-# NEWS for rsync 3.2.5 (UNRELEASED)
+# NEWS for rsync 3.2.7 (UNRELEASED)
+
+## Changes in this version:
+
+### BUG FIXES:
+
+- Fixed the client-side validating of the remote sender's filtering behavior.
+
+- More fixes for the "unrequested file-list name" name, including a copy of
+ "/" with `--relative` enabled and a copy with a lot of related paths with
+ `--relative` enabled (often derived from a `--files-from` list).
+
+- When rsync gets an unpack error on an ACL, mention the filename.
+
+- Avoid over-setting sanitize_paths when a daemon is serving "/" (even if
+ "use chroot" is false).
+
+### ENHANCEMENTS:
+
+- Added negotiated daemon-auth support that allows a stronger checksum digest
+ to be used to validate a user's login to the daemon. Added SHA512, SHA256,
+ and SHA1 digests to MD5 & MD4. These new digests are at the highest priority
+ in the new daemon-auth negotiation list.
+
+- Added support for the SHA1 digest in file checksums. While this tends to be
+ overkill, it is available if someone really needs it. This overly-long
+ checksum is at the lowest priority in the normal checksum negotiation list.
+ See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST`
+ environment var for how to customize this.
+
+- Improved the xattr hash table to use a 64-bit key without slowing down the
+ key's computation. This should make extra sure that a collision doesn't
+ happen.
+
+- If the `--version` option is repeated (e.g. `-VV`) then the information is
+ output in a (still fairly readable) JSON format. Client side only.
+
+- The script `support/json-rsync-version` is available to get the JSON style
+ version output from any rsync. The script accepts either text on stdin
+ **or** an arg that specifies an rsync executable to run with a doubled
+ `--version` option. If the text we get isn't already in JSON format, it is
+ converted. Newer rsync versions will provide more complete json info than
+ older rsync versions.
+
+- The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset"
+ so that rsync can use chroot when it works and a sanitized copy when chroot
+ is not supported (e.g., for a non-root daemon). Explicitly setting the
+ parameter to true or false (on or off) behaves the same way as before.
+
+- The `--fuzzy` option was optimized a bit to try to cut down on the amount of
+ computations when considering a big pool of files. The simple heuristic from
+ Kenneth Finnegan resuled in about a 2x speedup.
+
+- If rsync is forced to use protocol 29 or before (perhaps due to talking to an
+ rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync
+ now interprets this value as an unsigned integer so that a current year past
+ 2038 can continue to be represented. This does mean that years prior to 1970
+ cannot be represented in an older protocol, but this trade-off seems like the
+ right choice given that (1) 2038 is very rapidly approaching, and (2) newer
+ protocols support a much wider range of old and new dates.
+
+- The rsync client now treats an empty destination arg as an error, just like
+ it does for an empty source arg. This doesn't affect a `host:` arg (which is
+ treated the same as `host:.`) since the arg is not completely empty. The use
+ of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the
+ prior behavior of treating an empty destination arg as a ".".
+
+### PACKAGING RELATED:
+
+- The checksum code now uses openssl's EVP methods, which gets rid of various
+ deprecation warnings and makes it easy to support more digest methods. On
+ newer systems, the MD4 digest is marked as legacy in the openssl code, which
+ makes openssl refuse to support it via EVP. You can choose to ignore this
+ and allow rsync's MD4 code to be used for older rsync connections (when
+ talking to an rsync prior to 3.0.0) or you can choose to configure rsync to
+ tell openssl to enable legacy algorithms (see below).
+
+- A simple openssl config file is supplied that can be installed for rsync to
+ use. If you install packaging/openssl-rsync.cnf to a public spot (such as
+ `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option
+ `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the
+ configured path in the OPENSSL_CONF environment variable (when the variable
+ is not already set). This will enable openssl's MD4 code for rsync to use.
+
+- The packager may wish to include an explicit "use chroot = true" in the top
+ section of their supplied /etc/rsyncd.conf file if the daemon is being
+ installed to run as the root user (though rsync should behave the same even
+ with the value unset, a little extra paranoia doesn't hurt).
+
+- I've noticed that some packagers haven't installed support/nameconvert for
+ users to use in their chrooted rsync configs. Even if it is not installed
+ as an executable script (to avoid a python3 dependency) it would be good to
+ install it with the other rsync-related support scripts.
+
+- It would be good to add support/json-rsync-version to the list of installed
+ support scripts.
+
+------------------------------------------------------------------------------
+
+# NEWS for rsync 3.2.6 (9 Sep 2022)
+
+## Changes in this version:
+
+### BUG FIXES:
+
+- More path-cleaning improvements in the file-list validation code to avoid
+ rejecting of valid args.
