[SCM] The rsync repository. - branch master updated
Rsync CVS commit messages
rsync-cvs at lists.samba.org
Tue Aug 2 02:13:53 UTC 2022
The branch, master has been updated
via 0773cecc Preparing for release of 3.2.5pre1
via 8e335863 Tweaks to allow for a release.
via da5c72da More NEWS.
via 2f7c5831 A few more minor tweaks.
from 51fd4993 Avoid the getgroups program when cross-compiliing.
https://git.samba.org/?p=rsync.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0773cecc1fc6462b321f96dc8cae6e11983c357d
Author: Wayne Davison <wayne at opencoder.net>
Date: Mon Aug 1 18:51:07 2022 -0700
Preparing for release of 3.2.5pre1
commit 8e33586359a1e1cce943651e9c60adfe9e65ba54
Author: Wayne Davison <wayne at opencoder.net>
Date: Mon Aug 1 18:43:11 2022 -0700
Tweaks to allow for a release.
commit da5c72da4b604dbf2a9fdbfccb7b0ac787cf04e7
Author: Wayne Davison <wayne at opencoder.net>
Date: Mon Aug 1 18:34:39 2022 -0700
More NEWS.
commit 2f7c583143bc6e80902139c23d9d7283f88fbc6a
Author: Wayne Davison <wayne at opencoder.net>
Date: Mon Aug 1 18:21:28 2022 -0700
A few more minor tweaks.
-----------------------------------------------------------------------
Summary of changes:
NEWS.md | 19 ++++++++++++-------
exclude.c | 7 +++----
packaging/lsb/rsync.spec | 12 ++++++------
packaging/release-rsync | 4 +++-
rsync.1.md | 13 ++++++-------
uidlist.c | 2 +-
version.h | 2 +-
7 files changed, 32 insertions(+), 27 deletions(-)
Changeset truncated at 500 lines:
diff --git a/NEWS.md b/NEWS.md
index 4cb98a63..bf7d400a 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -6,12 +6,12 @@
- Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include recursive
- names that should have been excluded by the sender. This extra safety check
- only requires the client side rsync to be udateed. When dealing with an
- untrusted sending host using an older rsync, it is safest to copy into a
- dedicated destination directory for the remote content (i.e. don't copy into
- a destination directory that contains files that aren't from the remote
- host unless you trust the remote host). Fixes CVE-2022-29154.
+ names that should have been excluded by the sender. These extra safety
+ checks only require the receiver rsync to be udateed. When dealing with an
+ untrusted sending host, it is safest to copy into a dedicated destination
+ directory for the remote content (i.e. don't copy into a destination
+ directory that contains files that aren't from the remote host unless you
+ trust the remote host). Fixes CVE-2022-29154.
### BUG FIXES:
@@ -20,6 +20,9 @@
made rsync send mostly literal data for a copy instead of finding matching
data in the receiver's basis file.
+- Lots of manpage improvements, including an attempt to better desdribe how
+ include/exclude filters work.
+
### PACKAGING RELATED:
- The build date that goes into the manpages is now based on the developer's
@@ -27,6 +30,8 @@
### DEVELOPER RELATED:
+- Configure now defaults GETGROUPS_T to gid_t when cross compiling.
+
- Configure now looks for the bsd/string.h include file in order to fix the
build on a host that has strlcpy() in the main libc but not defined in the
main string.h file.
