-<!-- $Header$ -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+<TITLE>rsync</TITLE>
+</HEAD>
<!--#include virtual="header.html" -->
<H2 align="center">Welcome to the rsync web pages</H2>
available under the <A HREF="GPL.html">GNU General Public
License version 2</A>
-<p><b>** If you're using a version prior to 2.5.7, please see the
-<a href="#security">security advisory</a> below! **</b>
+<p><i>(If you're using a version of rsync older than 2.6.3, see below for some security advisories.)</i>
-<h3>Rsync 2.6.0 released</h3>
-
-<p>January 1st, 2004
-
-<P> Two important things to note in the new release:
-
-<ol>
-
-<li>The default remote shell is now "ssh" unless you tell configure you want to
-make something else the default.
-
-<li>Some bug fixes in the include/exclude code, while making things work
-properly, have resulted in some user-visible changes for certain wildcard
-strings. Read the BUG FIXES below to see if any of these changes apply to you.
-(Most people should be unaffected.)
-
-</ol>
-
-<p>One other item of note is that the oft-requested option "--files-from" is now
-available. This option lets you specify a list of files to transfer, and can
-be much more efficient than a recursive descent using include/exclude
-statements (if you know in advance what files you want to transfer). The list
-of files can come from either side of the connection, so it is possible for a
-server to provide the file-list that lets someone grab a server-specified set of
-files, for example. See the <a href="/ftp/rsync/rsync.html">rsync man page</a>
-for more details.
-
-<h3> Changes since 2.5.7:</h3>
-
-<p>Version 2.6.0 bumped the protocol version to 27 (from 26).
+<h3>Rsync 2.6.6pre1 released</h3>
-<h4>ENHANCEMENTS:</h4>
+<p><i style="color:#777777">July 7th, 2005</i>
-<ul>
+<p>Rsync version 2.6.6pre1 has been released. This release is a preliminary
+release for trying out a zlib upgrade to version 1.2.2 plus a security fix for
+the latest security problem found in zlib. I had originally thought that this
+release was needed to fix a security problem in the zlib included in rsync, but
+it turns out that zlib 1.1.4 (which is used in 2.6.5 and earlier) is not affected
+by this latest zlib security problem.
-<li><p> <b>"ssh" is now the default remote shell for rsync.</b> If you want to
-change this, configure like this: <tt>"./configure --with-rsh=rsh"</tt>.
+<p>If you'd like to read about all the fixes that are in 2.6.6pre1, read the
+<a href="http://rsync.samba.org/ftp/rsync/preview/NEWS">NEWS file</a>.
-<li><p> Added --files-from, --no-relative, --no-implied-dirs, and --from0. Note
-that --from0 affects the line-ending character for all the files read by the
---*-from options. (Wayne Davison)
+<p>You can download the pre-release version either as a tar file:
+<b><a href="/ftp/rsync/preview/rsync-2.6.6pre1.tar.gz">rsync-2.6.6pre1.tar.gz</a>
+(<a href="/ftp/rsync/preview/rsync-2.6.6pre1.tar.gz.asc">signature</a>),
+</b>or a set of diffs based on 2.6.5:<b>
+<a href="/ftp/rsync/preview/rsync-2.6.5-2.6.6pre1.diffs.gz">rsync-2.6.5-2.6.6pre1.diffs.gz</a>
+(<a href="/ftp/rsync/preview/rsync-2.6.5-2.6.6pre1.diffs.gz.asc">signature</a>)</b>.
-<li><p> Length of csum2 is now per-file starting with protocol version 27. (J.W.
-Schultz)
+<h3>Rsync 2.6.5 released</h3>
-<li><p> Per-file dynamic block size is now sqrt(file length). The per-file
-checksum size is determined according to an algorithm provided by Donovan
-Baarda which reduces the probability of rsync algorithm corrupting data and
-falling back using the whole md4 checksums. (J.W. Schultz, Donovan Baarda)
+<p><i style="color:#777777">June 1st, 2005</i>
-<li><p> The --stats option no longer includes the (debug) malloc summary unless
-the verbose option was specified at least twice.
+<p>Rsync version 2.6.5 has been released. This release is primarily a bug-fix
+release to squash some annoying problems that made it into the (feature-filled)
+release of 2.6.4, plus a few minor enhancements.
