From nobody Fri Jan 17 00:08:33 2025 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YZ0Sk5PQDz5l6MR for ; Fri, 17 Jan 2025 00:08:38 +0000 (UTC) (envelope-from lists@schamschula.com) Received: from beige.elm.relay.mailchannels.net (beige.elm.relay.mailchannels.net [23.83.212.16]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4YZ0Sk0G0pz3Lgt for ; Fri, 17 Jan 2025 00:08:37 +0000 (UTC) (envelope-from lists@schamschula.com) Authentication-Results: mx1.freebsd.org; none X-Sender-Id: dreamhost|x-authsender|lists@schamschula.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 28099185846; Fri, 17 Jan 2025 00:08:36 +0000 (UTC) Received: from pdx1-sub0-mail-a284.dreamhost.com (100-112-0-62.trex-nlb.outbound.svc.cluster.local [100.112.0.62]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id B27F0185941; Fri, 17 Jan 2025 00:08:35 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1737072515; a=rsa-sha256; cv=none; b=mXWayDz8twpl72lps8krBTTbaHIw37uepBdvRvXWODiD6GePcJoC6LlLQ6rJFKoXzVBYhi wubQKcDZGumo0VORIbvEhktOlJ6k3w+KpXfnEF7PwC/EDB04BygRVtXNw1MS4pxnT31Ax3 O6iYoOvU6+x0DybZ5agkTciLysnW7TdMtW1hXeczmDssj5R9ey0VfLxPzNDF8RFzkpSa+1 8ZxmZd8FQwcegu4vZO0Z63AuOrJ70bnfnF5ivvjm0C71VhQggisJ9BFa5wAI0svfRiD6pC WQ1w4IJa5EyRagrB2WkCRGSqM3Kew6TGWWPZQB/LdnzU8oeMmPffkNGaPG66pA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1737072515; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:dkim-signature; bh=2aa2jGQXOvv8R901AfWgPZG4S3Gf/yfVcl00N7qPNyg=; b=zj6vFTKROx/Nn/KwI47ybWH+D8KXiZNwA8ZSZ6vgLomfymA6z45Yq7Imf04O5o7kNzbVEa b4ADwj26UmGzFp6cFuuf+vcTKD6Q5ooaKbjaXVJBQUXpsNdV2F8sSr39oCJ0Md7xUpMwU0 Hqlox7+Nvl6IZJztupAWyOOnu8oNRs7tLdu/eHVxVNImRVUxU5CftJBh+sh7MY+nxR/Vow qfJ/sUVPwu9zjpXMuIha0Ts/SSgNGMuIJgGmMtNFzqas7zsjWC8jrKqRSLO3eo9MsRm99D qRTTg8cz2lnDP97EnRRJ2lgPT3cWMEG4aYzQn29tJg+bE6x1Rn1tCpkKtTq0hQ== ARC-Authentication-Results: i=1; rspamd-7df4dcbd86-kwlzg; auth=pass smtp.auth=dreamhost smtp.mailfrom=lists@schamschula.com X-Sender-Id: dreamhost|x-authsender|lists@schamschula.com X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|lists@schamschula.com X-MailChannels-Auth-Id: dreamhost X-Harmony-Tart: 4b88c17533c7967c_1737072515950_2193737794 X-MC-Loop-Signature: 1737072515950:543154614 X-MC-Ingress-Time: 1737072515950 Received: from pdx1-sub0-mail-a284.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.112.0.62 (trex/7.0.2); Fri, 17 Jan 2025 00:08:35 +0000 Received: from smtpclient.apple (unknown [173.25.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: lists@schamschula.com) by pdx1-sub0-mail-a284.dreamhost.com (Postfix) with ESMTPSA id 4YZ0Sg1krXz7h; Thu, 16 Jan 2025 16:08:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=schamschula.com; s=dreamhost; t=1737072515; bh=2aa2jGQXOvv8R901AfWgPZG4S3Gf/yfVcl00N7qPNyg=; h=From:Content-Type:Subject:Date:Cc:To; b=EYfGgGe0mJJxJsg1cqCxU4pSaEIL6fqzRaea2RBWpsN3F26w+cIQK+k6qk3V/tVg1 19VNDcNOa8CyywYQ/qJhoqzuAuLFE84H0vt9j5NML4kFaMbRM9qGk/issssb4hkLlA fq+dRGnL1P2twSgd5KLARO5of+y0ojNFbqpN0XE4eNP+W10FGCavlGvFecafUWd+Uh Zvya7pJZzql6tyPkAMYQTnCYYoGq9615CRjv9St0AvB7WUjfNs05KqKhxB/LAumjVN NvLw6gS0q2oRD15Sy1NUz8r7eP+TD4o4CjsU2Og8ucgK5oI9FpnMwV8f7/VILrFEhP 18ukcJ9Rdd/0g== From: Marius Schamschula Message-Id: <76006E64-FDB8-4E00-A899-AEFB06B58B70@schamschula.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_9CB59F21-A210-467A-9FF1-9B7F05A454A6" List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.1\)) Subject: Re: Serious rsync security issues Date: Thu, 16 Jan 2025 18:08:33 -0600 In-Reply-To: Cc: Martin , Vincent Miller To: "freebsd-questions@freebsd.org" References: X-Mailer: Apple Mail (2.3776.700.51.11.1) X-Rspamd-Queue-Id: 4YZ0Sk0G0pz3Lgt X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:36483, ipnet:23.83.208.0/21, country:CA] --Apple-Mail=_9CB59F21-A210-467A-9FF1-9B7F05A454A6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Nope: the vulnerabilities are in version 3.3.0 and below. See: https://download.samba.org/pub/rsync/NEWS#3.4.0 3.4.1 fixes several regressions introduced by 3.4.0 which caused build = issues on several other platforms. Marius -- Marius Schamschula --Apple-Mail=_9CB59F21-A210-467A-9FF1-9B7F05A454A6 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii
Nope: the vulnerabilities are in version 3.3.0 and below.


3.4.1 fixes several regressions introduced by 3.4.0 which caused build issues on several other platforms.

Marius
--
Marius Schamschula

--Apple-Mail=_9CB59F21-A210-467A-9FF1-9B7F05A454A6--