-
rsync (3.2.7-0ubuntu0.22.10.1) kinetic-security; urgency=medium
* SECURITY REGRESSION: multiple issues (LP: #2002918)
- Updated to 3.2.7 to fix multiple regressions with the CVE-2022-29154
fixes that went into 3.2.5.
- debian/patches: Added two additional upstream patches:
+ trust_the_sender_on_a_local_transfer.patch
+ avoid_quoting_of_tilde_when_its_a_destination_arg.patch
-- Marc Deslauriers <email address hidden> Mon, 27 Feb 2023 14:17:14 -0500
-
rsync (3.2.5-1) unstable; urgency=medium
* New upstream version 3.2.5
- Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include
recursive names that should have been excluded by the sender. These
extra safety checks only require the receiver rsync to be updated. When
dealing with an untrusted sending host, it is safest to copy into a
dedicated destination directory for the remote content (i.e. don't copy
into a destination directory that contains files that aren't from the
remote host unless you trust the remote host)
(closes: #1016543, CVE-2022-29154).
- The build date that goes into the manpages is now based on the
developer's release date, not on the build's local-timezone
interpretation of the date (closes: #1009981)
-- Samuel Henrique <email address hidden> Tue, 16 Aug 2022 11:03:48 +0100
-
rsync (3.2.4-1) unstable; urgency=medium
[ Samuel Henrique ]
* New upstream version 3.2.4
- Work around a glibc bug where lchmod() breaks in a chroot w/o /proc
mounted (closes: #995046).
- rsync.1: remove prepended backticks which broke --stop-after and
--stop-at formatting (closes: #1007990).
* Ship new python-based rrsync with --with-rrsync:
- rrsync was previouysly written in bash.
- A manpage is now shipped for rrsync.
- python3 and python3-cmarkgfm are new B-Ds since they're needed
to generate the manpage.
* d/control:
- Add version requirement for some libxxhash-dev and libzstd-dev as
per upstream docs.
- Add python3-braceexpand to Suggests as it can be used by rrsync.
* d/rsync.install: cull_options has been renamed to cull-options.
* d/patches:
- Refresh the following patches:
~ disable_reconfigure_req.diff;
~ perl_shebang.patch;
~ skip_devices_test.patch;
- Drop the following patches, applied upstream now:
~ CVE-2020-14387.patch;
~ copy-devices.diff;
~ fix_delay_updates.patch;
~ fix_ftcbfs_configure.patch;
~ fix_mkpath.patch;
~ fix_rsync-ssl_RSYNC_SSL_CERT_feature.patch;
~ fix_sparse_inplace.patch;
~ manpage_upstream_fixes.patch;
~ update_rrsync_options.patch;
~ workaround_glibc_lchmod_regression.patch;
[ Sergio Durigan Junior ]
* d/rules: Disable ASM optimizations when building.
This is not needed because the only ASM-optimized implementation
available is the MD5 hash, which is actually a no-op because we link
against OpenSSL and rsync ends up using that library's implementation
of the hash. Even then, the final binary ends up with the
ASM-optimized version included, which makes it become
CET-incompatible.
Thanks to Dimitri John Ledkov <email address hidden>
-- Samuel Henrique <email address hidden> Mon, 18 Apr 2022 14:44:44 +0100
-
rsync (3.2.3-8ubuntu3) jammy; urgency=high
* No change rebuild for ppc64el baseline bump.
-- Julian Andres Klode <email address hidden> Fri, 25 Mar 2022 10:51:06 +0100