-<li><p> Added a new error/warning code for when files vanish from the sending
-side. Made vanished source files not interfere with the file-deletion pass
-when --delete-after was specified.
+<p>See the <a href="/ftp/rsync/NEWS">release NEWS</a> for the
+details of what changed since 2.6.4, and the
+<a href="/ftp/rsync/OLDNEWS">OLDNEWS file</a> for details of what changed
+in prior versions. You can also read the man pages for
+<a href="http://rsync.samba.org/ftp/rsync/rsync.html">rsync</a> and
+<a href="http://rsync.samba.org/ftp/rsync/rsyncd.conf.html">rsyncd.conf</a>.
-<li><p> Various trailing-info sections are now preceded by a newline.
+<p>See the <a href="download.html">download page</a> for all the ways
+to grab the new version, or snag one of these:
+<b><a href="/ftp/rsync/rsync-2.6.5.tar.gz">rsync-2.6.5.tar.gz</a>
+(<a href="/ftp/rsync/rsync-2.6.5.tar.gz.asc">signature</a>),
+<a href="/ftp/rsync/rsync-2.6.4-2.6.5.diffs.gz">rsync-2.6.4-2.6.5.diffs.gz</a>
+(<a href="/ftp/rsync/rsync-2.6.4-2.6.5.diffs.gz.asc">signature</a>)</b>.
+Note that the diffs do not contain updates for the "patches" dir -- grab the tar
+file if you want the full release.
-</ul>
-<h4>BUG FIXES:</h4>
+<h3>Rsync 2.6.4 released</h3>
-<ul>
+<p><i style="color:#777777">March 30th, 2005</i>
-<li><p> <b>Fixed several exclude/include matching bugs when using wild-cards.
-This has a several user-visible effects, all of which make the matching more
-consistent and intuitive.</b> This should hopefully not cause anyone problems
-since it makes the matching work more like what people are expecting.
-(Wayne Davison) <i>User-visible changes are as follows:</i>
+<p>Rsync version 2.6.4 has been released. This release combines quite a
+few new features, some improved delete efficiency, and the usual array of
+bug fixes.
- <ul>
+<p>See the <a href="/ftp/rsync/old-versions/rsync-2.6.4-NEWS">release NEWS</a> for the
+details of what changed since 2.6.3.
- <li><p> A pattern with a "**" no longer causes a "*" to match slashes. For
- example, with "/*/foo/**", "foo" must be 2 levels deep. <i>[If your string
- has <b>BOTH</b> "*" and "**" wildcards, changing the "*" wildcards to "**"
- will provide the old behavior in all versions (if that's really what you want).]</i>
- <li><p> "**/foo" now matches at the base of the transfer (like /foo does).
- <i>[Use "/**/foo" to get the old behavior in all versions.]</i>
+<h3>Rsync 2.6.3 released</h3>
- <li><p> A non-anchored wildcard term floats to match beyond the base of the
- transfer. E.g. "CVS/R*" matches at the end of the path, just like the
- non-wildcard term "CVS/Root" does. <i>[Use "/CVS/R*" to get the old behavior
- in all versions.]</i>
+<p><i style="color:#777777">September 30th, 2004</i>
- <li><p> Including a "**" in the match term causes it to be matched against the
- entire path, not just the name portion, even if there aren't any interior
- slashes in the term. E.g. "foo**bar" will exclude "/path/foo-bar" (just
- like before) as well as "/foo-path/baz-bar" (unlike before). <i>[Use "foo*bar"
- to get the old behavior in all versions.]</i>
+<p>Rsync version 2.6.3 has been released. It contains several new features
+and quite a few bug fixes.
- </ul>
+<p>See the <a href="/ftp/rsync/old-versions/rsync-2.6.3-NEWS">release NEWS</a> for the
+details of what changed since 2.6.2.
