Author: Paul Slootman
Revision Date: 2014-04-16 16:21:23 UTC

* fix for CVE-2014-2855 - rsync denial of service
  a remote client can send an invalid username and cause an infinite CPU
  loop on the server child process.
  closes:#744791
* added upstream signature for uscan usage
* changed package source format to 3.0 (quilt)

Author: Paul Slootman
Revision Date: 2014-04-16 16:21:23 UTC

* fix for CVE-2014-2855 - rsync denial of service
  a remote client can send an invalid username and cause an infinite CPU
  loop on the server child process.
  closes:#744791
* added upstream signature for uscan usage
* changed package source format to 3.0 (quilt)

Author: Paul Slootman
Revision Date: 2014-04-16 16:21:23 UTC

* fix for CVE-2014-2855 - rsync denial of service
  a remote client can send an invalid username and cause an infinite CPU
  loop on the server child process.
  closes:#744791
* added upstream signature for uscan usage
* changed package source format to 3.0 (quilt)

Author: Paul Slootman
Revision Date: 2014-04-16 16:21:23 UTC

* fix for CVE-2014-2855 - rsync denial of service
  a remote client can send an invalid username and cause an infinite CPU
  loop on the server child process.
  closes:#744791
* added upstream signature for uscan usage
* changed package source format to 3.0 (quilt)

Author: Marc Deslauriers
Revision Date: 2014-04-17 12:56:34 UTC

* SECURITY UPDATE: denial of service via invalid username (LP: #1307230)
  - debian/patches/CVE-2014-2855.diff: avoid infinite wait reading
    secrets file in authenticate.c.
  - CVE-2014-2855

Author: Marc Deslauriers
Revision Date: 2014-04-17 12:56:34 UTC

* SECURITY UPDATE: denial of service via invalid username (LP: #1307230)
  - debian/patches/CVE-2014-2855.diff: avoid infinite wait reading
    secrets file in authenticate.c.
  - CVE-2014-2855

Author: Paul Slootman
Revision Date: 2013-10-27 12:01:10 UTC

fix build failure if zlib1g-dev package is not installed;
solved by building without the included zlib source and adding a
build-depends on zlib1g-dev >= 1:1.2.8
closes:32379

Author: Paul Slootman
Revision Date: 2013-10-27 12:01:10 UTC

fix build failure if zlib1g-dev package is not installed;
solved by building without the included zlib source and adding a
build-depends on zlib1g-dev >= 1:1.2.8
closes:32379

Author: Matthias Klose
Revision Date: 2013-07-02 20:09:21 UTC

Update config.{guess,sub} for arm64.

Author: Matthias Klose
Revision Date: 2013-07-02 20:09:21 UTC

Update config.{guess,sub} for arm64.

Author: Paul Slootman
Revision Date: 2012-12-02 16:02:36 UTC

* mark rsync package as Multi-Arch: foreign.
  closes:#688940
* fixed cross-builds, thanks to patches from Colin Watson.
  closes:#693991
* Fixed some lintian messages:
  - call strip with --remove-section=.comment --remove-section=.note
  - added watch file
  - change conflicts with duplicity << 0.6.11 to breaks
    See changelog for 3.0.9-1 for more detail
  - properly state "GNU General Public License" in the manpages
* Added some overrides for lintian:
  - init.d-script-does-not-provide-itself
    (historically the daemon is referred to as rsyncd)
  - spelling-error-in-binary usr/bin/rsync dont don't
    "dont compress" is a config option. Adding an apostrophe would
    make things quite complicated!

Author: Paul Slootman
Revision Date: 2012-12-02 16:02:36 UTC

* mark rsync package as Multi-Arch: foreign.
  closes:#688940
* fixed cross-builds, thanks to patches from Colin Watson.
  closes:#693991
* Fixed some lintian messages:
  - call strip with --remove-section=.comment --remove-section=.note
  - added watch file
  - change conflicts with duplicity << 0.6.11 to breaks
    See changelog for 3.0.9-1 for more detail
  - properly state "GNU General Public License" in the manpages
* Added some overrides for lintian:
  - init.d-script-does-not-provide-itself
    (historically the daemon is referred to as rsyncd)
  - spelling-error-in-binary usr/bin/rsync dont don't
    "dont compress" is a config option. Adding an apostrophe would
    make things quite complicated!

