[SCM] The rsync repository. - annotated tag v3.2.5pre1 created
The annotated tag, v3.2.5pre1 has been created at 1e76ea5ff30dfb1611215260a23694ec4dbd65c2 (tag) tagging 0773cecc1fc6462b321f96dc8cae6e11983c357d (commit) replaces v3.2.4 tagged by Wayne Davison on Mon Aug 1 19:00:36 2022 -0700 - Log - Version 3.2.5pre1. -BEGIN PGP SIGNATURE- iG8EABECAC8WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCYuiFRBEcd2F5bmVkQHNh bWJhLm9yZwAKCRBshZ+xS5aoxf2QAJ4gfPvjhGguiw8/GEveghItK0jgsQCfRETN 6j7frxpAjYOv6y+s3Ntb00Q= =tFmW -END PGP SIGNATURE- Wayne Davison (26): Setup for 3.2.5dev. Use the maintainer's timezone for translating the manpage date. Manpage improvements. Make md-convert --test work again. Improve discussion of old-args in advanced usage. Fix grabbing version value in configure. Avoid -pedantic-errors on non-x86 for the moment. Fix configure's "signed char" check Include bsd/strings.h if it exists Some clarifications about transfer rules. Some proxy improvements (mainly). Improve filter discussion. Improve the filter intro. Link to rsyncd.conf page server-setup details. A few minor fixes. A few more minor doc tweaks. Some extra file-list safety checks. The latest NEWS. More improvements to file-list checking A few more minor changes. Make sure sign is consistend in 2 gid comparisons. Avoid the getgroups program when cross-compiliing. A few more minor tweaks. More NEWS. Tweaks to allow for a release. Preparing for release of 3.2.5pre1 Yuri Chornoivan (1): Fix minor typos (#327) --- -- The rsync repository. ___ rsync-cvs mailing list rsync-cvs@lists.samba.org https://lists.samba.org/mailman/listinfo/rsync-cvs
[SCM] The rsync repository. - branch master updated
The branch, master has been updated
via 0773cecc Preparing for release of 3.2.5pre1
via 8e335863 Tweaks to allow for a release.
via da5c72da More NEWS.
via 2f7c5831 A few more minor tweaks.
from 51fd4993 Avoid the getgroups program when cross-compiliing.
https://git.samba.org/?p=rsync.git;a=shortlog;h=master
- Log -
commit 0773cecc1fc6462b321f96dc8cae6e11983c357d
Author: Wayne Davison
Date: Mon Aug 1 18:51:07 2022 -0700
Preparing for release of 3.2.5pre1
commit 8e33586359a1e1cce943651e9c60adfe9e65ba54
Author: Wayne Davison
Date: Mon Aug 1 18:43:11 2022 -0700
Tweaks to allow for a release.
commit da5c72da4b604dbf2a9fdbfccb7b0ac787cf04e7
Author: Wayne Davison
Date: Mon Aug 1 18:34:39 2022 -0700
More NEWS.
commit 2f7c583143bc6e80902139c23d9d7283f88fbc6a
Author: Wayne Davison
Date: Mon Aug 1 18:21:28 2022 -0700
A few more minor tweaks.
---
Summary of changes:
NEWS.md | 19 ---
exclude.c| 7 +++
packaging/lsb/rsync.spec | 12 ++--
packaging/release-rsync | 4 +++-
rsync.1.md | 13 ++---
uidlist.c| 2 +-
version.h| 2 +-
7 files changed, 32 insertions(+), 27 deletions(-)
Changeset truncated at 500 lines:
diff --git a/NEWS.md b/NEWS.md
index 4cb98a63..bf7d400a 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -6,12 +6,12 @@
- Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include recursive
- names that should have been excluded by the sender. This extra safety check
- only requires the client side rsync to be udateed. When dealing with an
- untrusted sending host using an older rsync, it is safest to copy into a
- dedicated destination directory for the remote content (i.e. don't copy into
- a destination directory that contains files that aren't from the remote
- host unless you trust the remote host). Fixes CVE-2022-29154.
