Change log for rsync package in Ubuntu
| 1 → 50 of 107 results | First • Previous • Next • Last |
rsync (3.1.3-8ubuntu0.7) focal; urgency=medium
* d/p/add-trust-sender-option-docs.patch: Add manpage and help documentation
for the --trust-sender option (LP: #2028810)
Available diffs
| Superseded in focal-proposed |
rsync (3.1.3-8ubuntu0.6) focal; urgency=medium
* d/p/add-trust-sender-option.patch: Add --trust-sender argument to decrease
overhead when transferring files (LP: #2028810)
In order to mitigate the performance decrease experienced by the security
update blocking arbitrary file writes by remote servers, this update allows
users the option to inherently trust the remote server instead. The
--trust-sender argument tells the local server to trust the remote server's
file list, leading to a speedup in transfer speed since the extra checks
are no longer needed. The argument should only be used when transferring
between two controlled servers though, to avoid arbitrary file access from
a malicious server.
-- Lena Voytek <email address hidden> Fri, 28 Jul 2023 07:53:51 -0700
Available diffs
rsync (3.2.7-0ubuntu0.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: arbitrary file write via malicious remote servers
- Updated to 3.2.7 to fix security issue and multiple regressions
caused by the original security fixes.
- debian/patches: Added two additional upstream patches:
+ trust_the_sender_on_a_local_transfer.patch
+ avoid_quoting_of_tilde_when_its_a_destination_arg.patch
- Removed patches no longer needed with 3.2.7:
+ CVE-2020-14387.patch, fix_ftcbfs_configure.patch,
fix_delay_updates.patch, copy-devices.diff,
workaround_glibc_lchmod_regression.patch,
manpage_upstream_fixes.patch, fix_mkpath.patch,
fix_sparse_inplace.patch, update_rrsync_options.patch,
fix_rsync-ssl_RSYNC_SSL_CERT_feature.patch,
avoid_spurious_is_newer_messages_with_update.patch.
- debian/control, debian/rules, debian/rsync.install,
debian/rsync.links: ship new python-based rrsync.
- debian/rsync.install: cull_options has been renamed to cull-options.
- CVE-2022-29154
-- Marc Deslauriers <email address hidden> Mon, 27 Feb 2023 14:36:14 -0500
Available diffs
rsync (3.1.2-2.1ubuntu1.6) bionic-security; urgency=medium
* SECURITY UPDATE: arbitrary file write via malicious remote servers
- d/p/z-CVE-2022-29154-{1,2}.diff: backported patches to fix the issue.
- d/p/z-CVE-2022-29154-3.diff: added additional patch to fix
regression.
- CVE-2022-29154
-- Marc Deslauriers <email address hidden> Tue, 28 Feb 2023 08:04:02 -0500
Available diffs
rsync (3.2.7-0ubuntu0.22.10.1) kinetic-security; urgency=medium * SECURITY REGRESSION: multiple issues (LP: #2002918) - Updated to 3.2.7 to fix multiple regressions with the CVE-2022-29154 fixes that went into 3.2.5. - debian/patches: Added two additional upstream patches: + trust_the_sender_on_a_local_transfer.patch + avoid_quoting_of_tilde_when_its_a_destination_arg.patch -- Marc Deslauriers <email address hidden> Mon, 27 Feb 2023 14:17:14 -0500
Available diffs
rsync (3.1.3-8ubuntu0.5) focal-security; urgency=medium
* SECURITY UPDATE: arbitrary file write via malicious remote servers
- d/p/CVE-2022-29154-*.patch: backported patches to fix the issue.
- d/p/avoid_quoting_of_tilde_when_its_a_destination_arg.patch: added
additional patch to fix regression.
