The branch, master has been updated via 9f9240b6 Set CXX_OK=no when cross compiling. via 48885309 Create SECURITY.md via 203b3d01 Setup for 3.2.4dev. via 25526eb3 Simplify the compat logic for local_server from c3f7414c rsync-ssl: Verify the hostname in the certificate when using openssl.
https://git.samba.org/?p=rsync.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 9f9240b661c5f381831b62d72b6ea928a91ff43a Author: Wayne Davison <wa...@opencoder.net> Date: Thu Sep 3 10:07:36 2020 -0700 Set CXX_OK=no when cross compiling. commit 48885309c7d25a2a47b0d5fef0d3152d9e77f7b5 Author: Wayne Davison <wa...@opencoder.net> Date: Wed Sep 2 14:49:20 2020 -0700 Create SECURITY.md commit 203b3d0143e3a0955b68458cd693bf7adf95f241 Author: Wayne Davison <wa...@opencoder.net> Date: Thu Aug 27 19:33:15 2020 -0700 Setup for 3.2.4dev. commit 25526eb3fef7974ab5824ffd3268677fc781b30f Author: Wayne Davison <wa...@opencoder.net> Date: Thu Aug 27 18:58:21 2020 -0700 Simplify the compat logic for local_server Change the logic in compat.c to construct the client_info string value for a local copy so that the various checks of the string don't need to make an exception for local_server. ----------------------------------------------------------------------- Summary of changes: NEWS.md | 15 ++++++++++ SECURITY.md | 12 ++++++++ compat.c | 28 +++++++++++-------- configure.ac | 2 +- options.c | 89 ++++++++++++++++++++++++++++++++---------------------------- version.h | 2 +- 6 files changed, 94 insertions(+), 54 deletions(-) create mode 100644 SECURITY.md Changeset truncated at 500 lines: diff --git a/NEWS.md b/NEWS.md index a3e6b9b4..3aabcff1 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,3 +1,17 @@ +<a name="3.2.4"></a> + +# NEWS for rsync 3.2.4 (UNRELEASED) + +## Changes in this version: + +### BUG FIXES: + + - Use openssl's `-verify_hostname` option in the rsync-ssl script. + + - Avoid a weird failure if you run a local copy with an `--rsh` option that + contained a `V`. + +------------------------------------------------------------------------------ <a name="3.2.3"></a> # NEWS for rsync 3.2.3 (6 Aug 2020) @@ -4244,6 +4258,7 @@ | RELEASE DATE | VER. | DATE OF COMMIT\* | PROTOCOL | |--------------|--------|------------------|-------------| +| ?? Sep 2020 | 3.2.4 | | 31 | | 06 Aug 2020 | 3.2.3 | | 31 | | 04 Jul 2020 | 3.2.2 | | 31 | | 22 Jun 2020 | 3.2.1 | | 31 | diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..c2435741 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,12 @@ +# Security Policy + +## Supported Versions + +Only the current release of the software is actively supported. If you need +help backporting fixes into an older release, feel free to ask. + +## Reporting a Vulnerability + +Email your vulnerability information to rsync's maintainer: + + Wayne Davison <wa...@opencoder.net> diff --git a/compat.c b/compat.c index bbabd117..0a882cda 100644 --- a/compat.c +++ b/compat.c @@ -21,6 +21,7 @@ #include "rsync.h" #include "itypes.h" +#include "ifuncs.h" extern int am_server; extern int am_sender; @@ -153,7 +154,13 @@ static void check_sub_protocol(void) void set_allow_inc_recurse(void) { - client_info = shell_cmd ? shell_cmd : ""; + if (!local_server) + client_info = shell_cmd ? shell_cmd : ""; + else if (am_server) { + char buf[64]; + maybe_add_e_option(buf, sizeof buf); + client_info = *buf ? strdup(buf+1) : ""; /* The +1 skips the leading "e". */ + } if (!recurse || use_qsort) allow_inc_recurse = 0; @@ -161,8 +168,7 @@ void set_allow_inc_recurse(void) && (delete_before || delete_after || delay_updates || prune_empty_dirs)) allow_inc_recurse = 0; - else if (am_server && !local_server - && (strchr(client_info, 'i') == NULL)) + else if (am_server && strchr(client_info, 'i') == NULL) allow_inc_recurse = 0; } @@ -558,7 +564,7 @@ void setup_protocol(int f_out,int f_in) atimes_ndx = (file_extra_cnt += EXTRA64_CNT); if (preserve_crtimes) crtimes_ndx = (file_extra_cnt += EXTRA64_CNT); - if (am_sender) /* This is most likely in the in64 union as well. */ + if (am_sender) /* This is most likely in the file_extras64 union as well. */ pathname_ndx = (file_extra_cnt += PTR_EXTRA_CNT); else depth_ndx = ++file_extra_cnt; @@ -691,17 +697,17 @@ void setup_protocol(int f_out,int f_in) #ifdef ICONV_OPTION compat_flags |= CF_SYMLINK_ICONV; #endif - if (local_server || strchr(client_info, 'f') != NULL) + if (strchr(client_info, 'f') != NULL) compat_flags |= CF_SAFE_FLIST; - if (local_server || strchr(client_info, 'x') != NULL) + if (strchr(client_info, 'x') != NULL) compat_flags |= CF_AVOID_XATTR_OPTIM; - if (local_server || strchr(client_info, 'C') != NULL) + if (strchr(client_info, 'C') != NULL) compat_flags |= CF_CHKSUM_SEED_FIX; - if (local_server || strchr(client_info, 'I') != NULL) + if (strchr(client_info, 'I') != NULL) compat_flags |= CF_INPLACE_PARTIAL_DIR; - if (local_server || strchr(client_info, 'u') != NULL) + if (strchr(client_info, 'u') != NULL) compat_flags |= CF_ID0_NAMES; - if (local_server || strchr(client_info, 'v') != NULL) { + if (strchr(client_info, 'v') != NULL) { do_negotiated_strings = 1; compat_flags |= CF_VARINT_FLIST_FLAGS; } @@ -737,7 +743,7 @@ void setup_protocol(int f_out,int f_in) #endif #ifdef ICONV_OPTION sender_symlink_iconv = iconv_opt && (am_server - ? local_server || strchr(client_info, 's') != NULL + ? strchr(client_info, 's') != NULL : !!(compat_flags & CF_SYMLINK_ICONV)); #endif if (inc_recurse && !allow_inc_recurse) { diff --git a/configure.ac b/configure.ac index 64d2e6d6..109546a6 100644 --- a/configure.ac +++ b/configure.ac @@ -233,7 +233,7 @@ __attribute__ ((target("ssse3"))) void more_testing(char* buf, int len) in8_2 = _mm_lddqu_si128((__m128i_u*)&buf[i + 16]); } } -]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no]) +]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no],[CXX_OK=no]) AC_LANG(C) if test x"$CXX_OK" = x"yes"; then # AC_MSG_RESULT() is called below. diff --git a/options.c b/options.c index a9f0dc9e..06f91098 100644 --- a/options.c +++ b/options.c @@ -2577,47 +2577,8 @@ void server_options(char **args, int *argc_p) set_allow_inc_recurse(); - /* We don't really know the actual protocol_version at this point, - * but checking the pre-negotiated value allows the user to use a - * --protocol=29 override to avoid the use of this -eFLAGS opt. */ - if (protocol_version >= 30) { - /* Use "eFlags" alias so that cull_options doesn't think that these are no-arg option letters. */ -#define eFlags argstr - /* We make use of the -e option to let the server know about - * any pre-release protocol version && some behavior flags. */ - eFlags[x++] = 'e'; -#if SUBPROTOCOL_VERSION != 0 - if (protocol_version == PROTOCOL_VERSION) { - x += snprintf(argstr+x, sizeof argstr - x, - "%d.