-
rsync (3.1.2-2ubuntu0.2) artful-security; urgency=medium
* SECURITY UPDATE: receive_xattr function does not check
for '\0' character allowing denial of service attacks
- debian/patches/CVE-2017-16548.patch: enforce trailing
\0 when receiving xattr values in xattrs.c.
- CVE-2017-16548
* SECURITY UPDATE: Allows remote attacker to bypass argument
- debian/patches/CVE-2018-5764.patch: Ignore --protect-args
when already sent by client in options.c.
- CVE-2018-5764
-- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jan 2018 17:34:53 -0300
-
rsync (3.1.2-2ubuntu0.1) artful-security; urgency=medium
* SECURITY UPDATE: bypass intended access restrictions
- debian/patches/CVE-2017-17433.patch: check fname in
recv_files sooner in receiver.c.
- CVE-2017-17433
* SECURITY UPDATE: not check for fnamecmp filenames and
does not apply sanitize_paths
- debian/patches/CVE-2017-17434-part1.patch: check daemon
filter against fnamecmp in receiver.c.
- debian/patches/CVE-2017-17434-part2.patch: sanitize xname
in rsync.c.
- CVE-2017-17434
-- <email address hidden> (Leonidas S. Barbosa) Wed, 06 Dec 2017 10:33:24 -0300
-
rsync (3.1.2-2) unstable; urgency=medium
* Added patch from upstream git to resolve temporary lines in --progress
output not being cleared.
closes:#749165
* Added patch from upstream git to speed up handling of xattrs.
closes:#799143
-- Paul Slootman <email address hidden> Fri, 17 Mar 2017 15:02:00 +0100
-
rsync (3.1.2-1) unstable; urgency=medium
* new upstream release
* Bumped Standards-Version to 3.9.8 (no change necessary).
* added deb-systemd-helper stuff to maintainer scripts to properly support
systemd.
closes:#764616
* Modified the /etc/default/rsync and /usr/share/doc/rsync/README.Debian
to document how to configure the rsync daemon behaviour when using systemd.
closes:#786549
* included copy-devices.diff patch from
https://rsync.samba.org/ftp/rsync/src/rsync-patches-3.1.2.tar.gz to
enable the --copy-devices option to copy the data inside a device instead
of copying the node.
closes:#509335
* included time-limit.diff patch from
https://rsync.samba.org/ftp/rsync/src/rsync-patches-3.1.2.tar.gz to
enable the -stop-at and --time-limit patches to stop rsync at a certain
time or after a certain duration.
closes:#701812
* Add description of value for --compress-level to manpage.
closes:#700697
* Don't use hard-coded path to invoke-rc.d for check in prerm script.
-- Paul Slootman <email address hidden> Fri, 07 Oct 2016 15:48:23 +0200