Preparing for release of 3.2.0

xattr headers have been provided by glibc (at least on Linux/glibc)
for many years now. Reorder the inclusion of xattr headers to
attempt compatibility/legacy after the common case.
This prevents the warning without changing compatibility to
non-glibc systems.

* Add dependency on lib/sysxattrs.h header in Makefile

Co-authored-by: Wayne Davison <wayne@opencoder.net>

.github/workflows/ccpp.yml

@@ -18,7 +18,7 @@ jobs:
     - name: prepare-source
       run: ./prepare-source
     - name: configure
-      run: ./configure --with-included-popt --with-protected-args --with-included-zlib --enable-simd
+      run: ./configure --with-included-popt --with-included-zlib
     - name: make
       run: make
     - name: version-summary

.gitignore

@@ -19,6 +19,8 @@ aclocal.m4
 /rsync*.5
 /rsync*.html
 /help-rsync*.h
+/default-cvsignore.h
+/default-dont-compress.h
 /.md2man-works
 /autom4te*.cache
 /confdefs.h

Makefile.in

@@ -10,6 +10,7 @@ mandir=@mandir@
 
 LIBS=@LIBS@
 CC=@CC@
+AWK=@AWK@
 CFLAGS=@CFLAGS@
 CPPFLAGS=@CPPFLAGS@
 CXX=@CXX@
@@ -69,7 +70,7 @@ CHECK_OBJS=tls.o testrun.o getgroups.o getfsdev.o t_stub.o t_unsafe.o trimslash.
 @OBJ_RESTORE@
 
 .PHONY: all
-all: Makefile rsync$(EXEEXT) stunnel-rsyncd.conf man
+all: Makefile rsync$(EXEEXT) stunnel-rsyncd.conf @MAKE_MAN@
 
 .PHONY: install
 install: all
@@ -99,19 +100,18 @@ rsync$(EXEEXT): $(OBJS)
 
 $(OBJS): $(HEADERS)
 $(CHECK_OBJS): $(HEADERS)
+tls.o xattrs.o: lib/sysxattrs.h
 options.o: latest-year.h help-rsync.h help-rsyncd.h
+exclude.o: default-cvsignore.h
+loadparm.o: default-dont-compress.h
 
 flist.o: rounding.h
 
-help-rsync.h help-rsyncd.h: rsync.1.md
-	@sed -e '1,/^\[comment\].*$@/d' \
-	    -e '1,/^```/d' \
-	    -e '/^```/,$$d' \
-	    -e 's/"/\\"/g' \
-	    -e 's/^/  rprintf(F,"/' \
-	    -e 's/$$/\\n");/' \
-	    <"$(srcdir)/$<" >$@
-	@if ! test -s $@; then rm -f $@ ; echo "The Makefile generated an empty file: $@" ; exit 1 ; fi
+default-cvsignore.h default-dont-compress.h: rsync.1.md define-from-md.awk
+	$(AWK) -f $(srcdir)/define-from-md.awk -v hfile=$@ $(srcdir)/rsync.1.md
+
+help-rsync.h help-rsyncd.h: rsync.1.md help-from-md.awk
+	$(AWK) -f $(srcdir)/help-from-md.awk -v hfile=$@ $(srcdir)/rsync.1.md
 
 rounding.h: rounding.c rsync.h proto.h
 	@for r in 0 1 3; do \
@@ -132,10 +132,10 @@ rounding.h: rounding.c rsync.h proto.h
 	@rm -f rounding.out
 
 simd-checksum-x86_64.o: simd-checksum-x86_64.cpp
-	$(CXX) $(CXXFLAGS) $(CPPFLAGS) -c -o $@ $<
+	$(CXX) $(CXXFLAGS) $(CPPFLAGS) -c -o $@ $(srcdir)/simd-checksum-x86_64.cpp
 
 lib/md5-asm-x86_64.o: lib/md5-asm-x86_64.s
-	$(CC) -c -o $@ $<
+	$(CC) -c -o $@ $(srcdir)/lib/md5-asm-x86_64.s
 
 tls$(EXEEXT): $(TLS_OBJ)
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(TLS_OBJ) $(LIBS)
@@ -227,7 +227,7 @@ proto.h: proto.h-tstamp
 	@if test -f proto.h; then :; else cp -p $(srcdir)/proto.h .; fi
 
 proto.h-tstamp: $(srcdir)/*.c $(srcdir)/lib/compat.c config.h
-	awk -f $(srcdir)/mkproto.awk $(srcdir)/*.c $(srcdir)/lib/compat.c
+	$(AWK) -f $(srcdir)/mkproto.awk $(srcdir)/*.c $(srcdir)/lib/compat.c
 
 .PHONY: man
 man: rsync.1 rsync-ssl.1 rsyncd.conf.5

NEWS.md

@@ -1,4 +1,4 @@
-# NEWS for rsync 3.2.0 (UNRELEASED)
+# NEWS for rsync 3.2.0 (19 Jun 2020)
 
 Protocol: 31 (unchanged)
 
@@ -45,8 +45,8 @@ Protocol: 31 (unchanged)
 
  - Avoid a hang when an overabundance of messages clogs up all the I/O buffers.
 
- - Fixed a mismatch in the RSYNC_PID values when running both a `pre-xfer exec`
-   and a `post-xfer exec`.
+ - Fixed a mismatch in the RSYNC_PID values put into the environment of
+   `pre-xfer exec` and a `post-xfer exec`.
 
  - Fixed a crash in the `--iconv` code.
 
@@ -58,23 +58,22 @@ Protocol: 31 (unchanged)
    MD5 checksum algorithms, some x86-64 optimizations for the rolling checksum,
    some x86-64 optimizations for the (non-openssl) MD5 checksum, the addition
    of xxhash checksum support, and a negotiation heuristic that ensures that it
-   is easier to add new checksum algorithms in the future.  Currently the
-   x86-64 optimizations require the use of the `--enable-simd` flag to
-   configure, but they will probably be enabled by default in the near future.
-   The environment variable `RSYNC_CHECKSUM_LIST` can be used to customize the
-   preference order of the negotiation.
+   is easier to add new checksum algorithms in the future.  The environment
+   variable `RSYNC_CHECKSUM_LIST` can be used to customize the preference order
+   of the negotiation, or use `--checksum-choice` (`--cc`) to force a choice.
 
  - Various compression enhancements, including the addition of zstd and lz4
    compression algorithms and a negotiation heuristic that picks the best
    compression option supported by both sides.  The environment variable
    `RSYNC_COMPRESS_LIST` can be used to customize the preference order of the
-   heuristic when speaking to another rsync 3.2.0 version.
+   negotiation, or use `--compress-choice` (`--zc`) to force a choice.
 
  - Added a --debug=NSTR option that outputs details of the new negotiation
    strings (for checksums and compression).  The first level just outputs the
    result of each negotiation on the client, level 2 outputs the values of the
    strings that were sent to and received from the server, and level 3 outputs
-   all those values on the server side too.
+   all those values on the server side too (when the server was given the debug
+   option).
 
  - The --debug=OPTS command-line option is no longer auto-forwarded to the
    remote rsync which allows for the client and server to have different levels
@@ -90,19 +89,25 @@ Protocol: 31 (unchanged)
 
  - Added the `--write-devices` option based on the long-standing patch.
 
- - Added openssl support to the rsync-ssl script, which is now installed by
-   default.  This script was unified with the stunnel-rsync helper script to
-   simplify packaging.
+ - Added openssl & preliminary gnutls support to the rsync-ssl script, which is
+   now installed by default.  This was unified with the old stunnel-rsync
+   helper script to simplify packaging.  Note that the script accepts the use
+   of --type=gnutls for gnutls testing, but does not look for gnutls-cli on the
+   path yet.  The use of type=gnutls will not work right until gnutls-cli no
+   longer drops data.
 
  - Rsync was enhanced to set the `RSYNC_PORT` environment variable when running
    a daemon-over-rsh script. Its value is the user-specified port number (set
    via `--port` or an rsync:// URL) or 0 if the user didn't override the port.
 
- - Added the `haproxy header` daemon parameter that allows your rsyncd to know
-   the real remote IP when it is being proxied.
+ - Added the `proxy protocol` daemon parameter that allows your rsyncd to know
+   the real remote IP when it is setup behind a proxy.
 
  - Added negated matching to the daemon's `refuse options` setting by using
-   match strings that start with a `!` (such as `!compress*`).
+   match strings that start with a `!` (such as `!compress*`).  This lets you
+   refuse all options except for a particular approved list, for example.  It
+   also lets rsync refuse certain options by default (such as `write-devices`)
+   while allowing the config to override that, as desired.
 
  - Added the `early exec` daemon parameter that runs a script before the
    transfer parameters are known, allowing some early setup based on module
@@ -110,82 +115,90 @@ Protocol: 31 (unchanged)
 
  - Added status output in response to a signal (via both SIGINFO & SIGVTALRM).
 
- - Added a `--copy-as=USER` option to give some extra security to root-run
-   rsync commands into/from untrusted directories (such as backups and
-   restores).
+ - Added `--copy-as=USER` option to give some extra security to root-run rsync
+   commands into/from untrusted directories (such as backups and restores).
 
  - When resuming the transfer of a file in the `--partial-dir`, rsync will now
    update that partial file in-place instead of creating yet another tmp file
    copy.  This requires both sender & receiver to be at least v3.2.0.
 
  - Added support for `RSYNC_SHELL` & `RSYNC_NO_XFER_EXEC` environment variables
-   that affect the pre-xfer exec and post-xfer exec rsync daemon options.
+   that affect the early, pre-xfer, and post-xfer exec rsync daemon parameters.
 
- - Optimize the `--fuzzy` `--fuzzy` heuristic to avoid the fuzzy directory scan
+ - Optimize the `--fuzzy --fuzzy` heuristic to avoid the fuzzy directory scan
    until all other basis-file options are exhausted (such as `--link-dest`).
 
- - Have a daemon that is logging include the normal-exit sent/received stats
-   even when the transfer exited with an error.
+ - Have the daemon log include the normal-exit sent/received stats when the
+   transfer exited with an error when possible (i.e. if it is the sender).
 
  - The daemon now locks its pid file (when configured to use one) so that it
-   will not fail to start when the file exists and it is unlocked.
+   will not fail to start when the file exists but no daemon is running.
 
- - Various man page improvements.
+ - Various man page improvements, including some html representations (that
+   aren't installed by default).
 
- - Made -V the short option for --version.
+ - Made -V the short option for --version and improved its information.
 
- - Forward -4 & -6 options to the ssh command, making them easier to type than
-   "--rsh='ssh -4'" (or -6).
+ - Pass the -4 or -6 option to the ssh command, making it easier to type than
+   `--rsh='ssh -4'` (or -6).
+
+ - Added example config for rsyncd SSL proxy configs to rsyncd.conf.
+
+ - More errors messages now mention if the error is coming from the sender or
+   the receiver.
 
 ### PACKAGING RELATED:
 
- - Add installed binary: /usr/bin/rsync-sll
+ - Add installed binary: /usr/bin/rsync-ssl
 
  - Add installed man page: /usr/man/man1/rsync-ssl.1
 
- - The rsync-ssl script wants to run either openssl or stunnel4, so consider
-   adding a dependency for openssl (though it's probably fine to just let it
-   complain about being unable to find either program and let the user decide
+ - Tweak auxiliary doc file names, such as: README.md, INSTALL.md, NEWS.md, &
+   OLDNEWS.md.
+
+ - The rsync-ssl script wants to run openssl or stunnel4, so consider adding a
+   dependency for one of those options (though it's probably fine to just let
+   it complain about being unable to find the program and let the user decide
    if they want to install one or the other).
 
  - If you packaged rsync + rsync-ssl + rsync-ssl-daemon as separate packages,
-   the rsync-ssl package is now gone (along with its install-ssl-client make
-   target -- rsync-ssl should be considered to be mainstream now that Samba
-   requires SSL for its rsync daemon).
+   the rsync-ssl package is now gone (rsync-ssl should be considered to be
+   mainstream now that Samba requires SSL for its rsync daemon).
 
  - Add _build_ dependency for liblz4-dev, libxxhash-dev, libzstd-dev, and
    libssl-dev.  These development libraries will give rsync extra compression
    algorithms, extra checksum algorithms, and allow use of openssl's crypto
-   lib for MD4/MD5 checksums.
+   lib for (potentially) faster MD4/MD5 checksums.
 
- - Add _build_ dependency for g++ to enable the SIMD checksum optimizations.
+ - Add _build_ dependency for g++ or clang++ on x86_64 systems to enable the
+   SIMD checksum optimizations.
 
  - Add _build_ dependency for _either_ python3-cmarkcfm or python3-commonmark
-   to allow for patching of man pages or building a git release.  Note that
-   cmarkcfm is faster than commonmark, but they generate the same data.
+   to allow for patching of man pages or building a git release.  This is not
+   required for a release-tar build, since it comes with pre-built man pages.
+   Note that cmarkcfm is faster than commonmark, but they generate the same
+   data.  The commonmark dependency is easiest to install since it's native
+   python, and can be installed via `pip3 install --user commonmark` if you
+   want to just install it for the build user (or omit `--user`).
 
- - Remove yodl _build_ dependency (if you listed it).
+ - Remove yodl _build_ dependency (if it was even listed before).
 
 ### DEVELOPER RELATED:
 
- - Silenced some annoying warnings about major()|minor() due to the autoconf
-   include-file check not being smart enough.
+ - Silenced some annoying warnings about major() & minor() by improving an
+   autoconf include-file check.
 
  - Converted the man pages from yodl to markdown. They are now processed via a
-   simple python3 script using the cmarkgfm OR commonmark library.  This should
-   make it easier for packaging rsync, since yodl has gotten obscure.
+   simple python3 script using the cmarkgfm **or** commonmark library.  This
+   should make it easier to package rsync, since yodl has gotten obscure.
 
  - Improved some configure checks to work better with strict C99 compilers.
 
- - The `--debug=FOO` options are no longer auto-forwarded to the server side,
-   allowing more control over what is output & the ability to request debug
-   data from divergent rsync versions.
-
- - Some perl scripts were recoded into awk and python3.
+ - Some perl building/packaging scripts were recoded into awk and python3.
 
  - Some defines in byteorder.h were changed into static inline functions that
    will help to ensure that the args don't get evaluated multiple times on
-   `careful alignment` hosts.
+   "careful alignment" hosts.
 
  - Some code typos were fixed (as pointed out by a Fossies run).
 

OLDNEWS.md

@@ -720,7 +720,7 @@ Protocol: 30 (unchanged)
    that hasn't really been created.
 
  - Fixed a problem with `--compress` (`-z`) where the receiving side could
-   return the error `inflate (token) returned `-5``.
+   return the error "inflate (token) returned -5".
 
  - Fixed a bug where `--delete-during` could delete in a directory before it
    noticed that the sending side sent an I/O error for that directory (both
@@ -739,7 +739,7 @@ Protocol: 30 (unchanged)
  - An absolute-path filter rule (i.e. with a '/' modifier) no longer loses its
    modifier when sending the filter rules to the remote rsync.
 
- - Improved the `--delete does not work without -r or -d` message.
+ - Improved the "--delete does not work without -r or -d" message.
 
  - Improved rsync's handling of `--timeout` to avoid a weird timeout case where
    the sender could timeout even though it has recently written data to the
@@ -1248,7 +1248,7 @@ Protocol: 30 (changed)
    either turn off `-d` (`--no-d`), or specify `-r --exclude='/*/*'` manually.
 
  - In `--dry-run` mode, the last line of the verbose summary text is output
-   with a `(DRY RUN)` suffix to help remind you that no updates were made.
+   with a "(DRY RUN)" suffix to help remind you that no updates were made.
    Similarly, `--only-write-batch` outputs `(BATCH ONLY)`.
 
  - A writable rsync daemon with `use chroot` disabled now defaults to a
@@ -1348,7 +1348,7 @@ Protocol: 30 (changed)
  - Using `--only-write-batch` to a daemon receiver now works properly (older
    versions would update some files while writing the batch).
 
- - Avoid outputting a `file has vanished` message when the file is a broken
+ - Avoid outputting a "file has vanished" message when the file is a broken
    symlink and `--copy-unsafe-links` or `--copy-dirlinks` is used (the code
    already handled this for `--copy-links`).
 
@@ -1426,8 +1426,8 @@ Protocol: 30 (changed)
  - Added the `--skip-compress=LIST` option to override the default list of file
    suffixes that will not be compressed when using `--compress` (`-z`).
 
- - The daemon's default for `dont compress` was extended to include: `*.7z
-   *.mp[34] *.mov *.avi *.ogg *.jpg *.jpeg` The name-matching routine was also
+ - The daemon's default for `dont compress` was extended to include: `*.7z`
+   `*.mp[34]` `*.mov` `*.avi` `*.ogg` `*.jpg` `*.jpeg` and the name-matching routine was also
    optimized to run more quickly.
 
  - The `--max-delete` option now outputs a warning if it skipped any file
@@ -1788,7 +1788,7 @@ Protocol: 29 (unchanged)
 
  - Removed the unused function `write_int_named()`, the unused variable
    `io_read_phase`, and the rarely used variable `io_write_phase`. This also
-   elides the confusing `phase "unknown"` part of one error message.
+   elides the confusing 'phase "unknown"' part of one error message.
 
  - Removed two unused configure checks and two related (also unused)
    compatibility functions.
@@ -3563,7 +3563,7 @@ Protocol: 26 (unchanged)
    int64` in rsync.h.
 
  - Fixed problem on systems such as Sunos4 that do not support realloc on a
-   NULL pointer; error was `out of memory in "flist_expand"`.
+   NULL pointer; error was 'out of memory in "flist_expand"'.
 
  - Fix for rsync server processes hanging around after the client unexpectedly
    disconnects. (Colin Walters) (Debian bug #128632)
@@ -3623,7 +3623,7 @@ Protocol: 26 (changed)
  - `--statistics` now shows memory heap usage on platforms that support
    mallinfo().
 