+
+- A file-list validation fix for a [`--files-from`](rsync.1#opt) file that ends
+ without a line-terminating character.
+
+- Added a safety check that prevents the sender from removing destination files
+ when a local copy using [`--remove-source-files`](rsync.1#opt) has some files
+ that are shared between the sending & receiving hierarchies, including the
+ case where the source dir & destination dir are identical.
+
+- Fixed a bug in the internal MD4 checksum code that could cause the digest
+ to be sporadically incorrect (the openssl version was/is fine).
+
+- A minor tweak to rrsync added "copy-devices" to the list of known args, but
+ left it disabled by default.
+
+### ENHANCEMENTS:
+
+- Rename `--protect-args` to [`--secluded-args`](rsync.1#opt) to make it
+ clearer how it differs from the default backslash-escaped arg-protecting
+ behavior of rsync. The old option names are still accepted. The
+ environment-variable override did not change its name.
+
+### PACKAGING RELATED:
+
+- The configure option `--with-protected-args` was renamed to
+ `--with-secluded-args`. This option makes `--secluded-args` the default
+ rsync behavior instead of using backslash escaping for protecting args.
+
+- The mkgitver script now makes sure that a `.git` dir/file is in the top-level
+ source dir before calling `git describe`. It also runs a basic check on the
+ version value. This should avoid using an unrelated git description for
+ rsync's version.
+
+### DEVELOPER RELATED:
+
+- The configure script no longer sets the -pedantic-errors CFLAG (which it
+ used to try to do only for gcc).
+
+- The name_num_obj struct was modified to allow its dynamic name_num_item list
+ to be initialized in a better way.
+
+------------------------------------------------------------------------------
+
+# NEWS for rsync 3.2.5 (14 Aug 2022)
## Changes in this version:
- Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include recursive
names that should have been excluded by the sender. These extra safety
- checks only require the receiver rsync to be udateed. When dealing with an
+ checks only require the receiver rsync to be updated. When dealing with an
untrusted sending host, it is safest to copy into a dedicated destination
directory for the remote content (i.e. don't copy into a destination
directory that contains files that aren't from the remote host unless you
trust the remote host). Fixes CVE-2022-29154.
+ - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).
+
### BUG FIXES:
+- Fixed the handling of filenames specified with backslash-quoted wildcards
+ when the default remote-arg-escaping is enabled.
+
- Fixed the configure check for signed char that was causing a host that
defaults to unsigned characters to generate bogus rolling checksums. This
made rsync send mostly literal data for a copy instead of finding matching
- data in the receiver's basis file.
+ data in the receiver's basis file (for a file that contains high-bit
+ characters).
-- Lots of manpage improvements, including an attempt to better desdribe how
+- Lots of manpage improvements, including an attempt to better describe how
include/exclude filters work.
+- If rsync is compiled with an xxhash 0.8 library and then moved to a system
+ with a dynamically linked xxhash 0.7 library, we now detect this and disable
+ the XX3 hashes (since these routines didn't stabilize until 0.8).
+
+### ENHANCEMENTS:
+
+- The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the
+ extra file-list safety checking (should that be required).
+
### PACKAGING RELATED:
+- A note to those wanting to patch older rsync versions: the changes in this
+ release requires the quoted argument change from 3.2.4. Then, you'll want
+ every single code change from 3.2.5 since there is no fluff in this release.
+
- The build date that goes into the manpages is now based on the developer's
release date, not on the build's local-timezone interpretation of the date.
### BEHAVIOR CHANGES:
- A new form of arg protection was added that works similarly to the older
- [`--protect-args`](rsync.1#opt) (`-s`) option but in a way that avoids
+ `--protect-args` ([`-s`](rsync.1#opt)) option but in a way that avoids
breaking things like rrsync (the restricted rsync script): rsync now uses
backslash escaping for sending "shell-active" characters to the remote
shell. This includes spaces, so fetching a remote file via a simple quoted
- Fixed a potential issue in git-set-file-times when handling commits with
high-bit characters in the description & when handling a description that
- might mimick the git raw-commit deliniators. (See the support dir.)
+ might mimic the git raw-commit deliniators. (See the support dir.)
- The bundled systemd/rsync.service file now includes `Restart=on-failure`.
| RELEASE DATE | VER. | DATE OF COMMIT\* | PROTOCOL |
|--------------|--------|------------------|-------------|
-| ?? Aug 2022 | 3.2.5 | | 31 |
+| ?? Dec 2022 | 3.2.7 | | 31 |
+| 09 Sep 2022 | 3.2.6 | | 31 |
+| 14 Aug 2022 | 3.2.5 | | 31 |
| 15 Apr 2022 | 3.2.4 | | 31 |
| 06 Aug 2020 | 3.2.3 | | 31 |
| 04 Jul 2020 | 3.2.2 | | 31 |