+ names that should have been excluded by the sender. These extra safety
+ checks only require the receiver rsync to be udateed. When dealing with an
+ untrusted sending host, it is safest to copy into a dedicated destination
+ directory for the remote content (i.e. don't copy into a destination
+ directory that contains files that aren't from the remote host unless you
+ trust the remote host). Fixes CVE-2022-29154.
### BUG FIXES:
@@ -20,6 +20,9 @@
made rsync send mostly literal data for a copy instead of finding matching
data in the receiver's basis file.
+- Lots of manpage improvements, including an attempt to better desdribe how
+ include/exclude filters work.
+
### PACKAGING RELATED:
- The build date that goes into the manpages is now based on the developer's
@@ -27,6 +30,8 @@
### DEVELOPER RELATED:
+- Configure now defaults GETGROUPS_T to gid_t when cross compiling.
+
- Configure now looks for the bsd/string.h include file in order to fix the
build on a host that has strlcpy() in the main libc but not defined in the
main string.h file.
@@ -4517,7 +4522,7 @@
| RELEASE DATE | VER. | DATE OF COMMIT\* | PROTOCOL|
|--||--|-|
-| ?? ??? | 3.2.5 | | 31 |
+| ?? Aug 2022 | 3.2.5 | | 31 |
| 15 Apr 2022 | 3.2.4 | | 31 |
| 06 Aug 2020 | 3.2.3 | | 31 |
| 04 Jul 2020 | 3.2.2 | | 31 |
diff --git a/exclude.c b/exclude.c
index 0100efc7..cd77c543 100644
--- a/exclude.c
+++ b/exclude.c
@@ -395,11 +395,10 @@ void add_implied_include(const char *arg)
if (recurse || xfer_dirs) {
/* Now create a rule with an added "/" & "**" or "*" at the end
*/
rule = new0(filter_rule);
+ rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD;
if (recurse)
- rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD |
FILTRULE_WILD2;
- else
- rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD;
- /* A +4 in the len leaves enough room for / * * \0 or / * \0 \0
*/
+ rule->rflags |= FILTRULE_WILD2;
+ /* We must leave enough room for / * * \0. */
if (!saw_wild && backslash_cnt) {
/* We are appending a wildcard, so now the backslashes
need to be escaped. */
p = rule->pattern = new_array(char, arg_len +
backslash_cnt + 3 + 1);
diff --git a/packaging/lsb/rsync.spec b/packaging/lsb/rsync.spec
index 0bdcd833..95adb8f0 100644
--- a/packaging/lsb/rsync.spec
+++ b/packaging/lsb/rsync.spec
@@ -1,9 +1,9 @@
Summary: A fast, versatile, remote (and local) file-copying
[SCM] The rsync repository. - branch master updated
The branch, master has been updated
via 51fd4993 Avoid the getgroups program when cross-compiliing.
via e37bfdb4 Make sure sign is consistend in 2 gid comparisons.
from 3d7015af A few more minor changes.
https://git.samba.org/?p=rsync.git;a=shortlog;h=master
- Log -
commit 51fd4993baa21f4df4b3b188899bd71fc062a5a7
Author: Wayne Davison
Date: Mon Aug 1 09:00:34 2022 -0700
Avoid the getgroups program when cross-compiliing.
commit e37bfdb445fc3ec500699fcee7c4ef8608938171
Author: Wayne Davison
Date: Mon Aug 1 08:29:15 2022 -0700
Make sure sign is consistend in 2 gid comparisons.
---
Summary of changes:
configure.ac | 6 +-
uidlist.c| 4 ++--
2 files changed, 7 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/configure.ac b/configure.ac
index 37241637..d185b2d3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -625,7 +625,11 @@ fi
AC_TYPE_UID_T
AC_CHECK_TYPES([mode_t,off_t,size_t,pid_t,id_t])
-AC_TYPE_GETGROUPS
+if test "$cross_compiling" = no; then
+AC_TYPE_GETGROUPS
+else
+AC_DEFINE([GETGROUPS_T],[gid_t],[Define to the type of elements in the
array set by `getgroups'. Usually this is either `int' or `gid_t'.])