-<li><p> The exclude list specified in the daemon's config file is now properly
-applied to the pulled items no matter how deep the user's file-args are in the
-source tree. (Wayne Davison)
-<li><p> For protocol version >= 27, mdfour_tail() is called when the block size
-(including checksum_seed) is a multiple of 64. Previously it was not called,
-giving the wrong MD4 checksum. (Craig Barratt)
+<a name="security_aug04"></a>
+<h3 style="color:red">August 2004 Security Advisory</h3>
-<li><p> For protocol version >= 27, a 64 bit bit counter is used in mdfour.c as
-required by the RFC. Previously only a 32 bit bit counter was used, causing
-incorrect MD4 file checksums for file sizes >= 512MB - 4. (Craig Barratt)
+<p><i style="color:#777777">August 12th, 2004</i>
-<li><p> Fixed a crash bug when interacting with older rsync versions and multiple
-files of the same name are destined for the same dir. (Wayne Davison)
+<p>There is a path-sanitizing bug that affects daemon-mode in
+rsync versions through version 2.6.2, but only if chroot is disabled. It
+does NOT affect the normal send/receive filenames that specify what
+files should be transferred (this is because these names happen to get
+sanitized twice, and thus the second call removes any lingering leading
+slash(es) that the first call left behind). It does affect certain
+option paths that cause auxilliary files to be read or written.
-<li><p> Keep tmp names from overflowing MAXPATHLEN.
+<p>This bug was fixed in version 2.6.3 of rsync.
-<li><p> Make --link-dest honor the absence of -p, -o, and -g.
+<p>One potential fix that doesn't require recompiling rsync is to set
+"use chroot = true" for all the modules in the rsyncd.conf file.
-<li><p> Made rsync treat a trailing slash in the destination in a more consistent
-manner.
-<li><p> Fixed file I/O error detection. (John Van Essen)
+<h3>Rsync 2.6.2 released</h3>
-<li><p> Fixed bogus "malformed address {hostname}" message in rsyncd log when
-checking IP address against hostnames from "hosts allow" and "hosts deny"
-parameters in config file.
+<p><i style="color:#777777">April 30th, 2004</i>
-<li><p> Print heap statistics when verbose >= 2 instead of when >= 1.
+<p>Rsync version 2.6.2 has been released. It is a bugfix release that mainly
+fixes <b>a bug with the --relative option (-R) in 2.6.1</b>
+that could cause files to be transferred incorrectly. This only affected a
+source right at the root of the filesystem, such as "/" or "/*" (if you
+first "cd /" and then copy from ".", it would not tickle the bug).
-<li><p> Fixed a compression (-z) bug when syncing a mostly-matching file that
-contains already-compressed data. (Yasuoka Masahiko and Wayne Davison)
+<p>See the <a href="/ftp/rsync/old-versions/rsync-2.6.2-NEWS">release NEWS</a> for the
+details of what else was fixed.
-<li><p> Fixed a bug in the --backup code that could cause deleted files to not get
-backed up.
-<li><p> When the backup code makes new directories, create them with mode 0700
-instead of 0755 (since the directory permissions in the backup tree are not yet
-copied from the main tree).
+<h3>Rsync 2.6.1 released</h3>
-<li><p> Call setgroups() in a more portable manner.
+<p><i style="color:#777777">April 26th, 2004</i>
-<li><p> Improved file-related error messages to better indicate exactly what
-pathname failed. (Wayne Davison)
+<p>Rsync version 2.6.1 has been released. It is primarily a performance
+release that requires less memory to run, makes fewer write calls to the socket
+(lowering the system CPU time), does less string copying (lowering the user CPU
+time), and also reduces the amount of data that is transmitted over the wire.
+There have also been quite a few bug fixes. See the
+<a href="/ftp/rsync/old-versions/rsync-2.6.1-NEWS">release NEWS</a> for the full
+details.
-<li><p> Fixed some bugs in the handling of --delete and --exclude when using the
---relative (-R) option. (Wayne Davison)
-<li><p> Fixed bug that prevented regular files from replacing special files and
-caused a directory in --link-dest or --compare-dest to block the creation of a
-file with the same path. A directory still cannot be replaced by a regular
-file unless --delete specified. (J.W. Schultz)
+<a name="security_apr04"></a>
+<h3 style="color:red">April 2004 Security Advisory</h3>
-<li><p> Detect and report when open or opendir succeed but read and readdir fail
-caused by network filesystem issues and truncated files. (David Norwood,
-Michael Brown, J.W. Schultz)
+<p><i style="color:#777777">April 26th, 2004</i>
-<li><p> Added a fix that should give ssh time to restore the tty settings if the
-user presses Ctrl-C at an ssh password prompt.