- - `The Ted T'so school of program optimization`: make progress visible and
+ - "The Ted T'so school of program optimization": make progress visible and
    people will think it's faster. (With `--progress`, rsync will show you how
    many files it has seen as it builds the `file_list`, giving some indication
    that it has not hung.)
@@ -3794,7 +3794,7 @@ Protocol: 25 (changed)
 
 | RELEASE DATE | VER.   | DATE OF COMMIT\* | PROTOCOL    |
 |--------------|--------|------------------|-------------|
-| ?? Jun 2020  | 3.2.0  |                  | 31          |
+| 19 Jun 2020  | 3.2.0  |                  | 31          |
 | 28 Jan 2018  | 3.1.3  |                  | 31          |
 | 21 Dec 2015  | 3.1.2  |                  | 31          |
 | 22 Jun 2014  | 3.1.1  |                  | 31          |

README.md

@@ -114,7 +114,7 @@ is hosted on github and on samba's site.  Feel free to access it here:
 
 or clone it from its samba repo:
 
-    git clone git://git.samba.org/rsync.git
+>     git clone git://git.samba.org/rsync.git
 
 See the download page for full details on all the ways to grab the
 source:

batch.c

@@ -271,7 +271,7 @@ void write_batch_shell_file(void)
 
 	/* We need to make sure that any protocol-based or negotiated choices get accurately
 	 * reflected in the options we save AND that we avoid any need for --read-batch to
-	 * do a string-based negotation (since we don't write them into the file). */
+	 * do a string-based negotiation (since we don't write them into the file). */
 	if (do_compression)
 		err |= write_opt("--compress-choice", compress_choice);
 	if (strchr(checksum_choice, ',') || xfersum_type != parse_csum_name(NULL, -1))

clientname.c

@@ -156,8 +156,8 @@ char *client_name(const char *ipaddr)
 }
 
 
-/* Try to read an haproxy header (V1 or V2). Returns 1 on success or 0 on failure. */
-int read_haproxy_header(int fd)
+/* Try to read an proxy protocol header (V1 or V2). Returns 1 on success or 0 on failure. */
+int read_proxy_protocol_header(int fd)
 {
 	union {
 		struct {
@@ -388,7 +388,7 @@ static int compare_addrinfo_sockaddr(const struct addrinfo *ai, const struct soc
 		sin1 = (const struct sockaddr_in6 *) ss;
 		sin2 = (const struct sockaddr_in6 *) ai->ai_addr;
 
-		if (ai->ai_addrlen < sizeof (struct sockaddr_in6)) {
+		if (ai->ai_addrlen < (int)sizeof (struct sockaddr_in6)) {
 			rprintf(FLOG, "%s: too short sockaddr_in6; length=%d\n",
 				fn, (int)ai->ai_addrlen);
 			return 1;

clientserver.c

@@ -394,7 +394,7 @@ void set_env_num(const char *var, long num)
 /* Used for both early exec & pre-xfer exec */
 static pid_t start_pre_exec(const char *cmd, int *arg_fd_ptr, int *error_fd_ptr)
 {
-	int arg_fds[2], error_fds[2], arg_fd, error_fd;
+	int arg_fds[2], error_fds[2], arg_fd;
 	pid_t pid;
 
 	if ((error_fd_ptr && pipe(error_fds) < 0) || (arg_fd_ptr && pipe(arg_fds) < 0) || (pid = fork()) < 0)
@@ -406,8 +406,7 @@ static pid_t start_pre_exec(const char *cmd, int *arg_fd_ptr, int *error_fd_ptr)
 
 		if (error_fd_ptr) {
 			close(error_fds[0]);
-			error_fd = error_fds[1];
-			set_blocking(error_fd);
+			set_blocking(error_fds[1]);
 		}
 
 		if (arg_fd_ptr) {
@@ -436,8 +435,8 @@ static pid_t start_pre_exec(const char *cmd, int *arg_fd_ptr, int *error_fd_ptr)
 
 		if (error_fd_ptr) {
 			close(STDIN_FILENO);
-			dup2(error_fd, STDOUT_FILENO);
-			close(error_fd);
+			dup2(error_fds[1], STDOUT_FILENO);
+			close(error_fds[1]);
 		}
 
 		status = shell_exec(cmd);
@@ -449,8 +448,8 @@ static pid_t start_pre_exec(const char *cmd, int *arg_fd_ptr, int *error_fd_ptr)
 
 	if (error_fd_ptr) {
 		close(error_fds[1]);
-		error_fd = *error_fd_ptr = error_fds[0];
-		set_blocking(error_fd);
+		*error_fd_ptr = error_fds[0];
+		set_blocking(error_fds[0]);
 	}
 
 	if (arg_fd_ptr) {
@@ -1130,7 +1129,7 @@ int start_daemon(int f_in, int f_out)
 	if (!load_config(0))
 		exit_cleanup(RERR_SYNTAX);
 
-	if (lp_haproxy_header() && !read_haproxy_header(f_in))
+	if (lp_proxy_protocol() && !read_proxy_protocol_header(f_in))
 		return -1;
 
 	p = lp_daemon_chroot();

compat.c

@@ -394,7 +394,7 @@ static void send_negotiate_str(int f_out, struct name_num_obj *nno, const char *
 
 	if (!do_negotiated_strings) {
 		if (!am_server && fail_if_empty) {
-			rprintf(FERROR, "Remote rsync is too old for %s negotation\n", nno->type);
+			rprintf(FERROR, "Remote rsync is too old for %s negotiation\n", nno->type);
 			exit_cleanup(RERR_UNSUPPORTED);
 		}
 		return;

configure.ac

@@ -1,6 +1,6 @@
 dnl Process this file with autoconf to produce a configure script.
 
-AC_INIT([rsync],[3.2.0pre1],[http://rsync.samba.org/bugzilla.html])
+AC_INIT([rsync],[3.2.0],[http://rsync.samba.org/bugzilla.html])
 
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_SRCDIR([byteorder.h])
@@ -42,12 +42,14 @@ dnl Checks for programs.
 AC_PROG_CC
 AC_PROG_CPP
 AC_PROG_CXX
+AC_PROG_AWK
 AC_PROG_EGREP
 AC_PROG_INSTALL
 AC_PROG_MKDIR_P
 AC_PROG_CC_STDC
 AC_SUBST(SHELL)
 AC_PATH_PROG([PERL], [perl])
+AC_PATH_PROG([PYTHON3], [python3])
 
 AC_DEFINE([_GNU_SOURCE], 1,
           [Define _GNU_SOURCE so that we get all necessary prototypes])
@@ -62,6 +64,40 @@ if test x"$enable_profile" = x"yes"; then
 	CFLAGS="$CFLAGS -pg"
 fi
 
+AC_MSG_CHECKING([if md2man can create man pages])
+if test x"$ac_cv_path_PYTHON3" = x; then
+    AC_MSG_RESULT(no - python3 not found)
+    md2man_works=no
+else
+    md2man_out=`"$srcdir/md2man" --test "$srcdir/rsync.1.md" 2>&1`
+    if test $? = 0; then
+	AC_MSG_RESULT(yes)
+	md2man_works=yes
+    else
+	AC_MSG_RESULT(no)
+	md2man_works=no
+	echo "$md2man_out"
+    fi
+fi
+
+AC_MSG_CHECKING([if we require man-page building])
+AC_ARG_ENABLE([md2man],
+	AS_HELP_STRING([--disable-md2man],[disable md2man for man page creation]))
+if test x"$enable_md2man" != x"no"; then
+    if test -f "$srcdir/rsync.1"; then
+	AC_MSG_RESULT(optional)
+    else
+	AC_MSG_RESULT(required)
+	if test x"$md2man_works" = x"no"; then
+	    AC_MSG_ERROR(You need python3 and the cmarkgfm OR commonmark python3 lib in order to build man pages.
+You can specify --disable-md2man if you want to skip building them.)
+	fi
+    fi
+    MAKE_MAN=man
+else
+    AC_MSG_RESULT(no)
+    MAKE_MAN=''
+fi
 
 # Specifically, this turns on panic_action handling.
 AC_ARG_ENABLE(maintainer-mode,
@@ -70,7 +106,6 @@ if test x"$enable_maintainer_mode" = x"yes"; then
 	CFLAGS="$CFLAGS -DMAINTAINER_MODE"
 fi
 
-
 # This is needed for our included version of popt.  Kind of silly, but
 # I don't want our version too far out of sync.
 CFLAGS="$CFLAGS -DHAVE_CONFIG_H"
@@ -163,31 +198,64 @@ SIMD=
 
 AC_MSG_CHECKING([whether to enable SIMD optimizations])
 AC_ARG_ENABLE(simd,
-    AS_HELP_STRING([--disable-simd],[disable SIMD optimizations (requires g++)]))
+    AS_HELP_STRING([--disable-simd],[disable SIMD optimizations (requires c++)]))
 
 if test x"$enable_simd" != x"no"; then
-    # For x86-64 SIMD, g++ is also required
-    if test x"$build_cpu" = x"x86_64" && test x"$CXX" = x"g++"; then
-        SIMD="$SIMD x86_64"
+    # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
+    if test x"$build_cpu" = x"x86_64"; then
+	CXX_OK=
+	if test x"$CXX" != x""; then
+	    CXX_VERSION=`$CXX --version 2>/dev/null | head -n 1`
+	    case "$CXX_VERSION" in
+	    g++*)
+		CXX_VERSION=`$CXX -dumpversion | sed 's/\..*//g'`
+		if test "$CXX_VERSION" -ge "5"; then
+		    CXX_OK=yes
+		fi
+		;;
+	    *clang*)
+		# $CXX -dumpversion would have been ideal, but is broken on older clang
+		CXX_VERSION=`echo "$CXX_VERSION" | sed 's/.*version //g' | sed 's/\..*//g'`
+		if test "$CXX_VERSION" -ge "7"; then
+		    CXX_OK=yes
+		fi
+		;;
+	    *)
+		CXX_VERSION='Unknown'
+		;;
+	    esac
+	else
+	    CXX='No c++'
+	    CXX_VERSION='Unknown'
+	fi
+	if test x"$CXX_OK" = x"yes"; then
+	    # AC_MSG_RESULT() is called below.
+	    SIMD="$SIMD x86_64"
+	else
+	    AC_MSG_RESULT(error)
+	    AC_MSG_ERROR([Failed to find g++ >=5 or clang++ >=7 for SIMD optimizations.
+Specify --disable-simd to continue without it. ($CXX, $CXX_VERSION)])
+	fi
+    elif test x"$enable_simd" = x"yes"; then
+        AC_MSG_RESULT(unavailable)
+        AC_MSG_ERROR(The SIMD optimizations are currently x86_64 only.
+Omit --enable-simd to continue without it.)
     fi
 fi
 
 if test x"$SIMD" != x""; then
-    SIMD=`echo "$SIMD" | sed -e 's/^ *//'`
+    SIMD=`echo "$SIMD" | sed 's/^ *//'`
     AC_MSG_RESULT([yes ($SIMD)])
-	AC_DEFINE(HAVE_SIMD, 1, [Define to 1 to enable SIMD optimizations])
-    SIMD=`echo "$SIMD" | sed -e 's/[[^ ]]\+/$(SIMD_&)/g'`
+    AC_DEFINE(HAVE_SIMD, 1, [Define to 1 to enable SIMD optimizations])
+    SIMD=`echo "\\\$(SIMD_$SIMD)" | sed 's/ /) $(SIMD_/g'`
+    # We only use c++ for its target attribute dispatching, disable unneeded bulky features
+    CXXFLAGS="$CXXFLAGS -fno-exceptions -fno-rtti"
 else
     AC_MSG_RESULT(no)
 fi
 
 AC_SUBST(SIMD)
 
-# We only use g++ for its target attribute dispatching, disable unneeded bulky features
-if test x"$CXXOBJ" != x""; then
-    CXXFLAGS="$CXXFLAGS -fno-exceptions -fno-rtti"
-fi
-
 # arrgh. libc in some old debian version screwed up the largefile
 # stuff, getting byte range locking wrong
 AC_CACHE_CHECK([for broken largefile support],rsync_cv_HAVE_BROKEN_LARGEFILE,[
@@ -382,9 +450,18 @@ AC_ARG_ENABLE([openssl],
 	AS_HELP_STRING([--disable-openssl],[disable openssl crypto library]))
 AH_TEMPLATE([USE_OPENSSL],
 [Undefine if you do not want to use openssl crypto library.  By default this is defined.])
-if test x"$enable_openssl" != x"no" && test x"$ac_cv_header_openssl_md4_h" = x"yes" && test x"$ac_cv_header_openssl_md5_h" = x"yes"; then
-    AC_MSG_RESULT(yes)
-    AC_SEARCH_LIBS(MD5_Init, crypto, [AC_DEFINE(USE_OPENSSL)])
+if test x"$enable_openssl" != x"no"; then
+    if test x"$ac_cv_header_openssl_md4_h" = x"yes" && test x"$ac_cv_header_openssl_md5_h" = x"yes"; then
+      AC_MSG_RESULT(yes)
+      AC_SEARCH_LIBS(MD5_Init, crypto,
+          [AC_DEFINE(USE_OPENSSL)],
+          [AC_MSG_ERROR(Failed to find MD5_Init function in openssl crypto lib.
+Use --disable-openssl to continue without openssl crypto lib support.)])
+    else
+        AC_MSG_RESULT(no)
+        AC_MSG_ERROR(Failed to find openssl/md4.h and openssl/md5.h for openssl crypto lib support.
+Use --disable-openssl to continue without it.)
+    fi
 else
     AC_MSG_RESULT(no)
 fi
@@ -394,9 +471,18 @@ AC_ARG_ENABLE([xxhash],
 	AS_HELP_STRING([--disable-xxhash],[disable xxhash checksums]))
 AH_TEMPLATE([SUPPORT_XXHASH],
 [Undefine if you do not want xxhash checksums.  By default this is defined.])
-if test x"$enable_xxhash" != x"no" && test x"$ac_cv_header_xxhash_h" = x"yes"; then
-    AC_MSG_RESULT(yes)
-    AC_SEARCH_LIBS(XXH64_createState, xxhash, [AC_DEFINE(SUPPORT_XXHASH)])
+if test x"$enable_xxhash" != x"no"; then
+    if test x"$ac_cv_header_xxhash_h" = x"yes"; then
+	AC_MSG_RESULT(yes)
+	AC_SEARCH_LIBS(XXH64_createState, xxhash,
+	    [AC_DEFINE(SUPPORT_XXHASH)],
+	    [AC_MSG_ERROR(Failed to find XXH64_createState function in xxhash lib.
+Use --disable-xxhash to continue without xxhash checksums.)])
+    else
+	AC_MSG_RESULT(no)
+	AC_MSG_ERROR(Failed to find xxhash.h for xxhash checksum support.
+Use --disable-xxhash to continue without it.)
+    fi
 else
     AC_MSG_RESULT(no)
 fi
@@ -406,9 +492,18 @@ AC_ARG_ENABLE([zstd],
         AC_HELP_STRING([--disable-zstd], [disable zstd compression]))
 AH_TEMPLATE([SUPPORT_ZSTD],
 [Undefine if you do not want zstd compression.  By default this is defined.])
-if test x"$enable_zstd" != x"no" && test x"$ac_cv_header_zstd_h" = x"yes"; then
-    AC_MSG_RESULT(yes)
-    AC_SEARCH_LIBS(ZSTD_minCLevel, zstd, [AC_DEFINE(SUPPORT_ZSTD)])
+if test x"$enable_zstd" != x"no"; then
+    if test x"$ac_cv_header_zstd_h" = x"yes"; then
+	AC_MSG_RESULT(yes)
+	AC_SEARCH_LIBS(ZSTD_minCLevel, zstd,
+	    [AC_DEFINE(SUPPORT_ZSTD)],
+	    [AC_MSG_ERROR(Failed to find ZSTD_minCLevel function in zstd lib.
+Use --disable-zstd to continue without zstd compression.)])
+    else
+	AC_MSG_RESULT(no)
+	AC_MSG_ERROR(Failed to find zstd.h for zstd compression support.
+Use --disable-zstd to continue without it.)
+    fi
 else
     AC_MSG_RESULT(no)
 fi
@@ -418,9 +513,18 @@ AC_ARG_ENABLE([lz4],
         AC_HELP_STRING([--disable-lz4], [disable LZ4 compression]))
 AH_TEMPLATE([SUPPORT_LZ4],
 [Undefine if you do not want LZ4 compression.  By default this is defined.])
-if test x"$enable_lz4" != x"no" && test x"$ac_cv_header_lz4_h" = x"yes"; then
-    AC_MSG_RESULT(yes)
-    AC_SEARCH_LIBS(LZ4_compress_default, lz4, [AC_DEFINE(SUPPORT_LZ4)])
+if test x"$enable_lz4" != x"no"; then
+    if test x"$ac_cv_header_lz4_h" = x"yes"; then
+	AC_MSG_RESULT(yes)
+	AC_SEARCH_LIBS(LZ4_compress_default, lz4,
+	    [AC_DEFINE(SUPPORT_LZ4)],
+	    [AC_MSG_ERROR(Failed to find LZ4_compress_default function in lz4 lib.
+Use --disable-lz4 to continue without lz4 compression.)])
+    else
+	AC_MSG_RESULT(no)
+	AC_MSG_ERROR(Failed to find lz4.h for lz4 compression support.
+Use --disable-lz4 to continue without it.)
+    fi
 else
     AC_MSG_RESULT(no)
 fi
@@ -556,7 +660,7 @@ size_t iconv();
 #endif
 ]], [[]])],[am_cv_proto_iconv_arg1=""],[am_cv_proto_iconv_arg1="const"])
       am_cv_proto_iconv="extern size_t iconv (iconv_t cd, $am_cv_proto_iconv_arg1 char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);"])
-    am_cv_proto_iconv=`echo "[$]am_cv_proto_iconv" | tr -s ' ' | sed -e 's/( /(/'`
+    am_cv_proto_iconv=`echo "[$]am_cv_proto_iconv" | tr -s ' ' | sed 's/( /(/'`
 AC_MSG_RESULT([$]{ac_t:-
          }[$]am_cv_proto_iconv)
 AC_DEFINE_UNQUOTED(ICONV_CONST, $am_cv_proto_iconv_arg1,
@@ -763,7 +867,7 @@ AC_ARG_ENABLE(iconv,
     AS_HELP_STRING([--disable-iconv],[disable rsync's --iconv option]),
     [], [enable_iconv=$enable_iconv_open])
 AH_TEMPLATE([ICONV_OPTION],
-[Define if you want the --iconv option.  Specifing a value will set the
+[Define if you want the --iconv option.  Specifying a value will set the
 default iconv setting (a NULL means no --iconv processing by default).])
 if test x"$enable_iconv" != x"no"; then
 	if test x"$enable_iconv" = x"yes"; then

define-from-md.awk

@@ -0,0 +1,41 @@
+#!/usr/bin/awk -f
+
+# The caller must pass args: -v hfile=NAME rsync.1.md
+
+BEGIN {
+    heading = "/* DO NOT EDIT THIS FILE!  It is auto-generated from a list of values in " ARGV[1] "! */"
+    if (hfile ~ /compress/) {
+	define = "#define DEFAULT_DONT_COMPRESS"
+	prefix = "*."
+    } else {
+	define = "#define DEFAULT_CVSIGNORE"
+	prefix = ""
+    }
+    value_list = ""
+}
+
+/^    > [^ ]+$/ {
+    gsub(/`/, "")
+    if (value_list != "") value_list = value_list " "
+    value_list = value_list prefix $2
+    next
+}
+
+value_list ~ /\.gz / && hfile ~ /compress/ {
+    exit
+}
+
+value_list ~ /SCCS / && hfile ~ /cvsignore/ {
+    exit
+}
+
+value_list = ""
+
+END {
+    if (value_list != "")
+	print heading "\n\n" define " \"" value_list "\"" > hfile
+    else {
+	print "Failed to find a value list in " ARGV[1] " for " hfile
+	exit 1
+    }
+}

exclude.c

@@ -21,6 +21,7 @@
  */
 
 #include "rsync.h"
+#include "default-cvsignore.h"
 
 extern int am_server;
 extern int am_sender;
@@ -1051,16 +1052,6 @@ static filter_rule *parse_rule_tok(const char **rulestr_ptr,
 	return rule;
 }
 
