Preparing for release of 3.0.9

Fixes bug 8440.

NEWS

@@ -1,138 +1,56 @@
-NEWS for rsync 3.0.8 (26 Mar 2011)
+NEWS for rsync 3.0.9 (23 Sep 2011)
 Protocol: 30 (unchanged)
-Changes since 3.0.7:
+Changes since 3.0.8:
 
   BUG FIXES:
 
-    - Fixed two buffer-overflow issues: one where a directory path that is
-      exactly MAXPATHLEN was not handled correctly, and one handling a
-      --backup-dir that is extra extra large.
+    - Fix a crash bug in checksum scanning when --inplace is used.
 
-    - Fixed a data-corruption issue when preserving hard-links without
-      preserving file ownership, and doing deletions either before or during
-      the transfer (CVE-2011-1097).  This fixes some assert errors in the
-      hard-linking code, and some potential failed checksums (via -c) that
-      should have matched.
+    - Fix a hang if a hard-linked file cannot be opened by the sender (e.g.
+      if it has no read permission).
 
-    - Fixed a potential crash when an rsync daemon has a filter/exclude list
-      and the transfer is using ACLs or xattrs.
+    - Fix preservation of a symlink's system xattrs (e.g. selinux) on Linux.
 
-    - Fixed a hang if a really large file is being processed by an rsync that
-      can't handle 64-bit numbers.  Rsync will now complain about the file
-      being too big and skip it.
+    - Fix a memory leak in the xattr code.
 
-    - For devices and special files, we now avoid gathering useless ACL and/or
-      xattr information for files that aren't being copied.  (The un-copied
-      files are still put into the file list, but there's no need to gather
-      data that is not going to be used.)  This ensures that if the user uses
-      --no-D, that rsync can't possibly complain about being unable to gather
-      extended information from special files that are in the file list (but
-      not in the transfer).
+    - Fixed a bug with --delete-excluded when a filter merge file has a rule
+      that specifies a receiver-only side restriction.
 
-    - Properly handle requesting remote filenames that start with a dash.  This
-      avoids a potential error where a filename could be interpreted as a
-      (usually invalid) option.
+    - Fix a bug with the modifying of unwritable directories.
 
-    - Fixed a bug in the comparing of upper-case letters in file suffixes for
-      --skip-compress.
+    - Fix --fake-super's interaction with --link-dest same-file comparisons.
 
-    - If an rsync daemon has a module configured without a path setting, rsync
-      will now disallow access to that module.
+    - Fix the updating of the curr_dir buffer to avoid a duplicate slash.
 
-    - If the destination arg is an empty string, it will be treated as a
-      reference to the current directory (as 2.x used to do).
+    - Fix the directory permissions on an implied dot-dir when using --relative
+      (e.g. /outside/path/././send/path).
 
-    - If rsync was compiled with a newer time-setting function (such as
-      lutimes), rsync will fall-back to an older function (such as utimes) on a
-      system where the newer function is not around.  This helps to make the
-      rsync binary more portable in mixed-OS-release situations.
+    - Fixed some too-long sleeping instances when using --bwlimit.
 
-    - Fixed a batch-file writing bug that would not write out the full set of
-      compatibility flags that the transfer was using.  This fixes a potential
-      protocol problem for a batch file that contains a sender-side I/O error:
-      it would have been sent in a way that the batch-reader wasn't expecting.
+    - Fixed when symlink ownership difference-checking gets compiled into
+      unchanged_attrs().
 
-    - Some improvements to the hard-linking code to ensure that device-number
-      hashing is working right, and to supply more information if the hard-link
-      code fails.
+    - Improved the socket-error reporting when multiple protocols fail.
 
-    - The --inplace code was improved to not search for an impossible checksum
-      position.  The quadruple-verbose chunk[N] message will now mention when
-      an inplace chunk was handled by a seek rather than a read+write.
+    - Fixed a case where a socket error could reference just-freed memory.
 
-    - Improved ACL mask handling, e.g. for Solaris.
+    - Failing to use a password file that was specified on the command-line is
+      now a fatal error.
 
-    - Fixed a bug that prevented --numeric-ids from disabling the translation
-      of user/group IDs for ACLs.
+    - Fix the non-root updating of directories that don't have the read and/or
+      execute permission.
 
-    - Fixed an issue where an xattr and/or ACL transfer that used an alt-dest
-      option (e.g. --link-dest) could output an error trying to itemize the
-      changes against the alt-dest directory's xattr/ACL info but was instead
-      trying to access the not-yet-existing new destination directory.
+    - Make daemon-excluded file errors more error-like.
 
-    - Improved xattr system-error messages to mention the full path to the
-      file.
+    - Fix a compilation issue on older C compilers (due to a misplaced var
+      declaration).
 
-    - The --link-dest checking for identical symlinks now avoids considering
-      attribute differences that cannot be changed on the receiver.
+    - Make configure avoid finding socketpair on cygwin.
 
-    - Avoid trying to read/write xattrs on certain file types for certain OSes.
-      Improved configure to set NO_SYMLINK_XATTRS, NO_DEVICE_XATTRS, and/or
-      NO_SPECIAL_XATTRS defines in config.h.
+    - Avoid trying to reference SO_BROADCAST if the OS doesn't support it.
 
-    - Improved the unsafe-symlink errors messages.
+    - Fix some issues with the post-processing of the man pages.
 
-    - Fixed a bug setting xattrs on new files that aren't user writable.
+    - Fixed the user home-dir handling in the support/lsh script.
 
