CVS commit: [pkgsrc-2024Q4] pkgsrc/net/rsync

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2024Q4] pkgsrc/net/rsync
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Thu, 16 Jan 2025 19:31:19 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Thu Jan 16 19:31:19 UTC 2025

Modified Files:
        pkgsrc/net/rsync [pkgsrc-2024Q4]: Makefile distinfo

Log Message:
Pullup ticket #6931 - requested by leot
net/rsync: security fix

Revisions pulled up:
- net/rsync/Makefile                                            1.129-1.130
- net/rsync/distinfo                                            1.62-1.63

---
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Tue Jan 14 19:30:05 UTC 2025

   Modified Files:
           pkgsrc/net/rsync: Makefile distinfo

   Log Message:
   rsync: update to 3.4.0.

   Release 3.4.0 is a security release that fixes a number of important vulnerabilities.

   For more details on the vulnerabilities please see the CERT report
   https://kb.cert.org/vuls/id/952657

   ## Changes in this version:

   ### PROTOCOL NUMBER:

    - The protocol number was changed to 32 to make it easier for
      administrators to check their servers have been updated

   ### SECURITY FIXES:

   Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at
   Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for
   discovering these vulnerabilities and working with the rsync project
   to develop and test fixes.

   - CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing.

   - CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats ASLR.

   - CVE-2024-12086 - Server leaks arbitrary client files.

   - CVE-2024-12087 - Server can make client write files outside of destination directory using symbolic links.

   - CVE-2024-12088 - --safe-links Bypass.

   - CVE-2024-12747 - symlink race condition.

   ### BUG FIXES:

   - Fixed the included popt to avoid a memory error on modern gcc versions.

   - Fixed an incorrect extern variable's type that caused an ACL issue on macOS.

   - Fixed IPv6 configure check

   ### INTERNAL:

   - Updated included popt to version 1.19.

   ### DEVELOPER RELATED:

   - Various improvements to the release scripts and git setup.

   - Improved packaging/var-checker to identify variable type issues.

   - added FreeBSD and Solaris CI builds

---
   Module Name: pkgsrc
   Committed By:        tnn
   Date:                Thu Jan 16 01:04:40 UTC 2025

   Modified Files:
        pkgsrc/net/rsync: Makefile distinfo

   Log Message:
   rsync: bump to 3.4.1

   The 3.4.0 distfile was revoked by upstream due to regressions in
   the build on some platforms.


To generate a diff of this commit:
cvs rdiff -u -r1.128 -r1.128.6.1 pkgsrc/net/rsync/Makefile
cvs rdiff -u -r1.61 -r1.61.4.1 pkgsrc/net/rsync/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/rsync/Makefile
diff -u pkgsrc/net/rsync/Makefile:1.128 pkgsrc/net/rsync/Makefile:1.128.6.1
--- pkgsrc/net/rsync/Makefile:1.128     Wed May 22 09:49:36 2024
+++ pkgsrc/net/rsync/Makefile   Thu Jan 16 19:31:19 2025
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.128 2024/05/22 09:49:36 bouyer Exp $
+# $NetBSD: Makefile,v 1.128.6.1 2025/01/16 19:31:19 bsiegert Exp $
 
-DISTNAME=      rsync-3.3.0
-PKGREVISION=   1
+DISTNAME=      rsync-3.4.1
 CATEGORIES=    net
 MASTER_SITES=  http://rsync.samba.org/ftp/rsync/
 MASTER_SITES+= http://rsync.samba.org/ftp/rsync/old-versions/

Index: pkgsrc/net/rsync/distinfo
diff -u pkgsrc/net/rsync/distinfo:1.61 pkgsrc/net/rsync/distinfo:1.61.4.1
--- pkgsrc/net/rsync/distinfo:1.61      Mon Jul 15 17:20:03 2024
+++ pkgsrc/net/rsync/distinfo   Thu Jan 16 19:31:19 2025
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.61 2024/07/15 17:20:03 hauke Exp $
+$NetBSD: distinfo,v 1.61.4.1 2025/01/16 19:31:19 bsiegert Exp $
 
-BLAKE2s (rsync-3.3.0.tar.gz) = 0b750564ba4fac3d52f0855633d8976902d040f335012bb99a72d7f95f7992e7
-SHA512 (rsync-3.3.0.tar.gz) = df5c53bc2f2b0e7e30f475903e5e4296dc2fbcf08e9ea6c3c61462d0e52b067c27e82deeb4be79102c86e9aa55a825182e126f22df44dabf5b7328acb2a01d10
-Size (rsync-3.3.0.tar.gz) = 1153969 bytes
+BLAKE2s (rsync-3.4.1.tar.gz) = 7a433af3dc309baa0573a8d204ae492da6a49d7b7aa19d31675d2717c4b5c2c8
+SHA512 (rsync-3.4.1.tar.gz) = a3ecde4843ddb795308dca88581b868ac0221eb6f88a1477d7a9a2ecb4e4686042966bdddbab40866f90a4715d3104daa7b83222ddf0f3387b796a86bde8e5c2
+Size (rsync-3.4.1.tar.gz) = 1172739 bytes
 SHA1 (patch-Makefile.in) = 34c3cc57846e451a0adbd19fcb19ae682b7e1ae3
 SHA1 (patch-acls.c) = 9be60c0c1abedc961fa95bba2bb23d802a09bc62

Prev by Date: CVS commit: [pkgsrc-2024Q4] pkgsrc/emulators/picodrive
Next by Date: CVS commit: [pkgsrc-2024Q4] pkgsrc/doc
Previous by Thread: CVS commit: [pkgsrc-2024Q4] pkgsrc/emulators/picodrive
Next by Thread: CVS commit: [pkgsrc-2024Q4] pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index