-
rsync (3.1.3-8ubuntu0.7) focal; urgency=medium
* d/p/add-trust-sender-option-docs.patch: Add manpage and help documentation
for the --trust-sender option (LP: #2028810)
rsync (3.1.3-8ubuntu0.6) focal; urgency=medium
* d/p/add-trust-sender-option.patch: Add --trust-sender argument to decrease
overhead when transferring files (LP: #2028810)
In order to mitigate the performance decrease experienced by the security
update blocking arbitrary file writes by remote servers, this update allows
users the option to inherently trust the remote server instead. The
--trust-sender argument tells the local server to trust the remote server's
file list, leading to a speedup in transfer speed since the extra checks
are no longer needed. The argument should only be used when transferring
between two controlled servers though, to avoid arbitrary file access from
a malicious server.
-- Lena Voytek <email address hidden> Fri, 01 Sep 2023 11:38:04 -0700
-
rsync (3.1.3-8ubuntu0.6) focal; urgency=medium
* d/p/add-trust-sender-option.patch: Add --trust-sender argument to decrease
overhead when transferring files (LP: #2028810)
In order to mitigate the performance decrease experienced by the security
update blocking arbitrary file writes by remote servers, this update allows
users the option to inherently trust the remote server instead. The
--trust-sender argument tells the local server to trust the remote server's
file list, leading to a speedup in transfer speed since the extra checks
are no longer needed. The argument should only be used when transferring
between two controlled servers though, to avoid arbitrary file access from
a malicious server.
-- Lena Voytek <email address hidden> Fri, 28 Jul 2023 07:53:51 -0700
-
rsync (3.1.3-8ubuntu0.5) focal-security; urgency=medium
* SECURITY UPDATE: arbitrary file write via malicious remote servers
- d/p/CVE-2022-29154-*.patch: backported patches to fix the issue.
- d/p/avoid_quoting_of_tilde_when_its_a_destination_arg.patch: added
additional patch to fix regression.
- CVE-2022-29154
-- Marc Deslauriers <email address hidden> Tue, 28 Feb 2023 07:58:57 -0500
-
rsync (3.1.3-8ubuntu0.4) focal-security; urgency=medium
* SECURITY UPDATE: zlib buffer overflow when inflating certain gzip
hearders.
- debian/patches/CVE-2022-37434-1.patch: catches overflow in
inflateGetHeader by enforcing buffer size.
- debian/patches/CVE-2022-37434-2.patch: prevents NULL dereference
regression previous patch introduced.
- CVE-2022-37434
-- Mark Esler <email address hidden> Tue, 16 Aug 2022 13:48:36 -0500
-
rsync (3.1.3-8ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: memory corruption when zlib deflating
- debian/patches/CVE-2018-25032-1.patch: fix a bug that can crash
deflate on some input when using Z_FIXED in zlib/deflate.c,
zlib/deflate.h.
- debian/patches/CVE-2018-25032-2.patch: assure that the number of bits
for deflatePrime() is valid in zlib/deflate.c.
- CVE-2018-25032
-- Marc Deslauriers <email address hidden> Wed, 30 Mar 2022 14:02:52 -0400
-
rsync (3.1.3-8ubuntu0.2) focal; urgency=medium
* d/p/avoid-deadlock-huge-amounts-verbose-messages.patch:
Allow the receiver to increase their iobuf.msg xbuf if it fills
up. This ensures that the receiver will never block trying to
output a message, and thus it will always drain the data from
the sender and keep the whole thing from clogging up. Thanks to
Wayne Davison <email address hidden>. (LP: #1528921)
-- Miriam EspaƱa Acebal <email address hidden> Mon, 07 Feb 2022 22:46:19 +0100
-
rsync (3.1.3-8ubuntu0.1) focal; urgency=medium
* d/p/allow-missing-parent-dir-delete-missing-args.patch:
Fix error caused by files being deleted having a missing parent
directory. Thanks to Wayne Davison <email address hidden>.
(LP: #1896251)
-- Lena Voytek <email address hidden> Thu, 28 Oct 2021 09:36:35 -0700
-
rsync (3.1.3-8) unstable; urgency=medium
* Link rrsync in /usr/bin/
* Run upstream tests at build time:
- d/rules: Stop overriding dh_auto_test
- d/p/noatime.diff: Change patch to address test failure
* Run upstream tests on autopkgtest
* d/rsync.install: Move scripts to /usr/share/ instead of usr/share/doc/
(closes: #911321):
- rsync.NEWS: Create file and tell about scripts new location
* d/salsa-ci.yml: Skip repro tests for now
* d/p/noatime.diff:
- Fix DEP-3 headers
- Fix typo
-- Samuel Henrique <email address hidden> Tue, 15 Oct 2019 01:04:36 +0100
-
rsync (3.1.3-6) unstable; urgency=medium
* Apply CVEs from 2016 to the zlib code.
closes:#924509
-- Paul Slootman <email address hidden> Fri, 15 Mar 2019 11:25:01 +0100