-    - Avoid re-setting xattrs on a hard-linked file w/the same xattrs.
-
-    - Fixed a bug with --fake-super when copying files and dirs that aren't
-      user writable.
-
-    - Fixed a bug where a sparse file could have its last sparse block turned
-      into a real block when rsync sets the file size (requires ftruncate).
-
-    - If a temp-file name is too long, rsync now avoids truncating the name in
-      the middle of adjacent high-bit characters.  This prevents a potential
-      filename error if the filesystem doesn't allow a name to contain an
-      invalid multi-byte sequence.
-
-    - If a muli-protocol socket connection fails (i.e., when contacting a
-      daemon), we now report all the failures, not just the last one.  This
-      avoids losing a relevant error (e.g. an IPv4 connection-refused error)
-      that happened before the final error (e.g. an IPv6 protocol-not-supported
-      error).
-
-    - Generate a transfer error if we try to call chown with a -1 for a uid or
-      a gid (which is not settable).
-
-    - Fixed the working of --force when used with --one-file-system.
-
-    - Fix the popt arg parsing so that an option that doesn't take an arg will
-      reject an attempt to supply one (can configure --with-included-popt if
-      your system's popt library doesn't yet have this fix).
-
-    - A couple minor option tweaks to the support/rrsync script, and also some
-      regex changes that make vim highlighting happier.
-
-    - Fixed some issues in the support/mnt-excl script.
-
-    - Various manpage improvements.
-
-  ENHANCEMENTS:
-
-    - Added ".hg/" to the default cvs excludes (see -C & --cvs-exclude).
-
-  DEVELOPER RELATED:
-
-    - Use lchmod() whenever it is available (not just on symlinks).
-
-    - A couple fixes to the socketpair_tcp() routine.
-
-    - Updated the helper scripts in the packaging subdirectory.
-
-    - Renamed configure.in to configure.ac.
-
-    - Fixed configure's checking for iconv routines for newer OS X versions.
-
-    - Fixed the testsuite/xattrs.test script on OS X.
+    - Some minor manpage improvements.

OLDNEWS

@@ -1,3 +1,143 @@
+NEWS for rsync 3.0.8 (26 Mar 2011)
+Protocol: 30 (unchanged)
+Changes since 3.0.7:
+
+  BUG FIXES:
+
+    - Fixed two buffer-overflow issues: one where a directory path that is
+      exactly MAXPATHLEN was not handled correctly, and one handling a
+      --backup-dir that is extra extra large.
+
+    - Fixed a data-corruption issue when preserving hard-links without
+      preserving file ownership, and doing deletions either before or during
+      the transfer (CVE-2011-1097).  This fixes some assert errors in the
+      hard-linking code, and some potential failed checksums (via -c) that
+      should have matched.
+
+    - Fixed a potential crash when an rsync daemon has a filter/exclude list
+      and the transfer is using ACLs or xattrs.
+
+    - Fixed a hang if a really large file is being processed by an rsync that
+      can't handle 64-bit numbers.  Rsync will now complain about the file
+      being too big and skip it.
+
+    - For devices and special files, we now avoid gathering useless ACL and/or
+      xattr information for files that aren't being copied.  (The un-copied
+      files are still put into the file list, but there's no need to gather
+      data that is not going to be used.)  This ensures that if the user uses
+      --no-D, that rsync can't possibly complain about being unable to gather
+      extended information from special files that are in the file list (but
+      not in the transfer).
+
+    - Properly handle requesting remote filenames that start with a dash.  This
+      avoids a potential error where a filename could be interpreted as a
+      (usually invalid) option.
+
+    - Fixed a bug in the comparing of upper-case letters in file suffixes for
+      --skip-compress.
+
+    - If an rsync daemon has a module configured without a path setting, rsync
+      will now disallow access to that module.
+
+    - If the destination arg is an empty string, it will be treated as a
+      reference to the current directory (as 2.x used to do).
+
+    - If rsync was compiled with a newer time-setting function (such as
+      lutimes), rsync will fall-back to an older function (such as utimes) on a
+      system where the newer function is not around.  This helps to make the
+      rsync binary more portable in mixed-OS-release situations.
+
+    - Fixed a batch-file writing bug that would not write out the full set of
+      compatibility flags that the transfer was using.  This fixes a potential
+      protocol problem for a batch file that contains a sender-side I/O error:
+      it would have been sent in a way that the batch-reader wasn't expecting.
+
+    - Some improvements to the hard-linking code to ensure that device-number
+      hashing is working right, and to supply more information if the hard-link
+      code fails.
+
+    - The --inplace code was improved to not search for an impossible checksum
+      position.  The quadruple-verbose chunk[N] message will now mention when
+      an inplace chunk was handled by a seek rather than a read+write.
+
+    - Improved ACL mask handling, e.g. for Solaris.
+
+    - Fixed a bug that prevented --numeric-ids from disabling the translation
+      of user/group IDs for ACLs.
+
+    - Fixed an issue where an xattr and/or ACL transfer that used an alt-dest
+      option (e.g. --link-dest) could output an error trying to itemize the
+      changes against the alt-dest directory's xattr/ACL info but was instead
+      trying to access the not-yet-existing new destination directory.
+
+    - Improved xattr system-error messages to mention the full path to the
+      file.
+
+    - The --link-dest checking for identical symlinks now avoids considering
+      attribute differences that cannot be changed on the receiver.
+
+    - Avoid trying to read/write xattrs on certain file types for certain OSes.
+      Improved configure to set NO_SYMLINK_XATTRS, NO_DEVICE_XATTRS, and/or
+      NO_SPECIAL_XATTRS defines in config.h.
+
+    - Improved the unsafe-symlink errors messages.
+
+    - Fixed a bug setting xattrs on new files that aren't user writable.
+
+    - Avoid re-setting xattrs on a hard-linked file w/the same xattrs.
+
+    - Fixed a bug with --fake-super when copying files and dirs that aren't
+      user writable.
+
+    - Fixed a bug where a sparse file could have its last sparse block turned
+      into a real block when rsync sets the file size (requires ftruncate).
+
+    - If a temp-file name is too long, rsync now avoids truncating the name in
+      the middle of adjacent high-bit characters.  This prevents a potential
+      filename error if the filesystem doesn't allow a name to contain an
+      invalid multi-byte sequence.
+
+    - If a muli-protocol socket connection fails (i.e., when contacting a
+      daemon), we now report all the failures, not just the last one.  This
+      avoids losing a relevant error (e.g. an IPv4 connection-refused error)
+      that happened before the final error (e.g. an IPv6 protocol-not-supported
+      error).
+
+    - Generate a transfer error if we try to call chown with a -1 for a uid or
+      a gid (which is not settable).
+
+    - Fixed the working of --force when used with --one-file-system.
+
+    - Fix the popt arg parsing so that an option that doesn't take an arg will
+      reject an attempt to supply one (can configure --with-included-popt if
+      your system's popt library doesn't yet have this fix).
+
+    - A couple minor option tweaks to the support/rrsync script, and also some
+      regex changes that make vim highlighting happier.
+
+    - Fixed some issues in the support/mnt-excl script.
+
+    - Various manpage improvements.
+
+  ENHANCEMENTS:
+
+    - Added ".hg/" to the default cvs excludes (see -C & --cvs-exclude).
+
+  DEVELOPER RELATED:
+
+    - Use lchmod() whenever it is available (not just on symlinks).
+
+    - A couple fixes to the socketpair_tcp() routine.
+
+    - Updated the helper scripts in the packaging subdirectory.
+
+    - Renamed configure.in to configure.ac.
+
+    - Fixed configure's checking for iconv routines for newer OS X versions.
+
+    - Fixed the testsuite/xattrs.test script on OS X.
+
+
 NEWS for rsync 3.0.7 (31 Dec 2009)
 Protocol: 30 (unchanged)
 Changes since 3.0.6:
@@ -3091,9 +3231,11 @@ Changes since 2.4.6:
     * The existing test.sh script by Phil Hands has been merged into a
       test framework that works from both "make check" and the Samba
       build farm.
+
 
