"Brian Watters" writes:
> Just wanted to get some feedback from the list on v2.5.6. vs. 2.5.7 of RSYNC
> .. We have upgraded all of our Linux boxes to the latest version and see no
> issues at this time .. Our concern now is the Windows servers running 2.5.6
> of RSYNC .. Will this latest exploit against RSYNC have any affect on the
> Windows side of the house and using the old ver. Of RSYNC ??
I believe the exploit was a combination of rsync 2.5.6 and something in
the linux kernel. So I suspect 2.5.6 on cygwin is ok.
But we should build a new rsync 2.5.7 (in fact using cygwin 1.5.x
instead of 1.3.x to get large file support). I also need to put the
rsync and cygwin source code in the rsync package on sourceforge;
I have received some nasty-grammes about posting binary-only versions
of rsync+cygwin without the source (just having links in the README
is not adequate). TimD, do you have any time to do this?
There should be a new version of rsync coming out soon, so we will
need to do another release then.
In fact, someone else has created an rsync 2.5.7 with cygwin 1.5.x,
but I don't think it has my craig-perf performance patch, nor the
--fixed-csumseed option that is needed for checksum caching. The
good news is that the cygwin version used in this release apparently
solves the rsync+cygwin end-of-transfer hang problem. See: