rsync has some really serious CVEs[1], but the 3.4.0 release with the fixes has regressions[2] that will break things for people. What to do?
[1]: https://www.openwall.com/lists/oss-security/2025/01/14/3
[2]: https://github.com/RsyncProject/rsync/issues/702
The obvious answer is:
- add the regression to the testsuite
- fix the regression
- submit a pull request
- move on
Too bad I have meetings...
Someone else added a test to the test suite, good enough to help me git bisect and fix the issue.
PR submitted: https://github.com/RsyncProject/rsync/pull/705
@ncopa Thanks, really kind of you