Re: Serious rsync security issues

Reply: Robert : "Re: Serious rsync security issues"
In reply to: Martin : "Serious rsync security issues"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Pete Wright <pete_at_nomadlogic.org>
Date: Thu, 16 Jan 2025 23:12:59 UTC

On 1/16/25 15:02, Martin wrote:
> I am going to point this to the message on the Arch Linux site,
> but it's all over the net.
> 
> https://archlinux.org/news/critical-rsync-security-release-340/
> 
> I am wondering why the FreeBSD rsync package been updated yet?
> 

The ports tree updated rysnc to v3.4.0 on the 15th:

commit 6afdd4c669193f2041216071d5723e474ae041bf
Author: Rodrigo Osorio <rodrigo@FreeBSD.org>
Date:   Wed Jan 15 00:21:25 2025 +0100

     net/rsync: update to 3.4.0

Then it was bumped to 3.4.1 on the 16th:
commit 30167a14cc0602f041f7ace88b10b09f102d69e0
Author: Rodrigo Osorio <rodrigo@FreeBSD.org>
Date:   Thu Jan 16 07:43:36 2025 +0100

     net/rsync: update to 3.4.1

package builders are chugging away, but if you are impacted its pretty 
trivial to build a local package and distribute it accordingly.  this is 
what i did for my systems that have to run the rsync daemon.  this is 
one of the benefits of the ports system, you as a site operator aren't 
completely dependent on the projects packages for updated binaries.

-pete

-- 
Pete Wright
pete@nomadlogic.org