 Partial Protocol History
 	RELEASE DATE	VER.	DATE OF COMMIT*	PROTOCOL
+	23 Sep 2011	3.0.9			30
 	26 Mar 2011	3.0.8			30
 	31 Dec 2009	3.0.7			30
 	08 May 2009	3.0.6			30

acls.c

@@ -495,9 +495,15 @@ static int get_rsync_acl(const char *fname, rsync_acl *racl,
 		}
 
 		racl->user_obj = IVAL(buf, 0);
+		if (racl->user_obj == NO_ENTRY)
+			racl->user_obj = (mode >> 6) & 7;
 		racl->group_obj = IVAL(buf, 4);
+		if (racl->group_obj == NO_ENTRY)
+			racl->group_obj = (mode >> 3) & 7;
 		racl->mask_obj = IVAL(buf, 8);
 		racl->other_obj = IVAL(buf, 12);
+		if (racl->other_obj == NO_ENTRY)
+			racl->other_obj = mode & 7;
 
 		if (cnt) {
 			char *bp = buf + 4*4;

authenticate.c

@@ -156,36 +156,27 @@ static const char *getpassf(const char *filename)
 {
 	STRUCT_STAT st;
 	char buffer[512], *p;
-	int fd, n, ok = 1;
-	const char *envpw = getenv("RSYNC_PASSWORD");
+	int fd, n;
 
 	if (!filename)
 		return NULL;
 
 	if ((fd = open(filename,O_RDONLY)) < 0) {
-		rsyserr(FWARNING, errno, "could not open password file \"%s\"",
-			filename);
-		if (envpw)
-			rprintf(FINFO, "falling back to RSYNC_PASSWORD environment variable.\n");
-		return NULL;
+		rsyserr(FERROR, errno, "could not open password file %s", filename);
+		exit_cleanup(RERR_SYNTAX);
 	}
 
 	if (do_stat(filename, &st) == -1) {
-		rsyserr(FWARNING, errno, "stat(%s)", filename);
-		ok = 0;
-	} else if ((st.st_mode & 06) != 0) {
-		rprintf(FWARNING, "password file must not be other-accessible\n");
-		ok = 0;
-	} else if (MY_UID() == 0 && st.st_uid != 0) {
-		rprintf(FWARNING, "password file must be owned by root when running as root\n");
-		ok = 0;
+		rsyserr(FERROR, errno, "stat(%s)", filename);
+		exit_cleanup(RERR_SYNTAX);
 	}
-	if (!ok) {
-		close(fd);
-		rprintf(FWARNING, "continuing without password file\n");
-		if (envpw)
-			rprintf(FINFO, "falling back to RSYNC_PASSWORD environment variable.\n");
-		return NULL;
+	if ((st.st_mode & 06) != 0) {
+		rprintf(FERROR, "ERROR: password file must not be other-accessible\n");
+		exit_cleanup(RERR_SYNTAX);
+	}
+	if (MY_UID() == 0 && st.st_uid != 0) {
+		rprintf(FERROR, "ERROR: password file must be owned by root when running as root\n");
+		exit_cleanup(RERR_SYNTAX);
 	}
 
 	n = read(fd, buffer, sizeof buffer - 1);
@@ -196,7 +187,8 @@ static const char *getpassf(const char *filename)
 			return strdup(p);
 	}
 
-	return NULL;
+	rprintf(FERROR, "ERROR: failed to read a password from %s\n", filename);
+	exit_cleanup(RERR_SYNTAX);
 }
 
 /* Generate an MD4 hash created from the combination of the password

clientserver.c

@@ -1071,7 +1071,7 @@ int daemon_main(void)
 	rprintf(FLOG, "rsyncd version %s starting, listening on port %d\n",
 		RSYNC_VERSION, rsync_port);
 	/* TODO: If listening on a particular address, then show that
-	 * address too.  In fact, why not just do inet_ntop on the
+	 * address too.  In fact, why not just do getnameinfo on the
 	 * local address??? */
 
 	start_accept_loop(rsync_port, start_daemon);

configure.ac

@@ -5,7 +5,7 @@ AC_CONFIG_SRCDIR([byteorder.h])
 AC_CONFIG_HEADER(config.h)
 AC_PREREQ(2.59)
 
-RSYNC_VERSION=3.0.8
+RSYNC_VERSION=3.0.9
 AC_SUBST(RSYNC_VERSION)
 AC_MSG_NOTICE([Configuring rsync $RSYNC_VERSION])
 
