[SCM] The rsync repository. - annotated tag v3.2.5pre1 created
The annotated tag, v3.2.5pre1 has been created at 1e76ea5ff30dfb1611215260a23694ec4dbd65c2 (tag) tagging 0773cecc1fc6462b321f96dc8cae6e11983c357d (commit) replaces v3.2.4 tagged by Wayne Davison on Mon Aug 1 19:00:36 2022 -0700 - Log - Version 3.2.5pre1. -BEGIN PGP SIGNATURE- iG8EABECAC8WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCYuiFRBEcd2F5bmVkQHNh bWJhLm9yZwAKCRBshZ+xS5aoxf2QAJ4gfPvjhGguiw8/GEveghItK0jgsQCfRETN 6j7frxpAjYOv6y+s3Ntb00Q= =tFmW -END PGP SIGNATURE- Wayne Davison (26): Setup for 3.2.5dev. Use the maintainer's timezone for translating the manpage date. Manpage improvements. Make md-convert --test work again. Improve discussion of old-args in advanced usage. Fix grabbing version value in configure. Avoid -pedantic-errors on non-x86 for the moment. Fix configure's "signed char" check Include bsd/strings.h if it exists Some clarifications about transfer rules. Some proxy improvements (mainly). Improve filter discussion. Improve the filter intro. Link to rsyncd.conf page server-setup details. A few minor fixes. A few more minor doc tweaks. Some extra file-list safety checks. The latest NEWS. More improvements to file-list checking A few more minor changes. Make sure sign is consistend in 2 gid comparisons. Avoid the getgroups program when cross-compiliing. A few more minor tweaks. More NEWS. Tweaks to allow for a release. Preparing for release of 3.2.5pre1 Yuri Chornoivan (1): Fix minor typos (#327) --- -- The rsync repository. ___ rsync-cvs mailing list rsync-cvs@lists.samba.org https://lists.samba.org/mailman/listinfo/rsync-cvs
[SCM] The rsync repository. - branch master updated
The branch, master has been updated via 0773cecc Preparing for release of 3.2.5pre1 via 8e335863 Tweaks to allow for a release. via da5c72da More NEWS. via 2f7c5831 A few more minor tweaks. from 51fd4993 Avoid the getgroups program when cross-compiliing. https://git.samba.org/?p=rsync.git;a=shortlog;h=master - Log - commit 0773cecc1fc6462b321f96dc8cae6e11983c357d Author: Wayne Davison Date: Mon Aug 1 18:51:07 2022 -0700 Preparing for release of 3.2.5pre1 commit 8e33586359a1e1cce943651e9c60adfe9e65ba54 Author: Wayne Davison Date: Mon Aug 1 18:43:11 2022 -0700 Tweaks to allow for a release. commit da5c72da4b604dbf2a9fdbfccb7b0ac787cf04e7 Author: Wayne Davison Date: Mon Aug 1 18:34:39 2022 -0700 More NEWS. commit 2f7c583143bc6e80902139c23d9d7283f88fbc6a Author: Wayne Davison Date: Mon Aug 1 18:21:28 2022 -0700 A few more minor tweaks. --- Summary of changes: NEWS.md | 19 --- exclude.c| 7 +++ packaging/lsb/rsync.spec | 12 ++-- packaging/release-rsync | 4 +++- rsync.1.md | 13 ++--- uidlist.c| 2 +- version.h| 2 +- 7 files changed, 32 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/NEWS.md b/NEWS.md index 4cb98a63..bf7d400a 100644 --- a/NEWS.md +++ b/NEWS.md @@ -6,12 +6,12 @@ - Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive - names that should have been excluded by the sender. This extra safety check - only requires the client side rsync to be udateed. When dealing with an - untrusted sending host using an older rsync, it is safest to copy into a - dedicated destination directory for the remote content (i.e. don't copy into - a destination directory that contains