Date: Wed, 15 Jan 2025 07:31:46 -0800 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Rodrigo Osorio <rodrigo@FreeBSD.org>, ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org Subject: Re: git: 0076d20a9671 - 2025Q1 - net/rsync: update to 3.4.0 Message-ID: <20250115153146.221C01B6@slippy.cwsent.com> In-Reply-To: <20250115052757.0111628C@slippy.cwsent.com> References: <202501150008.50F08gFm067796@gitrepo.freebsd.org> <20250115044157.4FB92114@slippy.cwsent.com> <20250115044542.02F9C2F@slippy.cwsent.com> <20250115052757.0111628C@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20250115052757.0111628C@slippy.cwsent.com>, Cy Schubert writes: > In message <20250115044542.02F9C2F@slippy.cwsent.com>, Cy Schubert writes: > > In message <20250115044157.4FB92114@slippy.cwsent.com>, Cy Schubert writes: > > > In message <202501150008.50F08gFm067796@gitrepo.freebsd.org>, Rodrigo > > > Osorio wr > > > ites: > > > > The branch 2025Q1 has been updated by rodrigo: > > > > > > > > URL: https://cgit.FreeBSD.org/ports/commit/?id=0076d20a96718a28f956cb35 > 89 > > f1 > > > 03 > > > > 6e48a75f04 > > > > > > > > commit 0076d20a96718a28f956cb3589f1036e48a75f04 > > > > Author: Rodrigo Osorio <rodrigo@FreeBSD.org> > > > > AuthorDate: 2025-01-14 23:21:25 +0000 > > > > Commit: Rodrigo Osorio <rodrigo@FreeBSD.org> > > > > CommitDate: 2025-01-14 23:58:53 +0000 > > > > > > > > net/rsync: update to 3.4.0 > > > > > > > > Full changelog: https://download.samba.org/pub/rsync/NEWS#3.4.0 > > > > > > > > Security: CVE-2024-12084 - Heap Buffer Overflow in Checksum P > ar > > si > > > ng > > > > Security: CVE-2024-12085 - Info Leak via uninitialized Stack > co > > nt > > > en > > > > ts defeats ASLR > > > > Security: CVE-2024-12086 - Server leaks arbitrary client file > s > > > > Security: CVE-2024-12087 - Server can make client write files > o > > ut > > > si > > > > de of destination directory using symbolic links > > > > Security: CVE-2024-12088 - --safe-links Bypass > > > > Security: CVE-2024-12747 - symlink race condition > > > > > > > > PR: 284064 > > > > Reported by: osa > > > > > > > > (cherry picked from commit 6afdd4c669193f2041216071d5723e474ae041bf > ) > > > > --- > > > > net/rsync/Makefile | 4 ++-- > > > > net/rsync/distinfo | 10 +++++----- > > > > net/rsync/pkg-plist | 2 +- > > > > 3 files changed, 8 insertions(+), 8 deletions(-) > > > > > > > > diff --git a/net/rsync/Makefile b/net/rsync/Makefile > > > > index 4fefdced0380..996d4edd997e 100644 > > > > --- a/net/rsync/Makefile > > > > +++ b/net/rsync/Makefile > > > > @@ -1,5 +1,5 @@ > > > > PORTNAME= rsync > > > > -DISTVERSION= 3.3.0 > > > > +DISTVERSION= 3.4.0 > > > > CATEGORIES= net > > > > MASTER_SITES= https://www.mirrorservice.org/sites/rsync.samba.org/src > > > > / \ > > > > http://rsync.mirror.garr.it/src/ \ > > > > @@ -100,10 +100,10 @@ post-install: > > > > @${MKDIR} ${STAGEDIR}${ETCDIR} > > > > ${INSTALL_DATA} ${FILESDIR}/rsyncd.conf.sample ${STAGEDIR}${ETC > DIR}/ > > > > ${INSTALL_SCRIPT} ${WRKSRC}/support/rrsync ${STAGEDIR}${PREFIX} > /sbin > > > > - ${INSTALL_MAN} ${WRKSRC}/rrsync.1 ${STAGEDIR}${PREFIX}/share/ma > n/man1/ > > > > > > > > post-install-DOCS-on: > > > > @${MKDIR} ${STAGEDIR}${DOCSDIR} > > > > ${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDI > R} > > > > + ${INSTALL_DATA} ${WRKSRC}/support/rrsync.1.md ${STAGEDIR}${DOCS > DIR} > > > > > > > > .include <bsd.port.post.mk> > > > > diff --git a/net/rsync/distinfo b/net/rsync/distinfo > > > > index 2e28240fb164..afe59a503dff 100644 > > > > --- a/net/rsync/distinfo > > > > +++ b/net/rsync/distinfo > > > > @@ -1,5 +1,5 @@ > > > > -TIMESTAMP = 1712443181 > > > > -SHA256 (rsync-3.3.0.tar.gz) = 7399e9a6708c32d678a72a63219e96f23be0be23 > 36 > > e5 > > > 0f > > > > d1348498d07041df90 > > > > -SIZE (rsync-3.3.0.tar.gz) = 1153969 > > > > -SHA256 (rsync-patches-3.3.0.tar.gz) = 3dd51cd88d25133681106f68622ebedb > f1 > > 91 > > > ab > > > > 25a21ea336ba409136591864b0 > > > > -SIZE (rsync-patches-3.3.0.tar.gz) = 98487 > > > > +TIMESTAMP = 1736887703 > > > > +SHA256 (rsync-3.4.0.tar.gz) = 8e942f95a44226a012fe822faffa6c7fc38c3404 > 7a > > dd > > > 3a > > > > 0c941e9bc8b8b93aa4 > > > > +SIZE (rsync-3.4.0.tar.gz) = 1167983 > > > > +SHA256 (rsync-patches-3.4.0.tar.gz) = 51533dc5b9b4293d3499b673df185c93 > 48 > > 4f > > > 3e > > > > 6fcf2de52f9bf1f07fa3d7cbc1 > > > > +SIZE (rsync-patches-3.4.0.tar.gz) = 103831 > > > > diff --git a/net/rsync/pkg-plist b/net/rsync/pkg-plist > > > > index c0f2998051d5..6614a2d1b5a3 100644 > > > > --- a/net/rsync/pkg-plist > > > > +++ b/net/rsync/pkg-plist > > > > @@ -1,8 +1,8 @@ > > > > bin/rsync > > > > bin/rsync-ssl > > > > sbin/rrsync > > > > -share/man/man1/rrsync.1.gz > > > > share/man/man1/rsync.1.gz > > > > share/man/man1/rsync-ssl.1.gz > > > > share/man/man5/rsyncd.conf.5.gz > > > > +%%PORTDOCS%%%%DOCSDIR%%/rrsync.1.md > > > > @sample %%ETCDIR%%/rsyncd.conf.sample > > > > > > > > > > rsync appears to be broken. > > > > > > slippy# rsync -aHW --delete git-doc cwsys:`pwd` > > > ABORTING due to invalid path from sender: git-doc/website/shared > > > rsync error: requested action not supported (code 4) at flist.c(2693) > > > [generator=3.4.0] > > > slippy# > > > > > > Seems it can't handle symlinks anymore. > > > > > > > > > -- > > > Cheers, > > > Cy Schubert <Cy.Schubert@cschubert.com> > > > FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org > > > NTP: <cy@nwtime.org> Web: https://nwtime.org > > > > > > e^(i*pi)+1=0 > > > > > > > > > > > > > Another error: > > > > slippy# rsync -aHW --delete git-src cwsys:`pwd` > > Internal hashtable error: illegal key supplied! > > rsync error: errors with program diagnostics (code 13) at hashtable.c(88) > > [generator=3.4.0] > > slippy# > > It's the -H (preserve hard links) flag that's causing the issue. Without > the -H flag rsync will behave live cp -r, creating a new file for each > symlink rather than linking them. Certainly an issue upstream will need to > resolve. I reported this upstream (https://github.com/RsyncProject/rsync/issues/702). They have a pull request. The bug is related to another. I expect this to be fixed shortly, probably resulting in a new point release. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20250115153146.221C01B6>