-NEWS for rsync 2.6.3 (UNRELEASED)
+NEWS for rsync 2.6.3 (30 Sep 2004)
Protocol: 28 (unchanged)
Changes since 2.6.2:
+ SECURITY FIXES:
+
+ - A bug in the sanitize_path routine (which affects a non-chrooted
+ rsync daemon) could allow a user to craft a pathname that would get
+ transformed into an absolute path for certain options (but not for
+ file-transfer names). If you're running an rsync daemon with chroot
+ disabled, *please upgrade*, ESPECIALLY if the user privs you run
+ rsync under is anything above "nobody".
+
OUTPUT CHANGES (ATTN: those using a script to parse the verbose output):
- Please note that the 2-line footer (output when verbose) now uses the
term "sent" instead of "wrote" and "received" instead of "read". If
you are not parsing the numeric values out of this footer, a script
- should be better off using the empty line prior to the footer as the
+ would be better off using the empty line prior to the footer as the
indicator that the verbose output is over.
- The output from the --stats option was similarly affected to change
"written" to "sent" and "read" to "received".
- - Made sure that a filename that contains a newline gets mentioned with
- each newline transformed into a question mark (which makes sure that
- a filename can't span multiple lines nor cause an empty line to be
- output).
+ - Rsync ensures that a filename that contains a newline gets mentioned
+ with each newline transformed into a question mark (which prevents a
+ filename from causing an empty line to be output).
+
+ - The "backed up ..." message that is output when at least 2 --verbose
+ options are specified is now the same both with and without the
+ --backup-dir option.
BUG FIXES:
- Fixed a crash bug that might appear when --delete was used and
multiple source directories were specified.
- - Fixed the 32-bit truncation of the file length when generating the
+ - Fixed a 32-bit truncation of the file length when generating the
checksums.
- The --backup code no longer attempts to create some directories
error.)
- If a file gets resent in a single transfer and the --backup option
- is enabled, rsync no longer performs a duplicate backup (losing the
- original file in the process).
-
- - Fixed an age-old crash problem with --read-batch on a local copy
- (rsync was improperly assuming --whole-file for the local copy).
+ is enabled, rsync no longer performs a duplicate backup (it used to
+ overwrite the original file in the backup area).
- Files specified in the daemon's "exclude" or "exclude from" config
items are now excluded from being uploaded (assuming that the module
option (mentioned below) for a way to specify that behavior.
- Error messages from the daemon server's option-parsing (such as
- refused options) now get sent back to the client (the server used
- to just exit because the socket wasn't in the right state to send
- the message).
+ refused options) are now successfully transferred back to the client
+ (the server used to fail to send the message because the socket
+ wasn't in the right state for the message to get through).
- - Most errors that occur during a daemon transfer are now returned to
- the user in addition to being logged (some messages are intended to
- be daemon-only).
+ - Most transfer errors that occur during a daemon transfer are now
+ returned to the user in addition to being logged (some messages are
+ intended to be daemon-only and are not affected by this).
- Fixed a bug in the daemon authentication code when using one of the
batch-processing options.
- When using --delete and a --backup-dir that contains files that are
hard-linked to their destination equivalents, rsync now makes sure
- that removed files really get removed (works around a really weird
- rename() behavior).
+ that removed files really get removed (avoids a really weird rename()
+ behavior).
- Avoid a bogus run-time complaint about a lack of 64-bit integers when
the int64 type is defined as an off_t and it actually has 64-bits.
This bypasses a problem writing out large temp files on OSes such as
AIX and HP-UX.
+ - Fixed an age-old crash problem with --read-batch on a local copy
+ (rsync was improperly assuming --whole-file for the local copy).
+
+ - When --dry-run (-n) is used and the destination directory does not
+ exist, rsync now produces a correct report of files that would be
+ sent instead of dying with a chdir() error.
+
+ - Fixed a bug that could cause a slow-to-connect rsync daemon to die
+ with an error instead of waiting for the connection to finish.
+
+ - Fixed an ssh interaction that could cause output to be lost when the
+ user chose to combine the output of rsync's stdout and stderr (e.g.
