-<!-- $Header$ -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+<TITLE>rsync</TITLE>
+<style>
+.security { color: red; }
+h3 { margin-bottom: 0px; }
+.date { color: #D25A0B; }
+</style>
+</HEAD>
<!--#include virtual="header.html" -->
<H2 align="center">Welcome to the rsync web pages</H2>
rsync is an <A HREF="http://www.opensource.org/">open source</A>
utility that provides fast incremental file transfer. rsync is freely
available under the <A HREF="GPL.html">GNU General Public
-License version 2</A>
+License</A> and is currently being maintained by
+<a href="http://opencoder.net/">Wayne Davison</a>.
+
+<p><i>If you are (1) running a writable rsync daemon of <b>any</b>
+version or (2) using a version of rsync older than 2.6.6, see the
+<a href="security.html" class=security>rsync security advisory page</a>.</i>
+
+<!--
+
+<p><hr>
+<h3>The latest development version</h3>
+
+<p>If you're curious about the changes going into the next version of rsync,
+you can view the <a href="/ftp/unpacked/rsync/NEWS">NEWS file from the source
+repository</a> to see a summary of the current changes. Also available are the
+<a href="/ftp/rsync/nightly/rsync.html">repository's rsync manpage</a> and the
+<a href="/ftp/rsync/nightly/rsyncd.conf.html">repository's rsyncd.conf
+manpage</a>. See the <a href="/download.html">download page</a> for more info
+on grabbing the development version.
+
+-->
+
+<p><hr>
+<h3>Rsync 3.0.1pre1 available for release testing</h3>
+<i class=date>March 24th, 2008</i>
+
+<p>Rsync version 3.0.1pre1 is now available for release testing. This is a
+bug-fix release, which also includes fixes/improvements for several issues in
+the daemon-exclude code.
+
+<p>Please test this new release and send email to the rsync mailing list with
+any questions, comments, or bug reports.
+
+<p>You can read all about the latest improvements and bug-fixes in the
+<a href="/ftp/rsync/src-previews/rsync-3.0.1pre1-NEWS">NEWS file</a>.
+The pre-release version of the manpages are also available for both
+<a href="/ftp/rsync/rsync.html">rsync</a> and
+<a href="/ftp/rsync/rsyncd.conf.html">rsyncd.conf</a>.
+
+<p>The source tar is available here:
+<b><a href="/ftp/rsync/src-previews/rsync-3.0.1pre1.tar.gz">rsync-3.0.1pre1.tar.gz</a>
+(<a href="/ftp/rsync/src-previews/rsync-3.0.1pre1.tar.gz.asc">signature</a>),</b>
+with a tar file of the "patches" directory now released in a separate file:
+<b><a href="/ftp/rsync/src-previews/rsync-patches-3.0.1pre1.tar.gz">rsync-patches-3.0.1pre1.tar.gz</a>
+(<a href="/ftp/rsync/src-previews/rsync-patches-3.0.1pre1.tar.gz.asc">signature</a>),</b>
+and the diffs from version 3.0.0 are available here:
+<b><a href="/ftp/rsync/src-previews/rsync-3.0.0-3.0.1pre1.diffs.gz">rsync-3.0.0-3.0.1pre1.diffs.gz</a>
+(<a href="/ftp/rsync/src-previews/rsync-3.0.0-3.0.1pre1.diffs.gz.asc">signature</a>)</b>.
+
+<p><hr>
+<h3>Rsync version 3.0.0 released</h3>
+<i class=date>March 1st, 2008</i>
+
+<p>Rsync version 3.0.0 is finally here! This is a feature release that
+also includes quite a few bug fixes.
+
+<p>The 3.0.0 version number is such a large bump up from 2.6.9 due to the
+addition of an
+incremental recursion scan (which helps a lot with large transfers) and the
+official arrival of several other new features, including ACL support, extended
+attribute support, filename character-set conversion, etc.
+
+<p>You can read all about the latest improvements and bug-fixes in the
+<a href="/ftp/rsync/src/rsync-3.0.0-NEWS">release NEWS</a>.
