-
rsync (3.1.1-2) unstable; urgency=low
* hardening flags were not applied correctly, debian/rules modified thanks
to patch from Simon Ruderich.
closes:#754412
-- Paul Slootman <email address hidden> Sat, 09 Aug 2014 11:02:31 +0200
-
rsync (3.1.1-1) unstable; urgency=low
* new upstream release
Includes config.* update, closes:#714782
Includes preallocate patch, closes:#649914
* Bumped Standards-Version to 3.9.5.0 (no change necessary).
* revert to using included zlib as there have been numerous reports of failed
transfers when using -z with the separate zlib.
* use the now included systemd file instead of our own copy.
* use hardening=+all flags, thanks to hint from <email address hidden>
* add noatime patch which adds the --noatime option, which adds the O_NOATIME
flag when opening files, to no update the access time on kernels that
support that (linux 2.6.8 and later).
closes:#738708,#244168
* changed backtick usage in rules for CFLAGS and LDFLAGS to $(shell ...)
closes:#699165
* added autofs to Should-Start: in init.d script.
closes:#730149
* added README.Debian file to explain how to get the daemon running.
closes:#589529
* simplify init.d nice parameter checking.
closes:#647145
-- Paul Slootman <email address hidden> Thu, 10 Jul 2014 14:28:11 +0200
-
rsync (3.1.0-3) unstable; urgency=high
* fix for CVE-2014-2855 - rsync denial of service
a remote client can send an invalid username and cause an infinite CPU
loop on the server child process.
closes:#744791
* added upstream signature for uscan usage
* changed package source format to 3.0 (quilt)
-- Paul Slootman <email address hidden> Wed, 16 Apr 2014 16:21:23 +0200
-
rsync (3.1.0-2ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via invalid username (LP: #1307230)
- debian/patches/CVE-2014-2855.diff: avoid infinite wait reading
secrets file in authenticate.c.
- CVE-2014-2855
-- Marc Deslauriers <email address hidden> Thu, 17 Apr 2014 12:56:34 -0400
-
rsync (3.1.0-2) unstable; urgency=low
* fix build failure if zlib1g-dev package is not installed;
solved by building without the included zlib source and adding a
build-depends on zlib1g-dev >= 1:1.2.8
closes:32379
-- Paul Slootman <email address hidden> Sun, 27 Oct 2013 12:01:10 +0100