+<p>There is a security problem in all versions prior to 2.6.1 that affects only
+people running a read/write daemon WITHOUT using chroot. If the user privs
+that such an rsync daemon is using is anything above "nobody", you are at risk
+of someone crafting an attack that could write a file outside of the module's
+"path" setting (where all its files should be stored). Please either enable
+chroot or upgrade to 2.6.1. People not running a daemon, running a read-only
+daemon, or running a chrooted daemon are totally unaffected.
-</ul>
-<h4>INTERNAL:</h4>
+<h3>One Cygwin hang-problem resolved</h3>
-<ul>
+<p>The problem with rsync hanging at the end of the transfer on
+<a href="http://www.cygwin.com/">Cygwin</a> had been previously traced to a
+signal-handling bug in their compatibility DLL. This bug appears to now be
+fixed in DLL version 1.5.7-1, and Cygwin users are reporting that upgrading the
+DLL removes the hang-at-end-of-transfer problem for their existing rsync executable.
+(Note that this doesn't solve a hang that some folks see in the middle of a
+transfer -- using daemon mode instead of ssh can work around that one.)
-<li><p> Eliminated vestigial support for old versions that we stopped supporting.
-(J.W. Schultz)
-<li><p> Simplified some of the option-parsing code. (Wayne Davison)
-
-<li><p> Some cleanup made to the exclude code, as well as some new defines added
-to enhance readability. (Wayne Davison)
-
-<li><p> Changed the protocol-version code so that it can interact at a lower
-protocol level than the maximum supported by both sides. Added an undocumented
-option, --protocol=N, to force the value we advertise to the other side
-(primarily for testing purposes). (Wayne Davison)
-
-</ul>
-
-<p>Download: <b>
-<a href="http://samba.org/ftp/rsync/rsync-2.6.0.tar.gz">rsync-2.6.0.tar.gz</a>
-(<a href="http://samba.org/ftp/rsync/rsync-2.6.0.tar.gz.sig">signature</a>),
-<a href="http://samba.org/ftp/rsync/rsync-2.5.7-2.6.0.diffs.gz">rsync-2.5.7-2.6.0.diffs.gz</a>
-(<a href="http://samba.org/ftp/rsync/rsync-2.5.7-2.6.0.diffs.gz.sig">signature</a>)</b>.
-
-
-<a name="security"></a>
-<h3>rsync 2.5.6 security advisory</h3>
+<a name="two_six"></a>
+<h3>Rsync 2.6.0 released</h3>
-<p>December 4th, 2003
+<p><i style="color:#777777">January 1st, 2004</i>
-<h4>Background</h4>
+<P> Two important things to note in the new release:
-<p>The rsync team has received evidence that a vulnerability in rsync was
-recently used in combination with a Linux kernel vulnerability to
-compromise the security of a public rsync server. While the forensic
-evidence we have is incomplete, we have pieced together the most
-likely way that this attack was conducted and we are releasing this
-advisory as a result of our investigations to date.
+<ol>
-<p>
-Our conclusions are that:
+<li>The default remote shell is now "ssh" unless you tell configure you want to
+make something else the default.
-<ul>
+<li>Some bug fixes in the include/exclude code, while making things work
+properly, have resulted in some user-visible changes for certain wildcard
+strings. Read the BUG FIXES section in the
+<a href="/ftp/rsync/old-versions/rsync-2.6.0-NEWS">NEWS file</a> to see if
+any of these changes apply to you.
+(Most people should be unaffected.)
-<li>rsync version 2.5.6 and earlier contains a heap overflow vulnerability that can
- be used to remotely run arbitrary code.
+</ol>
-<li>While this heap overflow vulnerability could not be used by itself
- to obtain root access on a rsync server, it could be used in
- combination with the recently announced brk vulnerability in the
- Linux kernel to produce a full remote compromise.