+ using the "2>&1").
+
ENHANCEMENTS:
- Added the --partial-dir=DIR option that lets you specify where to
(temporarily) put a partially transferred file (instead of over-
writing the destination file). E.g. --partial-dir=.rsync-partial
+ Also added support for the RSYNC_PARTIAL_DIR environment variable
+ that, when found, transforms a regular --partial option (such as
+ the convenient -P option) into one that also specifies a directory.
- Added --keep-dirlinks (-K), which allows you to symlink a directory
onto another partition on the receiving side and have rsync treat it
sprinkling the batch files into different dirs or even onto different
systems), and is much less intrusive into the code (making it easier
to maintain for the future). The new code generates just one data
- file instead of three, which makes it possible to read the batch via
- stdin. Also, the old requirement of using the same fixed checksum-
- seed for all batch processing has been removed.
+ file instead of three, which makes it possible to read the batch on
+ stdin via a remote shell. Also, the old requirement of forcing the
+ same fixed checksum-seed for all batch processing has been removed.
- If an rsync daemon has a module set with "list = no" (which hides its
presence in the list of available modules), a user that fails to
- The daemon's "refuse options" config item now allows you to match
option names using wildcards and/or the single-letter option names.
- - The finished file now gets its permissions and modified-time updated
- before it gets movied into place.
+ - Each transferred file now gets its permissions and modified-time
+ updated before the temp-file gets moved into place. Previously, the
+ finished file would have a very brief window where its permissions
+ disallowed all group and world access.
+
+ - Added the ability to parse a literal IPv6 address in an "rsync:" URL
+ (e.g. rsync://[2001:638:500:101::21]:873/module/dir).
+
+ - The daemon's wildcard expanding code can now handle more than 1000
+ filenames (it's now limited by memory instead of having a hard-wired
+ limit).
INTERNAL:
- Some cleanup in the exclude code has saved some per-exclude memory
and made the code easier to maintain.
- - Improved the argv-overflow checking for a remote command that has
- a lot of args.
+ - Improved the argv-overflow checking for a remote command that has a
+ lot of args.
- - Use rsyserr() in the various places that were still calling
- rprintf() with strerror() as an arg.
+ - Use rsyserr() in the various places that were still calling rprintf()
+ with strerror() as an arg.
- If an rsync daemon is listening on multiple sockets (to handle both
IPv4 and IPv6 to a single port), we now close all the unneeded file
handles after we accept a connection (we used to close just one of
them).
- - Optimized the handling of larger block sizes (rsync used to slow to
- a crawl if the block size got too large). Also cap the block size.
+ - Optimized the handling of larger block sizes (rsync used to slow to a
+ crawl if the block size got too large).
- Optimized away a loop in hash_search().
+ - Some improvements to the sanitize_path() and clean_fname() functions
+ makes them more efficient and produce better results (while still
+ being compatible with the file-name cleaning that gets done on both
+ sides when sending the file-list).
+
+ - Got rid of alloc_sanitize_path() after adding a destination-buffer
+ arg to sanitize_path() made it possible to put all the former's
+ functionality into the latter.
+
+ - The file-list that is output when at least 4 verbose options are
+ specified reports the uid value on the sender even when rsync is
+ not running as root (since we might be sending to a root receiver).
+
BUILD CHANGES:
- Added a "gen" target to rebuild most of the generated files,
- The variable $STRIP (that is optionally set by the install-strip
target's rule) was changed to $INSTALL_STRIP because some systems
- have $STRIP set in the environment.
+ have $STRIP already set in the environment.
- Fixed a build problem when SUPPORT_HARD_LINKS isn't defined.
+ - When cross-compiling, the gettimeofday() function is now assumed to
+ be a modern version that takes two-args (since we can't test it).
+
DEVELOPER RELATED:
- - The scripts in the testsuite dir were cleaned up a bit.
+ - The scripts in the testsuite dir were cleaned up a bit and a few
+ new tests added.
- Some new diffs were added to the patches dir, and some accepted
ones were removed.
Matt McCutchen's Web Site / rsync / rsync.git / blobdiff