- CVE-2022-29154
-- Marc Deslauriers <email address hidden> Tue, 28 Feb 2023 07:58:57 -0500
Available diffs
| Published in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
rsync (3.2.7-1) unstable; urgency=medium
[ Juri Grabowski ]
* New upstream version 3.2.7
* Remove patches included in new release
[ Helmut Grohne ]
* Fix FTCBFS: Use native instances for python build depends
(closes: #1022988).
[ Samuel Henrique ]
* d/rsync.lintian-overrides: Update findings as per lintian changes
* d/patches: Add two upstream patches to fix issues post 3.2.7 release:
- trust_the_sender_on_a_local_transfer.patch
- avoid_quoting_of_tilde_when_its_a_destination_arg.patch
-- Samuel Henrique <email address hidden> Sun, 18 Dec 2022 14:10:54 +0000
Available diffs
- diff from 3.2.6-4 to 3.2.7-1 (47.6 KiB)
rsync (3.2.3-8ubuntu3.1) jammy; urgency=medium
* d/p/avoid_spurious_is_newer_messages_with_update.patch: New patch from
upstream (LP: #1965076)
-- Simon Deziel <email address hidden> Tue, 11 Oct 2022 22:37:36 +0000
Available diffs
rsync (3.2.6-4) unstable; urgency=medium
* Upload to unstable
- d/patches:
~ fix_files_from.patch: Upstream patch to address the files-from issue.
~ fix_relative.patch: Upstream patch to fix exclusion of /. with
--relative.
~ fix_remote_filter_rules_validation.patch: Upstream patch to fix bug
with validating remote filter rules.
(closes: #1018296, #1019561)
-- Samuel Henrique <email address hidden> Wed, 21 Sep 2022 18:58:57 +0100
Available diffs
- diff from 3.2.5-1 to 3.2.6-4 (96.9 KiB)
rsync (3.1.2-2.1ubuntu1.5) bionic-security; urgency=medium
* SECURITY UPDATE: zlib buffer overflow when inflating certain gzip
hearders.
- debian/patches/CVE-2022-37434-1.patch: catches overflow in
inflateGetHeader by enforcing buffer size.
- debian/patches/CVE-2022-37434-2.patch: prevents NULL dereference
regression previous patch introduced.
- CVE-2022-37434
-- Mark Esler <email address hidden> Tue, 16 Aug 2022 13:38:38 -0500
Available diffs
rsync (3.1.3-8ubuntu0.4) focal-security; urgency=medium
* SECURITY UPDATE: zlib buffer overflow when inflating certain gzip
hearders.
- debian/patches/CVE-2022-37434-1.patch: catches overflow in
inflateGetHeader by enforcing buffer size.
- debian/patches/CVE-2022-37434-2.patch: prevents NULL dereference
regression previous patch introduced.
- CVE-2022-37434
-- Mark Esler <email address hidden> Tue, 16 Aug 2022 13:48:36 -0500
Available diffs
| Superseded in lunar-release |
| Published in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
rsync (3.2.5-1) unstable; urgency=medium
* New upstream version 3.2.5
- Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include
recursive names that should have been excluded by the sender. These
extra safety checks only require the receiver rsync to be updated. When
dealing with an untrusted sending host, it is safest to copy into a
dedicated destination directory for the remote content (i.e. don't copy
into a destination directory that contains files that aren't from the
remote host unless you trust the remote host)
(closes: #1016543, CVE-2022-29154).
- The build date that goes into the manpages is now based on the
developer's release date, not on the build's local-timezone
interpretation of the date (closes: #1009981)
-- Samuel Henrique <email address hidden> Tue, 16 Aug 2022 11:03:48 +0100
Available diffs
- diff from 3.2.4-1 to 3.2.5-1 (66.9 KiB)
rsync (3.2.4-1) unstable; urgency=medium
[ Samuel Henrique ]
* New upstream version 3.2.4
- Work around a glibc bug where lchmod() breaks in a chroot w/o /proc
mounted (closes: #995046).
- rsync.1: remove prepended backticks which broke --stop-after and
--stop-at formatting (closes: #1007990).