-static char default_cvsignore[] =
-	/* These default ignored items come from the CVS manual. */
-	"RCS SCCS CVS CVS.adm RCSLOG cvslog.* tags TAGS"
-	" .make.state .nse_depinfo *~ #* .#* ,* _$* *$"
-	" *.old *.bak *.BAK *.orig *.rej .del-*"
-	" *.a *.olb *.o *.obj *.so *.exe"
-	" *.Z *.elc *.ln core"
-	/* The rest we added to suit ourself. */
-	" .svn/ .git/ .hg/ .bzr/";
-
 static void get_cvs_excludes(uint32 rflags)
 {
 	static int initialized = 0;
@@ -1070,7 +1061,7 @@ static void get_cvs_excludes(uint32 rflags)
 		return;
 	initialized = 1;
 
-	parse_filter_str(&cvs_filter_list, default_cvsignore,
+	parse_filter_str(&cvs_filter_list, DEFAULT_CVSIGNORE,
 			 rule_template(rflags | (protocol_version >= 30 ? FILTRULE_PERISHABLE : 0)),
 			 0);
 

help-from-md.awk

@@ -0,0 +1,40 @@
+#!/usr/bin/awk -f
+
+# The caller must pass args: -v hfile=help-NAME.h NAME.NUM.md
+
+BEGIN {
+    heading = "/* DO NOT EDIT THIS FILE!  It is auto-generated from the option list in " ARGV[1] "! */"
+    findcomment = hfile
+    sub("\\.", "\\.", findcomment)
+    findcomment = "\\[comment\\].*" findcomment
+    backtick_cnt = 0
+    prints = ""
+}
+
+/^```/ {
+    backtick_cnt++
+    next
+}
+
+foundcomment {
+    if (backtick_cnt > 1) exit
+    if (backtick_cnt == 1) {
+	gsub(/"/, "\\\"")
+	prints = prints "\n  rprintf(F,\"" $0 "\\n\");"
+    }
+    next
+}
+
+$0 ~ findcomment {
+    foundcomment = 1
+    backtick_cnt = 0
+}
+
+END {
+    if (foundcomment && backtick_cnt > 1)
+	print heading "\n" prints > hfile
+    else {
+	print "Failed to find " hfile " section in " ARGV[1]
+	exit 1
+    }
+}

io.c

@@ -251,8 +251,7 @@ static size_t safe_read(int fd, char *buf, size_t len)
 		cnt = select(fd+1, &r_fds, NULL, &e_fds, &tv);
 		if (cnt <= 0) {
 			if (cnt < 0 && errno == EBADF) {
-				rsyserr(FERROR, errno, "safe_read select failed [%s]",
-					who_am_i());
+				rsyserr(FERROR, errno, "safe_read select failed");
 				exit_cleanup(RERR_FILEIO);
 			}
 			check_timeout(1, MSK_ALLOW_FLUSH);
@@ -271,8 +270,7 @@ static size_t safe_read(int fd, char *buf, size_t len)
 			if (n < 0) {
 				if (errno == EINTR)
 					continue;
-				rsyserr(FERROR, errno, "safe_read failed to read %ld bytes [%s]",
-					(long)len, who_am_i());
+				rsyserr(FERROR, errno, "safe_read failed to read %ld bytes", (long)len);
 				exit_cleanup(RERR_STREAMIO);
 			}
 			if ((got += (size_t)n) == len)
@@ -315,8 +313,8 @@ static void safe_write(int fd, const char *buf, size_t len)
 		if (errno != EINTR && errno != EWOULDBLOCK && errno != EAGAIN) {
 		  write_failed:
 			rsyserr(FERROR, errno,
-				"safe_write failed to write %ld bytes to %s [%s]",
-				(long)len, what_fd_is(fd), who_am_i());
+				"safe_write failed to write %ld bytes to %s",
+				(long)len, what_fd_is(fd));
 			exit_cleanup(RERR_STREAMIO);
 		}
 	} else {
@@ -337,8 +335,7 @@ static void safe_write(int fd, const char *buf, size_t len)
 		cnt = select(fd + 1, NULL, &w_fds, NULL, &tv);
 		if (cnt <= 0) {
 			if (cnt < 0 && errno == EBADF) {
-				rsyserr(FERROR, errno, "safe_write select failed on %s [%s]",
-					what_fd_is(fd), who_am_i());
+				rsyserr(FERROR, errno, "safe_write select failed on %s", what_fd_is(fd));
 				exit_cleanup(RERR_FILEIO);
 			}
 			if (io_timeout)
@@ -815,7 +812,7 @@ static char *perform_io(size_t needed, int flags)
 					msgs2stderr = 1;
 					iobuf.out_fd = -2;
 					iobuf.out.len = iobuf.msg.len = iobuf.raw_flushing_ends_before = 0;
-					rsyserr(FERROR_SOCKET, errno, "[%s] write error", who_am_i());
+					rsyserr(FERROR_SOCKET, errno, "write error");
 					drain_multiplex_messages();
 					exit_cleanup(RERR_SOCKETIO);
 				}

lib/sysxattrs.h

@@ -1,9 +1,9 @@
 #ifdef SUPPORT_XATTRS
 
-#if defined HAVE_ATTR_XATTR_H
-#include <attr/xattr.h>
-#elif defined HAVE_SYS_XATTR_H
+#if defined HAVE_SYS_XATTR_H
 #include <sys/xattr.h>
+#elif defined HAVE_ATTR_XATTR_H
+#include <attr/xattr.h>
 #elif defined HAVE_SYS_EXTATTR_H
 #include <sys/extattr.h>
 #endif

loadparm.c

@@ -42,6 +42,7 @@
 
 #include "rsync.h"
 #include "itypes.h"
+#include "default-dont-compress.h"
 
 extern item_list dparam_list;
 
@@ -52,11 +53,6 @@ extern item_list dparam_list;
 #define LOG_DAEMON 0
 #endif
 
-#define DEFAULT_DONT_COMPRESS "*.gz *.zip *.z *.rpm *.deb *.iso *.bz2" \
-	" *.t[gb]z *.7z *.mp[34] *.mov *.avi *.ogg *.jpg *.jpeg *.png" \
-	" *.lzo *.rzip *.lzma *.rar *.ace *.gpg *.xz *.txz *.lz *.tlz" \
-	" *.ogv *.web[mp] *.squashfs"
-
 /* the following are used by loadparm for option lists */
 typedef enum {
 	P_BOOL, P_BOOLREV, P_CHAR, P_INTEGER,
@@ -112,7 +108,7 @@ typedef struct {
 	int listen_backlog;
 	int rsync_port;
 
-	BOOL haproxy_header;
+	BOOL proxy_protocol;
 } global_vars;
 
 /* This structure describes a single section.  Their order must match the
@@ -233,7 +229,7 @@ static const all_vars Defaults = {
  /* listen_backlog; */		5,
  /* rsync_port; */		0,
 
- /* haproxy_header; */		False,
+ /* proxy_protocol; */		False,
  },
 
  /* ==== local_vars ==== */
@@ -406,8 +402,8 @@ static struct parm_struct parm_table[] =
  {"motd file",         P_STRING, P_GLOBAL,&Vars.g.motd_file,           NULL,0},
  {"pid file",          P_STRING, P_GLOBAL,&Vars.g.pid_file,            NULL,0},
  {"port",              P_INTEGER,P_GLOBAL,&Vars.g.rsync_port,          NULL,0},
+ {"proxy protocol",    P_BOOL,   P_LOCAL, &Vars.g.proxy_protocol,      NULL,0},
  {"socket options",    P_STRING, P_GLOBAL,&Vars.g.socket_options,      NULL,0},
- {"haproxy header",    P_BOOL,   P_LOCAL, &Vars.g.haproxy_header,      NULL,0},
 
  {"auth users",        P_STRING, P_LOCAL, &Vars.l.auth_users,          NULL,0},
  {"charset",           P_STRING, P_LOCAL, &Vars.l.charset,             NULL,0},
@@ -549,7 +545,7 @@ FN_GLOBAL_STRING(lp_socket_options, socket_options)
 FN_GLOBAL_INTEGER(lp_listen_backlog, listen_backlog)
 FN_GLOBAL_INTEGER(lp_rsync_port, rsync_port)
 
-FN_GLOBAL_BOOL(lp_haproxy_header, haproxy_header)
+FN_GLOBAL_BOOL(lp_proxy_protocol, proxy_protocol)
 
 FN_LOCAL_STRING(lp_auth_users, auth_users)
 FN_LOCAL_STRING(lp_charset, charset)

log.c

@@ -318,10 +318,10 @@ void rwrite(enum logcode code, const char *buf, int len, int is_utf8)
 		if (quiet)
 			return;
 		break;
-	//case FLOG:
-	//case FCLIENT:
-	//case FERROR_UTF8:
-	//case FERROR_SOCKET:
+	/*case FLOG:*/
+	/*case FCLIENT:*/
+	/*case FERROR_UTF8:*/
+	/*case FERROR_SOCKET:*/
 	default:
 		fprintf(stderr, "Bad logcode in rwrite(): %d [%s]\n", (int)code, who_am_i());
 		exit_cleanup(RERR_MESSAGEIO);
@@ -452,8 +452,7 @@ void rsyserr(enum logcode code, int errcode, const char *format, ...)
 	char buf[BIGPATHBUFLEN];
 	size_t len;
 
-	strlcpy(buf, RSYNC_NAME ": ", sizeof buf);
-	len = (sizeof RSYNC_NAME ": ") - 1;
+	len = snprintf(buf, sizeof buf, RSYNC_NAME ": [%s] ", who_am_i());
 
 	va_start(ap, format);
 	len += vsnprintf(buf + len, sizeof buf - len, format, ap);

md2man

@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 
 # This script takes a manpage written in markdown and turns it into an html web
 # page and a nroff man page.  The input file must have the name of the program
@@ -35,6 +35,7 @@ body, b, strong, u {
 code {
   font-family: 'Roboto Mono', monospace;
   font-weight: bold;
+  white-space: pre;
 }
 pre code {
   display: block;
@@ -64,7 +65,9 @@ MAN_END = """\
 
 NORM_FONT = ('\1', r"\fP")
 BOLD_FONT = ('\2', r"\fB")
-ULIN_FONT = ('\3', r"\fI")
+UNDR_FONT = ('\3', r"\fI")
+NBR_DASH = ('\4', r"\-")
+NBR_SPACE = ('\xa0', r"\ ")
 
 md_parser = None
 
@@ -78,46 +81,49 @@ def main():
         fi.srcdir = './'
 
     fi.title = fi.prog + '(' + fi.sect + ') man page'
-    fi.mtime = None
+    fi.mtime = 0
 
     if os.path.lexists(fi.srcdir + '.git'):
         fi.mtime = int(subprocess.check_output('git log -1 --format=%at'.split()))
 
-    chk_files = 'NEWS.md Makefile'.split()
-    for fn in chk_files:
-        try:
-            st = os.lstat(fi.srcdir + fn)
-        except:
-            die('Failed to find', fi.srcdir + fn)
-        if not fi.mtime:
-            fi.mtime = st.st_mtime
-
-    fi.date = time.strftime('%d %b %Y', time.localtime(fi.mtime))
-
     env_subs = { 'prefix': os.environ.get('RSYNC_OVERRIDE_PREFIX', None) }
 
-    with open(fi.srcdir + 'Makefile', 'r', encoding='utf-8') as fh:
-        for line in fh:
-            m = re.match(r'^(\w+)=(.+)', line)
-            if not m:
-                continue
-            var, val = (m[1], m[2])
-            if var == 'prefix' and env_subs[var] is not None:
-                continue
-            while re.search(r'\$\{', val):
-                val = re.sub(r'\$\{(\w+)\}', lambda m: env_subs[m[1]], val)
-            env_subs[var] = val
-            if var == 'VERSION':
-                break
+    if args.test:
+        env_subs['VERSION'] = '1.0.0'
+        env_subs['libdir'] = '/usr'
+    else:
+        for fn in 'NEWS.md Makefile'.split():
+            try:
+                st = os.lstat(fi.srcdir + fn)
+            except:
+                die('Failed to find', fi.srcdir + fn)
+            if not fi.mtime:
+                fi.mtime = st.st_mtime
+
+        with open(fi.srcdir + 'Makefile', 'r', encoding='utf-8') as fh:
+            for line in fh:
+                m = re.match(r'^(\w+)=(.+)', line)
+                if not m:
+                    continue
+                var, val = (m.group(1), m.group(2))
+                if var == 'prefix' and env_subs[var] is not None:
+                    continue
+                while re.search(r'\$\{', val):
+                    val = re.sub(r'\$\{(\w+)\}', lambda m: env_subs[m.group(1)], val)
+                env_subs[var] = val
+                if var == 'VERSION':
+                    break
 
     with open(fi.fn, 'r', encoding='utf-8') as fh:
         txt = fh.read()
 
     txt = re.sub(r'@VERSION@', env_subs['VERSION'], txt)
     txt = re.sub(r'@LIBDIR@', env_subs['libdir'], txt)
+
     fi.html_in = md_parser(txt)
     txt = None
 
+    fi.date = time.strftime('%d %b %Y', time.localtime(fi.mtime))
     fi.man_headings = (fi.prog, fi.sect, fi.date, fi.prog + ' ' + env_subs['VERSION'])
 
     HtmlToManPage(fi)
@@ -151,6 +157,7 @@ class HtmlToManPage(HTMLParser):
                 at_first_tag_in_dd = False,
                 dt_from = None,
                 in_pre = False,
+                in_code = False,
                 html_out = [ HTML_START % fi.title ],
                 man_out = [ MAN_START % fi.man_headings ],
                 txt = '',
@@ -180,6 +187,8 @@ class HtmlToManPage(HTMLParser):
                     tag = 'dt'
                 else:
                     st.html_out.append('<dt>')
+            elif tag == 'p':
+                st.at_first_tag_in_dd = True # Kluge to suppress a .P at the start of an li.
             st.at_first_tag_in_li = False
         if tag == 'p':
             if not st.at_first_tag_in_dd:
@@ -200,12 +209,13 @@ class HtmlToManPage(HTMLParser):
             st.in_pre = True
             st.man_out.append(st.p_macro + ".nf\n")
         elif tag == 'code' and not st.in_pre:
+            st.in_code = True
             st.txt += BOLD_FONT[0]
         elif tag == 'strong' or tag == 'b':
             st.txt += BOLD_FONT[0]
         elif tag == 'em' or  tag == 'i':
             tag = 'u' # Change it into underline to be more like the man page
-            st.txt += ULIN_FONT[0]
+            st.txt += UNDR_FONT[0]
         elif tag == 'ol':
             start = 1
             for var, val in attrs_list:
@@ -266,7 +276,10 @@ class HtmlToManPage(HTMLParser):
         elif tag == 'pre':
             st.in_pre = False
             st.man_out.append(manify(txt) + "\n.fi\n")
-        elif (tag == 'code' and not st.in_pre) or tag == 'strong' or tag == 'b':
+        elif (tag == 'code' and not st.in_pre):
+            st.in_code = False
+            add_to_txt = NORM_FONT[0]
+        elif tag == 'strong' or tag == 'b':
             add_to_txt = NORM_FONT[0]
         elif tag == 'em' or  tag == 'i':
             tag = 'u' # Change it into underline to be more like the man page
@@ -295,12 +308,21 @@ class HtmlToManPage(HTMLParser):
             st.at_first_tag_in_dd = True
 
