From patchwork Thu Jan 16 17:19:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8424 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4YYqNV21c4z3x3f for ; Thu, 16 Jan 2025 17:19:22 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4YYqNR54vVz4Vj; Thu, 16 Jan 2025 17:19:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4YYqNR2X7dz343G; Thu, 16 Jan 2025 17:19:19 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4YYqNN2cnpz2xfY for ; Thu, 16 Jan 2025 17:19:16 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4YYqNM349dz26T; Thu, 16 Jan 2025 17:19:15 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1737047955; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=wDZ4axm+EUDA0hq95pSSRiDY84tuIY4KTBtdL9SIJa4=; b=93huiH7oMTXpbhzsIb0QgDGhXpGhEGSmka5ewkiksfSgZn7c3syiIcg0uSaVLEWkJ4frFj ofl1p9vw8WYlCcAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1737047955; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=wDZ4axm+EUDA0hq95pSSRiDY84tuIY4KTBtdL9SIJa4=; b=kPDgpdDoq7yDhUywbY/lmsjfJun8+1YqJviazG07gDX4scX0PvmFcIipKeCIG2CItdYRm7 pSc+JJ1PDSe0dnZRkP82VXqb79P4AG0V4wyqXCujgoz8iLa4hen+l9TTy8hRP/roqv1WO0 lgJ2OjF9M+79gesA8WxttIfCssvd/InB9EBYW7pSc6IBOXHMi/cms2ofP/N21jfxsb5Ca5 68JBiPt+qoiDmzeIr97eY7gDUJk0aTrWGujCXCtdXqn6/acx/EatdsC50GQLclusxbAWbf J/Ap0U4cGjsYKKsHNRkdCpvEx5Q6cGJ4WfCWsI5vWftbHoI0b/y0mk/G8xkFyw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 1/2] rsync: Update to version 3.4.1 Date: Thu, 16 Jan 2025 18:19:09 +0100 Message-ID: <20250116171910.2085771-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: ZZX6SY2SW2RSFGBGF7FG43KTOCHDH6BN X-Message-ID-Hash: ZZX6SY2SW2RSFGBGF7FG43KTOCHDH6BN X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 3.3.0 to 3.4.1 as the previous patch which went from 3.3.0 to 3.4.0 has only been merged into CU190 and not into next where this patch is being done. Not sure if this will cause problems or not. I updated the PAK_VER of rsynce from 19 to 21 so that it went over the PAK_VER of the version merged into CU190. - If how I have done it is not the best or not correct just let me know how I should do it and I will re-do it. - Update of rootfile not required. - Added in enabling xxhash as we have that available in IPFire as another addon. - Ran rsync -V and confirmed that xxhash is now available to rsync. - Changelog 3.4.1 Release 3.4.1 is a fix for regressions introduced in 3.4.0 BUG FIXES: - fixed handling of -H flag with conflict in internal flag values - fixed a user after free in logging of failed rename - fixed build on systems without openat() - removed dependency on alloca() in bundled popt DEVELOPER RELATED: - fix to permissions handling in the developer release script 3.4.0 (This was already in the previous patch that went from 3.3.0 to 3.4.0 Release 3.4.0 is a security release that fixes a number of important vulnerabilities. For more details on the vulnerabilities please see the CERT report https://kb.cert.org/vuls/id/952657 PROTOCOL NUMBER: - The protocol number was changed to 32 to make it easier for administrators to check their servers have been updated SECURITY FIXES: Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for discovering these vulnerabilities and working with the rsync project to develop and test fixes. - CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing. - CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats ASLR. - CVE-2024-12086 - Server leaks arbitrary client files. - CVE-2024-12087 - Server can make client write files outside of destination directory using symbolic links. - CVE-2024-12088 - --safe-links Bypass. - CVE-2024-12747 - symlink race condition. BUG FIXES: - Fixed the included popt to avoid a memory error on modern gcc versions. - Fixed an incorrect extern variable's type that caused an ACL issue on macOS. - Fixed IPv6 configure check INTERNAL: - Updated included popt to version 1.19. DEVELOPER RELATED: - Various improvements to the release scripts and git setup. - Improved packaging/var-checker to identify variable type issues. - added FreeBSD and Solaris CI builds Signed-off-by: Adolf Belka --- lfs/rsync | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lfs/rsync b/lfs/rsync index fcbcd0ab9..789b100bd 100644 --- a/lfs/rsync +++ b/lfs/rsync @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Versatile tool for fast incremental file transfer -VER = 3.3.0 +VER = 3.4.1 THISAPP = rsync-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,9 +34,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = rsync -PAK_VER = 19 +PAK_VER = 21 -DEPS = +DEPS = libxxhash SERVICES = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 75a3cc50452086aebd16f42d7a309c173cbc1ea156227afb10d2106d0b9043e973676995b8199d22840775ae3df8db97d1c0de5f3aa58afa130c5b1348c3f825 +$(DL_FILE)_BLAKE2 = 79c1cad697547059ee241e20c26d7f97bed3ad062deb856d31a617fead333a2d9f62c7c47c1efaf70033dbc358fe547d034c35e8181abb51a1fc893557882bc7 install : $(TARGET) @@ -89,7 +89,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --prefix=/usr \ --without-included-popt \ --without-included-zlib \ - --disable-xxhash + --enable-xxhash cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install