%d", - PROTOCOL_VERSION, SUBPROTOCOL_VERSION); - } else -#endif - eFlags[x++] = '.'; - if (allow_inc_recurse) - eFlags[x++] = 'i'; -#ifdef CAN_SET_SYMLINK_TIMES - eFlags[x++] = 'L'; /* symlink time-setting support */ -#endif -#ifdef ICONV_OPTION - eFlags[x++] = 's'; /* symlink iconv translation support */ -#endif - eFlags[x++] = 'f'; /* flist I/O-error safety support */ - eFlags[x++] = 'x'; /* xattr hardlink optimization not desired */ - eFlags[x++] = 'C'; /* support checksum seed order fix */ - eFlags[x++] = 'I'; /* support inplace_partial behavior */ - eFlags[x++] = 'v'; /* use varint for flist & compat flags; negotiate checksum */ - eFlags[x++] = 'u'; /* include name of uid 0 & gid 0 in the id map */ - /* NOTE: Avoid using 'V' -- it was the high bit of a write_byte() that became write_varint(). */ -#undef eFlags - } - - if (x >= (int)sizeof argstr) { /* Not possible... */ - rprintf(FERROR, "argstr overflow in server_options().\n"); - exit_cleanup(RERR_MALLOC); - } - - argstr[x] = '\0'; + /* This '\0'-terminates argstr and makes sure it didn't overflow. */ + x += maybe_add_e_option(argstr + x, (int)sizeof argstr - x); if (x > 1) args[ac++] = argstr; @@ -2926,6 +2887,52 @@ void server_options(char **args, int *argc_p) out_of_memory("server_options"); } +int maybe_add_e_option(char *buf, int buf_len) +{ + int x = 0; + + /* We don't really know the actual protocol_version at this point, + * but checking the pre-negotiated value allows the user to use a + * --protocol=29 override to avoid the use of this -eFLAGS opt. */ + if (protocol_version >= 30 && buf_len > 0) { + /* We make use of the -e option to let the server know about + * any pre-release protocol version && some behavior flags. */ + buf[x++] = 'e'; + +#if SUBPROTOCOL_VERSION != 0 + if (protocol_version == PROTOCOL_VERSION) + x += snprintf(buf + x, buf_len - x, "%d.%d", PROTOCOL_VERSION, SUBPROTOCOL_VERSION); + else +#endif + buf[x++] = '.'; + if (allow_inc_recurse) + buf[x++] = 'i'; +#ifdef CAN_SET_SYMLINK_TIMES + buf[x++] = 'L'; /* symlink time-setting support */ +#endif +#ifdef ICONV_OPTION + buf[x++] = 's'; /* symlink iconv translation support */ +#endif + buf[x++] = 'f'; /* flist I/O-error safety support */ + buf[x++] = 'x'; /* xattr hardlink optimization not desired */ + buf[x++] = 'C'; /* support checksum seed order fix */ + buf[x++] = 'I'; /* support inplace_partial behavior */ + buf[x++] = 'v'; /* use varint for flist & compat flags; negotiate checksum */ + buf[x++] = 'u'; /* include name of uid 0 & gid 0 in the id map */ + + /* NOTE: Avoid using 'V' -- it was represented with the high bit of a write_byte() that became a write_varint(). */ + } + + if (x >= buf_len) { /* Not possible... */ + rprintf(FERROR, "overflow in add_e_flags().\n"); + exit_cleanup(RERR_MALLOC); + } + + buf[x] = '\0'; + + return x; +} + /* If str points to a valid hostspec, return allocated memory containing the * [USER@]HOST part of the string, and set the path_start_ptr to the part of * the string after the host part. Otherwise, return NULL. If port_ptr is diff --git a/version.h b/version.h index e2fb963b..da21e0fd 100644 --- a/version.h +++ b/version.h @@ -1 +1 @@ -#define RSYNC_VERSION "3.2.3" +#define RSYNC_VERSION "3.2.4dev" -- The rsync repository. _______________________________________________ rsync-cvs mailing list rsync-cvs@lists.samba.org https://lists.samba.org/mailman/listinfo/rsync-cvs