Date: Thu, 16 Jan 2025 15:12:59 -0800 From: Pete Wright <pete@nomadlogic.org> To: Martin <iio7@protonmail.com>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Serious rsync security issues Message-ID: <783f2706-f95f-4644-b8eb-5bf6926f3814@nomadlogic.org> In-Reply-To: <wZLuLkwazDCoRo0ZPIV8GRbRz_nELAq5DJlWTSWe3bXHAwG1tNABShCEL8zfFkAh9viyhGnNf1QvPnJcpWRuTbqMUE8tRD5XURUWrUaoTVs=@protonmail.com> References: <wZLuLkwazDCoRo0ZPIV8GRbRz_nELAq5DJlWTSWe3bXHAwG1tNABShCEL8zfFkAh9viyhGnNf1QvPnJcpWRuTbqMUE8tRD5XURUWrUaoTVs=@protonmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/16/25 15:02, Martin wrote: > I am going to point this to the message on the Arch Linux site, > but it's all over the net. > > https://archlinux.org/news/critical-rsync-security-release-340/ > > I am wondering why the FreeBSD rsync package been updated yet? > The ports tree updated rysnc to v3.4.0 on the 15th: commit 6afdd4c669193f2041216071d5723e474ae041bf Author: Rodrigo Osorio <rodrigo@FreeBSD.org> Date: Wed Jan 15 00:21:25 2025 +0100 net/rsync: update to 3.4.0 Then it was bumped to 3.4.1 on the 16th: commit 30167a14cc0602f041f7ace88b10b09f102d69e0 Author: Rodrigo Osorio <rodrigo@FreeBSD.org> Date: Thu Jan 16 07:43:36 2025 +0100 net/rsync: update to 3.4.1 package builders are chugging away, but if you are impacted its pretty trivial to build a local package and distribute it accordingly. this is what i did for my systems that have to run the rsync daemon. this is one of the benefits of the ports system, you as a site operator aren't completely dependent on the projects packages for updated binaries. -pete -- Pete Wright pete@nomadlogic.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?783f2706-f95f-4644-b8eb-5bf6926f3814>