Change logs for rsync source package in Trusty

rsync (3.1.0-2ubuntu0.4) trusty-security; urgency=medium

  * SECURITY UPDATE: receive_xattr function does not check
    for '\0' character allowing denial of service attacks
    - debian/patches/CVE-2017-16548.patch: enforce trailing
      \0 when receiving xattr values in xattrs.c.
    - CVE-2017-16548
  * SECURITY UPDATE: Allows remote attacker to bypass argument
    - debian/patches/CVE-2018-5764.patch: Ignore --protect-args
      when already sent by client in options.c.
    - CVE-2018-5764

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 18 Jan 2018 17:00:13 -0300

rsync (3.1.0-2ubuntu0.3) trusty-security; urgency=medium

  * SECURITY UPDATE: bypass intended access restrictions
    - debian/patches/CVE-2017-17433.patch: check fname in
      recv_files sooner in receiver.c.
    - CVE-2017-17433
  * SECURITY UPDATE: not check for fnamecmp filenames and
    does not apply sanitize_paths
    - debian/patches/CVE-2017-17434-part1.patch: check daemon
      filter against fnamecmp in receiver.c.
    - debian/patches/CVE-2017-17434-part2.patch: sanitize xname
      in rsync.c.
    - CVE-2017-17434

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 06 Dec 2017 11:36:31 -0300

rsync (3.1.0-2ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: rsync path spoofing attack
    - debian/patches/CVE-2014-9512-0.patch: reject invalid filenames in
      filelist in flist.c, rsync.h, util.c.
    - debian/patches/CVE-2014-9512-1.patch: complain if an inc-recursive
      path is not right for its dir in flist.c, io.c, main.c, rsync.c.
    - debian/patches/CVE-2014-9512-2.patch: add parent-dir validation for
      --no-inc-recurse too in flist.c, generator.c.
    - CVE-2014-9512

 -- Marc Deslauriers <email address hidden>  Tue, 19 Jan 2016 15:27:53 -0500

rsync (3.1.0-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via invalid username (LP: #1307230)
    - debian/patches/CVE-2014-2855.diff: avoid infinite wait reading
      secrets file in authenticate.c.
    - CVE-2014-2855
 -- Marc Deslauriers <email address hidden>   Thu, 17 Apr 2014 12:56:34 -0400

rsync (3.1.0-2) unstable; urgency=low


  * fix build failure if zlib1g-dev package is not installed;
    solved by building without the included zlib source and adding a
    build-depends on zlib1g-dev >= 1:1.2.8
    closes:32379

 -- Paul Slootman <email address hidden>  Sun, 27 Oct 2013 12:01:10 +0100

rsync (3.0.9-4ubuntu1) saucy; urgency=low

  * Update config.{guess,sub} for arm64.
 -- Matthias Klose <email address hidden>   Tue, 02 Jul 2013 20:09:21 +0200