"T.J. Townsend" writes:
>> https://www.openwall.com/lists/oss-security/2022/08/02/1
>> https://github.com/WayneD/rsync/commit/b7231c7d02.patch
Here is a diff that updates to 3.2.5pre1 to cover tj@'s backported fix +
additional related fixes. This way, no local patches are needed. I am a
bit concerned about the stability of rsync 3.2.5 since it is a
prerelease and the "false alerts" from the announcement. It might be
worth it in this case?
announcement:
https://lists.samba.org/archive/rsync-announce/2022/000112.html
>
> Updated diff that also fixes CVE-2022-37434 in the bundled zlib:
zlib fix is not needed because inflateGetHeader is not called. "NOTE:
only applications that call inflateGetHeader are affected."
see: https://www.cve.org/CVERecord?id=CVE-2022-37434
OK?
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/rsync/Makefile,v
retrieving revision 1.93
diff -u -p -u -p -r1.93 Makefile
--- Makefile 23 May 2022 00:24:58 -0000 1.93
+++ Makefile 6 Aug 2022 03:42:44 -0000
@@ -1,6 +1,6 @@
COMMENT = mirroring/synchronization over low bandwidth links
-DISTNAME = rsync-3.2.4
+DISTNAME = rsync-3.2.5pre1
CATEGORIES = net
HOMEPAGE = https://rsync.samba.org/
@@ -12,8 +12,7 @@ PERMIT_PACKAGE = Yes
WANTLIB = c crypto
-MASTER_SITES = https://rsync.samba.org/ftp/rsync/src/ \
- https://ftp.funet.fi/pub/mirrors/samba.org/pub/rsync/src/
+MASTER_SITES = https://rsync.samba.org/ftp/rsync/src-previews/
MODULES = lang/python
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/rsync/distinfo,v
retrieving revision 1.32
diff -u -p -u -p -r1.32 distinfo
--- distinfo 23 May 2022 00:24:58 -0000 1.32
+++ distinfo 6 Aug 2022 03:42:44 -0000
@@ -1,2 +1,2 @@
-SHA256 (rsync-3.2.4.tar.gz) = b3YYONCAUrC2V5z39nN9k+R/AfTaBMXSTTRHt/Kl+tE=
-SIZE (rsync-3.2.4.tar.gz) = 1114853
+SHA256 (rsync-3.2.5pre1.tar.gz) = wBhH4x3zI183EQMLxNIP3xkhi0zTzTthj0WcD0K1YjY=
+SIZE (rsync-3.2.5pre1.tar.gz) = 1126641
No comments:
Post a Comment