From patchwork Fri May 1 14:25:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: auh@yoctoproject.org X-Patchwork-Id: 87350 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C74C4CD37BA for ; Fri, 1 May 2026 14:25:55 +0000 (UTC) Received: from a27-30.smtp-out.us-west-2.amazonses.com (a27-30.smtp-out.us-west-2.amazonses.com [54.240.27.30]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.15715.1777645540185683116 for ; Fri, 01 May 2026 07:25:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@yoctoproject.org header.s=j46ser6a2yusdzubpv7m7ewqgesde2ie header.b=L4Ws+oQt; dkim=pass header.i=@amazonses.com header.s=hsbnp7p3ensaochzwyq5wwmceodymuwv header.b=bP8IoAtA; spf=pass (domain: us-west-2.amazonses.com, ip: 54.240.27.30, mailfrom: 0101019de3ee697c-7b81cf7b-9257-4b71-a146-06cd2f7fe185-000000@us-west-2.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=j46ser6a2yusdzubpv7m7ewqgesde2ie; d=yoctoproject.org; t=1777645546; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date; bh=DEP7aXVh5A6YWGWdYBydjaZ+HhE10slm+6jzPJU4OrA=; b=L4Ws+oQt5/RtLPPzeT3o+6zeyj7Lt6q4WyQJfI+qQ3UfYGSrJdxnRBIUSymcfosk WT9/k5eM8kcgsfyZIJdhWd15qjlhT/PohPiyhOzpvI1eP2eIpm49nUOPQ5+lXahICRL WS1HGFr958QU3JQn/T5Fb996Dcbyyhw+ZG/iWbgw= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=hsbnp7p3ensaochzwyq5wwmceodymuwv; d=amazonses.com; t=1777645546; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date:Feedback-ID; bh=DEP7aXVh5A6YWGWdYBydjaZ+HhE10slm+6jzPJU4OrA=; b=bP8IoAtA1vW066k9zq8iflGwVe0ALwV97NMQIzUqCz50kT7tsyAXe3akkErEAmgi qmPg3gNCI6rA2yCkWJGPbIh5HbtrHBZP5JT7PaR5FMCmYRJg5knmyZqmuyjDQi6Ilob gryjMcvd/aMYL2M2Uem57VYYtJN6ZsyLGA8fpypo= MIME-Version: 1.0 From: auh@yoctoproject.org To: Yi Zhao Cc: openembedded-core@lists.openembedded.org Subject: [AUH] rsync: upgrading to 3.4.2 SUCCEEDED Message-ID: <0101019de3ee697c-7b81cf7b-9257-4b71-a146-06cd2f7fe185-000000@us-west-2.amazonses.com> Date: Fri, 1 May 2026 14:25:45 +0000 Feedback-ID: ::1.us-west-2.9np3MYPs3fEaOBysGKSlUD4KtcmPijcmS9Az2Hwf7iQ=:AmazonSES X-SES-Outgoing: 2026.05.01-54.240.27.30 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 01 May 2026 14:25:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/236254 Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe(s) *rsync* to *3.4.2* has Succeeded. Next steps: - apply the patch: git am 0001-rsync-upgrade-3.4.1-3.4.2.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From 5238c60f8f11e075a8f25dc2908d863118574bfd Mon Sep 17 00:00:00 2001 From: Upgrade Helper Date: Fri, 1 May 2026 10:02:15 +0000 Subject: [PATCH] rsync: upgrade 3.4.1 -> 3.4.2 --- ...-prototypes-to-function-declarations.patch | 68 +++---------------- .../rsync/files/CVE-2025-10158.patch | 36 ---------- .../rsync/files/determism.patch | 4 +- .../rsync/files/makefile-no-rebuild.patch | 6 +- .../rsync/{rsync_3.4.1.bb => rsync_3.4.2.bb} | 3 +- 5 files changed, 16 insertions(+), 101 deletions(-) delete mode 100644 meta/recipes-devtools/rsync/files/CVE-2025-10158.patch rename meta/recipes-devtools/rsync/{rsync_3.4.1.bb => rsync_3.4.2.bb} (95%) diff --git a/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch b/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch index 3011308c61..e6d3578e85 100644 --- a/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch +++ b/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch @@ -1,4 +1,4 @@ -From 073caa67f2aa221de113a21f8105940421a2da90 Mon Sep 17 00:00:00 2001 +From 