Ubuntu
rsync package

Change logs for rsync source package in Artful

  1. Artful (17.10)
  2. Change log 
  • rsync (3.1.2-2ubuntu0.2) artful-security; urgency=medium

  * SECURITY UPDATE: receive_xattr function does not check
    for '\0' character allowing denial of service attacks
    - debian/patches/CVE-2017-16548.patch: enforce trailing
      \0 when receiving xattr values in xattrs.c.
    - CVE-2017-16548
  * SECURITY UPDATE: Allows remote attacker to bypass argument
    - debian/patches/CVE-2018-5764.patch: Ignore --protect-args
      when already sent by client in options.c.
    - CVE-2018-5764

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 18 Jan 2018 17:34:53 -0300
  • rsync (3.1.2-2ubuntu0.1) artful-security; urgency=medium

  * SECURITY UPDATE: bypass intended access restrictions
    - debian/patches/CVE-2017-17433.patch: check fname in
      recv_files sooner in receiver.c.
    - CVE-2017-17433
  * SECURITY UPDATE: not check for fnamecmp filenames and
    does not apply sanitize_paths
    - debian/patches/CVE-2017-17434-part1.patch: check daemon
      filter against fnamecmp in receiver.c.
    - debian/patches/CVE-2017-17434-part2.patch: sanitize xname
      in rsync.c.
    - CVE-2017-17434

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 06 Dec 2017 10:33:24 -0300
  • rsync (3.1.2-2) unstable; urgency=medium

  * Added patch from upstream git to resolve temporary lines in --progress
    output not being cleared.
    closes:#749165
  * Added patch from upstream git to speed up handling of xattrs.
    closes:#799143

 -- Paul Slootman <email address hidden>  Fri, 17 Mar 2017 15:02:00 +0100
  • rsync (3.1.2-1) unstable; urgency=medium

  * new upstream release
  * Bumped Standards-Version to 3.9.8 (no change necessary).
  * added deb-systemd-helper stuff to maintainer scripts to properly support
    systemd.
    closes:#764616
  * Modified the /etc/default/rsync and /usr/share/doc/rsync/README.Debian 
    to document how to configure the rsync daemon behaviour when using systemd.
    closes:#786549
  * included copy-devices.diff patch from
    https://rsync.samba.org/ftp/rsync/src/rsync-patches-3.1.2.tar.gz to
    enable the --copy-devices option to copy the data inside a device instead
    of copying the node.
    closes:#509335
  * included time-limit.diff patch from
    https://rsync.samba.org/ftp/rsync/src/rsync-patches-3.1.2.tar.gz to
    enable the -stop-at and --time-limit patches to stop rsync at a certain
    time or after a certain duration.
    closes:#701812
  * Add description of value for --compress-level to manpage.
    closes:#700697
  * Don't use hard-coded path to invoke-rc.d for check in prerm script.

 -- Paul Slootman <email address hidden>  Fri, 07 Oct 2016 15:48:23 +0200