From nobody Thu Jan 16 23:16:38 2025 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YYzJz4QBqz5l49y for ; Thu, 16 Jan 2025 23:16:51 +0000 (UTC) (envelope-from vrwmiller@gmail.com) Received: from mail-yb1-xb33.google.com (mail-yb1-xb33.google.com [IPv6:2607:f8b0:4864:20::b33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YYzJy6yKrz3HMm for ; Thu, 16 Jan 2025 23:16:50 +0000 (UTC) (envelope-from vrwmiller@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-yb1-xb33.google.com with SMTP id 3f1490d57ef6-e5372a2fbddso2576126276.3 for ; Thu, 16 Jan 2025 15:16:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1737069409; x=1737674209; darn=freebsd.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=4OY+mK9EN/R3K27Z7xKXfxPVNMu/ly55zkryRIdWQsc=; b=kzQVh4RTRG10ObFzQY5BOtjPf8eqKQpGybclZ/kr1PY3yOgwLy0GqAOg2uHPOE2ggO b54gU+7Xat7YoUWnJnVVULfb3R2hSLgB7XA3GZKsWabnOyS3cnO/O5cgAN47zMeclnC3 qDdQNzloqp8/6ChSBYxju633HDCbczkABeWiN+2730RqCfeWUsYa9SkRw4Q4AaDDFZsE OSB8cS7yR4Mdyx8971JYhoZZXhqsneOatcxWA/NP7I8oZ+/7TveSLBJcaOnY0U59owjp DbuR80SfLBzZrDhzWIHKCi2MJRfomnOGAXyceslgNLgxhhwihbk4ERj8EycDizClWK4Q szaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737069409; x=1737674209; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4OY+mK9EN/R3K27Z7xKXfxPVNMu/ly55zkryRIdWQsc=; b=kom6VzX/k6Q7Ef4rFmrboOnKOBvOkaCKSLj8j3DXnXytXhZZHLbEjv3yvV/68CgiER Wzh41127MN5A8fmEaNE2phsAnohd+GLYe1a1aNePN5IrGDxcrrK0kcQITu/GhGeKK7ad S9QAjQpUhC4JqWszMXolFSLgFYn70p8Ux24m/4fm+ELVA87M7XGT6F6TvghsfBEL/q6/ ERTvdhHI5FMZEkB1WU3+2IjbY4PbCExVFjMYJ1NcERXLxuWF4fra0fo0TpqT3QoLz7Dc Wt8pzHwVB19yVyF/SvhTO8+J4w3Tl0zJTLoKAXWA7D6igI2mPtcMDsr2/0rS1GnZv/u8 iNaw== X-Gm-Message-State: AOJu0YyrkADyVu1SVR4Gn8WMclWod6zcgqUoY2/BO0MLs/CQdw1SuhAl gzRlgdlDgWsQhl4qB+/ud90qR8aS3uylpfFNPbhzu26F7TBn6fKbWVyvUbw9uSXmSuWLsyvU5DP 9nZfmn4uVSwo5M5fgpVxY0dY2IQA= X-Gm-Gg: ASbGncstkbtpTIPVKwhWcD+tJ+WK8pwoypWyWjw+brh5zbCB1R304YiqNEtDQMkzbgQ MZ/37YeuUeqoqkxd82F6kSilYtqVLpXW9Mk/DuaY= X-Google-Smtp-Source: AGHT+IFWVuOVZLT7CCeJEyr8ysGPZ4PTXi98nU8YKIwX5bp0bSyJ0GxiJDpWuzvgZTJZVE/NzgYLuqngtSWCJQ/rQTE= X-Received: by 2002:a05:690c:f07:b0:6ee:8363:96d3 with SMTP id 00721157ae682-6f6eb90b588mr3628917b3.27.1737069409132; Thu, 16 Jan 2025 15:16:49 -0800 (PST) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 References: In-Reply-To: From: Vincent Miller Date: Thu, 16 Jan 2025 18:16:38 -0500 X-Gm-Features: AbW1kvajS_Ee0hUUDc93KSpdB_vqxjgOhZUsB2hgPr91lks7NF1jVWm-xPjayeg Message-ID: Subject: Re: Serious rsync security issues To: Martin Cc: "freebsd-questions@freebsd.org" Content-Type: multipart/alternative; boundary="00000000000014f130062bdafd83" X-Rspamd-Queue-Id: 4YYzJy6yKrz3HMm X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] --00000000000014f130062bdafd83 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Jan 16, 2025 at 6:02=E2=80=AFPM Martin wrote: > I am going to point this to the message on the Arch Linux site, > but it's all over the net. > > https://archlinux.org/news/critical-rsync-security-release-340/ > > I am wondering why the FreeBSD rsync package been updated yet? > The port is at 3.4.1. If I'm not mistaken the vulnerabilities are in 3.4.0. https://github.com/freebsd/freebsd-ports/commit/30167a14cc0602f041f7ace88b1= 0b09f102d69e0 --=20 Take care Vincent Miller --00000000000014f130062bdafd83 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Thu, Jan 16,= 2025 at 6:02=E2=80=AFPM Martin <= iio7@protonmail.com> wrote:
I am going to = point this to the message on the Arch Linux site,
but it's all over the net.

https://archlinux.org/news/critical-r= sync-security-release-340/

I am wondering why the FreeBSD rsync package been updated yet?

=C2=A0
The port is at 3.4.1. If I'm n= ot mistaken the vulnerabilities are in 3.4.0.



-- =
Take careVincent Miller
--00000000000014f130062bdafd83--