@@ -331,7 +331,7 @@ AC_CHECK_HEADERS(sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h \
     sys/un.h sys/attr.h mcheck.h arpa/inet.h arpa/nameser.h locale.h \
     netdb.h malloc.h float.h limits.h iconv.h libcharset.h langinfo.h \
     sys/acl.h acl/libacl.h attr/xattr.h sys/xattr.h sys/extattr.h \
-    popt.h popt/popt.h)
+    popt.h popt/popt.h netinet/in_systm.h netinet/ip.h)
 AC_HEADER_MAJOR
 
 AC_CACHE_CHECK([if makedev takes 3 args],rsync_cv_MAKEDEV_TAKES_3_ARGS,[
@@ -675,7 +675,11 @@ AC_TRY_RUN([
 
 main() {
        int fd[2];
+#ifdef __CYGWIN__
+       exit(1);
+#else
        exit((socketpair(AF_UNIX, SOCK_STREAM, 0, fd) != -1) ? 0 : 1);
+#endif
 }],
 rsync_cv_HAVE_SOCKETPAIR=yes,rsync_cv_HAVE_SOCKETPAIR=no,rsync_cv_HAVE_SOCKETPAIR=cross)])
 if test x"$rsync_cv_HAVE_SOCKETPAIR" = x"yes"; then
@@ -966,7 +970,6 @@ else
 	AC_MSG_RESULT(Using Linux xattrs)
 	AC_DEFINE(HAVE_LINUX_XATTRS, 1, [True if you have Linux xattrs])
 	AC_DEFINE(SUPPORT_XATTRS, 1)
-	AC_DEFINE(NO_SYMLINK_XATTRS, 1, [True if symlinks do not support xattrs])
 	;;
     darwin*)
 	AC_MSG_RESULT(Using OS X xattrs)
@@ -980,6 +983,10 @@ else
 	AC_DEFINE(HAVE_FREEBSD_XATTRS, 1, [True if you have FreeBSD xattrs])
 	AC_DEFINE(SUPPORT_XATTRS, 1)
 	;;
+    solaris*)
+	# Better Solaris support coming in 3.1.0...
+	AC_DEFINE(NO_SYMLINK_XATTRS, 1, [True if symlinks do not support xattrs])
+	;;
     *)
 	if test x"$enable_xattr_support" = x"yes"; then
 	    AC_MSG_ERROR(Failed to find extended attribute support)

exclude.c

@@ -901,13 +901,9 @@ static const char *parse_rule_tok(const char *p, uint32 mflags, int xflags,
 		exit_cleanup(RERR_SYNTAX);
 	}
 
-	/* --delete-excluded turns an un-modified include/exclude into a
-	 * sender-side rule.  We also affect per-dir merge files that take
-	 * no prefixes as a simple optimization. */
+	/* --delete-excluded turns an un-modified include/exclude into a sender-side rule. */
 	if (delete_excluded
-	 && !(new_mflags & (MATCHFLG_RECEIVER_SIDE|MATCHFLG_SENDER_SIDE))
-	 && (!(new_mflags & MATCHFLG_PERDIR_MERGE)
-	  || new_mflags & MATCHFLG_NO_PREFIXES))
+	 && !(new_mflags & (MATCHFLG_RECEIVER_SIDE|MATCHFLG_SENDER_SIDE|MATCHFLG_MERGE_FILE|MATCHFLG_PERDIR_MERGE)))
 		new_mflags |= MATCHFLG_SENDER_SIDE;
 
 	*len_ptr = len;

flist.c

@@ -1646,11 +1646,12 @@ static void send_directory(int f, struct file_list *flist, char *fbuf, int len,
 		remainder = 0;
 
 	for (errno = 0, di = readdir(d); di; errno = 0, di = readdir(d)) {
+		unsigned name_len;
 		char *dname = d_name(di);
 		if (dname[0] == '.' && (dname[1] == '\0'
 		    || (dname[1] == '.' && dname[2] == '\0')))
 			continue;
-		unsigned name_len = strlcpy(p, dname, remainder);
+		name_len = strlcpy(p, dname, remainder);
 		if (name_len >= remainder) {
 			char save = fbuf[len];
 			fbuf[len] = '\0';
@@ -2101,12 +2102,8 @@ struct file_list *send_file_list(int f, int argc, char *argv[])
 				fn = fbuf;
 			/* A leading ./ can be used in relative mode to affect
 			 * the dest dir without its name being in the path. */
-			if (*fn == '.' && fn[1] == '/' && !implied_dot_dir) {
-				send_file_name(f, flist, ".", NULL,
-				    (flags | FLAG_IMPLIED_DIR) & ~FLAG_CONTENT_DIR,
-				    ALL_FILTERS);
-				implied_dot_dir = 1;
-			}
+			if (*fn == '.' && fn[1] == '/' && fn[2] && !implied_dot_dir)
+				implied_dot_dir = -1;
 			len = clean_fname(fn, CFN_KEEP_TRAILING_SLASH
 					    | CFN_DROP_TRAILING_DOT_DIR);
 			if (len == 1) {
@@ -2144,11 +2141,20 @@ struct file_list *send_file_list(int f, int argc, char *argv[])
 		dirlen = dir ? strlen(dir) : 0;
 		if (dirlen != lastdir_len || memcmp(lastdir, dir, dirlen) != 0) {
 			if (!change_pathname(NULL, dir, -dirlen))
-				continue;
+				goto bad_path;
 			lastdir = pathname;
 			lastdir_len = pathname_len;
-		} else if (!change_pathname(NULL, lastdir, lastdir_len))
+		} else if (!change_pathname(NULL, lastdir, lastdir_len)) {
+		    bad_path:
+			if (implied_dot_dir < 0)
+				implied_dot_dir = 0;
 			continue;
+		}
+
+		if (implied_dot_dir < 0) {
+			implied_dot_dir = 1;
+			send_file_name(f, flist, ".", NULL, (flags | FLAG_IMPLIED_DIR) & ~FLAG_CONTENT_DIR, ALL_FILTERS);
+		}
 