+
+The latest version of each manpage is also available:
+<a href="/ftp/rsync/rsync.html">rsync</a> and
+<a href="/ftp/rsync/rsyncd.conf.html">rsyncd.conf</a>.
+
+<p>The source tar is available here:
+<b><a href="/ftp/rsync/src/rsync-3.0.0.tar.gz">rsync-3.0.0.tar.gz</a>
+(<a href="/ftp/rsync/src/rsync-3.0.0.tar.gz.asc">signature</a>),</b>
+with a tar file of the "patches" directory now released in a separate file:
+<b><a href="/ftp/rsync/src/rsync-patches-3.0.0.tar.gz">rsync-patches-3.0.0.tar.gz</a>
+(<a href="/ftp/rsync/src/rsync-patches-3.0.0.tar.gz.asc">signature</a>),</b>
+and the diffs from version 2.6.9 are available here:
+<b><a href="/ftp/rsync/src-diffs/rsync-2.6.9-3.0.0.diffs.gz">rsync-2.6.9-3.0.0.diffs.gz</a>
+(<a href="/ftp/rsync/src-diffs/rsync-2.6.9-3.0.0.diffs.gz.asc">signature</a>)</b>.
+
+<p><hr>
+<h3>Rsync version 2.6.9 released</h3>
+<i class=date>November 6th, 2006</i>
+
+<p>Rsync version 2.6.9 has been released. This is primarily a bug-fix
+release with a few minor new features.
+
+<p>See the <a href="/ftp/rsync/src/rsync-2.6.9-NEWS">release NEWS</a>
+for the details of what changed since 2.6.8.
+
+<p><hr>
+<h3>Rsync version 2.6.8 released</h3>
+<i class=date>April 22th, 2006</i>
+
+<p>Rsync version 2.6.8 has been released. This is a bug-fix release that
+primarily addresses an exclude problem that affected the --relative option,
+but also includes a <a href="security.html#s2_6_8" class=security>security fix</a> for
+the xattrs.diff patch (which is not an
+official part of rsync, but some packagers include it in their release).
+
+<p>See the <a href="/ftp/rsync/src/rsync-2.6.8-NEWS">release NEWS</a>
+for the details of what changed since 2.6.7.
+
+<p><hr>
+<h3>Rsync 2.6.7 released</h3>
+<i class=date>March 11th, 2006</i>
+
+<p>Rsync version 2.6.7 has been released. This release has both several new
+features and the usual accompaniment of bug fixes.
+
+<p>See the <a href="/ftp/rsync/src/rsync-2.6.7-NEWS">release NEWS</a>
+for the details of what changed since 2.6.6.
+
+<p><hr>
+<h3>Rsync 2.6.6 released</h3>
+<i class=date>July 28th, 2005</i>
+
+<p>Rsync version 2.6.6 has been released. This release is a bug-fix release
+which contains a <a href="security.html#s2_6_6" class=security>security fix</a>
+to handle a null-pointer bug that turned up in rsync's version of zlib
+1.1.4 (this is not the recent zlib 1.2.2 security fix, which did not
+affect rsync) and to squash a few other minor bugs. To deal with the
+zlib issue, rsync has been upgraded to include zlib 1.2.3.
+
+<p>See the <a href="/ftp/rsync/src/rsync-2.6.6-NEWS">release NEWS</a>
+for the details of what changed since 2.6.5.
+
+<p><hr>
+<h3>Rsync 2.6.5 released</h3>
+<i class=date>June 1st, 2005</i>
+
+<p>Rsync version 2.6.5 has been released. This release is primarily a bug-fix
+release to squash some annoying problems that made it into the (feature-filled)
+release of 2.6.4, plus a few minor enhancements.
+
+<p>See the <a href="/ftp/rsync/src/rsync-2.6.5-NEWS">release NEWS</a>
+for the details of what changed since 2.6.4.
+
+<p><hr>
+<h3>Rsync 2.6.4 released</h3>
+<i class=date>March 30th, 2005</i>
+
+<p>Rsync version 2.6.4 has been released. This release combines quite a
+few new features, some improved delete efficiency, and the usual array of
+bug fixes.