 
-    def handle_data(self, data):
+    def handle_data(self, txt):
         st = self.state
         if args.debug:
-            self.output_debug('DATA', (data,))
-        st.html_out.append(htmlify(data))
-        st.txt += data
+            self.output_debug('DATA', (txt,))
+        if st.in_pre:
+            html = htmlify(txt)
+        else:
+            txt = re.sub(r'\s--(\s)', NBR_SPACE[0] + r'--\1', txt).replace('--', NBR_DASH[0]*2)
+            txt = re.sub(r'(^|\W)-', r'\1' + NBR_DASH[0], txt)
+            html = htmlify(txt)
+            if st.in_code:
+                txt = re.sub(r'\s', NBR_SPACE[0], txt)
+                html = html.replace(NBR_DASH[0], '-').replace(NBR_SPACE[0], ' ') # <code> is non-breaking in CSS
+        st.html_out.append(html.replace(NBR_SPACE[0], '&nbsp;').replace(NBR_DASH[0], '-&#8288;'))
+        st.txt += txt
 
 
     def output_debug(self, event, extra):
@@ -318,9 +340,11 @@ class HtmlToManPage(HTMLParser):
 
 def manify(txt):
     return re.sub(r"^(['.])", r'\&\1', txt.replace('\\', '\\\\')
+            .replace(NBR_SPACE[0], NBR_SPACE[1])
+            .replace(NBR_DASH[0], NBR_DASH[1])
             .replace(NORM_FONT[0], NORM_FONT[1])
             .replace(BOLD_FONT[0], BOLD_FONT[1])
-            .replace(ULIN_FONT[0], ULIN_FONT[1]), flags=re.M)
+            .replace(UNDR_FONT[0], UNDR_FONT[1]), flags=re.M)
 
 
 def htmlify(txt):

options.c

@@ -200,8 +200,11 @@ int list_only = 0;
 char *batch_name = NULL;
 
 int need_unsorted_flist = 0;
+char *iconv_opt =
 #ifdef ICONV_OPTION
-char *iconv_opt = ICONV_OPTION;
+		ICONV_OPTION;
+#else
+		NULL;
 #endif
 
 struct chmod_mode_struct *chmod_modes = NULL;
@@ -308,9 +311,7 @@ static int refused_partial, refused_progress, refused_delete_before;
 static int refused_delete_during;
 static int refused_inplace, refused_no_iconv;
 static BOOL usermap_via_chown, groupmap_via_chown;
-#ifdef HAVE_SETVBUF
 static char *outbuf_mode;
-#endif
 static char *bwlimit_arg, *max_size_arg, *min_size_arg;
 static char tmp_partialdir[] = ".~tmp~";
 

packaging/branch-from-patch

@@ -1,4 +1,4 @@
-#!/usr/bin/python3 -B
+#!/usr/bin/env -S python3 -B
 
 # This script turns one or more diff files in the patches dir (which is
 # expected to be a checkout of the rsync-patches git repo) into a branch

packaging/cull_options

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 # This script outputs some perl code that parses all possible options
 # that the code in options.c might send to the server.  This perl code
 # is included in the rrsync script.
@@ -23,6 +23,7 @@ our %long_opt = ( # These include some extra long-args that BackupPC uses:
     'perms' => 0,
     'recursive' => 0,
     'times' => 0,
+    'write-devices' => -1,
 );
 our $last_long_opt;
 
@@ -39,10 +40,10 @@ while (<IN>) {
 	$last_long_opt = $1;
 	$long_opt{$1} = 0 unless exists $long_opt{$1};
     } elsif (defined($last_long_opt)
-	&& /\Qargs[ac++]\E = ([^["\s]+);/ && $1 ne 'dest_option') {
+	&& /\Qargs[ac++]\E = ([^["\s]+);/) {
 	$long_opt{$last_long_opt} = 2;
 	undef $last_long_opt;
-    } elsif (/dest_option = "--([^"]+)"/) {
+    } elsif (/return "--([^"]+-dest)";/) {
 	$long_opt{$1} = 2;
 	undef $last_long_opt;
     } elsif (/\Qasprintf(\E[^,]+, "--([^"=]+)=/ || /\Qargs[ac++]\E = "--([^"=]+)=/ || /fmt = .*: "--([^"=]+)=/) {

packaging/lsb/rsync.spec

@@ -1,9 +1,9 @@
 Summary: A fast, versatile, remote (and local) file-copying tool
 Name: rsync
 Version: 3.2.0
-%define fullversion %{version}pre1
-Release: 0.1.pre1
-%define srcdir src-previews
+%define fullversion %{version}
+Release: 1
+%define srcdir src
 Group: Applications/Internet
 License: GPL
 Source0: http://rsync.samba.org/ftp/rsync/%{srcdir}/rsync-%{fullversion}.tar.gz
@@ -79,9 +79,9 @@ rm -rf $RPM_BUILD_ROOT
 %dir /etc/rsync-ssl/certs
 
 %changelog
-* Sat Jun 13 2020 Wayne Davison <wayned@samba.org>
-Released 3.2.0pre1.
+* Fri Jun 19 2020 Wayne Davison <wayne@opencoder.net>
+Released 3.2.0.
 
-* Fri Mar 21 2008 Wayne Davison <wayned@samba.org>
+* Fri Mar 21 2008 Wayne Davison <wayne@opencoder.net>
 Added installation of /etc/xinetd.d/rsync file and some commented-out
 lines that demonstrate how to use the rsync-patches tar file.

packaging/md2html

@@ -0,0 +1,99 @@
+#!/usr/bin/env python3
+
+# Copyright (C) 2020 Wayne Davison
+#
+# This program is freely redistributable.
+
+import os, re, argparse
+
+HTML_START = """\
+<html><head>
+<title>%s</title>
+<link href="https://fonts.googleapis.com/css2?family=Roboto&family=Roboto+Mono&display=swap" rel="stylesheet">
+<style>
+body {
+  max-width: 50em;
+  margin: auto;
+}
+body, b, strong, u {
+  font-family: 'Roboto', sans-serif;
+}
+code {
+  font-family: 'Roboto Mono', monospace;
+  font-weight: bold;
+}
+pre code {
+  display: block;
+  font-weight: normal;
+}
+blockquote pre code {
+  background: #f1f1f1;
+}
+dd p:first-of-type {
+  margin-block-start: 0em;
+}
+</style>
+</head><body>
+"""
+
+HTML_END = """\
+</body></html>
+"""
+
+md_parser = None
+
+def main():
+    for mdfn in args.mdfiles:
+        if not mdfn.endswith('.md'):
+            print('Ignoring non-md input file:', mdfn)
+            continue
+        title = re.sub(r'.*/', '', mdfn).replace('.md', '')
+        htfn = mdfn.replace('.md', '.html')
+
+        print("Parsing", mdfn, '->', htfn)
+
+        with open(mdfn, 'r', encoding='utf-8') as fh:
+            txt = fh.read()
+
+        txt = re.sub(r'\s--\s', '\xa0-- ', txt)
+
+        html = md_parser(txt)
+
+        html = re.sub(r'(<code>)([\s\S]*?)(</code>)', lambda m: m[1] + re.sub(r'\s', '\xa0', m[2]) + m[3], html)
+        html = html.replace('--', '&#8209;&#8209;').replace("\xa0-", '&nbsp;&#8209;').replace("\xa0", '&nbsp;')
+        html = re.sub(r'(\W)-', r'\1&#8209;', html)
+
+        if os.path.lexists(htfn):
+            os.unlink(htfn)
+
+        with open(htfn, 'w', encoding='utf-8') as fh:
+            fh.write(HTML_START % title)
+            fh.write(html)
+            fh.write(HTML_END)
+
+
+def html_via_cmarkgfm(txt):
+    return cmarkgfm.markdown_to_html(txt)
+
+
+def html_via_commonmark(txt):
+    return commonmark.HtmlRenderer().render(commonmark.Parser().parse(txt))
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Output html for md pages.', add_help=False)
+    parser.add_argument("--help", "-h", action="help", help="Output this help message and exit.")
+    parser.add_argument("mdfiles", nargs='+', help="The .md files to turn into .html files.")
+    args = parser.parse_args()
+
+    try:
+        import cmarkgfm
+        md_parser = html_via_cmarkgfm
+    except:
+        try:
+            import commonmark
+            md_parser = html_via_commonmark
+        except:
+            die("Failed to find cmarkgfm or commonmark for python3.")
+
+    main()

packaging/nightly-rsync

@@ -1,4 +1,4 @@
-#!/usr/bin/python3 -B
+#!/usr/bin/env -S python3 -B
 
 # This script expects the directory ~/samba-rsync-ftp to exist and to be a
 # copy of the /home/ftp/pub/rsync dir on samba.org.  It also requires a

packaging/patch-update

@@ -1,4 +1,4 @@
-#!/usr/bin/python3 -B
+#!/usr/bin/env -S python3 -B
 
 # This script is used to turn one or more of the "patch/BASE/*" branches
 # into one or more diffs in the "patches" directory.  Pass the option

packaging/release-rsync

@@ -1,4 +1,4 @@
-#!/usr/bin/python3 -B
+#!/usr/bin/env -S python3 -B
 
 # This script expects the directory ~/samba-rsync-ftp to exist and to be a
 # copy of the /home/ftp/pub/rsync dir on samba.org.  When the script is done,
@@ -75,12 +75,9 @@ def main():
 
     v_ver = 'v' + version
     rsync_ver = 'rsync-' + version
-    rsync_lastver = 'rsync-' + lastversion
 
     if os.path.lexists(rsync_ver):
         die(f'"{rsync_ver}" must not exist in the current directory.')
-    if os.path.lexists(rsync_lastver):
-        die(f'"{rsync_lastver}" must not exist in the current directory.')
 
     out = cmd_txt_chk(['git', 'tag', '-l', v_ver])
     if out != '':
@@ -99,6 +96,10 @@ def main():
         lastversion = ans
     lastversion = re.sub(r'[-.]*pre[-.]*', 'pre', lastversion)
 
+    rsync_lastver = 'rsync-' + lastversion
+    if os.path.lexists(rsync_lastver):
+        die(f'"{rsync_lastver}" must not exist in the current directory.')
+
     m = re.search(r'(pre\d+)', version)
     pre = m[1] if m else ''
 
@@ -254,10 +255,9 @@ About to:
     if re.match(r'^y', ans, re.I):
         print(f'\nVisiting all "patch/{args.master_branch}/*" branches ...')
         cmd_run(f"packaging/patch-update --branch={args.master_branch} --skip-check --shell")
-        cmd_run("rm -f *.[o15] *.html")
-        cmd_chk('rsync -a SaVeDiR/ .'.split())
-        shutil.rmtree('SaVeDiR')
-        cmd_chk('make gen'.split())
+
+    cmd_run("rm -f *.[o15] *.html")
+    cmd_chk('rsync -a SaVeDiR/ .'.split())
 
     if os.path.isdir('patches/.git'):
         s = cmd_run(f"cd patches && git commit -a -m 'The patches for {version}.'")
@@ -320,20 +320,28 @@ About to:
     os.mkdir(f"{rsync_ver}/patches", 0o755)
     cmd_chk(f"packaging/patch-update --skip-check --branch={args.master_branch} --gen={rsync_ver}/patches".split())
 
+    cmd_run("rm -f *.[o15] *.html")
+    cmd_chk('rsync -a SaVeDiR/ .'.split())
+    shutil.rmtree('SaVeDiR')
+    cmd_chk('make gen'.split())
+
     print(f"Creating {pattar_file} ...")
     cmd_chk(['fakeroot', 'tar', 'chzf', pattar_file, rsync_ver + '/patches'])
     shutil.rmtree(rsync_ver)
 
     print(f"Updating the other files in {dest} ...")
-    cmd_chk('rsync -a README.md NEWS.md OLDNEWS.md TODO'.split() + [dest])
-    if os.path.lexists(news_file):
-        os.unlink(news_file)
-    os.link(f"{dest}/NEWS.md", news_file)
-    cmd_chk(f"git log --name-status | gzip -9 >{dest}/ChangeLog.gz")
+    md_files = 'README.md NEWS.md OLDNEWS.md'.split()
+    html_files = [ fn for fn in gen_files if fn.endswith('.html') ]
+    cmd_chk(['rsync', '-a', *md_files, *html_files, dest])
+    cmd_chk(["packaging/md2html"] + [ dest +'/'+ fn for fn in md_files ])
 
-    for md_fn in glob.glob('*.[1-9].md'):
-        html_fn = md_fn.replace('.md', '.html')
-        cmd_chk(['rsync', '-a', html_fn, os.path.join(dest, html_fn)])
+    for topfn, verfn in (('NEWS.md', news_file), ('NEWS.html', news_file.replace('.md', '.html'))):
+        topfn = dest + '/' + topfn
+        if os.path.lexists(verfn):
+            os.unlink(verfn)
+        os.link(topfn, verfn)
+
+    cmd_chk(f"git log --name-status | gzip -9 >{dest}/ChangeLog.gz")
 
     for fn in (srctar_file, pattar_file, diff_file):
         asc_fn = fn + '.asc'

packaging/systemd/rsync.service

@@ -1,9 +1,30 @@
 [Unit]
 Description=fast remote file copy program daemon
 ConditionPathExists=/etc/rsyncd.conf
+After=network.target
 
 [Service]
 ExecStart=/usr/bin/rsync --daemon --no-detach
+RestartSec=1
+
+# Citing README.md:
+#
+#   [...] Using ssh is recommended for its security features.
+#
+#   Alternatively, rsync can run in `daemon' mode, listening on a socket.
+#   This is generally used for public file distribution, [...]
+#
+# So let's assume some extra security is more than welcome here. We do full
+# system protection (which makes it read-only) and hide users' homes and
+# devices. To override these defaults, it's best to do so in the drop-in
+# directory, often done via `systemctl edit rsync.service`. The file needs
+# just the bare minimum of the right [heading] and override values.
+# See systemd.unit(5) and search for "drop-in" for full details.
+
+ProtectSystem=full
+ProtectHome=on
+PrivateDevices=on
+NoNewPrivileges=on
 
 [Install]
 WantedBy=multi-user.target

packaging/systemd/rsync.socket

@@ -0,0 +1,10 @@
+[Unit]
+Description=socket for fast remote file copy program daemon
+Conflicts=rsync.service
+
+[Socket]
+ListenStream=873
+Accept=true
+
+[Install]
+WantedBy=sockets.target

packaging/systemd/rsync@.service

@@ -0,0 +1,28 @@
+[Unit]
+Description=fast remote file copy program daemon
+After=network.target
+
+[Service]
+ExecStart=-/usr/bin/rsync --daemon
+StandardInput=socket
+StandardOutput=inherit
+StandardError=journal
+
+# Citing README.md:
+#
+#   [...] Using ssh is recommended for its security features.
+#
+#   Alternatively, rsync can run in `daemon' mode, listening on a socket.
+#   This is generally used for public file distribution, [...]
+#
+# So let's assume some extra security is more than welcome here. We do full
+# system protection (which makes it read-only) and hide users' homes and
+# devices. To override these defaults, it's best to do so in the drop-in
+# directory, often done via `systemctl edit rsync@.service`. The file needs
+# just the bare minimum of the right [heading] and override values.
+# See systemd.unit(5) and search for "drop-in" for full details.
+
+ProtectSystem=full
+ProtectHome=on
+PrivateDevices=on
+NoNewPrivileges=on

packaging/var-checker

@@ -1,4 +1,4 @@
-#!/usr/bin/python3 -B
+#!/usr/bin/env -S python3 -B
 
 # This script checks the *.c files for extraneous "extern" variables,
 # for vars that are defined but not used, and for inconsistent array

packaging/year-tweak

@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 
 # This uses the output from "support/git-set-file-times --list" to discern
 # the last-modified year of each *.c & *.h file and updates the copyright

rounding.c

@@ -24,11 +24,11 @@
 
 struct test {
 	union file_extras extras[ARRAY_LEN];
-	struct file_struct file;
+	int64 test;
 };
 
 #define ACTUAL_SIZE	SIZEOF(struct test)
-#define EXPECTED_SIZE	(SIZEOF(union file_extras) * ARRAY_LEN + SIZEOF(struct file_struct))
+#define EXPECTED_SIZE	(SIZEOF(union file_extras) * ARRAY_LEN + SIZEOF(int64))
 
  int main(UNUSED(int argc), UNUSED(char *argv[]))
 {

rsync-ssl

@@ -1,6 +1,6 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
-# This script supports using stunnel or openssl to secure an rsync daemon connection.
+# This script uses openssl, gnutls, or stunnel to secure an rsync daemon connection.
 
 # By default this script takes rsync args and hands them off to the actual
 # rsync command with an --rsh option that makes it open an SSL connection to an
@@ -31,10 +31,13 @@ function rsync_ssl_run {
 
 function rsync_ssl_helper {
     if [[ -z "$RSYNC_SSL_TYPE" ]]; then
-	found=`path_search stunnel4 stunnel openssl` || exit 1
+	found=`path_search openssl stunnel4 stunnel` || exit 1
 	if [[ "$found" == */openssl ]]; then
 	    RSYNC_SSL_TYPE=openssl
 	    RSYNC_SSL_OPENSSL="$found"
+	elif [[ "$found" == */gnutls-cli ]]; then
+	    RSYNC_SSL_TYPE=gnutls
+	    RSYNC_SSL_GNUTLS="$found"
 	else
 	    RSYNC_SSL_TYPE=stunnel
 	    RSYNC_SSL_STUNNEL="$found"
@@ -48,6 +51,12 @@ function rsync_ssl_helper {
 	    fi
 	    optsep=' '
 	    ;;
+	gnutls)
+	    if [[ -z "$RSYNC_SSL_GNUTLS" ]]; then
+		RSYNC_SSL_GNUTLS=`path_search gnutls-cli` || exit 1
+	    fi
+	    optsep=' '
+	    ;;
 	stunnel)
 	    if [[ -z "$RSYNC_SSL_STUNNEL" ]]; then
 		RSYNC_SSL_STUNNEL=`path_search stunnel4 stunnel` || exit 1
@@ -62,31 +71,42 @@ function rsync_ssl_helper {
 
     if [[ -z "$RSYNC_SSL_CERT" ]]; then
 	certopt=""
+	gnutls_cert_opt=""
     else
 	certopt="cert$optsep$RSYNC_SSL_CERT"
+	gnutls_cert_opt="--x509keyfile=$RSYNC_SSL_CERT"
     fi
 
     if [[ -z ${RSYNC_SSL_CA_CERT+x} ]]; then
 	# RSYNC_SSL_CA_CERT unset - default CA set AND verify:
 	# openssl:
 	caopt="-verify_return_error -verify 4"
+	# gnutls:
+	gnutls_opts=""
 	# stunnel:
+	# Since there is no way of using the default CA certificate collection,
+	# we cannot do any verification. Thus, stunnel should really only be
+	# used if nothing else is available.
 	cafile=""
-	verify=0
+	verify=""
     elif [[ "$RSYNC_SSL_CA_CERT" == "" ]]; then
 	# RSYNC_SSL_CA_CERT set but empty -do NO verifications:
 	# openssl:
 	caopt="-verify 1"
+	# gnutls:
+	gnutls_opts="--insecure"
 	# stunnel:
 	cafile=""
-	verify=0
+	verify="verifyChain = no"
     else
 	# RSYNC_SSL_CA_CERT set - use CA AND verify:
 	# openssl:
 	caopt="-CAfile $RSYNC_SSL_CA_CERT -verify_return_error -verify 4"
+	# gnutls:
+	gnutls_opts="--x509cafile=$RSYNC_SSL_CA_CERT"
 	# stunnel:
 	cafile="CAfile = $RSYNC_SSL_CA_CERT"
-	verify=3
+	verify="verifyChain = yes"
     fi
 
     port="${RSYNC_PORT:-0}"
@@ -110,6 +130,8 @@ function rsync_ssl_helper {
 
     if [[ $RSYNC_SSL_TYPE == openssl ]]; then
 	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
+    elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
+	exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
     else
 	# devzero@web.de came up with this no-tmpfile calling syntax:
 	exec $RSYNC_SSL_STUNNEL -fd 10 11<&0 <<EOF 10<&0 0<&11 11<&-
@@ -118,7 +140,7 @@ debug = crit
 connect = $hostname:$port
 client = yes
 TIMEOUTclose = 0
-verify = $verify
+$verify
 $certopt
 $cafile
 EOF
@@ -146,7 +168,8 @@ function path_search {
 }
 
 if [[ "$#" == 0 ]]; then
-    echo "Usage: rsync-ssl [--type=openssl|stunnel] RSYNC_ARG [...]" 1>&2
+    echo "Usage: rsync-ssl [--type=SSL_TYPE] RSYNC_ARG [...]" 1>&2
+    echo "The SSL_TYPE can be openssl or stunnel"
     exit 1
 fi
 

rsync-ssl.1.md

@@ -5,7 +5,7 @@ rsync-ssl - a helper script for connecting to an ssl rsync daemon
 # SYNOPSIS
 
 ```
-rsync-ssl [--type=openssl|stunnel] RSYNC_ARGS
+rsync-ssl [--type=SSL_TYPE] RSYNC_ARGS
 ```
 
 # DESCRIPTION
@@ -13,26 +13,32 @@ rsync-ssl [--type=openssl|stunnel] RSYNC_ARGS
 The rsync-ssl script helps you to run an rsync copy to/from an rsync daemon
 that requires ssl connections.
 
