From: Wayne Davison Date: Tue, 2 Aug 2022 01:34:39 +0000 (-0700) Subject: More NEWS. X-Git-Tag: v3.2.5pre1~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=da5c72da4b604dbf2a9fdbfccb7b0ac787cf04e7;p=thirdparty%2Frsync.git More NEWS. --- diff --git a/NEWS.md b/NEWS.md index 4cb98a63..9ef41b3f 100644 --- a/NEWS.md +++ b/NEWS.md @@ -6,12 +6,12 @@ - Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive - names that should have been excluded by the sender. This extra safety check - only requires the client side rsync to be udateed. When dealing with an - untrusted sending host using an older rsync, it is safest to copy into a - dedicated destination directory for the remote content (i.e. don't copy into - a destination directory that contains files that aren't from the remote - host unless you trust the remote host). Fixes CVE-2022-29154. + names that should have been excluded by the sender. These extra safety + checks only require the receiver rsync to be udateed. When dealing with an + untrusted sending host, it is safest to copy into a dedicated destination + directory for the remote content (i.e. don't copy into a destination + directory that contains files that aren't from the remote host unless you + trust the remote host). Fixes CVE-2022-29154. ### BUG FIXES: @@ -20,6 +20,9 @@ made rsync send mostly literal data for a copy instead of finding matching data in the receiver's basis file. +- Lots of manpage improvements, including an attempt to better desdribe how + include/exclude filters work. + ### PACKAGING RELATED: - The build date that goes into the manpages is now based on the developer's @@ -27,6 +30,8 @@ ### DEVELOPER RELATED: +- Configure now defaults GETGROUPS_T to gid_t when cross compiling. + - Configure now looks for the bsd/string.h include file in order to fix the build on a host that has strlcpy() in the main libc but not defined in the main string.h file.