The branch, master has been updated
via 9f9240b6 Set CXX_OK=no when cross compiling.
via 48885309 Create SECURITY.md
via 203b3d01 Setup for 3.2.4dev.
via 25526eb3 Simplify the compat logic for local_server
from c3f7414c rsync-ssl: Verify the hostname in the certificate when
using openssl.
https://git.samba.org/?p=rsync.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9f9240b661c5f381831b62d72b6ea928a91ff43a
Author: Wayne Davison <wa...@opencoder.net>
Date: Thu Sep 3 10:07:36 2020 -0700
Set CXX_OK=no when cross compiling.
commit 48885309c7d25a2a47b0d5fef0d3152d9e77f7b5
Author: Wayne Davison <wa...@opencoder.net>
Date: Wed Sep 2 14:49:20 2020 -0700
Create SECURITY.md
commit 203b3d0143e3a0955b68458cd693bf7adf95f241
Author: Wayne Davison <wa...@opencoder.net>
Date: Thu Aug 27 19:33:15 2020 -0700
Setup for 3.2.4dev.
commit 25526eb3fef7974ab5824ffd3268677fc781b30f
Author: Wayne Davison <wa...@opencoder.net>
Date: Thu Aug 27 18:58:21 2020 -0700
Simplify the compat logic for local_server
Change the logic in compat.c to construct the client_info string value
for a local copy so that the various checks of the string don't need to
make an exception for local_server.
-----------------------------------------------------------------------
Summary of changes:
NEWS.md | 15 ++++++++++
SECURITY.md | 12 ++++++++
compat.c | 28 +++++++++++--------
configure.ac | 2 +-
options.c | 89 ++++++++++++++++++++++++++++++++----------------------------
version.h | 2 +-
6 files changed, 94 insertions(+), 54 deletions(-)
create mode 100644 SECURITY.md
Changeset truncated at 500 lines:
diff --git a/NEWS.md b/NEWS.md
index a3e6b9b4..3aabcff1 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,3 +1,17 @@
+<a name="3.2.4"></a>
+
+# NEWS for rsync 3.2.4 (UNRELEASED)
+
+## Changes in this version:
+
+### BUG FIXES:
+
+ - Use openssl's `-verify_hostname` option in the rsync-ssl script.
+
+ - Avoid a weird failure if you run a local copy with an `--rsh` option that
+ contained a `V`.
+
+------------------------------------------------------------------------------
<a name="3.2.3"></a>
# NEWS for rsync 3.2.3 (6 Aug 2020)
@@ -4244,6 +4258,7 @@
| RELEASE DATE | VER. | DATE OF COMMIT\* | PROTOCOL |
|--------------|--------|------------------|-------------|
+| ?? Sep 2020 | 3.2.4 | | 31 |
| 06 Aug 2020 | 3.2.3 | | 31 |
| 04 Jul 2020 | 3.2.2 | | 31 |
| 22 Jun 2020 | 3.2.1 | | 31 |
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..c2435741
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,12 @@
+# Security Policy
+
+## Supported Versions
+
+Only the current release of the software is actively supported. If you need
+help backporting fixes into an older release, feel free to ask.
