* [UPLOAD] rsync-2.6.9-1
@ 2007-08-27 20:50 Lapo Luchini
2007-08-28 12:38 ` Eric Blake
2007-08-28 16:48 ` David Rothenberger
0 siblings, 2 replies; 9+ messages in thread
From: Lapo Luchini @ 2007-08-27 20:50 UTC (permalink / raw)
To: [ML] CygWin-Apps
http://cyberx.lapo.it/cygwin/lighttpd/setup.hint (unchanged)
http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-1.tar.bz2
http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-1-src.tar.bz2
(*.bz2.sig for detached GPG signatures)
sdesc: "Fast remote file transfer program (can use existing data to
minimize transfer)"
ldesc: "rsync is a file transfer program. rsync uses the 'rsync
algorithm' which provides a very fast method for bringing remote files
into sync. It does this by sending just the differences in the files
across the link, without requiring that both sets of files are present
at one of the ends of the link beforehand."
category: Net
requires: cygwin libpopt0
--
Lapo Luchini
lapo@lapo.it (OpenPGP & X.509)
www.lapo.it (Jabber, ICQ, MSN)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [UPLOAD] rsync-2.6.9-1
2007-08-27 20:50 [UPLOAD] rsync-2.6.9-1 Lapo Luchini
@ 2007-08-28 12:38 ` Eric Blake
2007-08-28 14:53 ` Lapo Luchini
2007-08-28 16:48 ` David Rothenberger
1 sibling, 1 reply; 9+ messages in thread
From: Eric Blake @ 2007-08-28 12:38 UTC (permalink / raw)
To: cygwin-apps
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Lapo Luchini on 8/27/2007 2:50 PM:
> http://cyberx.lapo.it/cygwin/lighttpd/setup.hint (unchanged)
> http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-1.tar.bz2
> http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-1-src.tar.bz2
Uploaded, leaving 2.6.6-1 as previous. 2.6.2-3 and 2.6.3-1 are also still
present.
- --
Don't work too hard, make some time for fun as well!
Eric Blake ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG1Bdw84KuGfSFAYARAp4vAJwIEUBNb4YIdemAaJMvvk6CuH2tSQCdHrHr
guaaHX8RC1KCHrWtZ+lrRUA=
=CDfZ
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [UPLOAD] rsync-2.6.9-1
2007-08-28 12:38 ` Eric Blake
@ 2007-08-28 14:53 ` Lapo Luchini
0 siblings, 0 replies; 9+ messages in thread
From: Lapo Luchini @ 2007-08-28 14:53 UTC (permalink / raw)
To: cygwin-apps
Eric Blake wrote:
> Uploaded, leaving 2.6.6-1 as previous. 2.6.2-3 and 2.6.3-1 are also still
> present.
>
2.6.6-1 has been used succesfully by many for much time, it's good to
leave that as [prev], but 2.6.2 and 2.6.3 can be safely deleted.
--
Lapo Luchini
lapo@lapo.it (OpenPGP & X.509)
www.lapo.it (Jabber, ICQ, MSN)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [UPLOAD] rsync-2.6.9-1
2007-08-27 20:50 [UPLOAD] rsync-2.6.9-1 Lapo Luchini
2007-08-28 12:38 ` Eric Blake
@ 2007-08-28 16:48 ` David Rothenberger
2007-08-28 18:10 ` Lapo Luchini
1 sibling, 1 reply; 9+ messages in thread
From: David Rothenberger @ 2007-08-28 16:48 UTC (permalink / raw)
To: cygapps
On 8/27/2007 1:50 PM, Lapo Luchini wrote:
> http://cyberx.lapo.it/cygwin/lighttpd/setup.hint (unchanged)
> http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-1.tar.bz2
> http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-1-src.tar.bz2
Would it make sense to include the patch from
http://c-skills.blogspot.com/2007/08/cve-2007-4091.html in the 2.6.9
release to fix the off-by-one errors that could lead remote code
execution?[*]
I'm sorry for not noticing this before rsync was uploaded. I have a
local build of 2.6.9 with the patch applied that's been working fine for
me for a while.
[*] http://secunia.com/advisories/26493/
--
David Rothenberger ---- daveroth@acm.org
optimist, n:
A bagpiper with a beeper.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [UPLOAD] rsync-2.6.9-1
2007-08-28 16:48 ` David Rothenberger
@ 2007-08-28 18:10 ` Lapo Luchini
2007-08-28 19:47 ` [UPLOAD] rsync-2.6.9-2 Lapo Luchini
2007-08-29 9:16 ` [UPLOAD] rsync-2.6.9-2 (security fix) Lapo Luchini
0 siblings, 2 replies; 9+ messages in thread
From: Lapo Luchini @ 2007-08-28 18:10 UTC (permalink / raw)
To: [ML] CygWin-Apps
David Rothenberger wrote:
> On 8/27/2007 1:50 PM, Lapo Luchini wrote:
>> http://cyberx.lapo.it/cygwin/lighttpd/setup.hint (unchanged)
>> http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-1.tar.bz2
>> http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-1-src.tar.bz2
> Would it make sense to include the patch [...] to fix the off-by-one
> errors that could lead remote code execution?[*]
> I'm sorry for not noticing this before rsync was uploaded.
Don't be sorry, *I* am sorry not to have noticed that myself, as I was
supposed to ;)
Rolling new package in a few mins...