* Ship new python-based rrsync with --with-rrsync:
- rrsync was previouysly written in bash.
- A manpage is now shipped for rrsync.
- python3 and python3-cmarkgfm are new B-Ds since they're needed
to generate the manpage.
* d/control:
- Add version requirement for some libxxhash-dev and libzstd-dev as
per upstream docs.
- Add python3-braceexpand to Suggests as it can be used by rrsync.
* d/rsync.install: cull_options has been renamed to cull-options.
* d/patches:
- Refresh the following patches:
~ disable_reconfigure_req.diff;
~ perl_shebang.patch;
~ skip_devices_test.patch;
- Drop the following patches, applied upstream now:
~ CVE-2020-14387.patch;
~ copy-devices.diff;
~ fix_delay_updates.patch;
~ fix_ftcbfs_configure.patch;
~ fix_mkpath.patch;
~ fix_rsync-ssl_RSYNC_SSL_CERT_feature.patch;
~ fix_sparse_inplace.patch;
~ manpage_upstream_fixes.patch;
~ update_rrsync_options.patch;
~ workaround_glibc_lchmod_regression.patch;
[ Sergio Durigan Junior ]
* d/rules: Disable ASM optimizations when building.
This is not needed because the only ASM-optimized implementation
available is the MD5 hash, which is actually a no-op because we link
against OpenSSL and rsync ends up using that library's implementation
of the hash. Even then, the final binary ends up with the
ASM-optimized version included, which makes it become
CET-incompatible.
Thanks to Dimitri John Ledkov <email address hidden>
-- Samuel Henrique <email address hidden> Mon, 18 Apr 2022 14:44:44 +0100
Available diffs
rsync (3.1.3-8ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: memory corruption when zlib deflating
- debian/patches/CVE-2018-25032-1.patch: fix a bug that can crash
deflate on some input when using Z_FIXED in zlib/deflate.c,
zlib/deflate.h.
- debian/patches/CVE-2018-25032-2.patch: assure that the number of bits
for deflatePrime() is valid in zlib/deflate.c.
- CVE-2018-25032
-- Marc Deslauriers <email address hidden> Wed, 30 Mar 2022 14:02:52 -0400
Available diffs
rsync (3.1.2-2.1ubuntu1.4) bionic-security; urgency=medium
* SECURITY UPDATE: memory corruption when zlib deflating
- debian/patches/CVE-2018-25032-1.patch: fix a bug that can crash
deflate on some input when using Z_FIXED in zlib/deflate.c,
zlib/deflate.h.
- debian/patches/CVE-2018-25032-2.patch: assure that the number of bits
for deflatePrime() is valid in zlib/deflate.c.
- CVE-2018-25032
-- Marc Deslauriers <email address hidden> Wed, 30 Mar 2022 12:16:36 -0400
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
rsync (3.2.3-8ubuntu3) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode <email address hidden> Fri, 25 Mar 2022 10:51:06 +0100
Available diffs
rsync (3.1.3-8ubuntu0.2) focal; urgency=medium
* d/p/avoid-deadlock-huge-amounts-verbose-messages.patch:
Allow the receiver to increase their iobuf.msg xbuf if it fills
up. This ensures that the receiver will never block trying to
output a message, and thus it will always drain the data from
the sender and keep the whole thing from clogging up. Thanks to
Wayne Davison <email address hidden>. (LP: #1528921)
-- Miriam España Acebal <email address hidden> Mon, 07 Feb 2022 22:46:19 +0100
Available diffs
rsync (3.1.2-2.1ubuntu1.3) bionic; urgency=medium
* d/p/avoid-deadlock-huge-amounts-verbose-messages.patch:
Allow the receiver to increase their iobuf.msg xbuf if it fills
up. This ensures that the receiver will never block trying to
output a message, and thus it will always drain the data from
the sender and keep the whole thing from clogging up. Thanks to
Wayne Davison <email address hidden>. (LP: #1528921)
-- Miriam España Acebal <email address hidden> Tue, 08 Feb 2022 13:26:20 +0100
Available diffs
rsync (3.2.3-8ubuntu2) jammy; urgency=medium * No-change rebuild against openssl3 -- Simon Chopin <email address hidden> Wed, 24 Nov 2021 14:01:07 +0000
Available diffs
- diff from 3.2.3-8ubuntu1 to 3.2.3-8ubuntu2 (320 bytes)
rsync (3.2.3-8ubuntu1) jammy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- debian/rules: add --disable-asm configure flag. The only asm
implementation is available for md5 on x86_64, however it is no-op,
because we built with OpenSSL which has optimized md5
implementation. Furthermore, linking noop md5 asm on x86_64 results in
rsync binary not getting marked as CET compatible, because the noop
md5 asm is not marked as CET compatible. Thus building without noop
md5 asm, results in rsync gaining CET.