46cbe5b70b5cbf981cf693137ac081cacbbb2e2a Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Mon, 29 Aug 2022 19:53:28 -0700 Subject: [PATCH] Add missing prototypes to function declarations @@ -17,20 +17,17 @@ Upstream-Status: Submitted [https://lists.samba.org/archive/rsync/2022-August/03 Signed-off-by: Khem Raj Signed-off-by: Archana Polampalli --- - checksum.c | 2 +- - exclude.c | 2 +- - log.c | 2 +- - main.c | 2 +- - zlib/crc32.c | 2 +- - zlib/trees.c | 2 +- - zlib/zutil.c | 4 ++-- - 7 files changed, 8 insertions(+), 8 deletions(-) + checksum.c | 2 +- + exclude.c | 2 +- + log.c | 2 +- + main.c | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/checksum.c b/checksum.c -index 66e8089..b24b202 100644 +index 24e46bf..6ae3178 100644 --- a/checksum.c +++ b/checksum.c -@@ -779,7 +779,7 @@ static void verify_digest(struct name_num_item *nni, BOOL check_auth_list) +@@ -778,7 +778,7 @@ static void verify_digest(struct name_num_item *nni, BOOL check_auth_list) } #endif @@ -40,7 +37,7 @@ index 66e8089..b24b202 100644 #if defined SUPPORT_XXH3 || defined USE_OPENSSL struct name_num_item *nni; diff --git a/exclude.c b/exclude.c -index 87edbcf..ae0de2f 100644 +index 24de64f..a787488 100644 --- a/exclude.c +++ b/exclude.c @@ -363,7 +363,7 @@ void implied_include_partial_string(const char *s_start, const char *s_end) @@ -66,7 +63,7 @@ index e4ba1cc..8482b71 100644 int options = LOG_PID; diff --git a/main.c b/main.c -index 4f070ac..f59eaec 100644 +index ccad28a..bbb09ba 100644 --- a/main.c +++ b/main.c @@ -246,7 +246,7 @@ void read_del_stats(int f) @@ -78,48 +75,3 @@ index 4f070ac..f59eaec 100644 { char *gname; uid_t uid; -diff --git a/zlib/crc32.c b/zlib/crc32.c -index 05733f4..50c6c02 100644 ---- a/zlib/crc32.c -+++ b/zlib/crc32.c -@@ -187,7 +187,7 @@ local void write_table(out, table) - /* ========================================================================= - * This function can be used by asm versions of crc32() - */ --const z_crc_t FAR * ZEXPORT get_crc_table() -+const z_crc_t FAR * ZEXPORT get_crc_table(void) - { - #ifdef DYNAMIC_CRC_TABLE - if (crc_table_empty) -diff --git a/zlib/trees.c b/zlib/trees.c -index 9c66770..0d9047e 100644 ---- a/zlib/trees.c -+++ b/zlib/trees.c -@@ -231,7 +231,7 @@ local void send_bits(s, value, length) - /* =========================================================================== - * Initialize the various 'constant' tables. - */ --local void tr_static_init() -+local void tr_static_init(void) - { - #if defined(GEN_TREES_H) || !defined(STDC) - static int static_init_done = 0; -diff --git a/zlib/zutil.c b/zlib/zutil.c -index bbba7b2..61f8dc9 100644 ---- a/zlib/zutil.c -+++ b/zlib/zutil.c -@@ -27,12 +27,12 @@ z_const char * const z_errmsg[10] = { - ""}; - - --const char * ZEXPORT zlibVersion() -+const char * ZEXPORT zlibVersion(void) - { - return ZLIB_VERSION; - } - --uLong ZEXPORT zlibCompileFlags() -+uLong ZEXPORT zlibCompileFlags(void) - { - uLong flags; - diff --git a/meta/recipes-devtools/rsync/files/CVE-2025-10158.patch b/meta/recipes-devtools/rsync/files/CVE-2025-10158.patch deleted file mode 100644 index 1c5661d35b..0000000000 --- a/meta/recipes-devtools/rsync/files/CVE-2025-10158.patch +++ /dev/null @@ -1,36 +0,0 @@ -From c2ff1647b1d9a0b92b73af106ce133490306e886 Mon Sep 17 00:00:00 2001 -From: Andrew Tridgell -Date: Sat, 23 Aug 2025 17:26:53 +1000 -Subject: [PATCH] fixed an invalid access to files array - -this was found by Calum Hutton from Rapid7. It is a real bug, but -analysis shows it can't be leverged into an exploit. Worth fixing -though. - -Many thanks to Calum and Rapid7 for finding and reporting this - -CVE: CVE-2025-10158 - -Upstream-Status: Backport [https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f] - -Signed-off-by: Liyin Zhang ---- - sender.