 		if (fn != fbuf)
 			memmove(fbuf, fn, len + 1);

generator.c

@@ -630,7 +630,7 @@ int unchanged_attrs(const char *fname, struct file_struct *file, stat_x *sxp)
 		if (perms_differ(file, sxp))
 			return 0;
 #endif
-#ifndef CAN_CHOWN_SYMLINK
+#ifdef CAN_CHOWN_SYMLINK
 		if (ownership_differs(file, sxp))
 			return 0;
 #endif
@@ -1355,7 +1355,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 				handle_skipped_hlink(file, itemizing, code, f_out);
 #endif
 			rprintf(FERROR_XFER,
-				"skipping daemon-excluded %s \"%s\"\n",
+				"ERROR: daemon refused to receive %s \"%s\"\n",
 				is_dir ? "directory" : "file", fname);
 			if (is_dir)
 				goto skipping_dir_contents;
@@ -1523,12 +1523,21 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 			}
 		}
 
-		/* We need to ensure that the dirs in the transfer have writable
-		 * permissions during the time we are putting files within them.
-		 * This is then fixed after the transfer is done. */
+#ifdef SUPPORT_XATTRS
+		if (preserve_xattrs && statret == 1)
+			copy_xattrs(fnamecmpbuf, fname);
+#endif
+		if (set_file_attrs(fname, file, real_ret ? NULL : &real_sx, NULL, 0)
+		    && verbose && code != FNONE && f_out != -1)
+			rprintf(code, "%s/\n", fname);
+
+		/* We need to ensure that the dirs in the transfer have both
+		 * readable and writable permissions during the time we are
+		 * putting files within them.  This is then restored to the
+		 * former permissions after the transfer is done. */
 #ifdef HAVE_CHMOD
-		if (!am_root && !(file->mode & S_IWUSR) && dir_tweaking) {
-			mode_t mode = file->mode | S_IWUSR;
+		if (!am_root && (file->mode & S_IRWXU) != S_IRWXU && dir_tweaking) {
+			mode_t mode = file->mode | S_IRWXU;
 			if (do_chmod(fname, mode) < 0) {
 				rsyserr(FERROR_XFER, errno,
 					"failed to modify permissions on %s",
@@ -1538,14 +1547,6 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 		}
 #endif
 
-#ifdef SUPPORT_XATTRS
-		if (preserve_xattrs && statret == 1)
-			copy_xattrs(fnamecmpbuf, fname);
-#endif
-		if (set_file_attrs(fname, file, real_ret ? NULL : &real_sx, NULL, 0)
-		    && verbose && code != FNONE && f_out != -1)
-			rprintf(code, "%s/\n", fname);
-
 		if (real_ret != 0 && one_file_system)
 			real_sx.st.st_dev = filesystem_dev;
 		if (inc_recurse) {
@@ -2142,10 +2143,16 @@ void check_for_finished_files(int itemizing, enum logcode code, int check_redo)
 	while (1) {
 #ifdef SUPPORT_HARD_LINKS
 		if (preserve_hard_links && (ndx = get_hlink_num()) != -1) {
+			int send_failed = (ndx == -2);
+			if (send_failed)
+				ndx = get_hlink_num();
 			flist = flist_for_ndx(ndx, "check_for_finished_files.1");
 			file = flist->files[ndx - flist->ndx_start];
 			assert(file->flags & FLAG_HLINKED);
-			finish_hard_link(file, f_name(file, fbuf), ndx, NULL, itemizing, code, -1);
+			if (send_failed)
+				handle_skipped_hlink(file, itemizing, code, sock_f_out);
+			else
+				finish_hard_link(file, f_name(file, fbuf), ndx, NULL, itemizing, code, -1);
 			flist->in_progress--;
 			continue;
 		}

io.c

@@ -177,13 +177,19 @@ static void got_flist_entry_status(enum festatus status, const char *buf)
 	case FES_SUCCESS:
 		if (remove_source_files)
 			send_msg(MSG_SUCCESS, buf, 4, 0);
+		/* FALL THROUGH */
+	case FES_NO_SEND:
+#ifdef SUPPORT_HARD_LINKS
 		if (preserve_hard_links) {
 			struct file_struct *file = flist->files[ndx - flist->ndx_start];
 			if (F_IS_HLINKED(file)) {
+				if (status == FES_NO_SEND)
+					flist_ndx_push(&hlink_list, -2); /* indicates a failure follows */
 				flist_ndx_push(&hlink_list, ndx);
 				flist->in_progress++;
 			}
 		}
+#endif
 		break;
 	case FES_REDO:
 		if (read_batch) {
@@ -195,8 +201,6 @@ static void got_flist_entry_status(enum festatus status, const char *buf)
 			flist->to_redo++;
 		flist_ndx_push(&redo_list, ndx);
 		break;
-	case FES_NO_SEND:
-		break;
 	}
 }
 
@@ -1062,7 +1066,6 @@ static int readfd_unbuffered(int fd, char *buf, size_t len)
 				xbuf outbuf, inbuf;
 				char ibuf[512];
 				int add_null = 0;
-				int pos = 0;
 
