Nam Nguyen: > Here is an update for net/rsync 3.2.4 based on tj@'s diff which does the > following: > - move to system zlib instead of bundled zlib
This requires an explanation. I seem to remember that rsync's bundled zlib is modified and the bitstream it produces is incompatible with standard zlib. Something something... -z -zz... ?? There are changes to the amd64 assembly optimizations: * We now need --enable-md5-asm, or we'll lose the MD5 asm. * We should try --enable-roll-simd --enable-roll-asm for the checksum asm. (I haven't looked closely how those configure options interact.) In 3.2.3, the configure test for the C++ intrinsics fails with an ld.so error...!? > I added LOCALSTATEDIR and SYSCONFDIR throughout rsync(1) and > rsyncd.conf(5) whenever they relate specfically to the rsync port. Hmm. How maintainable is that? Every port update, somebody needs to check the man pages for changes that may need tweaking. > 2. rrsync script switches from perl to python. I propose not bothering to > add python in RUN_DEPENDS for this optional functionality. That's actually a notable change. I agree that I don't want a package as basic as rsync to depend on python. > 3. Backport to -stable? naddy@ says rsync is not affected, but upstream > says it might be. > from NEWS: https://download.samba.org/pub/rsync/NEWS#SECURITY_FIXES-3.2.4 I'd say they simply merged in the fix and didn't worry whether there is an actual vulnerability. We could do that in -stable without pulling in the whole 3.2.4 update. -- Christian "naddy" Weisgerber na...@mips.inka.de