files that aren't from the remote - host unless you trust the remote host). Fixes CVE-2022-29154. + names that should have been excluded by the sender. These extra safety + checks only require the receiver rsync to be udateed. When dealing with an + untrusted sending host, it is safest to copy into a dedicated destination + directory for the remote content (i.e. don't copy into a destination + directory that contains files that aren't from the remote host unless you + trust the remote host). Fixes CVE-2022-29154. ### BUG FIXES: @@ -20,6 +20,9 @@ made rsync send mostly literal data for a copy instead of finding matching data in the receiver's basis file. +- Lots of manpage improvements, including an attempt to better desdribe how + include/exclude filters work. + ### PACKAGING RELATED: - The build date that goes into the manpages is now based on the developer's @@ -27,6 +30,8 @@ ### DEVELOPER RELATED: +- Configure now defaults GETGROUPS_T to gid_t when cross compiling. + - Configure now looks for the bsd/string.h include file in order to fix the build on a host that has strlcpy() in the main libc but not defined in the main string.h file. @@ -4517,7 +4522,7 @@ | RELEASE DATE | VER. | DATE OF COMMIT\* | PROTOCOL| |--||--|-| -| ?? ??? | 3.2.5 | | 31 | +| ?? Aug 2022 | 3.2.5 | | 31 | | 15 Apr 2022 | 3.2.4 | | 31 | | 06 Aug 2020 | 3.2.3 | | 31 | | 04 Jul 2020 | 3.2.2 | | 31 | diff --git a/exclude.c b/exclude.c index 0100efc7..cd77c543 100644 --- a/exclude.c +++ b/exclude.c @@ -395,11 +395,10 @@ void add_implied_include(const char *arg) if (recurse || xfer_dirs) { /* Now create a rule with an added "/" & "**" or "*" at the end */ rule = new0(filter_rule); + rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD; if (recurse) - rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD | FILTRULE_WILD2; - else - rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD; - /* A +4 in the len leaves enough room for / * * \0 or / * \0 \0 */ + rule->rflags |= FILTRULE_WILD2; + /* We must leave enough room for / * * \0. */ if (!saw_wild && backslash_cnt) { /* We are appending a wildcard, so now the backslashes need to be escaped. */ p = rule->pattern = new_array(char, arg_len + backslash_cnt + 3 + 1); diff --git a/packaging/lsb/rsync.spec b/packaging/lsb/rsync.spec index 0bdcd833..95adb8f0 100644 --- a/packaging/lsb/rsync.spec +++ b/packaging/lsb/rsync.spec @@ -1,9 +1,9 @@ Summary: A fast, versatile, remote (and local) file-copying
[SCM] The rsync repository. - branch master updated
The branch, master has been updated via 51fd4993 Avoid the getgroups program when cross-compiliing. via e37bfdb4 Make sure sign is consistend in 2 gid comparisons. from 3d7015af A few more minor changes. https://git.samba.org/?p=rsync.git;a=shortlog;h=master - Log - commit 51fd4993baa21f4df4b3b188899bd71fc062a5a7 Author: Wayne Davison Date: Mon Aug 1 09:00:34 2022 -0700 Avoid the getgroups program when cross-compiliing. commit e37bfdb445fc3ec500699fcee7c4ef8608938171 Author: Wayne Davison Date: Mon Aug 1 08:29:15 2022 -0700 Make sure sign is consistend in 2 gid comparisons. --- Summary of changes: configure.ac | 6 +- uidlist.c| 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/configure.ac b/configure.ac index 37241637..d185b2d3 100644 --- a/configure.ac +++ b/configure.ac @@ -625,7 +625,11 @@ fi AC_TYPE_UID_T AC_CHECK_TYPES([mode_t,off_t,size_t,pid_t,id_t]) -AC_TYPE_GETGROUPS +if test "$cross_compiling" = no; then +AC_TYPE_GETGROUPS +else +AC_DEFINE([GETGROUPS_T],[gid_t],[Define to the type of elements in the array set by `getgroups'. Usually this is either `int' or `gid_t'.]) +fi AC_CHECK_MEMBERS([struct stat.st_rdev, struct stat.st_mtimensec, struct stat.st_mtimespec.tv_nsec, diff --git a/uidlist.c b/uidlist.c index 6100b503..2b81ae87 100644 --- a/uidlist.c +++ b/uidlist.c @@ -210,7 +210,7 @@ static int is_in_group(gid_t gid) ngroups = getgroups(ngroups, gidset); /* The default gid might not be in the list on some systems. */ for (n = 0; n < ngroups; n++) { - if (gidset[n] == our_gid) + if ((gid_t)gidset[n] == our_gid) break; } if (n == ngroups) @@ -229,7 +229,7 @@ static int is_in_group(gid_t gid) last_in = gid; for (n = 0; n < ngroups; n++) { - if (gidset[n] == gid) + if ((gid_t)gidset[n] == gid) return last_out = 1; } return last_out = 0; -- The rsync repository. ___ rsync-cvs mailing list rsync-cvs@lists.samba.org https://lists.samba.org/mailman/listinfo/rsync-cvs
[SCM] The rsync repository. - branch master updated
The branch, master has been updated via 3d7015af A few more minor changes. from 7e5424b8 More improvements to file-list checking https://git.samba.org/?p=rsync.git;a=shortlog;h=master - Log - commit 3d7015afa223494e3318495c2f5de9cb49229da9 Author: Wayne Davison Date: Mon Aug 1 07:29:44 2022 -0700 A few more minor changes. --- Summary of changes: exclude.c | 21 +++-- 1 file changed, 11 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/exclude.c b/exclude.c index 2d740a83..0100efc7 100644 --- a/exclude.c +++ b/exclude.c @@ -313,13 +313,10 @@ void add_implied_include(const char *arg) if (am_server || old_style_args || list_only || filesfrom_host != NULL) return; if (relative_paths) { - cp = strstr(arg, "/./"); - if (cp) - arg = cp+3; - } else { - if ((cp = strrchr(arg, '/')) != NULL) - arg = cp + 1; - } + if ((cp = strstr(arg, "/./")) != NULL) + arg = cp + 3; + } else if ((cp = strrchr(arg, '/')) != NULL) + arg = cp + 1; arg_len = strlen(arg); if (arg_len) { if (strpbrk(arg, "*[?")) { @@ -359,13 +356,17 @@ void add_implied_include(const char *arg) int found = 0; *p = '\0'; for (ent = implied_filter_list.head; ent; ent = ent->next) { - if (ent != rule && strcmp(ent->pattern, rule->pattern) == 0) + if (ent != rule && strcmp(ent->pattern, rule->pattern) == 0) { found = 1; + break; + } } if (!found) { filter_rule *R_rule = new0(filter_rule); - R_rule->rflags = FILTRULE_INCLUDE | FILTRULE_DIRECTORY - | (saw_wild ? FILTRULE_WILD : 0); + R_rule->rflags = FILTRULE_INCLUDE | FILTRULE_DIRECTORY; + /* Check if our sub-path has wildcards or escaped backslashes */ + if (saw_wild && strpbrk(rule->pattern, "*[?\\")) + R_rule->rflags |= FILTRULE_WILD; R_rule->pattern = strdup(rule->pattern); R_rule->u.slash_cnt = slash_cnt; R_rule->next = implied_filter_list.head; -- The rsync repository. ___ rsync-cvs mailing list rsync-cvs@lists.samba.org https://lists.samba.org/mailman/listinfo/rsync-cvs
[SCM] The rsync repository. - branch master updated
The branch, master has been updated via 7e5424b8 More improvements to file-list checking from 43f70b96 The latest NEWS. https://git.samba.org/?p=rsync.git;a=shortlog;h=master - Log - commit 7e5424b806e8eea053016268ad186276e9083b77 Author: Wayne Davison Date: Mon Aug 1 07:00:51 2022 -0700 More improvements to file-list checking - Avoid implied rules on generator and (with extra certainty) on server - Add -R implied-directory path elements as directory includes - Log about extra file-list checking using a new --debug=FILTER3 level --- Summary of changes: exclude.c | 21 - main.c| 1 + options.c | 2 +- 3 files changed, 18 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/exclude.c b/exclude.c index b670c8ba..2d740a83 100644 --- a/exclude.c +++ b/exclude.c @@ -25,6 +25,7 @@ extern int am_server; extern int am_sender; +extern int am_generator; extern int eol_nulls; extern int io_error; extern int xfer_dirs; @@ -309,7 +310,7 @@ void add_implied_include(const char *arg) int slash_cnt = 1; /* We know we're adding a leading slash. */ const char *cp; char *p; - if (old_style_args || list_only || filesfrom_host != NULL) + if (am_server || old_style_args || list_only || filesfrom_host != NULL) return; if (relative_paths) { cp = strstr(arg, "/./"); @@ -363,11 +364,16 @@ void add_implied_include(const char *arg) } if (!found) { filter_rule *R_rule = new0(filter_rule); - R_rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0); + R_rule->rflags = FILTRULE_INCLUDE | FILTRULE_DIRECTORY + | (saw_wild ? FILTRULE_WILD : 0); R_rule->pattern = strdup(rule->pattern); R_rule->u.slash_cnt = slash_cnt; R_rule->next = implied_filter_list.head; implied_filter_list.head = R_rule; + if (DEBUG_GTE(FILTER, 3)) { + rprintf(FINFO, "[%s] add_implied_include(%s/)\n", + who_am_i(), rule->pattern); + } } } slash_cnt++; @@ -381,6 +387,8 @@ void add_implied_include(const char *arg) *p = '\0'; rule->u.slash_cnt = slash_cnt; arg = (const char *)rule->pattern; + if (DEBUG_GTE(FILTER, 3)) + rprintf(FINFO, "[%s] add_implied_include(%s)\n", who_am_i(), rule->pattern); } if (recurse || xfer_dirs) { @@ -416,6 +424,8 @@ void add_implied_include(const char *arg) rule->u.slash_cnt = slash_cnt + 1; rule->next = implied_filter_list.head; implied_filter_list.head = rule; + if (DEBUG_GTE(FILTER, 3)) + rprintf(FINFO, "[%s] add_implied_include(%s)\n", who_am_i(), rule->pattern); } } @@ -833,11 +843,12 @@ static void report_filter_result(enum logcode code, char const *name, filter_rule const *ent, int name_flags, const char *type) { + int log_level = am_sender || am_generator ? 1 : 3; + /* If a trailing slash is present to match only directories, * then it is stripped out by add_rule(). So as a special -* case we add it back in here. */ - - if (DEBUG_GTE(FILTER, 1)) { +* case we add it back in the log output. */ + if (DEBUG_GTE(FILTER, log_level)) { static char *actions[2][2] = { {"show", "hid"}, {"risk", "protect"} }; const char *w = who_am_i(); diff --git a/main.c b/main.c index 5a7fbdd7..fa263d27 100644 --- a/main.c +++ b/main.c @@ -1078,6 +1078,7 @@ static int do_recv(int f_in, int f_out, char *local_name) } am_generator = 1; + implied_filter_list.head = implied_filter_list.tail = NULL; flist_receiving_enabled = True; io_end_multiplex_in(MPLX_SWITCHING); diff --git a/options.c b/options.c index 93bdb237..9731a144 100644 --- a/options.c +++ b/options.c @@ -293,7 +293,7 @@ static struct output_struct debug_words[COUNT_DEBUG+1] = {