-NEWS for rsync 2.6.3 (UNRELEASED)
-Protocol: 28 (unchanged)
-Changes since 2.6.2:
-
- SECURITY FIXES:
-
- - A bug in the sanitize_path routine (which affects a non-chrooted
- rsync daemon) could allow a user to craft a pathname that would get
- transformed into an absolute path for certain options (but not for
- file-transfer names). If you're running an rsync daemon with chroot
- disabled, *please upgrade*, ESPECIALLY if the user privs you run
- rsync under is anything above "nobody".
-
- OUTPUT CHANGES (ATTN: those using a script to parse the verbose output):
-
- - Please note that the 2-line footer (output when verbose) now uses the
- term "sent" instead of "wrote" and "received" instead of "read". If
- you are not parsing the numeric values out of this footer, a script
- would be better off using the empty line prior to the footer as the
- indicator that the verbose output is over.
-
- - The output from the --stats option was similarly affected to change
- "written" to "sent" and "read" to "received".
-
- - Rsync ensures that a filename that contains a newline gets mentioned
- with each newline transformed into a question mark (which prevents a
- filename from causing an empty line to be output).