Author: Sebastien Bacher
Revision Date: 2012-07-20 10:18:30 UTC

Resync on Debian, remaining diff: Mark rsync Multi-Arch: foreign.

Author: Steve Langasek
Revision Date: 2011-11-08 10:56:28 UTC

Mark rsync Multi-Arch: foreign.

Author: Jamie Strandboge
Revision Date: 2011-05-05 15:07:18 UTC

* Merge from debian unstable. Remaining changes:
  - debian/patches/delete-delay.diff: correct error message when using
    --delete-delay (LP: #516241), patch originally from Jonas Pedersen
* Drop debian/patches/security-CVE-2011-1097.diff which is now included
  upstream

Author: Marc Deslauriers
Revision Date: 2011-04-08 10:05:29 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via malformed data
  - debian/patches/security-CVE-2011-1097.diff: introduce and use
    FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*.
  - CVE-2011-1097

Author: Marc Deslauriers
Revision Date: 2011-04-08 10:06:25 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via malformed data
  - debian/patches/security-CVE-2011-1097.diff: introduce and use
    FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*.
  - CVE-2011-1097

Author: Marc Deslauriers
Revision Date: 2011-04-08 10:18:37 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via malformed data
  - debian/patches/security-CVE-2011-1097.diff: introduce and use
    FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*.
  - CVE-2011-1097

Author: Marc Deslauriers
Revision Date: 2011-04-08 10:05:29 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via malformed data
  - debian/patches/security-CVE-2011-1097.diff: introduce and use
    FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*.
  - CVE-2011-1097

Author: Marc Deslauriers
Revision Date: 2011-04-08 10:06:25 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via malformed data
  - debian/patches/security-CVE-2011-1097.diff: introduce and use
    FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*.
  - CVE-2011-1097

Author: Marc Deslauriers
Revision Date: 2011-04-08 10:18:37 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via malformed data
  - debian/patches/security-CVE-2011-1097.diff: introduce and use
    FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*.
  - CVE-2011-1097

Author: Peter Pearse
Revision Date: 2011-04-27 10:23:56 UTC

Pass correct strip for cross builds, dont force DEB_HOST_*.

Author: Marc Deslauriers
Revision Date: 2011-04-08 09:53:11 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via malformed data
  - debian/patches/security-CVE-2011-1097.diff: introduce and use
    FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*.
  - CVE-2011-1097

Author: Jean-Louis Dupond
Revision Date: 2010-05-05 03:21:22 UTC

* Merge from debian unstable. (LP: #588161) Remaining changes:
  - Correct error message when using --delete-delay (LP: #516241), patch
    originally from Jonas Pedersen

Author: Thierry Carrez
Revision Date: 2010-03-30 09:20:36 UTC

Correct error message when using --delete-delay (LP: #516241), patch
originally from Jonas Pedersen

Author: Scott Kitterman
Revision Date: 2009-01-27 21:35:04 UTC

[ Chris Coulson ]
* Source backport for Hardy Backports (LP: #257211)
  - debian/control: Relaxed dependency on lsb-base from (>=3.2-14) to
    (>=3.2-4)
  - debian/init.d: Removed usage of status_of_proc(), as lsb-base in
    Hardy is too old.

Author: Scott James Remnant (Canonical)
Revision Date: 2009-02-27 00:54:59 UTC

Init script does not need to start before gdm.

Author: Chuck Short
Revision Date: 2008-07-25 23:52:06 UTC

* Merge from debian unstable, remaining changes:
  - Remove stop links from rc0 and rc6.
    (and use update-rc.d multiuser instead of defaults). (TearDown spec)
  - depend on sys-rc to accomodate the TearDown changes.

[Daniel T. Chen]
* Adhere to update-rc.d multiuser deprecation as per
  https://lists.ubuntu.com/archives/ubuntu-devel-announce/2008-June/000430.html
  and
  https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2008-July/004662.html
  - debian/control: Drop sysv-rc versioned dependency,
  - debian/init.d: Modify Default-Stop LSB header,
  - debian/postinst: Explicitly specify runlevels again. (LP: #229336)

[Dustin Kirkland]
* debian/control: Depend on lsb-base >= 3.2-14, providing status_of_proc().
* debian/init.d: Add the 'status' action (LP: #251320).

