What is package rsync-3.4.1, rsync version 3.4.1 protocol version 32? KEYWORDS: rsync-3.4.1 rsync version 3.4.1 protocol version 32 RELEASE: UnixWare 7 Definitive D2M1 with MP1 or SCO OpenServer 6 Definitive D2M1 with oss726j or later. Rsync is a fast and extraordinarily versatile file copying tool for both remote and local files. Rsync uses a delta-transfer algorithm which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files are present at one of the ends of the link beforehand. At first glance this may seem impossible because the calculation of diffs between two files normally requires local access to both files. ---------------------------------------------------------- Changes between rsync-3.1.2 and rsync-3.4.1 Numersous bug fixes and enhancements documented in /usr/share/doc/packages/rsync/NEWS.md Security fixes in rsync-3.4.1 - CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing. - CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats ASLR. - CVE-2024-12086 - Server leaks arbitrary client files. - CVE-2024-12087 - Server can make client write files outside of destination directory using symbolic links. - CVE-2024-12088 - --safe-links Bypass. - CVE-2024-12747 - symlink race condition. - Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). Fixes CVE-2022-29154. - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). - A fix for CVE-2018-25032 in the bundled zlib (memory corruption issue). - Fixed a buffer overrun in the protocol's handling of xattr names and ensure that the received name is null terminated. - Fix an issue with `--protect-args` where the user could specify the arg in the protected-arg list and short-circuit some of the arg-sanitizing code. ---------------------------------------------------------- I. Software Notes and Recommendations rsync should only be installed on: UnixWare 7 Definitive D2M1 with MP1 or SCO OpenServer 6 Definitive D2M1 with oss726j or later. Dependencies: openssl OpenSSL 3.0.15 Xinuoslibiconv GNU LIBICONV - character set conversion lib 1.17 Xinuoslz4 LZ4 - Extremely fast compression 1.9.3 Xinuoszstd zstd 1.5.2 Xinuosxxhash xxHash - Extremely fast hash algorithm 0.8.3 ---------------------------------------------------------- II. Installation Instructions To install rsync-3.4.1 follow these steps: 1. Login as root 2. Download the rsync-3.4.1-UnixWare-i386.pkg.xz file to the /tmp directory on your machine. 3. After the download is complete, change to /tmp and run the following to command(s) to verify the integrity of the download: sha256 rsync-3.4.1-UnixWare-i386.pkg.xz The output should be: SHA256 (rsync-3.4.1-UnixWare-i386.pkg.xz) = a64886ac2baa1ae6719a8e96e1fe8b667dd7988fb2e78e072f186d4c8cfd4f03 4. After verifying the sums match, As root, add the package to your system using these commands: $ su - Password: # xzcat rsync-3.4.1-UnixWare-i386.pkg.xz | pkgadd -d - Alternatively, this package may be installed in quiet mode by using these commands: $ su - Password: # xzcat rsync-3.4.1-UnixWare-i386.pkg.xz | pkgadd -qd - all 5. Installation of package rsync-3.4.1 is now complete. 6. Once the installation has completed, you can remove or archive rsync-3.4.1-UnixWare-i386.pkg.xz downloaded in step 2. 7. There is no need to reboot the system after installing this package. ---------------------------------------------------------- III. Removal Instructions Note: Packages must be removed in the reverse order in which they were installed due to dependencies. 1. As root, remove the package using these commands: $ su - Password: # pkgrm rsync 2. There is no need to reboot the system after removing this package. If you have questions regarding this package, or the product on which it is installed, please contact your software supplier. ------------------------------------------------------------------------------- (C) Copyright 2025 Xinuos, Inc. All Rights Reserved.