-- Bryce Harrington <email address hidden> Mon, 01 Nov 2021 16:05:43 -0700
Available diffs
- diff from 3.2.3-4ubuntu2 to 3.2.3-8ubuntu1 (12.6 KiB)
rsync (3.1.3-8ubuntu0.1) focal; urgency=medium
* d/p/allow-missing-parent-dir-delete-missing-args.patch:
Fix error caused by files being deleted having a missing parent
directory. Thanks to Wayne Davison <email address hidden>.
(LP: #1896251)
-- Lena Voytek <email address hidden> Thu, 28 Oct 2021 09:36:35 -0700
Available diffs
rsync (3.1.2-2.1ubuntu1.2) bionic; urgency=medium
* d/p/allow-missing-parent-dir-delete-missing-args.patch:
Fix error caused by files being deleted having a missing parent
directory. Thanks to Wayne Davison <email address hidden>.
(LP: #1896251)
-- Lena Voytek <email address hidden> Thu, 28 Oct 2021 09:38:50 -0700
Available diffs
| Superseded in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
| Deleted in impish-proposed (Reason: Moved to jammy) |
rsync (3.2.3-4ubuntu2) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:23:58 +0200
Available diffs
- diff from 3.2.3-4ubuntu1 to 3.2.3-4ubuntu2 (340 bytes)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
rsync (3.2.3-4ubuntu1) impish; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules: add --disable-asm configure flag. The only asm
implementation is available for md5 on x86_64, however it is no-op,
because we built with OpenSSL which has optimized md5
implementation. Furthermore, linking noop md5 asm on x86_64 results in
rsync binary not getting marked as CET compatible, because the noop
md5 asm is not marked as CET compatible. Thus building without noop
md5 asm, results in rsync gaining CET.
Available diffs
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
rsync (3.2.3-3ubuntu1) hirsute; urgency=medium
* Merge with Debian unstable. Remaining changes:
- debian/rules: add --disable-asm configure flag. The only asm
implementation is available for md5 on x86_64, however it is no-op,
because we built with OpenSSL which has optimized md5
implementation. Furthermore, linking noop md5 asm on x86_64 results in
rsync binary not getting marked as CET compatible, because the noop
md5 asm is not marked as CET compatible. Thus building without noop
md5 asm, results in rsync gaining CET.
-- Sergio Durigan Junior <email address hidden> Tue, 12 Jan 2021 16:59:54 -0500
Available diffs
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
rsync (3.2.3-2ubuntu1) groovy; urgency=medium
* debian/rules: add --disable-asm configure flag. The only asm
implementation is available for md5 on x86_64, however it is no-op,
because we built with OpenSSL which has optimized md5
implementation. Furthermore, linking noop md5 asm on x86_64 results in
rsync binary not getting marked as CET compatible, because the noop
md5 asm is not marked as CET compatible. Thus building without noop
md5 asm, results in rsync gaining CET.
