|
2 | 2 |
|
3 | 3 | ## Changes in this version: |
4 | 4 |
|
| 5 | +### SECURITY RELATED: |
| 6 | + |
| 7 | +Several security-relevant defects were reported and fixed since 3.4.1. |
| 8 | +None were assigned a CVE — rsync's fork-per-connection design scopes |
| 9 | +the impact of each of these to the attacker's own connection, which is |
| 10 | +equivalent to the client closing the socket itself — but they are |
| 11 | +fixed here as a matter of hygiene and to reduce the chances of a |
| 12 | +future exploitable combination. Many thanks to the external |
| 13 | +researchers who reported these issues. |
| 14 | + |
| 15 | +- Fixed a signed integer overflow in the PROXY protocol v2 header |
| 16 | + parser: a negative `len` field could bypass the size check and cause |
| 17 | + a stack buffer overflow in `read_buf()`. Reported by John Walker of |
| 18 | + ZeroPath. |
| 19 | + |
| 20 | +- Fixed an invalid access to the files array. Reported by Calum |
| 21 | + Hutton of Rapid7. |
| 22 | + |
| 23 | +- Reject negative token values in the compressed-stream token |
| 24 | + decoder; a negative value could cause callers to misinterpret a |
| 25 | + missing data pointer as literal data. Reported by Will Sergeant. |
| 26 | + |
| 27 | +- Fixed the element count passed to the xattr `qsort()` (see |
| 28 | + https://www.openwall.com/lists/oss-security/2026/04/16/2). |
| 29 | + |
| 30 | +- Fixed a buffer underflow in `clean_fname()`, and added a regression |
| 31 | + test. |
| 32 | + |
| 33 | +- Fixed an uninitialized `mul_one` in the AVX2 get_checksum1 path |
| 34 | + (undefined behaviour), and added a SIMD-checksum self-test that |
| 35 | + cross-checks SSE2, SSSE3 and AVX2 against the C reference on both |
| 36 | + aligned and unaligned buffers. |
| 37 | + |
| 38 | +- Fixed an uninitialized `buf1` on the first call to |
| 39 | + `get_checksum2()` in the MD4 path (fixes #673). |
| 40 | + |
| 41 | +- Zero all new memory from internal allocations: `my_alloc()` now uses |
| 42 | + `calloc`, and `expand_item_list()` zeros the expanded portion after |
| 43 | + `realloc`. This gives more predictable behaviour if stale or |
| 44 | + uninitialised memory is ever accidentally read. |
| 45 | + |
5 | 46 | ### BUG FIXES: |
6 | 47 |
|
7 | | -- ... |
| 48 | +- Call `tzset()` before chroot so that log timestamps continue to |
| 49 | + reflect the configured local timezone after the daemon chroots |
| 50 | + (glibc needs `/etc/localtime`, which is unreachable post-chroot). |
| 51 | + |
| 52 | +- Use the correct time when writing to the log file. |
| 53 | + |
| 54 | +- Do not clear `DISPLAY` unconditionally. |
| 55 | + |
| 56 | +- Fixed a Y2038 bug in `syscall.c` by replacing the `Int32x32To64` |
| 57 | + macro (which truncates its arguments to 32 bits) with a plain |
| 58 | + 64-bit multiplication. |
| 59 | + |
| 60 | +- Fixed ACL ID mapping for non-root users (closes #618). |
| 61 | + |
| 62 | +- Fixed handling of objects with many xattrs on FreeBSD. |
| 63 | + |
| 64 | +- Fixed `--open-noatime` not taking effect when opening regular |
| 65 | + files: `O_NOATIME` is now also passed to `do_open_nofollow()`, which |
| 66 | + has been used for regular files since the CVE fix "fixed symlink |
| 67 | + race condition in sender". |
| 68 | + |
| 69 | +- Ignore "directory has vanished" errors. |
| 70 | + |
| 71 | +- Fixed the removal of multiple leading slashes. |
| 72 | + |
| 73 | +- Added the missing `--dirs` long option. |
| 74 | + |
| 75 | +- Fixed a segfault if `poptGetContext()` returns NULL (e.g. under |
| 76 | + OOM) by not passing NULL to `poptReadDefaultConfig()`. Reported by |
| 77 | + Ronnie Sahlberg; found with `malloc-fail-tester`. |
| 78 | + |
| 79 | +- Fixed a build error on ia64 NonStop (which treats missing |
| 80 | + prototypes as an error, not a warning). |
| 81 | + |
| 82 | +- Fixed a flaky hardlinks test (fixes #735). |
| 83 | + |
| 84 | +### ENHANCEMENTS: |
| 85 | + |
| 86 | +- Added multi-threaded `zstd` compression, gated by a new |
| 87 | + `--compress-threads=N` option, with validation and man-page |
| 88 | + coverage. |
| 89 | + |
| 90 | +- Documented the `temp dir` parameter in the rsyncd.conf man page |
| 91 | + (fixes #820). |
| 92 | + |
| 93 | +- Improved rendering of interior dashes in long-option names in |
| 94 | + `md-convert` (perhaps fixes #686). |
| 95 | + |
| 96 | +### PORTABILITY / BUILD: |
| 97 | + |
| 98 | +- Fixed glibc 2.43 const-preserving overloads of `strtok()`, |
| 99 | + `strchr()` etc. by declaring the affected locals with the right |
| 100 | + constness. Contributed by Holger Hoffstätte. |
| 101 | + |
| 102 | +- Converted the bundled zlib 1.2.8 from K&R-style function |
| 103 | + definitions to ANSI prototypes, so it builds with clang 16+. |
| 104 | + |
| 105 | +- Avoid using `bool` as an identifier; it is a keyword in C23. |
| 106 | + |
| 107 | +- `configure.ac`: check for xattr functions in libc first and only |
| 108 | + fall back to `-lattr`, avoiding spurious overlinking when `-lattr` |
| 109 | + happens to be installed. Contributed by Eli Schwartz. |
| 110 | + |
| 111 | +- Made the build reproducible by honouring `SOURCE_DATE_EPOCH` for |
| 112 | + the manpage date. |
| 113 | + |
| 114 | +- Removed obsolete `popt/findme.c` and `popt/findme.h` that upstream |
| 115 | + popt 1.14 folded into `popt.c` (fixes #710). Contributed by Alan |
| 116 | + Coopersmith. |
| 117 | + |
| 118 | +### INTERNAL: |
| 119 | + |
| 120 | +- Made many module-global variables `const` so they can live in |
| 121 | + `.rodata` and enable additional compiler optimization. |
| 122 | + |
| 123 | +### DEVELOPER RELATED: |
| 124 | + |
| 125 | +- Replaced `runtests.sh` with `runtests.py`, a Python test runner |
| 126 | + that supports `--valgrind` (with per-process log files so valgrind |
| 127 | + output no longer interferes with output comparisons) and |
| 128 | + `-j/--parallel` execution for roughly a 7× speed-up on typical |
| 129 | + hardware. |
| 130 | + |
| 131 | +- Added a SIMD checksum self-test and a `clean-fname-underflow` |
| 132 | + regression test. |
| 133 | + |
| 134 | +- Various CI fixes for macOS and Cygwin (including adding |
| 135 | + `simd-checksum` to the expected-skipped lists on platforms without |
| 136 | + SIMD), and tests now run on `ubuntu-latest`. |
8 | 137 |
|
9 | 138 | ------------------------------------------------------------------------------ |
10 | 139 |
|
|
0 commit comments