new release 3.4.0 - critical security release

rsync.project rsync.project at gmail.com
Tue Jan 14 21:31:02 UTC 2025


the alloca comes from the new popt release. What system are you having an
issue with?


On Wed, 15 Jan 2025 at 07:16, <rsbecker at nexbridge.com> wrote:

> A new dependency was added since 3.3, alloca(), which is not portable. Is
> there a way around this?
>
> Thanks,
>
> Randall
>
>
>
> *From:* rsync <rsync-bounces at lists.samba.org> *On Behalf Of *rsync.project
> via rsync
> *Sent:* January 14, 2025 2:49 PM
> *To:* rsync-announce at lists.samba.org
> *Cc:* rsync at lists.samba.org
> *Subject:* new release 3.4.0 - critical security release
>
>
>
> We have just released version 3.4.0 of rsync. This release fixes 6
> security vulnerabilities found by two groups of security researchers.
>
>
>
> You can find the new release links here:
>
>
>
>  - https://rsync.samba.org/
>
>  - https://download.samba.org/pub/rsync/src/
>
>
>
> For details on the vulnerabilities please see this CERT advisory:
>
>
>
> https://kb.cert.org/vuls/id/952657
>
>
>
> The various distros should be doing security releases today
>
> Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at
> Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for
> discovering these vulnerabilities and working with the rsync project to
> develop and test fixes.
>
>
>
> Also many thanks to Wayne Davison for assisting with the release process
> as this is the first release I've done since 2002 when Wayne took over as
> the rsync maintainer.
>
>
>
> Andrew Tridgell
>
> rsync maintainer (again!)
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/rsync/attachments/20250115/004c900e/attachment.htm>


More information about the rsync mailing list