From patchwork Wed Jan 15 13:25:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8417 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4YY6Fj1pRRz3x3f for ; Wed, 15 Jan 2025 13:26:01 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4YY6Ff05BKz4Tk; Wed, 15 Jan 2025 13:25:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4YY6Fd5gm5z32b5; Wed, 15 Jan 2025 13:25:57 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4YY6FZ4b4dz32M0 for ; Wed, 15 Jan 2025 13:25:54 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4YY6FY6V6nz4Tk; Wed, 15 Jan 2025 13:25:53 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1736947554; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=baZzXlidsKCnelujnFSCK4NoEcIv96e5oMZNk6ydjhs=; b=hiw8xYSagkwDBtyfBeXU1XtSL5TLsRb6mrskgHhw4vG3LFE/apSOUKQ/JTAJwovfTJiBRD MUtcy+hGq+/9rcCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1736947554; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=baZzXlidsKCnelujnFSCK4NoEcIv96e5oMZNk6ydjhs=; b=IQpOfyr4T8zbd1FArs+JsNYzlkCpIdyV3IjmRt0DPfaCBwEtta1GNdeurlwEU0Fo1UYH/3 jeEeDMGU92Ful72Iry+H9f2lq6sJMIy6FTI3yvKyifsThEjixWN+0qVO7IhSPwypA0iFiR oZzOBRU5P3fqC+ArZIz8F4JPodWAhZv4DJ3yzslpXmbRI0M8TdBb7YeUO1ayCmSJEZCeWZ tFY9UGbVg2MnXi36IZggL6sZqHqQOdmt8/5h8MqvhX+l7YhArpY3+N1a/G/PS/pJtSPtPJ Sub/hLx0hp6OL+eKOhqUbvt5B70nj28JNR/j/EPKB6EE3onT2uDXxQR9QASnzw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] rsync: Update to version 3.4.0 Date: Wed, 15 Jan 2025 14:25:49 +0100 Message-ID: <20250115132549.3265133-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: 5IZ2VAPOZDKNB4ZS3ELWXA27RIXHRKCU X-Message-ID-Hash: 5IZ2VAPOZDKNB4ZS3ELWXA27RIXHRKCU X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 3.3.0 to 3.4.0 - Update of rootfile not required - Changelog 3.4.0 Release 3.4.0 is a security release that fixes a number of important vulnerabilities. For more details on the vulnerabilities please see the CERT report https://kb.cert.org/vuls/id/952657 PROTOCOL NUMBER: - The protocol number was changed to 32 to make it easier for administrators to check their servers have been updated SECURITY FIXES: Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for discovering these vulnerabilities and working with the rsync project to develop and test fixes. - CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing. - CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats ASLR. - CVE-2024-12086 - Server leaks arbitrary client files. - CVE-2024-12087 - Server can make client write files outside of destination directory using symbolic links. - CVE-2024-12088 - --safe-links Bypass. - CVE-2024-12747 - symlink race condition. BUG FIXES: - Fixed the included popt to avoid a memory error on modern gcc versions. - Fixed an incorrect extern variable's type that caused an ACL issue on macOS. - Fixed IPv6 configure check INTERNAL: - Updated included popt to version 1.19. DEVELOPER RELATED: - Various improvements to the release scripts and git setup. - Improved packaging/var-checker to identify variable type issues. - added FreeBSD and Solaris CI builds Signed-off-by: Adolf Belka --- lfs/rsync | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/lfs/rsync b/lfs/rsync index fcbcd0ab9..a680a9cca 100644 --- a/lfs/rsync +++ b/lfs/rsync @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Versatile tool for fast incremental file transfer -VER = 3.3.0 +VER = 3.4.0 THISAPP = rsync-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = rsync -PAK_VER = 19 +PAK_VER = 20 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 75a3cc50452086aebd16f42d7a309c173cbc1ea156227afb10d2106d0b9043e973676995b8199d22840775ae3df8db97d1c0de5f3aa58afa130c5b1348c3f825 +$(DL_FILE)_BLAKE2 = ce88fdbc44cbb4522d48b5f8a11ce70b2d4c794612915390a865b478efd05aa1f17a0a4e1d4e698a968994b5e47ef4df16315c93e87398b848fdcef9e8dc71a1 install : $(TARGET) @@ -81,18 +81,14 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - # Replace shebang in rsync-ssl cd $(DIR_APP) && sed -i -e "s@^#!.*@#!/bin/bash@" rsync-ssl - cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --without-included-popt \ - --without-included-zlib \ - --disable-xxhash - + --prefix=/usr \ + --without-included-popt \ + --without-included-zlib \ + --disable-xxhash cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install - @rm -rf $(DIR_APP) @$(POSTBUILD)