 				INIT_CONST_XBUF(outbuf, line);
 				INIT_XBUF(inbuf, ibuf, 0, -1);
@@ -1077,7 +1080,6 @@ static int readfd_unbuffered(int fd, char *buf, size_t len)
 					if (iconvbufs(ic_send, &inbuf, &outbuf,
 					    ICB_INCLUDE_BAD | ICB_INCLUDE_INCOMPLETE) < 0)
 						goto overflow;
-					pos = -1;
 				}
 				if (add_null) {
 					if (outbuf.len == outbuf.size)
@@ -1402,7 +1404,7 @@ static void sleep_for_bwlimit(int bytes_written)
 	if (prior_tv.tv_sec) {
 		elapsed_usec = (start_tv.tv_sec - prior_tv.tv_sec) * ONE_SEC
 			     + (start_tv.tv_usec - prior_tv.tv_usec);
-		total_written -= elapsed_usec * bwlimit / (ONE_SEC/1024);
+		total_written -= (int64)elapsed_usec * bwlimit / (ONE_SEC/1024);
 		if (total_written < 0)
 			total_written = 0;
 	}

main.c

@@ -526,7 +526,7 @@ static char *get_local_name(struct file_list *flist, char *dest_path)
 		if ((*dest_path != '.' || dest_path[1] != '\0')
 		 && (check_filter(&daemon_filter_list, FLOG, dest_path, 0) < 0
 		  || check_filter(&daemon_filter_list, FLOG, dest_path, 1) < 0)) {
-			rprintf(FERROR, "skipping daemon-excluded destination \"%s\"\n",
+			rprintf(FERROR, "ERROR: daemon has excluded destination \"%s\"\n",
 				dest_path);
 			exit_cleanup(RERR_FILESELECT);
 		}

match.c

@@ -238,7 +238,7 @@ static void hash_search(int f,struct sum_struct *s,
 					aligned_offset += s->blength;
 					aligned_i++;
 				}
-				if (offset == aligned_offset) {
+				if (offset == aligned_offset && aligned_i < s->count) {
 					if (i != aligned_i) {
 						if (sum != s->sums[aligned_i].sum1
 						 || l != s->sums[aligned_i].len

options.c

@@ -369,7 +369,7 @@ void usage(enum logcode F)
   rprintf(F,"     --del                   an alias for --delete-during\n");
   rprintf(F,"     --delete                delete extraneous files from destination dirs\n");
   rprintf(F,"     --delete-before         receiver deletes before transfer, not during\n");
-  rprintf(F,"     --delete-during         receiver deletes during transfer (default)\n");
+  rprintf(F,"     --delete-during         receiver deletes during the transfer\n");
   rprintf(F,"     --delete-delay          find deletions during, delete after\n");
   rprintf(F,"     --delete-after          receiver deletes after transfer, not during\n");
   rprintf(F,"     --delete-excluded       also delete excluded files from destination dirs\n");
@@ -433,7 +433,7 @@ void usage(enum logcode F)
   rprintf(F," -4, --ipv4                  prefer IPv4\n");
   rprintf(F," -6, --ipv6                  prefer IPv6\n");
   rprintf(F,"     --version               print version number\n");
-  rprintf(F,"(-h) --help                  show this help (-h works with no other options)\n");
+  rprintf(F,"(-h) --help                  show this help (-h is --help only if used alone)\n");
 
   rprintf(F,"\n");
   rprintf(F,"Use \"rsync --daemon --help\" to see the daemon-mode command-line options.\n");

packaging/lsb/rsync.spec

@@ -1,6 +1,6 @@
 Summary: A fast, versatile, remote (and local) file-copying tool
 Name: rsync
-Version: 3.0.8
+Version: 3.0.9
 %define fullversion %{version}
 Release: 1
 %define srcdir src
@@ -66,8 +66,8 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man5/rsyncd.conf.5*
 
 %changelog
-* Sat Mar 26 2011 Wayne Davison <wayned@samba.org>
-Released 3.0.8.
+* Fri Sep 23 2011 Wayne Davison <wayned@samba.org>
+Released 3.0.9.
 
 * Fri Mar 21 2008 Wayne Davison <wayned@samba.org>
 Added installation of /etc/xinetd.d/rsync file and some commented-out

rsync.yo

@@ -1,5 +1,5 @@
 mailto(rsync-bugs@samba.org)
-manpage(rsync)(1)(26 Mar 2011)()()
+manpage(rsync)(1)(23 Sep 2011)()()
 manpagename(rsync)(a fast, versatile, remote (and local) file-copying tool)
 manpagesynopsis()
 
@@ -281,6 +281,19 @@ daemon (including stand-alone and inetd configurations).
 If you're using one of the remote-shell transports for the transfer, there is
 no need to manually start an rsync daemon.
 
+manpagesection(SORTED TRANSFER ORDER)
+
+Rsync always sorts the specified filenames into its internal transfer list.
+This handles the merging together of the contents of identically named
+directories, makes it easy to remove duplicate filenames, and may confuse
+someone when the files are transferred in a different order than what was
+given on the command-line.
+
+If you need a particular file to be transferred prior to another, either
+separate the files into different rsync calls, or consider using
+bf(--delay-updates) (which doesn't affect the sorted transfer order, but
+does make the final file-updating phase happen much more rapidly).
+
 manpagesection(EXAMPLES)
 
 Here are some examples of how I use rsync.
@@ -367,10 +380,10 @@ to the detailed description below for a complete description.  verb(
      --remove-source-files   sender removes synchronized files (non-dir)
      --del                   an alias for --delete-during
      --delete                delete extraneous files from dest dirs
-     --delete-before         receiver deletes before transfer (default)
-     --delete-during         receiver deletes during xfer, not before
+     --delete-before         receiver deletes before xfer, not during
+     --delete-during         receiver deletes during the transfer
      --delete-delay          find deletions during, delete after
-     --delete-after          receiver deletes after transfer, not before
+     --delete-after          receiver deletes after transfer, not during
      --delete-excluded       also delete excluded files from dest dirs
      --ignore-errors         delete even if there are I/O errors
      --force                 force deletion of dirs even if not empty
@@ -451,11 +464,17 @@ accepted: verb(
 
 manpageoptions()
 
-rsync uses the GNU long options package. Many of the command line
-options have two variants, one short and one long.  These are shown
-below, separated by commas. Some options only have a long variant.
-The '=' for options that take a parameter is optional; whitespace
-can be used instead.
+Rsync accepts both long (double-dash + word) and short (single-dash + letter)
+options.  The full list of the available options are described below.  If an
+option can be specified in more than one way, the choices are comma-separated.
+Some options only have a long variant, not a short.  If the option takes a
+parameter, the parameter is only listed after the long variant, even though it
+must also be specified for the short.  When specifying a parameter, you can
+either use the form --option=param or replace the '=' with whitespace.  The
+parameter may need to be quoted in some manner for it to survive the shell's
+command-line parsing.  Keep in mind that a leading tilde (~) in a filename is
+substituted by your shell, so --option=~/foo will not change the tilde into
+your home directory (remove the '=' for that).
 