+
+<p>See the <a href="/ftp/rsync/src/rsync-2.6.4-NEWS">release NEWS</a>
+for the details of what changed since 2.6.3.
+
+<p><hr>
+<h3>Rsync 2.6.3 released</h3>
+<i class=date>September 30th, 2004</i>
+
+<p>Rsync version 2.6.3 has been released. It contains several new features
+and quite a few bug fixes, including a <a href="security.html#s2_6_3" class=security>security
+fix</a> for a patch-sanitizing bug in the daemon code.
+
+<p>See the <a href="/ftp/rsync/src/rsync-2.6.3-NEWS">release NEWS</a> for the
+details of what changed since 2.6.2.
+
+<p><hr>
+<h3>Rsync 2.6.2 released</h3>
+<i class=date>April 30th, 2004</i>
+
+<p>Rsync version 2.6.2 has been released. It is a bugfix release that mainly
+fixes <b>a bug with the --relative option (-R) in 2.6.1</b>
+that could cause files to be transferred incorrectly. This only affected a
+source right at the root of the filesystem, such as "/" or "/*" (if you
+first "cd /" and then copy from ".", it would not tickle the bug).
+
+<p>See the <a href="/ftp/rsync/src/rsync-2.6.2-NEWS">release NEWS</a> for the
+details of what else was fixed.
+
+<p><hr>
+<h3>Rsync 2.6.1 released</h3>
+<i class=date>April 26th, 2004</i>
+
+<p>Rsync version 2.6.1 has been released. It is primarily a performance
+release that requires less memory to run, makes fewer write calls to the socket
+(lowering the system CPU time), does less string copying (lowering the user CPU
+time), and also reduces the amount of data that is transmitted over the wire.
+There have also been quite a few bug fixes, including a
+<a href="security.html#s2_6_1" class=security>security fix</a> for a daemon problem when chroot
+is not enabled. See the
+<a href="/ftp/rsync/src/rsync-2.6.1-NEWS">release NEWS</a> for the full
+details.
-<h3>rsync 2.5.6 security advisory</h3>
+<p><hr>
+<h3>One Cygwin hang-problem resolved</h3>
-<p>December 4th 2003
+<p>The problem with rsync hanging at the end of the transfer on
+<a href="http://www.cygwin.com/">Cygwin</a> had been previously traced to a
+signal-handling bug in their compatibility DLL. This bug appears to now be
+fixed in DLL version 1.5.7-1, and Cygwin users are reporting that upgrading the
+DLL removes the hang-at-end-of-transfer problem for their existing rsync executable.
+(Note that this doesn't solve a hang that some folks see in the middle of a
+transfer -- using daemon mode instead of ssh can work around that one.)
+<p><hr>
+<h3>Rsync 2.6.0 released</h3>
+<i class=date>January 1st, 2004</i>
-<h4>Background</h4>
+<P> Two important things to note in the new release:
-<p>The rsync team has received evidence that a vulnerability in rsync was
-recently used in combination with a Linux kernel vulnerability to
-compromise the security of a public rsync server. While the forensic
-evidence we have is incomplete, we have pieced together the most
-likely way that this attack was conducted and we are releasing this
-advisory as a result of our investigations to date.
-
-<p>
-Our conclusions are that:
-
-<ul>
-
-<li>rsync version 2.5.6 and earlier contains a heap overflow vulnerability that can
- be used to remotely run arbitrary code.
-
-<li>While this heap overflow vulnerability could not be used by itself
- to obtain root access on a rsync server, it could be used in
- combination with the recently announced brk vulnerability in the
- Linux kernel to produce a full remote compromise.
-
-<li>The server that was compromised was using a non-default rsyncd.conf
- option <tt>"use chroot = no"</tt>. The use of this option made the attack on
- the compromised server considerably easier. A successful attack is
- almost certainly still possible without this option, but it would
- be much more difficult.