+fi
AC_CHECK_MEMBERS([struct stat.st_rdev,
struct stat.st_mtimensec,
struct stat.st_mtimespec.tv_nsec,
diff --git a/uidlist.c b/uidlist.c
index 6100b503..2b81ae87 100644
--- a/uidlist.c
+++ b/uidlist.c
@@ -210,7 +210,7 @@ static int is_in_group(gid_t gid)
ngroups = getgroups(ngroups, gidset);
/* The default gid might not be in the list on some systems. */
for (n = 0; n < ngroups; n++) {
- if (gidset[n] == our_gid)
+ if ((gid_t)gidset[n] == our_gid)
break;
}
if (n == ngroups)
@@ -229,7 +229,7 @@ static int is_in_group(gid_t gid)
last_in = gid;
for (n = 0; n < ngroups; n++) {
- if (gidset[n] == gid)
+ if ((gid_t)gidset[n] == gid)
return last_out = 1;
}
return last_out = 0;
--
The rsync repository.
___
rsync-cvs mailing list
rsync-cvs@lists.samba.org
https://lists.samba.org/mailman/listinfo/rsync-cvs
[SCM] The rsync repository. - branch master updated
The branch, master has been updated
via 3d7015af A few more minor changes.
from 7e5424b8 More improvements to file-list checking
https://git.samba.org/?p=rsync.git;a=shortlog;h=master
- Log -
commit 3d7015afa223494e3318495c2f5de9cb49229da9
Author: Wayne Davison
Date: Mon Aug 1 07:29:44 2022 -0700
A few more minor changes.
---
Summary of changes:
exclude.c | 21 +++--
1 file changed, 11 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/exclude.c b/exclude.c
index 2d740a83..0100efc7 100644
--- a/exclude.c
+++ b/exclude.c
@@ -313,13 +313,10 @@ void add_implied_include(const char *arg)
if (am_server || old_style_args || list_only || filesfrom_host != NULL)
return;
if (relative_paths) {
- cp = strstr(arg, "/./");
- if (cp)
- arg = cp+3;
- } else {
- if ((cp = strrchr(arg, '/')) != NULL)
- arg = cp + 1;
- }
+ if ((cp = strstr(arg, "/./")) != NULL)
+ arg = cp + 3;
+ } else if ((cp = strrchr(arg, '/')) != NULL)
+ arg = cp + 1;
arg_len = strlen(arg);
if (arg_len) {
if (strpbrk(arg, "*[?")) {
@@ -359,13 +356,17 @@ void add_implied_include(const char *arg)
int found = 0;
*p = '\0';
for (ent = implied_filter_list.head;
ent; ent = ent->next) {
- if (ent != rule &&
strcmp(ent->pattern, rule->pattern) == 0)
+ if (ent != rule &&
strcmp(ent->pattern, rule->pattern) == 0) {
found = 1;
+ break;
+ }
}
if (!found) {
filter_rule *R_rule =
new0(filter_rule);
- R_rule->rflags =
FILTRULE_INCLUDE | FILTRULE_DIRECTORY
- | (saw_wild ?
FILTRULE_WILD : 0);
+ R_rule->rflags =
FILTRULE_INCLUDE | FILTRULE_DIRECTORY;
+ /* Check if our sub-path has
wildcards or escaped backslashes */
+ if (saw_wild &&
strpbrk(rule->pattern, "*[?\\"))
+ R_rule->rflags |=
FILTRULE_WILD;
R_rule->pattern =
strdup(rule->pattern);
R_rule->u.slash_cnt = slash_cnt;
R_rule->next =
implied_filter_list.head;
--
The rsync repository.