 startdit()
 dit(bf(--help)) Print a short help page describing the options
@@ -991,7 +1010,7 @@ used by bf(--fake-super)) unless you repeat the option (e.g. -XX).  This
 "copy all xattrs" mode cannot be used with bf(--fake-super).
 
 dit(bf(--chmod)) This option tells rsync to apply one or more
-comma-separated "chmod" strings to the permission of the files in the
+comma-separated "chmod" modes to the permission of the files in the
 transfer.  The resulting value is treated as though it were the permissions
 that the sending side supplied for the file, which means that this option
 can seem to have no effect on existing files if bf(--perms) is not enabled.
@@ -1174,6 +1193,16 @@ dit(bf(--remove-source-files)) This tells rsync to remove from the sending
 side the files (meaning non-directories) that are a part of the transfer
 and have been successfully duplicated on the receiving side.
 
+Note that you should only use this option on source files that are quiescent.
+If you are using this to move files that show up in a particular directory over
+to another host, make sure that the finished files get renamed into the source
+directory, not directly written into it, so that rsync can't possibly transfer
+a file that is not yet fully written.  If you can't first write the files into
+a different directory, you should use a naming idiom that lets rsync avoid
+transferring files that are not yet finished (e.g. name the file "foo.new" when
+it is written, rename it to "foo" when it is done, and then use the option
+bf(--exclude='*.new') for the rsync transfer).
+
 dit(bf(--delete)) This tells rsync to delete extraneous files from the
 receiving side (ones that aren't on the sending side), but only for the
 directories that are being synchronized.  You must have asked rsync to
@@ -2996,7 +3025,7 @@ url(http://rsync.samba.org/)(http://rsync.samba.org/)
 
 manpagesection(VERSION)
 
-This man page is current for version 3.0.8 of rsync.
+This man page is current for version 3.0.9 of rsync.
 
 manpagesection(INTERNAL OPTIONS)
 

rsyncd.conf.yo

@@ -1,5 +1,5 @@
 mailto(rsync-bugs@samba.org)
-manpage(rsyncd.conf)(5)(26 Mar 2011)()()
+manpage(rsyncd.conf)(5)(23 Sep 2011)()()
 manpagename(rsyncd.conf)(configuration file for rsync in daemon mode)
 manpagesynopsis()
 
@@ -127,6 +127,12 @@ dit(bf(path)) This parameter specifies the directory in the daemon's
 filesystem to make available in this module.  You must specify this parameter
 for each module in tt(rsyncd.conf).
 
+It is fine if the path includes internal spaces -- they will be retained
+verbatim (which means that you shouldn't try to escape them).  If your final
+directory has a trailing space (and this is somehow not something you wish to
+fix), append a trailing slash to the path to avoid losing the trailing
+whitespace.
+
 dit(bf(use chroot)) If "use chroot" is true, the rsync daemon will chroot
 to the "path" before starting the file transfer with the client.  This has
 the advantage of extra protection against possible implementation security
@@ -700,7 +706,7 @@ url(http://rsync.samba.org/)(http://rsync.samba.org/)
 
 manpagesection(VERSION)
 
-This man page is current for version 3.0.8 of rsync.
+This man page is current for version 3.0.9 of rsync.
 
 manpagesection(CREDITS)
 

runtests.sh

@@ -129,7 +129,10 @@ RUNSHFLAGS='-e'
 export RUNSHFLAGS
 
 # for Solaris
-[ -d /usr/xpg4/bin ] && PATH="/usr/xpg4/bin/:$PATH"
+if [ -d /usr/xpg4/bin ]; then
+    PATH="/usr/xpg4/bin/:$PATH"
+    export PATH
+fi
 
 if [ "x$loglevel" != x ] && [ "$loglevel" -gt 8 ]; then
     if set -x; then

socket.c

@@ -26,8 +26,12 @@
 
 #include "rsync.h"
 #include "ifuncs.h"
+#ifdef HAVE_NETINET_IN_SYSTM_H
 #include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
 #include <netinet/ip.h>
+#endif
 #include <netinet/tcp.h>
 
 extern char *bind_address;
@@ -297,22 +301,29 @@ int open_socket_out(char *host, int port, const char *bind_addr,
 			s = -1;
 			continue;
 		}
+		if (verbose >= 3) {
+			char buf[2048];
+			if ((error = getnameinfo(res->ai_addr, res->ai_addrlen, buf, sizeof buf, NULL, 0, NI_NUMERICHOST)) != 0)
+				snprintf(buf, sizeof buf, "*getnameinfo failure: %s*", gai_strerror(error));
+			rprintf(FINFO, "Connected to %s (%s)\n", h, buf);
+		}
 		break;
 	}
-	freeaddrinfo(res0);
 
-	if (s < 0) {
+	if (s < 0 || verbose >= 3) {
 		char buf[2048];
 		for (res = res0, j = 0; res; res = res->ai_next, j++) {
 			if (errnos[j] == 0)
 				continue;
-			if (inet_ntop(res->ai_family, res->ai_addr->sa_data + 2, buf, sizeof buf) == NULL)
-				strlcpy(buf, "*inet_ntop failed*", sizeof buf);
+			if ((error = getnameinfo(res->ai_addr, res->ai_addrlen, buf, sizeof buf, NULL, 0, NI_NUMERICHOST)) != 0)
+				snprintf(buf, sizeof buf, "*getnameinfo failure: %s*", gai_strerror(error));
 			rsyserr(FERROR, errnos[j], "failed to connect to %s (%s)", h, buf);
 		}
-		s = -1;
+		if (s < 0)
+			s = -1;
 	}
 
