ubuntu/+source/rsync:applied/ubuntu/trusty-devel

Last commit made on 2018-01-23
Get this branch:
git clone -b applied/ubuntu/trusty-devel https://git.launchpad.net/ubuntu/+source/rsync
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/trusty-devel
Repository:
lp:ubuntu/+source/rsync

Recent commits

4f411d0... by Leonidas S. Barbosa on 2018-01-18

Import patches-applied version 3.1.0-2ubuntu0.4 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 37161c7a8954bc89f73d280ae7410a1245328ad6
Unapplied parent: 8a54069bb1949b1c2c61a213121d63530324165e

New changelog entries:
  * SECURITY UPDATE: receive_xattr function does not check
    for '\0' character allowing denial of service attacks
    - debian/patches/CVE-2017-16548.patch: enforce trailing
      \0 when receiving xattr values in xattrs.c.
    - CVE-2017-16548
  * SECURITY UPDATE: Allows remote attacker to bypass argument
    - debian/patches/CVE-2018-5764.patch: Ignore --protect-args
      when already sent by client in options.c.
    - CVE-2018-5764

8a54069... by Leonidas S. Barbosa on 2018-01-18

Import patches-unapplied version 3.1.0-2ubuntu0.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 7f4a4f397373ca45d28737868b65757f4dced775

New changelog entries:
  * SECURITY UPDATE: receive_xattr function does not check
    for '\0' character allowing denial of service attacks
    - debian/patches/CVE-2017-16548.patch: enforce trailing
      \0 when receiving xattr values in xattrs.c.
    - CVE-2017-16548
  * SECURITY UPDATE: Allows remote attacker to bypass argument
    - debian/patches/CVE-2018-5764.patch: Ignore --protect-args
      when already sent by client in options.c.
    - CVE-2018-5764

37161c7... by Leonidas S. Barbosa on 2017-12-06

Import patches-applied version 3.1.0-2ubuntu0.3 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: fbbc7963b9d573d96e06770a8fe1db71809d6042
Unapplied parent: 7f4a4f397373ca45d28737868b65757f4dced775

New changelog entries:
  * SECURITY UPDATE: bypass intended access restrictions
    - debian/patches/CVE-2017-17433.patch: check fname in
      recv_files sooner in receiver.c.
    - CVE-2017-17433
  * SECURITY UPDATE: not check for fnamecmp filenames and
    does not apply sanitize_paths
    - debian/patches/CVE-2017-17434-part1.patch: check daemon
      filter against fnamecmp in receiver.c.
    - debian/patches/CVE-2017-17434-part2.patch: sanitize xname
      in rsync.c.
    - CVE-2017-17434

7f4a4f3... by Leonidas S. Barbosa on 2017-12-06

Import patches-unapplied version 3.1.0-2ubuntu0.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0a012e029af719a16fd177924fdf2e9d074a38ce

New changelog entries:
  * SECURITY UPDATE: bypass intended access restrictions
    - debian/patches/CVE-2017-17433.patch: check fname in
      recv_files sooner in receiver.c.
    - CVE-2017-17433
  * SECURITY UPDATE: not check for fnamecmp filenames and
    does not apply sanitize_paths
    - debian/patches/CVE-2017-17434-part1.patch: check daemon
      filter against fnamecmp in receiver.c.
    - debian/patches/CVE-2017-17434-part2.patch: sanitize xname
      in rsync.c.
    - CVE-2017-17434

fbbc796... by Marc Deslauriers on 2016-01-19

Import patches-applied version 3.1.0-2ubuntu0.2 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 57abb97cbdf60b6e556472b8e84a70dce29b1a96
Unapplied parent: 0a012e029af719a16fd177924fdf2e9d074a38ce

New changelog entries:
  * SECURITY UPDATE: rsync path spoofing attack
    - debian/patches/CVE-2014-9512-0.patch: reject invalid filenames in
      filelist in flist.c, rsync.h, util.c.
    - debian/patches/CVE-2014-9512-1.patch: complain if an inc-recursive
      path is not right for its dir in flist.c, io.c, main.c, rsync.c.
    - debian/patches/CVE-2014-9512-2.patch: add parent-dir validation for
      --no-inc-recurse too in flist.c, generator.c.
    - CVE-2014-9512

0a012e0... by Marc Deslauriers on 2016-01-19

Import patches-unapplied version 3.1.0-2ubuntu0.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 620ef15987b8aa3f3b7bd006cc63175ad9f055d6

New changelog entries:
  * SECURITY UPDATE: rsync path spoofing attack
    - debian/patches/CVE-2014-9512-0.patch: reject invalid filenames in
      filelist in flist.c, rsync.h, util.c.
    - debian/patches/CVE-2014-9512-1.patch: complain if an inc-recursive
      path is not right for its dir in flist.c, io.c, main.c, rsync.c.
    - debian/patches/CVE-2014-9512-2.patch: add parent-dir validation for
      --no-inc-recurse too in flist.c, generator.c.
    - CVE-2014-9512

57abb97... by Marc Deslauriers on 2014-04-17

Import patches-applied version 3.1.0-2ubuntu0.1 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2803098f325618eff15bff09179a1f9a98bc0289
Unapplied parent: 620ef15987b8aa3f3b7bd006cc63175ad9f055d6

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid username (LP: #1307230)
    - debian/patches/CVE-2014-2855.diff: avoid infinite wait reading
      secrets file in authenticate.c.
    - CVE-2014-2855

620ef15... by Marc Deslauriers on 2014-04-17

Import patches-unapplied version 3.1.0-2ubuntu0.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: ee2e75497ccc11bb9c455fd6fa62193ee4fc399a

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid username (LP: #1307230)
    - debian/patches/CVE-2014-2855.diff: avoid infinite wait reading
      secrets file in authenticate.c.
    - CVE-2014-2855

2803098... by Paul Slootman <email address hidden> on 2013-10-27

Import patches-applied version 3.1.0-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 33f76e6897d045531a1f1f8cc651601f8acf39b2
Unapplied parent: ee2e75497ccc11bb9c455fd6fa62193ee4fc399a

New changelog entries:
  * fix build failure if zlib1g-dev package is not installed;
    solved by building without the included zlib source and adding a
    build-depends on zlib1g-dev >= 1:1.2.8
    closes:32379

ee2e754... by Paul Slootman <email address hidden> on 2013-10-27

Import patches-unapplied version 3.1.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 033ca2a7c844c3977e1a31d5c1c68016194c8a91

New changelog entries:
  * fix build failure if zlib1g-dev package is not installed;
    solved by building without the included zlib source and adding a
    build-depends on zlib1g-dev >= 1:1.2.8
    closes:32379