ubuntu/+source/rsync:ubuntu/trusty-updates

Last commit made on 2018-01-23
Get this branch:
git clone -b ubuntu/trusty-updates https://git.launchpad.net/ubuntu/+source/rsync
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-updates
Repository:
lp:ubuntu/+source/rsync

Recent commits

8a54069... by Leonidas S. Barbosa on 2018-01-18

Import patches-unapplied version 3.1.0-2ubuntu0.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 7f4a4f397373ca45d28737868b65757f4dced775

New changelog entries:
  * SECURITY UPDATE: receive_xattr function does not check
    for '\0' character allowing denial of service attacks
    - debian/patches/CVE-2017-16548.patch: enforce trailing
      \0 when receiving xattr values in xattrs.c.
    - CVE-2017-16548
  * SECURITY UPDATE: Allows remote attacker to bypass argument
    - debian/patches/CVE-2018-5764.patch: Ignore --protect-args
      when already sent by client in options.c.
    - CVE-2018-5764

7f4a4f3... by Leonidas S. Barbosa on 2017-12-06

Import patches-unapplied version 3.1.0-2ubuntu0.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0a012e029af719a16fd177924fdf2e9d074a38ce

New changelog entries:
  * SECURITY UPDATE: bypass intended access restrictions
    - debian/patches/CVE-2017-17433.patch: check fname in
      recv_files sooner in receiver.c.
    - CVE-2017-17433
  * SECURITY UPDATE: not check for fnamecmp filenames and
    does not apply sanitize_paths
    - debian/patches/CVE-2017-17434-part1.patch: check daemon
      filter against fnamecmp in receiver.c.
    - debian/patches/CVE-2017-17434-part2.patch: sanitize xname
      in rsync.c.
    - CVE-2017-17434

0a012e0... by Marc Deslauriers on 2016-01-19

Import patches-unapplied version 3.1.0-2ubuntu0.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 620ef15987b8aa3f3b7bd006cc63175ad9f055d6

New changelog entries:
  * SECURITY UPDATE: rsync path spoofing attack
    - debian/patches/CVE-2014-9512-0.patch: reject invalid filenames in
      filelist in flist.c, rsync.h, util.c.
    - debian/patches/CVE-2014-9512-1.patch: complain if an inc-recursive
      path is not right for its dir in flist.c, io.c, main.c, rsync.c.
    - debian/patches/CVE-2014-9512-2.patch: add parent-dir validation for
      --no-inc-recurse too in flist.c, generator.c.
    - CVE-2014-9512

620ef15... by Marc Deslauriers on 2014-04-17

Import patches-unapplied version 3.1.0-2ubuntu0.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: ee2e75497ccc11bb9c455fd6fa62193ee4fc399a

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid username (LP: #1307230)
    - debian/patches/CVE-2014-2855.diff: avoid infinite wait reading
      secrets file in authenticate.c.
    - CVE-2014-2855

ee2e754... by Paul Slootman <email address hidden> on 2013-10-27

Import patches-unapplied version 3.1.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 033ca2a7c844c3977e1a31d5c1c68016194c8a91

New changelog entries:
  * fix build failure if zlib1g-dev package is not installed;
    solved by building without the included zlib source and adding a
    build-depends on zlib1g-dev >= 1:1.2.8
    closes:32379

033ca2a... by Paul Slootman <email address hidden> on 2013-09-30

Import patches-unapplied version 3.1.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b5a79007d1a96c38cf67cc8bdaab63e46bccab56

New changelog entries:
  * new upstream release.
  * Bumped Standards-Version to 3.9.4.0 (no change necessary).
  * Patches cast--1-size_t.diff, delete-delay.diff, manpages.GPL.diff,
    partial-timestamp.diff, progress-cursor-pos.diff, rsyncd.conf.5.comment.diff
    no longer needed (integrated into upstream source).

b5a7900... by Paul Slootman <email address hidden> on 2012-12-02

Import patches-unapplied version 3.0.9-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 3d8ea40fb4a8e0d020b98af8dc2f64b29abc9e44

New changelog entries:
  * mark rsync package as Multi-Arch: foreign.
    closes:#688940
  * fixed cross-builds, thanks to patches from Colin Watson.
    closes:#693991
  * Fixed some lintian messages:
    - call strip with --remove-section=.comment --remove-section=.note
    - added watch file
    - change conflicts with duplicity << 0.6.11 to breaks
      See changelog for 3.0.9-1 for more detail
    - properly state "GNU General Public License" in the manpages
  * Added some overrides for lintian:
    - init.d-script-does-not-provide-itself
      (historically the daemon is referred to as rsyncd)
    - spelling-error-in-binary usr/bin/rsync dont don't
      "dont compress" is a config option. Adding an apostrophe would
      make things quite complicated!

3d8ea40... by Paul Slootman <email address hidden> on 2012-06-18

Import patches-unapplied version 3.0.9-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 565d69b71dd1bca9dc85e7c855e2e3988274a6e7

New changelog entries:
  * enabled hardening build flags.
    closes:#652248
  * set mtime of partially transferred file to 0 (1 Jan 1970) to solve problem
    of file being skipped when rerun with --partial --update
    closes:#624826
  * Enhance comment about pid file line in sample rsyncd.conf.
    closes:#547922

565d69b... by Paul Slootman <email address hidden> on 2011-10-04

Import patches-unapplied version 3.0.9-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5b836f30118bb19dd1c8d633779ee925139d9fb3

New changelog entries:
  * new upstream release.
  * Bumped Standards-Version to 3.9.2.0 (no change necessary).
  * manpage no longer shows erroneous default for --delete-before.
    (upstream fix)
    closes:#640869,#587567
  * manpage now mentions that --files-from sorts the filenames.
    (upstream fix)
    closes:#536755
  * init.d script checks nice value correctly now.
    closes:#586707
  * fixed typo in comment in sample script rrsync.
    closes:#635603
  * Updated package description and included homepage line.
    closes:#614098
  * Correct error message when using --delete-delay when dying in certain cases.
    See also #587567
    closes:#586551
  * included rsync.service file for systemd, supplied by Michael Stapelberg.
    closes:#639632
  * conflict with duplicity < 0.6.11 as that tries to use rsync:// in
    combination with ::module syntax, which is not allowed (but used to be
    accepted in older rsync versions).
    closes:#605731

5b836f3... by Paul Slootman <email address hidden> on 2011-09-13

Import patches-unapplied version 3.0.9~pre2-2 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 73533ee323b4b1ff848302e5b326e69a6cfe42c7

New changelog entries:
  * updated lintian override. This is a modified version optimized for the
    rsync protocol. I.e. the standard zlib version will not work as well.
  * included rsync.service file supplied by Michael Stapelberg,
    see bug#639632
  * new upstream prerelease.