-If the **first** arg is a `--type=NAME` option, the script will only use that
-particular program to open an ssl connection instead of trying to find an
-stunnel or openssl executable via a simple heuristic (assuming that the
+The script requires that you specify an rsync-daemon arg in the style of either
+`hostname::` (with 2 colons) or `rsync://hostname/`.  The default port used for
+connecting is 874 (one higher than the normal 873) unless overridden in the
+environment.  You can specify an overriding port via `--port` or by including
+it in the normal spot in the URL format, though both of those require your
+rsync version to be at least 3.2.0.
+
+# OPTIONS
+
+If the **first** arg is a `--type=SSL_TYPE` option, the script will only use
+that particular program to open an ssl connection instead of trying to find an
+openssl or stunnel executable via a simple heuristic (assuming that the
 `RSYNC_SSL_TYPE` environment variable is not set as well -- see below).  This
-option must be one of `--type=openssl` or `--type=stunnel`.  The equal sign is
+option must specify one of `openssl` or `stunnel`.  The equal sign is
 required for this particular option.
 
 All the other options are passed through to the rsync command, so consult the
-**rsync** manpage for more information on how it works.
-
-Note that the stunnel connection type requires at least version 4 of stunnel,
-which should be the case on modern systems.
+**rsync**(1) manpage for more information on how it works.
 
 # ENVIRONMENT VARIABLES
 
 The ssl helper scripts are affected by the following environment variables:
 
 0.  `RSYNC_SSL_TYPE` Specifies the program type that should be used to open the
-    ssl connection.  It must be one of "openssl" or "stunnel".  The
-    `--type=NAME` option overrides this, if specified.
+    ssl connection.  It must be one of `openssl` or `stunnel`.  The
+    `--type=SSL_TYPE` option overrides this, when specified.
 0.  `RSYNC_SSL_PORT` If specified, the value is the port number that is used as
     the default when the user does not specify a port in their rsync command.
     When not specified, the default port number is 874.  (Note that older rsync
@@ -42,23 +48,43 @@ The ssl helper scripts are affected by the following environment variables:
     certificate to use for the connection.
 0.  `RSYNC_SSL_CA_CERT` If specified, the value is a filename that contains a
     certificate authority certificate that is used to validate the connection.
-0.  `RSYNC_SSL_STUNNEL` Specifies the stunnel executable to run when the
-    connection type is set to stunnel.  If unspecified, the $PATH is searched
-    first for "stunnel4" and then for "stunnel".
 0.  `RSYNC_SSL_OPENSSL` Specifies the openssl executable to run when the
     connection type is set to openssl.  If unspecified, the $PATH is searched
     for "openssl".
+0.  `RSYNC_SSL_GNUTLS` Specifies the gnutls-cli executable to run when the
+    connection type is set to gnutls.  If unspecified, the $PATH is searched
+    for "gnutls-cli".
+0.  `RSYNC_SSL_STUNNEL` Specifies the stunnel executable to run when the
+    connection type is set to stunnel.  If unspecified, the $PATH is searched
+    first for "stunnel4" and then for "stunnel".
 
 # EXAMPLES
 
->     rsync-ssl -aiv example.com::src/ dest
+>     rsync-ssl -aiv example.com::mod/ dest
 
->     rsync-ssl --type=openssl -aiv example.com::src/ dest
+>     rsync-ssl --type=openssl -aiv example.com::mod/ dest
+
+>     rsync-ssl -aiv --port 9874 example.com::mod/ dest
+
+>     rsync-ssl -aiv rsync://example.com:9874/mod/ dest
 
 # SEE ALSO
 
 **rsync**(1), **rsyncd.conf**(5)
 
+# CAVEATS
+
+Note that using an stunnel connection requires at least version 4 of stunnel,
+which should be the case on modern systems.  Also, it does not verify a
+connection against the CA certificate collection, so it only encrypts the
+connection without any cert validation unless you have specified the
+certificate environment options.
+
+This script also supports a `--type=gnutls` option, but at the time of this
+release the gnutls-cli command was dropping output, making it unusable.  If
+that bug has been fixed in your version, feel free to put gnutls into an
+exported RSYNC_SSL_TYPE environment variable to make its use the default.
+
 # BUGS
 
 Please report bugs! See the web site at <http://rsync.samba.org/>.

rsync.1.md

@@ -70,14 +70,14 @@ RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTION" section for an exception
 to this latter rule).
 
 As a special case, if a single source arg is specified without a destination,
-the files are listed in an output format similar to "ls -l".
+the files are listed in an output format similar to "`ls -l`".
 
 As expected, if neither the source or destination path specify a remote host,
 the copy occurs locally (see also the `--list-only` option).
 
-Rsync refers to the local side as the "client" and the remote side as the
-"server".  Don't confuse "server" with an rsync daemon -- a daemon is always a
-server, but a server can be either a daemon or a remote-shell spawned process.
+Rsync refers to the local side as the client and the remote side as the server.
+Don't confuse server with an rsync daemon.  A daemon is always a server, but a
+server can be either a daemon or a remote-shell spawned process.
 
 # SETUP
 
@@ -115,7 +115,7 @@ same as all other posix-style programs).
 
 This would recursively transfer all files from the directory src/bar on the
 machine foo into the /data/tmp/bar directory on the local machine.  The files
-are transferred in "archive" mode, which ensures that symbolic links, devices,
+are transferred in archive mode, which ensures that symbolic links, devices,
 attributes, permissions, ownerships, etc. are preserved in the transfer.
 Additionally, compression will be used to reduce the size of data portions of
 the transfer.
@@ -498,7 +498,7 @@ parameter, the parameter is only listed after the long variant, even though it
 must also be specified for the short.  When specifying a parameter, you can
 either use the form `--option=param` or replace the '=' with whitespace.  The
 parameter may need to be quoted in some manner for it to survive the shell's
-command-line parsing.  Keep in mind that a leading tilde (\~) in a filename is
+command-line parsing.  Keep in mind that a leading tilde (`~`) in a filename is
 substituted by your shell, so `--option=~/foo` will not change the tilde into
 your home directory (remove the '=' for that).
 
@@ -507,8 +507,8 @@ your home directory (remove the '=' for that).
 0.  `--help`, `-h` `(*)`
 
     Print a short help page describing the options available in rsync and exit.
-    For backward-compatibility with older versions of rsync, the help will also
-    be output if you use the `-h` option without any other args.
+    (*) The `-h` short option will only invoke `--help` when used without other
+    options since it normally means `--human-readable`.
 
 0.  `--version`, `-V`
 
@@ -534,7 +534,7 @@ your home directory (remove the '=' for that).
     and `--debug` have a way to ask for help that tells you exactly what flags
     are set for each increase in verbosity.
 
-    However, do keep in mind that a daemon's "max verbosity" setting will limit
+    However, do keep in mind that a daemon's "`max verbosity`" setting will limit
     how high of a level the various individual flags can be set on the daemon
     side.  For instance, if the max is 2, then any info and/or debug flag that
     is set to a higher value than what would be set by `-vv` will be downgraded
@@ -560,7 +560,7 @@ your home directory (remove the '=' for that).
     This option was added to 3.1.0, so an older rsync on the server side might
     reject your attempts at fine-grained control (if one or more flags needed
     to be send to the server and the server was too old to understand them).
-    See also the "max verbosity" caveat above when dealing with a daemon.
+    See also the "`max verbosity`" caveat above when dealing with a daemon.
 
 0.  `--debug=FLAGS`
 
@@ -595,9 +595,9 @@ your home directory (remove the '=' for that).
     but it can delay messages behind a slew of data.
 
     One case where this is helpful is when sending really large files, since
-    errors that happen on a remote receiver tend to get delayed until afer the
-    file's data is fully sent.  It is also helpful for debugging, since it helps
-    to avoid overpopulating the protocol data with extra message data.
+    errors that happen on a remote receiver tend to get delayed until after the
+    file's data is fully sent.  It is also helpful for debugging, since it
+    helps to avoid overpopulating the protocol data with extra message data.
 
     The option does not affect the remote side of a transfer without using
     `--remote-option` -- e.g. `-M--msgs2stderr` or `{-M,}--msgs2stderr`.
@@ -1023,7 +1023,7 @@ your home directory (remove the '=' for that).
     local transfer, the client side is the sender.)
 
     This option has no affect on a daemon, since the daemon configures whether
-    it wants munged symlinks via its "munge symlinks" parameter.  See also the
+    it wants munged symlinks via its "`munge symlinks`" parameter.  See also the
     "munge-symlinks" perl script in the support directory of the source code.
 
 0.  `--copy-dirlinks`, `-k`
@@ -1400,7 +1400,7 @@ your home directory (remove the '=' for that).
 
     This option is overridden by both `--super` and `--no-super`.
 
-    See also the "fake super" setting in the daemon's rsyncd.conf file.
+    See also the "`fake super`" setting in the daemon's rsyncd.conf file.
 
 0.  `--sparse`, `-S`
 
@@ -1482,13 +1482,13 @@ your home directory (remove the '=' for that).
     the `--checksum` option cannot be used.
 
     The "auto" option is the default, where rsync bases its algorithm choice on
-    a negotation between the client and the server as follows:
+    a negotiation between the client and the server as follows:
 
     If both the client and the server are at least version 3.2.0, they will
     exchange a list of checksum names and choose the first one in the list that
     they have in common.  This typically means that they will choose xxh64 if
     they both support it and fall back to MD5.  If one side of the transfer is
-    not new enough to support this checksum negotation, then a value is chosen
+    not new enough to support this checksum negotiation, then a value is chosen
     based on the protocol version (which chooses between MD5 and various
     flavors of MD4 based on protocol age).
 
@@ -1852,6 +1852,8 @@ your home directory (remove the '=' for that).
     The exclude list is initialized to exclude the following items (these
     initial items are marked as perishable -- see the FILTER RULES section):
 
+    [comment]: # (This list gets used for the default-cvsignore.h file.)
+
     > `RCS`
     > `SCCS`
     > `CVS`
@@ -2294,7 +2296,7 @@ your home directory (remove the '=' for that).
 
     This option implies `--compress` unless "none" was specified.
 
-    You can also override the compression negotation using the
+    You can also override the compression negotiation using the
     RSYNC_COMPRESS_LIST environment variable by setting it to a space-separated
     list of compression names that you consider acceptable.  If no common
     compress choice is found, the client exits with an error.  It ignores
@@ -2318,14 +2320,14 @@ your home directory (remove the '=' for that).
     possible.
 
     The **LIST** should be one or more file suffixes (without the dot) separated
-    by slashes (/).  You may specify an empty string to indicate that no files
+    by slashes (`/`).  You may specify an empty string to indicate that no files
     should be skipped.
 
     Simple character-class matching is supported: each must consist of a list
     of letters inside the square brackets (e.g. no special classes, such as
     "[:alpha:]", are supported, and '-' has no special meaning).
 
-    The characters asterisk (\*) and question-mark (?) have no special meaning.
+    The characters asterisk (`*`) and question-mark (`?`) have no special meaning.
 
     Here's an example that specifies 6 suffixes to skip (since 1 of the 5 rules
     matches 2 suffixes):
@@ -2335,38 +2337,68 @@ your home directory (remove the '=' for that).
     The default file suffixes in the skip-compress list in this version of
     rsync are:
 
+    [comment]: # (This list gets used for the default-dont-compress.h file.)
+
     > 7z
     > ace
+    > apk
     > avi
     > bz2
     > deb
+    > flac
     > gpg
     > gz
     > iso
+    > jar
     > jpeg
     > jpg
     > lz
+    > lz4
     > lzma
     > lzo
+    > mkv
     > mov
     > mp3
     > mp4
+    > odb
+    > odf
+    > odg
+    > odi
+    > odm
+    > odp
+    > ods
+    > odt
     > ogg
     > ogv
+    > opus
+    > otg
+    > oth
+    > otp
+    > ots
+    > ott
+    > oxt
     > png
     > rar
     > rpm
+    > rz
     > rzip
     > squashfs
+    > sxc
+    > sxd
+    > sxg
+    > sxm
+    > sxw
     > tbz
     > tgz
     > tlz
     > txz
+    > tzo
     > webm
     > webp
     > xz
     > z
     > zip
+    > zst
 
     This list will be replaced by your `--skip-compress` list in all but one
     situation: a copy from a daemon rsync will add your skipped suffixes to its
@@ -2385,7 +2417,7 @@ your home directory (remove the '=' for that).
 
     If a user or group has no name on the source system or it has no match on
     the destination system, then the numeric ID from the source system is used
-    instead.  See also the comments on the "use chroot" setting in the
+    instead.  See also the comments on the "`use chroot`" setting in the
     rsyncd.conf manpage for information on how the chroot setting affects
     rsync's ability to look up the names of the users and groups and what you
     can do about it.
@@ -2399,7 +2431,7 @@ your home directory (remove the '=' for that).
     You may specify usernames or user IDs for the **FROM** and **TO** values,
     and the **FROM** value may also be a wild-card string, which will be
     matched against the sender's names (wild-cards do NOT match against ID
-    numbers, though see below for why a '\*' matches everything).  You may
+    numbers, though see below for why a '`*`' matches everything).  You may
     instead specify a range of ID numbers via an inclusive range: LOW-HIGH.
     For example:
 
@@ -2417,7 +2449,7 @@ your home directory (remove the '=' for that).
 
     Any IDs that do not have a name on the sending side are treated as having
     an empty name for the purpose of matching.  This allows them to be matched
-    via a "\*" or using an empty name.  For instance:
+    via a "`*`" or using an empty name.  For instance:
 
     >     --usermap=:nobody --groupmap=*:nobody
 
@@ -2441,7 +2473,7 @@ your home directory (remove the '=' for that).
     will occur.  If GROUP is empty, the trailing colon may be omitted, but if
     USER is empty, a leading colon must be supplied.
 
-    If you specify "--chown=foo:bar, this is exactly the same as specifying
+    If you specify "`--chown=foo:bar`", this is exactly the same as specifying
     "`--usermap=*:foo --groupmap=*:bar`", only easier.
 
 0.  `--timeout=TIMEOUT`
@@ -2478,8 +2510,9 @@ your home directory (remove the '=' for that).
     which may make transfers faster (or slower!).  Read the man page for the
     `setsockopt()` system call for details on some of the options you may be
     able to set.  By default no special socket options are set.  This only
-    affects direct socket connections to a remote rsync daemon.  This option
-    also exists in the `--daemon` mode section.
+    affects direct socket connections to a remote rsync daemon.
+
+    This option also exists in the `--daemon` mode section.
 
 0.  `--blocking-io`
 
@@ -2578,7 +2611,7 @@ your home directory (remove the '=' for that).
     character.  A default format of "%n%L" is assumed if either `--info=name`
     or `-v` is specified (this tells you just the name of the file and, if the
     item is a link, where it points).  For a full list of the possible escape
-    characters, see the "log format" setting in the rsyncd.conf manpage.
+    characters, see the "`log format`" setting in the rsyncd.conf manpage.
 
     Specifying the `--out-format` option implies the `--info=name` option,
     which will mention each file, dir, etc. that gets updated in a significant
@@ -2619,7 +2652,7 @@ your home directory (remove the '=' for that).
     file specified by the `--log-file` option (which must also be specified for
     this option to have any effect).  If you specify an empty string, updated
     files will not be mentioned in the log file.  For a list of the possible
-    escape characters, see the "log format" setting in the rsyncd.conf manpage.
+    escape characters, see the "`log format`" setting in the rsyncd.conf manpage.
 
     The default FORMAT used if `--log-file` is specified and this option is not
     is '%i %n%L'.
@@ -2685,8 +2718,8 @@ your home directory (remove the '=' for that).
     tabs) are always escaped, regardless of this option's setting.
 