+
+## Reporting a Vulnerability
+
+Email your vulnerability information to rsync's maintainer:
+
+ Wayne Davison <wa...@opencoder.net>
diff --git a/compat.c b/compat.c
index bbabd117..0a882cda 100644
--- a/compat.c
+++ b/compat.c
@@ -21,6 +21,7 @@
#include "rsync.h"
#include "itypes.h"
+#include "ifuncs.h"
extern int am_server;
extern int am_sender;
@@ -153,7 +154,13 @@ static void check_sub_protocol(void)
void set_allow_inc_recurse(void)
{
- client_info = shell_cmd ? shell_cmd : "";
+ if (!local_server)
+ client_info = shell_cmd ? shell_cmd : "";
+ else if (am_server) {
+ char buf[64];
+ maybe_add_e_option(buf, sizeof buf);
+ client_info = *buf ? strdup(buf+1) : ""; /* The +1 skips the
leading "e". */
+ }
if (!recurse || use_qsort)
allow_inc_recurse = 0;
@@ -161,8 +168,7 @@ void set_allow_inc_recurse(void)
&& (delete_before || delete_after
|| delay_updates || prune_empty_dirs))
allow_inc_recurse = 0;
- else if (am_server && !local_server
- && (strchr(client_info, 'i') == NULL))
+ else if (am_server && strchr(client_info, 'i') == NULL)
allow_inc_recurse = 0;
}
@@ -558,7 +564,7 @@ void setup_protocol(int f_out,int f_in)
atimes_ndx = (file_extra_cnt += EXTRA64_CNT);
if (preserve_crtimes)
crtimes_ndx = (file_extra_cnt += EXTRA64_CNT);
- if (am_sender) /* This is most likely in the in64 union as well. */
+ if (am_sender) /* This is most likely in the file_extras64 union as
well. */
pathname_ndx = (file_extra_cnt += PTR_EXTRA_CNT);
else
depth_ndx = ++file_extra_cnt;
@@ -691,17 +697,17 @@ void setup_protocol(int f_out,int f_in)
#ifdef ICONV_OPTION
compat_flags |= CF_SYMLINK_ICONV;
#endif
- if (local_server || strchr(client_info, 'f') != NULL)
+ if (strchr(client_info, 'f') != NULL)
compat_flags |= CF_SAFE_FLIST;
- if (local_server || strchr(client_info, 'x') != NULL)
+ if (strchr(client_info, 'x') != NULL)
compat_flags |= CF_AVOID_XATTR_OPTIM;
- if (local_server || strchr(client_info, 'C') != NULL)
+ if (strchr(client_info, 'C') != NULL)
compat_flags |= CF_CHKSUM_SEED_FIX;
- if (local_server || strchr(client_info, 'I') != NULL)
+ if (strchr(client_info, 'I') != NULL)
compat_flags |= CF_INPLACE_PARTIAL_DIR;
- if (local_server || strchr(client_info, 'u') != NULL)
+ if (strchr(client_info, 'u') != NULL)
compat_flags |= CF_ID0_NAMES;
- if (local_server || strchr(client_info, 'v') != NULL) {
+ if (strchr(client_info, 'v') != NULL) {
do_negotiated_strings = 1;
compat_flags |= CF_VARINT_FLIST_FLAGS;
}
@@ -737,7 +743,7 @@ void setup_protocol(int f_out,int f_in)
#endif
#ifdef ICONV_OPTION
sender_symlink_iconv = iconv_opt && (am_server
- ? local_server || strchr(client_info, 's') != NULL
+ ? strchr(client_info, 's') != NULL
: !!(compat_flags & CF_SYMLINK_ICONV));
#endif
if (inc_recurse && !allow_inc_recurse) {
diff --git a/configure.ac b/configure.ac
index 64d2e6d6..109546a6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -233,7 +233,7 @@ __attribute__ ((target("ssse3"))) void more_testing(char*
buf, int len)
in8_2 = _mm_lddqu_si128((__m128i_u*)&buf[i + 16]);
}
}
-]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42)
exit(1);]])],[CXX_OK=yes],[CXX_OK=no])
+]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42)
exit(1);]])],[CXX_OK=yes],[CXX_OK=no],[CXX_OK=no])
AC_LANG(C)