-- Dimitri John Ledkov <email address hidden> Thu, 10 Sep 2020 14:11:17 +0100
Available diffs
- diff from 3.2.3-2 (in Debian) to 3.2.3-2ubuntu1 (851 bytes)
rsync (3.2.3-2) unstable; urgency=medium
[ Sergio Durigan Junior ]
* Make the autopkgtests cross-friendly.
Thanks to Steve Langasek <email address hidden>
-- Samuel Henrique <email address hidden> Wed, 26 Aug 2020 21:23:57 +0100
Available diffs
rsync (3.2.3-1ubuntu1) groovy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/t/control, d/t/upstream-tests: Make autopkgtests cross-test-friendly
Available diffs
- diff from 3.2.2-2ubuntu1 to 3.2.3-1ubuntu1 (96.5 KiB)
rsync (3.2.2-2ubuntu1) groovy; urgency=medium * Merge with Debian unstable (LP: #1888685). Remaining changes: - d/t/control, d/t/upstream-tests: Make autopkgtests cross-test-friendly
Available diffs
- diff from 3.2.1-1ubuntu2 to 3.2.2-2ubuntu1 (59.5 KiB)
rsync (3.2.1-1ubuntu2) groovy; urgency=medium
* d/t/upstream-tests: Don't quote $CROSS_COMPILE when invoking
configure.sh. When we do it, the script will mistakenly generate
a warning to stderr saying that "you should use --build, --host,
--target", which will make the test fail. (LP: #1887572)
-- Sergio Durigan Junior <email address hidden> Tue, 14 Jul 2020 15:34:24 -0400
Available diffs
- diff from 3.1.3-8 (in Debian) to 3.2.1-1ubuntu2 (684.6 KiB)
- diff from 3.2.1-1ubuntu1 to 3.2.1-1ubuntu2 (648 bytes)
| Superseded in groovy-proposed |
rsync (3.2.1-1ubuntu1) groovy; urgency=medium * Make autopkgtests cross-test-friendly. -- Steve Langasek <email address hidden> Thu, 02 Jul 2020 09:05:32 -0700
Available diffs
- diff from 3.2.1-1 (in Debian) to 3.2.1-1ubuntu1 (846 bytes)
rsync (3.2.1-1) unstable; urgency=medium
* New upstream version 3.2.1
* Remove patches applied upstream:
- backup-dir-implies-backup.diff
- manpage-compress-level.diff
- systemd-unit.diff
* d/patches:
- logdir.diff: Remove patch since logdir which comes with file is the
default one
- time-limit.diff: Update patch from upstream
* d/u/signing-key.asc: Fix signing key
-- Samuel Henrique <email address hidden> Tue, 23 Jun 2020 18:16:52 +0100
Available diffs
- diff from 3.2.0-1 to 3.2.1-1 (146.6 KiB)
rsync (3.2.0-1) unstable; urgency=low
* New upstream version 3.2.0
* Bump DH to 13
* Bump Standards Version to 4.5.0
* Stop using bundled zlib in favor of dynamic linking to zlib1g-dev
* Install manpages from build directory instead of sources
* d/control:
- Add Suggests on python3 for the script git-set-file-times under /usr/share
- Remove unneeded build-dependency libattr1-dev (closes: #953927)
- Update Build-Deps, remove yodl and add new libs
* d/copyright: Update file to add the new openssl exemption to the gpl3
license
* d/u/metadata: Add Bug-Submit and Bug-Database fields
* d/upstream/signining-key: Change format from pgp to armored .asc
* d/rsync.NEWS: Add information about two parameter name changes
* d/rsync.manpages: Add new manpage rsync-ssl.1
* d/s/include-binaries: Remove file now that gpg key is in armored mode in asc
file
* d/patches:
- skip_devices_test.patch: New patch to skip devices test because it
fails on kfreebsd and hurd
- perl_shebang.patch: New patch to remove usage of env from perl shebang
- disable_reconfigure_req.diff: Refresh patch
- backup-dir-implies-backup.diff: Update patch
- manpage-compress-level.diff: Update patch
- systemd-unit.diff: Update patch, only adds list of manpages now
- time-limit.diff: Update patch from upstream
- Remove patches applied upstream:
~ CVE-2016-9840.patch
~ CVE-2016-9841.patch
~ CVE-2016-9842.patch
~ CVE-2016-9843.patch
~ Two-spelling-mistakes-in-rsync.yo.diff
~ prealloc-fix.diff
~ ssh-6-option.diff
~ copy-devices.diff: --copy-devices is now --write-devices
~ noatime.diff: --noatime is now --open-noatime
[ Debian Janitor ]
* Set upstream metadata fields: Repository.
