2118202 – rsync-3.2.5 is available

Bug 2118202 - rsync-3.2.5 is available

Summary: rsync-3.2.5 is available

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rsync
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Michal Ruprich
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-08-14 23:47 UTC by Upstream Release Monitoring
Modified:	2022-08-31 10:14 UTC (History)
CC List:	5 users (show)
Fixed In Version:	rsync-3.2.5-1.fc36 rsync-3.2.5-1.fc35
Clone Of:
Environment:
Last Closed:	2022-08-18 02:03:56 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Upstream Release Monitoring 2022-08-14 23:47:10 UTC

Releases retrieved: 3.2.5
Upstream release that is considered latest: 3.2.5
Current version/release in rawhide: 3.2.4-5.fc37
URL: https://rsync.samba.org

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/4217/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/rsync

Comment 1 Upstream Release Monitoring 2022-08-14 23:47:16 UTC

Scratch build failed. Details below:

GenericError: File upload failed: cli-build/1660520835.4037905.ucAUkBDJ/rsync-3.2.5-1.fc36.src.rpm
Traceback:
  File "/usr/local/lib/python3.10/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
    result = self.builder.build(request.package, request.opts)
  File "/usr/local/lib/python3.10/site-packages/hotness/builders/koji.py", line 198, in build
    output["build_id"] = self._scratch_build(session, package.name, srpm)
  File "/usr/local/lib/python3.10/site-packages/hotness/builders/koji.py", line 451, in _scratch_build
    session.uploadWrapper(source, serverdir)
  File "/usr/lib/python3.10/site-packages/koji/__init__.py", line 3073, in uploadWrapper
    self.fastUpload(localfile, path, name, callback, blocksize, overwrite, volume=volume)
  File "/usr/lib/python3.10/site-packages/koji/__init__.py", line 3008, in fastUpload
    raise GenericError("File upload failed: %s/%s" % (path, name))

If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues

Comment 2 Xose Vazquez Perez 2022-08-15 14:37:59 UTC

(In reply to Upstream Release Monitoring from comment #0)
> Releases retrieved: 3.2.5
> Upstream release that is considered latest: 3.2.5
> Current version/release in rawhide: 3.2.4-5.fc37
> URL: https://rsync.samba.org
> Based on the information from Anitya: https://release-monitoring.org/project/4217/

NEWS for rsync 3.2.5 (14 Aug 2022) 

Changes in this version:

* SECURITY FIXES:

- Added some file-list safety checking that helps to ensure that a rogue
  sending rsync can't add unrequested top-level names and/or include recursive
  names that should have been excluded by the sender. These extra safety checks
  only require the receiver rsync to be updated. When dealing with an untrusted
  sending host, it is safest to copy into a dedicated destination directory for
  the remote content (i.e. don't copy into a destination directory that contains
  files that aren't from the remote host unless you trust the remote host). Fixes
  CVE-2022-29154.

- A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).

Comment 3 Fedora Update System 2022-08-16 11:44:23 UTC

FEDORA-2022-15da0cf165 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-15da0cf165

Comment 4 Fedora Update System 2022-08-16 11:44:30 UTC

FEDORA-2022-25e4dbedf9 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-25e4dbedf9

Comment 5 Fedora Update System 2022-08-17 01:53:45 UTC

FEDORA-2022-15da0cf165 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-15da0cf165`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-15da0cf165

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 6 Fedora Update System 2022-08-17 02:03:08 UTC

FEDORA-2022-25e4dbedf9 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-25e4dbedf9`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-25e4dbedf9

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 7 Fedora Update System 2022-08-18 02:03:56 UTC

FEDORA-2022-25e4dbedf9 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 8 Fedora Update System 2022-08-31 10:14:47 UTC

FEDORA-2022-15da0cf165 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.