- - The setting of flist->high in clean_flist() was wrong for an empty list.
- This could cause flist_find() to crash in certain rare circumstances
- (e.g. if just the right directory setup was around when --fuzzy was
- combined with --list-dest).
+ - An rsync daemon that is receiving files with "use chroot = no" no longer
+ sanitizes the symlink target strings. This means that each symlink's
+ value will now be accepted (and thus returned) with its symlink info
+ intact. Also, in order to keep things safe, all arg paths and any
+ dereferenced symlinks (e.g. via --copy-links or --keep-dirlinks) are
+ manually verified to ensure that no symlinks try to escape past the top
+ of the module's path. These changes make a non-chroot daemon behave the
+ same way as a chroot daemon with regard to symlinks, and also avoids a
+ potential problem where a pre-existing symlink could have escaped the
+ module's hierarchy.