-- Samuel Henrique <email address hidden> Sat, 20 Jun 2020 18:05:57 +0100
rsync (3.1.2-2.1ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: improper pointer arithmetic might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9840.patch: remove offset pointer optimization
in inftrees.c.
- CVE-2016-9840
* SECURITY UPDATE: improper pointer arithmetic might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9841.patch: use post-increment only in inffast.c.
- CVE-2016-9841
* SECURITY UPDATE: vectors involving left shifts of negative integers might
allow context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9842_1.patch: avoid shifts of negative values in
inflateMark().
- debian/patches/CVE-2016-9842_2.patch: avoid casting an out-of-range
value to long.
- CVE-2016-9842
* SECURITY UPDATE: vectors involving big-endian CRC calculation might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9843.patch: avoid pre-decrement of pointer in
big-endian CRC calculation.
- CVE-2016-9843
-- Avital Ostromich <email address hidden> Tue, 18 Feb 2020 16:03:13 -0500
Available diffs
rsync (3.1.1-3ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: improper pointer arithmetic might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9840.patch: remove offset pointer optimization
in inftrees.c.
- CVE-2016-9840
* SECURITY UPDATE: improper pointer arithmetic might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9841.patch: use post-increment only in inffast.c.
- CVE-2016-9841
* SECURITY UPDATE: vectors involving left shifts of negative integers might
allow context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9842_1.patch: avoid shifts of negative values in
inflateMark().
- debian/patches/CVE-2016-9842_2.patch: avoid casting an out-of-range
value to long.
- CVE-2016-9842
* SECURITY UPDATE: vectors involving big-endian CRC calculation might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9843.patch: avoid pre-decrement of pointer in
big-endian CRC calculation.
- CVE-2016-9843
-- Avital Ostromich <email address hidden> Thu, 13 Feb 2020 17:48:27 -0500
Available diffs
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
rsync (3.1.3-8) unstable; urgency=medium
* Link rrsync in /usr/bin/
* Run upstream tests at build time:
- d/rules: Stop overriding dh_auto_test
- d/p/noatime.diff: Change patch to address test failure
* Run upstream tests on autopkgtest
* d/rsync.install: Move scripts to /usr/share/ instead of usr/share/doc/
(closes: #911321):
- rsync.NEWS: Create file and tell about scripts new location
* d/salsa-ci.yml: Skip repro tests for now
* d/p/noatime.diff:
- Fix DEP-3 headers
- Fix typo
-- Samuel Henrique <email address hidden> Tue, 15 Oct 2019 01:04:36 +0100
Available diffs
- diff from 3.1.3-6 to 3.1.3-8 (18.5 KiB)
| Superseded in focal-release |
| Obsolete in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
rsync (3.1.3-6) unstable; urgency=medium
* Apply CVEs from 2016 to the zlib code.
closes:#924509
-- Paul Slootman <email address hidden> Fri, 15 Mar 2019 11:25:01 +0100
Available diffs
- diff from 3.1.3-5 to 3.1.3-6 (4.4 KiB)
rsync (3.1.3-5) unstable; urgency=medium
* d/rules: fix sorting for reproducible builds, in the previous release
the -z parameter was used on sort with a newline line terminated input.
