Comment by jmclnx

Comment by jmclnx 3 days ago

5 replies

View on Hacker News

Slackware sent a fixed version of rsync out yesterday.

But I wonder of OpenBSD's openrsync has the same issue ? Or did that version avoid the issues when it was created ?

If it was avoided, seems OpenBSD was ahead of the curve again.

somat 3 days ago

openrsync is a neat story, it was made because they wanted to use rsync in the rpki system, but the standards body balked, saying they should not be using something where the standard was the implementation, so the openbsd folk(specifically Kristaps Dzonsons) stepped up and made a second rsync implementation so that the standards body could accept the protocol.

http://man.openbsd.org/rpki-client

Reply View 0 replies
ducktective 3 days ago

Debian issued a security update too:

  rsync (3.2.7-1+deb12u1) bookworm-security; urgency=high
Reply View 0 replies
cf100clunk 3 days ago

I'm running several Linux distros and package updates to rsync version 3.2.7 have showed up on all of them already. I can't comment on openrsync.

Reply View 0 replies
crest 3 days ago

Given the more permissive license openrsync would be in a pickle if they stole the vulnerable GPL code and claimed to redistribute it under BSD license instead of reimplementing the protocol.

Reply View 1 reply
  • snvzz 3 days ago

    Which is highly unlikely to happen in openbsd.

    Reply View 0 replies