-# NEWS for rsync 3.2.4 (UNRELEASED)
+# NEWS for rsync 3.2.7 (20 Oct 2022)
+
+## Changes in this version:
+
+### BUG FIXES:
+
+- Fixed the client-side validating of the remote sender's filtering behavior.
+
+- More fixes for the "unrequested file-list name" name, including a copy of
+ "/" with `--relative` enabled and a copy with a lot of related paths with
+ `--relative` enabled (often derived from a `--files-from` list).
+
+- When rsync gets an unpack error on an ACL, mention the filename.
+
+- Avoid over-setting sanitize_paths when a daemon is serving "/" (even if
+ "use chroot" is false).
+
+### ENHANCEMENTS:
+
+- Added negotiated daemon-auth support that allows a stronger checksum digest
+ to be used to validate a user's login to the daemon. Added SHA512, SHA256,
+ and SHA1 digests to MD5 & MD4. These new digests are at the highest priority
+ in the new daemon-auth negotiation list.
+
+- Added support for the SHA1 digest in file checksums. While this tends to be
+ overkill, it is available if someone really needs it. This overly-long
+ checksum is at the lowest priority in the normal checksum negotiation list.
+ See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST`
+ environment var for how to customize this.
+
+- Improved the xattr hash table to use a 64-bit key without slowing down the
+ key's computation. This should make extra sure that a hash collision doesn't
+ happen.
+
+- If the `--version` option is repeated (e.g. `-VV`) then the information is
+ output in a (still readable) JSON format. Client side only.
+
+- The script `support/json-rsync-version` is available to get the JSON style
+ version output from any rsync. The script accepts either text on stdin
+ **or** an arg that specifies an rsync executable to run with a doubled
+ `--version` option. If the text we get isn't already in JSON format, it is
+ converted. Newer rsync versions will provide more complete json info than
+ older rsync versions. Various tweaks are made to keep the flag names
+ consistent across versions.
+
+- The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset"
+ so that rsync can use chroot when it works and a sanitized copy when chroot
+ is not supported (e.g., for a non-root daemon). Explicitly setting the
+ parameter to true or false (on or off) behaves the same way as before.
+
+- The `--fuzzy` option was optimized a bit to try to cut down on the amount of
+ computations when considering a big pool of files. The simple heuristic from
+ Kenneth Finnegan resuled in about a 2x speedup.
+
+- If rsync is forced to use protocol 29 or before (perhaps due to talking to an
+ rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync
+ now interprets this value as an unsigned integer so that a current year past
+ 2038 can continue to be represented. This does mean that years prior to 1970
+ cannot be represented in an older protocol, but this trade-off seems like the
+ right choice given that (1) 2038 is very rapidly approaching, and (2) newer
+ protocols support a much wider range of old and new dates.
+
+- The rsync client now treats an empty destination arg as an error, just like
+ it does for an empty source arg. This doesn't affect a `host:` arg (which is
+ treated the same as `host:.`) since the arg is not completely empty. The use
+ of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the
+ prior behavior of treating an empty destination arg as a ".".
+
+### PACKAGING RELATED:
+
+- The checksum code now uses openssl's EVP methods, which gets rid of various
+ deprecation warnings and makes it easy to support more digest methods. On
+ newer systems, the MD4 digest is marked as legacy in the openssl code, which
+ makes openssl refuse to support it via EVP. You can choose to ignore this
+ and allow rsync's MD4 code to be used for older rsync connections (when
+ talking to an rsync prior to 3.0.0) or you can choose to configure rsync to
+ tell openssl to enable legacy algorithms (see below).
+
+- A simple openssl config file is supplied that can be installed for rsync to
+ use. If you install packaging/openssl-rsync.cnf to a public spot (such as
+ `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option
+ `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the
+ configured path in the OPENSSL_CONF environment variable (when the variable
+ is not already set). This will enable openssl's MD4 code for rsync to use.
+
+- The packager may wish to include an explicit "use chroot = true" in the top
+ section of their supplied /etc/rsyncd.conf file if the daemon is being
+ installed to run as the root user (though rsync should behave the same even
+ with the value unset, a little extra paranoia doesn't hurt).
+
+- I've noticed that some packagers haven't installed support/nameconvert for
+ users to use in their chrooted rsync configs. Even if it is not installed
+ as an executable script (to avoid a python3 dependency) it would be good to
+ install it with the other rsync-related support scripts.
+
+- It would be good to add support/json-rsync-version to the list of installed
+ support scripts.
+
+------------------------------------------------------------------------------
+
+# NEWS for rsync 3.2.6 (9 Sep 2022)
+
+## Changes in this version:
+
+### BUG FIXES:
+
+- More path-cleaning improvements in the file-list validation code to avoid
+ rejecting of valid args.
