >> - >> @rm -rf $(DIR_APP) >> @$(POSTBUILD) >> -- >> 2.47.1 >>=20 >=20 >=20 >=20 --===============4722008520545757072==--