-- Samuel Henrique <email address hidden> Sat, 26 Jan 2019 12:05:25 +0000
Available diffs
- diff from 3.1.3-2 to 3.1.3-5 (1.8 KiB)
- diff from 3.1.3-3 to 3.1.3-5 (705 bytes)
rsync (3.1.3-3) unstable; urgency=medium
[ Samuel Henrique ]
* move source lintian overrides to d/source/lintian-overrides
* d/lintian.overrides: add override for false positive spell
check 'allow to'
* d/rules: sort files before doing md5sum, one step closer to
a reproducible build
* d/postinst:
- remove variable not used anymore
- remove checking for release onlder than oldoldstable
* d/upstream/signing-key.pgp: export same key but without sigs
and clean & minimal
[ Chris Lamb ]
* d/init.d: [stop] ensure the process has stopped before returning
(closes: #829193)
-- Samuel Henrique <email address hidden> Fri, 25 Jan 2019 08:49:24 +0000
Available diffs
- diff from 3.1.3-2 to 3.1.3-3 (1.6 KiB)
rsync (3.1.3-2) unstable; urgency=medium
* Fix --prealloc to keep file-size 0 when possible, from upstream.
closes:#919539
* Updated systemd unit file to start after network.target.
closes:#852080
* Don't compress the files shipped in /usr/share/doc/rsync/scripts/
closes:#911321
-- Paul Slootman <email address hidden> Sat, 19 Jan 2019 16:29:09 +0100
Available diffs
- diff from 3.1.3-1 to 3.1.3-2 (1.5 KiB)
rsync (3.1.3-1) unstable; urgency=medium
* New upstream version 3.1.3 (closes: #906895)
* Bump Standards-Version to 4.3.0
* Bump watch to v4
* Add myself as Uploader
* Update Vcs-* fields to salsa
* d/control|copyright: use https
* d/patches: remove upstream applied patches
* d/watch:
- better regex to prevent download of wrong tarball
- use https
- fix syntax of pgpsigurlmangle option
* wrap-and-sort -a
* Added Documentation tag to systemd unit file. (PS)
* Added yodl to build-depends since the manpage is patched during the build.
(PS)
-- Samuel Henrique <email address hidden> Tue, 25 Dec 2018 21:28:11 +0000
Available diffs
- diff from 3.1.2-2.2 to 3.1.3-1 (67.7 KiB)
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
rsync (3.1.2-2.2) unstable; urgency=medium
* Non-maintainer upload.
* Ignore --protect-args when already sent by client
(CVE-2018-5764) (Closes: #887588)
[Helmut Grohne]
* Fix Architecture field of cross built packages. (Closes: #866353)
[Aurelien Jarno]
* Update config.guess for new ports: mips*r6* and riscv64.
(Closes: #892968, #883048)
-- YunQiang Su <email address hidden> Sat, 21 Jul 2018 21:44:31 +0800
Available diffs
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
rsync (3.1.2-2.1ubuntu1) bionic; urgency=medium
* SECURITY UPDATE: Allows remote attacker to bypass argument
- debian/patches/CVE-2018-5764.patch: Ignore --protect-args
when already sent by client in options.c.
- CVE-2018-5764
-- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jan 2018 18:09:34 -0300
Available diffs
rsync (3.1.2-2ubuntu0.2) artful-security; urgency=medium
* SECURITY UPDATE: receive_xattr function does not check
for '\0' character allowing denial of service attacks
- debian/patches/CVE-2017-16548.patch: enforce trailing
\0 when receiving xattr values in xattrs.c.
- CVE-2017-16548
* SECURITY UPDATE: Allows remote attacker to bypass argument
- debian/patches/CVE-2018-5764.patch: Ignore --protect-args
when already sent by client in options.c.
