3.2.0 includes security updates, relevant if rsync uses the bundled zlib library (and not system (ports version)):
Various zlib fixes, including security fixes for CVE-2016-9843, CVE-2016-9842,
CVE-2016-9841, and CVE-2016-9840.
3.1.3 contains security fixes too:
Fixed a buffer overrun in the protocol's handling of xattr names and ensure
that the received name is null terminated.
Fix an issue with ‑‑protect-args where the user could specify the arg in the
protected-arg list and short-circuit some of the arg-sanitizing code.
*** Bug 247796 has been marked as a duplicate of this bug. ***
The Patch since 3.2.0 RC, and will be pushed in the next days.
I just wanna wait a couple of days since the rsync developers still fixing their 3.2.X releases (3.2.0, 3.2.1, 3.2.2) and a 3.2.3 seems to be on the go.
Regarding security fixes, they are all from from 2016/2017. So no reason to rush and update and break rsync.
Done, thanks for the heads up
@Rodrigo Can you reference the "ports rXXXXXXX" for the VuXML entry, head commit and MFH (merge) please
With 3.2.2 I find that the build fails if I turn off ICONV
checking for library containing MD5_Init... -lcrypto
checking whether to enable xxhash checksum support... no
configure.sh: error: Failed to find xxhash.h for xxhash checksum support.
Use --disable-xxhash to continue without it.
If I add --disable-xxhash it still fails:
checking whether to enable zstd compression... no
configure.sh: error: Failed to find zstd.h for zstd compression support.
Use --disable-zstd to continue without it.
checking whether to enable LZ4 compression... no
configure.sh: error: Failed to find lz4.h for lz4 compression support.
Use --disable-lz4 to continue without it.
And I guess I don't want to disable zstd or lz4 compression so I stopped pulling the thread and enabled ICONV.