___
rsync-cvs mailing list
rsync-cvs@lists.samba.org
https://lists.samba.org/mailman/listinfo/rsync-cvs
[SCM] The rsync repository. - branch master updated
The branch, master has been updated
via 7e5424b8 More improvements to file-list checking
from 43f70b96 The latest NEWS.
https://git.samba.org/?p=rsync.git;a=shortlog;h=master
- Log -
commit 7e5424b806e8eea053016268ad186276e9083b77
Author: Wayne Davison
Date: Mon Aug 1 07:00:51 2022 -0700
More improvements to file-list checking
- Avoid implied rules on generator and (with extra certainty) on server
- Add -R implied-directory path elements as directory includes
- Log about extra file-list checking using a new --debug=FILTER3 level
---
Summary of changes:
exclude.c | 21 -
main.c| 1 +
options.c | 2 +-
3 files changed, 18 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/exclude.c b/exclude.c
index b670c8ba..2d740a83 100644
--- a/exclude.c
+++ b/exclude.c
@@ -25,6 +25,7 @@
extern int am_server;
extern int am_sender;
+extern int am_generator;
extern int eol_nulls;
extern int io_error;
extern int xfer_dirs;
@@ -309,7 +310,7 @@ void add_implied_include(const char *arg)
int slash_cnt = 1; /* We know we're adding a leading slash. */
const char *cp;
char *p;
- if (old_style_args || list_only || filesfrom_host != NULL)
+ if (am_server || old_style_args || list_only || filesfrom_host != NULL)
return;
if (relative_paths) {
cp = strstr(arg, "/./");
@@ -363,11 +364,16 @@ void add_implied_include(const char *arg)
}
if (!found) {
filter_rule *R_rule =
new0(filter_rule);
- R_rule->rflags =
FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0);
+ R_rule->rflags =
FILTRULE_INCLUDE | FILTRULE_DIRECTORY
+ | (saw_wild ?
FILTRULE_WILD : 0);
R_rule->pattern =
strdup(rule->pattern);
R_rule->u.slash_cnt = slash_cnt;
R_rule->next =
implied_filter_list.head;
implied_filter_list.head =
R_rule;
+ if (DEBUG_GTE(FILTER, 3)) {
+ rprintf(FINFO, "[%s]
add_implied_include(%s/)\n",
+ who_am_i(),
rule->pattern);
+ }
}
}
slash_cnt++;
@@ -381,6 +387,8 @@ void add_implied_include(const char *arg)
*p = '\0';
rule->u.slash_cnt = slash_cnt;
arg = (const char *)rule->pattern;
+ if (DEBUG_GTE(FILTER, 3))
+ rprintf(FINFO, "[%s] add_implied_include(%s)\n",
who_am_i(), rule->pattern);
}
if (recurse || xfer_dirs) {
@@ -416,6 +424,8 @@ void add_implied_include(const char *arg)
rule->u.slash_cnt = slash_cnt + 1;
rule->next = implied_filter_list.head;
implied_filter_list.head = rule;
+ if (DEBUG_GTE(FILTER, 3))
+ rprintf(FINFO, "[%s] add_implied_include(%s)\n",
who_am_i(), rule->pattern);
}
}
@@ -833,11 +843,12 @@ static void report_filter_result(enum logcode code, char
const *name,
filter_rule const *ent,
int name_flags, const char *type)
{
+ int log_level = am_sender || am_generator ? 1 : 3;
+
/* If a trailing slash is present to match only directories,
* then it is stripped out by add_rule(). So as a special
-* case we add it back in here. */
-
- if (DEBUG_GTE(FILTER, 1)) {
+* case we add it back in the log output. */
+ if (DEBUG_GTE(FILTER, log_level)) {
static char *actions[2][2]
= { {"show", "hid"}, {"risk", "protect"} };
const char *w = who_am_i();
diff --git a/main.c b/main.c
index 5a7fbdd7..fa263d27 100644
--- a/main.c
+++ b/main.c
@@ -1078,6 +1078,7 @@ static int do_recv(int f_in, int f_out, char *local_name)
}
am_generator = 1;
+ implied_filter_list.head = implied_filter_list.tail = NULL;
flist_receiving_enabled = True;
io_end_multiplex_in(MPLX_SWITCHING);
diff --git a/options.c b/options.c
index 93bdb237..9731a144 100644
--- a/options.c
+++ b/options.c
@@ -293,7 +293,7 @@ static struct output_struct debug_words[COUNT_DEBUG+1] = {