+	freeaddrinfo(res0);
 	free(errnos);
 
 	return s;
@@ -635,7 +646,9 @@ struct
 } socket_options[] = {
   {"SO_KEEPALIVE",      SOL_SOCKET,    SO_KEEPALIVE,    0,                 OPT_BOOL},
   {"SO_REUSEADDR",      SOL_SOCKET,    SO_REUSEADDR,    0,                 OPT_BOOL},
+#ifdef SO_BROADCAST
   {"SO_BROADCAST",      SOL_SOCKET,    SO_BROADCAST,    0,                 OPT_BOOL},
+#endif
 #ifdef TCP_NODELAY
   {"TCP_NODELAY",       IPPROTO_TCP,   TCP_NODELAY,     0,                 OPT_BOOL},
 #endif

support/lsh

@@ -7,7 +7,6 @@
 # command.
 
 user=''
-prefix=''
 do_cd=y # Default path is user's home dir, just like ssh.
 
 while : ; do
@@ -22,14 +21,13 @@ while : ; do
 done
 
 if [ "$user" ]; then
-    prefix="sudo -H -u '$user'"
+    prefix=''
     if [ $do_cd = y ]; then
 	home=`perl -e "print((getpwnam('$user'))[7])"`
-	# Yeah, this may fail, but attempts to get sudo to cd are harder.
-	cd $home
+	prefix="cd '$home' ;"
     fi
-elif [ $do_cd = y ]; then
-    cd
+    sudo -H -u "$user" sh -c "$prefix $*"
+else
+    [ $do_cd = y ] && cd
+    eval "${@}"
 fi
-
-eval $prefix "${@}"

support/mnt-excl

@@ -18,7 +18,7 @@
 # easily adapted to read /etc/mtab or similar.
 #
 # ADDENDUM:  The addition of the --filter option (which has support for
-# absolute-anchored excludes) can make this screen unneeded in some
+# absolute-anchored excludes) can make this script unneeded in some
 # scenarios.  If you don't need delete protection on the receiving side
 # (or if the destination path is identical to the source path), then you
 # can exclude some absolute paths from the transfer based on the mount

tweak_manpage

@@ -1,19 +1,10 @@
 #!/usr/bin/perl -i -p
 
-# Make some hyphens unbreakable.
-s{(--\w[-\w]+)}{ $x = $1; $x =~ s/-/\\-/g; $x }eg;
-s/(?<!\\)-(['"\d*])/\\-$1/g;
-s#(['"(= /,])-(?!-)#$1\\-#g;
-s/(\\fB)-/$1\\-/g;
-s/(\[\w)-(\w\])/$1\\-$2/g;
-s{(\\f\(CW.*?\\fP)}{ $x = $1; $x =~ s/(?<!\\)-/\\-/g; $x }eg;
-s/(\.\w+)-/$1\\-/g;
+use strict;
+use warnings;
 
 # We only need to use "\&'" or "\&." at the start of a line.
-s/(?<=.)\\\&(['.])/$1$2/g;
-
-# Use an em-dash where appropriate.
-s/ \\?-{1,2} / \\(em /g;
+s/(?<=.)\\\&(['.])/$1/g;
 
 # Some quotes turn into open/close quotes.
 s/'(.)'/\\(oq$1\\(cq/g;

util.c

@@ -1024,8 +1024,9 @@ int change_dir(const char *dir, int set_path_only)
 			errno = ENAMETOOLONG;
 			return 0;
 		}
-		curr_dir[curr_dir_len] = '/';
-		memcpy(curr_dir + curr_dir_len + 1, dir, len + 1);
+		if (!(curr_dir_len && curr_dir[curr_dir_len-1] == '/'))
+			curr_dir[curr_dir_len++] = '/';
+		memcpy(curr_dir + curr_dir_len, dir, len + 1);
 
 		if (!set_path_only && chdir(curr_dir)) {
 			curr_dir[curr_dir_len] = '\0';

wildtest.c

@@ -50,15 +50,16 @@ static struct poptOption long_options[] = {
 
 /* match just at the start of string (anchored tests) */
 static void
-run_test(int line, bool matches, bool same_as_fnmatch,
+run_test(int line, bool matches,
+#ifdef COMPARE_WITH_FNMATCH
+	 bool same_as_fnmatch,
+#endif
 	 const char *text, const char *pattern)
 {
     bool matched;
 #ifdef COMPARE_WITH_FNMATCH
     bool fn_matched;
     int flags = strstr(pattern, "**")? 0 : FNM_PATHNAME;
-#else
-    same_as_fnmatch = 0; /* Get rid of unused-variable compiler warning. */
 #endif
 
     if (explode_mod) {
@@ -194,7 +195,11 @@ main(int argc, char **argv)
 	    while (*++s == ' ' || *s == '\t') {}
 	}
 	*end[0] = *end[1] = '\0';
-	run_test(line, flag[0], flag[1], string[0], string[1]);
+	run_test(line, flag[0],
+#ifdef COMPARE_WITH_FNMATCH
+		 flag[1],
+#endif
+		 string[0], string[1]);
     }
 
     if (!wildmatch_errors)

xattrs.c

@@ -93,11 +93,14 @@ static void rsync_xal_free(item_list *xalp)
 	size_t i;
 	rsync_xa *rxas = xalp->items;
 
+	if (!xalp->malloced)
+		return;
+
 	for (i = 0; i < xalp->count; i++) {
 		free(rxas[i].datum);
 		/*free(rxas[i].name);*/
 	}
-	xalp->count = 0;
+	free(xalp->items);
 }
 
 void free_xattr(stat_x *sxp)
@@ -772,10 +775,8 @@ void uncache_tmp_xattrs(void)
 		item_list *xattr_start = xattr_item + prior_xattr_count;
 		xattr_item += rsync_xal_l.count;
 		rsync_xal_l.count = prior_xattr_count;
-		while (xattr_item-- > xattr_start) {
+		while (xattr_item-- > xattr_start)
 			rsync_xal_free(xattr_item);
-			free(xattr_item->items);
-		}
 		prior_xattr_count = (size_t)-1;
 	}
 }