+
+- A file-list validation fix for a [`--files-from`](rsync.1#opt) file that ends
+ without a line-terminating character.
+
+- Added a safety check that prevents the sender from removing destination files
+ when a local copy using [`--remove-source-files`](rsync.1#opt) has some files
+ that are shared between the sending & receiving hierarchies, including the
+ case where the source dir & destination dir are identical.
+
+- Fixed a bug in the internal MD4 checksum code that could cause the digest
+ to be sporadically incorrect (the openssl version was/is fine).
+
+- A minor tweak to rrsync added "copy-devices" to the list of known args, but
+ left it disabled by default.
+
+### ENHANCEMENTS:
+
+- Rename `--protect-args` to [`--secluded-args`](rsync.1#opt) to make it
+ clearer how it differs from the default backslash-escaped arg-protecting
+ behavior of rsync. The old option names are still accepted. The
+ environment-variable override did not change its name.
+
+### PACKAGING RELATED:
+
+- The configure option `--with-protected-args` was renamed to
+ `--with-secluded-args`. This option makes `--secluded-args` the default
+ rsync behavior instead of using backslash escaping for protecting args.
+
+- The mkgitver script now makes sure that a `.git` dir/file is in the top-level
+ source dir before calling `git describe`. It also runs a basic check on the
+ version value. This should avoid using an unrelated git description for
+ rsync's version.
+
+### DEVELOPER RELATED:
+
+- The configure script no longer sets the -pedantic-errors CFLAG (which it
+ used to try to do only for gcc).
+
+- The name_num_obj struct was modified to allow its dynamic name_num_item list
+ to be initialized in a better way.
+
+------------------------------------------------------------------------------
+
+# NEWS for rsync 3.2.5 (14 Aug 2022)
+
+## Changes in this version:
+
+### SECURITY FIXES:
+
+- Added some file-list safety checking that helps to ensure that a rogue
+ sending rsync can't add unrequested top-level names and/or include recursive
+ names that should have been excluded by the sender. These extra safety
+ checks only require the receiver rsync to be updated. When dealing with an
+ untrusted sending host, it is safest to copy into a dedicated destination
+ directory for the remote content (i.e. don't copy into a destination
+ directory that contains files that aren't from the remote host unless you
+ trust the remote host). Fixes CVE-2022-29154.
+
+ - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).
+
+### BUG FIXES:
+
+- Fixed the handling of filenames specified with backslash-quoted wildcards
+ when the default remote-arg-escaping is enabled.
+
+- Fixed the configure check for signed char that was causing a host that
+ defaults to unsigned characters to generate bogus rolling checksums. This
+ made rsync send mostly literal data for a copy instead of finding matching
+ data in the receiver's basis file (for a file that contains high-bit
+ characters).
+
+- Lots of manpage improvements, including an attempt to better describe how
+ include/exclude filters work.
+
+- If rsync is compiled with an xxhash 0.8 library and then moved to a system
+ with a dynamically linked xxhash 0.7 library, we now detect this and disable
+ the XX3 hashes (since these routines didn't stabilize until 0.8).
+
+### ENHANCEMENTS:
+
+- The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the
+ extra file-list safety checking (should that be required).
+
+### PACKAGING RELATED:
+
+- A note to those wanting to patch older rsync versions: the changes in this
+ release requires the quoted argument change from 3.2.4. Then, you'll want
+ every single code change from 3.2.5 since there is no fluff in this release.
+
+- The build date that goes into the manpages is now based on the developer's
+ release date, not on the build's local-timezone interpretation of the date.
+
+### DEVELOPER RELATED:
+
+- Configure now defaults GETGROUPS_T to gid_t when cross compiling.
+
+- Configure now looks for the bsd/string.h include file in order to fix the
+ build on a host that has strlcpy() in the main libc but not defined in the
+ main string.h file.
+
+------------------------------------------------------------------------------
+
+# NEWS for rsync 3.2.4 (15 Apr 2022)
## Changes in this version:
### BEHAVIOR CHANGES:
- A new form of arg protection was added that works similarly to the older
- [`--protect-args`](rsync.1#opt) (`-s`) option but in a way that avoids
+ `--protect-args` ([`-s`](rsync.1#opt)) option but in a way that avoids
breaking things like rrsync (the restricted rsync script): rsync now uses
backslash escaping for sending "shell-active" characters to the remote
shell. This includes spaces, so fetching a remote file via a simple quoted
If your rsync script depends on the old arg-splitting behavior, either run
it with the [`--old-args`](rsync.1#opt) option or `export RSYNC_OLD_ARGS=1`
in the script's environment. See also the [ADVANCED USAGE](rsync.1#)
- section of rsync's manpage.
