- - A crash bug was fixed when a daemon had its "path" set to "/", did
- not have chroot enabled, and used some anchored excludes in the
- rsyncd.conf file.
-
- - Fixed a bug in the transfer of a single file when -H is specified
- that might have caused an infinite loop or perhaps a crash.
-
- - Fixed a case where the generator might try to tweak the write
- permissions of a read-only directory in list-only mode.
-
- - If --compare-dest or --link-dest uses a locally-copied file as the
- basis for an updated version, log this better when --verbose or -i
- is in effect.
-
- - Fixed the accidental disabling of --backup during the --delete-after
- processing.
-
- - Restored the ability to use the --address option in client mode (in
- addition to its use in daemon mode).
-
- - Make sure that some temporary progress information from the delete
- processing does not get left on the screen when it is followed by a
- newline.
-
- - When --existing skips a directory with extra verbosity, refer to it
- as a "directory", not a "file".
-
- - When transferring a single file to a different-named file, any
- generator messages that are source-file related no longer refer to
- the file by the destination filename.
-
- - Fixed a bug where hard-linking a group of files might fail if the
- generator hasn't created a needed destination directory yet.
-
- - Fixed a bug where a hard-linked group of files that is newly-linked
- to a file in a --link-dest dir doesn't link the files from the rest
- of the cluster.
-
- - When deleting files with the --one-file-system (-x) option set, rsync
- no longer tries to remove files from inside a mount-point on the
- receiving side. Also, we don't complain about being unable to remove
- the mount-point dir.
-
- - Fixed a compatibility problem when using --cvs-ignore (-C) and
- sending files to an older rsync without using --delete.
-
- - Make sure that a "- !" or "+ !" include/exclude pattern does not
- trigger the list-clearing action that is reserved for "!".
-
- - Avoid a timeout in the generator when the sender/receiver aren't
- handling the generator's checksum output quickly enough.
-
- - Fixed the ommission of some directories in the delete processing when
- --relative (-R) was combined with a source path that had a trailing
- slash.
-
- - Make sure that --max-size doesn't affect a device or a symlink.
-
- - Make sure that a system with a really small MAXPATHLEN does not cause
- the buffers in readfd_unbuffered() to be too small to receive normal
- messages. (This mainly affected Cygwin.)
-
- - If a source filename ends with "..", treat it as if "../" had been
- specified (so that we don't copy files to the parent dir of the
- destination).
-
- - If --delete is combined with a file-listing rsync command (i.e. no
- transfer is happening), avoid outputting a warning that we couldn't
- delete anything.
-
- - If --stats is specified with --delete-after, ensure that all the
- "deleting" messages are output before the statistics.
-
- - Improved one "if" in the deletion code that was only checking errno
- for ENOTEMPTY when it should have also been checking for EEXIST.
+ - An rsync daemon that is receiving files with "use chroot = no" no longer
+ sanitizes the symlink target strings. This means that each symlink's
+ value will now be accepted (and thus returned) with its symlink info
+ intact. Also, in order to keep things safe, all arg paths and any
+ dereferenced symlinks (e.g. via --copy-links or --keep-dirlinks) are
+ manually verified to ensure that no symlinks try to escape past the top
+ of the module's path. These changes make a non-chroot daemon behave the
+ same way as a chroot daemon with regard to symlinks, and also avoids a
+ potential problem where a pre-existing symlink could have escaped the
+ module's hierarchy.
+
+ - Fixed a overzealous sanitizing bug in the handling of the --*-dest
+ options (--link-dest, --copy-dest, and --compare-dest): if the copy's
+ destination dir is deeper than the top of the module's path, these
+ options now accept a safe number of ../ (parent-dir) references (since
+ these options are relative to the destination dir). The old code
+ incorrectly chopped off all "../" prefixes for these options, no matter
+ how deep the destination directory was in the module's hierarchy.
+
+ - Fixed a bug where a deferred info/error/log message could get sent
+ directly to the sender instead of being handled by rwrite() in the
+ generator. This fixes an "unexpected tag 3" fatal error, and should
+ also fix a potential problem where a deferred info/error message from
+ the receiver might bypass the log file and get sent only to the client
+ process. (These problems could only affect an rsync daemon that was
+ receiving files.)
+
+ - Make sure that the --link-dest option can still do its job even when -I
+ or --size-only is specified.
+
+ - The daemon now calls more timezone-using functions prior to doing a
+ chroot. This should help some C libraries to generate proper timestamps
+ from inside a chrooted daemon (and to not try to access /etc/timezone
+ over and over again).
+
+ - Fixed a bug in the handling of an absolute --partial-dir=ABS_PATH option:
+ it now deletes an alternate basis file from the partial-dir that was used
+ to successfully update a destination file.