-</ul>
+<ol>
-<p>
-Please note that this vulnerability only affects the use of rsync as a
-"rsync server". To see if you are running a rsync server you should
-use the netstat command to see if you are listening on TCP port
-873. If you are not listening on TCP port 873 then you are not running
-a rsync server.
+<li>The default remote shell is now "ssh" unless you tell configure you want to
+make something else the default.
-<h4>New rsync release</h4>
+<li>Some bug fixes in the include/exclude code, while making things work
+properly, have resulted in some user-visible changes for certain wildcard
+strings. Read the BUG FIXES section in the
+<a href="/ftp/rsync/src/rsync-2.6.0-NEWS">NEWS file</a> to see if
+any of these changes apply to you.
+(Most people should be unaffected.)
-<p>
-In response we have released a new version of rsync, version
-2.5.7. This is based on the current stable 2.5.6 release with only the
-changes necessary to prevent this heap overflow vulnerability. There
-are no new features in this release.
-<p>
-We recommend that anyone running a rsync server take the following
-steps:
-<ol>
-<li>
- Update to rsync version 2.5.7 immediately.
-<li>
- If you are running a Linux kernel prior to version 2.4.23 then
- you should upgrade your kernel immediately. Note that some
- distribution vendors may have patched versions of the 2.4.x
- series kernel that fix the brk vulnerability in versions before
- 2.4.23. Check with your vendor security site to ensure that you
- are not vulnerable to the <tt>brk</tt> problem.
-<li>
- Review your <tt>/etc/rsyncd.conf</tt> configuration file. If you are
- using the option <tt>"use chroot = no"</tt> then remove that line or
- change it to <tt>"use chroot = yes"</tt>. If you find that you need that
- option for your rsync service then you should disable your rsync
- service until you have discussed a workaround with the rsync
- maintainers on the rsync mailing list. The disabling of the
- chroot option should not be needed for any normal rsync server.
</ol>
-<p>The patches and full source for rsync version 2.5.7 are available from
-<a href="http://rsync.samba.org/">http://rsync.samba.org/</a> and mirror sites. We expect that vendors will
-produce updated packages for their distributions shortly.
-
-<h4>Credits</h4>
-
-<p>
-The rsync team would like to thank the following individuals for their
-assistance in investigating this vulnerability and producing this
-response:
-<ul>
-
-<li>Timo Sirainen <tss.iki.fi>
-<li>Mike Warfield <mhw.wittsend.com>
-<li>Paul Russell <rusty.samba.org>
-<li>Andrea Barisani <lcars.gentoo.org>
-</ul>
-
-<p>
-The Common Vulnerabilities and Exposures project (cve.mitre.org) has
-assigned the name
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0962">CAN-2003-0962</a>
-to this issue.
-
-<p>
-Regards,
-<p>
-The rsync team
-
-<p>Download: <b>
-<a href="http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz">rsync-2.5.7.tar.gz</a>
-(<a href="http://samba.org/ftp/rsync/rsync-2.5.7.tar.gz.sig">signature</a>),
-<a href="http://samba.org/ftp/rsync/rsync-2.5.6-2.5.7.diff.gz">rsync-2.5.6-2.5.7.diff.gz</a>
-(<a href="http://samba.org/ftp/rsync/rsync-2.5.6-2.5.7.diff.gz.sig">signature</a>)</b>.
-
+<p>One other item of note is that the oft-requested option "--files-from" is now
+available. This option lets you specify a list of files to transfer, and can
+be much more efficient than a recursive descent using include/exclude
+statements (if you know in advance what files you want to transfer). The list
+of files can come from either side of the connection, so it is possible for a
+server to provide the file-list that lets someone grab a server-specified set of
+files, for example. See the <a href="/ftp/rsync/rsync.html">rsync man page</a>
+for more details.
+
+<p>For a full list of changes in version 2.6.0, see the
+<a href="/ftp/rsync/src/rsync-2.6.0-NEWS">release NEWS</a>.
<!--#include virtual="footer.html" -->
git.samba.org / rsync-web.git / blobdiff