+ section of rsync's manpage for how to use a more modern arg style.
- A long-standing bug was preventing rsync from figuring out the current
locale's decimal point character, which made rsync always output numbers
using the "C" locale. Since this is now fixed in 3.2.4, a script that
- parses rsync's decimal numbers (e.g. from the verbose footer) should be sure
- to setup the environment in a way that the output continues to be in the C
+ parses rsync's decimal numbers (e.g. from the verbose footer) may want to
+ setup the environment in a way that the output continues to be in the C
locale. For instance, one of the following should work fine:
```shell
export LC_NUMERIC=C.UTF-8
```
+### SECURITY FIXES:
+
+ - A fix for CVE-2018-25032 in the bundled zlib (memory corruption issue).
+
### BUG FIXES:
- Fixed a bug with [`--inplace`](rsync.1#opt) + [`--sparse`](rsync.1#opt) (and
per-file compression skipping has apparently never worked, so it is now
documented as being ineffective.
+ - Fixed a truncate error when a `--write-devices` copy wrote a file onto a
+ device that was shorter than the device.
+
+ - Made `--write-devices` support both `--checksum` and `--no-whole-file` when
+ copying to a device.
+
- Improved how the [`--stop-at`](rsync.1#opt), [`--stop-after`](rsync.1#opt),
and (the deprecated) [`--time-limit`](rsync.1#opt) options check to see if
the allowed time is over, which should make rsync exit more consistently.
- Silence some chmod warnings about symlinks when it looks like we have a
function to set their permissions but they can't really be set.
+ - Fixed a potential issue in git-set-file-times when handling commits with
+ high-bit characters in the description & when handling a description that
+ might mimic the git raw-commit deliniators. (See the support dir.)
+
+ - The bundled systemd/rsync.service file now includes `Restart=on-failure`.
+
### ENHANCEMENTS:
- Use openssl's `-verify_hostname` option in the rsync-ssl script.
- Added the [`--fsync`](rsync.1#opt) option (promoted from the patches repo).
+ - Added the [`--copy-devices`](rsync.1#opt) option. Compared to the
+ historical version from the rsync-patches repo, this version: properly
+ handles `--checksum`; fixes a truncation bug when doing an `--inplace` copy
+ onto a longer file; fixes several bugs in the `--itemize` output; and only
+ the sending side needs the enhanced rsync for the copy to work.
+
- Reduced memory usage for an incremental transfer that has a bunch of small
directories.
that is being refused due to the Linux fs.protected_regular sysctl setting.
- When [`--chown`](rsync.1#opt), [`--usermap`](rsync.1#opt), or
- [`--groupmap`](rsync.1#opt), is specified, rsync now makes sure that the
+ [`--groupmap`](rsync.1#opt) is specified, rsync now makes sure that the
appropriate [`--owner`](rsync.1#opt) and/or [`--group`](rsync.1#opt) options
are enabled.
- Renamed configure's `--enable-asm` option to `--enable-md5-asm` to avoid
confusion with the asm option for the rolling checksum. It is also honored
even when openssl crypto is in use. This allows: normal MD4 & MD5, normal
- MD4 + asm MD5, openssl MD4 & MD5, or openssl MD4 + asm MD5.
+ MD4 + asm MD5, openssl MD4 & MD5, or openssl MD4 + asm MD5 depending on the
+ configure options selected.
- Made SIMD & asm configure checks default to "no" on non-Linux hosts due to
various reports of problems on NetBSD & macOS hosts. These were also
get warned if a static initialization overflows in the future (among other
things).
+ - When linking with an external zlib, rsync renames its `read_buf()` function
+ to `read_buf_()` to avoid a symbol clash on an unpatched zlib.
+
- Added a SECURITY.md file.
### DEVELOPER RELATED:
| RELEASE DATE | VER. | DATE OF COMMIT\* | PROTOCOL |
|--------------|--------|------------------|-------------|
-| ?? Jan 2022 | 3.2.4 | | 31 |
+| 20 Oct 2022 | 3.2.7 | | 31 |
+| 09 Sep 2022 | 3.2.6 | | 31 |
+| 14 Aug 2022 | 3.2.5 | | 31 |
+| 15 Apr 2022 | 3.2.4 | | 31 |
| 06 Aug 2020 | 3.2.3 | | 31 |
| 04 Jul 2020 | 3.2.2 | | 31 |
| 22 Jun 2020 | 3.2.1 | | 31 |
git.samba.org / rsync.git / blobdiff