- CVE-2018-5764
-- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jan 2018 17:34:53 -0300
Available diffs
rsync (3.1.1-3ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: receive_xattr function does not check
for '\0' character allowing denial of service attacks
- debian/patches/CVE-2017-16548.patch: enforce trailing
\0 when receiving xattr values in xattrs.c.
- CVE-2017-16548
* SECURITY UPDATE: Allows remote attacker to bypass argument
- debian/patches/CVE-2018-5764.patch: Ignore --protect-args
when already sent by client in options.c.
- CVE-2018-5764
-- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jan 2018 17:27:59 -0300
Available diffs
rsync (3.1.0-2ubuntu0.4) trusty-security; urgency=medium
* SECURITY UPDATE: receive_xattr function does not check
for '\0' character allowing denial of service attacks
- debian/patches/CVE-2017-16548.patch: enforce trailing
\0 when receiving xattr values in xattrs.c.
- CVE-2017-16548
* SECURITY UPDATE: Allows remote attacker to bypass argument
- debian/patches/CVE-2018-5764.patch: Ignore --protect-args
when already sent by client in options.c.
- CVE-2018-5764
-- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jan 2018 17:00:13 -0300
Available diffs
rsync (3.0.9-1ubuntu1.3) precise-security; urgency=medium
* SECURITY UPDATE: receive_xattr function does not check
for '\0' character allowing denial of service attacks
- debian/patches/CVE-2017-16548.patch: enforce trailing
\0 when receiving xattr values in xattrs.c.
- CVE-2017-16548
* SECURITY UPDATE: Allows remote attacker to bypass argument
- debian/patches/CVE-2018-5764.patch: Ignore --protect-args
when already sent by client in options.c.
- CVE-2018-5764
-- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jan 2018 16:43:26 -0300
Available diffs
rsync (3.1.2-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Enforce trailing \0 when receiving xattr name values (CVE-2017-16548)
(Closes: #880954)
* Check fname in recv_files sooner (CVE-2017-17433) (Closes: #883667)
* Sanitize xname in read_ndx_and_attrs (CVE-2017-17434) (Closes: #883665)
* Check daemon filter against fnamecmp in recv_files() (CVE-2017-17434)
(Closes: #883665)
-- Salvatore Bonaccorso <email address hidden> Wed, 13 Dec 2017 07:34:49 +0100
Available diffs
- diff from 3.1.2-2 to 3.1.2-2.1 (2.2 KiB)
rsync (3.1.0-2ubuntu0.3) trusty-security; urgency=medium
* SECURITY UPDATE: bypass intended access restrictions
- debian/patches/CVE-2017-17433.patch: check fname in
recv_files sooner in receiver.c.
- CVE-2017-17433
* SECURITY UPDATE: not check for fnamecmp filenames and
does not apply sanitize_paths
- debian/patches/CVE-2017-17434-part1.patch: check daemon
filter against fnamecmp in receiver.c.
- debian/patches/CVE-2017-17434-part2.patch: sanitize xname
in rsync.c.
- CVE-2017-17434
-- <email address hidden> (Leonidas S. Barbosa) Wed, 06 Dec 2017 11:36:31 -0300
Available diffs
rsync (3.1.1-3ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: bypass intended access restrictions
- debian/patches/CVE-2017-17433.patch: check fname in
recv_files sooner in receiver.c.
- CVE-2017-17433
* SECURITY UPDATE: not check for fnamecmp filenames and
does not apply sanitize_paths
- debian/patches/CVE-2017-17434-part1.patch: check daemon
filter against fnamecmp in receiver.c.
- debian/patches/CVE-2017-17434-part2.patch: sanitize xname
in rsync.c.
- CVE-2017-17434
-- <email address hidden> (Leonidas S. Barbosa) Wed, 06 Dec 2017 11:07:22 -0300
Available diffs
| 1 → 50 of 107 results | First • Previous • Next • Last |
