SHA256
1
0
forked from pool/rsync
rsync/rsync-patches-3.2.5.tar.gz.asc
Pedro Monreal Gonzalez b3097cbcf7 Accepting request 997517 from home:david.anes:branches:network
- Add upstream patch rsync-3.2.5-slp.patch, as the one included in
  the released tarball doesn't fully apply.
- Drop patch rsync-CVE-2022-29154.patch, already included upstream.
- Update to 3.2.5
  * SECURITY FIXES:
    - Added some file-list safety checking that helps to ensure that a rogue
      sending rsync can't add unrequested top-level names and/or include recursive
      names that should have been excluded by the sender.  These extra safety
      checks only require the receiver rsync to be updated.  When dealing with an
      untrusted sending host, it is safest to copy into a dedicated destination
      directory for the remote content (i.e. don't copy into a destination
      directory that contains files that aren't from the remote host unless you
      trust the remote host). Fixes CVE-2022-29154.
    - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).
  * BUG FIXES:
    - Fixed the handling of filenames specified with backslash-quoted wildcards
      when the default remote-arg-escaping is enabled.
    - Fixed the configure check for signed char that was causing a host that
      defaults to unsigned characters to generate bogus rolling checksums. This
      made rsync send mostly literal data for a copy instead of finding matching
      data in the receiver's basis file (for a file that contains high-bit
      characters).
    - Lots of manpage improvements, including an attempt to better describe how
      include/exclude filters work.
    - If rsync is compiled with an xxhash 0.8 library and then moved to a system
      with a dynamically linked xxhash 0.7 library, we now detect this and disable
      the XX3 hashes (since these routines didn't stabilize until 0.8).
  * ENHANCEMENTS:
    - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the
      extra file-list safety checking (should that be required).

OBS-URL: https://build.opensuse.org/request/show/997517
OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=93
2022-08-17 11:32:58 +00:00

7 lines
195 B
Plaintext

-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCYvkwjgAKCRBshZ+xS5ao
xWAMAKC8sGretqzHSgTCOW8eCO/pFwh5DQCeJTD+07rzAvXt3HnJKvor9D3/jF4=
=UjDZ
-----END PGP SIGNATURE-----