     The escape idiom that started in 2.6.7 is to output a literal backslash
-    (\\) and a hash (#), followed by exactly 3 octal digits.  For example, a
-    newline would output as "\\#012".  A literal backslash that is in a
+    (`\`) and a hash (`#`), followed by exactly 3 octal digits.  For example, a
+    newline would output as "`\#012`".  A literal backslash that is in a
     filename is not escaped unless it is followed by a hash and 3 digits (0-9).
 
 0.  `--human-readable`, `-h`
@@ -2756,10 +2789,10 @@ your home directory (remove the '=' for that).
     rule may be ineffective at the end of your other rules, or (2) you may wish
     to override rsync's exclude choice.  For instance, if you want to make
     rsync clean-up any left-over partial-dirs that may be lying around, you
-    should specify `--delete-after` and add a "risk" filter rule, e.g. `-f 'R
-    .rsync-partial/'`. (Avoid using `--delete-before` or `--delete-during`
-    unless you don't need rsync to use any of the left-over partial-dir data
-    during the current run.)
+    should specify `--delete-after` and add a "risk" filter rule, e.g.
+    `-f 'R .rsync-partial/'`. (Avoid using `--delete-before` or
+    `--delete-during` unless you don't need rsync to use any of the left-over
+    partial-dir data during the current run.)
 
     IMPORTANT: the `--partial-dir` should not be writable by other users or it
     is a security risk.  E.g. AVOID "/tmp".
@@ -2781,7 +2814,7 @@ your home directory (remove the '=' for that).
     tmp).  This requires both ends of the transfer to be at least version
     3.2.0.
 
-    For the purposes of the daemon-config's "refuse options" setting,
+    For the purposes of the daemon-config's "`refuse options`" setting,
     `--partial-dir` does _not_ imply `--partial`.  This is so that a refusal of
     the `--partial` option can be used to disallow the overwriting of
     destination files with a partial transfer, while still allowing the safer
@@ -2983,7 +3016,7 @@ your home directory (remove the '=' for that).
 
     Rsync writes data over the socket in blocks, and this option both limits
     the size of the blocks that rsync writes, and tries to keep the average
-    transfer rate at the requested limit.  Some "burstiness" may be seen where
+    transfer rate at the requested limit.  Some burstiness may be seen where
     rsync writes out a block of data and then sleeps to bring the average rate
     into compliance.
 
@@ -3070,7 +3103,7 @@ your home directory (remove the '=' for that).
 
     Tells rsync to prefer IPv4/IPv6 when creating sockets or running ssh.  This
     affects sockets that rsync has direct control over, such as the outgoing
-    socket when directly contacting an rsync daemon, as well as the forwaring
+    socket when directly contacting an rsync daemon, as well as the forwarding
     of the `-4` or `-6` option to ssh when rsync can deduce that ssh is being
     used as the remote shell.  For other remote shells you'll need to specify
     the "`--rsh SHELL -4`" option directly (or whatever ipv4/ipv6 hint options
@@ -3079,11 +3112,9 @@ your home directory (remove the '=' for that).
     These options also exist in the `--daemon` mode section.
 
     If rsync was complied without support for IPv6, the `--ipv6` option will
-    have no effect.  The `rsync -V` output will contain "no IPv6" if is the
+    have no effect.  The `rsync -V` output will contain "`no IPv6`" if is the
     case.
 
-    See also these options in the `--daemon` mode section.
-
 0. `--checksum-seed=NUM`
 
     Set the checksum seed to the integer NUM.  This 4 byte checksum seed is
@@ -3162,13 +3193,13 @@ The options allowed when starting an rsync daemon are as follows:
 0. `--log-file=FILE`
 
     This option tells the rsync daemon to use the given log-file name instead
-    of using the "log file" setting in the config file.
+    of using the "`log file`" setting in the config file.
 
 0. `--log-file-format=FORMAT`
 
     This option tells the rsync daemon to use the given FORMAT string instead
-    of using the "log format" setting in the config file.  It also enables
-    "transfer logging" unless the string is empty, in which case transfer
+    of using the "`log format`" setting in the config file.  It also enables
+    "`transfer logging`" unless the string is empty, in which case transfer
     logging is turned off.
 
 0. `--sockopts`
@@ -3180,8 +3211,8 @@ The options allowed when starting an rsync daemon are as follows:
 
     This option increases the amount of information the daemon logs during its
     startup phase.  After the client connects, the daemon's verbosity level
-    will be controlled by the options that the client used and the "max
-    verbosity" setting in the module's config section.
+    will be controlled by the options that the client used and the
+    "`max verbosity`" setting in the module's config section.
 
 0. `--ipv4`, `-4` or `--ipv6`, `-6`
 
@@ -3195,7 +3226,7 @@ The options allowed when starting an rsync daemon are as follows:
     These options also exist in the regular rsync options section.
 
     If rsync was complied without support for IPv6, the `--ipv6` option will
-    have no effect.  The `rsync -V` output will contain "no IPv6" if is the
+    have no effect.  The `rsync -V` output will contain "`no IPv6`" if is the
     case.
 
 0. `--help`, `-h`
@@ -3241,19 +3272,23 @@ available rule prefixes:
 When rules are being read from a file, empty lines are ignored, as are comment
 lines that start with a "#".
 
-Note that the `--include`/`--exclude` command-line options do not allow the
+[comment]: # (Remember that markdown strips spaces from start/end of ` ... ` sequences!)
+[comment]: # (Thus, the `x ` sequences below use a literal non-breakable space!)
+
+Note that the `--include` & `--exclude` command-line options do not allow the
 full range of rule parsing as described above -- they only allow the
-specification of include/exclude patterns plus a "!" token to clear the list
-(and the normal comment parsing when rules are read from a file).  If a pattern
-does not begin with "- " (dash, space) or "+ " (plus, space), then the rule
-will be interpreted as if "+ " (for an include option) or "- " (for an exclude
-option) were prefixed to the string.  A `--filter` option, on the other hand,
-must always contain either a short or long rule name at the start of the rule.
+specification of include / exclude patterns plus a "`!`" token to clear the
+list (and the normal comment parsing when rules are read from a file).  If a
+pattern does not begin with "`- `" (dash, space) or "`+ `" (plus, space), then
+the rule will be interpreted as if "`+ `" (for an include option) or "`- `"
+(for an exclude option) were prefixed to the string.  A `--filter` option, on
+the other hand, must always contain either a short or long rule name at the
+start of the rule.
 
 Note also that the `--filter`, `--include`, and `--exclude` options take one
 rule/pattern each.  To add multiple ones, you can repeat the options on the
 command-line, use the merge-file syntax of the `--filter` option, or the
-`--include-from`/`--exclude-from` options.
+`--include-from` / `--exclude-from` options.
 
 # INCLUDE/EXCLUDE PATTERN RULES
 
@@ -3263,36 +3298,36 @@ include/exclude rules each specify a pattern that is matched against the names
 of the files that are going to be transferred.  These patterns can take several
 forms:
 
-- if the pattern starts with a / then it is anchored to a particular spot in
+- if the pattern starts with a `/` then it is anchored to a particular spot in
   the hierarchy of files, otherwise it is matched against the end of the
-  pathname.  This is similar to a leading ^ in regular expressions.  Thus
-  "/foo" would match a name of "foo" at either the "root of the transfer" (for
+  pathname.  This is similar to a leading `^` in regular expressions.  Thus
+  `/foo` would match a name of "foo" at either the "root of the transfer" (for
   a global rule) or in the merge-file's directory (for a per-directory rule).
-  An unqualified "foo" would match a name of "foo" anywhere in the tree because
+  An unqualified `foo` would match a name of "foo" anywhere in the tree because
   the algorithm is applied recursively from the top down; it behaves as if each
   path component gets a turn at being the end of the filename.  Even the
   unanchored "sub/foo" would match at any point in the hierarchy where a "foo"
   was found within a directory named "sub".  See the section on ANCHORING
   INCLUDE/EXCLUDE PATTERNS for a full discussion of how to specify a pattern
   that matches at the root of the transfer.
-- if the pattern ends with a / then it will only match a directory, not a
+- if the pattern ends with a `/` then it will only match a directory, not a
   regular file, symlink, or device.
 - rsync chooses between doing a simple string match and wildcard matching by
   checking if the pattern contains one of these three wildcard characters:
   '`*`', '`?`', and '`[`' .
 - a '`*`' matches any path component, but it stops at slashes.
 - use '`**`' to match anything, including slashes.
-- a '?' matches any character except a slash (/).
-- a '[' introduces a character class, such as [a-z] or [[:alpha:]].
+- a '`?`' matches any character except a slash (`/`).
+- a '`[`' introduces a character class, such as `[a-z]` or `[[:alpha:]]`.
 - in a wildcard pattern, a backslash can be used to escape a wildcard
   character, but it is matched literally when no wildcards are present.  This
   means that there is an extra level of backslash removal when a pattern
   contains wildcard characters compared to a pattern that has none.  e.g. if
   you add a wildcard to "`foo\bar`" (which matches the backslash) you would
   need to use "`foo\\bar*`" to avoid the "`\b`" becoming just "b".
-- if the pattern contains a / (not counting a trailing /) or a "`**`", then it
+- if the pattern contains a `/` (not counting a trailing /) or a "`**`", then it
   is matched against the full pathname, including any leading directories.  If
-  the pattern doesn't contain a / or a "`**`", then it is matched only against
+  the pattern doesn't contain a `/` or a "`**`", then it is matched only against
   the final component of the filename. (Remember that the algorithm is applied
   recursively so "full filename" can actually be any portion of a path from the
   starting directory on down.)
@@ -3307,20 +3342,20 @@ include/exclude patterns are applied recursively to the pathname of each node
 in the filesystem's tree (those inside the transfer).  The exclude patterns
 short-circuit the directory traversal stage as rsync finds the files to send.
 
-For instance, to include "/foo/bar/baz", the directories "/foo" and "/foo/bar"
+For instance, to include "`/foo/bar/baz`", the directories "`/foo`" and "`/foo/bar`"
 must not be excluded.  Excluding one of those parent directories prevents the
 examination of its content, cutting off rsync's recursion into those paths and
-rendering the include for "/foo/bar/baz" ineffectual (since rsync can't match
+rendering the include for "`/foo/bar/baz`" ineffectual (since rsync can't match
 something it never sees in the cut-off section of the directory hierarchy).
 
-The concept path exclusion is particularly important when using a trailing '\*'
+The concept path exclusion is particularly important when using a trailing '`*`'
 rule.  For instance, this won't work:
 
 >     + /some/path/this-file-will-not-be-found
 >     + /file-is-included
 >     - *
 
-This fails because the parent directory "some" is excluded by the '\*' rule, so
+This fails because the parent directory "some" is excluded by the '`*`' rule, so
 rsync never visits any of the files in the "some" or "some/path" directories.
 One solution is to ask for all directories in the hierarchy to be included by
 using a single rule: "`+ */`" (put it somewhere before the "`- *`" rule), and

rsync.c

@@ -57,12 +57,6 @@ extern struct chmod_mode_struct *daemon_chmod_modes;
 extern char *iconv_opt;
 #endif
 
-#ifdef ICONV_CONST
-iconv_t ic_chck = (iconv_t)-1;
-# ifdef ICONV_OPTION
-iconv_t ic_send = (iconv_t)-1, ic_recv = (iconv_t)-1;
-# endif
-
 #define UPDATED_OWNER (1<<0)
 #define UPDATED_GROUP (1<<1)
 #define UPDATED_MTIME (1<<2)
@@ -72,6 +66,12 @@ iconv_t ic_send = (iconv_t)-1, ic_recv = (iconv_t)-1;
 
 #define UPDATED_TIMES (UPDATED_MTIME|UPDATED_ATIME)
 
+#ifdef ICONV_CONST
+iconv_t ic_chck = (iconv_t)-1;
+# ifdef ICONV_OPTION
+iconv_t ic_send = (iconv_t)-1, ic_recv = (iconv_t)-1;
+# endif
+
 static const char *default_charset(void)
 {
 # if defined HAVE_LIBCHARSET_H && defined HAVE_LOCALE_CHARSET

rsyncd.conf.5.md

@@ -18,7 +18,7 @@ modules.
 
 The file consists of modules and parameters. A module begins with the name of
 the module in square brackets and continues until the next module begins.
-Modules contain parameters of the form "name = value".
+Modules contain parameters of the form `name = value`.
 
 The file is line-based -- that is, each newline-terminated line represents
 either a comment, a module name or a parameter.
@@ -234,11 +234,11 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
     allow the daemon to function.  By default the daemon runs without any
     chrooting.
 
-0.  `haproxy header`
+0.  `proxy protocol`
 
     When this parameter is enabled, all incoming connections must start with a
-    V1 or V2 haproxy header.  If the header is not found, the connection is
-    closed.
+    V1 or V2 proxy protocol header.  If the header is not found, the connection
+    is closed.
 
     Setting this to `true` requires a proxy server to forward source IP
     information to rsync, allowing you to log proper IP/host info and make use
@@ -282,9 +282,9 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
     This parameter tells rsync to modify all symlinks in the same way as the
     (non-daemon-affecting) `--munge-links` command-line option (using a method
     described below).  This should help protect your files from user trickery
-    when your daemon module is writable.  The default is disabled when "use
-    chroot" is on with an inside-chroot path of "/", OR if "daemon chroot" is
-    on, otherwise it is enabled.
+    when your daemon module is writable.  The default is disabled when
+    "use chroot" is on with an inside-chroot path of "/", OR if "daemon chroot"
+    is on, otherwise it is enabled.
 
     If you disable this parameter on a daemon that is not read-only, there are
     tricks that a user can play with uploaded symlinks to access
@@ -393,8 +393,8 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
     and `--debug` logging.  If the max value is 2, then no info and/or debug
     value that is higher than what would be set by `-vv` will be honored by the
     daemon in its logging.  To see how high of a verbosity level you need to
-    accept for a particular info/debug level, refer to "rsync --info=help" and
-    "rsync --debug=help".  For instance, it takes max-verbosity 4 to be able to
+    accept for a particular info/debug level, refer to `rsync --info=help` and
+    `rsync --debug=help`.  For instance, it takes max-verbosity 4 to be able to
     output debug TIME2 and FLIST3.
 
 0.  `lock file`
@@ -407,12 +407,11 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
 0.  `read only`
 
     This parameter determines whether clients will be able to upload files or
-    not. If "read only" is true then any attempted uploads will fail. If "read
-    only" is false then uploads will be possible if file permissions on the
-    daemon side allow them. The default is for all modules to be read only.
+    not. If "read only" is true then any attempted uploads will fail. If
+    "read only" is false then uploads will be possible if file permissions on
+    the daemon side allow them. The default is for all modules to be read only.
 
-    Note that "auth users" can override this setting on a
-    per-user basis.
+    Note that "auth users" can override this setting on a per-user basis.
 
 0.  `write only`
 
@@ -511,7 +510,7 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
 
     The "filter" parameter takes a space-separated list of daemon filter rules,
     though it is smart enough to know not to split a token at an internal space
-    in a rule (e.g. "- /foo  - /bar" is parsed as two rules).  You may specify
+    in a rule (e.g. "`- /foo  - /bar`" is parsed as two rules).  You may specify
     one or more merge-file rules using the normal syntax.  Only one "filter"
     parameter can apply to a given module in the config file, so put all the
     rules you want in a single parameter.  Note that per-directory merge-file
@@ -523,8 +522,8 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
 0.  `exclude`
 
     This parameter takes a space-separated list of daemon exclude patterns.  As
-    with the client `--exclude` option, patterns can be qualified with "- " or
-    "+ " to explicitly indicate exclude/include.  Only one "exclude" parameter
+    with the client `--exclude` option, patterns can be qualified with "`- `" or
+    "`+ `" to explicitly indicate exclude/include.  Only one "exclude" parameter
     can apply to a given module.  See the "filter" parameter for a description
     of how excluded files affect the daemon.
 
@@ -580,9 +579,9 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
     authentication. If "auth users" is set then the client will be challenged
     to supply a username and password to connect to the module. A challenge
     response authentication protocol is used for this exchange. The plain text
-    usernames and passwords are stored in the file specified by the "secrets
-    file" parameter. The default is for all users to be able to connect without
-    a password (this is called "anonymous rsync").
+    usernames and passwords are stored in the file specified by the
+    "secrets file" parameter. The default is for all users to be able to
+    connect without a password (this is called "anonymous rsync").
 
     In addition to username matching, you can specify groupname matching via a
     '@' prefix.  When using groupname matching, the authenticating username
@@ -702,8 +701,8 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
     If both parameters are specified then the "hosts allow" parameter is
     checked first and a match results in the client being able to connect. The
     "hosts deny" parameter is then checked and a match means that the host is
-    rejected. If the host does not match either the "hosts allow" or the "hosts
-    deny" patterns then it is allowed to connect.
+    rejected. If the host does not match either the "hosts allow" or the
+    "hosts deny" patterns then it is allowed to connect.
 
     The default is no "hosts allow" parameter, which means all hosts can
     connect.
@@ -721,11 +720,11 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
 0.  `reverse lookup`
 
     Controls whether the daemon performs a reverse lookup on the client's IP
-    address to determine its hostname, which is used for "hosts allow"/"hosts
-    deny" checks and the "%h" log escape.  This is enabled by default, but you
-    may wish to disable it to save time if you know the lookup will not return
-    a useful result, in which case the daemon will use the name "UNDETERMINED"
-    instead.
+    address to determine its hostname, which is used for "hosts allow" &
+    "hosts deny" checks and the "%h" log escape.  This is enabled by default,
+    but you may wish to disable it to save time if you know the lookup will not
+    return a useful result, in which case the daemon will use the name
+    "UNDETERMINED" instead.
 
     If this parameter is enabled globally (even by default), rsync performs the
     lookup as soon as a client connects, so disabling it for a module will not
@@ -770,18 +769,18 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
     transfers when transfer logging is enabled.  The format is a text string
     containing embedded single-character escape sequences prefixed with a
     percent (%) character.  An optional numeric field width may also be
-    specified between the percent and the escape letter (e.g. "`%-50n %8l
-    %07p`").  In addition, one or more apostrophes may be specified prior to a
-    numerical escape to indicate that the numerical value should be made more
-    human-readable.  The 3 supported levels are the same as for the
+    specified between the percent and the escape letter (e.g.
+    "`%-50n %8l %07p`").  In addition, one or more apostrophes may be specified
+    prior to a numerical escape to indicate that the numerical value should be
+    made more human-readable.  The 3 supported levels are the same as for the
     `--human-readable` command-line option, though the default is for
     human-readability to be off.  Each added apostrophe increases the level
     (e.g. "`%''l %'b %f`").
 
