thr3ads.net - rsync - Rsync 2.6.8 released (incl. xattrs.diff security note) [Apr 2006]

If this information is useful, please help other people find it:
Share via:

Wayne Davison

2006-Apr-22 16:39 UTC

Rsync 2.6.8 released (incl. xattrs.diff security note)

I have released rsync version 2.6.8.

A SECURITY NOTE for users of the unofficial xattrs.diff patch:  See
below for a discussion of a security fix contained in the latest patch.

You can read all about the latest improvements and bug-fixes that went
into this release on this page:

    http://rsync.samba.org/ftp/rsync/NEWS

The tar file of the source and its signature are here:

    http://rsync.samba.org/ftp/rsync/rsync-2.6.8.tar.gz
    http://rsync.samba.org/ftp/rsync/rsync-2.6.8.tar.gz.asc

See the web site for other download possibilities (including unified
diffs based on the previous version).

The latest man pages are online in their usual spots:

    http://rsync.samba.org/ftp/rsync/rsync.html
    http://rsync.samba.org/ftp/rsync/rsyncd.conf.html

** A SECURITY NOTE for anyone using the xattrs.diff patch:

A bug in the extended-attributes receiving code could allow someone to
send data to a writable rsync daemon that could overflow a read buffer.
If you are running a "read only = NO" rsync daemon that has this patch
applied, either: (1) disable the reception of xattrs by your daemon (use
the "refuse options = -X" parameter in rsyncd.conf), (2) upgrade to
2.6.8 with the supplied xattrs.diff patch, or (3) manually apply the
same simple fix to your code that went into the latest patch -- consult
the rsync CVS for the last change that went into patches/xattrs.diff and
look at the two new lines added in the last hunk of that change:

    http://cvs.samba.org/cgi-bin/cvsweb/rsync/patches/xattrs.diff

Also of note for packagers:  as first seen in the 2.6.7 release, the
diffs in the patches dir of the release tar now contain patches for
generated files, so you won't need to use autoconf and yodl unless
you're creating a custom combination of patches that don't apply
cleanly together.

Enjoy!

..wayne..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url :
http://lists.samba.org/archive/rsync/attachments/20060422/781a6efe/attachment.bin

Reasonably Related Threads

Search for more reasonably related threads

rsync - Apr 2006 - Rsync 2.6.8 released (incl. xattrs.diff security note)

Rsync 2.6.8 released (incl. xattrs.diff security note)

Reasonably Related Threads

Wisdom of the Ancients