[rsync-announce] Rsync 3.0.2 released w/xattr security fix (attn:

--===============1485529096==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="yrj/dFKFPuw6o+aM"
Content-Disposition: inline


--yrj/dFKFPuw6o+aM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I have released rsync 3.0.2. This is a security release to fix a
potential buffer overflow in the extended attribute support. For
more details, see the rsync security advisory page:

http://rsync.samba.org/security.html

There is a patch there that can be applied to 2.6.9 (if you were using
the xattrs.patch), 3.0.0, or 3.0.1.

Those running a writable rsync daemon can opt to refuse the "xattrs"
option in their daemon config to avoid the problem without an upgrade.

I would like to thank Sebastian Krahmer for bringing this bug to my
attention.

To see the brief summary of the changes since 3.0.1, visit this link:

http://rsync.samba.org/ftp/rsync/src/rsync-3.0.2-NEWS

You can download the source tar file and its signature from here:

http://rsync.samba.org/ftp/rsync/src/rsync-3.0.2.tar.gz
http://rsync.samba.org/ftp/rsync/src...0.2.tar.gz.asc

...wayne..

--yrj/dFKFPuw6o+aM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH+6L0bIWfsUuWqMURAgXvAKDB4JOI6Vsdqz2Cve/2+e42rpL7zACgpSTs
d+fvo3As96SzMqgbjoY50nM=
=DFbI
-----END PGP SIGNATURE-----

--yrj/dFKFPuw6o+aM--

--===============1485529096==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
rsync-announce mailing list
rsync-announce@lists.samba.org
https://lists.samba.org/mailman/listinfo/rsync-announce

--===============1485529096==--