-    The default log format is "%o %h [%a] %m (%u) %f %l", and a "%t [%p] " is
-    always prefixed when using the "log file" parameter.  (A perl script that
-    will summarize this default log format is included in the rsync source code
-    distribution in the "support" subdirectory: rsyncstats.)
+    The default log format is "`%o %h [%a] %m (%u) %f %l`", and a "`%t [%p] `"
+    is always prefixed when using the "log file" parameter.  (A perl script
+    that will summarize this default log format is included in the rsync source
+    code distribution in the "support" subdirectory: rsyncstats.)
 
     The single-character escapes that are understood are as follows:
 
@@ -801,8 +800,8 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
     - %h the remote host name (only available for a daemon)
     - %i an itemized list of what is being updated
     - %l the length of the file in bytes
-    - %L the string " -> SYMLINK", " => HARDLINK", or "" (where `SYMLINK` or
-      `HARDLINK` is a filename)
+    - %L the string "` -> SYMLINK`", "` => HARDLINK`", or "" (where `SYMLINK`
+      or `HARDLINK` is a filename)
     - %m the module name
     - %M the last-modified time of the file
     - %n the filename (short form; trailing "/" on dir)
@@ -867,7 +866,7 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
 
     >     refuse options = * no-iconv !a !v
 
-    As an additional aid (beginning in 3.2.0), refusing (or "!refusing") the
+    As an additional aid (beginning in 3.2.0), refusing (or "`!refusing`") the
     "a" or "archive"  option also affects all the options that the `--archive`
     option implies (`-rdlptgoD`), but only if the option  is matched explicitly
     (not using a wildcard). If you want to do something tricky, you can use
@@ -899,21 +898,21 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
     "`!compress*`" so that you also accept the `--compress-level` option.
 
     Note that the "write-devices" option is refused by default, but can be
-    explicitly accepted with "!write-devices".  The options "log-file" and
+    explicitly accepted with "`!write-devices`".  The options "log-file" and
     "log-file-format" are forcibly refused and cannot be accepted.
 
     Here are all the options that are not matched by wild-cards:
 
     - `--server`: Required for rsync to even work.
-    - `-e`: Required to convey compatibility flags to the server.
+    - `--rsh`, `-e`: Required to convey compatibility flags to the server.
     - `--log-format`: This is required to convey things like
       `--itemize-changes` to a remote receiver. Is an older name for
       `--out-format` that is still passed to the server for improved backward
       compatibility and should not be confused with `--log-file-format`.
     - `--sender`: Use "write only" parameter instead of refusing this.
-    - `-n, --dry-run`: Who would want to disable this?
-    - `-s, --protect-args`: This actually makes transfers safer.
-    - `-0, --from0`: Make it easier to accept/refuse `--files-from` without
+    - `--dry-run`, `-n`: Who would want to disable this?
+    - `--protect-args`, `-n`: This actually makes transfers safer.
+    - `--from0`, `-0`: Make it easier to accept/refuse `--files-from` without
       affecting this modifier.
     - `--iconv`: This is auto-disabled based on "charset" parameter.
     - `--no-iconv`: Most transfers use this option.
@@ -936,10 +935,10 @@ the values of parameters.  See the GLOBAL PARAMETERS section for more details.
     compression occurs for those files.  Other algorithms have the level
     minimized to reduces the CPU usage as much as possible.
 
-    See the `--skip-compress` parameter in the `rsync`(1) manpage for the list
-    of file suffixes that are not compressed by default.  Specifying a value
-    for the "dont compress" parameter changes the default when the daemon is
-    the sender.
+    See the `--skip-compress` parameter in the **rsync**(1) manpage for the
+    list of file suffixes that are not compressed by default.  Specifying a
+    value for the "dont compress" parameter changes the default when the daemon
+    is the sender.
 
 0.  `early exec`, `pre-xfer exec`, `post-xfer exec`
 
@@ -1066,8 +1065,53 @@ Also note that the rsync daemon protocol does not currently provide any
 encryption of the data that is transferred over the connection. Only
 authentication is provided. Use ssh as the transport if you want encryption.
 
-Future versions of rsync may support SSL for better authentication and
-encryption, but that is still being investigated.
+You can also make use of SSL/TLS encryption if you put rsync behind an
+SSL proxy.
+
+# SSL/TLS Daemon Setup
+
+When setting up an rsync daemon for access via SSL/TLS, you will need to
+configure a proxy (such as haproxy or nginx) as the front-end that handles the
+encryption.
+
+- You should limit the access to the backend-rsyncd port to only allow the
+  proxy to connect.  If it is on the same host as the proxy, then configuring
+  it to only listen on localhost is a good idea.
+- You should consider turning on the `proxy protocol` parameter if your proxy
+  supports sending that information.  The examples below assume that this is
+  enabled.
+
+An example haproxy setup is as follows:
+
+> ```
+> frontend fe_rsync-ssl
+>    bind :::874 ssl crt /etc/letsencrypt/example.com/combined.pem
+>    mode tcp
+>    use_backend be_rsync
+>
+> backend be_rsync
+>    mode tcp
+>    server local-rsync 127.0.0.1:873 check send-proxy
+> ```
+
+An example nginx proxy setup is as follows:
+
+> ```
+> stream {
+>    server {
+>        listen 874 ssl;
+>        listen [::]:874 ssl;
+>
+>        ssl_certificate /etc/letsencrypt/example.com/fullchain.pem;
+>        ssl_certificate_key /etc/letsencrypt/example.com/privkey.pem
+>
+>        proxy_pass localhost:873;
+>        proxy_protocol on; # Requires "proxy protocol = true"
+>        proxy_timeout 1m;
+>        proxy_connect_timeout 5s;
+>    }
+> }
+> ```
 
 # EXAMPLES
 
@@ -1089,23 +1133,23 @@ A more sophisticated example would be:
 > max connections = 4
 > syslog facility = local5
 > pid file = /var/run/rsyncd.pid
-> 
+>
 > [ftp]
 >         path = /var/ftp/./pub
 >         comment = whole ftp area (approx 6.1 GB)
-> 
+>
 > [sambaftp]
 >         path = /var/ftp/./pub/samba
 >         comment = Samba ftp area (approx 300 MB)
-> 
+>
 > [rsyncftp]
 >         path = /var/ftp/./pub/rsync
 >         comment = rsync ftp area (approx 6 MB)
-> 
+>
 > [sambawww]
 >         path = /public_html/samba
 >         comment = Samba WWW pages (approx 240 MB)
-> 
+>
 > [cvs]
 >         path = /data/cvs
 >         comment = CVS repository (requires authentication)

simd-checksum-x86_64.cpp

@@ -45,9 +45,10 @@
  * the available xmm registers, this optimized version may not be faster than
  * the pure C version anyway. Note that all x86-64 CPUs support at least SSE2.
  *
- * This file is compiled using GCC 4.8+'s C++ front end to allow the use of
- * the target attribute, selecting the fastest code path based on runtime
- * detection of CPU capabilities.
+ * This file is compiled using GCC 4.8+/clang 6+'s C++ front end to allow the
+ * use of the target attribute, selecting the fastest code path based on
+ * dispatch priority (GCC 5) or runtime detection of CPU capabilities (GCC 6+).
+ * GCC 4.x are not supported to ease configure.ac logic.
  */
 
 #ifdef __x86_64__
@@ -59,73 +60,34 @@
 
 #include <immintrin.h>
 
-/* Compatibility functions to let our SSSE3 algorithm run on SSE2 */
+/* Some clang versions don't like it when you use static with multi-versioned functions: linker errors */
+#ifdef __clang__
+#define MVSTATIC
+#else
+#define MVSTATIC static
+#endif
 
-__attribute__ ((target("sse2"))) static inline __m128i sse_interleave_odd_epi16(__m128i a, __m128i b)
-{
-    return _mm_packs_epi32(
-        _mm_srai_epi32(a, 16),
-        _mm_srai_epi32(b, 16)
-    );
-}
+// Missing from the headers on gcc 6 and older, clang 8 and older
+typedef long long __m128i_u __attribute__((__vector_size__(16), __may_alias__, __aligned__(1)));
+typedef long long __m256i_u __attribute__((__vector_size__(32), __may_alias__, __aligned__(1)));
 
-__attribute__ ((target("sse2"))) static inline __m128i sse_interleave_even_epi16(__m128i a, __m128i b)
-{
-    return sse_interleave_odd_epi16(
-        _mm_slli_si128(a, 2),
-        _mm_slli_si128(b, 2)
-    );
-}
+/* Compatibility macros to let our SSSE3 algorithm run with only SSE2.
+   These used to be neat individual functions with target attributes switching between SSE2 and SSSE3 implementations
+   as needed, but though this works perfectly with GCC, clang fails to inline those properly leading to a near 50%
+   performance drop - combined with static and inline modifiers gets you linker errors and even compiler crashes...
+*/
 
-__attribute__ ((target("sse2"))) static inline __m128i sse_mulu_odd_epi8(__m128i a, __m128i b)
-{
-    return _mm_mullo_epi16(
-        _mm_srli_epi16(a, 8),
-        _mm_srai_epi16(b, 8)
-    );
-}
+#define SSE2_INTERLEAVE_ODD_EPI16(a, b) _mm_packs_epi32(_mm_srai_epi32(a, 16), _mm_srai_epi32(b, 16))
+#define SSE2_INTERLEAVE_EVEN_EPI16(a, b) SSE2_INTERLEAVE_ODD_EPI16(_mm_slli_si128(a, 2), _mm_slli_si128(b, 2))
+#define SSE2_MULU_ODD_EPI8(a, b) _mm_mullo_epi16(_mm_srli_epi16(a, 8), _mm_srai_epi16(b, 8))
+#define SSE2_MULU_EVEN_EPI8(a, b) _mm_mullo_epi16(_mm_and_si128(a, _mm_set1_epi16(0xFF)), _mm_srai_epi16(_mm_slli_si128(b, 1), 8))
 
-__attribute__ ((target("sse2"))) static inline __m128i sse_mulu_even_epi8(__m128i a, __m128i b)
-{
-    return _mm_mullo_epi16(
-        _mm_and_si128(a, _mm_set1_epi16(0xFF)),
-        _mm_srai_epi16(_mm_slli_si128(b, 1), 8)
-    );
-}
+#define SSE2_HADDS_EPI16(a, b) _mm_adds_epi16(SSE2_INTERLEAVE_EVEN_EPI16(a, b), SSE2_INTERLEAVE_ODD_EPI16(a, b))
+#define SSE2_MADDUBS_EPI16(a, b) _mm_adds_epi16(SSE2_MULU_EVEN_EPI8(a, b), SSE2_MULU_ODD_EPI8(a, b))
 
-__attribute__ ((target("sse2"))) static inline __m128i sse_hadds_epi16(__m128i a, __m128i b)
-{
-    return _mm_adds_epi16(
-        sse_interleave_even_epi16(a, b),
-        sse_interleave_odd_epi16(a, b)
-    );
-}
-
-__attribute__ ((target("ssse3"))) static inline __m128i sse_hadds_epi16(__m128i a, __m128i b)
-{
-    return _mm_hadds_epi16(a, b);
-}
-
-__attribute__ ((target("sse2"))) static inline __m128i sse_maddubs_epi16(__m128i a, __m128i b)
-{
-    return _mm_adds_epi16(
-        sse_mulu_even_epi8(a, b),
-        sse_mulu_odd_epi8(a, b)
-    );
-}
-
-__attribute__ ((target("ssse3"))) static inline __m128i sse_maddubs_epi16(__m128i a, __m128i b)
-{
-    return _mm_maddubs_epi16(a, b);
-}
-
-/* These don't actually get called, but we need to define them. */
-__attribute__ ((target("default"))) static inline __m128i sse_interleave_odd_epi16(__m128i a, __m128i b) { return a; }
-__attribute__ ((target("default"))) static inline __m128i sse_interleave_even_epi16(__m128i a, __m128i b) { return a; }
-__attribute__ ((target("default"))) static inline __m128i sse_mulu_odd_epi8(__m128i a, __m128i b) { return a; }
-__attribute__ ((target("default"))) static inline __m128i sse_mulu_even_epi8(__m128i a, __m128i b) { return a; }
-__attribute__ ((target("default"))) static inline __m128i sse_hadds_epi16(__m128i a, __m128i b) { return a; }
-__attribute__ ((target("default"))) static inline __m128i sse_maddubs_epi16(__m128i a, __m128i b) { return a; }
+__attribute__ ((target("default"))) MVSTATIC int32 get_checksum1_avx2_64(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2) { return i; }
+__attribute__ ((target("default"))) MVSTATIC int32 get_checksum1_ssse3_32(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2) { return i; }
+__attribute__ ((target("default"))) MVSTATIC int32 get_checksum1_sse2_32(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2) { return i; }
 
 /*
   Original loop per 4 bytes:
@@ -146,12 +108,7 @@ __attribute__ ((target("default"))) static inline __m128i sse_maddubs_epi16(__m1
     s1 += (uint32)(t1[0] + t1[1] + t1[2] + t1[3] + t1[4] + t1[5] + t1[6] + t1[7]) +
           32*CHAR_OFFSET;
  */
-/*
-  Both sse2 and ssse3 targets must be specified here or we lose (a lot) of
-  performance, possibly due to not unrolling+inlining the called targeted
-  functions.
- */
-__attribute__ ((target("sse2", "ssse3"))) static int32 get_checksum1_sse2_32(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2)
+__attribute__ ((target("ssse3"))) MVSTATIC int32 get_checksum1_ssse3_32(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2)
 {
     if (len > 32) {
         int aligned = ((uintptr_t)buf & 15) == 0;
@@ -167,16 +124,11 @@ __attribute__ ((target("sse2", "ssse3"))) static int32 get_checksum1_sse2_32(sch
 
         for (; i < (len-32); i+=32) {
             // Load ... 2*[int8*16]
-            // SSSE3 has _mm_lqqdu_si128, but this requires another
-            // target function for each SSE2 and SSSE3 loads. For reasons
-            // unknown (to me) we lose about 10% performance on some CPUs if
-            // we do that right here. We just use _mm_loadu_si128 as for all
-            // but a handful of specific old CPUs they are synonymous, and
-            // take the 1-5% hit on those specific CPUs where it isn't.
             __m128i in8_1, in8_2;
             if (!aligned) {
-                in8_1 = _mm_loadu_si128((__m128i_u*)&buf[i]);
-                in8_2 = _mm_loadu_si128((__m128i_u*)&buf[i + 16]);
+                // Synonymous with _mm_loadu_si128 on all but a handful of old CPUs
+                in8_1 = _mm_lddqu_si128((__m128i_u*)&buf[i]);
+                in8_2 = _mm_lddqu_si128((__m128i_u*)&buf[i + 16]);
             } else {
                 in8_1 = _mm_load_si128((__m128i_u*)&buf[i]);
                 in8_2 = _mm_load_si128((__m128i_u*)&buf[i + 16]);
@@ -185,13 +137,13 @@ __attribute__ ((target("sse2", "ssse3"))) static int32 get_checksum1_sse2_32(sch
             // (1*buf[i] + 1*buf[i+1]), (1*buf[i+2], 1*buf[i+3]), ... 2*[int16*8]
             // Fastest, even though multiply by 1
             __m128i mul_one = _mm_set1_epi8(1);
-            __m128i add16_1 = sse_maddubs_epi16(mul_one, in8_1);
-            __m128i add16_2 = sse_maddubs_epi16(mul_one, in8_2);
+            __m128i add16_1 = _mm_maddubs_epi16(mul_one, in8_1);
+            __m128i add16_2 = _mm_maddubs_epi16(mul_one, in8_2);
 
             // (4*buf[i] + 3*buf[i+1]), (2*buf[i+2], buf[i+3]), ... 2*[int16*8]
             __m128i mul_const = _mm_set1_epi32(4 + (3 << 8) + (2 << 16) + (1 << 24));
-            __m128i mul_add16_1 = sse_maddubs_epi16(mul_const, in8_1);
-            __m128i mul_add16_2 = sse_maddubs_epi16(mul_const, in8_2);
+            __m128i mul_add16_1 = _mm_maddubs_epi16(mul_const, in8_1);
+            __m128i mul_add16_2 = _mm_maddubs_epi16(mul_const, in8_2);
 