+<p>One other item of note is that the oft-requested option "--files-from" is now
+available. This option lets you specify a list of files to transfer, and can
+be much more efficient than a recursive descent using include/exclude
+statements (if you know in advance what files you want to transfer). The list
+of files can come from either side of the connection, so it is possible for a
+server to provide the file-list that lets someone grab a server-specified set of
+files, for example. See the <a href="/ftp/rsync/rsync.html">rsync man page</a>
+for more details.
-<li>The server that was compromised was using a non-default rsyncd.conf
- option <tt>"use chroot = no"</tt>. The use of this option made the attack on
- the compromised server considerably easier. A successful attack is
- almost certainly still possible without this option, but it would
- be much more difficult.
-</ul>
+<p>For a full list of changes in version 2.6.0, see the
+<a href="/ftp/rsync/old-versions/rsync-2.6.0-NEWS">release NEWS</a>.
-<p>
-Please note that this vulnerability only affects the use of rsync as a
-"rsync server". To see if you are running a rsync server you should
-use the netstat command to see if you are listening on TCP port
-873. If you are not listening on TCP port 873 then you are not running
-a rsync server.
+<a name="security_dec03"></a>
+<h3 style="color:red">December 2003 Security Advisory</h3>
-<h4>New rsync release</h4>
+<p><i style="color:#777777">December 4th, 2003</i>
-<p>
-In response we have released a new version of rsync, version
-2.5.7. This is based on the current stable 2.5.6 release with only the
-changes necessary to prevent this heap overflow vulnerability. There
-are no new features in this release.
-<p>
-We recommend that anyone running a rsync server take the following
-steps:
-<ol>
-<li>
- Update to (at least) rsync version 2.5.7 immediately.
-<li>
- If you are running a Linux kernel prior to version 2.4.23 then
- you should upgrade your kernel immediately. Note that some
- distribution vendors may have patched versions of the 2.4.x
- series kernel that fix the brk vulnerability in versions before
- 2.4.23. Check with your vendor security site to ensure that you
- are not vulnerable to the <tt>brk</tt> problem.
-<li>
- Review your <tt>/etc/rsyncd.conf</tt> configuration file. If you are
- using the option <tt>"use chroot = no"</tt> then remove that line or
- change it to <tt>"use chroot = yes"</tt>. If you find that you need that
- option for your rsync service then you should disable your rsync
- service until you have discussed a workaround with the rsync
- maintainers on the rsync mailing list. The disabling of the
- chroot option should not be needed for any normal rsync server.
-</ol>
+<p>Rsync version 2.5.6 and earlier contains a heap overflow vulnerability that
+could be used to remotely run arbitrary code, but this only affects the use of
+rsync as an "rsync daemon" (where rsync handles incoming socket connections,
+typically on port 873).
-<p>The patches and full source for rsync version 2.5.7 are available from
-<a href="http://rsync.samba.org/">http://rsync.samba.org/</a> and mirror sites. We expect that vendors will
-produce updated packages for their distributions shortly.
-
-<h4>Credits</h4>
-
-<p>
-The rsync team would like to thank the following individuals for their
-assistance in investigating this vulnerability and producing this
-response:
-<ul>
-
-<li>Timo Sirainen <tss.iki.fi>
-<li>Mike Warfield <mhw.wittsend.com>
-<li>Paul Russell <rusty.samba.org>
-<li>Andrea Barisani <lcars.gentoo.org>
-</ul>
-
-<p>
-The Common Vulnerabilities and Exposures project (cve.mitre.org) has
-assigned the name
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0962">CAN-2003-0962</a>
-to this issue.
-
-<p>
-Regards,
-<p>
-The rsync team
-
-<p>Download: <b>
-<a href="http://samba.org/ftp/rsync/old-versions/rsync-2.5.7.tar.gz">rsync-2.5.7.tar.gz</a>
-(<a href="http://samba.org/ftp/rsync/old-versions/rsync-2.5.7.tar.gz.sig">signature</a>),
-<a href="http://samba.org/ftp/rsync/old-patches/rsync-2.5.6-2.5.7.diffs.gz">rsync-2.5.6-2.5.7.diffs.gz</a>
-(<a href="http://samba.org/ftp/rsync/old-patches/rsync-2.5.6-2.5.7.diffs.gz.sig">signature</a>)</b>.
+<p>This bug was fixed in rsync 2.5.7.
<!--#include virtual="footer.html" -->