if test x"$CXX_OK" = x"yes"; then
# AC_MSG_RESULT() is called below.
diff --git a/options.c b/options.c
index a9f0dc9e..06f91098 100644
--- a/options.c
+++ b/options.c
@@ -2577,47 +2577,8 @@ void server_options(char **args, int *argc_p)
set_allow_inc_recurse();
- /* We don't really know the actual protocol_version at this point,
- * but checking the pre-negotiated value allows the user to use a
- * --protocol=29 override to avoid the use of this -eFLAGS opt. */
- if (protocol_version >= 30) {
- /* Use "eFlags" alias so that cull_options doesn't think that
these are no-arg option letters. */
-#define eFlags argstr
- /* We make use of the -e option to let the server know about
- * any pre-release protocol version && some behavior flags. */
- eFlags[x++] = 'e';
-#if SUBPROTOCOL_VERSION != 0
- if (protocol_version == PROTOCOL_VERSION) {
- x += snprintf(argstr+x, sizeof argstr - x,
- "%d.%d",
- PROTOCOL_VERSION, SUBPROTOCOL_VERSION);
- } else
-#endif
- eFlags[x++] = '.';
- if (allow_inc_recurse)
- eFlags[x++] = 'i';
-#ifdef CAN_SET_SYMLINK_TIMES
- eFlags[x++] = 'L'; /* symlink time-setting support */
-#endif
-#ifdef ICONV_OPTION
- eFlags[x++] = 's'; /* symlink iconv translation support */
-#endif
- eFlags[x++] = 'f'; /* flist I/O-error safety support */
- eFlags[x++] = 'x'; /* xattr hardlink optimization not desired */
- eFlags[x++] = 'C'; /* support checksum seed order fix */
- eFlags[x++] = 'I'; /* support inplace_partial behavior */
- eFlags[x++] = 'v'; /* use varint for flist & compat flags;
negotiate checksum */
- eFlags[x++] = 'u'; /* include name of uid 0 & gid 0 in the id
map */
- /* NOTE: Avoid using 'V' -- it was the high bit of a
write_byte() that became write_varint(). */
-#undef eFlags
- }
-
- if (x >= (int)sizeof argstr) { /* Not possible... */
- rprintf(FERROR, "argstr overflow in server_options().\n");
- exit_cleanup(RERR_MALLOC);
- }
-
- argstr[x] = '\0';
+ /* This '\0'-terminates argstr and makes sure it didn't overflow. */
+ x += maybe_add_e_option(argstr + x, (int)sizeof argstr - x);
if (x > 1)
args[ac++] = argstr;
@@ -2926,6 +2887,52 @@ void server_options(char **args, int *argc_p)
out_of_memory("server_options");
}
+int maybe_add_e_option(char *buf, int buf_len)
+{
+ int x = 0;
+
+ /* We don't really know the actual protocol_version at this point,
+ * but checking the pre-negotiated value allows the user to use a
+ * --protocol=29 override to avoid the use of this -eFLAGS opt. */
+ if (protocol_version >= 30 && buf_len > 0) {
+ /* We make use of the -e option to let the server know about
+ * any pre-release protocol version && some behavior flags. */
+ buf[x++] = 'e';
+
+#if SUBPROTOCOL_VERSION != 0
+ if (protocol_version == PROTOCOL_VERSION)
+ x += snprintf(buf + x, buf_len - x, "%d.%d",
PROTOCOL_VERSION, SUBPROTOCOL_VERSION);
+ else
+#endif
+ buf[x++] = '.';
+ if (allow_inc_recurse)
+ buf[x++] = 'i';
+#ifdef CAN_SET_SYMLINK_TIMES
+ buf[x++] = 'L'; /* symlink time-setting support */
+#endif
+#ifdef ICONV_OPTION
+ buf[x++] = 's'; /* symlink iconv translation support */
+#endif
+ buf[x++] = 'f'; /* flist I/O-error safety support */
+ buf[x++] = 'x'; /* xattr hardlink optimization not desired */
+ buf[x++] = 'C'; /* support checksum seed order fix */
+ buf[x++] = 'I'; /* support inplace_partial behavior */
+ buf[x++] = 'v'; /* use varint for flist & compat flags;
negotiate checksum */
+ buf[x++] = 'u'; /* include name of uid 0 & gid 0 in the id map
*/
+
+ /* NOTE: Avoid using 'V' -- it was represented with the high
bit of a write_byte() that became a write_varint(). */
+ }
+
+ if (x >= buf_len) { /* Not possible... */
+ rprintf(FERROR, "overflow in add_e_flags().\n");
+ exit_cleanup(RERR_MALLOC);
+ }
+
+ buf[x] = '\0';
+
+ return x;
+}
+
/* If str points to a valid hostspec, return allocated memory containing the
* [USER@]HOST part of the string, and set the path_start_ptr to the part of
* the string after the host part. Otherwise, return NULL. If port_ptr is
diff --git a/version.h b/version.h
index e2fb963b..da21e0fd 100644
--- a/version.h
+++ b/version.h
@@ -1 +1 @@
-#define RSYNC_VERSION "3.2.3"
+#define RSYNC_VERSION "3.2.4dev"
--
The rsync repository.
_______________________________________________
rsync-cvs mailing list
rsync-cvs@lists.samba.org
https://lists.samba.org/mailman/listinfo/rsync-cvs