             // s2 += 32*s1
             ss2 = _mm_add_epi32(ss2, _mm_slli_epi32(ss1, 5));
@@ -224,7 +176,111 @@ __attribute__ ((target("sse2", "ssse3"))) static int32 get_checksum1_sse2_32(sch
             // [t1[0] + t1[1], t1[2] + t1[3] ...] [int16*8]
             // We could've combined this with generating sum_add32 above and
             // save an instruction but benchmarking shows that as being slower
-            __m128i add16 = sse_hadds_epi16(add16_1, add16_2);
+            __m128i add16 = _mm_hadds_epi16(add16_1, add16_2);
+
+            // [t1[0], t1[1], ...] -> [t1[0]*28 + t1[1]*24, ...] [int32*4]
+            __m128i mul32 = _mm_madd_epi16(add16, mul_t1);
+
+            // [sum(mul32), X, X, X] [int32*4]; faster than multiple _mm_hadd_epi32
+            mul32 = _mm_add_epi32(mul32, _mm_srli_si128(mul32, 4));
+            mul32 = _mm_add_epi32(mul32, _mm_srli_si128(mul32, 8));
+
+            // s2 += 28*t1[0] + 24*t1[1] + 20*t1[2] + 16*t1[3] + 12*t1[4] + 8*t1[5] + 4*t1[6]
+            ss2 = _mm_add_epi32(ss2, mul32);
+
+#if CHAR_OFFSET != 0
+            // s1 += 32*CHAR_OFFSET
+            __m128i char_offset_multiplier = _mm_set1_epi32(32 * CHAR_OFFSET);
+            ss1 = _mm_add_epi32(ss1, char_offset_multiplier);
+
+            // s2 += 528*CHAR_OFFSET
+            char_offset_multiplier = _mm_set1_epi32(528 * CHAR_OFFSET);
+            ss2 = _mm_add_epi32(ss2, char_offset_multiplier);
+#endif
+        }
+
+        _mm_store_si128((__m128i_u*)x, ss1);
+        *ps1 = x[0];
+        _mm_store_si128((__m128i_u*)x, ss2);
+        *ps2 = x[0];
+    }
+    return i;
+}
+
+/*
+  Same as SSSE3 version, but using macros defined above to emulate SSSE3 calls that are not available with SSE2.
+  For GCC-only the SSE2 and SSSE3 versions could be a single function calling other functions with the right
+  target attributes to emulate SSSE3 calls on SSE2 if needed, but clang doesn't inline those properly leading
+  to a near 50% performance drop.
+ */
+__attribute__ ((target("sse2"))) MVSTATIC int32 get_checksum1_sse2_32(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2)
+{
+    if (len > 32) {
+        int aligned = ((uintptr_t)buf & 15) == 0;
+
+        uint32 x[4] = {0};
+        x[0] = *ps1;
+        __m128i ss1 = _mm_loadu_si128((__m128i_u*)x);
+        x[0] = *ps2;
+        __m128i ss2 = _mm_loadu_si128((__m128i_u*)x);
+
+        const int16 mul_t1_buf[8] = {28, 24, 20, 16, 12, 8, 4, 0};
+        __m128i mul_t1 = _mm_loadu_si128((__m128i_u*)mul_t1_buf);
+
+        for (; i < (len-32); i+=32) {
+            // Load ... 2*[int8*16]
+            __m128i in8_1, in8_2;
+            if (!aligned) {
+                in8_1 = _mm_loadu_si128((__m128i_u*)&buf[i]);
+                in8_2 = _mm_loadu_si128((__m128i_u*)&buf[i + 16]);
+            } else {
+                in8_1 = _mm_load_si128((__m128i_u*)&buf[i]);
+                in8_2 = _mm_load_si128((__m128i_u*)&buf[i + 16]);
+            }
+
+            // (1*buf[i] + 1*buf[i+1]), (1*buf[i+2], 1*buf[i+3]), ... 2*[int16*8]
+            // Fastest, even though multiply by 1
+            __m128i mul_one = _mm_set1_epi8(1);
+            __m128i add16_1 = SSE2_MADDUBS_EPI16(mul_one, in8_1);
+            __m128i add16_2 = SSE2_MADDUBS_EPI16(mul_one, in8_2);
+
+            // (4*buf[i] + 3*buf[i+1]), (2*buf[i+2], buf[i+3]), ... 2*[int16*8]
+            __m128i mul_const = _mm_set1_epi32(4 + (3 << 8) + (2 << 16) + (1 << 24));
+            __m128i mul_add16_1 = SSE2_MADDUBS_EPI16(mul_const, in8_1);
+            __m128i mul_add16_2 = SSE2_MADDUBS_EPI16(mul_const, in8_2);
+
+            // s2 += 32*s1
+            ss2 = _mm_add_epi32(ss2, _mm_slli_epi32(ss1, 5));
+
+            // [sum(t1[0]..t1[7]), X, X, X] [int32*4]; faster than multiple _mm_hadds_epi16
+            // Shifting left, then shifting right again and shuffling (rather than just
+            // shifting right as with mul32 below) to cheaply end up with the correct sign
+            // extension as we go from int16 to int32.
+            __m128i sum_add32 = _mm_add_epi16(add16_1, add16_2);
+            sum_add32 = _mm_add_epi16(sum_add32, _mm_slli_si128(sum_add32, 2));
+            sum_add32 = _mm_add_epi16(sum_add32, _mm_slli_si128(sum_add32, 4));
+            sum_add32 = _mm_add_epi16(sum_add32, _mm_slli_si128(sum_add32, 8));
+            sum_add32 = _mm_srai_epi32(sum_add32, 16);
+            sum_add32 = _mm_shuffle_epi32(sum_add32, 3);
+
+            // [sum(t2[0]..t2[7]), X, X, X] [int32*4]; faster than multiple _mm_hadds_epi16
+            __m128i sum_mul_add32 = _mm_add_epi16(mul_add16_1, mul_add16_2);
+            sum_mul_add32 = _mm_add_epi16(sum_mul_add32, _mm_slli_si128(sum_mul_add32, 2));
+            sum_mul_add32 = _mm_add_epi16(sum_mul_add32, _mm_slli_si128(sum_mul_add32, 4));
+            sum_mul_add32 = _mm_add_epi16(sum_mul_add32, _mm_slli_si128(sum_mul_add32, 8));
+            sum_mul_add32 = _mm_srai_epi32(sum_mul_add32, 16);
+            sum_mul_add32 = _mm_shuffle_epi32(sum_mul_add32, 3);
+
+            // s1 += t1[0] + t1[1] + t1[2] + t1[3] + t1[4] + t1[5] + t1[6] + t1[7]
+            ss1 = _mm_add_epi32(ss1, sum_add32);
+
+            // s2 += t2[0] + t2[1] + t2[2] + t2[3] + t2[4] + t2[5] + t2[6] + t2[7]
+            ss2 = _mm_add_epi32(ss2, sum_mul_add32);
+
+            // [t1[0] + t1[1], t1[2] + t1[3] ...] [int16*8]
+            // We could've combined this with generating sum_add32 above and
+            // save an instruction but benchmarking shows that as being slower
+            __m128i add16 = SSE2_HADDS_EPI16(add16_1, add16_2);
 
             // [t1[0], t1[1], ...] -> [t1[0]*28 + t1[1]*24, ...] [int32*4]
             __m128i mul32 = _mm_madd_epi16(add16, mul_t1);
@@ -270,7 +326,7 @@ __attribute__ ((target("sse2", "ssse3"))) static int32 get_checksum1_sse2_32(sch
     s1 += (uint32)(t1[0] + t1[1] + t1[2] + t1[3] + t1[4] + t1[5] + t1[6] + t1[7] + t1[8] + t1[9] + t1[10] + t1[11] + t1[12] + t1[13] + t1[14] + t1[15]) +
           64*CHAR_OFFSET;
  */
-__attribute__ ((target("avx2"))) static int32 get_checksum1_avx2_64(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2)
+__attribute__ ((target("avx2"))) MVSTATIC int32 get_checksum1_avx2_64(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2)
 {
     if (len > 64) {
         // Instructions reshuffled compared to SSE2 for slightly better performance
@@ -377,17 +433,7 @@ __attribute__ ((target("avx2"))) static int32 get_checksum1_avx2_64(schar* buf,
     return i;
 }
 
-__attribute__ ((target("default"))) static int32 get_checksum1_avx2_64(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2)
-{
-    return i;
-}
-
-__attribute__ ((target("default"))) static int32 get_checksum1_sse2_32(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2)
-{
-    return i;
-}
-
-static inline int32 get_checksum1_default_1(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2)
+static int32 get_checksum1_default_1(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2)
 {
     uint32 s1 = *ps1;
     uint32 s2 = *ps2;
@@ -403,9 +449,10 @@ static inline int32 get_checksum1_default_1(schar* buf, int32 len, int32 i, uint
     return i;
 }
 
-extern "C" {
-
-uint32 get_checksum1(char *buf1, int32 len)
+/* With GCC 10 putting this implementation inside 'extern "C"' causes an
+   assembler error. That worked fine on GCC 5-9 and clang 6-10...
+  */
+static inline uint32 get_checksum1_cpp(char *buf1, int32 len)
 {
     int32 i = 0;
     uint32 s1 = 0;
@@ -414,7 +461,10 @@ uint32 get_checksum1(char *buf1, int32 len)
     // multiples of 64 bytes using AVX2 (if available)
     i = get_checksum1_avx2_64((schar*)buf1, len, i, &s1, &s2);
 
-    // multiples of 32 bytes using SSE2/SSSE3 (if available)
+    // multiples of 32 bytes using SSSE3 (if available)
+    i = get_checksum1_ssse3_32((schar*)buf1, len, i, &s1, &s2);
+
+    // multiples of 32 bytes using SSE2 (if available)
     i = get_checksum1_sse2_32((schar*)buf1, len, i, &s1, &s2);
 
     // whatever is left
@@ -423,7 +473,70 @@ uint32 get_checksum1(char *buf1, int32 len)
     return (s1 & 0xffff) + (s2 << 16);
 }
 
-} // "C"
+extern "C" {
+
+uint32 get_checksum1(char *buf1, int32 len)
+{
+    return get_checksum1_cpp(buf1, len);
+}
+
+} // extern "C"
+
+#ifdef BENCHMARK_SIMD_CHECKSUM1
+#pragma clang optimize off
+#pragma GCC push_options
+#pragma GCC optimize ("O0")
+
+#define ROUNDS 1024
+#define BLOCK_LEN 1024*1024
+
+#ifndef CLOCK_MONOTONIC_RAW
+#define CLOCK_MONOTONIC_RAW CLOCK_MONOTONIC
+#endif
+
+static void benchmark(const char* desc, int32 (*func)(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2), schar* buf, int32 len) {
+    struct timespec start, end;
+    uint64_t us;
+    uint32_t cs, s1, s2;
+    int i, next;
+
+    clock_gettime(CLOCK_MONOTONIC_RAW, &start);
+    for (i = 0; i < ROUNDS; i++) {
+        s1 = s2 = 0;
+        next = func((schar*)buf, len, 0, &s1, &s2);
+        get_checksum1_default_1((schar*)buf, len, next, &s1, &s2);
+    }
+    clock_gettime(CLOCK_MONOTONIC_RAW, &end);
+    us = next == 0 ? 0 : (end.tv_sec - start.tv_sec) * 1000000 + (end.tv_nsec - start.tv_nsec) / 1000;
+    cs = next == 0 ? 0 : (s1 & 0xffff) + (s2 << 16);
+    printf("%-5s :: %5.0f MB/s :: %08x\n", desc, us ? (float)(len / (1024 * 1024) * ROUNDS) / ((float)us / 1000000.0f) : 0, cs);
+}
+
+static int32 get_checksum1_auto(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2) {
+    uint32 cs = get_checksum1((char*)buf, len);
+    *ps1 = cs & 0xffff;
+    *ps2 = cs >> 16;
+    return len;
+}
+
+int main() {
+    int i;
+    unsigned char* buf = (unsigned char*)malloc(BLOCK_LEN);
+    for (i = 0; i < BLOCK_LEN; i++) buf[i] = (i + (i % 3) + (i % 11)) % 256;
+
+    benchmark("Auto", get_checksum1_auto, (schar*)buf, BLOCK_LEN);
+    benchmark("Raw-C", get_checksum1_default_1, (schar*)buf, BLOCK_LEN);
+    benchmark("SSE2", get_checksum1_sse2_32, (schar*)buf, BLOCK_LEN);
+    benchmark("SSSE3", get_checksum1_ssse3_32, (schar*)buf, BLOCK_LEN);
+    benchmark("AVX2", get_checksum1_avx2_64, (schar*)buf, BLOCK_LEN);
+
+    free(buf);
+    return 0;
+}
+
+#pragma GCC pop_options
+#pragma clang optimize on
+#endif /* BENCHMARK_SIMD_CHECKSUM1 */
 
 #endif /* HAVE_SIMD */
 #endif /* __cplusplus */

support/atomic-rsync

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 #
 # This script lets you update a hierarchy of files in an atomic way by
 # first creating a new hierarchy using rsync's --link-dest option, and

support/cvs2includes

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 #
 # This script finds all CVS/Entries files in the current directory and below
 # and creates a local .cvsinclude file with non-inherited rules including each

support/deny-rsync

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Send an error message via the rsync-protocol to a non-daemon client rsync.
 #
 # Usage:  deny-rsync "message"

support/file-attr-restore

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 # This script will parse the output of "find ARG [ARG...] -ls" and
 # apply (at your discretion) the permissions, owner, and group info
 # it reads onto any existing files and dirs (it doesn't try to affect

support/files-to-excludes

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 # This script takes an input of filenames and outputs a set of
 # include/exclude directives that can be used by rsync to copy
 # just the indicated files using an --exclude-from=FILE option.

support/git-set-file-times

@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 
 import os, re, argparse, subprocess
 from datetime import datetime

support/instant-rsyncd

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # instant-rsyncd lets you quickly set up and start a simple, unprivileged rsync
 # daemon with a single module in the current directory.  I've found it

support/logfilter

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 # Filter the rsync daemon log messages by module name.  The log file can be
 # in either syslog format or rsync's own log-file format.  Note that the
 # MODULE_NAME parameter is used in a regular-expression match in order to

support/lsh

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 # This script can be used as a "remote shell" command that is only
 # capable of pretending to connect to "localhost".  This is useful
 # for testing or for running a local copy where the sender and the

support/mapfrom

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 # This helper script makes it easy to use a passwd or group file to map
 # values in a LOCAL transfer.  For instance, if you mount a backup that
 # does not have the same passwd setup as the local machine, you can do

support/mapto

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 # This helper script makes it easy to use a passwd or group file to map
 # values in a LOCAL transfer.  For instance, if you mount a backup that
 # does not have the same passwd setup as the local machine, you can do

support/mnt-excl

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 # This script takes a command-line arg of a source directory
 # that will be passed to rsync, and generates a set of excludes
 # that will exclude all mount points from the list.  This is

support/munge-symlinks

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 # This script will either prefix all symlink values with the string
 # "/rsyncd-munged/" or remove that prefix.
 

support/rrsync

@@ -1,8 +1,8 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 # Name: /usr/local/bin/rrsync (should also have a symlink in /usr/bin)
 # Purpose: Restricts rsync to subdirectory declared in .ssh/authorized_keys
 # Author: Joe Smith <js-cgi@inwap.com> 30-Sep-2004
-# Modified by: Wayne Davison <wayned@samba.org>
+# Modified by: Wayne Davison <wayne@opencoder.net>
 use strict;
 
 use Socket;
@@ -62,7 +62,7 @@ die "$0 reading from write-only server not allowed\n" if $only eq 'w' && $am_sen
 # To disable a short-named option, add its letter to this string:
 our $short_disabled = 's';
 
-our $short_no_arg = 'ACDEHIJKLORSUWXbcdgklmnoprstuvxyz'; # DO NOT REMOVE ANY
+our $short_no_arg = 'ACDEHIJKLORSUWXbcdgklmnopqrstuvxyz'; # DO NOT REMOVE ANY
 our $short_with_num = '@B'; # DO NOT REMOVE ANY
 
 # To disable a long-named option, change its value to a -1.  The values mean:
@@ -76,6 +76,7 @@ our %long_opt = (
   'checksum-choice' => 1,
   'checksum-seed' => 1,
   'compare-dest' => 2,
+  'compress-choice' => 1,
   'compress-level' => 1,
   'copy-dest' => 2,
   'copy-unsafe-links' => 0,
@@ -120,6 +121,7 @@ our %long_opt = (
   'no-relative' => 0,
   'no-specials' => 0,
   'numeric-ids' => 0,
+  'old-compress' => 0,
   'one-file-system' => 0,
   'only-write-batch' => 1,
   'open-noatime' => 0,

support/rsync-no-vanished

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 IGNOREEXIT=24
 IGNOREOUT='^(file has vanished: |rsync warning: some files vanished before they could be transferred)'

support/rsync-slash-strip

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # This script can be used as an rsync command-line filter that strips a single
 # trailing slash from each arg.  That treats "src/" the same as "src", thus
 # you need to use "src/." or "src//" for just the contents of the "src" dir.

support/rsyncstats

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 #
 # This script parses the default logfile format produced by rsync when running
 # as a daemon with transfer logging enabled.  It also parses a slightly tweaked

testhelp/maketree.py

@@ -1,4 +1,4 @@
-#! /usr/bin/python2.2
+#!/usr/bin/env python2
 
 # Copyright (C) 2002 by Martin Pool <mbp@samba.org>
 

token.c

@@ -1135,30 +1135,23 @@ void send_token(int f, int32 token, struct map_struct *buf, OFF_T offset,
  */
 int32 recv_token(int f, char **data)
 {
-	int tok;
-
 	switch (do_compression) {
 	case CPRES_NONE:
-		tok = simple_recv_token(f,data);
-		break;
+		return simple_recv_token(f,data);
 	case CPRES_ZLIB:
 	case CPRES_ZLIBX:
-		tok = recv_deflated_token(f, data);
-		break;
+		return recv_deflated_token(f, data);
 #ifdef SUPPORT_ZSTD
 	case CPRES_ZSTD:
-		tok = recv_zstd_token(f, data);
-		break;
+		return recv_zstd_token(f, data);
 #endif
 #ifdef SUPPORT_LZ4
 	case CPRES_LZ4:
-		tok = recv_compressed_token(f, data);
-		break;
+		return recv_compressed_token(f, data);
 #endif
 	default:
 		assert(0);
 	}
-	return tok;
 }
 
 /*

uidlist.c

@@ -527,14 +527,14 @@ const char *getallgroups(uid_t uid, item_list *gid_list)
 		return "getpwuid failed";
 
 	gid_list->count = 0; /* We're overwriting any items in the list */
-	EXPAND_ITEM_LIST(gid_list, gid_t, 32);
+	(void)EXPAND_ITEM_LIST(gid_list, gid_t, 32);
 	size = gid_list->malloced;
 
 	/* Get all the process's groups, with the pw_gid group first. */
 	if (getgrouplist(pw->pw_name, pw->pw_gid, gid_list->items, &size) < 0) {
 		if (size > (int)gid_list->malloced) {
 			gid_list->count = gid_list->malloced;
-			EXPAND_ITEM_LIST(gid_list, gid_t, size);
+			(void)EXPAND_ITEM_LIST(gid_list, gid_t, size);
 			if (getgrouplist(pw->pw_name, pw->pw_gid, gid_list->items, &size) < 0)
 				size = -1;
 		} else
@@ -553,7 +553,7 @@ const char *getallgroups(uid_t uid, item_list *gid_list)
 				break;
 		}
 		if (j == size) { /* The default group wasn't found! */
-			EXPAND_ITEM_LIST(gid_list, gid_t, size+1);
+			(void)EXPAND_ITEM_LIST(gid_list, gid_t, size+1);
 			gid_array = gid_list->items;
 		}
 		gid_array[j] = gid_array[0];