Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Apr 2016 13:58:29 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 208934] sysutils/rdiff-backup patch allowing use of non-vulnerable net/librsync1
Message-ID:  <bug-208934-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D208934

            Bug ID: 208934
           Summary: sysutils/rdiff-backup patch allowing use of
                    non-vulnerable net/librsync1
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs@FreeBSD.org
          Reporter: mvoorhis@cs.wpi.edu
                CC: bdrewery@FreeBSD.org, udvzsolt@gmail.com
                CC: bdrewery@FreeBSD.org, udvzsolt@gmail.com

Created attachment 169491
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D169491&action=
=3Dedit
patch file for altering _librsyncmodule.c, taken with credit from fedora

sysutils/rdiff-backup which is very useful depends on the insecure
net/librsync.  The logical step is to move from old net/librsync to the new
net/librsync1, but this introduces a compile-time error breaking the port.

The same compiler error exists for both ports sysutils/rdiff-backup and
sysutils/rdiff-backup-devel; both errors are corrected by the same patch.

A possible solution is to add the patchfile (attached), and alter the Makef=
ile
for both rdiff-backup ports (sysutils/rdiff-backup*/Makefile) changing the
LIB_DEPENDS from net/librsync to net/librsync1 (i.e., add the number "1" to=
 the
end of that line in the Makefile).

Potential problems:

a) net/librsync and net/librsync1 cannot co-exist on a system

b) the old, vulnerable net/librsync is required by (according to FreshPorts=
):

  devel/codeblocks
  sysutils/duplicity

in addition to the two rdiff-backup ports.

I would think that the maintainers of those two ports might consider moving
away from the insecure-and-unmaintained net/librsync to the newer
net/librsync1.

Thanks for reading,

--MCV.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-208934-13>