More NEWS.

NEWS.md

@@ -6,12 +6,12 @@
 
 - Added some file-list safety checking that helps to ensure that a rogue
   sending rsync can't add unrequested top-level names and/or include recursive
-  names that should have been excluded by the sender.  This extra safety check
-  only requires the client side rsync to be udateed.  When dealing with an
-  untrusted sending host using an older rsync, it is safest to copy into a
-  dedicated destination directory for the remote content (i.e. don't copy into
-  a destination directory that contains files that aren't from the remote
-  host unless you trust the remote host). Fixes CVE-2022-29154.
+  names that should have been excluded by the sender.  These extra safety
+  checks only require the receiver rsync to be udateed.  When dealing with an
+  untrusted sending host, it is safest to copy into a dedicated destination
+  directory for the remote content (i.e. don't copy into a destination
+  directory that contains files that aren't from the remote host unless you
+  trust the remote host). Fixes CVE-2022-29154.
 
 ### BUG FIXES:
 
@@ -20,6 +20,9 @@
   made rsync send mostly literal data for a copy instead of finding matching
   data in the receiver's basis file.
 
+- Lots of manpage improvements, including an attempt to better desdribe how
+  include/exclude filters work.
+
 ### PACKAGING RELATED:
 
 - The build date that goes into the manpages is now based on the developer's
@@ -27,6 +30,8 @@
 
 ### DEVELOPER RELATED:
 
+- Configure now defaults GETGROUPS_T to gid_t when cross compiling.
+
 - Configure now looks for the bsd/string.h include file in order to fix the
   build on a host that has strlcpy() in the main libc but not defined in the
   main string.h file.