@@ -4517,7 +4522,7 @@
| RELEASE DATE | VER. | DATE OF COMMIT\* | PROTOCOL |
|--------------|--------|------------------|-------------|
-| ?? ??? ???? | 3.2.5 | | 31 |
+| ?? Aug 2022 | 3.2.5 | | 31 |
| 15 Apr 2022 | 3.2.4 | | 31 |
| 06 Aug 2020 | 3.2.3 | | 31 |
| 04 Jul 2020 | 3.2.2 | | 31 |
diff --git a/exclude.c b/exclude.c
index 0100efc7..cd77c543 100644
--- a/exclude.c
+++ b/exclude.c
@@ -395,11 +395,10 @@ void add_implied_include(const char *arg)
if (recurse || xfer_dirs) {
/* Now create a rule with an added "/" & "**" or "*" at the end */
rule = new0(filter_rule);
+ rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD;
if (recurse)
- rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD | FILTRULE_WILD2;
- else
- rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD;
- /* A +4 in the len leaves enough room for / * * \0 or / * \0 \0 */
+ rule->rflags |= FILTRULE_WILD2;
+ /* We must leave enough room for / * * \0. */
if (!saw_wild && backslash_cnt) {
/* We are appending a wildcard, so now the backslashes need to be escaped. */
p = rule->pattern = new_array(char, arg_len + backslash_cnt + 3 + 1);
diff --git a/packaging/lsb/rsync.spec b/packaging/lsb/rsync.spec
index 0bdcd833..95adb8f0 100644
--- a/packaging/lsb/rsync.spec
+++ b/packaging/lsb/rsync.spec
@@ -1,9 +1,9 @@
Summary: A fast, versatile, remote (and local) file-copying tool
Name: rsync
-Version: 3.2.4
-%define fullversion %{version}
-Release: 1
-%define srcdir src
+Version: 3.2.5
+%define fullversion %{version}pre1
+Release: 0.1.pre1
+%define srcdir src-previews
Group: Applications/Internet
License: GPL
Source0: https://rsync.samba.org/ftp/rsync/%{srcdir}/rsync-%{fullversion}.tar.gz
@@ -79,8 +79,8 @@ rm -rf $RPM_BUILD_ROOT
%dir /etc/rsync-ssl/certs
%changelog
-* Fri Apr 15 2022 Wayne Davison <wayne at opencoder.net>
-Released 3.2.4.
+* Mon Aug 01 2022 Wayne Davison <wayne at opencoder.net>
+Released 3.2.5pre1.
* Fri Mar 21 2008 Wayne Davison <wayne at opencoder.net>
Added installation of /etc/xinetd.d/rsync file and some commented-out
diff --git a/packaging/release-rsync b/packaging/release-rsync
index d484628c..5e54d06e 100755
--- a/packaging/release-rsync
+++ b/packaging/release-rsync
@@ -193,7 +193,9 @@ About to:
with open(fn, 'r', encoding='utf-8') as fh:
old_txt = txt = fh.read()
if fn == 'version.h':
- txt = f'#define RSYNC_VERSION "{version}"\n'
+ x_re = re.compile(r'^(#define RSYNC_VERSION).*', re.M)
+ msg = f"Unable to update RSYNC_VERSION in {fn}"
+ txt = replace_or_die(x_re, r'\1 "%s"' % version, txt, msg)
elif '.spec' in fn:
for var, val in specvars.items():
x_re = re.compile(r'^%s .*' % re.escape(var), re.M)
diff --git a/rsync.1.md b/rsync.1.md
index 576dd90b..0c27df4c 100644
--- a/rsync.1.md
+++ b/rsync.1.md
@@ -180,17 +180,16 @@ an absolute or relative path that tries to escape out of the top of the
transfer. Also, beginning with version 3.2.5, rsync does two more safety
checks of the file list to (1) ensure that no extra source arguments were added
into the transfer other than those that the client requested and (2) ensure
-that the file list obeys the exclude rules that we sent to the sender.
+that the file list obeys the exclude rules that were sent to the sender.
-For those that don't yet have a 3.2.5 client rsync, it is safest to do a copy
-into a dedicated destination directory for the remote files rather than
-requesting the remote content get mixed in with other local content. For
-example, doing an rsync copy into your home directory is potentially unsafe on
-an older rsync if the remote rsync is being controlled by a bad actor:
+For those that don't yet have a 3.2.5 client rsync (or those that want to be
+extra careful), it is safest to do a copy into a dedicated destination
+directory for the remote files when you don't trust the remote host. For
+example, instead of doing an rsync copy into your home directory:
> rsync -aiv host1:dir1 ~
-A safer command would be:
+Dedicate a "host1-files" dir to the remote content:
> rsync -aiv host1:dir1 ~/host1-files
diff --git a/uidlist.c b/uidlist.c
index 2b81ae87..99a34679 100644
--- a/uidlist.c
+++ b/uidlist.c
@@ -3,7 +3,7 @@
*
* Copyright (C) 1996 Andrew Tridgell
* Copyright (C) 1996 Paul Mackerras
- * Copyright (C) 2004-2020 Wayne Davison
+ * Copyright (C) 2004-2022 Wayne Davison
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/version.h b/version.h
index 7bb1a5c9..61820bba 100644
--- a/version.h
+++ b/version.h
@@ -1,2 +1,2 @@
-#define RSYNC_VERSION "3.2.5dev"
+#define RSYNC_VERSION "3.2.5pre1"
#define MAINTAINER_TZ_OFFSET -7.0
--
The rsync repository.
More information about the rsync-cvs
mailing list