From da5c72da4b604dbf2a9fdbfccb7b0ac787cf04e7 Mon Sep 17 00:00:00 2001 From: Wayne Davison Date: Mon, 1 Aug 2022 18:34:39 -0700 Subject: [PATCH] More NEWS. --- NEWS.md | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/NEWS.md b/NEWS.md index 4cb98a63..9ef41b3f 100644 --- a/NEWS.md +++ b/NEWS.md @@ -6,12 +6,12 @@ - Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive - names that should have been excluded by the sender. This extra safety check - only requires the client side rsync to be udateed. When dealing with an - untrusted sending host using an older rsync, it is safest to copy into a - dedicated destination directory for the remote content (i.e. don't copy into - a destination directory that contains files that aren't from the remote - host unless you trust the remote host). Fixes CVE-2022-29154. + names that should have been excluded by the sender. These extra safety + checks only require the receiver rsync to be udateed. When dealing with an + untrusted sending host, it is safest to copy into a dedicated destination + directory for the remote content (i.e. don't copy into a destination + directory that contains files that aren't from the remote host unless you + trust the remote host). Fixes CVE-2022-29154. ### BUG FIXES: @@ -20,6 +20,9 @@ made rsync send mostly literal data for a copy instead of finding matching data in the receiver's basis file. +- Lots of manpage improvements, including an attempt to better desdribe how + include/exclude filters work. + ### PACKAGING RELATED: - The build date that goes into the manpages is now based on the developer's @@ -27,6 +30,8 @@ ### DEVELOPER RELATED: +- Configure now defaults GETGROUPS_T to gid_t when cross compiling. + - Configure now looks for the bsd/string.h include file in order to fix the build on a host that has strlcpy() in the main libc but not defined in the main string.h file. -- 2.47.2