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/sender.c b/sender.c -index a4d46c39..b1588b70 100644 ---- a/sender.c -+++ b/sender.c -@@ -262,6 +262,8 @@ void send_files(int f_in, int f_out) - - if (ndx - cur_flist->ndx_start >= 0) - file = cur_flist->files[ndx - cur_flist->ndx_start]; -+ else if (cur_flist->parent_ndx < 0) -+ exit_cleanup(RERR_PROTOCOL); - else - file = dir_flist->files[cur_flist->parent_ndx]; - if (F_PATHNAME(file)) { --- -2.51.2 - diff --git a/meta/recipes-devtools/rsync/files/determism.patch b/meta/recipes-devtools/rsync/files/determism.patch index f915d658c8..fd96b873c8 100644 --- a/meta/recipes-devtools/rsync/files/determism.patch +++ b/meta/recipes-devtools/rsync/files/determism.patch @@ -1,4 +1,4 @@ -From 41b859a9df9611b7b3f6cbe28af47118d947080f Mon Sep 17 00:00:00 2001 +From b810d78a9327b5b313ebc0aa1a0b155de7c10afd Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Sun, 21 Feb 2021 09:45:48 +0000 Subject: [PATCH] rsync: Fix a file sorting determinism issue @@ -25,7 +25,7 @@ https://github.com/WayneD/rsync/commit/d3085f7add38a5cf833a0b31cb0637ff46c80f8d 1 file changed, 5 insertions(+) diff --git a/Makefile.in b/Makefile.in -index 1d13e8c..2c5cf99 100644 +index 80e9d72..a7d313c 100644 --- a/Makefile.in +++ b/Makefile.in @@ -27,6 +27,11 @@ MKDIR_P=@MKDIR_P@ diff --git a/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch b/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch index 42af4c55d0..fb195b1e68 100644 --- a/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch +++ b/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch @@ -1,4 +1,4 @@ -From 603e5862cca832ae925d0c92a8654a57caff5910 Mon Sep 17 00:00:00 2001 +From 0608f5ebb26e2e474867bec6c3d67dfd0a7663f0 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Tue, 12 Apr 2016 15:51:54 +0100 Subject: [PATCH] rsync: remove upstream's rebuild logic @@ -13,10 +13,10 @@ Signed-off-by: Ross Burton 1 file changed, 54 deletions(-) diff --git a/Makefile.in b/Makefile.in -index 7c75c26..1d13e8c 100644 +index c2fe775..80e9d72 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -184,60 +184,6 @@ conf: configure.sh config.h.in +@@ -185,60 +185,6 @@ conf: configure.sh config.h.in .PHONY: gen gen: conf proto.h man git-version.h diff --git a/meta/recipes-devtools/rsync/rsync_3.4.1.bb b/meta/recipes-devtools/rsync/rsync_3.4.2.bb similarity index 95% rename from meta/recipes-devtools/rsync/rsync_3.4.1.bb rename to meta/recipes-devtools/rsync/rsync_3.4.2.bb index 509be486b8..5fe1bc2c2b 100644 --- a/meta/recipes-devtools/rsync/rsync_3.4.1.bb +++ b/meta/recipes-devtools/rsync/rsync_3.4.2.bb @@ -15,9 +15,8 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://makefile-no-rebuild.patch \ file://determism.patch \ file://0001-Add-missing-prototypes-to-function-declarations.patch \ - file://CVE-2025-10158.patch \ " -SRC_URI[sha256sum] = "2924bcb3a1ed8b551fc101f740b9f0fe0a202b115027647cf69850d65fd88c52" +SRC_URI[sha256sum] = "ff10aa2c151cd4b2dbbe6135126dbc854046113d2dfb49572a348233267eb315" # Out-of-tree builds don't install the documentation currently # https://github.com/RsyncProject/rsync/issues/846