Author: Kees Cook
Revision Date: 2008-04-10 16:25:37 UTC

* SECURITY UPDATE: code execution via ACL overflow.
* debian/patches/xattr-security.diff: upstream fixes for ACL/xattr,
  thanks to Debian.
* References
  CVE-2008-1720

Author: Kees Cook
Revision Date: 2008-04-10 16:25:37 UTC

* SECURITY UPDATE: code execution via ACL overflow.
* debian/patches/xattr-security.diff: upstream fixes for ACL/xattr,
  thanks to Debian.
* References
  CVE-2008-1720

Author: Kees Cook
Revision Date: 2008-04-10 16:25:37 UTC

* SECURITY UPDATE: code execution via ACL overflow.
* debian/patches/xattr-security.diff: upstream fixes for ACL/xattr,
  thanks to Debian.
* References
  CVE-2008-1720

Author: Kees Cook
Revision Date: 2007-08-17 17:53:51 UTC

* Merge from debian unstable, remaining changes:
  - Remove stop links from rc0 and rc6.

Author: Kees Cook
Revision Date: 2008-04-10 16:25:37 UTC

* SECURITY UPDATE: code execution via ACL overflow.
* debian/patches/xattr-security.diff: upstream fixes for ACL/xattr,
  thanks to Debian.
* References
  CVE-2008-1720

Author: Kees Cook
Revision Date: 2008-04-10 16:25:37 UTC

* SECURITY UPDATE: code execution via ACL overflow.
* debian/patches/xattr-security.diff: upstream fixes for ACL/xattr,
  thanks to Debian.
* References
  CVE-2008-1720

Author: Colin Watson
Revision Date: 2006-12-20 14:04:27 UTC

* Resynchronise with Debian. Remaining changes:
  - Remove stop links from rc0 and rc6.

Author: Kees Cook
Revision Date: 2007-08-17 17:54:56 UTC

* SECURITY UPDATE: off-by-one memory overwrite in filename handling.
* sender.c: applied upstream fixes inline.
* References
  CVE-2007-4091

Author: Kees Cook
Revision Date: 2007-08-17 17:54:56 UTC

* SECURITY UPDATE: off-by-one memory overwrite in filename handling.
* sender.c: applied upstream fixes inline.
* References
  CVE-2007-4091

Author: Scott James Remnant (Canonical)
Revision Date: 2006-07-21 01:23:51 UTC

Add forgotten versioned-dependency on sysv-rc to get new update-rc.d
behaviour. Go me.

Author: Kees Cook
Revision Date: 2007-08-17 17:54:56 UTC

* SECURITY UPDATE: off-by-one memory overwrite in filename handling.
* sender.c: backported upstream fixes inline.
* References
  CVE-2007-4091

Author: Kees Cook
Revision Date: 2007-08-17 17:54:56 UTC

* SECURITY UPDATE: off-by-one memory overwrite in filename handling.
* sender.c: backported upstream fixes inline.
* References
  CVE-2007-4091

Author: Martin Pitt
Revision Date: 2006-05-05 12:42:34 UTC

* patches/xattrs.diff:
  - Fix buffer overflow with crafted extended attributes.
  - http://cvs.samba.org/cgi-bin/cvsweb/rsync/patches/xattrs.diff.diff?r1=1.23&r2=1.24
  - CVE-2006-2083
  - This patch is not applied by default, but it might affect people who
    manually apply it in custom build.

Author: Adam Conrad
Revision Date: 2005-07-09 21:11:58 UTC

Remove hardcoded mention of rsyncd.conf in init script (Ubuntu #9145)

Author: Martin Pitt
Revision Date: 2004-12-06 20:15:12 UTC

Resynchronise with Debian.

Author: Nathaniel McCallum
Revision Date: 2004-09-03 15:15:21 UTC

Added versioned depend on lsb-base

Author: Michael Vogt
Revision Date: 2009-06-25 15:01:27 UTC

* Merge from debian unstable, remaining changes:
  - Remove stop links from rc0 and rc6 (and use update-rc.d instead
    of the defaults)
  - debian/init.d: Modify Default-Stop LSB header.