On Mon, Jan 13, 2020, 17:23 Christian Hesse <l...@eworm.de> wrote: > Hello everybody, > > to date we ship rsync with bundled zlib to keep compatibility with rsync > up to version 3.1.0 and it's old-style --compress option. This is no longer > required with rsync 3.1.1, which was released on 2014-06-22 - nearly six > years ago! > The bundled zlib carries some security issues, so time to act - one way > or another. > > Even old-stable Debian Jessie [0] has rsync version 3.1.1. So any concern > to > finally drop bundled zlib and use system zlib? > > I would suggest to post a news item, feel free to give thoughts and > feedback. > > --- >8 --- > rsync compatibility > > Our `rsync` package was shipped with bundled `zlib` to provide > compatibility > with old-style `--compress` option up to version 3.1.0. Version 3.1.1 was > released on 2014-06-22 and is shipped by all major distributions now. > > So we decided to finally drop the bundled library and ship a package with > system `zlib`. Go and blame those running old versions if you encounter > errors with `rsync 3.1.3-3`. > --- >8 --- > > [0] https://packages.debian.org/de/jessie/rsync > -- > main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" > "CX:;",b;for(a/* Best regards my address: */=0;b=c[a++];) > putchar(b-1/(/* Chris cc -ox -xc - && ./x > */b/42*2-3)*42);} >
+1 to idea and +1 to news item. Maybe make users aware of the security implications of the bundled zlib. >