Package: rsync Version: 3.4.1+ds1-7 Severity: normal X-Debbugs-Cc: [email protected]
Hi. The current version of rsync is 3.4.1, from stable to sid. It was released on 2025-01-16. That means it includes the following commit: commit 0590b09d9a34ae72741b91ec0708a820650198b0 Author: Andrew Tridgell <[email protected]> Date: 2024-12-18 08:59:42 +1100 fixed symlink race condition in sender when we open a file that we don't expect to be a symlink use O_NOFOLLOW to prevent a race condition where an attacker could change a file between being a normal file and a symlink but not this one: commit 992e10efaf42d9ec3dd43431350accf1becc1d00 Author: Krzysztof PĆocharz <[email protected]> Date: 2025-01-27 17:20:47 +0100 Fix --open-noatime option not working on files atime of source files could sometimes be overwritten even though --open-noatime option was used. To fix that, optional O_NOATIME flag was added to do_open_nofollow which is also used to open regular files since fix: "fixed symlink race condition in sender" Previously optional O_NOATIME flag was only in do_open. As a result, the --open-noatime is broken (except when copying symlinks targets). Please consider applying the second commit to the Debian version. Regards, -- Nicolas George -- System Information: Debian Release: forky/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'testing'), (500, 'stable'), (50, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.17.13+deb14-amd64 (SMP w/28 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages rsync depends on: ii init-system-helpers 1.69 ii libacl1 2.3.2-2+b2 ii libc6 2.42-11+b1 ii liblz4-1 1.10.0-6 ii libpopt0 1.19+dfsg-2+b1 ii libssl3t64 3.5.5-1 ii libxxhash0 0.8.3-2+b1 ii libzstd1 1.5.7+dfsg-3+b1 ii zlib1g 1:1.3.dfsg+really1.3.1-1+b2 rsync recommends no packages. Versions of packages rsync suggests: ii openssh-client 1:10.2p1-3 ii openssh-server 1:10.2p1-3 ii python3 3.13.9-3 pn python3-braceexpand <none> -- no debconf information
