- - Fixed the sanitizing of acceptable ../ dirs in 2 cases where an rsync
- daemon is receiving files when "use chroot" is not enabled and the
- destination dir is not at the top of the module's path: both the value
- of a symlink and the arg of the --FOO-dest options (i.e. --link-dest,
- --copy-dest, and --compare-dest) now know how deep the destination dir
- is in the module, and allow a safe number of ../ references instead of
- preventing the references from leaving the destination hierarchy (use
- the age-old --safe-links for that behavior).
+ - An rsync daemon that is receiving files with "use chroot = no" no longer
+ sanitizes the symlink target strings. This means that each symlink's
+ value will now be accepted (and thus returned) with its symlink info
+ intact. Also, in order to keep things safe, all arg paths and any
+ dereferenced symlinks (e.g. via --copy-links or --keep-dirlinks) are
+ manually verified to ensure that no symlinks try to escape past the top
+ of the module's path. These changes make a non-chroot daemon behave the
+ same way as a chroot daemon with regard to symlinks, and also avoids a
+ potential problem where a pre-existing symlink could have escaped the
+ module's hierarchy.
+
+ - Fixed a overzealous sanitizing bug in the handling of the --*-dest
+ options (--link-dest, --copy-dest, and --compare-dest): if the copy's
+ destination dir is deeper than the top of the module's path, these
+ options now accept a safe number of ../ (parent-dir) references (since
+ these options are relative to the destination dir). The old code
+ incorrectly chopped off all "../" prefixes for these options, no matter
+ how deep the destination directory was in the module's hierarchy.
+
+ - Fixed a bug where a deferred info/error/log message could get sent
+ directly to the sender instead of being handled by rwrite() in the
+ generator. This fixes an "unexpected tag 3" fatal error, and should
+ also fix a potential problem where a deferred info/error message from
+ the receiver might bypass the log file and get sent only to the client
+ process. (These problems could only affect an rsync daemon that was
+ receiving files.)