-NEWS for rsync 2.6.5 (UNRELEASED)
+NEWS for rsync 2.6.6 (UNRELEASED)
Protocol: 29 (unchanged)
-Changes since 2.6.4:
+Changes since 2.6.5:
+
+ SECURITY FIXES:
+
+ - Applied a zlib fix to block a buffer overflow in the decompression
+ code. Only affects a daemon if it allows uploads and does not refuse
+ the --compress option.
BUG FIXES:
- - A crash bug was fixed when a daemon had its "path" set to "/", did
- not have chroot enabled, and used some anchored excludes in the
- rsyncd.conf file.
+ - The setting of flist->high in clean_flist() was wrong for an empty list.
+ This could cause flist_find() to crash in certain rare circumstances
+ (e.g. if just the right directory setup was around when --fuzzy was
+ combined with --link-dest).
- - Fixed a case where the generator might try to tweak the write
- permissions of a read-only directory in list-only mode.
+ - The outputting of hard-linked files when verbosity was > 1 was not right:
+ without -i it would output the name of each hard-linked file as though
+ it had been changed (it now outputs a "is hard linked" message for the
+ file); with -i it would output all dots for the unchanged attributes of
+ a hard-link (it now changes those dots to spaces, as is done for other
+ totally unchanged items).
- - If --compare-dest or --link-dest uses a locally-copied file as the
- basis for an updated version, log this better when --verbose or -i
- is in effect.
+ - When backing up a changed symlink or device, get rid of any old backup
+ item so that we don't get an "already exists" error.
- - Fixed the accidental disabling of --backup during the --delete-after
- processing.
+ - A couple places that were comparing a local and a remote modification-
+ time were not honoring the --modify-window option.
- - Restored the ability to use the --address option in client mode (in
- addition to its use in daemon mode).
+ - Fixed a really old, minor bug that could cause rsync to warn about being
+ unable to mkdir() a path that ends in "/." because it just created the
+ directory (required --relative, --no-implied-dirs, a source path that
+ ended in either a trailing slash or a trailing "/.", and a non-existing
+ destination dir to tickle the bug in a recent version).
- - Make sure that some temporary progress information from the delete
- processing does not get left on the screen when it is followed by a
- newline.
+ - If the user specifies a remote-host for both the source and destination,
+ we now output a syntax error rather than trying to open the destination
+ hostspec as a filename.
ENHANCEMENTS:
- - Changed the outputting of "safe" filenames to use backslash-escaped
- characters rather than '?'s. Any non-printable character is output
- using octal (e.g. "\n" -> "\012"), and backslash is output as "\\".
+ - Made the "max verbosity" setting in the rsyncd.conf file settable on a
+ per-module basis (which now matches the documentation).
- INTERNAL:
+ - The support/rrsync script has been upgraded to verify the args of options
+ that take them (instead of rejecting any such options). The script was
+ also changed to try to be more secure and to fix a problem in the parsing
+ of a pull operation that has multiple sources.
- - Rsync now calls setlocale(LC_CTYPE, "").
+ - Upgraded the zlib code from 1.1.4 to 1.2.2 (plus the security fix
+ mentioned above).
BUILD CHANGES:
- - You can use --disable-locale to turn off any use of setlocale().
+ - Made configure define NOBODY_USER (currently hard-wired to "nobody") and
+ NOBODY_GROUP (set to either "nobody" or "nogroup" depending on what we
+ find in the /etc/group file).
- - Configure now disables the use of mkstemp() under HP-UX (since they
- refuse to fix its broken handling of large files).
+ - Added a test to the test suite, itemized.test, that tests the output of
+ -i (log-format w/%i) and some double-verbose messages.
- - Configure now explicitly checks for the lseek64() function so that
- the code can use HAVE_LSEEK64 instead of inferring lseek64()'s
- presence based on the presence of the off64_t type.