--
Lapo Luchini
lapo@lapo.it (OpenPGP & X.509)
www.lapo.it (Jabber, ICQ, MSN)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [UPLOAD] rsync-2.6.9-2
2007-08-28 18:10 ` Lapo Luchini
@ 2007-08-28 19:47 ` Lapo Luchini
2007-08-28 20:04 ` Lapo Luchini
2007-08-29 9:16 ` [UPLOAD] rsync-2.6.9-2 (security fix) Lapo Luchini
1 sibling, 1 reply; 9+ messages in thread
From: Lapo Luchini @ 2007-08-28 19:47 UTC (permalink / raw)
To: [ML] CygWin-Apps
Lapo Luchini wrote:
>> Would it make sense to include the patch [...] to fix the off-by-one
>> errors that could lead remote code execution?[*]
>> I'm sorry for not noticing this before rsync was uploaded.
>>
> Don't be sorry, *I* am sorry not to have noticed that myself, as I was
> supposed to ;)
>
I have to notice, though, that I'm in good company: neither official
rsync homepage or devel ML took notice of it so far...
(I wonder why the patch author didn't write to the ML concurrently to
his blog post)
Anyway...
http://cyberx.lapo.it/cygwin/rsync/setup.hint (unchanged)
http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-2.tar.bz2
http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-2-src.tar.bz2
--
Lapo Luchini
lapo@lapo.it (OpenPGP & X.509)
www.lapo.it (Jabber, ICQ, MSN)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [UPLOAD] rsync-2.6.9-2
2007-08-28 19:47 ` [UPLOAD] rsync-2.6.9-2 Lapo Luchini
@ 2007-08-28 20:04 ` Lapo Luchini
0 siblings, 0 replies; 9+ messages in thread
From: Lapo Luchini @ 2007-08-28 20:04 UTC (permalink / raw)
To: [ML] CygWin-Apps
Lapo Luchini wrote:
> http://cyberx.lapo.it/cygwin/rsync/setup.hint (unchanged)
> http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-2.tar.bz2
> http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-2-src.tar.bz2
>
(which is intended to replace 2.6.9-1, keeping 2.6.6 as prev)
--
Lapo Luchini
lapo@lapo.it (OpenPGP & X.509)
www.lapo.it (Jabber, ICQ, MSN)
^ permalink raw reply [flat|nested] 9+ messages in thread
* [UPLOAD] rsync-2.6.9-2 (security fix)
2007-08-28 18:10 ` Lapo Luchini
2007-08-28 19:47 ` [UPLOAD] rsync-2.6.9-2 Lapo Luchini
@ 2007-08-29 9:16 ` Lapo Luchini
2007-08-29 12:18 ` Eric Blake
1 sibling, 1 reply; 9+ messages in thread
From: Lapo Luchini @ 2007-08-29 9:16 UTC (permalink / raw)
To: [ML] CygWin-Apps
(sorry duplicate message, but the other was deep in a thread and may not
be noticeable enough)
Please upload new release as it is a security fix, delete 2.6.9-1 and
keep 2.6.6-1 as previous.
http://cyberx.lapo.it/cygwin/rsync/setup.hint (unchanged)
http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-2.tar.bz2
http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-2-src.tar.bz2
Should I announce *both* or a single announce for -2 can do?
(-1 was uploaded like yesterday)
--
Lapo Luchini
lapo@lapo.it (OpenPGP & X.509)
www.lapo.it (Jabber, ICQ, MSN)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [UPLOAD] rsync-2.6.9-2 (security fix)
2007-08-29 9:16 ` [UPLOAD] rsync-2.6.9-2 (security fix) Lapo Luchini
@ 2007-08-29 12:18 ` Eric Blake
0 siblings, 0 replies; 9+ messages in thread
From: Eric Blake @ 2007-08-29 12:18 UTC (permalink / raw)
To: cygwin-apps
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Lapo Luchini on 8/29/2007 3:16 AM:
> (sorry duplicate message, but the other was deep in a thread and may not
> be noticeable enough)
>
> Please upload new release as it is a security fix, delete 2.6.9-1 and
> keep 2.6.6-1 as previous.
Done.
> Should I announce *both* or a single announce for -2 can do?
> (-1 was uploaded like yesterday)
Oh well, I hit the approve button on the moderator's list for the -1
announcement before seeing this question, so this go-around, the answer is
one announcement for each version. But I don't have any problems in
general with the idea announcing only a -2 version if it was uploaded
within a day or two to fix problems in a -1 version.
- --
Don't work too hard, make some time for fun as well!
Eric Blake ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG1WQc84KuGfSFAYARAgLwAJ9pYMKnutRS/ZqWyinatdgdoYppmACglxhu
ySBVW0CkgGU6g/g/HqfmUSA=
=Kkux
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2007-08-29 12:18 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-08-27 20:50 [UPLOAD] rsync-2.6.9-1 Lapo Luchini
2007-08-28 12:38 ` Eric Blake
2007-08-28 14:53 ` Lapo Luchini
2007-08-28 16:48 ` David Rothenberger
2007-08-28 18:10 ` Lapo Luchini
2007-08-28 19:47 ` [UPLOAD] rsync-2.6.9-2 Lapo Luchini
2007-08-28 20:04 ` Lapo Luchini
2007-08-29 9:16 ` [UPLOAD] rsync-2.6.9-2 (security fix) Lapo Luchini
2007-08-29 12:18 ` Eric Blake
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).